1163 files changed, 65887 insertions, 37650 deletions

diff --git a/contrib/bc/LICENSE.md b/contrib/bc/LICENSE.md
index c8f6758e6d4b..e5d44dee6dab 100644
--- a/contrib/bc/LICENSE.md
+++ b/contrib/bc/LICENSE.md
@@ -1,6 +1,6 @@
 # License
 
-Copyright (c) 2018-2024 Gavin D. Howard <gavin@gavinhoward.com>
+Copyright (c) 2018-2025 Gavin D. Howard <gavin@gavinhoward.com>
 
 Redistribution and use in source and binary forms, with or without modification,
 are permitted provided that the following conditions are met:
@@ -60,7 +60,7 @@ The files `src/rand.c` and `include/rand.h` are under the following copyrights
 and license:
 
 Copyright (c) 2014-2017 Melissa O'Neill and PCG Project contributors<br>
-Copyright (c) 2018-2024 Gavin D. Howard <gavin@gavinhoward.com>
+Copyright (c) 2018-2025 Gavin D. Howard <gavin@gavinhoward.com>
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of
 this software and associated documentation files (the "Software"), to deal in
diff --git a/contrib/bc/MAINTENANCE-TERMS.md b/contrib/bc/MAINTENANCE-TERMS.md
new file mode 100644
index 000000000000..ef24202cc6c2
--- /dev/null
+++ b/contrib/bc/MAINTENANCE-TERMS.md
@@ -0,0 +1,80 @@
+# Maintenance Terms
+
+> Last Updated: 27 June 2025
+
+The code, text, and other materials in this repository are provided as-is under
+the terms of the repository's [`LICENSE.md`][0] file, as a gift to the commons
+and the common good. In providing this software as-is, its author(s) admit no
+further obligations from anyone using the software for any reason, particularly
+with respect to:
+
+* Releases,
+* Response time,
+* Change review and integration,
+* Disclosure schedules,
+* Discretionary, proprietary or otherwise secretive communications, and
+* Any other non-contractual obligations or conventions, regardless of their
+  presumed urgency or severity.
+
+Should anyone wish to make a contract with me (Gavin Howard) to ensure that work
+he or she deems critical gets done, the terms are as follows:
+
+* Compute time will be charged at \$25/hr.
+* My time will be charged at \$100/hr.
+* All issues deemed critical by either me or the requester, that also change the
+  source code (anything in `gen`, `include`, or `src`) will require at least two
+  weeks of fuzzing without error.
+	* If errors are found, those hours will still be charged on top of the final
+	  two weeks.
+* All changes will require running the [release script][2] on Linux (GCC), Linux
+  (Clang), FreeBSD, OpenBSD, macOS, Windows.
+* Any hours spent on bugs or code that have been, or are suspected to have been,
+  generated by "AI" will be charged double rates.
+
+Compute time includes, but is not limited to:
+
+* Fuzzing.
+* Running my [release script][2].
+* Running tests and my [release script][2] on macOS.
+
+My time includes, but is not limited to:
+
+* Code review.
+* Reading bug reports.
+* Design.
+* Coding.
+* Any compute time that interferes with my ability to do any other work:
+	* Fuzzing makes my computer unusable, so fuzzing for the 8-12 hours of the
+	  day that I could be working will be charged at \$100/hr.
+	* Same with running my [release script][2] because I run two instances on my
+	  machine and two in VMs at the same time.
+	* Running my [release script][2] or any other compute time on Windows
+	  because Windows blocks me from doing my main work on Linux.
+	* Any other instances of blocking compute time.
+
+All amounts will be billed by, and paid to, [Yzena, LLC][2]. Invoices will be
+provided, including line items for what each hour was spent on.
+
+It is suggested that the following amounts be budgeted:
+
+* At least \$3000 for a non-critical issue or change.
+
+  The release script takes about 10 hours, and I would need to run it once on
+  Linux (and others at the same time) and once on Windows, which is 20 hours.
+  Most of that won't be at the \$100/hr rate, but some probably will be. Then
+  an extra \$1000 for other work.
+
+* At least \$15,000 for a critical issue or change.
+
+  The \$3000 above is the start, which leaves \$12,000. Fuzzing is expected to
+  cost \$11,400 (6 days a week, 8 hours a day, at \$100, the rest at \$25), and
+  rounded up to \$12,000 for good measure.
+
+---
+
+This document is inspired by [Mike Hoye's Maintenance Terms][1].
+
+[0]: LICENSE.md
+[1]: https://github.com/mhoye/maintenance-terms
+[2]: scripts/release.sh
+[3]: https://yzena.com/
diff --git a/contrib/bc/Makefile.in b/contrib/bc/Makefile.in
index c63dc242e79a..f8b120c1328e 100644
--- a/contrib/bc/Makefile.in
+++ b/contrib/bc/Makefile.in
@@ -1,7 +1,7 @@
 #
 # SPDX-License-Identifier: BSD-2-Clause
 #
-# Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+# Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are met:
@@ -38,6 +38,8 @@ GENDIR = $(ROOTDIR)/gen
 
 BUILDDIR = %%BUILDDIR%%
 
+VERSION = %%VERSION%%
+
 SRC = %%SRC%%
 OBJ = %%OBJ%%
 GCDA = %%GCDA%%
@@ -99,17 +101,16 @@ BC_FUZZER_C = $(BIN)/$(BC)_fuzzer_C
 DC_FUZZER = $(BIN)/$(DC)_fuzzer_c
 DC_FUZZER_C = $(BIN)/$(DC)_fuzzer_C
 
-BC_TEST_OUTPUTS = tests/bc_outputs
 BC_FUZZ_OUTPUTS = tests/fuzzing/bc_outputs1 tests/fuzzing/bc_outputs2 tests/fuzzing/bc_outputs3
-DC_TEST_OUTPUTS = tests/dc_outputs
 DC_FUZZ_OUTPUTS = tests/fuzzing/dc_outputs
 
 LIB = libbcl
 LIB_NAME = $(LIB).a
 LIBBC = $(BIN)/$(LIB_NAME)
 BCL = bcl
-BCL_TEST = $(BIN)/$(BCL)
-BCL_TEST_C = $(TESTSDIR)/$(BCL).c
+
+GENERATE_TESTS = %%GENERATE_TESTS%%
+PROBLEMATIC_TESTS = %%PROBLEMATIC_TESTS%%
 
 MANUALS = manuals
 BC_MANPAGE_NAME = $(EXEC_PREFIX)$(BC)$(EXEC_SUFFIX).1
@@ -152,11 +153,11 @@ BC_ENABLE_EXTRA_MATH = %%EXTRA_MATH%%
 BC_ENABLE_NLS = %%NLS%%
 BC_EXCLUDE_EXTRA_MATH = %%EXCLUDE_EXTRA_MATH%%
 
-BC_ENABLE_AFL = %%FUZZ%%
-BC_ENABLE_OSSFUZZ = %%OSSFUZZ%%
-BC_ENABLE_MEMCHECK = %%MEMCHECK%%
+BC_ENABLE_AFL = 0
+BC_ENABLE_OSSFUZZ = 0
+BC_ENABLE_MEMCHECK = 0
 
-LIB_FUZZING_ENGINE = %%LIB_FUZZING_ENGINE%%
+LIB_FUZZING_ENGINE = 0
 
 BC_DEFAULT_BANNER = %%BC_DEFAULT_BANNER%%
 BC_DEFAULT_SIGINT_RESET = %%BC_DEFAULT_SIGINT_RESET%%
@@ -189,10 +190,6 @@ KARATSUBA = $(SCRIPTSDIR)/karatsuba.py
 LOCALE_INSTALL = $(SCRIPTSDIR)/locale_install.sh
 LOCALE_UNINSTALL = $(SCRIPTSDIR)/locale_uninstall.sh
 
-VALGRIND_ARGS = --error-exitcode=100 --leak-check=full --show-leak-kinds=all --errors-for-leak-kinds=all
-
-TEST_STARS = ***********************************************************************
-
 BC_NUM_KARATSUBA_LEN = %%KARATSUBA_LEN%%
 
 BC_DEFS0 = -DBC_DEFAULT_BANNER=$(BC_DEFAULT_BANNER)
@@ -218,7 +215,7 @@ CPPFLAGS6 = $(CPPFLAGS5) -DBC_ENABLE_NLS=$(BC_ENABLE_NLS)
 CPPFLAGS7 = $(CPPFLAGS6) -D$(BC_ENABLE_EXTRA_MATH_NAME)=$(BC_ENABLE_EXTRA_MATH)
 CPPFLAGS8 = $(CPPFLAGS7) -DBC_ENABLE_HISTORY=$(BC_ENABLE_HISTORY) -DBC_ENABLE_LIBRARY=$(BC_ENABLE_LIBRARY)
 CPPFLAGS9 = $(CPPFLAGS8) -DBC_ENABLE_MEMCHECK=$(BC_ENABLE_MEMCHECK) -DBC_ENABLE_AFL=$(BC_ENABLE_AFL)
-CPPFLAGS = $(CPPFLAGS9) -DBC_ENABLE_OSSFUZZ=$(BC_ENABLE_OSSFUZZ)
+CPPFLAGS = -DVERSION=$(VERSION) $(CPPFLAGS9) -DBC_ENABLE_OSSFUZZ=$(BC_ENABLE_OSSFUZZ)
 CFLAGS = $(CPPFLAGS) $(BC_DEFS) $(DC_DEFS) %%CPPFLAGS%% %%CFLAGS%%
 LDFLAGS = %%LDFLAGS%%
 
@@ -293,236 +290,10 @@ help:
 	@printf '    check           alias for `make test`\n'
 	@printf '    clean           removes all build files\n'
 	@printf '    clean_config    removes all build files as well as the generated Makefile\n'
-	@printf '    clean_tests     removes all build files, the generated Makefile,\n'
-	@printf '                    and generated tests\n'
 	@printf '    install         installs binaries to "%s%s"\n' "$(DESTDIR)" "$(BINDIR)"
 	@printf '                    and (if enabled) manpages to "%s%s"\n' "$(DESTDIR)" "$(MAN1DIR)"
-	@printf '    karatsuba       runs the karatsuba script (requires Python 3)\n'
-	@printf '    karatsuba_test  runs the karatsuba script while running tests\n'
-	@printf '                    (requires Python 3)\n'
 	@printf '    uninstall       uninstalls binaries from "%s%s"\n' "$(DESTDIR)" "$(BINDIR)"
 	@printf '                    and (if enabled) manpages from "%s%s"\n' "$(DESTDIR)" "$(MAN1DIR)"
-	@printf '    test            runs the test suite\n'
-	@printf '    test_bc         runs the bc test suite, if bc has been built\n'
-	@printf '    test_dc         runs the dc test suite, if dc has been built\n'
-	@printf '    time_test       runs the test suite, displaying times for some things\n'
-	@printf '    time_test_bc    runs the bc test suite, displaying times for some things\n'
-	@printf '    time_test_dc    runs the dc test suite, displaying times for some things\n'
-	@printf '    timeconst       runs the test on the Linux timeconst.bc script,\n'
-	@printf '                    if it exists and bc has been built\n'
-
-run_all_tests: bc_all_tests timeconst_all_tests dc_all_tests
-
-run_all_tests_np: bc_all_tests_np timeconst_all_tests dc_all_tests_np
-
-bc_all_tests:
-	%%BC_ALL_TESTS%%
-
-bc_all_tests_np:
-	%%BC_ALL_TESTS_NP%%
-
-timeconst_all_tests:
-	%%TIMECONST_ALL_TESTS%%
-
-dc_all_tests:
-	%%DC_ALL_TESTS%%
-
-dc_all_tests_np:
-	%%DC_ALL_TESTS_NP%%
-
-history_all_tests:
-	%%HISTORY_TESTS%%
-
-check: test
-
-test: %%TESTS%%
-
-test_bc: test_bc_header test_bc_tests test_bc_scripts test_bc_errors test_bc_stdin test_bc_read test_bc_other
-	@printf '\nAll bc tests passed.\n\n$(TEST_STARS)\n'
-
-test_bc_tests:%%BC_TESTS%%
-
-test_bc_scripts:%%BC_SCRIPT_TESTS%%
-
-test_bc_stdin:
-	@export BC_TEST_OUTPUT_DIR="$(BUILDDIR)/tests"; sh $(TESTSDIR)/stdin.sh bc %%BC_TEST_EXEC%%
-
-test_bc_read:
-	@export BC_TEST_OUTPUT_DIR="$(BUILDDIR)/tests"; sh $(TESTSDIR)/read.sh bc %%BC_TEST_EXEC%%
-
-test_bc_errors: test_bc_error_lines%%BC_ERROR_TESTS%%
-
-test_bc_error_lines:
-	@export BC_TEST_OUTPUT_DIR="$(BUILDDIR)/tests"; sh $(TESTSDIR)/errors.sh bc %%BC_TEST_EXEC%%
-
-test_bc_other:
-	@export BC_TEST_OUTPUT_DIR="$(BUILDDIR)/tests"; sh $(TESTSDIR)/other.sh bc $(BC_ENABLE_EXTRA_MATH) %%BC_TEST_EXEC%%
-
-test_bc_header:
-	@printf '$(TEST_STARS)\n\nRunning bc tests...\n\n'
-
-test_dc: test_dc_header test_dc_tests test_dc_scripts test_dc_errors test_dc_stdin test_dc_read test_dc_other
-	@printf '\nAll dc tests passed.\n\n$(TEST_STARS)\n'
-
-test_dc_tests:%%DC_TESTS%%
-
-test_dc_scripts:%%DC_SCRIPT_TESTS%%
-
-test_dc_stdin:
-	@export BC_TEST_OUTPUT_DIR="$(BUILDDIR)/tests"; sh $(TESTSDIR)/stdin.sh dc %%DC_TEST_EXEC%%
-
-test_dc_read:
-	@export BC_TEST_OUTPUT_DIR="$(BUILDDIR)/tests"; sh $(TESTSDIR)/read.sh dc %%DC_TEST_EXEC%%
-
-test_dc_errors: test_dc_error_lines%%DC_ERROR_TESTS%%
-
-test_dc_error_lines:
-	@export BC_TEST_OUTPUT_DIR="$(BUILDDIR)/tests"; sh $(TESTSDIR)/errors.sh dc %%DC_TEST_EXEC%%
-
-test_dc_other:
-	@export BC_TEST_OUTPUT_DIR="$(BUILDDIR)/tests"; sh $(TESTSDIR)/other.sh dc $(BC_ENABLE_EXTRA_MATH) %%DC_TEST_EXEC%%
-
-test_dc_header:
-	@printf '$(TEST_STARS)\n\nRunning dc tests...\n\n'
-
-timeconst:
-	%%TIMECONST%%
-
-test_history: test_history_header test_bc_history test_dc_history
-	@printf '\nAll history tests passed.\n\n$(TEST_STARS)\n'
-
-test_bc_history:%%BC_HISTORY_TEST_PREREQS%%
-
-test_bc_history_all: test_bc_history0 test_bc_history1 test_bc_history2 test_bc_history3 test_bc_history4 test_bc_history5 test_bc_history6 test_bc_history7 test_bc_history8 test_bc_history9 test_bc_history10 test_bc_history11 test_bc_history12 test_bc_history13 test_bc_history14 test_bc_history15 test_bc_history16 test_bc_history17 test_bc_history18 test_bc_history19 test_bc_history20 test_bc_history21
-
-test_bc_history_skip:
-	@printf 'No bc history tests to run\n'
-
-test_bc_history0:
-	@sh $(TESTSDIR)/history.sh bc 0 %%BC_TEST_EXEC%%
-
-test_bc_history1:
-	@sh $(TESTSDIR)/history.sh bc 1 %%BC_TEST_EXEC%%
-
-test_bc_history2:
-	@sh $(TESTSDIR)/history.sh bc 2 %%BC_TEST_EXEC%%
-
-test_bc_history3:
-	@sh $(TESTSDIR)/history.sh bc 3 %%BC_TEST_EXEC%%
-
-test_bc_history4:
-	@sh $(TESTSDIR)/history.sh bc 4 %%BC_TEST_EXEC%%
-
-test_bc_history5:
-	@sh $(TESTSDIR)/history.sh bc 5 %%BC_TEST_EXEC%%
-
-test_bc_history6:
-	@sh $(TESTSDIR)/history.sh bc 6 %%BC_TEST_EXEC%%
-
-test_bc_history7:
-	@sh $(TESTSDIR)/history.sh bc 7 %%BC_TEST_EXEC%%
-
-test_bc_history8:
-	@sh $(TESTSDIR)/history.sh bc 8 %%BC_TEST_EXEC%%
-
-test_bc_history9:
-	@sh $(TESTSDIR)/history.sh bc 9 %%BC_TEST_EXEC%%
-
-test_bc_history10:
-	@sh $(TESTSDIR)/history.sh bc 10 %%BC_TEST_EXEC%%
-
-test_bc_history11:
-	@sh $(TESTSDIR)/history.sh bc 11 %%BC_TEST_EXEC%%
-
-test_bc_history12:
-	@sh $(TESTSDIR)/history.sh bc 12 %%BC_TEST_EXEC%%
-
-test_bc_history13:
-	@sh $(TESTSDIR)/history.sh bc 13 %%BC_TEST_EXEC%%
-
-test_bc_history14:
-	@sh $(TESTSDIR)/history.sh bc 14 %%BC_TEST_EXEC%%
-
-test_bc_history15:
-	@sh $(TESTSDIR)/history.sh bc 15 %%BC_TEST_EXEC%%
-
-test_bc_history16:
-	@sh $(TESTSDIR)/history.sh bc 16 %%BC_TEST_EXEC%%
-
-test_bc_history17:
-	@sh $(TESTSDIR)/history.sh bc 17 %%BC_TEST_EXEC%%
-
-test_bc_history18:
-	@sh $(TESTSDIR)/history.sh bc 18 %%BC_TEST_EXEC%%
-
-test_bc_history19:
-	@sh $(TESTSDIR)/history.sh bc 19 %%BC_TEST_EXEC%%
-
-test_bc_history20:
-	@sh $(TESTSDIR)/history.sh bc 20 %%BC_TEST_EXEC%%
-
-test_bc_history21:
-	@sh $(TESTSDIR)/history.sh bc 21 %%BC_TEST_EXEC%%
-
-test_dc_history:%%DC_HISTORY_TEST_PREREQS%%
-
-test_dc_history_all: test_dc_history0 test_dc_history1 test_dc_history2 test_dc_history3 test_dc_history4 test_dc_history5 test_dc_history6 test_dc_history7 test_dc_history8 test_dc_history9 test_dc_history10
-
-test_dc_history_skip:
-	@printf 'No dc history tests to run\n'
-
-test_dc_history0:
-	@sh $(TESTSDIR)/history.sh dc 0 %%DC_TEST_EXEC%%
-
-test_dc_history1:
-	@sh $(TESTSDIR)/history.sh dc 1 %%DC_TEST_EXEC%%
-
-test_dc_history2:
-	@sh $(TESTSDIR)/history.sh dc 2 %%DC_TEST_EXEC%%
-
-test_dc_history3:
-	@sh $(TESTSDIR)/history.sh dc 3 %%DC_TEST_EXEC%%
-
-test_dc_history4:
-	@sh $(TESTSDIR)/history.sh dc 4 %%DC_TEST_EXEC%%
-
-test_dc_history5:
-	@sh $(TESTSDIR)/history.sh dc 5 %%DC_TEST_EXEC%%
-
-test_dc_history6:
-	@sh $(TESTSDIR)/history.sh dc 6 %%DC_TEST_EXEC%%
-
-test_dc_history7:
-	@sh $(TESTSDIR)/history.sh dc 7 %%DC_TEST_EXEC%%
-
-test_dc_history8:
-	@sh $(TESTSDIR)/history.sh dc 8 %%DC_TEST_EXEC%%
-
-test_dc_history9:
-	@sh $(TESTSDIR)/history.sh dc 9 %%DC_TEST_EXEC%%
-
-test_dc_history10:
-	@sh $(TESTSDIR)/history.sh dc 10 %%DC_TEST_EXEC%%
-
-test_history_header:
-	@printf '$(TEST_STARS)\n\nRunning history tests...\n\n'
-
-library_test: $(LIBBC)
-	$(CC) $(CFLAGS) -lpthread $(BCL_TEST_C) $(LIBBC) -o $(BCL_TEST)
-
-test_library: library_test
-	%%BCL_TEST_EXEC%%
-
-karatsuba:
-	%%KARATSUBA%%
-
-karatsuba_test:
-	%%KARATSUBA_TEST%%
-
-coverage_output:
-	%%COVERAGE_OUTPUT%%
-
-coverage:%%COVERAGE_PREREQS%%
 
 manpages:
 	$(MANPAGE) bc
@@ -559,37 +330,25 @@ clean_config: clean clean_benchmarks
 	@$(RM) -f compile_commands.json
 	@$(RM) -f $(BCL_PC)
 
-clean_coverage:
-	@printf 'Cleaning coverage files...\n'
-	@$(RM) -f *.gcov
-	@$(RM) -f *.html *.css
-	@$(RM) -f *.gcda *.gcno
-	@$(RM) -f *.profraw
-	@$(RM) -f $(GCDA) $(GCNO)
-	@$(RM) -f $(BC_GCDA) $(BC_GCNO)
-	@$(RM) -f $(DC_GCDA) $(DC_GCNO)
-	@$(RM) -f $(HISTORY_GCDA) $(HISTORY_GCNO)
-	@$(RM) -f $(RAND_GCDA) $(RAND_GCNO)
-	@$(RM) -f $(BC_LIB_GCDA) $(BC_LIB_GCNO)
-	@$(RM) -f $(BC_LIB2_GCDA) $(BC_LIB2_GCNO)
-	@$(RM) -f $(BC_HELP_GCDA) $(BC_HELP_GCNO)
-	@$(RM) -f $(DC_HELP_GCDA) $(DC_HELP_GCNO)
-
-clean_tests: clean clean_config clean_coverage
+test:
+	@if [ $(BC_ENABLED) -ne 0 ]; then $(TESTSDIR)/all.sh -n bc $(BC_ENABLE_EXTRA_MATH) 1 $(GENERATE_TESTS) $(PROBLEMATIC_TESTS) $(BC_EXEC); fi
+	@if [ $(DC_ENABLED) -ne 0 ]; then $(TESTSDIR)/all.sh -n dc $(BC_ENABLE_EXTRA_MATH) 1 $(GENERATE_TESTS) $(PROBLEMATIC_TESTS) $(DC_EXEC); fi
+
+clean_tests: clean clean_config
 	@printf 'Cleaning test files...\n'
 	@$(RM) -fr $(BC_TEST_OUTPUTS) $(DC_TEST_OUTPUTS)
 	@$(RM) -fr $(BC_FUZZ_OUTPUTS) $(DC_FUZZ_OUTPUTS)
-	@$(RM) -f $(TESTSDIR)/bc/parse.txt $(TESTSDIR)/bc/parse_results.txt
-	@$(RM) -f $(TESTSDIR)/bc/print.txt $(TESTSDIR)/bc/print_results.txt
+	@$(RM) -f $(TESTSDIR)/bc/parse_*.txt $(TESTSDIR)/bc/parse_*_results.txt
+	@$(RM) -f $(TESTSDIR)/bc/print_*.txt $(TESTSDIR)/bc/print_*_results.txt
 	@$(RM) -f $(TESTSDIR)/bc/bessel.txt $(TESTSDIR)/bc/bessel_results.txt
 	@$(RM) -f $(TESTSDIR)/bc/strings2.txt $(TESTSDIR)/bc/strings2_results.txt
 	@$(RM) -f $(TESTSDIR)/bc/scripts/bessel.txt
 	@$(RM) -f $(TESTSDIR)/bc/scripts/parse.txt
 	@$(RM) -f $(TESTSDIR)/bc/scripts/print.txt
-	@$(RM) -f $(TESTSDIR)/bc/scripts/add.txt
-	@$(RM) -f $(TESTSDIR)/bc/scripts/divide.txt
-	@$(RM) -f $(TESTSDIR)/bc/scripts/multiply.txt
-	@$(RM) -f $(TESTSDIR)/bc/scripts/subtract.txt
+	@$(RM) -f $(TESTSDIR)/bc/scripts/add_*.txt
+	@$(RM) -f $(TESTSDIR)/bc/scripts/divide_*.txt
+	@$(RM) -f $(TESTSDIR)/bc/scripts/multiply_*.txt
+	@$(RM) -f $(TESTSDIR)/bc/scripts/subtract_*.txt
 	@$(RM) -f $(TESTSDIR)/bc/scripts/strings2.txt
 	@$(RM) -f $(TESTSDIR)/dc/scripts/prime.txt
 	@$(RM) -f .log_*.txt
diff --git a/contrib/bc/NEWS.md b/contrib/bc/NEWS.md
index e3b1f9ecb7bc..72a276b8c015 100644
--- a/contrib/bc/NEWS.md
+++ b/contrib/bc/NEWS.md
@@ -1,5 +1,27 @@
 # News
 
+## 7.1.0
+
+This is an ***UNTESTED*** release. If you would like testing, see the
+[maintenance terms][23].
+
+This fixes a few bugs:
+
+* Improper response to double `SIGINT` with editline.
+* Not letting `libedit` handle terminal size changes.
+* A `dc` crash from improperly handling an error.
+* A duplicate check for reference arrays.
+* Build failures with GCC 15.
+
+It also has a performance increase in the `band()` function and others in the
+math library.
+
+## 7.0.3
+
+This is a production release that fixes build warnings on the musl libc.
+
+Other users do ***NOT*** need to upgrade.
+
 ## 7.0.2
 
 This is a production release that fixes `Ctrl+d` on FreeBSD and Linux when using
@@ -1588,3 +1610,4 @@ not thoroughly tested.
 [20]: https://github.com/apjanke/ronn-ng
 [21]: https://pandoc.org/
 [22]: ./scripts/locale_uninstall.sh
+[23]: ./MAINTENANCE-TERMS.md
diff --git a/contrib/bc/NOTICE.md b/contrib/bc/NOTICE.md
index 35536b2c27d7..c3c211a92309 100644
--- a/contrib/bc/NOTICE.md
+++ b/contrib/bc/NOTICE.md
@@ -1,6 +1,6 @@
 # Notice
 
-Copyright 2018-2024 Gavin D. Howard and contributors.
+Copyright 2018-2025 Gavin D. Howard and contributors.
 
 ## Contributors
 
diff --git a/contrib/bc/README.md b/contrib/bc/README.md
index 696e6186b8bd..a203386f3b65 100644
--- a/contrib/bc/README.md
+++ b/contrib/bc/README.md
@@ -1,9 +1,7 @@
 # `bc`
 
-***WARNING: New user registration for <https://git.gavinhoward.com/> is disabled
-because of spam. If you need to report a bug with `bc`, email gavin at this site
-minus the `git.` part for an account, and I will create one for you. Or you can
-report an issue at [GitHub][29].***
+***WARNING: This project has moved back to GitHub temporarily; self-hosted Git
+forges are not working for me, so I am trying to replace them.***
 
 ***WARNING: This project has moved to [https://git.gavinhoward.com/][20] for
 [these reasons][21], though GitHub will remain a mirror.***
@@ -282,6 +280,12 @@ The easiest way to run this script is with `make karatsuba`.
 If desired, maintainers can also skip running this script because there is a
 sane default for the Karatsuba number.
 
+##### `timeconst.bc`
+
+The test suite will print a warning in normal usage. The warning is about a
+missing `timeconst.bc`. This file [comes from][37] the [Linux kernel][38], which
+has an incompatible license. The warning can be ignored.
+
 ## Status
 
 This `bc` is robust.
@@ -432,6 +436,8 @@ Other projects based on this bc are:
 * [macOS `bc`][35]. Any bugs in that `bc` should be reported to me, but do
   expect bugs because the version is old.
 * [Android Open Source `bc`][32]. Any bugs in that `bc` can be reported here.
+* [A Fedora package][36]. If this package does not have any patches, you can
+  report bugs to me.
 
 This is a non-comprehensive list of Linux distros that use this `bc` as the
 system `bc`:
@@ -469,12 +475,16 @@ Files:
 	.gitignore           The git ignore file (maintainer use only).
 	.gitattributes       The git attributes file (maintainer use only).
 	bcl.pc.in            A template pkg-config file for bcl.
+	build.gaml           The GAML file with options for building under Rig.
+	build.pkg.rig        The Rig build package file.
+	build.rig            The Rig build script.
 	configure            A symlink to configure.sh to make packaging easier.
 	configure.sh         The configure script.
 	LICENSE.md           A Markdown form of the BSD 2-clause License.
 	Makefile.in          The Makefile template.
 	NEWS.md              The changelog.
 	NOTICE.md            List of contributors and copyright owners.
+	VERSION.txt          A file containing the version.
 
 Folders:
 
@@ -516,3 +526,6 @@ Folders:
 [33]: https://github.com/gentoo/gentoo/blob/master/app-alternatives/bc/bc-0.ebuild#L8
 [34]: https://www.linuxfromscratch.org/lfs/view/stable/chapter08/bc.html
 [35]: https://github.com/apple-oss-distributions/bc/tree/main/bc
+[36]: https://copr.fedorainfracloud.org/coprs/tkbcopr/bc-gh/
+[37]: https://github.com/torvalds/linux/blob/master/kernel/time/timeconst.bc
+[38]: https://github.com/torvalds/linux
diff --git a/contrib/bc/VERSION.txt b/contrib/bc/VERSION.txt
new file mode 100644
index 000000000000..a3fcc7121bba
--- /dev/null
+++ b/contrib/bc/VERSION.txt
@@ -0,0 +1 @@
+7.1.0
diff --git a/contrib/bc/build.gaml b/contrib/bc/build.gaml
new file mode 100644
index 000000000000..b8ce873835b5
--- /dev/null
+++ b/contrib/bc/build.gaml
@@ -0,0 +1,402 @@
+/*
+ * *****************************************************************************
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ *
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, this
+ *   list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ *   this list of conditions and the following disclaimer in the documentation
+ *   and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ * *****************************************************************************
+ *
+ * The build options file.
+ *
+ */
+
+project: @com.gavinhoward.bc
+
+language: @C11
+
+version: {
+	min: @24.04.05
+}
+
+mode: {
+	language: @iterative
+	stampers: @metadata
+	dependencies: @dynamic
+}
+
+default_target: @all
+
+presets: {
+	debug: {
+		debug: true
+		optimization: "0"
+		memcheck: true
+		devtools: true
+		strip: false
+	}
+	release: {
+		optimization: "3"
+		lto: true
+	}
+	// This is the predefined build for BSDs.
+	bsd: {
+		optimization: "3"
+		history: @editline
+		generated_tests: false
+		install_manpages: false
+		install_locales: @system
+		strip: true
+		bc_default_banner: false
+		bc_default_sigint_reset: true
+		dc_default_sigint_reset: true
+		bc_default_tty_mode: true
+		dc_default_tty_mode: false
+		bc_default_prompt: @off
+		dc_default_prompt: @off
+		bc_default_expr_exit: true
+		dc_default_expr_exit: true
+		bc_default_digit_clamp: false
+		dc_default_digit_clamp: false
+	}
+	// This is the predefined build to match the GNU bc/dc.
+	gnu: {
+		optimization: "3"
+		generated_tests: false
+		install_manpages: true
+		install_locales: @system
+		strip: true
+		bc_default_banner: true
+		bc_default_sigint_reset: true
+		dc_default_sigint_reset: false
+		bc_default_tty_mode: true
+		dc_default_tty_mode: false
+		bc_default_prompt: @tty_mode
+		dc_default_prompt: @tty_mode
+		bc_default_expr_exit: true
+		dc_default_expr_exit: true
+		bc_default_digit_clamp: false
+		dc_default_digit_clamp: false
+	}
+	// This is the preferred release build of the author, Gavin D. Howard.
+	gdh: {
+		optimization: "3"
+		install_manpages: true
+		install_locales: @none
+		bc/default_banner: true
+		bc/default_sigint_reset: true
+		dc/default_sigint_reset: true
+		bc/default_tty_mode: true
+		dc/default_tty_mode: true
+		bc/default_prompt: @tty_mode
+		dc/default_prompt: @tty_mode
+		bc/default_expr_exit: false
+		dc/default_expr_exit: false
+		bc/default_digit_clamp: true
+		dc/default_digit_clamp: true
+	}
+	// This is the preferred debug build of the author, Gavin D. Howard.
+	dbg: {
+		optimization: "0"
+		debug: true
+		strip: false
+		install_manpages: true
+		install_locales: @system
+		bc/default_banner: true
+		bc/default_sigint_reset: true
+		dc/default_sigint_reset: true
+		bc/default_tty_mode: true
+		dc/default_tty_mode: true
+		bc/default_prompt: @tty_mode
+		dc/default_prompt: @tty_mode
+		bc/default_expr_exit: false
+		dc/default_expr_exit: false
+		bc/default_digit_clamp: true
+		dc/default_digit_clamp: true
+	}
+}
+
+default_development: @debug
+default_release: @release
+
+options: {
+	build_mode: {
+		type: @option
+		options: [
+			@both
+			@bc
+			@dc
+			@library
+		]
+		default: @both
+		desc: "Which of the executables or library to build."
+	}
+	extra_math: {
+		type: @bool
+		default: true
+		desc: "Enable the extra math extensions."
+	}
+	history: {
+		type: @option
+		options: [
+			@none
+			@builtin
+			@editline
+			@readline
+		]
+		default: @builtin
+		desc: "Which history implementation should be used, if any."
+	}
+	locales: {
+		type: @option
+		options: [
+			@none
+			@system
+			@all
+		]
+		default: @system
+		desc: "Whether to disable locales, use just the system ones, or use all (for building a package)."
+	}
+	bc/default_banner: {
+		type: @bool
+		default: false
+		desc: "Whether to display the bc version banner by default when in interactive mode."
+	}
+	bc/default_sigint_reset: {
+		type: @bool
+		default: true
+		desc: "Whether SIGINT will reset bc by default, instead of exiting, when in interactive mode."
+	}
+	dc/default_sigint_reset: {
+		type: @bool
+		default: true
+		desc: "Whether SIGINT will reset dc by default, instead of exiting, when in interactive mode."
+	}
+	bc/default_tty_mode: {
+		type: @bool
+		default: true
+		desc: "Whether TTY mode for bc should be on by default when available."
+	}
+	dc/default_tty_mode: {
+		type: @bool
+		default: false
+		desc: "Whether TTY mode for dc should be on by default when available."
+	}
+	bc/default_prompt: {
+		type: @option
+		options: [
+			@off
+			@tty_mode
+			@on
+		]
+		default: @tty_mode
+		desc: "Whether the prompt for bc should be on by default in TTY mode. This defaults to match TTY mode."
+	}
+	dc/default_prompt: {
+		type: @option
+		options: [
+			@off
+			@tty_mode
+			@on
+		]
+		default: @tty_mode
+		desc: "Whether the prompt for dc should be on by default in TTY mode. This defaults to match TTY mode."
+	}
+	bc/default_expr_exit: {
+		type: @bool
+		default: true
+		desc: "Whether to exit bc by default if an expression or expression file is given with the -e or -f options."
+	}
+	dc/default_expr_exit: {
+		type: @bool
+		default: true
+		desc: "Whether to exit dc by default if an expression or expression file is given with the -e or -f options."
+	}
+	bc/default_digit_clamp: {
+		type: @bool
+		default: false
+		desc: "Whether to have bc, by default, clamp digits that are greater than or equal to the current ibase when parsing numbers."
+	}
+	dc/default_digit_clamp: {
+		type: @bool
+		default: false
+		desc: "Whether to have dc, by default, clamp digits that are greater than or equal to the current ibase when parsing numbers."
+	}
+	karatsuba_len: {
+		type: @num
+		default: 32
+		desc: "Set the Karatsuba length (default is 32). Must be a number and greater than or equal to 16."
+	}
+	execprefix: {
+		type: @string
+		default: ""
+		desc: "The prefix to prepend to the executable names, to prevent collisions."
+	}
+	execsuffix: {
+		type: @string
+		default: ""
+		desc: "The suffix to append to the executable names, to prevent collisions."
+	}
+	debug: {
+		type: @bool
+		default: false
+		desc: "Enable debug info."
+	}
+	optimization: {
+		type: @string
+		default: "0"
+		desc: "The optimization level for the C compiler."
+	}
+	lto: {
+		type: @bool
+		default: false
+		desc: "Build with link-time optimization, if available."
+	}
+	strip: {
+		type: @bool
+		default: true
+		desc: "Strip any binaries."
+	}
+	strict: {
+		type: @bool
+		default: true
+		desc: "Build with strict compiler options."
+	}
+	force: {
+		type: @bool
+		default: false
+		desc: "Force options that don't work. THIS IS FOR DEV ONLY!"
+	}
+	memcheck: {
+		type: @bool
+		default: false
+		desc: "Enable memcheck mode, to check for memory leaks."
+	}
+	valgrind: {
+		type: @bool
+		default: false
+		desc: "Enable Valgrind mode, to check for memory bugs."
+	}
+	afl: {
+		type: @bool
+		default: false
+		desc: "Enable AFL++ mode."
+	}
+	ossfuzz: {
+		type: @bool
+		default: false
+		desc: "Enable OSSFUZZ mode."
+	}
+	generated_tests: {
+		type: @bool
+		default: true
+		desc: "Enable tests generated from a GNU bc-compatible program."
+	}
+	problematic_tests: {
+		type: @bool
+		default: true
+		desc: "Enable tests that may be problematic."
+	}
+	coverage: {
+		type: @bool
+		default: false
+		desc: "Enable code coverage (only works on GCC)."
+	}
+	install_manpages: {
+		type: @bool
+		default: true
+		desc: "Whether to install manpages or not."
+	}
+	cflags: {
+		type: @list
+		default: []
+		desc: "The command-line flags for the C compiler."
+	}
+	ldflags: {
+		type: @list
+		default: []
+		desc: "The command-line flags for the C linker."
+	}
+	destdir: {
+		type: @path
+		default: ""
+		desc: "The equivalent of $DESTDIR in other build systems."
+	}
+	prefix: {
+		type: @path
+		default: "/usr/local"
+		desc: "The default prefix to install everything into."
+	}
+	bindir: {
+		type: @path
+		default: ""
+		desc: "The directory to install executables into. Defaults to \"$prefix/bin\"."
+	}
+	libdir: {
+		type: @path
+		default: ""
+		desc: "The directory to install libraries into. Defaults to \"$prefix/lib\"."
+	}
+	includedir: {
+		type: @path
+		default: ""
+		desc: "The location to install headers in. Defaults to \"$prefix/include\"."
+	}
+	nlspath: {
+		type: @path
+		default: "/usr/share/locale/%L/%N"
+		desc: "The location to install locales."
+	}
+	pc_path: {
+		type: @path
+		default: ""
+		desc: "The location to pkg-config files to. Defaults to the output of `pkg-config --variable=pc_path pkg-config`."
+	}
+	datarootdir: {
+		type: @path
+		default: ""
+		desc: "The root directory for data files. Defaults to `$prefix/share`."
+	}
+	datadir: {
+		type: @path
+		default: ""
+		desc: "The directory for data files. Defaults to `$datarootdir`."
+	}
+	mandir: {
+		type: @path
+		default: ""
+		desc: "The root directory for manpages. Defaults to `$datadir/man`."
+	}
+	man1dir: {
+		type: @path
+		default: ""
+		desc: "The directory for manpages in section 1. Defaults to `$mandir/man1`."
+	}
+	man3dir: {
+		type: @path
+		default: ""
+		desc: "The directory for manpages in section 3. Defaults to `$mandir/man3`."
+	}
+}
diff --git a/contrib/bc/build.pkg.rig b/contrib/bc/build.pkg.rig
new file mode 100644
index 000000000000..d607e8885737
--- /dev/null
+++ b/contrib/bc/build.pkg.rig
@@ -0,0 +1,2345 @@
+/*
+ * *****************************************************************************
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ *
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, this
+ *   list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ *   this list of conditions and the following disclaimer in the documentation
+ *   and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ * *****************************************************************************
+ *
+ * The build package file.
+ *
+ */
+
+/// The path to the safe install script.
+SAFE_INSTALL: str = path.join(src_dir, "scripts/safe-install.sh");
+
+/// The file mode for executables, as an argument to the safe install script.
+EXEC_INSTALL_MODE: str = "-Dm755";
+
+/// The file mode for man pages and other files, as an argument to the safe
+/// install script.
+MANPAGE_INSTALL_MODE: str = "-Dm644";
+
+// Save this.
+OS: str = platform.os;
+
+DESTDIR: str = str(config["destdir"]);
+
+EXECPREFIX: str = str(config["execprefix"]);
+EXECSUFFIX: str = str(config["execsuffix"]);
+
+/**
+ * Generates the true executable name for the given base name.
+ * @param name  The base name of the executable.
+ * @return      The true name of the executable, including prefix, suffix, and
+                extension.
+ */
+fn exe_name(name: str) -> str
+{
+	temp: str = EXECPREFIX +~ name +~ EXECSUFFIX;
+	return if OS == "Windows" { temp +~ ".exe"; } else { temp; };
+}
+
+/**
+ * Generates the default executable name for the given base name.
+ * @param name  The base name of the executable.
+ * @return      The true name of the executable, including prefix, suffix, and
+                extension.
+ */
+fn default_exe_name(name: str) -> str
+{
+	return if OS == "Windows" { name +~ ".exe"; } else { name; };
+}
+
+/**
+ * Generates the true library name for the given base name.
+ * @param name  The base name of the library.
+ * @return      The true name of the library, including prefix and extension.
+ */
+fn lib_name(name: str) -> str
+{
+	ext: str = if OS == "Windows" { ".lib"; } else { ".a"; };
+	return "lib" +~ name +~ ext;
+}
+
+BC_BIN: str = exe_name("bc");
+DC_BIN: str = exe_name("dc");
+LIBRARY: str = lib_name("libbcl");
+
+BC_MANPAGE: str = EXECPREFIX +~ "bc" +~ EXECSUFFIX +~ ".1";
+DC_MANPAGE: str = EXECPREFIX +~ "dc" +~ EXECSUFFIX +~ ".1";
+BCL_MANPAGE: str = "bcl.3";
+
+BCL_HEADER: str = "bcl.h";
+BCL_HEADER_PATH: str = path.join(src_dir, path.join("include", BCL_HEADER));
+PC_FILE: str = "bcl.pc";
+
+/**
+ * Returns the string value of the define for a prompt default define for an
+ * executable.
+ * @param name  The base name of the executable.
+ * @return      The string value of the compiler define for the prompt default.
+ */
+fn prompt(name: str) -> str
+{
+	opt: sym = sym(config[name +~ "/default_prompt"]);
+
+	ret: str =
+	if opt == @off
+	{
+		"0";
+	}
+	else if opt == @tty_mode
+	{
+		str(uint(bool(config[name +~ "/default_tty_mode"])));
+	}
+	else
+	{
+		"1";
+	};
+
+	return ret;
+}
+
+HEADERS: []str = find_src_ext("include", "h");
+
+FORCE: bool = bool(config["force"]);
+
+BUILD_MODE: sym = sym(config["build_mode"]);
+
+BC_ENABLED: str = str(uint(BUILD_MODE == @both || BUILD_MODE == @bc));
+DC_ENABLED: str = str(uint(BUILD_MODE == @both || BUILD_MODE == @dc));
+LIBRARY_ENABLED: str = str(uint(BUILD_MODE == @library));
+
+EXTRA_MATH_ENABLED: str = str(uint(bool(config["extra_math"])));
+
+HISTORY: sym = sym(config["history"]);
+HISTORY_ENABLED: str = str(uint(HISTORY != @none));
+EDITLINE_ENABLED: str = str(uint(HISTORY == @editline));
+READLINE_ENABLED: str = str(uint(HISTORY == @readline));
+
+NLS_ENABLED: str =
+if OS == "Windows" || BUILD_MODE == @library
+{
+	"0";
+}
+else
+{
+	str(uint(sym(config["locales"]) != @none));
+};
+
+BUILD_TYPE: str =
+if EXTRA_MATH_ENABLED != "0" && HISTORY_ENABLED != "0" && NLS_ENABLED != "0"
+{
+	"A";
+}
+else
+{
+	t: str = if EXTRA_MATH_ENABLED != "0" { ""; } else { "E"; } +~
+	         if HISTORY_ENABLED != "0" { ""; } else { "H"; } +~
+	         if NLS_ENABLED != "0" { ""; } else { "N"; };
+
+	t;
+};
+
+OPTIMIZE: str = str(config["optimization"]);
+
+VALGRIND_ARGS: []str = @[
+	"valgrind",
+	"--error-exitcode=100",
+	"--leak-check=full",
+	"--show-leak-kinds=all",
+	"--errors-for-leak-kinds=all",
+	"--track-fds=yes",
+	"--track-origins=yes",
+];
+
+// Get the compiler. The user might have set one at the command line.
+CC: str = language.compiler;
+
+// Set optimization to "0" if it is empty.
+CFLAGS_OPT: str = if OPTIMIZE == "" { "0"; } else { OPTIMIZE; };
+
+// Get the command-line option for defining a preprocessor variable.
+DEFOPT: str = compiler_db["opt.define"];
+
+// Get the command-line string for the optimization option for the compiler.
+OPTOPT: str = compiler_db["opt.optimization"] +~ CFLAGS_OPT;
+
+// Get the compiler option for the object file to output to.
+OBJOUTOPT: str = compiler_db["opt.objout"];
+EXEOUTOPT: str = compiler_db["opt.exeout"];
+
+// Get the compiler option for outputting an object file rather than an
+// executable.
+OBJOPT: str = compiler_db["opt.obj"];
+
+// Get the compiler option for setting an include directory.
+INCOPT: str = compiler_db["opt.include"] +~ path.join(src_dir, "include");
+
+COVERAGE_CFLAGS: []str =
+if bool(config["coverage"])
+{
+	@[ "-fprofile-arcs", "-ftest-coverage", "-g", "-O0", DEFOPT +~ "NDEBUG" ];
+};
+
+MAINEXEC: str =
+if BUILD_MODE == @both || BUILD_MODE == @bc || BUILD_MODE == @library
+{
+	BC_BIN;
+}
+else
+{
+	DC_BIN;
+};
+
+MAINEXEC_FLAGS: []str = @[ DEFOPT +~ "MAINEXEC=" +~ MAINEXEC ];
+
+// XXX: Library needs these defines to be true.
+BC_DEF: str = if LIBRARY_ENABLED == "0" { BC_ENABLED; } else { "1"; };
+DC_DEF: str = if LIBRARY_ENABLED == "0" { DC_ENABLED; } else { "1"; };
+
+CFLAGS1: []str = config_list["cflags"] +~ @[ OPTOPT, INCOPT ] +~
+                 COVERAGE_CFLAGS +~ MAINEXEC_FLAGS;
+CFLAGS2: []str = @[
+	DEFOPT +~ "BC_ENABLED=" +~ BC_DEF,
+	DEFOPT +~ "DC_ENABLED=" +~ DC_DEF,
+	DEFOPT +~ "BUILD_TYPE=" +~ BUILD_TYPE,
+	DEFOPT +~ "EXECPREFIX=" +~ str(config["execprefix"]),
+	DEFOPT +~ "BC_NUM_KARATSUBA_LEN=" +~ str(num(config["karatsuba_len"])),
+	DEFOPT +~ "BC_ENABLE_LIBRARY=" +~ LIBRARY_ENABLED,
+	DEFOPT +~ "BC_ENABLE_NLS=" +~ NLS_ENABLED,
+	DEFOPT +~ "BC_ENABLE_EXTRA_MATH=" +~ EXTRA_MATH_ENABLED,
+	DEFOPT +~ "BC_ENABLE_HISTORY=" +~ HISTORY_ENABLED,
+	DEFOPT +~ "BC_ENABLE_EDITLINE=" +~ EDITLINE_ENABLED,
+	DEFOPT +~ "BC_ENABLE_READLINE=" +~ READLINE_ENABLED,
+	DEFOPT +~ "BC_ENABLE_MEMCHECK=" +~ str(uint(bool(config["memcheck"]))),
+	DEFOPT +~ "BC_ENABLE_AFL=" +~ str(uint(bool(config["afl"]))),
+	DEFOPT +~ "BC_ENABLE_OSSFUZZ=" +~ str(uint(bool(config["ossfuzz"]))),
+	DEFOPT +~ "BC_DEFAULT_BANNER=" +~
+	    str(uint(bool(config["bc/default_banner"]))),
+	DEFOPT +~ "BC_DEFAULT_SIGINT_RESET=" +~
+	    str(uint(bool(config["bc/default_sigint_reset"]))),
+	DEFOPT +~ "BC_DEFAULT_TTY_MODE=" +~
+	    str(uint(bool(config["bc/default_tty_mode"]))),
+	DEFOPT +~ "BC_DEFAULT_PROMPT=" +~ prompt("bc"),
+	DEFOPT +~ "BC_DEFAULT_EXPR_EXIT=" +~
+	    str(uint(bool(config["bc/default_expr_exit"]))),
+	DEFOPT +~ "BC_DEFAULT_DIGIT_CLAMP=" +~
+	    str(uint(bool(config["bc/default_digit_clamp"]))),
+	DEFOPT +~ "DC_DEFAULT_SIGINT_RESET=" +~
+	    str(uint(bool(config["dc/default_sigint_reset"]))),
+	DEFOPT +~ "DC_DEFAULT_TTY_MODE=" +~
+	    str(uint(bool(config["dc/default_tty_mode"]))),
+	DEFOPT +~ "DC_DEFAULT_PROMPT=" +~ prompt("dc"),
+	DEFOPT +~ "DC_DEFAULT_EXPR_EXIT=" +~
+	    str(uint(bool(config["dc/default_expr_exit"]))),
+	DEFOPT +~ "DC_DEFAULT_DIGIT_CLAMP=" +~
+	    str(uint(bool(config["dc/default_digit_clamp"]))),
+];
+CFLAGS: []str = CFLAGS1 +~ CFLAGS2;
+
+LDFLAGS: []str = config_list["ldflags"];
+
+COMMON_C_FILES: []str = @[
+	"src/data.c",
+	"src/num.c",
+	"src/rand.c",
+	"src/vector.c",
+	"src/vm.c",
+];
+
+EXEC_C_FILES: []str = @[
+	"src/args.c",
+	"src/file.c",
+	"src/lang.c",
+	"src/lex.c",
+	"src/main.c",
+	"src/opt.c",
+	"src/parse.c",
+	"src/program.c",
+	"src/read.c",
+];
+
+BC_C_FILES: []str = @[
+	"src/bc.c",
+	"src/bc_lex.c",
+	"src/bc_parse.c",
+];
+
+DC_C_FILES: []str = @[
+	"src/dc.c",
+	"src/dc_lex.c",
+	"src/dc_parse.c",
+];
+
+HISTORY_C_FILES: []str = @[
+	"src/history.c",
+];
+
+LIBRARY_C_FILES: []str = @[
+	"src/library.c",
+];
+
+GEN_HEADER1: str =
+    "// Copyright (c) 2018-2025 Gavin D. Howard and contributors.\n" +~
+    "// Licensed under the 2-clause BSD license.\n" +~
+    "// *** AUTOMATICALLY GENERATED FROM ";
+GEN_HEADER2: str = ". DO NOT MODIFY. ***\n\n";
+
+GEN_LABEL1: str = "const char *";
+GEN_LABEL2: str = " = \"";
+GEN_LABEL3: str = "\";\n\n";
+GEN_NAME1: str = "const char ";
+GEN_NAME2: str = "[] = {\n";
+
+GEN_LABEL_EXTERN1: str = "extern const char *";
+GEN_LABEL_EXTERN2: str = ";\n\n";
+GEN_NAME_EXTERN1: str = "extern const char ";
+GEN_NAME_EXTERN2: str = "[];\n\n";
+
+GEN_IFDEF1: str = "#if ";
+GEN_IFDEF2: str = "\n";
+GEN_ENDIF1: str = "#endif // ";
+GEN_ENDIF2: str = "\n";
+
+GEN_EX_START: str = "{{ A H N HN }}";
+GEN_EX_END: str = "{{ end }}";
+
+/// This is the max width to print characters to strgen files. This is to ensure
+/// that lines don't go much over 80 characters.
+MAX_WIDTH: usize = usize(72);
+
+/**
+ * A function to generate a C file that contains a C character array with the
+ * contents of a text file. For more detail, see the `gen/strgen.c` program;
+ * this function is exactly equivalent to that or should be.
+ * @param input        The input file name.
+ * @param output       The output file name.
+ * @param exclude      True if extra math stuff should be excluded, false if
+ *                     they should be included.
+ * @param name         The name of the array.
+ * @param label        If not equal to "", this is the label for the array,
+ *                     which is essentially the "file name" in `bc` and `dc`.
+ * @param define       If not equal to "", this is the preprocessor define
+ *                     expression that should be used to guard the array with a
+ *                     `#if`/`#endif` combo.
+ * @param remove_tabs  True if tabs should be ignored, false if they should be
+ *                     included.
+ */
+fn strgen(
+	input: str,
+	output: str,
+	exclude: bool,
+	name: str,
+	label: str,
+	def: str,
+	remove_tabs: bool,
+) -> void
+{
+	in: str = io.read_file(input);
+
+	io.open(output, "w"): f
+	{
+		f.print(GEN_HEADER1 +~ input +~ GEN_HEADER2);
+
+		if label != ""
+		{
+			f.print(GEN_LABEL_EXTERN1 +~ label +~ GEN_LABEL_EXTERN2);
+		}
+
+		f.print(GEN_NAME_EXTERN1 +~ name +~ GEN_NAME_EXTERN2);
+
+		if def != ""
+		{
+			f.print(GEN_IFDEF1 +~ def +~ GEN_IFDEF2);
+		}
+
+		if label != ""
+		{
+			f.print(GEN_LABEL1 +~ label +~ GEN_LABEL2 +~ name +~ GEN_LABEL3);
+		}
+
+		f.print(GEN_NAME1 +~ name +~ GEN_NAME2);
+
+		i: !usize = usize(0);
+		count: !usize = usize(0);
+		slashes: !usize = usize(0);
+
+		// This is where the end of the license comment is found.
+		while slashes < 2 && in[i] > 0
+		{
+			if slashes == 1 && in[i] == '*' && in[i + 1] == '/' &&
+			   (in[i + 2] == '\n' || in[i + 2] == '\r')
+			{
+				slashes! = slashes + usize(1);
+				i! = i + usize(2);
+			}
+			else if slashes == 0 && in[i] == '/' && in[i + 1] == '*'
+			{
+				slashes! = slashes + usize(1);
+				i! = i + usize(1);
+			}
+
+			i! = i + usize(1);
+		}
+
+		// The file is invalid if the end of the license comment could not be
+		// found.
+		if i == in.len
+		{
+			error("Could not find end of license comment");
+		}
+
+		i! = i + usize(1);
+
+		// Do not put extra newlines at the beginning of the char array.
+		while in[i] == '\n' || in[i] == '\r'
+		{
+			i! = i + usize(1);
+		}
+
+		// This loop is what generates the actual char array. It counts how many
+		// chars it has printed per line in order to insert newlines at
+		// appropriate places. It also skips tabs if they should be removed.
+		while i < in.len
+		{
+			if in[i] == '\r'
+			{
+				i! = i + usize(1);
+				continue;
+			}
+
+			// If we should output the character, i.e., it is not a tab or we
+			// can remove tabs...
+			if !remove_tabs || in[i] != '\t'
+			{
+				// Check for excluding something for extra math.
+				if in[i] == '{'
+				{
+					if i + GEN_EX_START.len <= in.len &&
+					   in.slice(i, i + GEN_EX_START.len) == GEN_EX_START
+					{
+						if exclude
+						{
+							// Get past the braces.
+							i! = i + usize(2);
+
+							// Find the end of the end.
+							while in[i] != '{' &&
+							      in.slice(i, i + GEN_EX_END.len) != GEN_EX_END
+							{
+								i! = i + usize(1);
+							}
+
+							i! = i + GEN_EX_END.len;
+
+							// Skip the last newline.
+							if in[i] == '\r'
+							{
+								i! = i + usize(1);
+							}
+
+							i! = i + usize(1);
+
+							continue;
+						}
+					}
+					else if !exclude &&
+					        in.slice(i, i + GEN_EX_END.len) == GEN_EX_END
+					{
+						i! = i + GEN_EX_END.len;
+
+						// Skip the last newline.
+						if in[i] == '\r'
+						{
+							i! = i + usize(1);
+						}
+
+						i! = i + usize(1);
+
+						continue;
+					}
+				}
+
+				// Print a tab if we are at the beginning of a line.
+				if count == 0
+				{
+					f.print("\t");
+				}
+
+				val: str = str(in[i]) +~ ",";
+
+				// Print the character.
+				f.print(val);
+
+				// Adjust the count.
+				count! = count + val.len;
+
+				if count > MAX_WIDTH
+				{
+					count! = usize(0);
+					f.print("\n");
+				}
+			}
+
+			i! = i + usize(1);
+		}
+
+		// Make sure the end looks nice.
+		if count == 0
+		{
+			f.print("  ");
+		}
+
+		// Insert the NUL byte at the end.
+		f.print("0\n};\n");
+
+		if def != ""
+		{
+			f.print(GEN_ENDIF1 +~ def +~ GEN_ENDIF2);
+		}
+	}
+}
+
+/**
+ * Creates a target to generate an object file from the given C file and returns
+ * the target name of the new target.
+ * @param c_file  The name of the C file target.
+ * @return        The name of the object file target.
+ */
+fn c2o(c_file: str) -> str
+{
+	o_file: str = c_file +~ (if OS == "Windows" { ".obj"; } else { ".o"; });
+
+	target o_file: c_file, HEADERS
+	{
+		$ $CC %(config_list["other_cflags"]) %(CFLAGS) $OBJOPT $OBJOUTOPT @(tgt)
+		  @(file_dep);
+	}
+
+	return o_file;
+}
+
+/**
+ * Generates a target to turn a text file into a C file with the text file's
+ * contents as a char array, then generates a target to generate an object file
+ * from that C file, then returns the name of the object file target.
+ * @param txt_file     The name of the text file.
+ * @param name         The name of the char array in the C file.
+ * @param label        The label for the array, if any. (See the @a strgen()
+ *                     function for more information.)
+ * @param def          The preprocessor define(s) to guard the array, if any.
+ *                     (See the @a strgen() function for more information.)
+ * @param remove_tabs  True if tabs should be ignored, false otherwise. (See the
+ *                     @a strgen() function for more information.)
+ * @return             The name of the object file target.
+ */
+fn txt2o(
+	txt_file: str,
+	name: str,
+	label: str,
+	def: str,
+	remove_tabs: bool,
+) -> str
+{
+	c_file: str = txt_file +~ ".c";
+
+	c_config: Gaml = @(gaml){
+		strgen_name: $name
+		strgen_label: $label
+		strgen_define: $def
+		strgen_remove_tabs: $remove_tabs
+	};
+
+	push c_config: config_stack
+	{
+		target c_file: txt_file
+		{
+			strgen(file_dep, tgt, EXTRA_MATH_ENABLED == "0",
+			       str(config["strgen_name"]), str(config["strgen_label"]),
+			       str(config["strgen_define"]),
+			       bool(config["strgen_remove_tabs"]));
+		}
+	}
+
+	return c2o(c_file);
+}
+
+/**
+ * Generates a target for an executable and returns its name.
+ * @param name     The name of the executable.
+ * @param o_files  The object files for the executable.
+ * @return         The name of the generated target.
+ */
+fn exe(name: str, o_files: []str) -> void
+{
+	target name: o_files
+	{
+		$ $CC %(config_list["other_cflags"]) %(config_list["strip_flag"])
+		  %(CFLAGS) %(LDFLAGS) $EXEOUTOPT @(tgt) %(file_deps);
+	}
+}
+
+/**
+ * Generates a target for a link.
+ * @param name  The name of the link.
+ * @param exec  The name of the executable target.
+ */
+fn ln(name: str, exec: str) -> void
+{
+	if OS == "Windows"
+	{
+		target name: exec
+		{
+			$ copy /v /y /b @(file_dep) @(tgt);
+		}
+	}
+	else
+	{
+		target name: exec
+		{
+			$ ln -fs @("./" +~ path.basename(file_dep)) @(tgt);
+		}
+	}
+}
+
+/**
+ * Generates a target for a library.
+ * @param name  The name of the library.
+ * @param exec  The name of the executable target.
+ */
+fn lib(name: str, o_files: []str) -> void
+{
+	if OS == "WINDOWS"
+	{
+		exe(name, o_files);
+	}
+	else
+	{
+		target name: o_files
+		{
+			$ ar -r -cu @(tgt) %(file_deps);
+		}
+	}
+}
+
+fn check_err_test(
+	name: str,
+	res: CmdResult,
+) -> void
+{
+	if res.exitcode > 127
+	{
+		error("Test \"" +~ name +~ "\" crashed");
+	}
+
+	if res.exitcode == 0
+	{
+		error("Test \"" +~ name +~ "\" returned no error");
+	}
+
+	if res.exitcode == 100
+	{
+		error("Test \"" +~ name +~ "\" had memory errors on non-fatal error\n");
+	}
+
+	if res.stderr.len <= 1
+	{
+		error("Test \"" +~ name +~ "\" produced no error message");
+	}
+}
+
+fn check_test_retcode(
+	name: str,
+	exitcode: uint,
+) -> void
+{
+	if exitcode != 0
+	{
+		error("Test \"" +~ name +~ "\" failed with exitcode: " +~
+		      str(exitcode) +~ "\n");
+	}
+}
+
+fn check_test(
+	name: str,
+	res: CmdResult,
+	exp_path: str,
+) -> void
+{
+	check_test_retcode(name, res.exitcode);
+
+	exp := io.read_file_bytes(exp_path);
+
+	if exp != res.stdout_full
+	{
+		error("Test \"" +~ name +~ "\" failed\n" +~ str(res.stderr));
+	}
+}
+
+fn register_standard_tests(
+	bin: str,
+	testdir: str,
+	src_testdir: str,
+	extra: bool,
+) -> void
+{
+	all_file: str = path.join(src_testdir, "all.txt");
+	tests: []str = io.read_file(all_file).split("\n");
+
+	extra_path := path.join(src_dir, "tests/extra_required.txt");
+	extra_required: []str = io.read_file(extra_path).split("\n");
+
+	for t: tests
+	{
+		if t == ""
+		{
+			continue;
+		}
+
+		// Skip extra math tests if it is not enabled.
+		if !extra && extra_required contains t
+		{
+			continue;
+		}
+
+		test sym(path.join(testdir, t)): bin
+		{
+			halt: str = str(config["halt"]);
+
+			name: str = path.basename(tgt_name);
+			testdir: str = path.dirname(tgt_name);
+			calc: str = path.basename(testdir);
+
+			test_file: str = tgt_name +~ ".txt";
+			test_result_file: str = tgt_name +~ "_results.txt";
+
+			src_test_file: str = path.join(src_dir, test_file);
+			src_test_result_file: str = path.join(src_dir, test_result_file);
+
+			actual_test_file: str =
+			if !path.isfile(src_test_file)
+			{
+				// If we shouldn't generate tests, skip.
+				if !bool(config["generated_tests"])
+				{
+					io.eprint("Skipping test " +~ tgt_name +~ "\n");
+					return;
+				}
+
+				script_name: str = name +~ "." +~ calc;
+
+				scriptdir: str = path.join(testdir, "scripts");
+				src_scriptdir: str = path.join(src_dir, scriptdir);
+				src_script_name: str = path.join(src_scriptdir, script_name);
+
+				$ @(default_exe_name(calc)) $src_script_name > $test_file;
+
+				test_file;
+			}
+			else
+			{
+				src_test_file;
+			};
+
+			exp_result_file: str =
+			if !path.isfile(src_test_result_file)
+			{
+				tmpfile: str = path.tmp(calc +~ "_test_result");
+
+				$ @(default_exe_name(calc)) %(config_list["gen_options"])
+				  $actual_test_file << $halt > $tmpfile;
+
+				tmpfile;
+			}
+			else
+			{
+				src_test_result_file;
+			};
+
+			res := $ %(config_list["args"]) %(config_list["options"])
+			         $actual_test_file << $halt;
+
+			check_test(tgt_name, res, exp_result_file);
+		}
+	}
+}
+
+fn register_script_tests(
+	bin: str,
+	testdir: str,
+	src_testdir: str,
+	extra: bool,
+) -> void
+{
+	scriptdir: str = path.join(testdir, "scripts");
+	src_scriptdir: str = path.join(src_testdir, "scripts");
+	all_file: str = path.join(src_scriptdir, "all.txt");
+	tests: []str = io.read_file(all_file).split("\n");
+
+	for t: tests
+	{
+		if t == ""
+		{
+			continue;
+		}
+
+		// Skip extra math tests if it is not enabled.
+		if !extra && (t == "rand.bc" || t == "root.bc" || t == "i2rand.bc")
+		{
+			continue;
+		}
+
+		test sym(path.join(scriptdir, t)): bin
+		{
+			halt: str = str(config["halt"]);
+
+			name: str = path.basename(tgt_name);
+			testdir: str = path.dirname(tgt_name);
+			testdir2: str = path.dirname(testdir);
+			calc: str = path.basename(testdir2);
+
+			test_file: str = tgt_name;
+			test_file_dir: str = path.dirname(tgt_name);
+			test_file_name: str = path.basename(tgt_name, "." +~ calc);
+			test_result_file: str = path.join(test_file_dir,
+			                                  test_file_name +~ ".txt");
+
+			src_test_file: str = path.join(src_dir, test_file);
+			src_test_result_file: str = path.join(src_dir, test_result_file);
+
+			exp_result_file: str =
+			if !path.isfile(src_test_result_file)
+			{
+				tmpfile: str = path.tmp(calc +~ "_script_test_result");
+
+				// This particular test needs to be generated straight. Also, on
+				// Windows, we don't have `sed`, and the `bc`/`dc` there is
+				// probably this one anyway.
+				if name == "stream.dc" || host.os == "Windows"
+				{
+					$ @(default_exe_name(calc)) $src_test_file << $halt
+					  > $tmpfile;
+				}
+				else
+				{
+					root_testdir: str = path.join(src_dir, "tests");
+
+					// This sed and the script are to remove an incompatibility
+					// with GNU bc, where GNU bc is wrong. See the development
+					// manual (manuals/development.md#script-tests) for more
+					// information.
+					$ @(default_exe_name(calc)) $src_test_file << $halt |
+					  sed -n -f @(path.join(root_testdir, "script.sed"))
+					  > $tmpfile;
+				}
+
+				tmpfile;
+			}
+			else
+			{
+				src_test_result_file;
+			};
+
+			if calc == "bc"
+			{
+				res1 := $ %(config_list["args"]) -g
+				          %(config_list["script_options"]) $src_test_file
+				          << $halt;
+
+				check_test(tgt_name, res1, exp_result_file);
+			}
+
+			// These tests do not need to run without global stacks.
+			if name == "globals.bc" || name == "references.bc" ||
+			   name == "rand.bc"
+			{
+				return;
+			}
+
+			res2 := $ %(config_list["args"]) %(config_list["script_options"])
+			          $src_test_file << $halt;
+
+			check_test(tgt_name, res2, exp_result_file);
+		}
+	}
+}
+
+fn register_stdin_test(
+	bin: str,
+	testdir: str,
+	name: str
+) -> void
+{
+	test sym(path.join(testdir, name)): bin
+	{
+		name: str = path.basename(tgt_name);
+		testdir: str = path.dirname(tgt_name);
+		calc: str = path.basename(testdir);
+
+		halt: str = if name == "bc" { "halt"; } else { "q"; };
+
+		test_file: str = tgt_name +~ ".txt";
+		test_result_file: str = tgt_name +~ "_results.txt";
+
+		src_test_file: str = path.join(src_dir, test_file);
+		src_test_result_file: str = path.join(src_dir, test_result_file);
+
+		res := $ %(config_list["args"]) %(config_list["options"])
+		         < $src_test_file;
+
+		check_test(tgt_name, res, src_test_result_file);
+	}
+}
+
+fn register_stdin_tests(
+	bin: str,
+	testdir: str,
+	src_testdir: str,
+) -> void
+{
+	calc: str = path.basename(testdir);
+
+	if calc == "bc"
+	{
+		for t: @[ "stdin", "stdin1", "stdin2" ]
+		{
+			register_stdin_test(bin, testdir, t);
+		}
+	}
+	else
+	{
+		// dc only needs one.
+		register_stdin_test(bin, testdir, "stdin");
+	}
+}
+
+fn register_read_tests(
+	bin: str,
+	testdir: str,
+	src_testdir: str,
+) -> void
+{
+	calc: str = path.basename(testdir);
+
+	read_call: str = if calc == "bc" { "read()"; } else { "?"; };
+	read_expr: str =
+	if calc == "bc"
+	{
+		read_call +~ "\n5+5;";
+	}
+	else
+	{
+		read_call;
+	};
+	read_multiple: str =
+	if calc == "bc"
+	{
+		"3\n2\n1\n";
+	}
+	else
+	{
+		"3pR\n2pR\n1pR\n";
+	};
+
+	read_test_config: Gaml = @(gaml){
+		read_call: $read_call
+		read_expr: $read_expr
+		read_multiple: $read_multiple
+	};
+
+	push read_test_config: config_stack
+	{
+		// First test is the regular read test.
+		test sym(path.join(testdir, "read")): bin
+		{
+			testdir: str = path.dirname(tgt_name);
+			src_testdir: str = path.join(src_dir, testdir);
+
+			test_file: str = tgt_name +~ ".txt";
+			src_test_file: str = path.join(src_dir, test_file);
+
+			read_call: str = str(config["read_call"]);
+
+			lines: []str = io.read_file(src_test_file).split("\n");
+
+			for l: lines
+			{
+				if l == ""
+				{
+					continue;
+				}
+
+				res := $ %(config_list["args"]) %(config_list["options"])
+				         << @(read_call +~ "\n" +~ l +~ "\n");
+
+				check_test(tgt_name, res,
+				           path.join(src_testdir, "read_results.txt"));
+			}
+		}
+
+		// Next test is reading multiple times.
+		test sym(path.join(testdir, "read_multiple")): bin
+		{
+			testdir: str = path.dirname(tgt_name);
+
+			test_file: str = tgt_name +~ ".txt";
+
+			path.mkdirp(path.dirname(test_file));
+
+			read_call: str = str(config["read_call"]);
+
+			exp_path: str = path.tmp("read_multiple_results");
+
+			io.open(exp_path, "w"): f
+			{
+				f.print("3\n2\n1\n");
+			}
+
+			res := $ %(config_list["args"]) %(config_list["options"])
+			         -e $read_call -e $read_call -e $read_call
+			         << @(str(config["read_multiple"]));
+
+			check_test(tgt_name, res, exp_path);
+		}
+
+		// Next test is the read errors test.
+		test sym(path.join(testdir, "read_errors")): bin
+		{
+			testdir: str = path.dirname(tgt_name);
+			src_testdir: str = path.join(src_dir, testdir);
+
+			test_file: str = tgt_name +~ ".txt";
+			src_test_file: str = path.join(src_dir, test_file);
+
+			path.mkdirp(path.dirname(test_file));
+
+			read_call: str = str(config["read_call"]);
+
+			lines: []str = io.read_file(src_test_file).split("\n");
+
+			for l: lines
+			{
+				if l == ""
+				{
+					continue;
+				}
+
+				res := $ %(config_list["args"]) %(config_list["options"])
+				         << @(read_call +~ "\n" +~ l +~ "\n");
+
+				check_err_test(tgt_name, res);
+			}
+		}
+
+		// Next test is the empty read test.
+		test sym(path.join(testdir, "read_empty")): bin
+		{
+			read_call: str = str(config["read_call"]);
+
+			res := $ %(config_list["args"]) %(config_list["options"])
+			         << @(read_call +~ "\n");
+
+			check_err_test(tgt_name, res);
+		}
+
+		// Next test is the read EOF test.
+		test sym(path.join(testdir, "read_EOF")): bin
+		{
+			read_call: str = str(config["read_call"]);
+
+			res := $ %(config_list["args"]) %(config_list["options"])
+			         << $read_call;
+
+			check_err_test(tgt_name, res);
+		}
+	}
+}
+
+fn run_error_lines_test(name: str) -> void
+{
+	file: str = path.join(src_dir, name);
+
+	lines: []str = io.read_file(file).split("\n");
+
+	for l: lines
+	{
+		if l == ""
+		{
+			continue;
+		}
+
+		res := $ %(config_list["args"]) %(config_list["options"])
+		         %(config_list["error_options"]) << @(l +~ "\n");
+
+		check_err_test(name, res);
+	}
+}
+
+fn register_error_tests(
+	bin: str,
+	testdir: str,
+	src_testdir: str,
+) -> void
+{
+	calc: str = path.basename(testdir);
+
+	// First test is command-line expression error.
+	test sym(path.join(testdir, "command-line_expr_error")): bin
+	{
+		halt: str = str(config["halt"]);
+
+		res := $ %(config_list["args"]) %(config_list["options"]) -e "1+1" -f-
+		         -e "2+2" << $halt;
+
+		check_err_test(tgt_name, res);
+	}
+
+	// First test is command-line file expression error.
+	test sym(path.join(testdir, "command-line_file_expr_error")): bin
+	{
+		testdir: str = path.dirname(tgt_name);
+		halt: str = str(config["halt"]);
+
+		res := $ %(config_list["args"]) %(config_list["options"]) -e "1+1" -f-
+		         -f @(path.join(testdir, "decimal.txt")) << $halt;
+
+		check_err_test(tgt_name, res);
+	}
+
+	if calc == "bc"
+	{
+		test sym(path.join(testdir, "posix_warning")): bin
+		{
+			res := $ %(config_list["args"]) %(config_list["options"]) -w
+			         << @("line");
+
+			if res.exitcode != 0
+			{
+				error("Test \"" +~ tgt_name +~ "\" returned an error (" +~
+				      str(res.exitcode) +~ ")");
+			}
+
+			output: str = str(res.stderr);
+
+			if output == "" || output == "\n"
+			{
+				error("Test \"" +~ tgt_name +~ "\" did not print a warning");
+			}
+		}
+
+		test sym(path.join(testdir, "posix_errors.txt")): bin
+		{
+			run_error_lines_test(tgt_name);
+		}
+	}
+
+	test sym(path.join(testdir, "errors.txt")): bin
+	{
+		run_error_lines_test(tgt_name);
+	}
+
+	errors_dir: str = path.join(testdir, "errors");
+
+	for f: find_src_ext(errors_dir, "txt")
+	{
+		// Skip the problematic test, if requested.
+		if calc == "bc" && f contains "33.txt" &&
+		   !bool(config["problematic_tests"])
+		{
+			continue;
+		}
+
+		test sym(f): bin
+		{
+			errors_dir: str = path.dirname(tgt_name);
+			testdir: str = path.dirname(errors_dir);
+			calc: str = path.basename(testdir);
+
+			halt: str = str(config["halt"]);
+
+			res1 := $ %(config_list["args"]) %(config_list["error_options"]) -c
+			          @(tgt_name) << $halt;
+
+			check_err_test(tgt_name, res1);
+
+			res2 := $ %(config_list["args"]) %(config_list["error_options"]) -C
+			          @(tgt_name) << $halt;
+
+			check_err_test(tgt_name, res2);
+
+			res3 := $ %(config_list["args"]) %(config_list["error_options"]) -c
+			          < @(path.join(src_dir, tgt_name));
+
+			check_err_test(tgt_name, res3);
+
+			res4 := $ %(config_list["args"]) %(config_list["error_options"]) -C
+			          < @(path.join(src_dir, tgt_name));
+
+			check_err_test(tgt_name, res4);
+		}
+	}
+}
+
+fn check_kwredef_test(
+	name: str,
+	res: CmdResult,
+) -> void
+{
+	testdir: str = path.dirname(name);
+	redefine_exp: str = path.join(testdir, "redefine_exp.txt");
+
+	check_test(tgt_name, res, redefine_exp);
+}
+
+OTHER_LINE_LEN_RESULTS_NAME: str = "line_length_test_results.txt";
+OTHER_LINE_LEN70_RESULTS_NAME: str = "line_length70_test_results.txt";
+OTHER_MATHLIB_SCALE_RESULTS_NAME: str = "mathlib_scale_results.txt";
+
+fn register_other_tests(
+	bin: str,
+	testdir: str,
+	src_testdir: str,
+	extra: bool,
+) -> void
+{
+	calc: str = path.basename(testdir);
+
+	path.mkdirp(testdir);
+
+	// Halt test.
+	test sym(path.join(testdir, "halt")): bin
+	{
+		halt: str = str(config["halt"]) +~ "\n";
+
+		res := $ %(config_list["args"]) << $halt;
+
+		check_test_retcode(tgt_name, res.exitcode);
+	}
+
+	if calc == "bc"
+	{
+		// bc has two halt or quit commands, so test the second as well.
+		test sym(path.join(testdir, "quit")): bin
+		{
+			res := $ %(config_list["args"]) << @("quit\n");
+
+			check_test_retcode(tgt_name, res.exitcode);
+		}
+
+		// Also, make sure quit only quits after an expression.
+		test sym(path.join(testdir, "quit_after_expr")): bin
+		{
+			res := $ %(config_list["args"]) -e "1+1" << @("quit\n");
+
+			check_test_retcode(tgt_name, res.exitcode);
+
+			if str(res.stdout) != "2"
+			{
+				error("Test \"" +~ tgt_name +~
+				      "\" did not have the right output");
+			}
+		}
+
+		test sym(path.join(testdir, "env_args1")): bin
+		{
+			env.set env.str("BC_ENV_ARGS", " '-l' '' -q")
+			{
+				res := $ %(config_list["args"]) << @("s(.02893)\n");
+
+				check_test_retcode(tgt_name, res.exitcode);
+			}
+		}
+
+		test sym(path.join(testdir, "env_args2")): bin
+		{
+			env.set env.str("BC_ENV_ARGS", " '-l' '' -q")
+			{
+				res := $ %(config_list["args"]) -e 4 << @("halt\n");
+
+				check_test_retcode(tgt_name, res.exitcode);
+			}
+		}
+
+		redefine_exp: str = path.join(testdir, "redefine_exp.txt");
+
+		io.open(redefine_exp, "w"): f
+		{
+			f.print("5\n0\n");
+		}
+
+		test sym(path.join(testdir, "keyword_redefinition1")): bin
+		{
+			res := $ %(config_list["args"]) --redefine=print -e
+			         "define print(x) { x }" -e "print(5)" << @("halt\n");
+
+			check_kwredef_test(tgt_name, res);
+		}
+
+		test sym(path.join(testdir, "keyword_redefinition2")): bin
+		{
+			res := $ %(config_list["args"]) -r abs -r else -e
+			         "abs = 5; else = 0" -e "abs;else" << @("halt\n");
+
+			check_kwredef_test(tgt_name, res);
+		}
+
+		if extra
+		{
+			test sym(path.join(testdir, "keyword_redefinition_lib2")): bin
+			{
+				res := $ %(config_list["args"]) -lr abs -e "perm(5, 1)" -e 0
+				         << @("halt\n");
+
+				check_kwredef_test(tgt_name, res);
+			}
+
+			test sym(path.join(testdir, "leading_zero_script")): bin
+			{
+				testdir: str = path.dirname(tgt_name);
+				src_testdir: str = path.join(src_dir, testdir);
+
+				res := $ %(config_list["args"]) -lz
+				         @(path.join(src_testdir, "leadingzero.txt"))
+				         << @(str(config["halt"]));
+
+				check_test(tgt_name, res,
+				           path.join(src_testdir, "leadingzero_results.txt"));
+			}
+		}
+
+		test sym(path.join(testdir, "keyword_redefinition3")): bin
+		{
+			res := $ %(config_list["args"]) -r abs -r else -e
+			         "abs = 5; else = 0" -e "abs;else" << @("halt\n");
+
+			check_kwredef_test(tgt_name, res);
+		}
+
+		test sym(path.join(testdir, "keyword_redefinition_error")): bin
+		{
+			res := $ %(config_list["args"]) -r break -e "define break(x) { x }";
+
+			check_err_test(tgt_name, res);
+		}
+
+		test sym(path.join(testdir,
+		                   "keyword_redefinition_without_redefine")): bin
+		{
+			res := $ %(config_list["args"]) -e "define read(x) { x }";
+
+			check_err_test(tgt_name, res);
+		}
+
+		test sym(path.join(testdir, "multiline_comment_in_expr_file")): bin
+		{
+			testdir: str = path.dirname(tgt_name);
+			src_testdir: str = path.join(src_dir, testdir);
+
+			// tests/bc/misc1.txt happens to have a multiline comment in it.
+			src_test_file: str = path.join(src_testdir, "misc1.txt");
+			src_test_results_file: str = path.join(src_testdir,
+			                                       "misc1_results.txt");
+
+			res := $ %(config_list["args"]) -f $src_test_file << @("halt\n");
+
+			check_test(tgt_name, res, src_test_results_file);
+		}
+
+		test sym(path.join(testdir,
+		                   "multiline_comment_error_in_expr_file")): bin
+		{
+			testdir: str = path.dirname(tgt_name);
+			src_testdir: str = path.join(src_dir, testdir);
+
+			src_test_file: str = path.join(src_testdir, "errors/05.txt");
+
+			res := $ %(config_list["args"]) -f $src_test_file << @("halt\n");
+
+			check_err_test(tgt_name, res);
+		}
+
+		test sym(path.join(testdir, "multiline_string_in_expr_file")): bin
+		{
+			testdir: str = path.dirname(tgt_name);
+			src_testdir: str = path.join(src_dir, testdir);
+
+			// tests/bc/strings.txt happens to have a multiline string in it.
+			src_test_file: str = path.join(src_testdir, "strings.txt");
+			src_test_results_file: str = path.join(src_testdir,
+			                                       "strings_results.txt");
+
+			res := $ %(config_list["args"]) -f $src_test_file << @("halt\n");
+
+			check_test(tgt_name, res, src_test_results_file);
+		}
+
+		tst := path.join(testdir,
+		                 "multiline_string_with_backslash_error_in_expr_file");
+
+		test sym(tst): bin
+		{
+			testdir: str = path.dirname(tgt_name);
+			src_testdir: str = path.join(src_dir, testdir);
+
+			src_test_file: str = path.join(src_testdir, "errors/16.txt");
+
+			res := $ %(config_list["args"]) -f $src_test_file << @("halt\n");
+
+			check_err_test(tgt_name, res);
+		}
+
+		tst2 := path.join(testdir, "multiline_string_error_in_expr_file");
+
+		test sym(tst2): bin
+		{
+			testdir: str = path.dirname(tgt_name);
+			src_testdir: str = path.join(src_dir, testdir);
+
+			src_test_file: str = path.join(src_testdir, "errors/04.txt");
+
+			res := $ %(config_list["args"]) -f $src_test_file << @("halt\n");
+
+			check_err_test(tgt_name, res);
+		}
+
+		test sym(path.join(testdir, "interactive_halt")): bin
+		{
+			res := $ %(config_list["args"]) -i << @("halt\n");
+
+			check_test_retcode(tgt_name, res.exitcode);
+		}
+	}
+	else
+	{
+		test sym(path.join(testdir, "env_args1")): bin
+		{
+			env.set env.str("DC_ENV_ARGS", "'-x'"), env.str("DC_EXPR_EXIT", "1")
+			{
+				res := $ %(config_list["args"]) << @("4s stuff\n");
+
+				check_test_retcode(tgt_name, res.exitcode);
+			}
+		}
+
+		test sym(path.join(testdir, "env_args2")): bin
+		{
+			env.set env.str("DC_ENV_ARGS", "'-x'"), env.str("DC_EXPR_EXIT", "1")
+			{
+				res := $ %(config_list["args"]) -e 4pR;
+
+				check_test_retcode(tgt_name, res.exitcode);
+			}
+		}
+
+		test sym(path.join(testdir, "extended_register_command1")): bin
+		{
+			testdir: str = path.dirname(tgt_name);
+			results: str = tgt_name +~ ".txt";
+
+			path.mkdirp(testdir);
+
+			io.open(results, "w"): f
+			{
+				f.print("0\n");
+			}
+
+			res := $ %(config_list["args"]) -e gxpR << @("q\n");
+
+			check_test(tgt_name, res, results);
+		}
+
+		test sym(path.join(testdir, "extended_register_command2")): bin
+		{
+			testdir: str = path.dirname(tgt_name);
+			results: str = tgt_name +~ ".txt";
+
+			path.mkdirp(testdir);
+
+			io.open(results, "w"): f
+			{
+				f.print("1\n");
+			}
+
+			res := $ %(config_list["args"]) -x -e gxpR << @("q\n");
+
+			check_test(tgt_name, res, results);
+		}
+	}
+
+	path.mkdirp(testdir);
+
+	other_tests_results: []str = config_list["other_tests_results"];
+
+	io.open(path.join(testdir, OTHER_LINE_LEN_RESULTS_NAME), "w"): f
+	{
+		f.print(other_tests_results[0] +~ "\n");
+	}
+
+	io.open(path.join(testdir, OTHER_LINE_LEN70_RESULTS_NAME), "w"): f
+	{
+		f.print(other_tests_results[1] +~ "\n");
+	}
+
+	test sym(path.join(testdir, "line_length1")): bin
+	{
+		env.set env.str(str(config["var"]), "80")
+		{
+			testdir: str = path.dirname(tgt_name);
+
+			other_tests: []str = config_list["other_tests"];
+
+			res := $ %(config_list["args"]) << @(other_tests[3]);
+
+			check_test(tgt_name, res,
+			           path.join(testdir, OTHER_LINE_LEN_RESULTS_NAME));
+		}
+	}
+
+	test sym(path.join(testdir, "line_length2")): bin
+	{
+		env.set env.str(str(config["var"]), "2147483647")
+		{
+			testdir: str = path.dirname(tgt_name);
+
+			other_tests: []str = config_list["other_tests"];
+
+			res := $ %(config_list["args"]) << @(other_tests[3]);
+
+			check_test(tgt_name, res,
+			           path.join(testdir, OTHER_LINE_LEN70_RESULTS_NAME));
+		}
+	}
+
+	test sym(path.join(testdir, "expr_and_file_args_test")): bin
+	{
+		testdir: str = path.dirname(tgt_name);
+		src_testdir: str = path.join(src_dir, testdir);
+
+		input_file: str = path.join(src_testdir, "add.txt");
+		input: str = io.read_file(input_file);
+		results_file: str = path.join(src_testdir, "add_results.txt");
+		results: str = io.read_file(results_file);
+
+		output_file: str = path.join(testdir, "expr_file_args.txt");
+
+		io.open(output_file, "w"): f
+		{
+			f.print(results +~ results +~ results +~ results);
+		}
+
+		res := $ %(config_list["args"]) -e $input -f $input_file
+		         --expression $input --file $input_file
+		         -e @(str(config["halt"]));
+
+		check_test(tgt_name, res, output_file);
+	}
+
+	test sym(path.join(testdir, "files_test")): bin
+	{
+		env.set env.str(str(config["var"]), "2147483647")
+		{
+			testdir: str = path.dirname(tgt_name);
+			src_testdir: str = path.join(src_dir, testdir);
+
+			input_file: str = path.join(src_testdir, "add.txt");
+			input: str = io.read_file(input_file);
+			results_file: str = path.join(src_testdir, "add_results.txt");
+			results: str = io.read_file(results_file);
+
+			output_file: str = path.join(testdir, "files.txt");
+
+			io.open(output_file, "w"): f
+			{
+				f.print(results +~ results +~ results +~ results);
+			}
+
+			res := $ %(config_list["args"]) -- $input_file $input_file
+			         $input_file $input_file << @(str(config["halt"]));
+
+			check_test(tgt_name, res, output_file);
+		}
+	}
+
+	test sym(path.join(testdir, "line_length3")): bin
+	{
+		env.set env.str(str(config["var"]), "62")
+		{
+			testdir: str = path.dirname(tgt_name);
+
+			other_tests: []str = config_list["other_tests"];
+
+			res := $ %(config_list["args"]) -L << @(other_tests[3]);
+
+			check_test(tgt_name, res,
+			           path.join(testdir, OTHER_LINE_LEN_RESULTS_NAME));
+		}
+	}
+
+	test sym(path.join(testdir, "line_length_func")): bin
+	{
+		env.set env.str(str(config["var"]), "62")
+		{
+			testdir: str = path.dirname(tgt_name);
+			results: str = tgt_name +~ ".txt";
+
+			path.mkdirp(testdir);
+
+			io.open(results, "w"): f
+			{
+				f.print("0\n");
+			}
+
+			other_tests: []str = config_list["other_tests"];
+
+			res := $ %(config_list["args"]) -L << @(other_tests[2]);
+
+			check_test(tgt_name, res, results);
+		}
+	}
+
+	test sym(path.join(testdir, "arg")): bin
+	{
+		halt: str = str(config["halt"]);
+
+		res1 := $ %(config_list["args"]) -h << $halt;
+		check_test_retcode(tgt_name, res1.exitcode);
+
+		res2 := $ %(config_list["args"]) -P << $halt;
+		check_test_retcode(tgt_name, res2.exitcode);
+
+		res3 := $ %(config_list["args"]) -R << $halt;
+		check_test_retcode(tgt_name, res3.exitcode);
+
+		res4 := $ %(config_list["args"]) -v << $halt;
+		check_test_retcode(tgt_name, res4.exitcode);
+
+		res5 := $ %(config_list["args"]) -V << $halt;
+		check_test_retcode(tgt_name, res5.exitcode);
+	}
+
+	test sym(path.join(testdir, "leading_zero_arg")): bin
+	{
+		testdir: str = path.dirname(tgt_name);
+		calc: str = path.basename(testdir);
+
+		expected_file: str = tgt_name +~ ".txt";
+
+		expected: str = "0.1\n-0.1\n1.1\n-1.1\n0.1\n-0.1\n";
+
+		io.open(expected_file, "w"): f
+		{
+			f.print(expected);
+		}
+
+		data: str =
+		if calc == "bc"
+		{
+			"0.1\n-0.1\n1.1\n-1.1\n.1\n-.1\n";
+		}
+		else
+		{
+			"0.1pR\n_0.1pR\n1.1pR\n_1.1pR\n.1pR\n_.1pR\n";
+		};
+
+		res := $ %(config_list["args"]) -z << $data;
+
+		check_test(tgt_name, res, expected_file);
+	}
+
+	test sym(path.join(testdir, "invalid_file_arg")): bin
+	{
+		res := $ %(config_list["args"]) -f
+		         "astoheusanotehynstahonsetihaotsnuhynstahoaoetusha.txt";
+
+		check_err_test(tgt_name, res);
+	}
+
+	test sym(path.join(testdir, "invalid_option_arg")): bin
+	{
+		other_tests: []str = config_list["other_tests"];
+
+		res := $ %(config_list["args"]) @("-" +~ other_tests[0])
+		         -e @(str(config["halt"]));
+
+		check_err_test(tgt_name, res);
+	}
+
+	test sym(path.join(testdir, "invalid_long_option_arg")): bin
+	{
+		other_tests: []str = config_list["other_tests"];
+
+		res := $ %(config_list["args"]) @("--" +~ other_tests[1])
+		         -e @(str(config["halt"]));
+
+		check_err_test(tgt_name, res);
+	}
+
+	test sym(path.join(testdir, "unrecognized_option_arg")): bin
+	{
+		res := $ %(config_list["args"]) -u -e @(str(config["halt"]));
+
+		check_err_test(tgt_name, res);
+	}
+
+	test sym(path.join(testdir, "unrecognized_long_option_arg")): bin
+	{
+		res := $ %(config_list["args"]) --uniform -e @(str(config["halt"]));
+
+		check_err_test(tgt_name, res);
+	}
+
+	test sym(path.join(testdir, "no_required_arg_for_option")): bin
+	{
+		res := $ %(config_list["args"]) -f;
+
+		check_err_test(tgt_name, res);
+	}
+
+	test sym(path.join(testdir, "no_required_arg_for_long_option")): bin
+	{
+		res := $ %(config_list["args"]) --file;
+
+		check_err_test(tgt_name, res);
+	}
+
+	test sym(path.join(testdir, "given_arg_for_long_option_with_no_arg")): bin
+	{
+		res := $ %(config_list["args"]) --version=5;
+
+		check_err_test(tgt_name, res);
+	}
+
+	test sym(path.join(testdir, "colon_option")): bin
+	{
+		res := $ %(config_list["args"]) -:;
+
+		check_err_test(tgt_name, res);
+	}
+
+	test sym(path.join(testdir, "colon_long_option")): bin
+	{
+		res := $ %(config_list["args"]) --:;
+
+		check_err_test(tgt_name, res);
+	}
+
+	test sym(path.join(testdir, "builtin_variable_arg_test")): bin
+	{
+		testdir: str = path.dirname(tgt_name);
+		calc: str = path.basename(testdir);
+
+		extra: bool = bool(config["extra_math"]);
+
+		output: str =
+		if extra
+		{
+			"14\n15\n16\n17.25\n";
+		}
+		else
+		{
+			"14\n15\n16\n";
+		};
+
+		output_file: str = tgt_name +~ ".txt";
+
+		io.open(output_file, "w"): f
+		{
+			f.print(output);
+		}
+
+		data: str =
+		if extra
+		{
+			if calc == "bc"
+			{
+				"s=scale;i=ibase;o=obase;t=seed@2;ibase=A;obase=A;s;i;o;t;";
+			}
+			else
+			{
+				"J2@OIKAiAopRpRpRpR";
+			}
+		}
+		else
+		{
+			if calc == "bc"
+			{
+				"s=scale;i=ibase;o=obase;ibase=A;obase=A;s;i;o;";
+			}
+			else
+			{
+				"OIKAiAopRpRpR";
+			}
+		};
+
+		args: []str =
+		if extra
+		{
+			@[ "-S14", "-I15", "-O16", "-E17.25" ];
+		}
+		else
+		{
+			@[ "-S14", "-I15", "-O16" ];
+		};
+
+		res1 := $ %(config_list["args"]) %(args) << $data;
+		check_test(tgt_name, res1, output_file);
+
+		long_args: []str =
+		if extra
+		{
+			@[ "--scale=14", "--ibase=15", "--obase=16", "--seed=17.25" ];
+		}
+		else
+		{
+			@[ "--scale=14", "--ibase=15", "--obase=16" ];
+		};
+
+		res2 := $ %(config_list["args"]) %(long_args) << $data;
+		check_test(tgt_name, res2, output_file);
+	}
+
+	if calc == "bc"
+	{
+		io.open(path.join(testdir, OTHER_MATHLIB_SCALE_RESULTS_NAME), "w"): f
+		{
+			f.print("100\n");
+		}
+
+		test sym(path.join(testdir, "builtin_var_arg_with_lib")): bin
+		{
+			testdir: str = path.dirname(tgt_name);
+			results_file: str = path.join(testdir,
+			                              OTHER_MATHLIB_SCALE_RESULTS_NAME);
+
+			res := $ %(config_list["args"]) -S100 -l << @("scale\n");
+
+			check_test(tgt_name, res, results_file);
+		}
+
+		test sym(path.join(testdir, "builtin_variable_long_arg_with_lib")): bin
+		{
+			testdir: str = path.dirname(tgt_name);
+			results_file: str = path.join(testdir,
+			                              OTHER_MATHLIB_SCALE_RESULTS_NAME);
+
+			res := $ %(config_list["args"]) --scale=100 --mathlib <<
+			         @("scale\n");
+
+			check_test(tgt_name, res, results_file);
+		}
+
+		test sym(path.join(testdir, "builtin_var_arg_with_lib_env_arg")): bin
+		{
+			env.set env.str("BC_ENV_ARGS", "-l")
+			{
+				testdir: str = path.dirname(tgt_name);
+				results_file: str = path.join(testdir,
+				                              OTHER_MATHLIB_SCALE_RESULTS_NAME);
+
+				res := $ %(config_list["args"]) -S100 << @("scale\n");
+
+				check_test(tgt_name, res, results_file);
+			}
+		}
+
+		test sym(path.join(testdir,
+			               "builtin_var_long_arg_with_lib_env_arg")): bin
+		{
+			env.set env.str("BC_ENV_ARGS", "-l")
+			{
+				testdir: str = path.dirname(tgt_name);
+				results_file: str = path.join(testdir,
+				                              OTHER_MATHLIB_SCALE_RESULTS_NAME);
+
+				res := $ %(config_list["args"]) --scale=100 << @("scale\n");
+
+				check_test(tgt_name, res, results_file);
+			}
+		}
+
+		test sym(path.join(testdir, "builtin_var_env_arg_with_lib_arg")): bin
+		{
+			env.set env.str("BC_ENV_ARGS", "-S100")
+			{
+				testdir: str = path.dirname(tgt_name);
+				results_file: str = path.join(testdir,
+				                              OTHER_MATHLIB_SCALE_RESULTS_NAME);
+
+				res := $ %(config_list["args"]) -l << @("scale\n");
+
+				check_test(tgt_name, res, results_file);
+			}
+		}
+
+		test sym(path.join(testdir,
+		                   "builtin_var_long_env_arg_with_lib_arg")): bin
+		{
+			env.set env.str("BC_ENV_ARGS", "--scale=100")
+			{
+				testdir: str = path.dirname(tgt_name);
+				results_file: str = path.join(testdir,
+				                              OTHER_MATHLIB_SCALE_RESULTS_NAME);
+
+				res := $ %(config_list["args"]) -l << @("scale\n");
+
+				check_test(tgt_name, res, results_file);
+			}
+		}
+
+		test sym(path.join(testdir, "limits")): bin
+		{
+			res := $ %(config_list["args"]) << @("limits\n");
+
+			check_test_retcode(tgt_name, res.exitcode);
+
+			if str(res.stdout) == "" || str(res.stdout) == "\n"
+			{
+				error("Test \"" +~ tgt_name +~ "\" did not produce output");
+			}
+		}
+	}
+
+	test sym(path.join(testdir, "bad_arg_for_builtin_var_option")): bin
+	{
+		testdir: str = path.dirname(tgt_name);
+		calc: str = path.basename(testdir);
+
+		scale: str = if calc == "bc" { "scale\n"; } else { "K\n"; };
+
+		res1 := $ %(config_list["args"]) --scale=18923c.rlg << $scale;
+
+		check_err_test(tgt_name, res1);
+
+		if bool(config["extra_math"])
+		{
+			seed: str = if calc == "bc" { "seed\n"; } else { "J\n"; };
+
+			res2 := $ %(config_list["args"]) --seed=18923c.rlg << $seed;
+
+			check_err_test(tgt_name, res2);
+		}
+	}
+
+	test sym(path.join(testdir, "directory_as_file")): bin
+	{
+		testdir: str = path.dirname(tgt_name);
+
+		res := $ %(config_list["args"]) $testdir;
+
+		check_err_test(tgt_name, res);
+	}
+
+	test sym(path.join(testdir, "binary_file")): bin
+	{
+		res := $ %(config_list["args"]) @(file_dep);
+
+		check_err_test(tgt_name, res);
+	}
+
+	test sym(path.join(testdir, "binary_stdin")): bin
+	{
+		res := $ %(config_list["args"]) < @(file_dep);
+
+		check_err_test(tgt_name, res);
+	}
+}
+
+fn register_timeconst_tests(
+	bin: str,
+	testdir: str,
+	src_testdir: str,
+) -> void
+{
+	timeconst: str = path.join(testdir, "scripts/timeconst.bc");
+
+	if !path.isfile(path.join(src_dir, timeconst))
+	{
+		io.eprint("Warning: " +~ timeconst +~ " does not exist\n");
+		io.eprint(timeconst +~ " is not part of this bc because of " +~
+		          "license incompatibility\n");
+		io.eprint("To test it, get it from the Linux kernel at " +~
+		          "`kernel/time/timeconst.bc`\n");
+		io.eprint("Skipping...\n");
+
+		return;
+	}
+
+	for i: range(1001)
+	{
+		test sym(path.join(timeconst, str(i)))
+		{
+			idx: str = path.basename(tgt_name) +~ "\n";
+			file: str = path.join(src_dir, path.dirname(tgt_name));
+
+			// Generate.
+			res1 := $ bc -q $file << $idx;
+
+			if res1.exitcode != 0
+			{
+				io.eprint("Other bc is not GNU compatible. Skipping...\n");
+				return;
+			}
+
+			// Run.
+			res2 := $ %(config_list["args"]) -q $file << $idx;
+
+			if res2.exitcode != 0 || res2.stdout != res1.stdout
+			{
+				error("\nFailed on input: " +~ idx +~ "\n");
+			}
+		}
+	}
+}
+
+fn register_history_tests(
+	bin: str,
+	testdir: str,
+	src_testdir: str,
+) -> void
+{
+	calc: str = path.basename(testdir);
+
+	src_test_scriptdir: str = path.dirname(src_testdir);
+
+	len_res := $ @(path.join(src_test_scriptdir, "history.py")) $calc -a;
+
+	if len_res.exitcode != 0
+	{
+		io.eprint("Python 3 with pexpect doesn't work. Skipping history tests");
+		return;
+	}
+
+	len: usize = usize(str(len_res.stdout));
+
+	for i: range(len)
+	{
+		test sym(calc +~ "/history/" +~ str(i)): bin
+		{
+			name: str = tgt_name;
+			parts: []str = name.split("/");
+
+			calc: str = parts[0];
+			idx: str= parts[2];
+
+			src_testdir: str = path.join(src_dir, "tests");
+
+			$ @(path.join(src_testdir, "history.py")) -t $calc $idx @(file_dep);
+		}
+	}
+}
+
+/**
+ * Generates all of the test targets for an executable.
+ * @param name  The base name of the executable.
+ * @param targets  The targets that tests should depend on.
+ */
+fn exe_tests(name: str) -> void
+{
+	bin: str = exe_name(name);
+
+	testdir: str = path.join("tests", name);
+	src_testdir: str = path.join(src_dir, testdir);
+
+	halt: str = if name == "bc" { "halt"; } else { "q"; };
+	gen_options: []str = if name == "bc" { @[ "-lq" ]; };
+	options: []str = if name == "bc" { @[ "-lqc" ]; } else { @[ "-xc" ]; };
+
+	other_num: str = "10000000000000000000000000000000000000000000000000" +~
+	                 "0000000000000000000000000000";
+	other_num70: str = "10000000000000000000000000000000000000000000000" +~
+	                   "000000000000000000000\\\n0000000000";
+
+	other_tests: []str =
+	if name == "bc"
+	{
+		@[ "x", "extended-register", "line_length()", other_num ];
+	}
+	else
+	{
+		@[ "l", "mathlib", "glpR", other_num +~ "pR" ];
+	};
+
+	other_tests_results: []str = @[ other_num, other_num70 ];
+
+	var: str = name.toupper() +~ "_LINE_LENGTH";
+
+	script_options: []str =
+	if name == "bc"
+	{
+		@[ "-lqC" ];
+	}
+	else
+	{
+		@[ "-xC" ];
+	};
+
+	error_options: []str = if name == "bc" { @[ "-ls" ]; } else { @[ "-x" ]; };
+
+	args: []str =
+	if bool(config["valgrind"])
+	{
+		VALGRIND_ARGS +~ @[ "./" +~ bin ];
+	}
+	else
+	{
+		@[ "./" +~ bin ];
+	};
+
+	test_config: Gaml = @(gaml){
+		args: $args
+		halt: $halt
+		gen_options: $gen_options
+		options: $options
+		script_options: $script_options
+		error_options: $error_options
+		other_tests: $other_tests
+		other_tests_results: $other_tests_results
+		var: $var
+	};
+
+	push test_config: config_stack
+	{
+		extra: bool = bool(config["extra_math"]);
+
+		register_standard_tests(bin, testdir, src_testdir, extra);
+		register_script_tests(bin, testdir, src_testdir, extra);
+		register_stdin_tests(bin, testdir, src_testdir);
+		register_read_tests(bin, testdir, src_testdir);
+		register_error_tests(bin, testdir, src_testdir);
+		register_other_tests(bin, testdir, src_testdir, extra);
+
+		if name == "bc" && bool(config["generated_tests"]) &&
+		   path.isfile(path.join(src_testdir, "scripts/timeconst.bc"))
+		{
+			register_timeconst_tests(bin, testdir, src_testdir);
+		}
+
+		if host.os != "Windows" && sym(config["history"]) == @builtin
+		{
+			register_history_tests(bin, testdir, src_testdir);
+		}
+	}
+}
+
+/**
+ * Gets the `$BINDIR`, including the `$DESTDIR`. This generates the default
+ * value if it wasn't set.
+ * @return  The `$BINDIR`, with the `$DESTDIR`.
+ */
+fn get_bindir() -> str
+{
+	temp: str = str(config["bindir"]);
+
+	bindir: str =
+	if temp == ""
+	{
+		path.join(str(config["prefix"]), "bin");
+	}
+	else
+	{
+		temp;
+	};
+
+	return path.join(DESTDIR, bindir);
+}
+
+/**
+ * Gets the `$LIBDIR`, including the `$DESTDIR`. This generates the default
+ * value if it wasn't set.
+ * @return  The `$LIBDIR`, with the `$DESTDIR`.
+ */
+fn get_libdir() -> str
+{
+	temp: str = str(config["libdir"]);
+
+	libdir: str =
+	if temp == ""
+	{
+		path.join(str(config["prefix"]), "lib");
+	}
+	else
+	{
+		temp;
+	};
+
+	return path.join(DESTDIR, libdir);
+}
+
+/**
+ * Gets the `$INCLUDEDIR`, including the `$DESTDIR`. This generates the default
+ * value if it wasn't set.
+ * @return  The `$INCLUDEDIR`, with the `$DESTDIR`.
+ */
+fn get_includedir() -> str
+{
+	temp: str = str(config["includedir"]);
+
+	includedir: str =
+	if temp == ""
+	{
+		path.join(str(config["prefix"]), "include");
+	}
+	else
+	{
+		temp;
+	};
+
+	return path.join(DESTDIR, includedir);
+}
+
+/**
+ * Gets the `$PC_PATH`, including the `$DESTDIR`. This generates the default
+ * value if it wasn't set.
+ * @return  The `$PC_PATH`, with the `$DESTDIR`.
+ */
+fn get_pc_path() -> str
+{
+	pc_path: str =
+	if str(config["pc_path"]) == ""
+	{
+		res := $ pkg-config --variable=pc_path pkg-config;
+
+		str(res.stdout);
+	}
+	else
+	{
+		str(config["pc_path"]);
+	};
+
+	return path.join(DESTDIR, pc_path);
+}
+
+/**
+ * Gets the `$DATAROOTDIR`, including the `$DESTDIR`. This generates the default
+ * value if it wasn't set.
+ * @return  The `$DATAROOTDIR`, with the `$DESTDIR`.
+ */
+fn get_datarootdir() -> str
+{
+	temp: str = str(config["datarootdir"]);
+
+	datarootdir: str =
+	if temp == ""
+	{
+		path.join(str(config["prefix"]), "share");
+	}
+	else
+	{
+		temp;
+	};
+
+	return path.join(DESTDIR, datarootdir);
+}
+
+/**
+ * Gets the `$DATADIR`, including the `$DESTDIR`. This generates the default
+ * value if it wasn't set.
+ * @return  The `$DATADIR`, with the `$DESTDIR`.
+ */
+fn get_datadir() -> str
+{
+	temp: str = str(config["datadir"]);
+
+	datadir: str =
+	if temp == ""
+	{
+		get_datarootdir();
+	}
+	else
+	{
+		temp;
+	};
+
+	return path.join(DESTDIR, datadir);
+}
+
+/**
+ * Gets the `$MANDIR`, including the `$DESTDIR`. This generates the default
+ * value if it wasn't set.
+ * @return  The `$MANDIR`, with the `$DESTDIR`.
+ */
+fn get_mandir() -> str
+{
+	temp: str = str(config["mandir"]);
+
+	mandir: str =
+	if temp == ""
+	{
+		path.join(get_datadir(), "man");
+	}
+	else
+	{
+		temp;
+	};
+
+	return path.join(DESTDIR, mandir);
+}
+
+/**
+ * Gets the `$MAN1DIR`, including the `$DESTDIR`. This generates the default
+ * value if it wasn't set.
+ * @return  The `$MAN1DIR`, with the `$DESTDIR`.
+ */
+fn get_man1dir() -> str
+{
+	temp: str = str(config["man1dir"]);
+
+	man1dir: str =
+	if temp == ""
+	{
+		path.join(get_mandir(), "man1");
+	}
+	else
+	{
+		temp;
+	};
+
+	return path.join(DESTDIR, man1dir);
+}
+
+/**
+ * Gets the `$MAN3DIR`, including the `$DESTDIR`. This generates the default
+ * value if it wasn't set.
+ * @return  The `$MAN3DIR`, with the `$DESTDIR`.
+ */
+fn get_man3dir() -> str
+{
+	temp: str = str(config["man3dir"]);
+
+	man3dir: str =
+	if temp == ""
+	{
+		path.join(get_mandir(), "man3");
+	}
+	else
+	{
+		temp;
+	};
+
+	return path.join(DESTDIR, man3dir);
+}
diff --git a/contrib/bc/build.rig b/contrib/bc/build.rig
new file mode 100644
index 000000000000..55f8c85daddd
--- /dev/null
+++ b/contrib/bc/build.rig
@@ -0,0 +1,575 @@
+/*
+ * *****************************************************************************
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ *
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, this
+ *   list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ *   this list of conditions and the following disclaimer in the documentation
+ *   and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ * *****************************************************************************
+ *
+ * The build script file.
+ *
+ */
+
+if OS == "Windows" && bool(config["lto"])
+{
+	error("Link-time optimization is not supported on Windows");
+}
+
+if LIBRARY_ENABLED == "0"
+{
+	if OS != "Windows" && NLS_ENABLED != "0"
+	{
+		io.eprint("Testing NLS...\n");
+
+		clang_flags: []str =
+		if CC contains "clang"
+		{
+			@[ "-Wno_unreachable-code" ];
+		};
+
+		flags: []str = clang_flags +~ @[
+			DEFOPT +~ "BC_ENABLE_NLS=1",
+			DEFOPT +~ "BC_ENABLED=" +~ BC_ENABLED,
+			DEFOPT +~ "DC_ENABLED=" +~ DC_ENABLED,
+			DEFOPT +~ "BC_ENABLE_HISTORY=0",
+			DEFOPT +~ "BC_ENABLE_LIBRARY=0",
+			DEFOPT +~ "BC_ENABLE_AFL=0",
+			DEFOPT +~ "BC_ENABLE_EXTRA_MATH=" +~ EXTRA_MATH_ENABLED,
+			DEFOPT +~ "BC_ENABLE_OSSFUZZ=0",
+			DEFOPT +~ "_POSIX_C_SOURCE=200809L",
+			DEFOPT +~ "_XOPEN_SOURCE=700",
+			INCOPT,
+		];
+
+		res := $ $CC %(flags) -c @(path.join(src_dir, "src/vm.c")) -E;
+
+		if res.exitcode != 0
+		{
+			if FORCE
+			{
+				io.eprint("Forcing NLS...\n");
+			}
+			else
+			{
+				error("NLS does not work\n");
+			}
+		}
+		else
+		{
+			if path.isfile("vm.o")
+			{
+				path.rm("vm.o");
+			}
+
+			io.eprint("NLS works.\n\n");
+			io.eprint("Testing gencat...\n");
+
+			res2 := $ gencat ./en_US.cat
+			          @(path.join(src_dir, "locales/en_US.msg"));
+
+			if res2.exitcode != 0
+			{
+				if FORCE
+				{
+					io.eprint("Forcing NLS...\n");
+				}
+				else
+				{
+					error("gencat does not work\n");
+				}
+			}
+			else
+			{
+				io.eprint("gencat works.\n\n");
+
+				if platform != host
+				{
+					error("Cross compiles will not work!\n\n");
+				}
+			}
+		}
+	}
+
+	if OS != "Windows" && sym(config["history"]) != @none
+	{
+		io.eprint("Testing history...\n");
+
+		flags: []str = @[
+			DEFOPT +~ "BC_ENABLE_HISTORY=1",
+			DEFOPT +~ "BC_ENABLED=" +~ BC_ENABLED,
+			DEFOPT +~ "DC_ENABLED=" +~ DC_ENABLED,
+			DEFOPT +~ "BC_ENABLE_NLS=" +~ NLS_ENABLED,
+			DEFOPT +~ "BC_ENABLE_LIBRARY=0",
+			DEFOPT +~ "BC_ENABLE_AFL=0",
+			DEFOPT +~ "BC_ENABLE_EDITLINE=" +~ EDITLINE_ENABLED,
+			DEFOPT +~ "BC_ENABLE_READLINE=" +~ READLINE_ENABLED,
+			DEFOPT +~ "BC_ENABLE_EXTRA_MATH=" +~ EXTRA_MATH_ENABLED,
+			DEFOPT +~ "BC_ENABLE_OSSFUZZ=0",
+			DEFOPT +~ "_POSIX_C_SOURCE=200809L",
+			DEFOPT +~ "_XOPEN_SOURCE=700",
+			INCOPT,
+		];
+
+		res := $ $CC %(flags) -c @(path.join(src_dir, "src/history.c")) -E;
+
+		if res.exitcode != 0
+		{
+			if FORCE
+			{
+				io.eprint("Forcing history...\n");
+			}
+			else
+			{
+				error("History does not work\n");
+			}
+		}
+		else
+		{
+			if path.isfile("history.o")
+			{
+				path.rm("history.o");
+			}
+
+			io.eprint("History works.\n\n");
+		}
+	}
+}
+
+freebsd_flags: []str =
+if OS != "FreeBSD"
+{
+	@[ DEFOPT +~ "_POSIX_C_SOURCE=200809L", DEFOPT +~ "_XOPEN_SOURCE=700" ];
+};
+
+macos: bool = (OS == "Darwin");
+
+macos_flags: []str =
+if macos
+{
+	@[ DEFOPT +~ "_DARWIN_C_SOURCE" ];
+};
+
+openbsd_flags: []str =
+if OS == "OpenBSD"
+{
+	if READLINE_ENABLED != "0"
+	{
+		error("Cannot use readline on OpenBSD");
+	}
+
+	@[ DEFOPT +~ "_BSD_SOURCE" ];
+};
+
+strip_flag: []str =
+if OS != "Windows" && !bool(config["debug"]) && !macos && bool(config["strip"])
+{
+	@[ "-s" ];
+};
+
+lto_flag: []str =
+if bool(config["lto"])
+{
+	@[ "-flto" ];
+};
+
+strict_flags: []str =
+if bool(config["strict"])
+{
+	// Strict build only works for GCC and Clang, so we do want to set that
+	// here.
+	if CC contains "gcc" || CC contains "clang"
+	{
+		// These are the standard strict build flags for both compilers.
+		std_strict: []str = @[ "-Wall", "-Wextra", "-Werror", "-pedantic" ];
+
+		// Clang has -Weverything, which I ensure Yc builds under.
+		//
+		// I also want unlimited errors because Clang is my development
+		// compiler; it caps at 20 by default.
+		compiler_strict: []str =
+		if CC contains "clang"
+		{
+			// Oh, and add the standard.
+			@[ "-Weverything", "-ferror-limit=100000", "-Wno-padded",
+			   "-Wno-unknown-warning-option", "-Wno-unsafe-buffer-usage",
+			   "-Wno-documentation-unknown-command", "-Wno-pre-c11-compat",
+			   "-Wno-enum-enum-conversion", "-Wno-switch-default" ];
+		};
+
+		// Return the combination of the sets.
+		std_strict +~ compiler_strict;
+	}
+	else if OS == "Windows"
+	{
+		// Return the combo of the strict options, the standard, and the
+		// sanitizer defines.
+		@[ "/W4", "/WX", "/wd\"4996\"", "/permissive-" ];
+	}
+};
+
+version_contents: str = io.read_file(path.join(src_dir, "VERSION.txt"));
+version_lines: []str = version_contents.split("\n");
+version: str = version_lines[0];
+
+version_flag: []str = @[ DEFOPT +~ "VERSION=" +~ version ];
+
+other_flags: []str = freebsd_flags +~ macos_flags +~ openbsd_flags +~
+                     lto_flag +~ strict_flags +~ version_flag +~
+if bool(config["debug"])
+{
+	@[ compiler_db["opt.debug"] ];
+};
+
+history_files: []str =
+if HISTORY != @none
+{
+	HISTORY_C_FILES;
+};
+
+c_files: []str =
+if BUILD_MODE == @both
+{
+	COMMON_C_FILES +~ EXEC_C_FILES +~ BC_C_FILES +~ DC_C_FILES +~ history_files;
+}
+else if BUILD_MODE == @bc
+{
+	COMMON_C_FILES +~ EXEC_C_FILES +~ BC_C_FILES +~ history_files;
+}
+else if BUILD_MODE == @dc
+{
+	COMMON_C_FILES +~ EXEC_C_FILES +~ DC_C_FILES +~ history_files;
+}
+else
+{
+	COMMON_C_FILES +~ LIBRARY_C_FILES;
+};
+
+build_config: Gaml = @(gaml){
+	other_cflags: $other_flags
+	strip_flag: $strip_flag
+};
+
+targets: []str =
+push build_config: config_stack
+{
+	gen_o_files: []str =
+	if BUILD_MODE != @library
+	{
+		@[
+			txt2o("gen/lib.bc", "bc_lib", "bc_lib_name", "BC_ENABLED", true),
+			txt2o("gen/lib2.bc", "bc_lib2", "bc_lib2_name",
+			      "BC_ENABLED && BC_ENABLE_EXTRA_MATH", true),
+			txt2o("gen/bc_help.txt", "bc_help", "", "BC_ENABLED", false),
+			txt2o("gen/dc_help.txt", "dc_help", "", "DC_ENABLED", false),
+		];
+	};
+
+	obj_files: []str = gen_o_files +~
+	for f: c_files
+	{
+		c2o(f);
+	};
+
+	if BUILD_MODE == @both || BUILD_MODE == @bc
+	{
+		if OS != "Windows" && bool(config["install_manpages"])
+		{
+			src: str = path.join("manuals/bc", BUILD_TYPE +~ ".1");
+
+			target BC_MANPAGE: src
+			{
+				$ cp -f @(file_dep) @(tgt);
+			}
+		}
+
+		exe(BC_BIN, obj_files);
+	}
+
+	if BUILD_MODE == @both || BUILD_MODE == @dc
+	{
+		if OS != "Windows" && bool(config["install_manpages"])
+		{
+			src: str = path.join("manuals/dc", BUILD_TYPE +~ ".1");
+
+			target DC_MANPAGE: src
+			{
+				$ cp -f @(file_dep) @(tgt);
+			}
+		}
+
+		if BUILD_MODE == @both
+		{
+			ln(DC_BIN, BC_BIN);
+		}
+		else
+		{
+			exe(DC_BIN, obj_files);
+		}
+	}
+
+	if BUILD_MODE == @library
+	{
+		lib(LIBRARY, obj_files);
+	}
+
+	if BUILD_MODE == @both
+	{
+		@[ BC_BIN, DC_BIN ];
+	}
+	else if BUILD_MODE == @bc
+	{
+		@[ DC_BIN ];
+	}
+	else if BUILD_MODE == @dc
+	{
+		@[ DC_BIN ];
+	}
+	else
+	{
+		includedir: str = get_includedir();
+		libdir: str = get_libdir();
+
+		pc_config: Gaml = @(gaml){
+			INCLUDEDIR: $includedir
+			LIBDIR: $libdir
+			VERSION: $version
+		};
+
+		push pc_config: config_stack
+		{
+			target PC_FILE: PC_FILE +~ ".in"
+			{
+				configure_file(file_dep, tgt, "%%");
+			}
+		}
+
+		@[ LIBRARY, PC_FILE ];
+	}
+};
+
+if OS != "Windows"
+{
+	if LIBRARY_ENABLED == "0"
+	{
+		target @install: targets
+		{
+			bindir: str = get_bindir();
+
+			if BC_ENABLED != "0"
+			{
+				$ $SAFE_INSTALL $EXEC_INSTALL_MODE $BC_BIN
+				  @(path.join(bindir, BC_BIN));
+			}
+
+			if DC_ENABLED != "0"
+			{
+				if BC_ENABLED != "0"
+				{
+					$ ln -sf @("./" +~ BC_BIN) @(path.join(bindir, DC_BIN));
+				}
+				else
+				{
+					$ $SAFE_INSTALL $EXEC_INSTALL_MODE $BC_BIN
+					  @(path.join(bindir, BC_BIN));
+				}
+			}
+
+			if NLS_ENABLED != "0"
+			{
+				locale_install_args: []str =
+				if sym(config["locales"]) == @all
+				{
+					@[ "-l" ];
+				};
+
+				if DESTDIR != ""
+				{
+					$ @(path.join(src_dir, "scripts/locale_install.sh"))
+					  %(locale_install_args) @(str(config["nlspath"]))
+					  $MAINEXEC $DESTDIR;
+				}
+				else
+				{
+					$ @(path.join(src_dir, "scripts/locale_install.sh"))
+					  %(locale_install_args) @(str(config["nlspath"]))
+					  $MAINEXEC;
+				}
+			}
+
+			if bool(config["install_manpages"])
+			{
+				man1dir: str = get_man1dir();
+
+				if BC_ENABLED != "0"
+				{
+					$ rm -rf @(path.join(man1dir, BC_MANPAGE));
+				}
+
+				if DC_ENABLED != "0"
+				{
+					$ rm -rf @(path.join(man1dir, DC_MANPAGE));
+				}
+			}
+		}
+
+		target @uninstall
+		{
+			bindir: str = get_bindir();
+
+			if BC_ENABLED != "0"
+			{
+				$ rm -rf @(path.join(bindir, BC_BIN));
+			}
+
+			if DC_ENABLED != "0"
+			{
+				$ rm -rf @(path.join(bindir, DC_BIN));
+			}
+
+			if NLS_ENABLED != "0"
+			{
+				if DESTDIR != ""
+				{
+					$ @(path.join(src_dir, "scripts/locale_uninstall.sh"))
+					  @(str(config["nlspath"])) $MAINEXEC $DESTDIR;
+				}
+				else
+				{
+					$ @(path.join(src_dir, "scripts/locale_uninstall.sh"))
+					  @(str(config["nlspath"])) $MAINEXEC;
+				}
+			}
+
+			if bool(config["install_manpages"])
+			{
+				man1dir: str = get_man1dir();
+				$ rm -rf @(path.join(man1dir, BC_MANPAGE))
+				  @(path.join(man1dir, DC_MANPAGE));
+			}
+		}
+	}
+	else
+	{
+		target @install: targets, BCL_HEADER_PATH
+		{
+			full_libdir: str = get_libdir();
+
+			$ $SAFE_INSTALL $EXEC_INSTALL_MODE @(file_dep)
+			  @(path.join(full_libdir, file_dep));
+
+			full_pc_path: str = get_pc_path();
+			bcl_pc: str = file_deps[1];
+
+			$ $SAFE_INSTALL $MANPAGE_INSTALL_MODE $bcl_pc
+			  @(path.join(full_pc_path, bcl_pc));
+
+			full_includedir: str = get_includedir();
+
+			$ $SAFE_INSTALL $MANPAGE_INSTALL_MODE @(file_deps[2])
+			  @(path.join(full_includedir, BCL_HEADER));
+
+			if bool(config["install_manpages"])
+			{
+				$ $SAFE_INSTALL $MANPAGE_INSTALL_MODE
+				  @(path.join(src_dir, path.join("manuals", BCL_MANPAGE)))
+				  @(path.join(get_man3dir(), BCL_MANPAGE));
+			}
+		}
+
+		target @uninstall
+		{
+			$ rm -rf @(path.join(get_libdir(), LIBRARY))
+			  @(path.join(get_pc_path(), PC_FILE))
+			  @(path.join(get_includedir(), BCL_HEADER));
+
+			if bool(config["install_manpages"])
+			{
+				$ rm -rf @(path.join(get_man3dir(), BCL_MANPAGE));
+			}
+		}
+	}
+}
+
+// If the platform matches the host, we can run the test suite.
+if platform == host
+{
+	// If we have the library, build and run that test.
+	if BUILD_MODE == @library
+	{
+		libtesto: str = c2o("tests/bcl.c");
+
+		libtest: str = "bcl";
+
+		exe(libtest, @[ libtesto, targets[0] ]);
+
+		test @bcl: libtest
+		{
+			$ @(str(tgt_name));
+		}
+	}
+	else
+	{
+		if BUILD_MODE != @dc
+		{
+			exe_tests("bc");
+		}
+
+		if BUILD_MODE != @bc
+		{
+			exe_tests("dc");
+		}
+
+		target @clean_tests
+		{
+			for f: path.find_ext(build_dir, "txt")
+			{
+				path.rm(f);
+			}
+		}
+	}
+}
+
+target "bitfuncgen"
+{
+	error("TODO: Make this");
+}
+
+target @bitfuncgen: "bitfuncgen"
+{
+	error("TODO: Make this");
+}
+
+target "ministat"
+{
+	error("TODO: Make this");
+}
+
+target @ministat: "ministat"
+{
+	error("TODO: Make this");
+}
+
+target @all: targets;
diff --git a/contrib/bc/compile_flags.txt b/contrib/bc/compile_flags.txt
index 3324798013c6..64af9a35e75e 100644
--- a/contrib/bc/compile_flags.txt
+++ b/contrib/bc/compile_flags.txt
@@ -1,6 +1,9 @@
 -Weverything
 -pedantic
 -Wno-unsafe-buffer-usage
+-Wno-pre-c11-compat
+-Wno-unknown-warning-option
+-Wno-switch-default
 -D_POSIX_C_SOURCE=200809L
 -D_XOPEN_SOURCE=700
 -D_BSD_SOURCE
diff --git a/contrib/bc/configure.sh b/contrib/bc/configure.sh
index 442165d15693..92ff45cca84a 100755
--- a/contrib/bc/configure.sh
+++ b/contrib/bc/configure.sh
@@ -2,7 +2,7 @@
 #
 # SPDX-License-Identifier: BSD-2-Clause
 #
-# Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+# Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are met:
@@ -55,7 +55,7 @@ usage() {
 	printf '    %s [-a|-bD|-dB|-c] [-CeEfgGHilmMNPrtTvz] [-O OPT_LEVEL] [-k KARATSUBA_LEN]\\\n' "$script"
 	printf '       [-s SETTING] [-S SETTING] [-p TYPE]\n'
 	printf '    %s \\\n' "$script"
-	printf '       [--library|--bc-only --disable-dc|--dc-only --disable-bc|--coverage]  \\\n'
+	printf '       [--library|--bc-only --disable-dc|--dc-only --disable-bc]             \\\n'
 	printf '       [--force --debug --disable-extra-math --disable-generated-tests]      \\\n'
 	printf '       [--disable-history --disable-man-pages --disable-nls --disable-strip] \\\n'
 	printf '       [--enable-editline] [--enable-readline] [--enable-internal-history]   \\\n'
@@ -74,7 +74,7 @@ usage() {
 	printf '\n'
 	printf '    -a, --library\n'
 	printf '        Build the libbcl instead of the programs. This is meant to be used with\n'
-	printf '        Other software like programming languages that want to make use of the\n'
+	printf '        other software like programming languages that want to make use of the\n'
 	printf '        parsing and math capabilities. This option will install headers using\n'
 	printf '        `make install`.\n'
 	printf '    -b, --bc-only\n'
@@ -83,10 +83,6 @@ usage() {
 	printf '    -B, --disable-bc\n'
 	printf '        Disable bc. It is an error if "-b", "--bc-only", "-D", or "--disable-dc"\n'
 	printf '        are specified too.\n'
-	printf '    -c, --coverage\n'
-	printf '        Generate test coverage code. Requires gcov and gcovr.\n'
-	printf '        It is an error if either "-b" ("-D") or "-d" ("-B") is specified.\n'
-	printf '        Requires a compiler that use gcc-compatible coverage options\n'
 	printf '    -C, --disable-clean\n'
 	printf '        Disable the clean that configure.sh does before configure.\n'
 	printf '    -d, --dc-only\n'
@@ -133,8 +129,6 @@ usage() {
 	printf '        Installs all locales, regardless of how many are on the system. This\n'
 	printf '        option is useful for package maintainers who want to make sure that\n'
 	printf '        a package contains all of the locales that end users might need.\n'
-	printf '    -m, --enable-memcheck\n'
-	printf '        Enable memcheck mode, to ensure no memory leaks. For development only.\n'
 	printf '    -M, --disable-man-pages\n'
 	printf '        Disable installing manpages.\n'
 	printf '    -N, --disable-nls\n'
@@ -172,17 +166,9 @@ usage() {
 	printf '        Set the default named by SETTING to off. See below for possible values\n'
 	printf '        for SETTING. For multiple instances of the -s or -S for the the same\n'
 	printf '        setting, the last one is used.\n'
-	printf '    -t, --enable-test-timing\n'
-	printf '        Enable the timing of tests. This is for development only.\n'
 	printf '    -T, --disable-strip\n'
 	printf '        Disable stripping symbols from the compiled binary or binaries.\n'
 	printf '        Stripping symbols only happens when debug mode is off.\n'
-	printf '    -v, --enable-valgrind\n'
-	printf '        Enable a build appropriate for valgrind. For development only.\n'
-	printf '    -z, --enable-fuzz-mode\n'
-	printf '        Enable fuzzing mode. THIS IS FOR DEVELOPMENT ONLY.\n'
-	printf '    -Z, --enable-ossfuzz-mode\n'
-	printf '        Enable fuzzing mode for OSS-Fuzz. THIS IS FOR DEVELOPMENT ONLY.\n'
 	printf '    --prefix PREFIX\n'
 	printf '        The prefix to install to. Overrides "$PREFIX" if it exists.\n'
 	printf '        If PREFIX is "/usr", install path will be "/usr/bin".\n'
@@ -254,12 +240,12 @@ usage() {
 	printf '                 path (or contain one). This is treated the same as the POSIX\n'
 	printf '                 definition of $NLSPATH (see POSIX environment variables for\n'
 	printf '                 more information). Default is "/usr/share/locale/%%L/%%N".\n'
-	printf '    PC_PATH      The location to install pkg-config files to. Must be an\n'
+	printf '    PC_PATH      The location to install pkg-config files to. Must be a\n'
 	printf '                 path or contain one. Default is the first path given by the\n'
 	printf '                 output of `pkg-config --variable=pc_path pkg-config`.\n'
 	printf '    EXECSUFFIX   The suffix to append to the executable names, used to not\n'
 	printf '                 interfere with other installed bc executables. Default is "".\n'
-	printf '    EXECPREFIX   The prefix to append to the executable names, used to not\n'
+	printf '    EXECPREFIX   The prefix to prepend to the executable names, used to not\n'
 	printf '                 interfere with other installed bc executables. Default is "".\n'
 	printf '    DESTDIR      For package creation. Default is "". If it is empty when\n'
 	printf '                 `%s` is run, it can also be passed to `make install`\n' "$script"
@@ -482,7 +468,7 @@ find_src_files() {
 }
 
 # This function generates a list of files to go into the Makefile. It generates
-# the list of object files, as well as the list of test coverage files.
+# the list of object files.
 #
 # @param contents  The contents of the Makefile template to put the list of
 #                  files into.
@@ -503,8 +489,6 @@ gen_file_list() {
 
 	_gen_file_list_needle_src="SRC"
 	_gen_file_list_needle_obj="OBJ"
-	_gen_file_list_needle_gcda="GCDA"
-	_gen_file_list_needle_gcno="GCNO"
 
 	_gen_file_list_replacement=$(find_src_files $_gen_file_list_unneeded | tr '\n' ' ')
 	_gen_file_list_contents=$(replace "$_gen_file_list_contents" \
@@ -521,151 +505,9 @@ gen_file_list() {
 	_gen_file_list_contents=$(replace "$_gen_file_list_contents" \
 		"$_gen_file_list_needle_obj" "$_gen_file_list_replacement")
 
-	_gen_file_list_replacement=$(replace_exts "$_gen_file_list_replacement" "o" "gcda")
-	_gen_file_list_contents=$(replace "$_gen_file_list_contents" \
-		"$_gen_file_list_needle_gcda" "$_gen_file_list_replacement")
-
-	_gen_file_list_replacement=$(replace_exts "$_gen_file_list_replacement" "gcda" "gcno")
-	_gen_file_list_contents=$(replace "$_gen_file_list_contents" \
-		"$_gen_file_list_needle_gcno" "$_gen_file_list_replacement")
-
 	printf '%s\n' "$_gen_file_list_contents"
 }
 
-# Generates the proper test targets for each test to have its own target. This
-# allows `make test` to run in parallel.
-#
-# @param name        Which calculator to generate tests for.
-# @param extra_math  An integer that, if non-zero, activates extra math tests.
-# @param time_tests  An integer that, if non-zero, tells the test suite to time
-#                    the execution of each test.
-gen_std_tests() {
-
-	_gen_std_tests_name="$1"
-	shift
-
-	_gen_std_tests_extra_math="$1"
-	shift
-
-	_gen_std_tests_time_tests="$1"
-	shift
-
-	_gen_std_tests_extra_required=$(cat "$scriptdir/tests/extra_required.txt")
-
-	for _gen_std_tests_t in $(cat "$scriptdir/tests/$_gen_std_tests_name/all.txt"); do
-
-		if [ "$_gen_std_tests_extra_math" -eq 0 ]; then
-
-			if [ -z "${_gen_std_tests_extra_required##*$_gen_std_tests_t*}" ]; then
-				printf 'test_%s_%s:\n\t@printf "Skipping %s %s\\n"\n\n' \
-					"$_gen_std_tests_name" "$_gen_std_tests_t" "$_gen_std_tests_name" \
-					"$_gen_std_tests_t" >> "Makefile"
-				continue
-			fi
-
-		fi
-
-		printf 'test_%s_%s:\n\t@export BC_TEST_OUTPUT_DIR="%s/tests"; sh $(TESTSDIR)/test.sh %s %s %s %s %s\n\n' \
-			"$_gen_std_tests_name" "$_gen_std_tests_t" "$builddir" "$_gen_std_tests_name" \
-			"$_gen_std_tests_t" "$generate_tests" "$time_tests" \
-			"$*" >> "Makefile"
-
-	done
-}
-
-# Generates a list of test targets that will be used as prerequisites for other
-# targets.
-#
-# @param name  The name of the calculator to generate test targets for.
-gen_std_test_targets() {
-
-	_gen_std_test_targets_name="$1"
-	shift
-
-	_gen_std_test_targets_tests=$(cat "$scriptdir/tests/${_gen_std_test_targets_name}/all.txt")
-
-	for _gen_std_test_targets_t in $_gen_std_test_targets_tests; do
-		printf ' test_%s_%s' "$_gen_std_test_targets_name" "$_gen_std_test_targets_t"
-	done
-
-	printf '\n'
-}
-
-# Generates the proper test targets for each error test to have its own target.
-# This allows `make test_bc_errors` and `make test_dc_errors` to run in
-# parallel.
-#
-# @param name  Which calculator to generate tests for.
-gen_err_tests() {
-
-	_gen_err_tests_name="$1"
-	shift
-
-	_gen_err_tests_fs=$(ls "$scriptdir/tests/$_gen_err_tests_name/errors/")
-
-	for _gen_err_tests_t in $_gen_err_tests_fs; do
-
-		printf 'test_%s_error_%s:\n\t@export BC_TEST_OUTPUT_DIR="%s/tests"; sh $(TESTSDIR)/error.sh %s %s %s %s\n\n' \
-			"$_gen_err_tests_name" "$_gen_err_tests_t" "$builddir" "$_gen_err_tests_name" \
-			"$_gen_err_tests_t" "$problematic_tests" "$*" >> "Makefile"
-
-	done
-
-}
-
-# Generates a list of error test targets that will be used as prerequisites for
-# other targets.
-#
-# @param name  The name of the calculator to generate test targets for.
-gen_err_test_targets() {
-
-	_gen_err_test_targets_name="$1"
-	shift
-
-	_gen_err_test_targets_tests=$(ls "$scriptdir/tests/$_gen_err_test_targets_name/errors/")
-
-	for _gen_err_test_targets_t in $_gen_err_test_targets_tests; do
-		printf ' test_%s_error_%s' "$_gen_err_test_targets_name" "$_gen_err_test_targets_t"
-	done
-
-	printf '\n'
-}
-
-# Generates the proper script test targets for each script test to have its own
-# target. This allows `make test` to run in parallel.
-#
-# @param name        Which calculator to generate tests for.
-# @param extra_math  An integer that, if non-zero, activates extra math tests.
-# @param generate    An integer that, if non-zero, activates generated tests.
-# @param time_tests  An integer that, if non-zero, tells the test suite to time
-#                    the execution of each test.
-gen_script_tests() {
-
-	_gen_script_tests_name="$1"
-	shift
-
-	_gen_script_tests_extra_math="$1"
-	shift
-
-	_gen_script_tests_generate="$1"
-	shift
-
-	_gen_script_tests_time="$1"
-	shift
-
-	_gen_script_tests_tests=$(cat "$scriptdir/tests/$_gen_script_tests_name/scripts/all.txt")
-
-	for _gen_script_tests_f in $_gen_script_tests_tests; do
-
-		_gen_script_tests_b=$(basename "$_gen_script_tests_f" ".${_gen_script_tests_name}")
-
-		printf 'test_%s_script_%s:\n\t@export BC_TEST_OUTPUT_DIR="%s/tests"; sh $(TESTSDIR)/script.sh %s %s %s 1 %s %s %s\n\n' \
-			"$_gen_script_tests_name" "$_gen_script_tests_b" "$builddir" "$_gen_script_tests_name" \
-			"$_gen_script_tests_f" "$_gen_script_tests_extra_math" "$_gen_script_tests_generate" \
-			"$_gen_script_tests_time" "$*" >> "Makefile"
-	done
-}
-
 set_default() {
 
 	_set_default_on="$1"
@@ -710,7 +552,6 @@ predefined_build() {
 		BSD)
 			bc_only=0
 			dc_only=0
-			coverage=0
 			debug=0
 			optimization="3"
 			hist=1
@@ -723,11 +564,6 @@ predefined_build() {
 			strip_bin=1
 			all_locales=0
 			library=0
-			fuzz=0
-			ossfuzz=0
-			time_tests=0
-			vg=0
-			memcheck=0
 			clean=1
 			bc_default_banner=0
 			bc_default_sigint_reset=1
@@ -744,7 +580,6 @@ predefined_build() {
 		GNU)
 			bc_only=0
 			dc_only=0
-			coverage=0
 			debug=0
 			optimization="3"
 			hist=1
@@ -757,11 +592,6 @@ predefined_build() {
 			strip_bin=1
 			all_locales=0
 			library=0
-			fuzz=0
-			ossfuzz=0
-			time_tests=0
-			vg=0
-			memcheck=0
 			clean=1
 			bc_default_banner=1
 			bc_default_sigint_reset=1
@@ -777,10 +607,10 @@ predefined_build() {
 
 		GDH)
 			CFLAGS="-Weverything -Wno-padded -Wno-unsafe-buffer-usage -Wno-poison-system-directories"
-			CFLAGS="$CFLAGS -Wno-switch-default -Werror -pedantic -std=c11"
+			CFLAGS="$CFLAGS -Wno-unknown-warning-option -Wno-switch-default -Wno-pre-c11-compat"
+			CFLAGS="$CFLAGS -Werror -pedantic -std=c11"
 			bc_only=0
 			dc_only=0
-			coverage=0
 			debug=0
 			optimization="3"
 			hist=1
@@ -793,11 +623,6 @@ predefined_build() {
 			strip_bin=1
 			all_locales=0
 			library=0
-			fuzz=0
-			ossfuzz=0
-			time_tests=0
-			vg=0
-			memcheck=0
 			clean=1
 			bc_default_banner=1
 			bc_default_sigint_reset=1
@@ -813,10 +638,10 @@ predefined_build() {
 
 		DBG)
 			CFLAGS="-Weverything -Wno-padded -Wno-unsafe-buffer-usage -Wno-poison-system-directories"
-			CFLAGS="$CFLAGS -Wno-switch-default -Werror -pedantic -std=c11"
+			CFLAGS="$CFLAGS -Wno-unknown-warning-option -Wno-switch-default -Wno-pre-c11-compat"
+			CFLAGS="$CFLAGS -Werror -pedantic -std=c11"
 			bc_only=0
 			dc_only=0
-			coverage=0
 			debug=1
 			optimization="0"
 			hist=1
@@ -829,11 +654,6 @@ predefined_build() {
 			strip_bin=1
 			all_locales=0
 			library=0
-			fuzz=0
-			ossfuzz=0
-			time_tests=0
-			vg=0
-			memcheck=1
 			clean=1
 			bc_default_banner=1
 			bc_default_sigint_reset=1
@@ -852,36 +672,12 @@ predefined_build() {
 	esac
 }
 
-# Generates a list of script test targets that will be used as prerequisites for
-# other targets.
-#
-# @param name  The name of the calculator to generate script test targets for.
-gen_script_test_targets() {
-
-	_gen_script_test_targets_name="$1"
-	shift
-
-	_gen_script_test_targets_tests=$(cat "$scriptdir/tests/$_gen_script_test_targets_name/scripts/all.txt")
-
-	for _gen_script_test_targets_f in $_gen_script_test_targets_tests; do
-		_gen_script_test_targets_b=$(basename "$_gen_script_test_targets_f" \
-			".$_gen_script_test_targets_name")
-		printf ' test_%s_script_%s' "$_gen_script_test_targets_name" \
-			"$_gen_script_test_targets_b"
-	done
-
-	printf '\n'
-}
-
 # This is a list of defaults, but it is also the list of possible options for
 # users to change.
 #
-# The development options are: force (force options even if they fail), valgrind
-# (build in a way suitable for valgrind testing), memcheck (same as valgrind),
-# and fuzzing (build in a way suitable for fuzzing).
+# The development options are: force (force options even if they fail).
 bc_only=0
 dc_only=0
-coverage=0
 karatsuba_len=32
 debug=0
 hist=1
@@ -895,11 +691,6 @@ force=0
 strip_bin=1
 all_locales=0
 library=0
-fuzz=0
-ossfuzz=0
-time_tests=0
-vg=0
-memcheck=0
 clean=1
 problematic_tests=1
 
@@ -920,13 +711,12 @@ dc_default_digit_clamp=0
 # getopts is a POSIX utility, but it cannot handle long options. Thus, the
 # handling of long options is done by hand, and that's the reason that short and
 # long options cannot be mixed.
-while getopts "abBcdDeEfgGhHik:lMmNO:p:PrS:s:tTvzZ-" opt; do
+while getopts "abBcdDeEfgGhHik:lMNO:p:PrS:s:T-" opt; do
 
 	case "$opt" in
 		a) library=1 ;;
 		b) bc_only=1 ;;
 		B) dc_only=1 ;;
-		c) coverage=1 ;;
 		C) clean=0 ;;
 		d) dc_only=1 ;;
 		D) bc_only=1 ;;
@@ -940,7 +730,6 @@ while getopts "abBcdDeEfgGhHik:lMmNO:p:PrS:s:tTvzZ-" opt; do
 		i) hist_impl="internal" ;;
 		k) karatsuba_len="$OPTARG" ;;
 		l) all_locales=1 ;;
-		m) memcheck=1 ;;
 		M) install_manpages=0 ;;
 		N) nls=0 ;;
 		O) optimization="$OPTARG" ;;
@@ -949,11 +738,7 @@ while getopts "abBcdDeEfgGhHik:lMmNO:p:PrS:s:tTvzZ-" opt; do
 		r) hist_impl="readline" ;;
 		S) set_default 0 "$OPTARG" ;;
 		s) set_default 1 "$OPTARG" ;;
-		t) time_tests=1 ;;
 		T) strip_bin=0 ;;
-		v) vg=1 ;;
-		z) fuzz=1 ;;
-		Z) ossfuzz=1 ;;
 		-)
 			arg="$1"
 			arg="${arg#--}"
@@ -963,7 +748,6 @@ while getopts "abBcdDeEfgGhHik:lMmNO:p:PrS:s:tTvzZ-" opt; do
 				library) library=1 ;;
 				bc-only) bc_only=1 ;;
 				dc-only) dc_only=1 ;;
-				coverage) coverage=1 ;;
 				debug) debug=1 ;;
 				force) force=1 ;;
 				prefix=?*) PREFIX="$LONG_OPTARG" ;;
@@ -1077,27 +861,20 @@ while getopts "abBcdDeEfgGhHik:lMmNO:p:PrS:s:tTvzZ-" opt; do
 				enable-editline) hist_impl="editline" ;;
 				enable-readline) hist_impl="readline" ;;
 				enable-internal-history) hist_impl="internal" ;;
-				enable-test-timing) time_tests=1 ;;
-				enable-valgrind) vg=1 ;;
-				enable-fuzz-mode) fuzz=1 ;;
-				enable-ossfuzz-mode) ossfuzz=1 ;;
-				enable-memcheck) memcheck=1 ;;
 				install-all-locales) all_locales=1 ;;
-				help* | bc-only* | dc-only* | coverage* | debug*)
+				help* | bc-only* | dc-only* | debug*)
 					usage "No arg allowed for --$arg option" ;;
 				disable-bc* | disable-dc* | disable-clean*)
 					usage "No arg allowed for --$arg option" ;;
 				disable-extra-math*)
 					usage "No arg allowed for --$arg option" ;;
-				disable-generated-tests* | disable-history*)
+				disable-history*)
 					usage "No arg allowed for --$arg option" ;;
 				disable-man-pages* | disable-nls* | disable-strip*)
 					usage "No arg allowed for --$arg option" ;;
 				disable-problematic-tests*)
 					usage "No arg allowed for --$arg option" ;;
-				enable-fuzz-mode* | enable-test-timing* | enable-valgrind*)
-					usage "No arg allowed for --$arg option" ;;
-				enable-memcheck* | install-all-locales*)
+				install-all-locales*)
 					usage "No arg allowed for --$arg option" ;;
 				enable-editline* | enable-readline*)
 					usage "No arg allowed for --$arg option" ;;
@@ -1221,33 +998,7 @@ link="@printf 'No link necessary\\\\n'"
 main_exec="BC"
 executable="BC_EXEC"
 
-tests="test_bc timeconst test_dc"
-
-bc_test="@export BC_TEST_OUTPUT_DIR=\"$builddir/tests\"; \$(TESTSDIR)/all.sh bc $extra_math 1 $generate_tests $problematic_tests $time_tests \$(BC_EXEC)"
-bc_test_np="@export BC_TEST_OUTPUT_DIR=\"$builddir/tests\"; \$(TESTSDIR)/all.sh -n bc $extra_math 1 $generate_tests $problematic_tests $time_tests \$(BC_EXEC)"
-dc_test="@export BC_TEST_OUTPUT_DIR=\"$builddir/tests\"; \$(TESTSDIR)/all.sh dc $extra_math 1 $generate_tests $problematic_tests $time_tests \$(DC_EXEC)"
-dc_test_np="@export BC_TEST_OUTPUT_DIR=\"$builddir/tests\"; \$(TESTSDIR)/all.sh -n dc $extra_math 1 $generate_tests $problematic_tests $time_tests \$(DC_EXEC)"
-
-timeconst="@export BC_TEST_OUTPUT_DIR=\"$builddir/tests\"; \$(TESTSDIR)/bc/timeconst.sh \$(TESTSDIR)/bc/scripts/timeconst.bc \$(BC_EXEC)"
-
-# In order to have cleanup at exit, we need to be in
-# debug mode, so don't run valgrind without that.
-if [ "$vg" -ne 0 ]; then
-	debug=1
-	bc_test_exec='valgrind $(VALGRIND_ARGS) $(BC_EXEC)'
-	dc_test_exec='valgrind $(VALGRIND_ARGS) $(DC_EXEC)'
-	bcl_test_exec='valgrind $(VALGRIND_ARGS) $(BCL_TEST)'
-else
-	bc_test_exec='$(BC_EXEC)'
-	dc_test_exec='$(DC_EXEC)'
-	bcl_test_exec='$(BCL_TEST)'
-fi
-
-test_bc_history_prereqs="test_bc_history_all"
-test_dc_history_prereqs="test_dc_history_all"
-
 karatsuba="@printf 'karatsuba cannot be run because one of bc or dc is not built\\\\n'"
-karatsuba_test="@printf 'karatsuba cannot be run because one of bc or dc is not built\\\\n'"
 
 bc_lib="\$(GEN_DIR)/lib.o"
 bc_help="\$(GEN_DIR)/bc_help.o"
@@ -1274,9 +1025,6 @@ if [ "$library" -ne 0 ]; then
 	default_target_prereqs="\$(BIN) \$(OBJ)"
 	default_target_cmd="ar -r -cu \$(LIBBC) \$(OBJ)"
 	default_target="\$(LIBBC)"
-	tests="test_library"
-	test_bc_history_prereqs=" test_bc_history_skip"
-	test_dc_history_prereqs=" test_dc_history_skip"
 
 	install_prereqs=" install_library"
 	uninstall_prereqs=" uninstall_library"
@@ -1292,10 +1040,6 @@ elif [ "$bc_only" -eq 1 ]; then
 
 	executables="bc"
 
-	dc_test="@printf 'No dc tests to run\\\\n'"
-	dc_test_np="@printf 'No dc tests to run\\\\n'"
-	test_dc_history_prereqs=" test_dc_history_skip"
-
 	install_prereqs=" install_execs"
 	install_man_prereqs=" install_bc_manpage"
 	uninstall_prereqs=" uninstall_bc"
@@ -1303,7 +1047,6 @@ elif [ "$bc_only" -eq 1 ]; then
 
 	default_target="\$(BC_EXEC)"
 	second_target="\$(DC_EXEC)"
-	tests="test_bc timeconst"
 
 elif [ "$dc_only" -eq 1 ]; then
 
@@ -1318,58 +1061,11 @@ elif [ "$dc_only" -eq 1 ]; then
 	main_exec="DC"
 	executable="DC_EXEC"
 
-	bc_test="@printf 'No bc tests to run\\\\n'"
-	bc_test_np="@printf 'No bc tests to run\\\\n'"
-	test_bc_history_prereqs=" test_bc_history_skip"
-
-	timeconst="@printf 'timeconst cannot be run because bc is not built\\\\n'"
-
 	install_prereqs=" install_execs"
 	install_man_prereqs=" install_dc_manpage"
 	uninstall_prereqs=" uninstall_dc"
 	uninstall_man_prereqs=" uninstall_dc_manpage"
 
-	tests="test_dc"
-
-elif [ "$ossfuzz" -eq 1 ]; then
-
-	if [ "$bc_only" -ne 0 ] || [ "$dc_only" -ne 0 ]; then
-		usage "An OSS-Fuzz build must build both fuzzers."
-	fi
-
-	bc=1
-	dc=1
-
-	# Expressions *cannot* exit in an OSS-Fuzz build.
-	bc_default_expr_exit=0
-	dc_default_expr_exit=0
-
-	executables="bc_fuzzer and dc_fuzzer"
-
-	karatsuba="@\$(KARATSUBA) 30 0 \$(BC_EXEC)"
-	karatsuba_test="@\$(KARATSUBA) 1 100 \$(BC_EXEC)"
-
-	if [ "$library" -eq 0 ]; then
-		install_prereqs=" install_execs"
-		install_man_prereqs=" install_bc_manpage install_dc_manpage"
-		uninstall_prereqs=" uninstall_bc uninstall_dc"
-		uninstall_man_prereqs=" uninstall_bc_manpage uninstall_dc_manpage"
-	else
-		install_prereqs=" install_library install_bcl_header"
-		install_man_prereqs=" install_bcl_manpage"
-		uninstall_prereqs=" uninstall_library uninstall_bcl_header"
-		uninstall_man_prereqs=" uninstall_bcl_manpage"
-		tests="test_library"
-	fi
-
-	second_target_prereqs="src/bc_fuzzer.o $default_target_prereqs"
-	default_target_prereqs="\$(BC_FUZZER) src/dc_fuzzer.o $default_target_prereqs"
-	default_target_cmd="\$(CXX) \$(CFLAGS) src/dc_fuzzer.o \$(LIB_FUZZING_ENGINE) \$(OBJS) \$(LDFLAGS) -o \$(DC_FUZZER) \&\& ln -sf ./dc_fuzzer_c \$(DC_FUZZER_C)"
-	second_target_cmd="\$(CXX) \$(CFLAGS) src/bc_fuzzer.o \$(LIB_FUZZING_ENGINE) \$(OBJS) \$(LDFLAGS) -o \$(BC_FUZZER) \&\& ln -sf ./bc_fuzzer_c \$(BC_FUZZER_C)"
-
-	default_target="\$(DC_FUZZER) \$(DC_FUZZER_C)"
-	second_target="\$(BC_FUZZER) \$(BC_FUZZER_C)"
-
 else
 
 	bc=1
@@ -1378,7 +1074,6 @@ else
 	executables="bc and dc"
 
 	karatsuba="@\$(KARATSUBA) 30 0 \$(BC_EXEC)"
-	karatsuba_test="@\$(KARATSUBA) 1 100 \$(BC_EXEC)"
 
 	if [ "$library" -eq 0 ]; then
 		install_prereqs=" install_execs"
@@ -1390,7 +1085,6 @@ else
 		install_man_prereqs=" install_bcl_manpage"
 		uninstall_prereqs=" uninstall_library uninstall_bcl_header"
 		uninstall_man_prereqs=" uninstall_bcl_manpage"
-		tests="test_library"
 	fi
 
 	second_target_prereqs="$default_target_prereqs"
@@ -1399,18 +1093,6 @@ else
 
 fi
 
-if [ "$fuzz" -ne 0 ] && [ "$ossfuzz" -ne 0 ]; then
-	usage "Fuzzing mode and OSS-Fuzz mode are mutually exclusive"
-fi
-
-# We need specific stuff for fuzzing.
-if [ "$fuzz" -ne 0 ] || [ "$ossfuzz" -ne 0 ]; then
-	debug=1
-	hist=0
-	nls=0
-	optimization="3"
-fi
-
 # This sets some necessary things for debug mode.
 if [ "$debug" -eq 1 ]; then
 
@@ -1429,26 +1111,6 @@ if [ -n "$optimization" ]; then
 	CFLAGS="-O$optimization $CFLAGS"
 fi
 
-# Set test coverage defaults.
-if [ "$coverage" -eq 1 ]; then
-
-	if [ "$bc_only" -eq 1 ] || [ "$dc_only" -eq 1 ]; then
-		usage "Can only specify -c without -b or -d"
-	fi
-
-	CFLAGS="-fprofile-arcs -ftest-coverage -g -O0 $CFLAGS"
-	CPPFLAGS="-DNDEBUG $CPPFLAGS"
-
-	COVERAGE_OUTPUT="@gcov -pabcdf \$(GCDA) \$(BC_GCDA) \$(DC_GCDA) \$(HISTORY_GCDA) \$(RAND_GCDA)"
-	COVERAGE_OUTPUT="$COVERAGE_OUTPUT;\$(RM) -f \$(GEN)*.gc*"
-	COVERAGE_OUTPUT="$COVERAGE_OUTPUT;gcovr --exclude-unreachable-branches --exclude-throw-branches --html-details --output index.html"
-	COVERAGE_PREREQS=" test coverage_output"
-
-else
-	COVERAGE_OUTPUT="@printf 'Coverage not generated\\\\n'"
-	COVERAGE_PREREQS=""
-fi
-
 # Set some defaults.
 if [ -z "${DESTDIR+set}" ]; then
 	destdir=""
@@ -1567,7 +1229,7 @@ if [ "$nls" -ne 0 ]; then
 		printf 'NLS works.\n\n'
 
 		printf 'Testing gencat...\n'
-		gencat "./en_US.cat" "$scriptdir/locales/en_US.msg" > /dev/null
+		gencat "./en_US.cat" "$scriptdir/locales/en_US.msg" 2>&1
 
 		err="$?"
 
@@ -1672,26 +1334,10 @@ else
 
 fi
 
-# We have to disable the history tests if it is disabled or valgrind is on. Or
-# if we are using editline or readline.
-if [ "$hist" -eq 0 ] || [ "$vg" -ne 0 ]; then
-	test_bc_history_prereqs=" test_bc_history_skip"
-	test_dc_history_prereqs=" test_dc_history_skip"
-	history_tests="@printf 'Skipping history tests...\\\\n'"
+if [ "$hist" -eq 0 ]; then
 	CFLAGS="$CFLAGS -DBC_ENABLE_EDITLINE=0 -DBC_ENABLE_READLINE=0"
 else
 
-	if [ "$editline" -eq 0 ] && [ "$readline" -eq 0 ]; then
-		history_tests="@printf '\$(TEST_STARS)\\\\n\\\\nRunning history tests...\\\\n\\\\n'"
-		history_tests="$history_tests \&\& \$(TESTSDIR)/history.sh bc -a \&\&"
-		history_tests="$history_tests \$(TESTSDIR)/history.sh dc -a \&\& printf"
-		history_tests="$history_tests '\\\\nAll history tests passed.\\\\n\\\\n\$(TEST_STARS)\\\\n'"
-	else
-		test_bc_history_prereqs=" test_bc_history_skip"
-		test_dc_history_prereqs=" test_dc_history_skip"
-		history_tests="@printf 'Skipping history tests...\\\\n'"
-	fi
-
 	# We are also setting the CFLAGS and LDFLAGS here.
 	if [ "$editline" -ne 0 ]; then
 		LDFLAGS="$LDFLAGS -ledit"
@@ -1795,7 +1441,7 @@ GEN_DIR="$scriptdir/gen"
 # `gen/strgen.sh` is used.
 GEN="strgen"
 GEN_EXEC_TARGET="\$(HOSTCC) -DBC_ENABLE_AFL=0 -DBC_ENABLE_OSSFUZZ=0 -I$scriptdir/include/ \$(HOSTCFLAGS) -o \$(GEN_EXEC) \$(GEN_C)"
-CLEAN_PREREQS=" clean_gen clean_coverage"
+CLEAN_PREREQS=" clean_gen"
 
 if [ -z "${GEN_HOST+set}" ]; then
 	GEN_HOST=1
@@ -1803,7 +1449,6 @@ else
 	if [ "$GEN_HOST" -eq 0 ]; then
 		GEN="strgen.sh"
 		GEN_EXEC_TARGET="@printf 'Do not need to build gen/strgen.c\\\\n'"
-		CLEAN_PREREQS=" clean_coverage"
 	fi
 fi
 
@@ -1848,9 +1493,7 @@ else
 	headers="$headers \$(DC_HEADERS)"
 fi
 
-# This convoluted mess does pull the version out. If you change the format of
-# include/version.h, you may have to change this line.
-version=$(cat "$scriptdir/include/version.h" | grep "VERSION " - | awk '{ print $3 }' -)
+version=$(cat "$scriptdir/VERSION.txt" | head -n1)
 
 if [ "$library" -ne 0 ]; then
 
@@ -1880,14 +1523,6 @@ if [ "$library" -ne 0 ]; then
 
 	fi
 
-elif [ "$ossfuzz" -ne 0 ]; then
-
-	unneeded="$unneeded library.c main.c"
-
-	PC_PATH=""
-	pkg_config_install=""
-	pkg_config_uninstall=""
-
 else
 
 	unneeded="$unneeded library.c"
@@ -1909,10 +1544,6 @@ if [ "$manpage_args" = "" ]; then
 	manpage_args="A"
 fi
 
-if [ "$vg" -ne 0 ] || [ "$ossfuzz" -ne 0 ]; then
-	memcheck=1
-fi
-
 if [ "$bc_default_prompt" = "" ]; then
 	bc_default_prompt="$bc_default_tty_mode"
 fi
@@ -1921,14 +1552,6 @@ if [ "$dc_default_prompt" = "" ]; then
 	dc_default_prompt="$dc_default_tty_mode"
 fi
 
-# Generate the test targets and prerequisites.
-bc_tests=$(gen_std_test_targets bc)
-bc_script_tests=$(gen_script_test_targets bc)
-bc_err_tests=$(gen_err_test_targets bc)
-dc_tests=$(gen_std_test_targets dc)
-dc_script_tests=$(gen_script_test_targets dc)
-dc_err_tests=$(gen_err_test_targets dc)
-
 printf 'unneeded: %s\n' "$unneeded"
 
 # Print out the values; this is for debugging.
@@ -1949,7 +1572,6 @@ printf 'BC_ENABLE_LIBRARY=%s\n\n' "$library"
 printf 'BC_ENABLE_HISTORY=%s\n' "$hist"
 printf 'BC_ENABLE_EXTRA_MATH=%s\n' "$extra_math"
 printf 'BC_ENABLE_NLS=%s\n\n' "$nls"
-printf 'BC_ENABLE_AFL=%s\n' "$fuzz"
 printf '\n'
 printf 'BC_NUM_KARATSUBA_LEN=%s\n' "$karatsuba_len"
 printf '\n'
@@ -2046,26 +1668,11 @@ contents=$(replace "$contents" "BUILDDIR" "$builddir")
 
 contents=$(replace "$contents" "HEADERS" "$headers")
 
+contents=$(replace "$contents" "VERSION" "$version")
+
 contents=$(replace "$contents" "BC_ENABLED" "$bc")
 contents=$(replace "$contents" "DC_ENABLED" "$dc")
 
-contents=$(replace "$contents" "BC_ALL_TESTS" "$bc_test")
-contents=$(replace "$contents" "BC_ALL_TESTS_NP" "$bc_test_np")
-contents=$(replace "$contents" "BC_TESTS" "$bc_tests")
-contents=$(replace "$contents" "BC_SCRIPT_TESTS" "$bc_script_tests")
-contents=$(replace "$contents" "BC_ERROR_TESTS" "$bc_err_tests")
-contents=$(replace "$contents" "BC_TEST_EXEC" "$bc_test_exec")
-contents=$(replace "$contents" "TIMECONST_ALL_TESTS" "$timeconst")
-
-contents=$(replace "$contents" "DC_ALL_TESTS" "$dc_test")
-contents=$(replace "$contents" "DC_ALL_TESTS_NP" "$dc_test_np")
-contents=$(replace "$contents" "DC_TESTS" "$dc_tests")
-contents=$(replace "$contents" "DC_SCRIPT_TESTS" "$dc_script_tests")
-contents=$(replace "$contents" "DC_ERROR_TESTS" "$dc_err_tests")
-contents=$(replace "$contents" "DC_TEST_EXEC" "$dc_test_exec")
-
-contents=$(replace "$contents" "BCL_TEST_EXEC" "$bcl_test_exec")
-
 contents=$(replace "$contents" "BUILD_TYPE" "$manpage_args")
 contents=$(replace "$contents" "EXCLUDE_EXTRA_MATH" "$exclude_extra_math")
 
@@ -2073,10 +1680,6 @@ contents=$(replace "$contents" "LIBRARY" "$library")
 contents=$(replace "$contents" "HISTORY" "$hist")
 contents=$(replace "$contents" "EXTRA_MATH" "$extra_math")
 contents=$(replace "$contents" "NLS" "$nls")
-contents=$(replace "$contents" "FUZZ" "$fuzz")
-contents=$(replace "$contents" "OSSFUZZ" "$ossfuzz")
-contents=$(replace "$contents" "MEMCHECK" "$memcheck")
-contents=$(replace "$contents" "LIB_FUZZING_ENGINE" "$LIB_FUZZING_ENGINE")
 
 contents=$(replace "$contents" "BC_LIB_O" "$bc_lib")
 contents=$(replace "$contents" "BC_HELP_O" "$bc_help")
@@ -2099,8 +1702,6 @@ contents=$(replace "$contents" "CPPFLAGS" "$CPPFLAGS")
 contents=$(replace "$contents" "LDFLAGS" "$LDFLAGS")
 contents=$(replace "$contents" "CC" "$CC")
 contents=$(replace "$contents" "HOSTCC" "$HOSTCC")
-contents=$(replace "$contents" "COVERAGE_OUTPUT" "$COVERAGE_OUTPUT")
-contents=$(replace "$contents" "COVERAGE_PREREQS" "$COVERAGE_PREREQS")
 contents=$(replace "$contents" "INSTALL_PREREQS" "$install_prereqs")
 contents=$(replace "$contents" "INSTALL_MAN_PREREQS" "$install_man_prereqs")
 contents=$(replace "$contents" "INSTALL_LOCALES" "$install_locales")
@@ -2126,22 +1727,14 @@ contents=$(replace "$contents" "BC_EXEC_CMD" "$bc_exec_cmd")
 contents=$(replace "$contents" "DC_EXEC_PREREQ" "$dc_exec_prereq")
 contents=$(replace "$contents" "DC_EXEC_CMD" "$dc_exec_cmd")
 
+contents=$(replace "$contents" "GENERATE_TESTS" "$generate_tests")
+contents=$(replace "$contents" "PROBLEMATIC_TESTS" "$problematic_tests")
+
 contents=$(replace "$contents" "EXECUTABLES" "$executables")
 contents=$(replace "$contents" "MAIN_EXEC" "$main_exec")
 contents=$(replace "$contents" "EXEC" "$executable")
-contents=$(replace "$contents" "TESTS" "$tests")
-
-contents=$(replace "$contents" "BC_HISTORY_TEST_PREREQS" "$test_bc_history_prereqs")
-contents=$(replace "$contents" "DC_HISTORY_TEST_PREREQS" "$test_dc_history_prereqs")
-contents=$(replace "$contents" "HISTORY_TESTS" "$history_tests")
-
-contents=$(replace "$contents" "VG_BC_TEST" "$vg_bc_test")
-contents=$(replace "$contents" "VG_DC_TEST" "$vg_dc_test")
-
-contents=$(replace "$contents" "TIMECONST" "$timeconst")
 
 contents=$(replace "$contents" "KARATSUBA" "$karatsuba")
-contents=$(replace "$contents" "KARATSUBA_TEST" "$karatsuba_test")
 
 contents=$(replace "$contents" "LONG_BIT_DEFINE" "$LONG_BIT_DEFINE")
 
@@ -2169,28 +1762,6 @@ contents=$(replace "$contents" "DC_DEFAULT_DIGIT_CLAMP" "$dc_default_digit_clamp
 # Do the first print to the Makefile.
 printf '%s\n%s\n\n' "$contents" "$SRC_TARGETS" > "Makefile"
 
-# Generate the individual test targets.
-if [ "$bc" -ne 0 ]; then
-	gen_std_tests bc "$extra_math" "$time_tests" $bc_test_exec
-	gen_script_tests bc "$extra_math" "$generate_tests" "$time_tests" $bc_test_exec
-	gen_err_tests bc $bc_test_exec
-fi
-
-if [ "$dc" -ne 0 ]; then
-	gen_std_tests dc "$extra_math" "$time_tests" $dc_test_exec
-	gen_script_tests dc "$extra_math" "$generate_tests" "$time_tests" $dc_test_exec
-	gen_err_tests dc $dc_test_exec
-fi
-
-if [ "$ossfuzz" -ne 0 ]; then
-
-	printf 'bc_fuzzer_c: $(BC_FUZZER)\n\tln -sf $(BC_FUZZER) bc_fuzzer_c\n' >> Makefile
-	printf 'bc_fuzzer_C: $(BC_FUZZER)\n\tln -sf $(BC_FUZZER) bc_fuzzer_C\n' >> Makefile
-	printf 'dc_fuzzer_c: $(DC_FUZZER)\n\tln -sf $(DC_FUZZER) dc_fuzzer_c\n' >> Makefile
-	printf 'dc_fuzzer_C: $(DC_FUZZER)\n\tln -sf $(DC_FUZZER) dc_fuzzer_C\n' >> Makefile
-
-fi
-
 # Copy the correct manuals to the expected places.
 mkdir -p manuals
 cp -f "$scriptdir/manuals/bc/$manpage_args.1.md" manuals/bc.1.md
diff --git a/contrib/bc/gen/bc_help.txt b/contrib/bc/gen/bc_help.txt
index 489b54a185f1..ce82d2677737 100644
--- a/contrib/bc/gen/bc_help.txt
+++ b/contrib/bc/gen/bc_help.txt
@@ -3,7 +3,7 @@
  *
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
@@ -37,7 +37,7 @@ usage: %s [options] [file...]
 
 bc is a command-line, arbitrary-precision calculator with a Turing-complete
 language. For details, use `man %s` or see the online documentation at
-https://git.gavinhoward.com/gavin/bc/src/tag/%s/manuals/bc/%s.1.md.
+https://github.com/gavinhoward/bc/tree/%s/manuals/bc/%s.1.md .
 
 This bc is compatible with both the GNU bc and the POSIX bc spec. See the GNU bc
 manual (https://www.gnu.org/software/bc/manual/bc.html) and bc spec
diff --git a/contrib/bc/gen/dc_help.txt b/contrib/bc/gen/dc_help.txt
index df4ede1583a2..897ab31a8820 100644
--- a/contrib/bc/gen/dc_help.txt
+++ b/contrib/bc/gen/dc_help.txt
@@ -3,7 +3,7 @@
  *
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
@@ -37,7 +37,7 @@ usage: %s [options] [file...]
 
 dc is a reverse-polish notation command-line calculator which supports unlimited
 precision arithmetic. For details, use `man %s` or see the online documentation
-at https://git.gavinhoward.com/gavin/bc/src/tag/%s/manuals/bc/%s.1.md.
+at https://github.com/gavinhoward/bc/tree/%s/manuals/dc/%s.1.md .
 
 This dc is (mostly) compatible with the OpenBSD dc and the GNU dc. See the
 OpenBSD man page (http://man.openbsd.org/OpenBSD-current/man1/dc.1) and the GNU
diff --git a/contrib/bc/gen/lib.bc b/contrib/bc/gen/lib.bc
index 0c9389b8510d..95ba2765ddfa 100644
--- a/contrib/bc/gen/lib.bc
+++ b/contrib/bc/gen/lib.bc
@@ -3,7 +3,7 @@
  *
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/gen/lib2.bc b/contrib/bc/gen/lib2.bc
index d6d9f70fe063..cc959db73ceb 100644
--- a/contrib/bc/gen/lib2.bc
+++ b/contrib/bc/gen/lib2.bc
@@ -3,7 +3,7 @@
  *
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
@@ -444,108 +444,77 @@ define void uint64(x){uintn(x,8)}
 define void int64(x){intn(x,8)}
 define void uint(x){uintn(x,ubytes(x))}
 define void int(x){intn(x,sbytes(x))}
-define bunrev(t){
-	auto a,s,m[]
-	s=scale
-	scale=0
-	t=abs(t)$
-	while(t!=1){
-		t=divmod(t,2,m[])
-		a*=2
-		a+=m[0]
-	}
-	scale=s
-	return a
-}
 define band(a,b){
-	auto s,t,m[],n[]
+	auto r,p,s,m[]
 	a=abs(a)$
 	b=abs(b)$
-	if(b>a){
-		t=b
-		b=a
-		a=t
-	}
+	r=0
+	p=1
 	s=scale
 	scale=0
-	t=1
-	while(b){
+	while(a&&b) {
 		a=divmod(a,2,m[])
-		b=divmod(b,2,n[])
-		t*=2
-		t+=(m[0]&&n[0])
+		if(m[0]){
+			b=divmod(b,2,m[])
+			if(m[0])r+=p
+		}else b/=2
+		p*=2
 	}
 	scale=s
-	return bunrev(t)
+	return r
 }
 define bor(a,b){
-	auto s,t,m[],n[]
+	auto r,p,s,m[]
 	a=abs(a)$
 	b=abs(b)$
-	if(b>a){
-		t=b
-		b=a
-		a=t
-	}
+	r=0
+	p=1
 	s=scale
 	scale=0
-	t=1
-	while(b){
-		a=divmod(a,2,m[])
-		b=divmod(b,2,n[])
-		t*=2
-		t+=(m[0]||n[0])
-	}
-	while(a){
+	while(a||b){
 		a=divmod(a,2,m[])
-		t*=2
-		t+=m[0]
+		if(!m[0])b=divmod(b,2,m[])
+		else b/=2
+		if(m[0])r+=p
+		p*=2
 	}
 	scale=s
-	return bunrev(t)
+	return r
 }
 define bxor(a,b){
-	auto s,t,m[],n[]
+	auto r,p,s,m[],n[]
 	a=abs(a)$
 	b=abs(b)$
-	if(b>a){
-		t=b
-		b=a
-		a=t
-	}
+	r=0
+	p=1
 	s=scale
 	scale=0
-	t=1
-	while(b){
+	while(a||b){
 		a=divmod(a,2,m[])
 		b=divmod(b,2,n[])
-		t*=2
-		t+=(m[0]+n[0]==1)
-	}
-	while(a){
-		a=divmod(a,2,m[])
-		t*=2
-		t+=m[0]
+		if(m[0]+n[0]==1)r+=p
+		p*=2
 	}
 	scale=s
-	return bunrev(t)
+	return r
 }
 define bshl(a,b){return abs(a)$*2^abs(b)$}
 define bshr(a,b){return(abs(a)$/2^abs(b)$)$}
 define bnotn(x,n){
-	auto s,t,m[]
+	auto r,p,s,t,m[]
 	s=scale
 	scale=0
-	t=2^(abs(n)$*8)
-	x=abs(x)$%t+t
-	t=1
+	r=2^(abs(n)$*8)
+	x=abs(x)$%r+r
+	r=0
+	p=1
 	while(x!=1){
 		x=divmod(x,2,m[])
-		t*=2
-		t+=!m[0]
+		if(!m[0])r+=p
+		p*=2
 	}
 	scale=s
-	return bunrev(t)
+	return r
 }
 define bnot8(x){return bnotn(x,1)}
 define bnot16(x){return bnotn(x,2)}
@@ -553,13 +522,19 @@ define bnot32(x){return bnotn(x,4)}
 define bnot64(x){return bnotn(x,8)}
 define bnot(x){return bnotn(x,ubytes(x))}
 define brevn(x,n){
-	auto s,t,m[]
+	auto a,s,m[]
 	s=scale
 	scale=0
-	t=2^(abs(n)$*8)
-	x=abs(x)$%t+t
+	a=2^(abs(n)$*8)
+	x=abs(x)$%a+a
+	a=0
+	while(x!=1){
+		x=divmod(x,2,m[])
+		a*=2
+		a+=m[0]
+	}
 	scale=s
-	return bunrev(x)
+	return a
 }
 define brev8(x){return brevn(x,1)}
 define brev16(x){return brevn(x,2)}
diff --git a/contrib/bc/gen/strgen.c b/contrib/bc/gen/strgen.c
index 1394a05c4a76..996ea9b3c83a 100644
--- a/contrib/bc/gen/strgen.c
+++ b/contrib/bc/gen/strgen.c
@@ -3,7 +3,7 @@
  *
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
@@ -68,7 +68,7 @@ static const char* const bc_gen_ex_end = "{{ end }}";
 // This is exactly what it looks like. It just slaps a simple license header on
 // the generated C source file.
 static const char* const bc_gen_header =
-	"// Copyright (c) 2018-2024 Gavin D. Howard and contributors.\n"
+	"// Copyright (c) 2018-2025 Gavin D. Howard and contributors.\n"
 	"// Licensed under the 2-clause BSD license.\n"
 	"// *** AUTOMATICALLY GENERATED FROM %s. DO NOT MODIFY. ***\n\n";
 // clang-format on
diff --git a/contrib/bc/gen/strgen.sh b/contrib/bc/gen/strgen.sh
index 8542bd40ee83..683307d4fa80 100755
--- a/contrib/bc/gen/strgen.sh
+++ b/contrib/bc/gen/strgen.sh
@@ -2,7 +2,7 @@
 #
 # SPDX-License-Identifier: BSD-2-Clause
 #
-# Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+# Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are met:
@@ -96,7 +96,7 @@ if [ -n "$remove_tabs" ]; then
 fi
 
 cat<<EOF
-// Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+// Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 // Licensed under the 2-clause BSD license.
 // *** AUTOMATICALLY GENERATED FROM ${input}. DO NOT MODIFY. ***
 
diff --git a/contrib/bc/include/args.h b/contrib/bc/include/args.h
index 8f8f00be4630..fd9ca60c29c9 100644
--- a/contrib/bc/include/args.h
+++ b/contrib/bc/include/args.h
@@ -3,7 +3,7 @@
  *
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/include/bc.h b/contrib/bc/include/bc.h
index 2213278be1da..19159c45e018 100644
--- a/contrib/bc/include/bc.h
+++ b/contrib/bc/include/bc.h
@@ -3,7 +3,7 @@
  *
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
@@ -265,9 +265,9 @@ bc_lex_token(BcLex* l);
  * @return    An expression entry for bc_parse_exprs[].
  */
 #define BC_PARSE_EXPR_ENTRY(e1, e2, e3, e4, e5, e6, e7, e8)               \
-	((UINTMAX_C(e1) << 7) | (UINTMAX_C(e2) << 6) | (UINTMAX_C(e3) << 5) | \
-	 (UINTMAX_C(e4) << 4) | (UINTMAX_C(e5) << 3) | (UINTMAX_C(e6) << 2) | \
-	 (UINTMAX_C(e7) << 1) | (UINTMAX_C(e8) << 0))
+	((UINT8_C(e1) << 7) | (UINT8_C(e2) << 6) | (UINT8_C(e3) << 5) | \
+	 (UINT8_C(e4) << 4) | (UINT8_C(e5) << 3) | (UINT8_C(e6) << 2) | \
+	 (UINT8_C(e7) << 1) | (UINT8_C(e8) << 0))
 
 /**
  * Returns true if token @a i is a token that belongs in an expression.
diff --git a/contrib/bc/include/bcl.h b/contrib/bc/include/bcl.h
index 8e762b694f4d..a46610de47f5 100644
--- a/contrib/bc/include/bcl.h
+++ b/contrib/bc/include/bcl.h
@@ -3,7 +3,7 @@
  *
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/include/dc.h b/contrib/bc/include/dc.h
index 63f5ccbd10e3..edab5605c7e7 100644
--- a/contrib/bc/include/dc.h
+++ b/contrib/bc/include/dc.h
@@ -3,7 +3,7 @@
  *
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/include/file.h b/contrib/bc/include/file.h
index 86f368db11c6..d152645b1209 100644
--- a/contrib/bc/include/file.h
+++ b/contrib/bc/include/file.h
@@ -3,7 +3,7 @@
  *
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/include/history.h b/contrib/bc/include/history.h
index 13f6dc6e985c..03b729707556 100644
--- a/contrib/bc/include/history.h
+++ b/contrib/bc/include/history.h
@@ -3,7 +3,7 @@
  *
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
@@ -120,30 +120,6 @@ typedef struct BcHistory
 extern const char bc_history_editrc[];
 extern const size_t bc_history_editrc_len;
 
-#ifdef __APPLE__
-
-/**
- * Returns true if the line is a valid line, false otherwise.
- * @param line  The line.
- * @param len   The length of the line.
- * @return      True if the line is valid, false otherwise.
- */
-#define BC_HISTORY_INVALID_LINE(line, len) \
-	((line) == NULL && ((len) == -1 || errno == EINTR))
-
-#else // __APPLE__
-
-/**
- * Returns true if the line is a valid line, false otherwise.
- * @param line  The line.
- * @param len   The length of the line.
- * @return      True if the line is valid, false otherwise.
- */
-#define BC_HISTORY_INVALID_LINE(line, len) \
-	((line) == NULL && (len) == -1 && errno == EINTR)
-
-#endif // __APPLE__
-
 #else // BC_ENABLE_EDITLINE
 
 #if BC_ENABLE_READLINE
diff --git a/contrib/bc/include/lang.h b/contrib/bc/include/lang.h
index 6c8245139719..d0582a7d2199 100644
--- a/contrib/bc/include/lang.h
+++ b/contrib/bc/include/lang.h
@@ -3,7 +3,7 @@
  *
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
@@ -533,6 +533,10 @@ typedef enum BcType
 } BcType;
 
 #if BC_ENABLED
+
+/// Check if type array or array reference
+#define BC_IS_ARRAY(e) (e == BC_TYPE_ARRAY || e == BC_TYPE_REF)
+
 /// An auto variable in bc.
 typedef struct BcAuto
 {
diff --git a/contrib/bc/include/lex.h b/contrib/bc/include/lex.h
index d2be3c7526ef..5f97a47341df 100644
--- a/contrib/bc/include/lex.h
+++ b/contrib/bc/include/lex.h
@@ -3,7 +3,7 @@
  *
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/include/library.h b/contrib/bc/include/library.h
index 9942705a5f36..db7cb1302fe8 100644
--- a/contrib/bc/include/library.h
+++ b/contrib/bc/include/library.h
@@ -3,7 +3,7 @@
  *
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/include/num.h b/contrib/bc/include/num.h
index 6cead6eb3823..970873c75589 100644
--- a/contrib/bc/include/num.h
+++ b/contrib/bc/include/num.h
@@ -3,7 +3,7 @@
  *
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/include/opt.h b/contrib/bc/include/opt.h
index 41058cb4e29c..a5194b34cbb8 100644
--- a/contrib/bc/include/opt.h
+++ b/contrib/bc/include/opt.h
@@ -3,7 +3,7 @@
  *
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/include/ossfuzz.h b/contrib/bc/include/ossfuzz.h
index 5c12a3c9c9fb..4e233df9ab95 100644
--- a/contrib/bc/include/ossfuzz.h
+++ b/contrib/bc/include/ossfuzz.h
@@ -3,7 +3,7 @@
  *
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/include/parse.h b/contrib/bc/include/parse.h
index 7f0f8768b0db..e39ea09a8aad 100644
--- a/contrib/bc/include/parse.h
+++ b/contrib/bc/include/parse.h
@@ -3,7 +3,7 @@
  *
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/include/program.h b/contrib/bc/include/program.h
index e16e5c079d7d..17454057cdba 100644
--- a/contrib/bc/include/program.h
+++ b/contrib/bc/include/program.h
@@ -3,7 +3,7 @@
  *
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
@@ -145,6 +145,9 @@ typedef struct BcProgram
 
 #endif // BC_ENABLED
 
+	/// The number of results that have not been retired.
+	size_t nresults;
+
 	// The BcDig array for strmb. This uses BC_NUM_LONG_LOG10 because it is used
 	// in bc_num_ulong2num(), which attempts to realloc, unless it is big
 	// enough. This is big enough.
@@ -207,11 +210,16 @@ typedef struct BcProgram
  * operands while preserving the result (which we assumed was pushed before the
  * actual operation).
  * @param p     The program.
- * @param nres  The number of results returned by the instruction.
  * @param nops  The number of operands used by the instruction.
  */
-#define bc_program_retire(p, nres, nops) \
-	(bc_vec_npopAt(&(p)->results, (nops), (p)->results.len - (nres + nops)))
+#define bc_program_retire(p, nops)                                \
+	do                                                            \
+	{                                                             \
+		bc_vec_npopAt(&(p)->results, (nops),                      \
+		              (p)->results.len - ((p)->nresults + nops)); \
+		p->nresults = 0;                                          \
+	}                                                             \
+	while (0)
 
 #if DC_ENABLED
 
diff --git a/contrib/bc/include/rand.h b/contrib/bc/include/rand.h
index aee63b866cf6..f88de071b25d 100644
--- a/contrib/bc/include/rand.h
+++ b/contrib/bc/include/rand.h
@@ -13,7 +13,7 @@
  * This code is under the following license:
  *
  * Copyright (c) 2014-2017 Melissa O'Neill and PCG Project contributors
- * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal
diff --git a/contrib/bc/include/read.h b/contrib/bc/include/read.h
index 62e6897635a2..c43a9980327b 100644
--- a/contrib/bc/include/read.h
+++ b/contrib/bc/include/read.h
@@ -3,7 +3,7 @@
  *
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/include/status.h b/contrib/bc/include/status.h
index 203f09af628b..8e3ab9ed218b 100644
--- a/contrib/bc/include/status.h
+++ b/contrib/bc/include/status.h
@@ -3,7 +3,7 @@
  *
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
@@ -683,12 +683,7 @@ typedef enum BcMode
 #define BC_NO_SIG_EXC(vm) \
 	BC_LIKELY((vm)->status == (sig_atomic_t) BC_STATUS_SUCCESS && !(vm)->sig)
 
-#ifndef _WIN32
-#define BC_SIG_INTERRUPT(vm) \
-	BC_UNLIKELY((vm)->sig != 0 && (vm)->sig != SIGWINCH)
-#else // _WIN32
 #define BC_SIG_INTERRUPT(vm) BC_UNLIKELY((vm)->sig != 0)
-#endif // _WIN32
 
 #if BC_DEBUG
 
diff --git a/contrib/bc/include/vector.h b/contrib/bc/include/vector.h
index cad5fc2aa7c3..01b029961465 100644
--- a/contrib/bc/include/vector.h
+++ b/contrib/bc/include/vector.h
@@ -3,7 +3,7 @@
  *
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/include/version.h b/contrib/bc/include/version.h
deleted file mode 100644
index a4fb8def5024..000000000000
--- a/contrib/bc/include/version.h
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * *****************************************************************************
- *
- * SPDX-License-Identifier: BSD-2-Clause
- *
- * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice, this
- *   list of conditions and the following disclaimer.
- *
- * * Redistributions in binary form must reproduce the above copyright notice,
- *   this list of conditions and the following disclaimer in the documentation
- *   and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
- *
- * *****************************************************************************
- *
- * The version of bc.
- *
- */
-
-#ifndef BC_VERSION_H
-#define BC_VERSION_H
-
-/// The current version.
-#define VERSION 7.0.2
-
-#endif // BC_VERSION_H
diff --git a/contrib/bc/include/vm.h b/contrib/bc/include/vm.h
index e81206b63871..86e0fe06edc1 100644
--- a/contrib/bc/include/vm.h
+++ b/contrib/bc/include/vm.h
@@ -3,7 +3,7 @@
  *
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
@@ -52,7 +52,6 @@
 
 #endif // BC_ENABLE_NLS
 
-#include <version.h>
 #include <status.h>
 #include <num.h>
 #include <lex.h>
diff --git a/contrib/bc/locales/de_DE.ISO8859-1.msg b/contrib/bc/locales/de_DE.ISO8859-1.msg
index 9700ab070b2c..3269b7632cc7 100644
--- a/contrib/bc/locales/de_DE.ISO8859-1.msg
+++ b/contrib/bc/locales/de_DE.ISO8859-1.msg
@@ -1,7 +1,7 @@
 $ $
 $ SPDX-License-Identifier: BSD-2-Clause
 $ $
-$ Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+$ Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 $ $
 $ Redistribution and use in source and binary forms, with or without
 $ modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/locales/de_DE.UTF-8.msg b/contrib/bc/locales/de_DE.UTF-8.msg
index 7b918fc6d1cd..7d5859584d88 100644
--- a/contrib/bc/locales/de_DE.UTF-8.msg
+++ b/contrib/bc/locales/de_DE.UTF-8.msg
@@ -1,7 +1,7 @@
 $ $
 $ SPDX-License-Identifier: BSD-2-Clause
 $ $
-$ Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+$ Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 $ $
 $ Redistribution and use in source and binary forms, with or without
 $ modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/locales/en_US.msg b/contrib/bc/locales/en_US.msg
index 4afcbcd1f813..7ae50d189b57 100644
--- a/contrib/bc/locales/en_US.msg
+++ b/contrib/bc/locales/en_US.msg
@@ -1,7 +1,7 @@
 $ $
 $ SPDX-License-Identifier: BSD-2-Clause
 $ $
-$ Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+$ Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 $ $
 $ Redistribution and use in source and binary forms, with or without
 $ modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/locales/es_ES.ISO8859-1.msg b/contrib/bc/locales/es_ES.ISO8859-1.msg
index 4d022d9bf664..a9edbfa26734 100644
--- a/contrib/bc/locales/es_ES.ISO8859-1.msg
+++ b/contrib/bc/locales/es_ES.ISO8859-1.msg
@@ -1,7 +1,7 @@
 $ $
 $ SPDX-License-Identifier: BSD-2-Clause
 $ $
-$ Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+$ Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 $ $
 $ Redistribution and use in source and binary forms, with or without
 $ modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/locales/es_ES.UTF-8.msg b/contrib/bc/locales/es_ES.UTF-8.msg
index 364cff6ee57f..25512c0862da 100644
--- a/contrib/bc/locales/es_ES.UTF-8.msg
+++ b/contrib/bc/locales/es_ES.UTF-8.msg
@@ -1,7 +1,7 @@
 $ $
 $ SPDX-License-Identifier: BSD-2-Clause
 $ $
-$ Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+$ Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 $ $
 $ Redistribution and use in source and binary forms, with or without
 $ modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/locales/fr_FR.ISO8859-1.msg b/contrib/bc/locales/fr_FR.ISO8859-1.msg
index b4b39866c96e..a3935535521c 100644
--- a/contrib/bc/locales/fr_FR.ISO8859-1.msg
+++ b/contrib/bc/locales/fr_FR.ISO8859-1.msg
@@ -1,7 +1,7 @@
 $ $
 $ SPDX-License-Identifier: BSD-2-Clause
 $ $
-$ Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+$ Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 $ $
 $ Redistribution and use in source and binary forms, with or without
 $ modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/locales/fr_FR.UTF-8.msg b/contrib/bc/locales/fr_FR.UTF-8.msg
index c3387e31ae9f..dee83c110230 100644
--- a/contrib/bc/locales/fr_FR.UTF-8.msg
+++ b/contrib/bc/locales/fr_FR.UTF-8.msg
@@ -1,7 +1,7 @@
 $ $
 $ SPDX-License-Identifier: BSD-2-Clause
 $ $
-$ Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+$ Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 $ $
 $ Redistribution and use in source and binary forms, with or without
 $ modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/locales/ja_JP.UTF-8.msg b/contrib/bc/locales/ja_JP.UTF-8.msg
index 21640eb9f1cb..5a6aac17120a 100644
--- a/contrib/bc/locales/ja_JP.UTF-8.msg
+++ b/contrib/bc/locales/ja_JP.UTF-8.msg
@@ -1,7 +1,7 @@
 $ $
 $ SPDX-License-Identifier: BSD-2-Clause
 $ $
-$ Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+$ Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 $ $
 $ Redistribution and use in source and binary forms, with or without
 $ modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/locales/ja_JP.eucJP.msg b/contrib/bc/locales/ja_JP.eucJP.msg
index 3e3b73d20f4e..3bd47e1e7d30 100644
--- a/contrib/bc/locales/ja_JP.eucJP.msg
+++ b/contrib/bc/locales/ja_JP.eucJP.msg
@@ -1,7 +1,7 @@
 $ $
 $ SPDX-License-Identifier: BSD-2-Clause
 $ $
-$ Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+$ Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 $ $
 $ Redistribution and use in source and binary forms, with or without
 $ modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/locales/nl_NL.ISO8859-1.msg b/contrib/bc/locales/nl_NL.ISO8859-1.msg
index aaf41c65b04d..4531269752a2 100644
--- a/contrib/bc/locales/nl_NL.ISO8859-1.msg
+++ b/contrib/bc/locales/nl_NL.ISO8859-1.msg
@@ -1,7 +1,7 @@
 $ $
 $ SPDX-License-Identifier: BSD-2-Clause
 $ $
-$ Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+$ Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 $ $
 $ Redistribution and use in source and binary forms, with or without
 $ modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/locales/nl_NL.UTF-8.msg b/contrib/bc/locales/nl_NL.UTF-8.msg
index 0ab0b9c3dc61..29eb3f344fba 100644
--- a/contrib/bc/locales/nl_NL.UTF-8.msg
+++ b/contrib/bc/locales/nl_NL.UTF-8.msg
@@ -1,7 +1,7 @@
 $ $
 $ SPDX-License-Identifier: BSD-2-Clause
 $ $
-$ Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+$ Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 $ $
 $ Redistribution and use in source and binary forms, with or without
 $ modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/locales/pl_PL.ISO8859-2.msg b/contrib/bc/locales/pl_PL.ISO8859-2.msg
index 5b427c808fdd..c1e2b8b5355e 100644
--- a/contrib/bc/locales/pl_PL.ISO8859-2.msg
+++ b/contrib/bc/locales/pl_PL.ISO8859-2.msg
@@ -1,7 +1,7 @@
 $ $
 $ SPDX-License-Identifier: BSD-2-Clause
 $ $
-$ Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+$ Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 $ $
 $ Redistribution and use in source and binary forms, with or without
 $ modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/locales/pl_PL.UTF-8.msg b/contrib/bc/locales/pl_PL.UTF-8.msg
index fd0f85b5f767..27cbabfc33d4 100644
--- a/contrib/bc/locales/pl_PL.UTF-8.msg
+++ b/contrib/bc/locales/pl_PL.UTF-8.msg
@@ -1,7 +1,7 @@
 $ $
 $ SPDX-License-Identifier: BSD-2-Clause
 $ $
-$ Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+$ Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 $ $
 $ Redistribution and use in source and binary forms, with or without
 $ modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/locales/pt_PT.ISO8859-1.msg b/contrib/bc/locales/pt_PT.ISO8859-1.msg
index 9b365b4a7bd1..0bec4b284f9e 100644
--- a/contrib/bc/locales/pt_PT.ISO8859-1.msg
+++ b/contrib/bc/locales/pt_PT.ISO8859-1.msg
@@ -1,7 +1,7 @@
 $ $
 $ SPDX-License-Identifier: BSD-2-Clause
 $ $
-$ Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+$ Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 $ $
 $ Redistribution and use in source and binary forms, with or without
 $ modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/locales/pt_PT.UTF-8.msg b/contrib/bc/locales/pt_PT.UTF-8.msg
index f5054a178cf4..5204e8beef40 100644
--- a/contrib/bc/locales/pt_PT.UTF-8.msg
+++ b/contrib/bc/locales/pt_PT.UTF-8.msg
@@ -1,7 +1,7 @@
 $ $
 $ SPDX-License-Identifier: BSD-2-Clause
 $ $
-$ Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+$ Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 $ $
 $ Redistribution and use in source and binary forms, with or without
 $ modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/locales/ru_RU.CP1251.msg b/contrib/bc/locales/ru_RU.CP1251.msg
index ac8957cc6aa8..3d25413b058c 100644
--- a/contrib/bc/locales/ru_RU.CP1251.msg
+++ b/contrib/bc/locales/ru_RU.CP1251.msg
@@ -1,7 +1,7 @@
 $ $
 $ SPDX-License-Identifier: BSD-2-Clause
 $ $
-$ Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+$ Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 $ $
 $ Redistribution and use in source and binary forms, with or without
 $ modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/locales/ru_RU.CP866.msg b/contrib/bc/locales/ru_RU.CP866.msg
index 763fd55a3653..6700dc6c401f 100644
--- a/contrib/bc/locales/ru_RU.CP866.msg
+++ b/contrib/bc/locales/ru_RU.CP866.msg
@@ -1,7 +1,7 @@
 $ $
 $ SPDX-License-Identifier: BSD-2-Clause
 $ $
-$ Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+$ Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 $ $
 $ Redistribution and use in source and binary forms, with or without
 $ modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/locales/ru_RU.ISO8859-5.msg b/contrib/bc/locales/ru_RU.ISO8859-5.msg
index bbb1f418c3a9..66766fbf1936 100644
--- a/contrib/bc/locales/ru_RU.ISO8859-5.msg
+++ b/contrib/bc/locales/ru_RU.ISO8859-5.msg
@@ -1,7 +1,7 @@
 $ $
 $ SPDX-License-Identifier: BSD-2-Clause
 $ $
-$ Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+$ Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 $ $
 $ Redistribution and use in source and binary forms, with or without
 $ modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/locales/ru_RU.KOI8-R.msg b/contrib/bc/locales/ru_RU.KOI8-R.msg
index d1e2bdc014d2..ecc7f03a1a93 100644
--- a/contrib/bc/locales/ru_RU.KOI8-R.msg
+++ b/contrib/bc/locales/ru_RU.KOI8-R.msg
@@ -1,7 +1,7 @@
 $ $
 $ SPDX-License-Identifier: BSD-2-Clause
 $ $
-$ Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+$ Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 $ $
 $ Redistribution and use in source and binary forms, with or without
 $ modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/locales/ru_RU.UTF-8.msg b/contrib/bc/locales/ru_RU.UTF-8.msg
index b45b3634a76b..fb796155f497 100644
--- a/contrib/bc/locales/ru_RU.UTF-8.msg
+++ b/contrib/bc/locales/ru_RU.UTF-8.msg
@@ -1,7 +1,7 @@
 $ $
 $ SPDX-License-Identifier: BSD-2-Clause
 $ $
-$ Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+$ Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 $ $
 $ Redistribution and use in source and binary forms, with or without
 $ modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/locales/zh_CN.GB18030.msg b/contrib/bc/locales/zh_CN.GB18030.msg
index 3625c5b40fdf..c01a2239f624 100644
--- a/contrib/bc/locales/zh_CN.GB18030.msg
+++ b/contrib/bc/locales/zh_CN.GB18030.msg
@@ -1,7 +1,7 @@
 $ $
 $ SPDX-License-Identifier: BSD-2-Clause
 $ $
-$ Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+$ Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 $ $
 $ Redistribution and use in source and binary forms, with or without
 $ modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/locales/zh_CN.GB2312.msg b/contrib/bc/locales/zh_CN.GB2312.msg
index 3625c5b40fdf..c01a2239f624 100644
--- a/contrib/bc/locales/zh_CN.GB2312.msg
+++ b/contrib/bc/locales/zh_CN.GB2312.msg
@@ -1,7 +1,7 @@
 $ $
 $ SPDX-License-Identifier: BSD-2-Clause
 $ $
-$ Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+$ Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 $ $
 $ Redistribution and use in source and binary forms, with or without
 $ modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/locales/zh_CN.GBK.msg b/contrib/bc/locales/zh_CN.GBK.msg
index 3625c5b40fdf..c01a2239f624 100644
--- a/contrib/bc/locales/zh_CN.GBK.msg
+++ b/contrib/bc/locales/zh_CN.GBK.msg
@@ -1,7 +1,7 @@
 $ $
 $ SPDX-License-Identifier: BSD-2-Clause
 $ $
-$ Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+$ Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 $ $
 $ Redistribution and use in source and binary forms, with or without
 $ modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/locales/zh_CN.UTF-8.msg b/contrib/bc/locales/zh_CN.UTF-8.msg
index 95813f411698..3767e45a3950 100644
--- a/contrib/bc/locales/zh_CN.UTF-8.msg
+++ b/contrib/bc/locales/zh_CN.UTF-8.msg
@@ -1,7 +1,7 @@
 $ $
 $ SPDX-License-Identifier: BSD-2-Clause
 $ $
-$ Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+$ Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 $ $
 $ Redistribution and use in source and binary forms, with or without
 $ modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/locales/zh_CN.eucCN.msg b/contrib/bc/locales/zh_CN.eucCN.msg
index 3625c5b40fdf..c01a2239f624 100644
--- a/contrib/bc/locales/zh_CN.eucCN.msg
+++ b/contrib/bc/locales/zh_CN.eucCN.msg
@@ -1,7 +1,7 @@
 $ $
 $ SPDX-License-Identifier: BSD-2-Clause
 $ $
-$ Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+$ Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 $ $
 $ Redistribution and use in source and binary forms, with or without
 $ modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/manuals/bc/A.1 b/contrib/bc/manuals/bc/A.1
index adeb62f82e6a..9b38de7dc1bc 100644
--- a/contrib/bc/manuals/bc/A.1
+++ b/contrib/bc/manuals/bc/A.1
@@ -1,7 +1,7 @@
 .\"
 .\" SPDX-License-Identifier: BSD-2-Clause
 .\"
-.\" Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+.\" Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions are met:
@@ -2109,17 +2109,6 @@ If you want to a use signed two\[cq]s complement argument, use
 \f[B]s2u(x)\f[R] to convert.
 .RE
 .TP
-\f[B]bunrev(t)\f[R]
-Assumes \f[B]t\f[R] is a bitwise\-reversed number with an extra set bit
-one place more significant than the real most significant bit (which was
-the least significant bit in the original number).
-This number is reversed and returned without the extra set bit.
-.RS
-.PP
-This function is used to implement other bitwise functions; it is not
-meant to be used by users, but it can be.
-.RE
-.TP
 \f[B]plz(x)\f[R]
 If \f[B]x\f[R] is not equal to \f[B]0\f[R] and greater that
 \f[B]\-1\f[R] and less than \f[B]1\f[R], it is printed with a leading
@@ -2943,7 +2932,7 @@ Before version \f[B]6.1.0\f[R], this bc(1) had incorrect behavior for
 the \f[B]quit\f[R] statement.
 .PP
 No other bugs are known.
-Report bugs at https://git.gavinhoward.com/gavin/bc .
+Report bugs at https://github.com/gavinhoward/bc .
 .SH AUTHORS
 Gavin D. Howard \c
 .MT gavin@gavinhoward.com
diff --git a/contrib/bc/manuals/bc/A.1.md b/contrib/bc/manuals/bc/A.1.md
index e89305b1af44..73da0caa0a64 100644
--- a/contrib/bc/manuals/bc/A.1.md
+++ b/contrib/bc/manuals/bc/A.1.md
@@ -2,7 +2,7 @@
 
 SPDX-License-Identifier: BSD-2-Clause
 
-Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are met:
@@ -1766,16 +1766,6 @@ The extended library is a **non-portable extension**.
     If you want to a use signed two's complement argument, use **s2u(x)** to
     convert.
 
-**bunrev(t)**
-
-:   Assumes **t** is a bitwise-reversed number with an extra set bit one place
-    more significant than the real most significant bit (which was the least
-    significant bit in the original number). This number is reversed and
-    returned without the extra set bit.
-
-    This function is used to implement other bitwise functions; it is not meant
-    to be used by users, but it can be.
-
 **plz(x)**
 
 :   If **x** is not equal to **0** and greater that **-1** and less than **1**,
@@ -2521,7 +2511,7 @@ This bc(1) supports error messages for different locales, and thus, it supports
 Before version **6.1.0**, this bc(1) had incorrect behavior for the **quit**
 statement.
 
-No other bugs are known. Report bugs at https://git.gavinhoward.com/gavin/bc .
+No other bugs are known. Report bugs at https://github.com/gavinhoward/bc .
 
 # AUTHORS
 
diff --git a/contrib/bc/manuals/bc/E.1 b/contrib/bc/manuals/bc/E.1
index e2f1b034e69a..36f402d99936 100644
--- a/contrib/bc/manuals/bc/E.1
+++ b/contrib/bc/manuals/bc/E.1
@@ -1,7 +1,7 @@
 .\"
 .\" SPDX-License-Identifier: BSD-2-Clause
 .\"
-.\" Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+.\" Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions are met:
@@ -1758,7 +1758,7 @@ Before version \f[B]6.1.0\f[R], this bc(1) had incorrect behavior for
 the \f[B]quit\f[R] statement.
 .PP
 No other bugs are known.
-Report bugs at https://git.gavinhoward.com/gavin/bc .
+Report bugs at https://github.com/gavinhoward/bc .
 .SH AUTHORS
 Gavin D. Howard \c
 .MT gavin@gavinhoward.com
diff --git a/contrib/bc/manuals/bc/E.1.md b/contrib/bc/manuals/bc/E.1.md
index 0082caea8408..4536381f72b3 100644
--- a/contrib/bc/manuals/bc/E.1.md
+++ b/contrib/bc/manuals/bc/E.1.md
@@ -2,7 +2,7 @@
 
 SPDX-License-Identifier: BSD-2-Clause
 
-Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are met:
@@ -1509,7 +1509,7 @@ This bc(1) supports error messages for different locales, and thus, it supports
 Before version **6.1.0**, this bc(1) had incorrect behavior for the **quit**
 statement.
 
-No other bugs are known. Report bugs at https://git.gavinhoward.com/gavin/bc .
+No other bugs are known. Report bugs at https://github.com/gavinhoward/bc .
 
 # AUTHORS
 
diff --git a/contrib/bc/manuals/bc/EH.1 b/contrib/bc/manuals/bc/EH.1
index c132a0b76a49..bf29cca9e820 100644
--- a/contrib/bc/manuals/bc/EH.1
+++ b/contrib/bc/manuals/bc/EH.1
@@ -1,7 +1,7 @@
 .\"
 .\" SPDX-License-Identifier: BSD-2-Clause
 .\"
-.\" Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+.\" Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions are met:
@@ -1731,7 +1731,7 @@ Before version \f[B]6.1.0\f[R], this bc(1) had incorrect behavior for
 the \f[B]quit\f[R] statement.
 .PP
 No other bugs are known.
-Report bugs at https://git.gavinhoward.com/gavin/bc .
+Report bugs at https://github.com/gavinhoward/bc .
 .SH AUTHORS
 Gavin D. Howard \c
 .MT gavin@gavinhoward.com
diff --git a/contrib/bc/manuals/bc/EH.1.md b/contrib/bc/manuals/bc/EH.1.md
index 7e682058234c..27c3f46f9edc 100644
--- a/contrib/bc/manuals/bc/EH.1.md
+++ b/contrib/bc/manuals/bc/EH.1.md
@@ -2,7 +2,7 @@
 
 SPDX-License-Identifier: BSD-2-Clause
 
-Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are met:
@@ -1483,7 +1483,7 @@ This bc(1) supports error messages for different locales, and thus, it supports
 Before version **6.1.0**, this bc(1) had incorrect behavior for the **quit**
 statement.
 
-No other bugs are known. Report bugs at https://git.gavinhoward.com/gavin/bc .
+No other bugs are known. Report bugs at https://github.com/gavinhoward/bc .
 
 # AUTHORS
 
diff --git a/contrib/bc/manuals/bc/EHN.1 b/contrib/bc/manuals/bc/EHN.1
index e3395b1cc20d..2c0a2ddc9cd9 100644
--- a/contrib/bc/manuals/bc/EHN.1
+++ b/contrib/bc/manuals/bc/EHN.1
@@ -1,7 +1,7 @@
 .\"
 .\" SPDX-License-Identifier: BSD-2-Clause
 .\"
-.\" Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+.\" Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions are met:
@@ -1725,7 +1725,7 @@ Before version \f[B]6.1.0\f[R], this bc(1) had incorrect behavior for
 the \f[B]quit\f[R] statement.
 .PP
 No other bugs are known.
-Report bugs at https://git.gavinhoward.com/gavin/bc .
+Report bugs at https://github.com/gavinhoward/bc .
 .SH AUTHORS
 Gavin D. Howard \c
 .MT gavin@gavinhoward.com
diff --git a/contrib/bc/manuals/bc/EHN.1.md b/contrib/bc/manuals/bc/EHN.1.md
index 9578d2ab7720..eee3c9c8cb99 100644
--- a/contrib/bc/manuals/bc/EHN.1.md
+++ b/contrib/bc/manuals/bc/EHN.1.md
@@ -2,7 +2,7 @@
 
 SPDX-License-Identifier: BSD-2-Clause
 
-Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are met:
@@ -1475,7 +1475,7 @@ use a period (**.**) as a radix point, regardless of the value of
 Before version **6.1.0**, this bc(1) had incorrect behavior for the **quit**
 statement.
 
-No other bugs are known. Report bugs at https://git.gavinhoward.com/gavin/bc .
+No other bugs are known. Report bugs at https://github.com/gavinhoward/bc .
 
 # AUTHORS
 
diff --git a/contrib/bc/manuals/bc/EN.1 b/contrib/bc/manuals/bc/EN.1
index c1ccbec567ec..ce88b2af8e14 100644
--- a/contrib/bc/manuals/bc/EN.1
+++ b/contrib/bc/manuals/bc/EN.1
@@ -1,7 +1,7 @@
 .\"
 .\" SPDX-License-Identifier: BSD-2-Clause
 .\"
-.\" Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+.\" Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions are met:
@@ -1752,7 +1752,7 @@ Before version \f[B]6.1.0\f[R], this bc(1) had incorrect behavior for
 the \f[B]quit\f[R] statement.
 .PP
 No other bugs are known.
-Report bugs at https://git.gavinhoward.com/gavin/bc .
+Report bugs at https://github.com/gavinhoward/bc .
 .SH AUTHORS
 Gavin D. Howard \c
 .MT gavin@gavinhoward.com
diff --git a/contrib/bc/manuals/bc/EN.1.md b/contrib/bc/manuals/bc/EN.1.md
index f6ad00930902..8752c4eda7e1 100644
--- a/contrib/bc/manuals/bc/EN.1.md
+++ b/contrib/bc/manuals/bc/EN.1.md
@@ -2,7 +2,7 @@
 
 SPDX-License-Identifier: BSD-2-Clause
 
-Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are met:
@@ -1501,7 +1501,7 @@ use a period (**.**) as a radix point, regardless of the value of
 Before version **6.1.0**, this bc(1) had incorrect behavior for the **quit**
 statement.
 
-No other bugs are known. Report bugs at https://git.gavinhoward.com/gavin/bc .
+No other bugs are known. Report bugs at https://github.com/gavinhoward/bc .
 
 # AUTHORS
 
diff --git a/contrib/bc/manuals/bc/H.1 b/contrib/bc/manuals/bc/H.1
index 9dc46ee50dee..ee0312f3e8db 100644
--- a/contrib/bc/manuals/bc/H.1
+++ b/contrib/bc/manuals/bc/H.1
@@ -1,7 +1,7 @@
 .\"
 .\" SPDX-License-Identifier: BSD-2-Clause
 .\"
-.\" Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+.\" Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions are met:
@@ -2109,17 +2109,6 @@ If you want to a use signed two\[cq]s complement argument, use
 \f[B]s2u(x)\f[R] to convert.
 .RE
 .TP
-\f[B]bunrev(t)\f[R]
-Assumes \f[B]t\f[R] is a bitwise\-reversed number with an extra set bit
-one place more significant than the real most significant bit (which was
-the least significant bit in the original number).
-This number is reversed and returned without the extra set bit.
-.RS
-.PP
-This function is used to implement other bitwise functions; it is not
-meant to be used by users, but it can be.
-.RE
-.TP
 \f[B]plz(x)\f[R]
 If \f[B]x\f[R] is not equal to \f[B]0\f[R] and greater that
 \f[B]\-1\f[R] and less than \f[B]1\f[R], it is printed with a leading
@@ -2916,7 +2905,7 @@ Before version \f[B]6.1.0\f[R], this bc(1) had incorrect behavior for
 the \f[B]quit\f[R] statement.
 .PP
 No other bugs are known.
-Report bugs at https://git.gavinhoward.com/gavin/bc .
+Report bugs at https://github.com/gavinhoward/bc .
 .SH AUTHORS
 Gavin D. Howard \c
 .MT gavin@gavinhoward.com
diff --git a/contrib/bc/manuals/bc/H.1.md b/contrib/bc/manuals/bc/H.1.md
index fbc0658d8171..76763ed648e5 100644
--- a/contrib/bc/manuals/bc/H.1.md
+++ b/contrib/bc/manuals/bc/H.1.md
@@ -2,7 +2,7 @@
 
 SPDX-License-Identifier: BSD-2-Clause
 
-Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are met:
@@ -1766,16 +1766,6 @@ The extended library is a **non-portable extension**.
     If you want to a use signed two's complement argument, use **s2u(x)** to
     convert.
 
-**bunrev(t)**
-
-:   Assumes **t** is a bitwise-reversed number with an extra set bit one place
-    more significant than the real most significant bit (which was the least
-    significant bit in the original number). This number is reversed and
-    returned without the extra set bit.
-
-    This function is used to implement other bitwise functions; it is not meant
-    to be used by users, but it can be.
-
 **plz(x)**
 
 :   If **x** is not equal to **0** and greater that **-1** and less than **1**,
@@ -2495,7 +2485,7 @@ This bc(1) supports error messages for different locales, and thus, it supports
 Before version **6.1.0**, this bc(1) had incorrect behavior for the **quit**
 statement.
 
-No other bugs are known. Report bugs at https://git.gavinhoward.com/gavin/bc .
+No other bugs are known. Report bugs at https://github.com/gavinhoward/bc .
 
 # AUTHORS
 
diff --git a/contrib/bc/manuals/bc/HN.1 b/contrib/bc/manuals/bc/HN.1
index 7b4577f2dbd3..fb593b6d3a64 100644
--- a/contrib/bc/manuals/bc/HN.1
+++ b/contrib/bc/manuals/bc/HN.1
@@ -1,7 +1,7 @@
 .\"
 .\" SPDX-License-Identifier: BSD-2-Clause
 .\"
-.\" Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+.\" Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions are met:
@@ -2109,17 +2109,6 @@ If you want to a use signed two\[cq]s complement argument, use
 \f[B]s2u(x)\f[R] to convert.
 .RE
 .TP
-\f[B]bunrev(t)\f[R]
-Assumes \f[B]t\f[R] is a bitwise\-reversed number with an extra set bit
-one place more significant than the real most significant bit (which was
-the least significant bit in the original number).
-This number is reversed and returned without the extra set bit.
-.RS
-.PP
-This function is used to implement other bitwise functions; it is not
-meant to be used by users, but it can be.
-.RE
-.TP
 \f[B]plz(x)\f[R]
 If \f[B]x\f[R] is not equal to \f[B]0\f[R] and greater that
 \f[B]\-1\f[R] and less than \f[B]1\f[R], it is printed with a leading
@@ -2910,7 +2899,7 @@ Before version \f[B]6.1.0\f[R], this bc(1) had incorrect behavior for
 the \f[B]quit\f[R] statement.
 .PP
 No other bugs are known.
-Report bugs at https://git.gavinhoward.com/gavin/bc .
+Report bugs at https://github.com/gavinhoward/bc .
 .SH AUTHORS
 Gavin D. Howard \c
 .MT gavin@gavinhoward.com
diff --git a/contrib/bc/manuals/bc/HN.1.md b/contrib/bc/manuals/bc/HN.1.md
index 015035c14daf..fbbf3b09715d 100644
--- a/contrib/bc/manuals/bc/HN.1.md
+++ b/contrib/bc/manuals/bc/HN.1.md
@@ -2,7 +2,7 @@
 
 SPDX-License-Identifier: BSD-2-Clause
 
-Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are met:
@@ -1766,16 +1766,6 @@ The extended library is a **non-portable extension**.
     If you want to a use signed two's complement argument, use **s2u(x)** to
     convert.
 
-**bunrev(t)**
-
-:   Assumes **t** is a bitwise-reversed number with an extra set bit one place
-    more significant than the real most significant bit (which was the least
-    significant bit in the original number). This number is reversed and
-    returned without the extra set bit.
-
-    This function is used to implement other bitwise functions; it is not meant
-    to be used by users, but it can be.
-
 **plz(x)**
 
 :   If **x** is not equal to **0** and greater that **-1** and less than **1**,
@@ -2487,7 +2477,7 @@ use a period (**.**) as a radix point, regardless of the value of
 Before version **6.1.0**, this bc(1) had incorrect behavior for the **quit**
 statement.
 
-No other bugs are known. Report bugs at https://git.gavinhoward.com/gavin/bc .
+No other bugs are known. Report bugs at https://github.com/gavinhoward/bc .
 
 # AUTHORS
 
diff --git a/contrib/bc/manuals/bc/N.1 b/contrib/bc/manuals/bc/N.1
index 193e0d15f6fb..8fc3249f8b73 100644
--- a/contrib/bc/manuals/bc/N.1
+++ b/contrib/bc/manuals/bc/N.1
@@ -1,7 +1,7 @@
 .\"
 .\" SPDX-License-Identifier: BSD-2-Clause
 .\"
-.\" Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+.\" Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions are met:
@@ -2109,17 +2109,6 @@ If you want to a use signed two\[cq]s complement argument, use
 \f[B]s2u(x)\f[R] to convert.
 .RE
 .TP
-\f[B]bunrev(t)\f[R]
-Assumes \f[B]t\f[R] is a bitwise\-reversed number with an extra set bit
-one place more significant than the real most significant bit (which was
-the least significant bit in the original number).
-This number is reversed and returned without the extra set bit.
-.RS
-.PP
-This function is used to implement other bitwise functions; it is not
-meant to be used by users, but it can be.
-.RE
-.TP
 \f[B]plz(x)\f[R]
 If \f[B]x\f[R] is not equal to \f[B]0\f[R] and greater that
 \f[B]\-1\f[R] and less than \f[B]1\f[R], it is printed with a leading
@@ -2937,7 +2926,7 @@ Before version \f[B]6.1.0\f[R], this bc(1) had incorrect behavior for
 the \f[B]quit\f[R] statement.
 .PP
 No other bugs are known.
-Report bugs at https://git.gavinhoward.com/gavin/bc .
+Report bugs at https://github.com/gavinhoward/bc .
 .SH AUTHORS
 Gavin D. Howard \c
 .MT gavin@gavinhoward.com
diff --git a/contrib/bc/manuals/bc/N.1.md b/contrib/bc/manuals/bc/N.1.md
index 859c32e3e774..6c9b6fce5d04 100644
--- a/contrib/bc/manuals/bc/N.1.md
+++ b/contrib/bc/manuals/bc/N.1.md
@@ -2,7 +2,7 @@
 
 SPDX-License-Identifier: BSD-2-Clause
 
-Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are met:
@@ -1766,16 +1766,6 @@ The extended library is a **non-portable extension**.
     If you want to a use signed two's complement argument, use **s2u(x)** to
     convert.
 
-**bunrev(t)**
-
-:   Assumes **t** is a bitwise-reversed number with an extra set bit one place
-    more significant than the real most significant bit (which was the least
-    significant bit in the original number). This number is reversed and
-    returned without the extra set bit.
-
-    This function is used to implement other bitwise functions; it is not meant
-    to be used by users, but it can be.
-
 **plz(x)**
 
 :   If **x** is not equal to **0** and greater that **-1** and less than **1**,
@@ -2513,7 +2503,7 @@ use a period (**.**) as a radix point, regardless of the value of
 Before version **6.1.0**, this bc(1) had incorrect behavior for the **quit**
 statement.
 
-No other bugs are known. Report bugs at https://git.gavinhoward.com/gavin/bc .
+No other bugs are known. Report bugs at https://github.com/gavinhoward/bc .
 
 # AUTHORS
 
diff --git a/contrib/bc/manuals/bcl.3 b/contrib/bc/manuals/bcl.3
index f2791624b2ca..adfa61681bd8 100644
--- a/contrib/bc/manuals/bcl.3
+++ b/contrib/bc/manuals/bcl.3
@@ -1,7 +1,7 @@
 .\"
 .\" SPDX-License-Identifier: BSD-2-Clause
 .\"
-.\" Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+.\" Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions are met:
@@ -1833,7 +1833,7 @@ the value of \f[B]LC_NUMERIC\f[R].
 This is also true of bcl(3).
 .SH BUGS
 None are known.
-Report bugs at https://git.gavinhoward.com/gavin/bc.
+Report bugs at https://github.com/gavinhoward/bc .
 .SH AUTHORS
 Gavin D. Howard \c
 .MT gavin@gavinhoward.com
diff --git a/contrib/bc/manuals/bcl.3.md b/contrib/bc/manuals/bcl.3.md
index 41c1c120b623..48eb6174bf48 100644
--- a/contrib/bc/manuals/bcl.3.md
+++ b/contrib/bc/manuals/bcl.3.md
@@ -2,7 +2,7 @@
 
 SPDX-License-Identifier: BSD-2-Clause
 
-Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are met:
@@ -1532,7 +1532,7 @@ use a period (**.**) as a radix point, regardless of the value of
 
 # BUGS
 
-None are known. Report bugs at https://git.gavinhoward.com/gavin/bc.
+None are known. Report bugs at https://github.com/gavinhoward/bc .
 
 # AUTHORS
 
diff --git a/contrib/bc/manuals/build.md b/contrib/bc/manuals/build.md
index d9c46ae22602..c0e7e35934b6 100644
--- a/contrib/bc/manuals/build.md
+++ b/contrib/bc/manuals/build.md
@@ -6,6 +6,9 @@ POSIX-compliant system.
 To accomplish that, a POSIX-compatible, custom `configure.sh` script is used to
 select build options, compiler, and compiler flags and generate a `Makefile`.
 
+The rest of this document talks about that, *not* the build system using
+[Rig][12], which is much simpler to understand, change, and use.
+
 The general form of configuring, building, and installing this `bc` is as
 follows:
 
@@ -40,7 +43,7 @@ accepted build options.
 ## Windows
 
 For releases, Windows builds of `bc`, `dc`, and `bcl` are available for download
-from <https://git.gavinhoward.com/gavin/bc> and GitHub.
+from GitHub.
 
 However, if you wish to build it yourself, this `bc` can be built using Visual
 Studio or MSBuild.
@@ -993,3 +996,4 @@ Both commands are equivalent.
 [9]: #nls-locale-support
 [10]: #extra-math
 [11]: #settings
+[12]: https://rigbuild.dev/
diff --git a/contrib/bc/manuals/dc/A.1 b/contrib/bc/manuals/dc/A.1
index d59e0fa68a58..50c14dd4098f 100644
--- a/contrib/bc/manuals/dc/A.1
+++ b/contrib/bc/manuals/dc/A.1
@@ -1,7 +1,7 @@
 .\"
 .\" SPDX-License-Identifier: BSD-2-Clause
 .\"
-.\" Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+.\" Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions are met:
@@ -1687,7 +1687,7 @@ specification at
 https://pubs.opengroup.org/onlinepubs/9699919799/utilities/bc.html .
 .SH BUGS
 None are known.
-Report bugs at https://git.gavinhoward.com/gavin/bc .
+Report bugs at https://github.com/gavinhoward/bc .
 .SH AUTHOR
 Gavin D. Howard \c
 .MT gavin@gavinhoward.com
diff --git a/contrib/bc/manuals/dc/A.1.md b/contrib/bc/manuals/dc/A.1.md
index ad0c59934fd1..bfe50b8230c6 100644
--- a/contrib/bc/manuals/dc/A.1.md
+++ b/contrib/bc/manuals/dc/A.1.md
@@ -2,7 +2,7 @@
 
 SPDX-License-Identifier: BSD-2-Clause
 
-Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are met:
@@ -1522,7 +1522,7 @@ https://pubs.opengroup.org/onlinepubs/9699919799/utilities/bc.html .
 
 # BUGS
 
-None are known. Report bugs at https://git.gavinhoward.com/gavin/bc .
+None are known. Report bugs at https://github.com/gavinhoward/bc .
 
 # AUTHOR
 
diff --git a/contrib/bc/manuals/dc/E.1 b/contrib/bc/manuals/dc/E.1
index a5febe44705f..b079e40ed62d 100644
--- a/contrib/bc/manuals/dc/E.1
+++ b/contrib/bc/manuals/dc/E.1
@@ -1,7 +1,7 @@
 .\"
 .\" SPDX-License-Identifier: BSD-2-Clause
 .\"
-.\" Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+.\" Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions are met:
@@ -1466,7 +1466,7 @@ specification at
 https://pubs.opengroup.org/onlinepubs/9699919799/utilities/bc.html .
 .SH BUGS
 None are known.
-Report bugs at https://git.gavinhoward.com/gavin/bc .
+Report bugs at https://github.com/gavinhoward/bc .
 .SH AUTHOR
 Gavin D. Howard \c
 .MT gavin@gavinhoward.com
diff --git a/contrib/bc/manuals/dc/E.1.md b/contrib/bc/manuals/dc/E.1.md
index 54b877999d0d..7bde12de49a2 100644
--- a/contrib/bc/manuals/dc/E.1.md
+++ b/contrib/bc/manuals/dc/E.1.md
@@ -2,7 +2,7 @@
 
 SPDX-License-Identifier: BSD-2-Clause
 
-Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are met:
@@ -1346,7 +1346,7 @@ https://pubs.opengroup.org/onlinepubs/9699919799/utilities/bc.html .
 
 # BUGS
 
-None are known. Report bugs at https://git.gavinhoward.com/gavin/bc .
+None are known. Report bugs at https://github.com/gavinhoward/bc .
 
 # AUTHOR
 
diff --git a/contrib/bc/manuals/dc/EH.1 b/contrib/bc/manuals/dc/EH.1
index 61fbaa4efe92..199f50fb0fe5 100644
--- a/contrib/bc/manuals/dc/EH.1
+++ b/contrib/bc/manuals/dc/EH.1
@@ -1,7 +1,7 @@
 .\"
 .\" SPDX-License-Identifier: BSD-2-Clause
 .\"
-.\" Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+.\" Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions are met:
@@ -1442,7 +1442,7 @@ specification at
 https://pubs.opengroup.org/onlinepubs/9699919799/utilities/bc.html .
 .SH BUGS
 None are known.
-Report bugs at https://git.gavinhoward.com/gavin/bc .
+Report bugs at https://github.com/gavinhoward/bc .
 .SH AUTHOR
 Gavin D. Howard \c
 .MT gavin@gavinhoward.com
diff --git a/contrib/bc/manuals/dc/EH.1.md b/contrib/bc/manuals/dc/EH.1.md
index 6398477a84dd..bbddd4ae9479 100644
--- a/contrib/bc/manuals/dc/EH.1.md
+++ b/contrib/bc/manuals/dc/EH.1.md
@@ -2,7 +2,7 @@
 
 SPDX-License-Identifier: BSD-2-Clause
 
-Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are met:
@@ -1323,7 +1323,7 @@ https://pubs.opengroup.org/onlinepubs/9699919799/utilities/bc.html .
 
 # BUGS
 
-None are known. Report bugs at https://git.gavinhoward.com/gavin/bc .
+None are known. Report bugs at https://github.com/gavinhoward/bc .
 
 # AUTHOR
 
diff --git a/contrib/bc/manuals/dc/EHN.1 b/contrib/bc/manuals/dc/EHN.1
index 974cb3c86791..3b4afa90e30f 100644
--- a/contrib/bc/manuals/dc/EHN.1
+++ b/contrib/bc/manuals/dc/EHN.1
@@ -1,7 +1,7 @@
 .\"
 .\" SPDX-License-Identifier: BSD-2-Clause
 .\"
-.\" Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+.\" Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions are met:
@@ -1439,7 +1439,7 @@ specification at
 https://pubs.opengroup.org/onlinepubs/9699919799/utilities/bc.html .
 .SH BUGS
 None are known.
-Report bugs at https://git.gavinhoward.com/gavin/bc .
+Report bugs at https://github.com/gavinhoward/bc .
 .SH AUTHOR
 Gavin D. Howard \c
 .MT gavin@gavinhoward.com
diff --git a/contrib/bc/manuals/dc/EHN.1.md b/contrib/bc/manuals/dc/EHN.1.md
index 51e30849996e..fc2c01d52a56 100644
--- a/contrib/bc/manuals/dc/EHN.1.md
+++ b/contrib/bc/manuals/dc/EHN.1.md
@@ -2,7 +2,7 @@
 
 SPDX-License-Identifier: BSD-2-Clause
 
-Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are met:
@@ -1318,7 +1318,7 @@ https://pubs.opengroup.org/onlinepubs/9699919799/utilities/bc.html .
 
 # BUGS
 
-None are known. Report bugs at https://git.gavinhoward.com/gavin/bc .
+None are known. Report bugs at https://github.com/gavinhoward/bc .
 
 # AUTHOR
 
diff --git a/contrib/bc/manuals/dc/EN.1 b/contrib/bc/manuals/dc/EN.1
index 5ce8defc91c7..2d1c038754e9 100644
--- a/contrib/bc/manuals/dc/EN.1
+++ b/contrib/bc/manuals/dc/EN.1
@@ -1,7 +1,7 @@
 .\"
 .\" SPDX-License-Identifier: BSD-2-Clause
 .\"
-.\" Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+.\" Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions are met:
@@ -1463,7 +1463,7 @@ specification at
 https://pubs.opengroup.org/onlinepubs/9699919799/utilities/bc.html .
 .SH BUGS
 None are known.
-Report bugs at https://git.gavinhoward.com/gavin/bc .
+Report bugs at https://github.com/gavinhoward/bc .
 .SH AUTHOR
 Gavin D. Howard \c
 .MT gavin@gavinhoward.com
diff --git a/contrib/bc/manuals/dc/EN.1.md b/contrib/bc/manuals/dc/EN.1.md
index ab9647a196be..ca8bb1ebdd01 100644
--- a/contrib/bc/manuals/dc/EN.1.md
+++ b/contrib/bc/manuals/dc/EN.1.md
@@ -2,7 +2,7 @@
 
 SPDX-License-Identifier: BSD-2-Clause
 
-Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are met:
@@ -1341,7 +1341,7 @@ https://pubs.opengroup.org/onlinepubs/9699919799/utilities/bc.html .
 
 # BUGS
 
-None are known. Report bugs at https://git.gavinhoward.com/gavin/bc .
+None are known. Report bugs at https://github.com/gavinhoward/bc .
 
 # AUTHOR
 
diff --git a/contrib/bc/manuals/dc/H.1 b/contrib/bc/manuals/dc/H.1
index 82c1bbd5c2b9..990eadec23f5 100644
--- a/contrib/bc/manuals/dc/H.1
+++ b/contrib/bc/manuals/dc/H.1
@@ -1,7 +1,7 @@
 .\"
 .\" SPDX-License-Identifier: BSD-2-Clause
 .\"
-.\" Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+.\" Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions are met:
@@ -1663,7 +1663,7 @@ specification at
 https://pubs.opengroup.org/onlinepubs/9699919799/utilities/bc.html .
 .SH BUGS
 None are known.
-Report bugs at https://git.gavinhoward.com/gavin/bc .
+Report bugs at https://github.com/gavinhoward/bc .
 .SH AUTHOR
 Gavin D. Howard \c
 .MT gavin@gavinhoward.com
diff --git a/contrib/bc/manuals/dc/H.1.md b/contrib/bc/manuals/dc/H.1.md
index 64c7142bc4a7..844dd686f215 100644
--- a/contrib/bc/manuals/dc/H.1.md
+++ b/contrib/bc/manuals/dc/H.1.md
@@ -2,7 +2,7 @@
 
 SPDX-License-Identifier: BSD-2-Clause
 
-Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are met:
@@ -1499,7 +1499,7 @@ https://pubs.opengroup.org/onlinepubs/9699919799/utilities/bc.html .
 
 # BUGS
 
-None are known. Report bugs at https://git.gavinhoward.com/gavin/bc .
+None are known. Report bugs at https://github.com/gavinhoward/bc .
 
 # AUTHOR
 
diff --git a/contrib/bc/manuals/dc/HN.1 b/contrib/bc/manuals/dc/HN.1
index c3f8c8ab1ff5..ebc4292bb138 100644
--- a/contrib/bc/manuals/dc/HN.1
+++ b/contrib/bc/manuals/dc/HN.1
@@ -1,7 +1,7 @@
 .\"
 .\" SPDX-License-Identifier: BSD-2-Clause
 .\"
-.\" Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+.\" Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions are met:
@@ -1660,7 +1660,7 @@ specification at
 https://pubs.opengroup.org/onlinepubs/9699919799/utilities/bc.html .
 .SH BUGS
 None are known.
-Report bugs at https://git.gavinhoward.com/gavin/bc .
+Report bugs at https://github.com/gavinhoward/bc .
 .SH AUTHOR
 Gavin D. Howard \c
 .MT gavin@gavinhoward.com
diff --git a/contrib/bc/manuals/dc/HN.1.md b/contrib/bc/manuals/dc/HN.1.md
index 28b9dadd4b4f..58c870f8efc0 100644
--- a/contrib/bc/manuals/dc/HN.1.md
+++ b/contrib/bc/manuals/dc/HN.1.md
@@ -2,7 +2,7 @@
 
 SPDX-License-Identifier: BSD-2-Clause
 
-Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are met:
@@ -1494,7 +1494,7 @@ https://pubs.opengroup.org/onlinepubs/9699919799/utilities/bc.html .
 
 # BUGS
 
-None are known. Report bugs at https://git.gavinhoward.com/gavin/bc .
+None are known. Report bugs at https://github.com/gavinhoward/bc .
 
 # AUTHOR
 
diff --git a/contrib/bc/manuals/dc/N.1 b/contrib/bc/manuals/dc/N.1
index 6e2baa587b1c..74ed018b97ab 100644
--- a/contrib/bc/manuals/dc/N.1
+++ b/contrib/bc/manuals/dc/N.1
@@ -1,7 +1,7 @@
 .\"
 .\" SPDX-License-Identifier: BSD-2-Clause
 .\"
-.\" Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+.\" Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions are met:
@@ -1684,7 +1684,7 @@ specification at
 https://pubs.opengroup.org/onlinepubs/9699919799/utilities/bc.html .
 .SH BUGS
 None are known.
-Report bugs at https://git.gavinhoward.com/gavin/bc .
+Report bugs at https://github.com/gavinhoward/bc .
 .SH AUTHOR
 Gavin D. Howard \c
 .MT gavin@gavinhoward.com
diff --git a/contrib/bc/manuals/dc/N.1.md b/contrib/bc/manuals/dc/N.1.md
index 22ea9c96bc80..10e8befb1d76 100644
--- a/contrib/bc/manuals/dc/N.1.md
+++ b/contrib/bc/manuals/dc/N.1.md
@@ -2,7 +2,7 @@
 
 SPDX-License-Identifier: BSD-2-Clause
 
-Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are met:
@@ -1517,7 +1517,7 @@ https://pubs.opengroup.org/onlinepubs/9699919799/utilities/bc.html .
 
 # BUGS
 
-None are known. Report bugs at https://git.gavinhoward.com/gavin/bc .
+None are known. Report bugs at https://github.com/gavinhoward/bc .
 
 # AUTHOR
 
diff --git a/contrib/bc/project/README.md b/contrib/bc/project/README.md
new file mode 100644
index 000000000000..9086bb2e9270
--- /dev/null
+++ b/contrib/bc/project/README.md
@@ -0,0 +1,32 @@
+# `bc` Project Management History
+
+This directory has the project management history of `bc`. This `README` exists
+to explain what the files are.
+
+* `gitea.db`
+
+  Because I (Gavin Howard, the main author) do not trust big companies, I moved
+  `bc` to a self-hosted Gitea instance. This is what's left of the database from
+  that instance. Obviously, I wiped of personal identifying information as much
+  as possible, but it still has the comments on issues and pull requests, as
+  well as the issues and pull requests themselves (whatever matters anyway).
+
+* `github_issues.json`
+
+  This is information about issues reported on GitHub. I used the GitHub CLI to
+  export *all* of the available information, since it's public.
+
+* `github_prs.json`
+
+  This is information about pull requests opened on GitHub. I used the GitHub
+  CLI to export *all* of the available information, since it's public.
+
+* `issue10.md`
+
+  When I first started self-hosting Gitea, I was not a good sysadmin. On top of
+  that, I was learning how to use OpenZFS, and Gitea was stored in a ZFS
+  dataset.
+
+  This is the best I could do to reproduce an actual issue that was reported and
+  got erased when I rolled back to a ZFS snapshot. It was originally `#10` on
+  Gitea, hence the file name.
diff --git a/contrib/bc/project/gitea.db b/contrib/bc/project/gitea.db
new file mode 100644
index 000000000000..c63c79ff928f
--- /dev/null
+++ b/contrib/bc/project/gitea.db
diff --git a/contrib/bc/project/github_issues.json b/contrib/bc/project/github_issues.json
new file mode 100644
index 000000000000..3ee05206a3e9
--- /dev/null
+++ b/contrib/bc/project/github_issues.json
@@ -0,0 +1,3667 @@
+[
+  {
+    "assignees": [],
+    "author": {
+      "id": "U_kgDOCpvj3Q",
+      "is_bot": false,
+      "login": "Palafitas",
+      "name": "Palafitas"
+    },
+    "body": "I'm using 'bc' to perform a calculation in a shell script and I'm getting the incorrect result from a simple calculation...\n\n80 - (30 * 0) / 50 - (80 / 100) * 38\n\nbc returns value 80\n\nReal value is 49.6\n\n\nOBS.: Can use the calculation direct in bc command to see output\nOBS.: bc version is 1.07.1",
+    "closed": true,
+    "closedAt": "2025-02-25T19:10:08Z",
+    "comments": [
+      {
+        "id": "IC_kwDOCL0xJc6f65pc",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Two things.\n\nFirst, `bc` is not like other calculators that figure out what precision they need. Instead, `bc` requires you to set the precision before doing any calculation.\n\nThe way to do this is to set the special variable `scale` to an integer value, and then calculations will be done to at least that precision, in digits after the decimal point.\n\nOne quirk of `bc` is that `scale` is set to 0 by default, which means integer-only math.\n\nApplying integer-only math to the expression you gave, we get:\n\n```\n80 - (30 * 0) / 50 - (80 / 100) * 38\n80 - 0 / 50 - (80 / 100) * 38\n80 - 0 - (80 / 100) * 38\n80 - (80 / 100) * 38\n80 - 0 * 38\n80\n```\n\nNotice that `80 / 100` simplifies to 0 with integer-only arithmetic. That is expected.\n\nNow, watch what happens when we set `scale` to 1 first:\n\n```\nscale = 1\n80 - (30 * 0) / 50 - (80 / 100) * 38\n80 - 0 / 50 - (80 / 100) * 38\n80 - 0 - (80 / 100) * 38\n80 - (80 / 100) * 38\n80 - 0.8 * 38\n80 - 30.4\n49.6\n```\n\nAnd that is the value you expected.\n\nSo there is no calculation error; just be sure to set the precision with `scale` before running a calculation.\n\nSecond, this `bc` has never had a `1.07.1` version. That is, in fact, the latest version of the [GNU `bc`][1], so you are not even running this `bc`. So I am closing this issue as invalid.\n\n[1]: https://www.gnu.org/software/bc/",
+        "createdAt": "2025-02-25T19:10:08Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [
+          {
+            "content": "THUMBS_UP",
+            "users": {
+              "totalCount": 1
+            }
+          }
+        ],
+        "url": "https://github.com/gavinhoward/bc/issues/87#issuecomment-2683017820",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc6f9KsZ",
+        "author": {
+          "login": "Palafitas"
+        },
+        "authorAssociation": "NONE",
+        "body": "Thanks, i solved the problem with '-l' to 'bc'\n\ne.g:\necho '1 + 1' | bc -l",
+        "createdAt": "2025-02-26T00:44:54Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/87#issuecomment-2683611929",
+        "viewerDidAuthor": false
+      }
+    ],
+    "createdAt": "2025-02-25T17:57:06Z",
+    "id": "I_kwDOCL0xJc6rnKtq",
+    "isPinned": false,
+    "labels": [],
+    "milestone": null,
+    "number": 87,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "state": "CLOSED",
+    "stateReason": "COMPLETED",
+    "title": "Calculation error",
+    "updatedAt": "2025-02-26T00:44:54Z",
+    "url": "https://github.com/gavinhoward/bc/issues/87"
+  },
+  {
+    "assignees": [],
+    "author": {
+      "id": "MDQ6VXNlcjI2Nzg4ODg=",
+      "is_bot": false,
+      "login": "shpati",
+      "name": ""
+    },
+    "body": "Hi! \r\nI am trying to load multiple .bc files stored in the same directory as the program (from your modified function files from Carl's collection) but bc will not load them. \r\n\r\nThe command I give is: \r\n`bc -l *.bc`\r\n\r\nThe error I get is: \r\n```\r\nFatal error: cannot open file: *.bc\r\n    0: (main)\r\n```\r\nLoading files separately works, e.g. bc -l file1.bc file2.bc\r\nLoading files using wildcards works in the gnu bc, and it is practical.  \r\n\r\nI am using the windows 10 terminal. ",
+    "closed": true,
+    "closedAt": "2024-11-10T14:27:05Z",
+    "comments": [
+      {
+        "id": "IC_kwDOCL0xJc6TB7mr",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Hello.\r\n\r\nI am actually really surprised that GNU `bc` will load the files in the Windows 10 terminal, and that is because, as far as I know, wildcard expansion is done by the shell, not the program. So GNU `bc` doesn't actually do it, or so I thought.\r\n\r\nIf you were to run my `bc` with that command under bash on Linux, it would work fine because bash would expand the wildcard into a list of file names and pass that to my `bc`. It seems the Windows 10 terminal does not do that, but passes the wildcard to my `bc`, which does not know how to expand it.\r\n\r\nUnfortunately, wildcard expansion is a heavy feature, not one I can implement in an afternoon. I think it is out of scope for my `bc`, and I don't plan on implementing it.\r\n\r\nThere might be some way to get the Windows 10 terminal to do wildcard expansion, but if that doesn't work, you can run my `bc` under bash using the Windows Subsystem for Linux.",
+        "createdAt": "2024-11-10T14:27:05Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/85#issuecomment-2466757035",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc6TC19F",
+        "author": {
+          "login": "shpati"
+        },
+        "authorAssociation": "NONE",
+        "body": "Thanks a lot for the detailed answer Gavin! It seems like the solution is simple and does not need any change in code. You only need to change the linker used during compiling, like this: \r\n\r\n`cl example.c /link setargv.obj`\r\n\r\nCan you try it please? 🙂\r\n\r\nSource: https://learn.microsoft.com/en-us/cpp/c-language/expanding-wildcard-arguments?view=msvc-170",
+        "createdAt": "2024-11-11T00:00:13Z",
+        "includesCreatedEdit": true,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/85#issuecomment-2466996037",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc6UKlNz",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "I tried adding `setargv.obj` to the linker command (next to `bcrypt.lib`), and that didn't work.\r\n\r\nIf you can get it working, feel free to send me a PR, and I will probably accept it.",
+        "createdAt": "2024-11-19T14:00:38Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/85#issuecomment-2485801843",
+        "viewerDidAuthor": true
+      }
+    ],
+    "createdAt": "2024-11-10T09:58:36Z",
+    "id": "I_kwDOCL0xJc6dxwXg",
+    "isPinned": false,
+    "labels": [],
+    "milestone": null,
+    "number": 85,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "state": "CLOSED",
+    "stateReason": "NOT_PLANNED",
+    "title": "Does not load multiple .bc files using * wildcard",
+    "updatedAt": "2024-11-19T14:00:40Z",
+    "url": "https://github.com/gavinhoward/bc/issues/85"
+  },
+  {
+    "assignees": [],
+    "author": {
+      "id": "MDQ6VXNlcjgyNzIwNQ==",
+      "is_bot": false,
+      "login": "DanielRuf",
+      "name": "Daniel Ruf"
+    },
+    "body": "I'm new to C and I try to create a PHP extension of bc with SWIG, but as direct replacement for `eval()` in PHP.\r\n\r\nWhat is the **correct function from the bc code to parse a string** and return the calculation result or some error / null when parsing fails?\r\n\r\nI tried looking at the code, but didn't find the right one.",
+    "closed": true,
+    "closedAt": "2025-02-16T13:40:55Z",
+    "comments": [
+      {
+        "id": "IC_kwDOCL0xJc6LSQRq",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "I'm not sure what you're asking. `bc` is a program, not a library, and even though I *do* have a library, it does not include expression parsing.\r\n\r\nAre you wanting a library that can parse `bc` expressions? Unfortunately, this `bc` cannot do that, and to do so would require refactoring that I don't have time for.",
+        "createdAt": "2024-09-08T20:42:08Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/83#issuecomment-2336818282",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc6LSRDF",
+        "author": {
+          "login": "DanielRuf"
+        },
+        "authorAssociation": "NONE",
+        "body": "Understood, so I can not do some `bc_parse(some-string-from-stdin)` with that and I have to resort to some other solution then.\r\n\r\nWhere can I find the current logic of the CLI? Maybe I can do something with that.",
+        "createdAt": "2024-09-08T20:56:06Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/83#issuecomment-2336821445",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc6LSRiv",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "You are correct.\r\n\r\nHowever, what is easiest depends on what you are trying to do. Do you need the full `bc` language? Or do you just need simple expressions? Or something else?\r\n\r\nIf you need the full language, the best solution would be to run `bc` as a child process and just feed it data.\r\n\r\nIf you need simple expression parsing, then you could implement the parsing with Lex and Yacc, and then use `bcl`, the `bc` library, to do the math.\r\n\r\nIf you need something else, we can see what might work best.",
+        "createdAt": "2024-09-08T21:03:51Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/83#issuecomment-2336823471",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc6LSSix",
+        "author": {
+          "login": "DanielRuf"
+        },
+        "authorAssociation": "NONE",
+        "body": "> Or do you just need simple expressions? Or something else?\r\n\r\nJust basic calculations like `eval(1+2/3*4-5)`.\r\n\r\n> If you need the full language, the best solution would be to run bc as a child process and just feed it data.\r\n\r\nUnfortunately this brings much overhead, I already tested that with `exec(\"bc ...\")` in PHP.\r\n\r\n> If you need simple expression parsing, then you could implement the parsing with Lex and Yacc, and then use bcl, the bc library, to do the math.\r\n\r\nThis sounds more like what I am looking for, even though I wanted to avoid Yacc.",
+        "createdAt": "2024-09-08T21:19:11Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/83#issuecomment-2336827569",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc6LSSw-",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "While refactoring to bring the full `bc` parser into the library may be too much, I may be able to whip a small expression parser in a few hours.\r\n\r\nDo you just need the four basic arithmetic operators? Do you need parentheses? Do you need square root?\r\n\r\nLet me know what you need. I may need a week to get it to you.",
+        "createdAt": "2024-09-08T21:22:48Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/83#issuecomment-2336828478",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc6LSTkN",
+        "author": {
+          "login": "DanielRuf"
+        },
+        "authorAssociation": "NONE",
+        "body": "I will check that and let you know in the next days. At least parentheses are also needed.\r\n\r\nIf there is at least one function (like sqrt or max) implemened, then I can check the implementation and contribute some of my time to implement more or at least I can help with that.",
+        "createdAt": "2024-09-08T21:35:19Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/83#issuecomment-2336831757",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc6LSUHv",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "`sqrt()` is already builtin; I'll add parsing for it. I can also add parsing for `max()` and `min()`.\r\n\r\nYou can see everything that's builtin [here](https://github.com/gavinhoward/bc/blob/master/manuals/bcl.3.md).",
+        "createdAt": "2024-09-08T21:44:30Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/83#issuecomment-2336834031",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc6LTBjd",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Ack! I'm sorry! I just had something come up in my personal life that will take a lot of time to resolve!\r\n\r\nSo despite hoping to help with the parsing, I can't even help with a simple thing anymore.\r\n\r\nHowever, I can point you in the right direction. Use the [Shunting-Yard Algorithm](https://en.wikipedia.org/wiki/Shunting-yard_algorithm) like [this](https://softwareengineering.stackexchange.com/questions/254074/how-exactly-is-an-abstract-syntax-tree-created/254075#254075) to make an abstract syntax tree, and then do a post-order traversal.\r\n\r\nIf you need examples of how to use `bcl`, then [its test code](https://github.com/gavinhoward/bc/blob/master/tests/bcl.c) is a good start.\r\n\r\nAgain, I'm really sorry about this, but I figured it would be better to tell you sooner rather than later.",
+        "createdAt": "2024-09-09T03:03:41Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [
+          {
+            "content": "THUMBS_UP",
+            "users": {
+              "totalCount": 1
+            }
+          }
+        ],
+        "url": "https://github.com/gavinhoward/bc/issues/83#issuecomment-2337020125",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc6LTUUy",
+        "author": {
+          "login": "DanielRuf"
+        },
+        "authorAssociation": "NONE",
+        "body": "No problem and thanks for letting me know. I will try to understand and solve it.",
+        "createdAt": "2024-09-09T04:37:26Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/83#issuecomment-2337097010",
+        "viewerDidAuthor": false
+      }
+    ],
+    "createdAt": "2024-09-08T20:22:38Z",
+    "id": "I_kwDOCL0xJc6Vwp4y",
+    "isPinned": false,
+    "labels": [],
+    "milestone": null,
+    "number": 83,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "state": "CLOSED",
+    "stateReason": "COMPLETED",
+    "title": "what function to call for parsing string expressions",
+    "updatedAt": "2025-02-16T13:40:55Z",
+    "url": "https://github.com/gavinhoward/bc/issues/83"
+  },
+  {
+    "assignees": [],
+    "author": {
+      "id": "U_kgDOBqIXaQ",
+      "is_bot": false,
+      "login": "GregTonoski",
+      "name": "Greg Tonoski"
+    },
+    "body": "Would you like to add elliptic curve point multiplication (https://en.wikipedia.org/wiki/Elliptic_curve_point_multiplication) to math library, perhaps?",
+    "closed": true,
+    "closedAt": "2024-08-31T18:09:54Z",
+    "comments": [
+      {
+        "id": "IC_kwDOCL0xJc6Kdiqk",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "I have wanted to, but I haven't *despite* wanting to. And there is a good reason: someone is going to use my `bc` to implement cryptography with vulnerabilities.\r\n\r\nIf my `bc` ships the elliptic curve arithmetic to do that, I will feel responsible. If they write the arithmetic themselves, well, they are responsible.\r\n\r\nOf course, there are other reasons to want it, but because of cryptography, I hesitate to add it.\r\n\r\nSorry!",
+        "createdAt": "2024-08-31T18:09:54Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/82#issuecomment-2322999972",
+        "viewerDidAuthor": true
+      }
+    ],
+    "createdAt": "2024-08-31T07:57:25Z",
+    "id": "I_kwDOCL0xJc6U72YL",
+    "isPinned": false,
+    "labels": [],
+    "milestone": null,
+    "number": 82,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "state": "CLOSED",
+    "stateReason": "COMPLETED",
+    "title": "Feature request: elliptic curve point multiplication",
+    "updatedAt": "2024-08-31T18:09:55Z",
+    "url": "https://github.com/gavinhoward/bc/issues/82"
+  },
+  {
+    "assignees": [],
+    "author": {
+      "id": "U_kgDOBqIXaQ",
+      "is_bot": false,
+      "login": "GregTonoski",
+      "name": "Greg Tonoski"
+    },
+    "body": "",
+    "closed": true,
+    "closedAt": "2024-08-30T14:14:44Z",
+    "comments": [
+      {
+        "id": "IC_kwDOCL0xJc6KXcRi",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Thank you so much for the compliment! I hardly get them nowadays. You made my day!\r\n\r\nI presume \"EOM\" means \"End of Message\" which means there is no bug? So I'm going to close this now, but if you do have a bug, feel free to reopen.",
+        "createdAt": "2024-08-30T14:14:44Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/80#issuecomment-2321400930",
+        "viewerDidAuthor": true
+      }
+    ],
+    "createdAt": "2024-08-30T07:30:14Z",
+    "id": "I_kwDOCL0xJc6UzPqQ",
+    "isPinned": false,
+    "labels": [],
+    "milestone": null,
+    "number": 80,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "state": "CLOSED",
+    "stateReason": "COMPLETED",
+    "title": "Excellent. Works fine. Thank you. [EOM]",
+    "updatedAt": "2024-08-30T14:14:44Z",
+    "url": "https://github.com/gavinhoward/bc/issues/80"
+  },
+  {
+    "assignees": [],
+    "author": {
+      "id": "MDQ6VXNlcjU3MDY1NjU3",
+      "is_bot": false,
+      "login": "exikyut",
+      "name": ""
+    },
+    "body": "Was just playing around and happened to get my stack out of sync:\r\n\r\n```\r\n1\r\n+\r\n\r\nRuntime error: stack has too few elements\r\n    0: (main)\r\n```\r\n\r\nBut I noticed this cleared the stack:\r\n\r\n<pre>\r\nf\r\n<i>(no output)</i>\r\n</pre>\r\n\r\nTrying to improve my edge-case-fu spidey sense :) I thought I'd check how other dc implementations behave.\r\n\r\nGNU `dc` immediately showed me something might be up:\r\n\r\n```\r\n1\r\n+\r\ndc: stack empty\r\nf\r\n1\r\nq\r\n$ _\r\n```\r\n\r\nHuh.\r\n\r\nOpenBSD `dc` produced byte-identical output to the above.\r\n\r\nOK... what should arbitrate as reference here? I guess some form of going back to the beginning.\r\n\r\nHow far can we go back?\r\n\r\nApparently the first version of `dc` was written in B while UNIX was being ported. Man that would be fun to play with. Perhaps there's a printout of it starting on page 9,576 of an OCR-averse PDF on bitsavers just waiting to be found :smile: \r\n\r\nhttp://takahirox.github.io/pdp11-js/unixv6.html and http://pdp11.aiju.de/ both emulate UNIX v6 in-browser, which is nice and accessible. The `dc` in both of these has the same size and timestamp; copying from the second emulator for fun, which emulates an uppercase teletype, we get:\r\n\r\n```\r\n# DC\r\n1\r\n+\r\n( +) ?\r\nF\r\n1\r\nQ\r\n# # \r\n```\r\n\r\nHrm. That's V6 UNIX. Can we go further back?\r\n\r\nYes and no, as far as I can manage.\r\n\r\nIt looks like a V1+V2 amalgamation was put together using surviving source code and tape dumps: https://www.in-ulm.de/~mascheck/various/ancient/\r\n\r\nThe project appears to have been quietly migrated to https://github.com/DoctorWkt/unix-jun72, with terrifying instructions to \"now run `make`\" underneath a wall of \"last modified: 16 years ago\" :melting_face:, but I discovered some pre-built SIMH images at https://code.google.com/archive/p/unix-jun72/downloads, which is where the project previously lived (and is what the page in the previous paragraph links to), which still work perfectly - you just run `pdp11 simh.cfg`.\r\n\r\nUnfortunately, while the system is already saying `:login:` before you can even blink and figure out whether it worked, and the distribution includes `dc`, its `f` command appears to be broken... even though I see references to support for an `f` command [on line 949 in dc1.s](https://github.com/DoctorWkt/unix-jun72/blob/1d438bd5874ec628157fbeab370c8e3f3a3ecb8b/src/cmd/dc1.s#L949) (the source is distributed across [dc2.s](https://github.com/DoctorWkt/unix-jun72/blob/1d438bd5874ec628157fbeab370c8e3f3a3ecb8b/src/cmd/dc2.s), [dc3.s](https://github.com/DoctorWkt/unix-jun72/blob/1d438bd5874ec628157fbeab370c8e3f3a3ecb8b/src/cmd/dc3.s), [dc4.s](https://github.com/DoctorWkt/unix-jun72/blob/1d438bd5874ec628157fbeab370c8e3f3a3ecb8b/src/cmd/dc4.s) and [dc5.s](https://github.com/DoctorWkt/unix-jun72/blob/1d438bd5874ec628157fbeab370c8e3f3a3ecb8b/src/cmd/dc5.s), presumably due to memory constraints). I'm not sure if I'm falling through a `default: exit(0);`, a segfault, or a case of mismatching binary/source.\r\n\r\nThe path forward there would be figuring out how to recompile the `dc` implementation; I think this might be possible but it's beyond the scope of the cursory level of interest I approached this with.\r\n\r\nIf anyone wants a rainy day project, I would be really interested to learn more about the result of others' digging around to get the earliest surviving copies of `dc` running.\r\n\r\nZooming back out to the topic, it would **seem** that current consensus is that errors *of this type* don't consume the stack; they leave it alone. But it would be nice to formally qualify this situation better. How should that be framed? Parser consumption expectations? Stack effects by errors in general?\r\n\r\nThis bugreport is somewhat of a thought experiment. I don't have any authoritative ideas or suggestions myself.",
+    "closed": true,
+    "closedAt": "2024-08-23T03:03:02Z",
+    "comments": [
+      {
+        "id": "IC_kwDOCL0xJc6Bc1ec",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Thank you for digging up the history!\r\n\r\nYou are correct that my `dc` clears the stack. When I was implementing `bc` and `dc`, I wanted to minimize the possibility that an error could screw up code later.\r\n\r\nHence, my `bc` and `dc` both [\"reset\"][1] on error, which means they clear everything and try to start completely fresh.\r\n\r\nThat said, the documentation could be clearer on that; I could make it say that errors clear the stack too. (And they do clear the stack because they have to clear the stack in `bc` since the stack is implicit.)\r\n\r\nHowever, this could go both ways:\r\n\r\n* I could declare this as a mere *documentation bug*, since `dc` is *not* standardized. In that case, I would just update the manual.\r\n* Or I could declare this a *conformance bug*, because while there is no standard, all other `dc` implementations do the opposite. In this case, I would make the change and fix the bugs that pop up.\r\n\r\nQuite frankly, I'm not looking forward to doing a full release cycle, which includes 2 weeks of fuzzing (during which my machine is unusable) and 24 hours of tests, possibly repeated. This means I want to fix the docs and call it a day, but going off of what I *want* to do is not rational.\r\n\r\nI don't know if anyone watches this repo, but this is one case where I'd like to hear comments from users.\r\n\r\n[1]: https://github.com/gavinhoward/bc/blob/master/manuals/bc/A.1.md#reset",
+        "createdAt": "2024-06-16T19:15:40Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/79#issuecomment-2171819932",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc6BfXEg",
+        "author": {
+          "login": "exikyut"
+        },
+        "authorAssociation": "NONE",
+        "body": "> You are correct that my `dc` clears the stack. When I was implementing `bc` and `dc`, I wanted to minimize the possibility that an error could screw up code later.\r\n> \r\n> Hence, my `bc` and `dc` both [\"reset\"](https://github.com/gavinhoward/bc/blob/master/manuals/bc/A.1.md#reset) on error, which means they clear everything and try to start completely fresh.\r\n\r\nHuh. That makes pedagogical sense, upon consideration.\r\n\r\n> That said, the documentation could be clearer on that; I could make it say that errors clear the stack too.\r\n\r\nThat would probably be a good idea, both because `gh-dc` deviates from the norm, and because there *is* no norm; this would be the first point at which this particular graph edge / state machine transition is properly documented. Until now it's lived as an edge case in UB land.\r\n\r\n> (And they do clear the stack because they have to clear the stack in `bc` since the stack is implicit.)\r\n\r\nHuh. I wonder how other `bc`->`dc` architectural approaches have handled this situation?\r\n\r\n> However, this could go both ways:\r\n> \r\n> * I could declare this as a mere _documentation bug_, since `dc` is _not_ standardized. In that case, I would just update the manual.\r\n> * Or I could declare this a _conformance bug_, because while there is no standard, all other `dc` implementations do the opposite. In this case, I would make the change and fix the bugs that pop up.\r\n> \r\n> Quite frankly, I'm not looking forward to doing a full release cycle, which includes 2 weeks of fuzzing (during which my machine is unusable) and 24 hours of tests, possibly repeated. This means I want to fix the docs and call it a day, but going off of what I _want_ to do is not rational.\r\n\r\nGood net question. Hmm.\r\n\r\n> I don't know if anyone watches this repo, but this is one case where I'd like to hear comments from users.\r\n\r\nI am too.\r\n\r\nBut I'll add my 2&cent;:\r\n\r\n- Nobody has screamed until now, but `gh-dc` adoption is still rising.\r\n\r\n- Taking on the complexity of making this a `./configure`able option doesn't sound reasonable in practice.\r\n\r\n- I can only imagine a `dc` script generating different results after being switched to this implementation after some sort of upgrade process that presumably has capable humans involved in it. It would follow that said humans would presumably classify the deviation in output as the result of logic bugs and then fix them, so keeping this architectural approach is theoretically a net positive.\r\n\r\n- Applying to make `dc` a POSIX standard would make for an interesting 180-season TV series that would be excellent mid-afternoon watching while having a nap (and dreaming of how to make `dc` count to infinity twice). I'd definitely seed all 4,961 episodes.\r\n\r\n- Given that `gh-dc` is now in FreeBSD, it may well meet the theoretical/implicational interpretation (and possibly beyond) of \"significant user base\" required to [apply for OSS-Fuzz](https://google.github.io/oss-fuzz/getting-started/accepting-new-projects/) which would subject it to continual analysis and, if accepted, probably provide a slow trickle of genuinely interesting feedback. It also sounds like it would unblock a significant burnout barrier to commoditizing the process of cutting new releases - opting to letting new versions sit in OSS-Fuzz for a fortnight before releasing them (a cool strategy, and if only everything was architecturally simple enough that this could be applied everywhere) would no longer have a local performance impact.\r\n",
+        "createdAt": "2024-06-17T07:21:08Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/79#issuecomment-2172481824",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc6BmRt8",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "> Nobody has screamed until now, but `gh-dc` adoption is still rising.\r\n\r\nYes, I agree. In fact, I initially wanted to dismiss your report as \"only one user,\" but I did not for this reason.\r\n\r\n> Taking on the complexity of making this a `./configure`able option doesn't sound reasonable in practice.\r\n\r\nI do not want that to be a build-time option. I have too many as it is.\r\n\r\n> I can only imagine a `dc` script generating different results after being switched to this implementation after some sort of upgrade process that presumably has capable humans involved in it. It would follow that said humans would presumably classify the deviation in output as the result of logic bugs and then fix them, so keeping this architectural approach is theoretically a net positive.\r\n\r\nTrue, although people would be better served to switch to `bc` since it's standard and portable.\r\n\r\n> Applying to make `dc` a POSIX standard would make for an interesting 180-season TV series that would be excellent mid-afternoon watching while having a nap (and dreaming of how to make dc count to infinity twice). I'd definitely seed all 4,961 episodes.\r\n\r\nThe [rationale in the `bc` standard][1] says these two things:\r\n\r\n> `dc` was not selected to be part of this volume of POSIX.1-2017 because `bc` was thought to have a more intuitive programmatic interface.\r\n\r\n> The consensus of the standard developers was that `dc` is a fundamentally less usable language and that that would be far too severe a penalty for avoiding the issue of being similar to but incompatible with C.\r\n\r\nYes, that is from the 2017 standard, but that language goes back to the beginning, I believe. This means that standardizing `dc` will not happen, barring some rich fellow deciding that it's his life mission to make it happen.\r\n\r\n> Given that `gh-dc` is now in FreeBSD, it may well meet the theoretical/implicational interpretation (and possibly beyond) of \"significant user base\" required to [apply for OSS-Fuzz](https://google.github.io/oss-fuzz/getting-started/accepting-new-projects/) which would subject it to continual analysis and, if accepted, probably provide a slow trickle of genuinely interesting feedback. It also sounds like it would unblock a significant burnout barrier to commoditizing the process of cutting new releases - opting to letting new versions sit in OSS-Fuzz for a fortnight before releasing them (a cool strategy, and if only everything was architecturally simple enough that this could be applied everywhere) would no longer have a local performance impact.\r\n\r\nI agree with this, so [I have applied][2]. We'll see where that goes.\r\n\r\n[1]: https://pubs.opengroup.org/onlinepubs/9699919799/utilities/bc.html#tag_20_09_18\r\n[2]: https://github.com/google/oss-fuzz/pull/12078",
+        "createdAt": "2024-06-17T19:45:51Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/79#issuecomment-2174294908",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc6BpTwG",
+        "author": {
+          "login": "exikyut"
+        },
+        "authorAssociation": "NONE",
+        "body": "> > Nobody has screamed until now, but `gh-dc` adoption is still rising.\r\n> \r\n> Yes, I agree. In fact, I initially wanted to dismiss your report as \"only one user,\" but I did not for this reason.\r\n\r\n(Sentiment of appreciation)\r\n\r\n> > Taking on the complexity of making this a `./configure`able option doesn't sound reasonable in practice.\r\n> \r\n> I do not want that to be a build-time option. I have too many as it is.\r\n\r\nI was genuinely surprised at the number of configurable options :) completely agree there haha\r\n\r\n> > I can only imagine a `dc` script generating different results after being switched to this implementation after some sort of upgrade process that presumably has capable humans involved in it. It would follow that said humans would presumably classify the deviation in output as the result of logic bugs and then fix them, so keeping this architectural approach is theoretically a net positive.\r\n> \r\n> True, although people would be better served to switch to `bc` since it's standard and portable.\r\n> \r\n> > Applying to make `dc` a POSIX standard would make for an interesting 180-season TV series that would be excellent mid-afternoon watching while having a nap (and dreaming of how to make dc count to infinity twice). I'd definitely seed all 4,961 episodes.\r\n> \r\n> The [rationale in the `bc` standard](https://pubs.opengroup.org/onlinepubs/9699919799/utilities/bc.html#tag_20_09_18) says these two things:\r\n> \r\n> > `dc` was not selected to be part of this volume of POSIX.1-2017 because `bc` was thought to have a more intuitive programmatic interface.\r\n\r\nThanks for the TIL! I should have expected there to be extant discussion on the matter...\r\n\r\n> > The consensus of the standard developers was that `dc` is a fundamentally less usable language and that that would be far too severe a penalty for avoiding the issue of being similar to but incompatible with C.\r\n> \r\n> Yes, that is from the 2017 standard, but that language goes back to the beginning, I believe. This means that standardizing `dc` will not happen, barring some rich fellow deciding that it's his life mission to make it happen.\r\n\r\nI see. Thanks very much for the insight.\r\n\r\n> \r\n> > Given that `gh-dc` is now in FreeBSD, it may well meet the theoretical/implicational interpretation (and possibly beyond) of \"significant user base\" required to [apply for OSS-Fuzz](https://google.github.io/oss-fuzz/getting-started/accepting-new-projects/) which would subject it to continual analysis and, if accepted, probably provide a slow trickle of genuinely interesting feedback. It also sounds like it would unblock a significant burnout barrier to commoditizing the process of cutting new releases - opting to letting new versions sit in OSS-Fuzz for a fortnight before releasing them (a cool strategy, and if only everything was architecturally simple enough that this could be applied everywhere) would no longer have a local performance impact.\r\n> \r\n> I agree with this, so [I have applied](https://github.com/google/oss-fuzz/pull/12078). We'll see where that goes.\r\n\r\n**YOU GOT ACCEPTED :D :face_holding_back_tears:**\r\n\r\nI forgot that it ships in macOS, and TIL it ships in Android as well. OSS-Fuzz's scope tries to extend beyond Google-immediate interests, so this broader status quo (incl. FreeBSD) constitutes a meaningful precedent of relevance &ndash; potentially represented by the speed with which the project was accepted without further question (basically 45 minutes).",
+        "createdAt": "2024-06-18T06:03:35Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/79#issuecomment-2175089670",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc6B3Zis",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "> YOU GOT ACCEPTED :D 🥹\r\n\r\nYes, unfortunately, I [ran into problems integrating fuzzers][1], and I don't know what to do next, so I have to put OSS-Fuzz on the back plate. Thus, we're back to where we started.\r\n\r\nThank you for the suggestion, though.\r\n\r\n[1]: https://github.com/google/oss-fuzz/pull/12098",
+        "createdAt": "2024-06-19T13:54:56Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/79#issuecomment-2178783404",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc6C-bO7",
+        "author": {
+          "login": "spatula75"
+        },
+        "authorAssociation": "NONE",
+        "body": "I also noticed this behavioral change, because on occasion I need to add a long list of numbers in `dc`, and rather than count how many numbers I have and issuing the right number of `+` operators, I have a habit of just entering way more `+` operators than I need and then grabbing the stack top value afterward.  e.g.:\r\n```\r\n1 7 8 6 4 9 1 2 3 6 4 + + + + + + + + + + + + + + + + + + p\r\n```\r\nHistorically, and with other implementations of `dc`, this would result in a lot of `dc: stack empty` messages followed by the sum at the end.  Now it results in a clear stack with no result.\r\n\r\nI can certainly see the merit of returning to a clean slate on an error condition when running in an \"automated\" fashion - blowing the stack in this case would generally mean you did something wrong and the results might not be trustworthy.\r\n\r\nI guess what frustrates me is that in interactive mode, this is a significant change from historical behavior that caught me off-guard and also blows up my use case, requiring me to now count how many numbers I have on the stack, and then to supply N-1 operators to get to the result I want.  It's also making my stack more \"fragile\" in the sense that I now have to be very careful about my interactions with `dc`.\r\n\r\nI agree that changing behavior based on configuration-time options sounds like overkill and a lot of added complexity, especially when some users of a system might find the new behavior desirable.\r\n\r\nI see a few other possibilities:\r\n- A command line switch to either enable or disable stack clearing when running in `dc` mode, so a user can be explicit about whether they want the new behavior or the historical behavior.  Whether the switch enables the old behavior, or enables the new behavior doesn't matter much to me; I'd just add a shell alias if I needed to always supply a switch.\r\n- A rule that when running in interactive mode (ie, from a keyboard not from a pipe or a file), you get the historical (non-clearing) behavior, but in non-interactive mode you always get the new (stack-clearing) behavior.\r\n- Some hybrid of the two: maybe in interactive mode you get the historical behavior _unless_ you supply a command-line switch\r\n\r\nOf course I realize that all of these options add complexity too, but hopefully not altogether too much.  Any one of them would make me a happy camper.",
+        "createdAt": "2024-06-28T17:58:14Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [
+          {
+            "content": "THUMBS_UP",
+            "users": {
+              "totalCount": 1
+            }
+          }
+        ],
+        "url": "https://github.com/gavinhoward/bc/issues/79#issuecomment-2197402555",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc6DCMZY",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "I am not a fan of having different behavior in interative mode vs non-interactive mode.\r\n\r\nHowever, I think `dc` implementations tend to exit on any error in non-interactive mode anyway. At least GNU `dc` does, IIRC. This one definitely does, and this behavior is documented.\r\n\r\nSo this change would only affect interactive uses anyway.\r\n\r\nI will go ahead and make the change. I will start fuzzing as well. If few or no problems appear, I will make a release.",
+        "createdAt": "2024-06-30T00:55:05Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [
+          {
+            "content": "THUMBS_UP",
+            "users": {
+              "totalCount": 2
+            }
+          }
+        ],
+        "url": "https://github.com/gavinhoward/bc/issues/79#issuecomment-2198390360",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc6JdDT8",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Okay, it took me a long time to have the time for fuzzing and testing, but this change made it into 7.0.0.\r\n\r\nI think I can close this report now, but if there are still problems, feel free to reopen.",
+        "createdAt": "2024-08-23T03:03:02Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/79#issuecomment-2306094332",
+        "viewerDidAuthor": true
+      }
+    ],
+    "createdAt": "2024-06-16T10:02:06Z",
+    "id": "I_kwDOCL0xJc6MaBsK",
+    "isPinned": false,
+    "labels": [],
+    "milestone": null,
+    "number": 79,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "state": "CLOSED",
+    "stateReason": "COMPLETED",
+    "title": "Stack-consumption-on-error headscratch in comparison to other `dc`s",
+    "updatedAt": "2024-08-23T03:03:02Z",
+    "url": "https://github.com/gavinhoward/bc/issues/79"
+  },
+  {
+    "assignees": [],
+    "author": {
+      "id": "MDQ6VXNlcjI2NjI1MTQx",
+      "is_bot": false,
+      "login": "freebrowser1",
+      "name": ""
+    },
+    "body": "Excellent software !\r\n\r\nThis `bc` is MUCH faster than the bc supplied to Linux distros. I downloaded the source package, compiled under Ubuntu ARM and it worked. I did the same on Termux on an Android cellphone (which also has the slow 1.7 version) and it was blazingly fast as well !\r\nIt can be used for other bases up till sixteen. I changed it (locally, not on this Github site) to max base 36.\r\nMaybe that can be an option to publish it here.",
+    "closed": true,
+    "closedAt": "2024-05-15T15:52:29Z",
+    "comments": [
+      {
+        "id": "IC_kwDOCL0xJc59oi_N",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Thank you for your compliments!\r\n\r\nAs it turns out, it's the accompanying `dc` that only goes up to base 16. `bc` goes up to base 36.\r\n\r\nThere is a reason for base 36: according to the `bc` standard, it must be possible to set all input bases with a one character number. This is so any input base could be set no matter the *current* input base.\r\n\r\nFor example, say you write a function that should work in multiple bases. What if it temporarily has to set a new input base. How does it do that when the input base could be anything from binary to hexadecimal?\r\n\r\nThe answer is [here][1] (scroll down to where it says, \"When either ibase or obase is assigned a single digit value...\").\r\n\r\nNow my `bc` does take that up to base 35, which is the base you can reach by using `Z` as the single digit value.\r\n\r\nTo test this, try this code:\r\n\r\n```\r\n$ bc\r\n>>> obase=Z\r\n>>> 35\r\n01 00\r\n>>> quit\r\n```\r\n\r\nI hope this helps.\r\n\r\n[1]: https://pubs.opengroup.org/onlinepubs/9699919799/utilities/bc.html#tag_20_09_13_03",
+        "createdAt": "2024-05-13T14:35:35Z",
+        "includesCreatedEdit": true,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/78#issuecomment-2107781069",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc59sMoG",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "I realize I forgot to include an example with `ibase`.\r\n\r\n```\r\n$ bc\r\n>>> ibase=Z\r\n>>> 10\r\n35\r\n>>> ibase=6*6\r\n>>> 10\r\n36\r\n>>> quit\r\n```\r\n\r\nSo yes, my `bc` already goes up to base 36 for `ibase` too, although you do need some special way, like `6*6`, to get it.",
+        "createdAt": "2024-05-13T20:24:59Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/78#issuecomment-2108738054",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5978rz",
+        "author": {
+          "login": "freebrowser1"
+        },
+        "authorAssociation": "NONE",
+        "body": "I have changed a few source files (find in the files in the accompanied zip lines with //!!).\r\nThis allows using max base 36 with all digits and all UPPERCASE letters. When I and O are not wanted, use `export NO_I_O_DIGITS=1` (or any value) before executing bc and 34 = @, 35 = #.\r\n\r\n[src.zip](https://github.com/gavinhoward/bc/files/15323750/src.zip)\r\n",
+        "createdAt": "2024-05-15T15:31:15Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/78#issuecomment-2112867059",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc598Hyk",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "You did not read my comments. My `bc` already supports up to base 36.\r\n\r\nYour changes are not needed.\r\n\r\nClosing.",
+        "createdAt": "2024-05-15T15:52:29Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/78#issuecomment-2112912548",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5-Emcm",
+        "author": {
+          "login": "freebrowser1"
+        },
+        "authorAssociation": "NONE",
+        "body": "I checked again, downloaded the source kit, compiled it (Ubuntu arm64) and ran this:\r\n' bin/bc -l <<< \"ibase=obase=24; 2^G;\"'\r\nThis results in `04 17 18 16`, i.e. decimal numbers as 'digits' which should only appear with base above 36.\r\nAfter applying my changes, it issues the correct value '4HIG'.\r\n",
+        "createdAt": "2024-05-16T12:35:20Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/78#issuecomment-2115135270",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc5-E7EK",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "This cannot be changed.\r\n\r\nThere is a [standard for `bc`][1], and in that standard, it says,\r\n\r\n> For bases greater than 16, each digit shall be written as a separate multi-digit decimal number. Each digit except the most significant fractional digit shall be preceded by a single <space>. For bases from 17 to 100, bc shall write two-digit decimal numbers; for bases from 101 to 1000, three-digit decimal strings, and so on.\r\n\r\nSo no, as much as I would like to change it, it cannot be changed.\r\n\r\n[1]: https://pubs.opengroup.org/onlinepubs/009696799/utilities/bc.html",
+        "createdAt": "2024-05-16T13:15:39Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/78#issuecomment-2115219722",
+        "viewerDidAuthor": true
+      }
+    ],
+    "createdAt": "2024-05-13T07:31:19Z",
+    "id": "I_kwDOCL0xJc6Infdz",
+    "isPinned": false,
+    "labels": [],
+    "milestone": null,
+    "number": 78,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "state": "CLOSED",
+    "stateReason": "NOT_PLANNED",
+    "title": "Not an issue, but a change proposal",
+    "updatedAt": "2024-05-16T13:15:40Z",
+    "url": "https://github.com/gavinhoward/bc/issues/78"
+  },
+  {
+    "assignees": [],
+    "author": {
+      "id": "U_kgDOB00gDQ",
+      "is_bot": false,
+      "login": "oliverkwebb",
+      "name": "Oliver Webb"
+    },
+    "body": "First I'd like to thank you for the work and care in making bc.\r\n\r\nI replaced GNU bc with your bc on my system, and ran into a error trying to run bc with some external bc libraries that define functions such as `abs()`\r\n\r\nThis is because your bc already has a built in `abs()`, and unlike the functions in the -l math library, will not let you redefine it because it appear to not just be a function, but also a lexer tokens/keyword.\r\n\r\nIs this a problem that you've ran into or considered before? ",
+    "closed": true,
+    "closedAt": "2024-05-08T17:39:46Z",
+    "comments": [
+      {
+        "id": "IC_kwDOCL0xJc59O96s",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Yup! And my `bc` already has a solution:\r\n\r\n```\r\n$ bc -r abs <other_args...>\r\n```\r\n\r\nSee [here][1], scroll to the `-r`/`--redefine` option.\r\n\r\nIn short, it allows you to \"redefine\" keywords as functions, variables, or arrays.\r\n\r\nOf course, if that doesn't fix your problem, then it is a bug.\r\n\r\n[1]: https://github.com/gavinhoward/bc/blob/master/manuals/bc/A.1.md#options",
+        "createdAt": "2024-05-08T17:34:29Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/77#issuecomment-2101075628",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc59O_7j",
+        "author": {
+          "login": "oliverkwebb"
+        },
+        "authorAssociation": "NONE",
+        "body": "Putting `-r abs` in my function arguments will run the library.\r\n\r\nThank you for your help",
+        "createdAt": "2024-05-08T17:39:46Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [
+          {
+            "content": "THUMBS_UP",
+            "users": {
+              "totalCount": 1
+            }
+          }
+        ],
+        "url": "https://github.com/gavinhoward/bc/issues/77#issuecomment-2101083875",
+        "viewerDidAuthor": false
+      }
+    ],
+    "createdAt": "2024-05-08T17:29:50Z",
+    "id": "I_kwDOCL0xJc6IQwkm",
+    "isPinned": false,
+    "labels": [],
+    "milestone": null,
+    "number": 77,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "state": "CLOSED",
+    "stateReason": "COMPLETED",
+    "title": "Allowing redefinition of builtin function such as abs() for compatibility with bc scripts",
+    "updatedAt": "2024-05-08T17:39:46Z",
+    "url": "https://github.com/gavinhoward/bc/issues/77"
+  },
+  {
+    "assignees": [],
+    "author": {
+      "id": "MDQ6VXNlcjc0MzM1NDcx",
+      "is_bot": false,
+      "login": "mogando668",
+      "name": ""
+    },
+    "body": "Dear Mr. Howard,\r\n\r\nFor gigantic `obase`s, like those below the line, even though they're clearly beyond the hard-coded `obase `max of `2,147,483,647`,`bc` appears to calculate the expression to full precision before erroring out, thus undermining any early exit criteria that ensure built-in named variables are within designated limits. I haven't tested against `ibase` but I suspect something similar would plague it, i.e. the right hand side expression is being calculated to full precision before any attempts to check them against caps.\r\n\r\nThe full `zsh`-based testing code and output are attached below.\r\n\r\nYours Sincerely\r\nJason K\r\n\r\nps : I've noticed the same issue plagues both `gnu-bc` I've installed via Homebrew as well as the macOS built-in `bc`. \r\n\r\n```\r\n 2 ^ 8 ^  1 := 2 ^          8\r\n 2 ^ 8 ^  2 := 2 ^         64\r\n 2 ^ 8 ^  3 := 2 ^        512\r\n 2 ^ 8 ^  4 := 2 ^       4096\r\n 2 ^ 8 ^  5 := 2 ^      32768\r\n 2 ^ 8 ^  6 := 2 ^     262144\r\n 2 ^ 8 ^  7 := 2 ^    2097152\r\n----------------------------\r\n 2 ^ 8 ^  8 := 2 ^   16777216\r\n 2 ^ 8 ^  9 := 2 ^  134217728\r\n 2 ^ 8 ^ 10 := 2 ^ 1073741824\r\n```\r\n\r\n\r\n```\r\nbc 1.07.1\r\nCopyright 1991-1994, 1997, 1998, 2000, 2004, 2006, 2008, 2012-2017 Free Software Foundation, Inc.\r\n\r\nDarwin m1mx4CT 22.3.0 Darwin Kernel Version 22.3.0: Mon Jan 30 20:38:37 PST 2023; root:xnu-8792.81.3~2/RELEASE_ARM64_T6000 arm64\r\n\r\ngbc is /usr/local/bin/gbc\r\n\r\nBC_BASE_MAX     = 2147483647\r\nBC_DIM_MAX      = 16777215\r\nBC_SCALE_MAX    = 2147483647\r\nBC_STRING_MAX   = 2147483647\r\nMAX Exponent    = 9223372036854775807\r\nNumber of vars  = 32767\r\n\r\n```\r\n\r\n`for __ in $( jot 10 ); do ( time ( printf 'obase=2^8^%d\\0' \"$__\" | xargs -0 -n 1 -P 24 timeout -v --preserve-status --foreground 8 dash -c 'for __; do echo \"$__\" | gbc; done' _ ) ); echo \"\\f ----------\\n\\t finished 2^8^$__ with exit status $? ... \\n --------\"; done`\r\n\r\n```\r\n( printf 'obase=2^8^%d\\0' \"$__\" | xargs -0 -n 1 -P 24 timeout -v  --foregroun)  0.00s user 0.01s system 86% cpu 0.008 total\r\n\r\n ----------\r\n\t finished 2^8^1 with exit status 0 ... \r\n --------\r\nRuntime warning (func=(main), adr=13): obase too large, set to 2147483647\r\n( printf 'obase=2^8^%d\\0' \"$__\" | xargs -0 -n 1 -P 24 timeout -v  --foregroun)  0.00s user 0.01s system 58% cpu 0.012 total\r\n\r\n ----------\r\n\t finished 2^8^2 with exit status 0 ... \r\n --------\r\nRuntime warning (func=(main), adr=13): obase too large, set to 2147483647\r\n( printf 'obase=2^8^%d\\0' \"$__\" | xargs -0 -n 1 -P 24 timeout -v  --foregroun)  0.00s user 0.00s system 82% cpu 0.007 total\r\n\r\n ----------\r\n\t finished 2^8^3 with exit status 0 ... \r\n --------\r\nRuntime warning (func=(main), adr=13): obase too large, set to 2147483647\r\n( printf 'obase=2^8^%d\\0' \"$__\" | xargs -0 -n 1 -P 24 timeout -v  --foregroun)  0.00s user 0.00s system 84% cpu 0.008 total\r\n\r\n ----------\r\n\t finished 2^8^4 with exit status 0 ... \r\n --------\r\nRuntime warning (func=(main), adr=13): obase too large, set to 2147483647\r\n( printf 'obase=2^8^%d\\0' \"$__\" | xargs -0 -n 1 -P 24 timeout -v  --foregroun)  0.01s user 0.00s system 90% cpu 0.012 total\r\n\r\n ----------\r\n\t finished 2^8^5 with exit status 0 ... \r\n --------\r\nRuntime warning (func=(main), adr=13): obase too large, set to 2147483647\r\n( printf 'obase=2^8^%d\\0' \"$__\" | xargs -0 -n 1 -P 24 timeout -v  --foregroun)  0.14s user 0.01s system 98% cpu 0.143 total\r\n\r\n ----------\r\n\t finished 2^8^6 with exit status 0 ... \r\n --------\r\nRuntime warning (func=(main), adr=13): obase too large, set to 2147483647\r\n( printf 'obase=2^8^%d\\0' \"$__\" | xargs -0 -n 1 -P 24 timeout -v  --foregroun)  3.64s user 0.01s system 99% cpu 3.654 total\r\n\r\n ----------\r\n\t finished 2^8^7 with exit status 0 ... \r\n --------\r\ntimeout: sending signal TERM to command ‘dash’\r\n( printf 'obase=2^8^%d\\0' \"$__\" | xargs -0 -n 1 -P 24 timeout -v  --foregroun)  0.00s user 0.00s system 0% cpu 8.009 total\r\n\r\n ----------\r\n\t finished 2^8^8 with exit status 0 ... \r\n --------\r\ntimeout: sending signal TERM to command ‘dash’\r\n( printf 'obase=2^8^%d\\0' \"$__\" | xargs -0 -n 1 -P 24 timeout -v  --foregroun)  0.00s user 0.00s system 0% cpu 8.008 total\r\n\r\n ----------\r\n\t finished 2^8^9 with exit status 0 ... \r\n --------\r\nRuntime warning (func=(main), adr=13): obase too large, set to 2147483647\r\ntimeout: sending signal TERM to command ‘dash’\r\n( printf 'obase=2^8^%d\\0' \"$__\" | xargs -0 -n 1 -P 24 timeout -v  --foregroun)  0.00s user 0.01s system 0% cpu 8.011 total\r\n\r\n ----------\r\n\t finished 2^8^10 with exit status 0 ... \r\n --------\r\n```",
+    "closed": true,
+    "closedAt": "2024-01-27T20:24:51Z",
+    "comments": [
+      {
+        "id": "IC_kwDOCL0xJc5yCwr9",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "In general, this problem is unsolvable. It's a consequence of the limits of computing. (The technical term is \"Turing-completeness.\")\r\n\r\nFor example, to us it's obvious that `2^8^10` is out of range. But computers do not understand any \"concept\" of math, so they can't tell.\r\n\r\nAll they can do is execute the code that they are given.\r\n\r\nYou'd see an different execution time if you did this:\r\n\r\n```\r\nobase = 104438888141315250669175271071662438257996424904738378038423348328395390\\\r\n797155745684882681193499755834089010671443926283798757343818579360726323\\\r\n608785136527794595697654370999834036159013438371831442807001185594622637\\\r\n631883939771274567233468434458661749680790870580370407128404874011860911\\\r\n446797778359802900668693897688178778594690563019026094059957945343282346\\\r\n930302669644305902501597239986771421554169383555988529148631823791443449\\\r\n673408781187263949647510018904134900841706167509366833385055103297208826\\\r\n955076998361636941193301521379682583718809183365675122131849284636812555\\\r\n022599830041234478486259567449219461702380650591324561082573183538008760\\\r\n862210283427019769820231316901767800667519548507992163641937028537512478\\\r\n401490715913545998279051339961155179427110683113409058427288427979155484\\\r\n978295432353451706522326906139490598769300212296339568778287894844061600\\\r\n741294567491982305057164237715481632138063104590291613692670834285644073\\\r\n044789997190178146576347322385026725305989979599609079946920177462481771\\\r\n844986745565925017832907047311943316555080756822184657174637329688491281\\\r\n952031745700244092661691087414838507841192980452298185733897764810312608\\\r\n590300130241346718972667321649151113160292078173803343609024380470834040\\\r\n3154190336\r\n```\r\n\r\ninstead of this:\r\n\r\n```\r\nobase = 2^8^4\r\n```\r\n\r\nAgain, the computer has no idea that `2^8^4` cannot work until it calculates it. We can see it by eye (\"`8^4` is definitely greater than 64, and `2^64` is the max\"), but the computer doesn't think that like. It sees:\r\n\r\n```\r\nconstant 2\r\nconstant 8\r\nconstant 4\r\nx = exponentiation 8 4\r\nexponentiation 2 x\r\n```\r\n\r\nI hope this makes sense.",
+        "createdAt": "2024-01-27T20:24:51Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/75#issuecomment-1913326333",
+        "viewerDidAuthor": true
+      }
+    ],
+    "createdAt": "2024-01-27T19:16:44Z",
+    "id": "I_kwDOCL0xJc59ZJcH",
+    "isPinned": false,
+    "labels": [],
+    "milestone": null,
+    "number": 75,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "state": "CLOSED",
+    "stateReason": "COMPLETED",
+    "title": "bc attempts to first calculate gigantic obase before erroring out",
+    "updatedAt": "2024-01-27T20:24:51Z",
+    "url": "https://github.com/gavinhoward/bc/issues/75"
+  },
+  {
+    "assignees": [],
+    "author": {
+      "id": "U_kgDOCGPbwA",
+      "is_bot": false,
+      "login": "shuang886",
+      "name": "Steven Huang"
+    },
+    "body": "Hi, just want to make sure I'm not missing something glaringly obvious...\r\n\r\nI'm trying to build just the library on macOS, so:\r\n\r\n```\r\n% ./configure -a\r\nTesting for FreeBSD...\r\nNot on FreeBSD. Using _POSIX_C_SOURCE and _XOPEN_SOURCE.\r\n\r\nTesting for Mac OSX...\r\nOn Mac OSX. Using _DARWIN_C_SOURCE.\r\n\r\nTesting for OpenBSD...\r\nNot on OpenBSD.\r\n\r\nVersion: 6.7.2\r\nBuilding bc\r\nBuilding dc\r\n\r\nBC_ENABLE_LIBRARY=1\r\n\r\nBC_ENABLE_HISTORY=0\r\nBC_ENABLE_EXTRA_MATH=1\r\nBC_ENABLE_NLS=0\r\n\r\nBC_ENABLE_AFL=0\r\n\r\nBC_NUM_KARATSUBA_LEN=32\r\n\r\nCC=c99\r\nCFLAGS= -DBC_ENABLE_EDITLINE=0 -DBC_ENABLE_READLINE=0\r\nHOSTCC=c99\r\nHOSTCFLAGS=\r\nCPPFLAGS=-DNDEBUG  -D_POSIX_C_SOURCE=200809L -D_XOPEN_SOURCE=700\r\nLDFLAGS=-s \r\nPREFIX=/usr/local\r\nBINDIR=/usr/local/bin\r\nINCLUDEDIR=/usr/local/include\r\nLIBDIR=/usr/local/lib\r\nDATAROOTDIR=/usr/local/share\r\nDATADIR=/usr/local/share\r\nMANDIR=/usr/local/share/man\r\nMAN1DIR=/usr/local/share/man/man1\r\nMAN3DIR=/usr/local/share/man/man3\r\nNLSPATH=\r\nPC_PATH=/opt/homebrew/lib/pkgconfig\r\nEXECSUFFIX=\r\nEXECPREFIX=\r\nDESTDIR=\r\nLONG_BIT=\r\nGEN_HOST=1\r\nGEN_EMU=\r\n\r\nSetting Defaults\r\n================\r\nbc.banner=0\r\nbc.sigint_reset=1\r\ndc.sigint_reset=1\r\nbc.tty_mode=1\r\ndc.tty_mode=0\r\nbc.prompt=1\r\ndc.prompt=0\r\nbc.expr_exit=1\r\ndc.expr_exit=1\r\nbc.digit_clamp=0\r\ndc.digit_clamp=0\r\n```\r\n\r\nseems to be happy, but it doesn't actually build:\r\n\r\n```\r\n% make\r\nmkdir -p bin\r\nc99 -DBC_ENABLED=1 -DDC_ENABLED=1 -I./include/ -DBUILD_TYPE=HN  -DEXECPREFIX= -DMAINEXEC=bc  -D_DARWIN_C_SOURCE -DBC_NUM_KARATSUBA_LEN=32 -DBC_ENABLE_NLS=0 -DBC_ENABLE_EXTRA_MATH=1 -DBC_ENABLE_HISTORY=0 -DBC_ENABLE_LIBRARY=1 -DBC_ENABLE_MEMCHECK=0 -DBC_ENABLE_AFL=0 -DBC_DEFAULT_BANNER=0 -DBC_DEFAULT_SIGINT_RESET=1 -DBC_DEFAULT_TTY_MODE=1 -DBC_DEFAULT_PROMPT=1 -DBC_DEFAULT_EXPR_EXIT=1 -DBC_DEFAULT_DIGIT_CLAMP=0 -DDC_DEFAULT_SIGINT_RESET=1 -DDC_DEFAULT_TTY_MODE=0 -DDC_DEFAULT_PROMPT=0 -DDC_DEFAULT_EXPR_EXIT=1 -DDC_DEFAULT_DIGIT_CLAMP=0 -DNDEBUG  -D_POSIX_C_SOURCE=200809L -D_XOPEN_SOURCE=700  -DBC_ENABLE_EDITLINE=0 -DBC_ENABLE_READLINE=0 -o src/args.o -c ./src//args.c\r\n./src//args.c:62:6: error: use of undeclared identifier 'vm'\r\n        if (vm->exprs.v == NULL)\r\n            ^\r\n./src//args.c:64:16: error: use of undeclared identifier 'vm'\r\n                bc_vec_init(&vm->exprs, sizeof(uchar), BC_DTOR_NONE);\r\n                             ^\r\n...lots more...\r\n```\r\n\r\n`vm` appears to be defined in `src/vm.c` but inside a `#if !BC_ENABLE_LIBRARY`, while a lot of code in `src/args.c` are not correspondingly enclosed. I tried to sprinkle in some `#if !BC_ENABLE_LIBRARY` directives but that just exposed more code that needed to be `#ifdef`ed out.\r\n\r\nBuilding the executables (i.e., just plain `./configure`) compiles and runs fine.\r\n\r\nWould you mind clarifying if there's more needed than `./configure -a`? I couldn't find anything that helps in the build manual, and I get the sense that `args.c` should not have been in the `Makefile` at all...\r\n\r\nThanks!",
+    "closed": true,
+    "closedAt": "2023-11-27T21:30:42Z",
+    "comments": [
+      {
+        "id": "IC_kwDOCL0xJc5s_tei",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "You're not missing something glaringly obvious. That is a bug because it should build with no errors.\r\n\r\nI think I fixed it in 7807eead159b80b51b8c81680608f8187284971e; can you pull and test for me?\r\n\r\nIf that *is* the fix, then the problem was an extra slash in a path; apparently Mac OSX does not clean paths when doing a string comparison. Oops.",
+        "createdAt": "2023-11-27T21:24:37Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/71#issuecomment-1828640674",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5s_vWb",
+        "author": {
+          "login": "shuang886"
+        },
+        "authorAssociation": "NONE",
+        "body": "Works now, thanks!",
+        "createdAt": "2023-11-27T21:30:42Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/71#issuecomment-1828648347",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc5s_vvD",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "You're welcome. I'll put out a new release with the fix.",
+        "createdAt": "2023-11-27T21:31:57Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/71#issuecomment-1828649923",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5s_y9T",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Ah! I made a mistake! Could you pull 7eaa40ab8cac29893155471076c621c2f9929d33 and see if that works?",
+        "createdAt": "2023-11-27T21:41:25Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/71#issuecomment-1828663123",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5s_zsO",
+        "author": {
+          "login": "shuang886"
+        },
+        "authorAssociation": "NONE",
+        "body": "Yup, still works.",
+        "createdAt": "2023-11-27T21:43:29Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/71#issuecomment-1828666126",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc5s_0Ig",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Thank you, and I'm sorry.",
+        "createdAt": "2023-11-27T21:44:49Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [
+          {
+            "content": "HEART",
+            "users": {
+              "totalCount": 1
+            }
+          }
+        ],
+        "url": "https://github.com/gavinhoward/bc/issues/71#issuecomment-1828667936",
+        "viewerDidAuthor": true
+      }
+    ],
+    "createdAt": "2023-11-27T17:48:32Z",
+    "id": "I_kwDOCL0xJc53-Mb1",
+    "isPinned": false,
+    "labels": [],
+    "milestone": null,
+    "number": 71,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "state": "CLOSED",
+    "stateReason": "COMPLETED",
+    "title": "Build errors after ./configure -a",
+    "updatedAt": "2023-11-27T21:44:50Z",
+    "url": "https://github.com/gavinhoward/bc/issues/71"
+  },
+  {
+    "assignees": [],
+    "author": {
+      "id": "U_kgDOBZsPsA",
+      "is_bot": false,
+      "login": "STSMHQ",
+      "name": "STSM"
+    },
+    "body": "Hi, @gavinhoward,\r\n\r\nI read the [documentation file](https://git.gavinhoward.com/gavin/bc/src/branch/master/manuals/bc/A.1.md) and it seems that arrays can only old a single value per each index (a number or a string). Is there any workaround to be able to store more than one single value in an array?\r\n\r\n```shell\r\n# This works\r\nbc_example[0] = 1;\r\n\r\n# This doesn't\r\nbc_example[1] = [1, 2, 3];\r\nbc_example[2] = [1, \"Random\", 3, \"Another\"];\r\n\r\nprint bc_example[2][1] # Random\r\n```\r\n\r\nAs I already stated before in another issue, I'm using your amazing tool to keep track of my expenses and it would be amazing to be able to create a \"matrix\" or an \"array of arrays\" as people often call it. Although I know that my use case isn't the general one and that the type of feature that I'm requesting doesn't make much sense considering the main goal/purpose of this tool, I'm opening this issue to know if what I want is somehow possible using any syntax workaround not documented in the above file.",
+    "closed": true,
+    "closedAt": "2023-11-13T16:02:39Z",
+    "comments": [
+      {
+        "id": "IC_kwDOCL0xJc5ruIip",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Unfortunately, there is not any workaround, and that is on purpose. The `bc` language is just too restricted to go any further without *serious* work.\r\n\r\nIt is *possible*, yes. However, I believe that would be a mistake.\r\n\r\nI once said this:\r\n\r\n> Good software design includes putting whatever complexity must exist where it *best fits*.\r\n>\r\n> -- [\"Justifying a Backwards Design Decision for Yao][1]\r\n\r\nSo one of the skills of a good programmer is knowing *where* complexity should go.\r\n\r\nIf you need multiple values in one array slot, it sounds like you need structs, objects, or some other compound data thing. That sort of complexity should live in a \"proper\" programming language.\r\n\r\nSo I suggest that you use a \"proper\" programming language with arbitrary-precision numbers, like Python.\r\n\r\nThat said, I don't want to just hang you out to dry with no solution!\r\n\r\nYou're using my `bc` because it was the best for the job until now, right? Can you tell me why that is?\r\n\r\nYou've mentioned that you use it for finances; unlike most other math, finances basically require base 10 math, so is that why my `bc` was best?\r\n\r\nIf so, I might have a solution for you.\r\n\r\nDo you know Python?\r\n\r\nIf so, I could learn how to create a C extension for Python, and then I could use my [`bc`'s library form][2] to create a Python extension to use my `bc`'s library. That way, you could use Python, but still have the decimal-based math you need for finances, and I wouldn't have to do a ton of work to add multi-values to `bc` while also adding my `bc` to Python.\r\n\r\nAs an extra bonus, if you use Python, you could then have your files be output to JSON or another well-known format. And hey, I may even be able to help you convert your scripts to Python if you send them to me. (Do it through email, not this bug report!)\r\n\r\nWill that work for you?\r\n\r\n[1]: https://gavinhoward.com/2023/02/justifying-a-backwards-design-decision-for-yao/#designing-for-lsp\r\n[2]: https://github.com/gavinhoward/bc/blob/master/manuals/bcl.3.md",
+        "createdAt": "2023-11-12T22:06:36Z",
+        "includesCreatedEdit": true,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/70#issuecomment-1807255721",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5rytlH",
+        "author": {
+          "login": "STSMHQ"
+        },
+        "authorAssociation": "NONE",
+        "body": "Hi, @gavinhoward,\r\n\r\nI'm using your `bc` tool for over a year to keep track of my expenses and everything related to my personal finances. The main reason behind this decision is what you just said, generally speaking, finances use base 10 math and `bc-gh` allows me to have arbitrary-precision numbers on it. The second big reason is **you**. The passion you put into your projects is truly amazing. I know that as long as you're alive and well, you'll keep this project running and that's a important thing for me. Also, your support as shown here in this issue is very, very good. To end, I'm a follower of your [blog](https://gavinhoward.com/) since the beginning of 2022.\r\n\r\nI don't know Python. I could learn it but I don't like much its' syntax and the biggest part of its' design choices. I'll probably take this chance to improve my NuShell knowledge and try to integrate `bc-gh` into it. With NuShell, I know that I can work with well-known formats like JSON/YAML/TOML in order to be able to implement my desired workflow. Thank you for everything and keep up the excellent work.\r\n\r\n",
+        "createdAt": "2023-11-13T16:02:39Z",
+        "includesCreatedEdit": true,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/70#issuecomment-1808456007",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc5ry87l",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "You flatter me! :) But more seriously, thank you for the compliments; I struggle to see worth in my code, and that helps a lot.\r\n\r\nI'm sorry I couldn't help more. But feel free to ask any questions to help with your port to NuShell. I'm happy to help with that since I was not much help here!",
+        "createdAt": "2023-11-13T16:35:41Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/70#issuecomment-1808518885",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5r93lR",
+        "author": {
+          "login": "STSMHQ"
+        },
+        "authorAssociation": "NONE",
+        "body": "> You flatter me! :) But more seriously, thank you for the compliments; I struggle to see worth in my code, and that helps a lot.\r\n\r\nYour code and your blog posts truly make a difference to my life 💙\r\n\r\n> I'm sorry I couldn't help more. But feel free to ask any questions to help with your port to NuShell. I'm happy to help with that since I was not much help here!\r\n\r\nYou don't have to be sorry. I read the documentation of NuShell and I think I'm able to implement my current workflow with `bc-gh` on it pretty easily. Thank you for all your spent time and help offered. Have a nice rest of week!",
+        "createdAt": "2023-11-14T21:51:18Z",
+        "includesCreatedEdit": true,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/70#issuecomment-1811380561",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc5sEd4h",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "You're welcome.\r\n\r\nHey, when you finish your NuShell implementation, I would love it if you could email it to me; I'm almost done with my new language, and I'd love to use it as a test application.",
+        "createdAt": "2023-11-15T19:12:11Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/70#issuecomment-1813110305",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5sIRpw",
+        "author": {
+          "login": "STSMHQ"
+        },
+        "authorAssociation": "NONE",
+        "body": "I'm still studying it. As NuShell didn't reach yet the first ever stable level, I don't know if I should implement all of my workflow directly using it. Currently, I'm just exploring the data processing pipeline features that they have against a workflow using `sed`/`awk` and your `bc-gh`, for instance. All I'm doing is pretty much pick a JSON file, iterate over it, apply some editions/additions using your `bc-gh` and then save it again to a JSON file. Hope you like NuShell as much as I do and one day in the future, it can have the same popularity as `zsh`.\r\n\r\nIf in the future I implement something that I'm proud of, I'll happily share it with you, Gavin.",
+        "createdAt": "2023-11-16T09:48:33Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [
+          {
+            "content": "THUMBS_UP",
+            "users": {
+              "totalCount": 1
+            }
+          }
+        ],
+        "url": "https://github.com/gavinhoward/bc/issues/70#issuecomment-1814108784",
+        "viewerDidAuthor": false
+      }
+    ],
+    "createdAt": "2023-11-12T18:51:58Z",
+    "id": "I_kwDOCL0xJc52lbxv",
+    "isPinned": false,
+    "labels": [],
+    "milestone": null,
+    "number": 70,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "state": "CLOSED",
+    "stateReason": "COMPLETED",
+    "title": "Array - Multiple values ",
+    "updatedAt": "2023-11-16T09:48:33Z",
+    "url": "https://github.com/gavinhoward/bc/issues/70"
+  },
+  {
+    "assignees": [],
+    "author": {
+      "id": "MDQ6VXNlcjQ4MjY5Mzk5",
+      "is_bot": false,
+      "login": "TediusTimmy",
+      "name": "Thomas"
+    },
+    "body": "Greetings,\r\n\r\nI am going to start with some pleasantries and BS and work from there.\r\n\r\nHello. I also like bc. I have some bc-related repos: https://github.com/TediusTimmy/GNU_bc_with_GMP and https://github.com/TediusTimmy/OpenBSD_bc_with_GMP . The first one is an example of how fast bc can be, if we just use GMP. I also fixed as many of the crashes as I was aware of (admittedly, by fixing the back-end to be more robust rather than fixing the garbage generated by the front-end; if you find a crash, please let me know). In the second repo, I have a comparison of the speed of several implementations of bc (based on my own benchmark), including yours. I found it to be roughly comparable to, but still slightly slower than, OpenBSD's bc (except on one specific task, where it even beat GMP). I also wrote a spreadsheet program to use bc-like numbers: https://github.com/TediusTimmy/BC-DeciCalc (which I _really_ need to work on the documentation for).\r\n\r\nAs for those bug-fixes in GNU bc: I really haven't been able to get ahold of Phil, or Ken. Thankfully, there were some really helpful people at Debian, and maybe one day, either https://salsa.debian.org/debian/bc/-/merge_requests/4 will be merged in, or they will just use a better bc implementation, like yours.\r\n\r\nFinally, are you aware of this: https://www.php.net/manual/en/book.bc.php ? They have forked the GNU bc code for number.c and include it in their builds. Maybe they could use the library version of your code? (My only concern would be https://bugs.php.net/bug.php?id=66364 )\r\n\r\n\r\nOn to the issue: I'm not a big fan of your `p(x,y)` function. Let me explain by way of a contrived example: `p(1024,32.1)`. Now `1024` is `2^10`, so this SHOULD give us `2^10^32.1` which is `2^(10*32.1)` or `2^321`. And that's an integer, so it should be exact. But, when we do this we find that only the first 18 digits are correct with the default scale of 20. As you manipulate the scale variable, you find a correlation between the scale variable and the number of correct digits. So, in order to compute this result to 20 digits of scale, you would need to compute the log and exponential to around 117 digits of scale. I don't think that I'm out of line to expect that when you increase the scale of a computation that maybe the last three digits change and you then get extra new good digits. With this implementation of `p(x,y)`, a good chunk of the number changes.\r\n\r\nAs I was thinking about this, four cases came up:\r\n1) If we are raising a number greater than one to a positive power, then we want to bump the scale by the length of the integer part.\r\n2) If we are raising a number greater than one to a negative power, then we can probably use `e(y*l(x))` as that result goes to zero.\r\n3) Conversely, if we are raising a number less than one to a positive power, then we can probably use `e(y*l(x))` as the result goes to zero.\r\n4) Finally, if if we are raising a number less than one to a negative power, then we need to be extra careful. We need to use the reciprocal to find the integer part, but want the reciprocal to the increased scale to have an accurate result (in my testing, it removed a problem in the unit in the last place).\r\n\r\nSo, my final function to improve `p(x,y)`, then commentary:\r\n```\r\ndefine pow(x,y){\r\n\tauto a,i,s,z\r\n\tif(0==y)return 1@scale\r\n\tif(0==x){\r\n\t\tif(y>0)return 0\r\n\t\treturn 1/0\r\n\t}\r\n\ta=y$\r\n\tif(y==a)return(x^a)@scale\r\n\tz=0\r\n\tif(x<1){\r\n\t\ty=-y\r\n\t\ta=-a\r\n\t\tz=x\r\n\t\tx=1/x\r\n\t}\r\n\tif(y<0){\r\n\t\treturn e(y*l(x))\r\n\t}\r\n\ti=x^a\r\n\ts=scale\r\n\tscale+=length(i)\r\n\tif(z){\r\n\t\tx=1/z\r\n\t\ti=x^a\r\n\t}\r\n\ti*=e((y-a)*l(x))\r\n\tscale=s\r\n\treturn i@scale\r\n}\r\n```\r\nI started with your `p(x,y)` function and then added code. We begin with some special case handling for zeros, because people will complain (I didn't realize that bc already defines `0^0==1`). Next is the detection for the easy case of an integer exponent that you already had. We then handle if x is between zero and one: we save x and proceed with the reciprocal, while negating the exponent. Remember that `l(x)==-l(1/x)`. I specifically ignore if x is negative, because we will eventually call `l(x)`, which will return an erroneous value if x is negative. If the exponent is now negative, we fall back on `e(y*l(x))`: that number is going to zero anyway. Next, we compute the integral portion of the exponent and use it to get the working scale for the fractional part of the exponent. After that, if we took the reciprocal of x, recompute the reciprocal and the integral part of the exponent at this higher scale to ensure that both are accurate. Penultimately, compute the fractional part of the exponent and multiply it by the integral part to get the complete exponent. Finally, return a result at the desired scale.\r\n",
+    "closed": true,
+    "closedAt": "2023-08-19T06:38:17Z",
+    "comments": [
+      {
+        "id": "IC_kwDOCL0xJc5kV35W",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Hello.\r\n\r\n> As for those bug-fixes in GNU bc: I really haven't been able to get ahold of Phil, or Ken. Thankfully, there were some really helpful people at Debian, and maybe one day, either https://salsa.debian.org/debian/bc/-/merge_requests/4 will be merged in, or they will just use a better bc implementation, like yours.\r\n\r\nMaybe I'm selfish here, but I think they should just use mine. I tested my `bc` against all of the items at <https://lists.debian.org/debian-devel/2022/08/msg00035.html> and <https://bugs.launchpad.net/ubuntu/+source/bc/+bug/1775776>, and not only does my `bc` not crash, ASan, UBSan, and Valgrind report no errors, not even memory leaks. (Yay for fuzzing!) If you know how I might submit a request for them to do so, please let me know. I'll even build the Debian package myself!\r\n\r\n> Finally, are you aware of this: https://www.php.net/manual/en/book.bc.php ? They have forked the GNU bc code for number.c and include it in their builds. Maybe they could use the library version of your code? \r\n\r\nI *am* aware, actually. This was in the back of my mind when I accepted a request from my FreeBSD contact to implement the `bcl` library. But I don't know how to contact them and convince them to use my library.\r\n\r\n> (My only concern would be https://bugs.php.net/bug.php?id=66364 )\r\n\r\nUnfortunately, the PHP authors are wrong; that behavior is well-documented in the [POSIX standard for `bc`][1], which says about multiplication:\r\n\r\n> The result shall be the product of the two expressions. If a and b are the scales of the two expressions, then the scale of the result shall be:\r\n>\r\n> `min(a+b,max(scale,a,b))`\r\n\r\nSo their fix for that bug report is wrong, in my opinion. Thus, I don't think they'll adopt my library because I won't patch my library for their \"bug.\"\r\n\r\n> On to the issue: I'm not a big fan of your `p(x,y)` function...\r\n\r\nYour criticisms are absolutely fair. Fair enough that I took your code (with style fixes), documented it, and pushed it as the `better_pow` branch in this repo.\r\n\r\nCan you take a look to check if the code is correct, that it works for you, and that the documentation I added in `manuals/algorithms.md` is correct? I documented it in my own words, to make sure I understood the code.\r\n\r\nFinally, last item: do you think that you'll open more issues on `bc` in the future? If so, I'll add an account for you on my website; I just need an email address.\r\n\r\n[1]: https://pubs.opengroup.org/onlinepubs/9699919799/utilities/bc.html#tag_20_09_13_03",
+        "createdAt": "2023-08-18T07:09:12Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/69#issuecomment-1683455574",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5kV5_7",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Forgot to say this:\r\n\r\n> In the second repo, I have a comparison of the speed of several implementations of bc (based on my own benchmark), including yours. I found it to be roughly comparable to, but still slightly slower than, OpenBSD's bc (except on one specific task, where it even beat GMP).\r\n\r\nThose benchmarks make sense to me, except plain OpenBSD `bc` being faster than mine; it uses plain `char` for digits, so mine should be faster. My guess is that it is parsing without many error checks.\r\n\r\nAlso, I store constants as strings, like GNU. This is because someone could change the `ibase` at any time, and if they do, that constant needs to be interpreted according to the new `ibase`. But I know for a fact that the OpenBSD `bc` has a different behavior: it will interpret the number according to the digits, no matter if the digits are invalid for the `ibase`. This allows it to precalculate, where GNU and I cannot.",
+        "createdAt": "2023-08-18T07:17:28Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/69#issuecomment-1683464187",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5kbO1o",
+        "author": {
+          "login": "TediusTimmy"
+        },
+        "authorAssociation": "NONE",
+        "body": "Many apologies. I posted that improvement and went straight to bed last night, and then life got in the way of me responding. And I am going to go straight to bed tonight, also.\r\n\r\n> If you know how I might submit a request for them to do so, please let me know.\r\n\r\nHonestly, when it comes to Debian, Philip Hands was a godsend (but, he isn't the maintainer). I tried emailing Phil Nelson and Ken Pizzini and Ryan Kavanagh, but those probably went into spam filters. Eventually, I emailed the debian-devel mailing list and someone who helps first-time contributors (Hands) picked it up and ran with it. Like any large open-source project, it has an inscrutable political organization to outsiders like us. I was lucky that they even have a merge request for the changes (which has been open for over a year).\r\n\r\nThe real problem is that GNU bc is \"good enough\". It has vulnerabilities that no one is known to have exploited (if they even are exploitable). People complain, but not loud enough to get things done. It works for its purpose, and doesn't seem to have a large user base.\r\n\r\n> But I don't know how to contact them and convince them to use my library.\r\n\r\nAgain: inscrutable political organization. I don't actually program with PHP, I also am just aware of this extension. Looking at this bug report ( https://github.com/php/php-src/issues/10967 ), maybe the internal mailing list or the RFC process is what you want. \r\n\r\n> the PHP authors are wrong\r\n\r\nYeah. Thought, looking at it again, they could have fixed the issue here ( https://github.com/php/php-src/blob/master/ext/bcmath/bcmath.c#L258 ) instead of where they did. You could convince them that this is the better place for a bodge between their code and the bc library (as the behavior is standards-driven). Though, even Debian has a bug for this: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610988\r\n\r\n> with style fixes\r\n\r\nWhat did you change? Oh, that. I get that from a former workplace.\r\n\r\n> it uses plain char for digits\r\n\r\nIt uses the OpenSSL BIGNUM library, which is binary words ( https://github.com/openbsd/src/blob/master/usr.bin/dc/bcode.h#L24 and https://github.com/openbsd/src/blob/master/lib/libcrypto/bn/bn_local.h#L121 ). For every 64 bits of a number, they are operating on all 64 bits, and you are operating on a little over 63 bits of it and have a normalization step. The trade-off rears its ugly head when numbers get converted to/from decimal.\r\n\r\n> do you think that you'll open more issues on bc in the future\r\n\r\nI don't have any plans. This was a spur-of-the-moment thing. I had \"finished\" a pow function for the spreadsheet, and decided to rewrite it in bc. (And then, I spent a bunch of time rewriting it again, as I realized that I had missed some corner cases). I don't plan to make a habit of this.\r\n\r\nAs for reviewing things:\r\n\r\n> being non-zero is a flag for later and a value to be used\r\n\r\nI did that, didn't I? Bad me.\r\n\r\nI don't know if the algorithm needs this much detail. It is probably good to give the impression that someone put thought and care into making sure the results were accurate. Though, really it was just some rando who kept doing really large exponents and wanted some numerical stability as he cranked up the precision while looking at numbers like https://www.youtube.com/watch?v=BdHFLfv-ThQ.",
+        "createdAt": "2023-08-19T06:38:17Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/69#issuecomment-1684860264",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc5kbPwt",
+        "author": {
+          "login": "TediusTimmy"
+        },
+        "authorAssociation": "NONE",
+        "body": "And I forgot to say something: I understand that the frustrating thing about the bcmath extension to PHP is that you have something that is _just better_. And you have no idea how to make things better.",
+        "createdAt": "2023-08-19T06:46:55Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/69#issuecomment-1684864045",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc5kcbqC",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "> Eventually, I emailed the debian-devel mailing list and someone who helps first-time contributors (Hands) picked it up and ran with it. Like any large open-source project, it has an inscrutable political organization to outsiders like us.\r\n\r\nYeah, that sounds exhausting. Not worth it to me at the moment.\r\n\r\n> The real problem is that GNU bc is \"good enough\". It has vulnerabilities that no one is known to have exploited (if they even are exploitable). People complain, but not loud enough to get things done. It works for its purpose, and doesn't seem to have a large user base.\r\n\r\nThis is true.\r\n\r\n> Yeah. Thought, looking at it again, they could have fixed the issue here ( https://github.com/php/php-src/blob/master/ext/bcmath/bcmath.c#L258 ) instead of where they did. You could convince them that this is the better place for a bodge between their code and the bc library (as the behavior is standards-driven).\r\n\r\nEh, probably not worth it.\r\n\r\n> Though, even Debian has a bug for this: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610988\r\n\r\nYikes. People don't read, do they? Okay, I *really* don't care about getting into Debian.\r\n\r\n> It uses the OpenSSL BIGNUM library, which is binary words\r\n\r\nOh, that was not what I understood. Oops. Those benchmarks make sense then.\r\n\r\n> I don't have any plans. This was a spur-of-the-moment thing.\r\n\r\nOkay.\r\n\r\n> As for reviewing things...I did that, didn't I? Bad me.\r\n\r\nWell, that `bc` code goes straight into the binary as a string. Using `z` as a flag and a value is useful to reduce the number of bytes used. I kept it for a reason.\r\n\r\n> I don't know if the algorithm needs this much detail. It is probably good to give the impression that someone put thought and care into making sure the results were accurate.\r\n\r\n*I* need that much detail. I *have* to understand every bit of code in this repo.\r\n\r\nTake, for example, the comment [here][1]. That was me explaining, *to myself*, an algorithm that someone else coded up. If there was a bug in that algorithm when I got it (and there was), there was no way for me to debug it unless I knew what it was supposed to be doing.\r\n\r\nIf there is a bug in your code, I need to understand your code to debug it.\r\n\r\nThat's why there is a wealth of information for developers; it's for *me*.\r\n\r\nSo I'm glad to know that the explanation is correct, but I'll keep all of it. :)\r\n\r\nI may wait a while to release a new version (I have a new PR about adding CMake support), but I will release a new version with your code within a reasonable time.\r\n\r\nThank you.\r\n\r\n[1]: https://github.com/gavinhoward/bc/blob/75cf2e3358b5a76780db0d448c02cf6f61065921/src/num.c#L3077-L3113",
+        "createdAt": "2023-08-20T04:43:10Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/69#issuecomment-1685174914",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5nZ8wq",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "There is now a version (`6.6.1`) with your `p()` implementation. Thank you very much!",
+        "createdAt": "2023-09-26T05:30:27Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/69#issuecomment-1734855722",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5nnXnb",
+        "author": {
+          "login": "TediusTimmy"
+        },
+        "authorAssociation": "NONE",
+        "body": "You are welcome. I hope it is as useful for your other users as it is to me and not a maintenance burden on you.",
+        "createdAt": "2023-09-28T03:11:48Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/69#issuecomment-1738373595",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc5nnXzO",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "None at all now that I understand it, thanks to you!",
+        "createdAt": "2023-09-28T03:13:15Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/69#issuecomment-1738374350",
+        "viewerDidAuthor": true
+      }
+    ],
+    "createdAt": "2023-08-18T05:29:27Z",
+    "id": "I_kwDOCL0xJc5uoYUw",
+    "isPinned": false,
+    "labels": [],
+    "milestone": null,
+    "number": 69,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "state": "CLOSED",
+    "stateReason": "COMPLETED",
+    "title": "Incoherent rambling followed by a suggestion for an improvement.",
+    "updatedAt": "2023-09-28T03:13:15Z",
+    "url": "https://github.com/gavinhoward/bc/issues/69"
+  },
+  {
+    "assignees": [],
+    "author": {
+      "id": "MDQ6VXNlcjI5MDIyNQ==",
+      "is_bot": false,
+      "login": "mhorowitz",
+      "name": ""
+    },
+    "body": "platform: MacOS Ventura 13.2.1 (m1 max)\r\ncompiler: c99 from Xcode 14.2.0\r\nversion: https://git.gavinhoward.com/gavin/bc.git 55a6c05b280fbfb6873e42a5825403c17417029a\r\n\r\nBuild fails:\r\n```\r\n$ ./configure -O3\r\n<success>\r\n$ make\r\nc99 -DBC_ENABLED=1 -DDC_ENABLED=1 -I./include/ -DBUILD_TYPE=A  -DEXECPREFIX= -DMAINEXEC=bc  -DBC_NUM_KARATSUBA_LEN=32 -DBC_ENABLE_NLS=1 -DBC_ENABLE_EXTRA_MATH=1 -DBC_ENABLE_HISTORY=1 -DBC_ENABLE_LIBRARY=0 -DBC_ENABLE_MEMCHECK=0 -DBC_ENABLE_AFL=0 -DBC_DEFAULT_BANNER=0 -DBC_DEFAULT_SIGINT_RESET=1 -DBC_DEFAULT_TTY_MODE=1 -DBC_DEFAULT_PROMPT=1 -DBC_DEFAULT_EXPR_EXIT=1 -DBC_DEFAULT_DIGIT_CLAMP=0 -DDC_DEFAULT_SIGINT_RESET=1 -DDC_DEFAULT_TTY_MODE=0 -DDC_DEFAULT_PROMPT=0 -DDC_DEFAULT_EXPR_EXIT=1 -DDC_DEFAULT_DIGIT_CLAMP=0 -DNDEBUG  -D_POSIX_C_SOURCE=200809L -D_XOPEN_SOURCE=700 -O3  -DBC_ENABLE_EDITLINE=0 -DBC_ENABLE_READLINE=0 -o src/program.o -c ./src//program.c\r\n./src//program.c:2994:6: error: use of undeclared identifier 'SIGWINCH'\r\n        if (BC_SIG_INTERRUPT(vm))\r\n            ^\r\n./include/status.h:698:45: note: expanded from macro 'BC_SIG_INTERRUPT'\r\n        BC_UNLIKELY((vm)->sig != 0 && (vm)->sig != SIGWINCH)\r\n                                                   ^\r\n./src//program.c:3724:6: error: use of undeclared identifier 'SIGWINCH'\r\n        if (BC_SIG_INTERRUPT(vm))\r\n            ^\r\n./include/status.h:698:45: note: expanded from macro 'BC_SIG_INTERRUPT'\r\n        BC_UNLIKELY((vm)->sig != 0 && (vm)->sig != SIGWINCH)\r\n                                                   ^\r\n2 errors generated.\r\nmake: *** [src/program.o] Error 1\r\n```\r\nI think ideally, configure.sh would detect this, and apply an appropriate set of flags, or the source would be changed appropriately.\r\n\r\nAs a workaround, this allows a successful build:\r\n```\r\nCFLAGS=-D_DARWIN_C_SOURCE ./configure -O3\r\n```",
+    "closed": true,
+    "closedAt": "2023-03-31T17:44:43Z",
+    "comments": [
+      {
+        "id": "IC_kwDOCL0xJc5Y4XHV",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Stupid GitHub, closing the issue just because I mention the number in a commit...\r\n\r\nAnyway, yes, this is a bug, and yes, `configure.sh` should detect this.\r\n\r\nI've added 29b4b6a4f27b07c4a176258aaf831a5208d4e116 in an attempt to fix this. Unfortunately, I don't have a Mac, so you'll need to test this for me. Would you please do that? Thank you.",
+        "createdAt": "2023-03-31T01:36:32Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/67#issuecomment-1491169749",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5Y8585",
+        "author": {
+          "login": "mhorowitz"
+        },
+        "authorAssociation": "NONE",
+        "body": "> I've added https://github.com/gavinhoward/bc/commit/29b4b6a4f27b07c4a176258aaf831a5208d4e116 in an attempt to fix this. Unfortunately, I don't have a Mac, so you'll need to test this for me. Would you please do that? Thank you.\r\n\r\nI tested it.  ./configure.sh output includes\r\n\r\n    On Mac OSX. Using _DARWIN_C_SOURCE.\r\n\r\nAnd make completes without error.  Thanks for the quick fix!",
+        "createdAt": "2023-03-31T17:44:43Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/67#issuecomment-1492361017",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc5Y867a",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Thank you for testing! And thank you for the report. I rely on users like you to help me with Mac OSX!",
+        "createdAt": "2023-03-31T17:46:45Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [
+          {
+            "content": "ROCKET",
+            "users": {
+              "totalCount": 1
+            }
+          }
+        ],
+        "url": "https://github.com/gavinhoward/bc/issues/67#issuecomment-1492365018",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5c_2t2",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Release `6.6.0` is out with the fix. Thank you!",
+        "createdAt": "2023-05-23T23:11:04Z",
+        "includesCreatedEdit": true,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/67#issuecomment-1560243062",
+        "viewerDidAuthor": true
+      }
+    ],
+    "createdAt": "2023-03-30T22:25:15Z",
+    "id": "I_kwDOCL0xJc5iQKue",
+    "isPinned": false,
+    "labels": [],
+    "milestone": null,
+    "number": 67,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "state": "CLOSED",
+    "stateReason": "COMPLETED",
+    "title": "Build fails on macOS",
+    "updatedAt": "2023-05-23T23:11:20Z",
+    "url": "https://github.com/gavinhoward/bc/issues/67"
+  },
+  {
+    "assignees": [],
+    "author": {
+      "id": "U_kgDOBZsPsA",
+      "is_bot": false,
+      "login": "STSMHQ",
+      "name": "STSM"
+    },
+    "body": "Hi, there,\r\n\r\nI love your command line tool and your blog (I read all your posts). You're an amazing developer. I hope one day I can be like you.\r\nI'm opening this issue to ask you if there is any way to bypass the `Math error: overflow: number cannot fit` error on your calculator. I would like to test it for benchmark purposes against Julia REPL (for example), but your `bc` gives me this error when the number has too many digits.\r\n\r\nExample Calculation: `((169287^137)^920)^13256118217109`.\r\n\r\nRegards,\r\n**STSM**",
+    "closed": true,
+    "closedAt": "2023-03-21T17:06:49Z",
+    "comments": [
+      {
+        "id": "IC_kwDOCL0xJc5XyVJh",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Hello,\r\n\r\nThank you for the compliments!\r\n\r\n> I'm opening this issue to ask you if there is any way to bypass the `Math error: overflow: number cannot fit` error on your calculator.\r\n\r\nIt depends.\r\n\r\nOn the particular example you gave, my machine did not give the error. (I am running an `x86_64` Linux machine.)\r\n\r\nThe error happens in this case because `bc` limits exponents to the maximum that can fit in the `unsigned long` type. There are good reasons for this, not least of which calculating a power with an exponent larger than that takes a long time.\r\n\r\nFor example, I started running the example calculation you gave seven hours ago, and it's still going.\r\n\r\nThe other reason is that the exponent needs to be converted into an `unsigned long` to do the actual calculation, which involves running a loop.\r\n\r\nBy the way, this is also the reason that exponents need to be integers.\r\n\r\nAnyway, one way to get around the limit would be to get a computer with a 64-bit `unsigned long` type. Machines that may *not* have that could include Windows (even if 64-bit) or 32-bit machines with any OS.\r\n\r\nAs an example, here are the limits for my machine (found by the `limits` keyword):\r\n\r\n```\r\n$ bc\r\n>>> limits\r\nBC_LONG_BIT      = 64\r\nBC_BASE_DIGS     = 9\r\nBC_BASE_POW      = 1000000000\r\nBC_OVERFLOW_MAX  = 18446744073709551615\r\n\r\nBC_BASE_MAX      = 1000000000\r\nBC_DIM_MAX       = 18446744073709551614\r\nBC_SCALE_MAX     = 18446744073709551614\r\nBC_STRING_MAX    = 18446744073709551614\r\nBC_NAME_MAX      = 18446744073709551614\r\nBC_NUM_MAX       = 18446744073709551614\r\nBC_RAND_MAX      = 18446744073709551615\r\nMAX Exponent     = 18446744073709551615\r\nNumber of vars   = 18446744073709551614\r\n>>> quit\r\n```\r\n\r\nThere are two to notice: `BC_LONG_BIT` and `MAX Exponent`.\r\n\r\n`BC_LONG_BIT` is 64, which means `bc` was built assuming a 64-bit `unsigned long` type. `MAX Exponent` is the actual limit to the exponent, which equals `(2^64)-1`, which is `ULONG_MAX` on a machine with a 64-bit `unsigned long`.\r\n\r\nHowever, if I tell my `bc` to assume a 32-bit `unsigned long` when I build it, using:\r\n\r\n```\r\n$ LONG_BIT=32 ./configure <args>\r\n$ make\r\n```\r\n\r\nThen the limits look different:\r\n\r\n```\r\n$ bin/bc\r\n>>> limits\r\nBC_LONG_BIT      = 32\r\nBC_BASE_DIGS     = 4\r\nBC_BASE_POW      = 10000\r\nBC_OVERFLOW_MAX  = 4294967295\r\n\r\nBC_BASE_MAX      = 10000\r\nBC_DIM_MAX       = 4294967294\r\nBC_SCALE_MAX     = 4294967294\r\nBC_STRING_MAX    = 4294967294\r\nBC_NAME_MAX      = 4294967294\r\nBC_NUM_MAX       = 4294967294\r\nBC_RAND_MAX      = 4294967295\r\nMAX Exponent     = 4294967295\r\nNumber of vars   = 18446744073709551614\r\n>>> quit\r\n```\r\n\r\n`BC_LONG_BIT` is now 32, and `MAX Exponent` is now 4294967295, which is `(2^32)-1`. Notice that 4294967295 is less than the last exponent (13256118217109) in your example calculation. This means that if 4294967295 is your `MAX Exponent`, you will get that error. And I *do* get that error when trying your example computation with that build.\r\n\r\nNow, there *is* still a way around it, but it requires some math knowledge.\r\n\r\nYou must know one fact: `(x^y)*(x^z) == x^(y+z)`.\r\n\r\nIn essence, if you multiply two powers of one number, the effect is the same as adding the exponents of those powers and then calculating the power from the sum of those exponents.\r\n\r\nUsually, you would want to just add the exponents and then calculate the power because multiplications would be much more expensive. However, in this case, we can do the opposite: split the exponent (13256118217109) into several numbers and then multiply all of those numbers together.\r\n\r\nLet's decide on one exponent to use, which I'll call `E`. I can divide 13256118217109 by `E`, and the result is the number of times that I need to multiply the power by itself. However, that will not be quite right because `E` almost certainly does not divide 13256118217109 evenly, so `13256118217109%E` won't be 0. In that case, we'll want to multiply the end result by the power where the exponent is equal to `13256118217109%E`.\r\n\r\nIt will all look like this (in `bc` code):\r\n\r\n```\r\nscale = 0\r\ns = ((169287^137)^920)\r\nn = s^E\r\nr = n\r\nt = 13256118217109 / E\r\nm = 13256118217109 % E\r\n\r\nfor (i = 1; i < t; ++i)\r\n{\r\n    r *= n\r\n}\r\n\r\nr *= s^m\r\n```\r\n\r\nBut even then, we can make it faster. Since we are just multiplying the value by itself many times, we can use power again. This time, the exponents (3086 and 6172) are back within limits, so we're safe.\r\n\r\nIf we do that, we get:\r\n\r\n```\r\nscale = 0\r\ns = ((169287^137)^920)\r\nt = 13256118217109 / E\r\nm = 13256118217109 % E\r\nn = s^E\r\nr = n^t\r\nr *= s^m\r\n```\r\n\r\nAnd that should give us our answer.\r\n\r\nWe should set those exponents as best as we can to make it as efficient as possible.\r\n\r\nI know that my `bc` uses the binary representation of the exponent to calculate power. Every bit that's a 1 has an extra multiply.\r\n\r\nSo if I set one of the powers to `(2^32)-1`, I know every single bit will be 1, meaning that there will be extra multiplications. However, it will also mean I need to use an exponent of 3086 (`13256118217109/((2^32)-1)`), whereas if I set one of the powers to be `2^31`, there will only be a single 1 bit, but I will need to use an exponent of 6172.\r\n\r\nAn exponent of 6172 has the same amount of 1 bits as 3086 (it's just 3086 times 2), so it will require only one more multiply. However, `2^31` will require 30 less multiplies than `(2^32)-1`, so we'll go with that.\r\n\r\nThat gives us this code:\r\n\r\n```\r\nscale = 0\r\ne = 2^31\r\ns = ((169287^137)^920)\r\nt = 13256118217109 / e\r\nm = 13256118217109 % e\r\nn = s^e\r\nr = n^t\r\nr *= s^m\r\n```\r\n\r\nI haven't tested the above code because it will take forever. If there are problems, please let me know.\r\n\r\n> I would like to test it for benchmark purposes against Julia REPL (for example)\r\n\r\nMy `bc` will be slower than Julia. I am confident of that.\r\n\r\nThis is because my `bc` does not use the full range of hardware-native integers in order to use decimal-based math. I bet Julia does use the full range and uses binary-based math.\r\n\r\nAlso, since it's taken seven hours on my `bc` on a 64-bit machine, I am *wildly* confident that Julia will be better.\r\n\r\nYou may want a benchmark with a smaller exponent.",
+        "createdAt": "2023-03-16T22:04:11Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/66#issuecomment-1472811617",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5X2u-Q",
+        "author": {
+          "login": "STSMHQ"
+        },
+        "authorAssociation": "NONE",
+        "body": "First of all, I just want to let you know that you're really, really amazing. The passion that you've for your project(s) and for the people that interact with them is something that melts my heart. I hope one day I can be a programmer as good as you and also, more important, have the same amount of passion that you have.\r\n\r\nEnglish is not my primary language, so this may not make any sense.\r\n\r\n> Anyway, one way to get around the limit would be to get a computer with a 64-bit unsigned long type. Machines that may not have that could include Windows (even if 64-bit) or 32-bit machines with any OS.\r\n\r\nI'm using a x64 Windows Machine, that's the reason, so. I'll start compiling your `bc` on Linux using WSL.\r\n\r\n> You must know one fact: `(x^y)*(x^z) == x^(y+z)`.\r\n> \r\n> In essence, if you multiply two powers of one number, the effect is the same as adding the exponents of those powers and then calculating the power from the sum of those exponents.\r\n\r\nI knew that, but somehow I didn't think about it. Thanks for the recap.\r\n\r\n> My `bc` will be slower than Julia. I am confident of that.\r\n>\r\n> This is because my `bc` does not use the full range of hardware-native integers in order to use decimal-based math. I bet Julia does use the full range and uses binary-based math.\r\n\r\nWell, that's kinda \"chinese\" to me. I'm not as good as you to understand that low-level programming stuff\r\n\r\n> You may want a benchmark with a smaller exponent.\r\n\r\nI'll.\r\n\r\nOn another topic, I'm using your tool to keep track of my expenses. Before closing this issue, I would like to ask you if there is any way that I can use \"import\" statements in your `bc` ecosystem.\r\n\r\nI know that I can work with more than one file at the same time using the `-f`/`-c` flags, but I'm wondering if is possible to access multiple files by only importing one - and use data from other files inside it.\r\n\r\nMy goal (if that can help you answering it) is to have a single file with functions/operations and then a bunch of other files only with data (expenses and gains) - like a local mini database - that I can call in the \"main\" `bc` file and work with.\r\n",
+        "createdAt": "2023-03-17T14:54:05Z",
+        "includesCreatedEdit": true,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/66#issuecomment-1473965968",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc5X5p-w",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Thank you for your compliment!\r\n\r\nJust so you know, I have [not always had this passion][1]. But I firmly believe that software is meant to serve people. That's why I focus so much on helping others.\r\n\r\nIt makes me really happy that you noticed!\r\n\r\n> I'm using a x64 Windows Machine, that's the reason, so. I'll start compiling your `bc` on Linux using WSL.\r\n\r\nYeah, sorry about that. Windows is dumb in that they decided that the `unsigned long` type should remain 32 bits. It was a stupid decision.\r\n\r\n> Well, that's kinda \"chinese\" to me. I'm not as good as you to understand that low-level programming stuff\r\n\r\nI apologize. I'll try again.\r\n\r\nUnder the hood, `bc` uses 32-bit unsigned integers (on 64-bit) as \"digits\". It turns out that the highest power of 10 that 32 bits can contain is `10^9`, or 1,000,000,000. This is one more than the maximum value that `bc` allows in each 32-bit integer. If it goes higher than this, `bc` will detect that it went higher and add the extra to the next \"digit\". This keeps each digit below 1,000,000,000.\r\n\r\nHowever, that is not optimal. I did that because `bc` needs to have decimal-based math. (In other words, the math needs to be in base 10.) If you can have your math in binary, base 2, it's much cheaper because then you can make your limit `2^32`, which is much higher than `10^9` (4,294,967,296 vs. 1,000,000,000).\r\n\r\nJulia uses base 2. This means that each \"digit\" can store more, which means the numbers are smaller (in number of digits). And smaller numbers mean faster execution.\r\n\r\nI hope that made sense.\r\n\r\n> On another topic, I'm using your tool to keep track of my expenses.\r\n\r\nI admit that's *terrifying* to me. I mean, technically, it should be safe, as long as you don't do any division or modulus in your scripts. But I don't want to screw up your finances with `bc`.\r\n\r\nI hope you remember there's **no warranty**. If there is a bug, I'll try to help, but I can't guarantee that your financial records will be correct in the presence of bugs.\r\n\r\nI *will* guarantee, though, that I know of no bugs. I have fixed all of the ones I am aware of.\r\n\r\n> Before closing this issue, I would like to ask you if there is any way that I can use \"import\" statements in your bc ecosystem.\r\n\r\nSort of.\r\n\r\n> I know that I can work with more than one file at the same time using the `-f`/`-c` flags, but I'm wondering if is possible to access multiple files by only importing one - and use data from other files inside it.\r\n\r\nWell, that's the only way.\r\n\r\nActually, it's even simpler than that. `bc` runs scripts in the order given on the command-line. For example, you could run this:\r\n\r\n```\r\n$ bc funcs.bc database.bc main.bc\r\n```\r\n\r\nAnd `bc` will run `funcs.bc`, then `database.bc`, then `main.bc`.\r\n\r\nThis means that anything in `funcs.bc` can affect the execution of `database.bc`, and anything in `funcs.bc` and `database.bc` can affect the execution of `main.bc`.\r\n\r\nThis means that you can chain together scripts in a way that acts like import. Sort of. If you would only import at the top of a file.\r\n\r\nBasically, this would mean that if `bc` had an `import` statement, the above would be equivalent to putting:\r\n\r\n```\r\nimport funcs.bc\r\nimport database.bc\r\n```\r\n\r\nat the *top* of `main.bc`.\r\n\r\nI do this myself; I have a math research project, and when I get new ideas, I start a new script. But I have all of my common functions in a `lib.bc` script, so I run it like this:\r\n\r\n```\r\n$ bc lib.bc <current_script>\r\n```\r\n\r\nThis even works for global variables; if you set a variable `food_expenses` to say `101.00` at the top level of a script, that variable will equal `101.00` in later scripts.\r\n\r\nSo if I were you, I would have a `funcs.bc` script that defines all of the functions. Then I would have a `database.bc` script that has the current values of all of your expenses. It should look something like this:\r\n\r\n```\r\nfood_expenses = 101.00\r\nentertainment_expenses = 45.50\r\n```\r\n\r\nand so on.\r\n\r\nThen, in the last script, I would have the code to actually update the database, but instead of directly updating, I would have it print the new \"version\" of `database.bc` to `stdout`.\r\n\r\nThen you would run it like this:\r\n\r\n```\r\n$ bc funcs.bc database.bc main.bc > temp.bc\r\n```\r\n\r\nThen check that `temp.bc` is correct. If it is, you can remove `database.bc` and rename `temp.bc` to `database.bc`:\r\n\r\n```\r\n$ rm database.bc\r\n$ mv temp.bc database.bc\r\n```\r\n\r\nTo make the example more concrete, let's assume that you have a `funcs.bc` that looks like this:\r\n\r\n```\r\ndefine void add_to_food_expenses(expense) {\r\n    # If you don't put `food_expenses` in an `auto` statement,\r\n    # then the global variable will be affected.\r\n    food_expenses += expense\r\n    # The global `total_expenses` is also affected with an `auto`.\r\n    total_expenses += expense\r\n}\r\n\r\ndefine void print_new_database() {\r\n    print \"food_expenses = \", food_expenses, \"\\n\"\r\n    print \"total_expenses = \", total_expenses, \"\\n\"\r\n}\r\n```\r\n\r\nThen perhaps you have a `database.bc` that looks like this:\r\n\r\n```\r\nfood_expenses = 101.00\r\ntotal_expenses = 404.40\r\n```\r\n\r\nThen you have a `main.bc` that looks like this:\r\n\r\n```\r\n# read() reads from stdin.\r\nexpense = read()\r\n\r\nadd_to_food_expenses(expense)\r\n\r\nprint_new_database()\r\n```\r\n\r\nThen running the following:\r\n\r\n```\r\n$ echo \"35.75\" | bc funcs.bc database.bc main.bc\r\n```\r\n\r\nwill print:\r\n\r\n```\r\nfood_expenses = 136.75\r\ntotal_expenses = 440.15\r\n```\r\n\r\nwhich if you redirect to `temp.bc`:\r\n\r\n```\r\n$ echo \"35.75\" | bc funcs.bc database.bc main.bc > temp.bc\r\n```\r\n\r\nwill make `temp.bc` a valid replacement for `database.bc`.\r\n\r\n(While it may be safe to redirect straight to `database.bc`, I would not suggest doing so. If `funcs.bc` has any print statements that run, `database.bc` will be overwritten before it is ever read.)\r\n\r\n> My goal (if that can help you answering it) is to have a single file with functions/operations and then a bunch of other files only with data (expenses and gains) - like a local mini database - that I can call in the \"main\" `bc` file and work with.\r\n\r\nI *think* I answered according to your goal. I hope that helps, but please come back with any questions you have.\r\n\r\n[1]: https://gavinhoward.com/2021/12/is-it-even-worth-working-on-foss-anymore/",
+        "createdAt": "2023-03-18T05:48:18Z",
+        "includesCreatedEdit": true,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/66#issuecomment-1474731952",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5YHLzP",
+        "author": {
+          "login": "STSMHQ"
+        },
+        "authorAssociation": "NONE",
+        "body": "Hi. Sorry for the delay replying.\r\n\r\n> It makes me really happy that you noticed!\r\n\r\nOf course. I'm lacking motivation for programming - even in my university project (I'm currently in my last year of my master degree) -, specially now with all the improvements made in the IA field, but reading your blog posts and messages like this one, somehow, gives me motivation to continue.\r\n\r\nI would like to suggest, if possible, a way to interact with you in your blog (like a comments section, for example). \r\n\r\n> I hope that made sense.\r\n\r\nIt did. I studied it in my first year at university, but I didn't know that specifically, so thank you.\r\n\r\n> I hope you remember there's **no warranty**. If there is a bug, I'll try to help, but I can't guarantee that your financial records will be correct in the presence of bugs.\r\n> \r\n> I *will* guarantee, though, that I know of no bugs. I have fixed all of the ones I am aware of.\r\n\r\nAnd that's all that matters for me. There is nothing that compares to the support that you offer.\r\n\r\n> I think I answered according to your goal. I hope that helps, but please come back with any questions you have.\r\n\r\nYou did. Thanks again for the time spent on this. I use a different set of files, but the information that you gave me is going to help me improve my system. So, thanks (one more time xD).",
+        "createdAt": "2023-03-21T17:06:49Z",
+        "includesCreatedEdit": true,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/66#issuecomment-1478278351",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc5YIXfA",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "> Sorry for the delay replying.\r\n\r\nNo worries!\r\n\r\n> Of course. I'm lacking motivation for programming - even in my university project (I'm currently in my last year of my master degree)\r\n\r\nOh, cool, what is your project? (I dropped out of a Master's; I'm kind of jealous.)\r\n\r\n> I would like to suggest, if possible, a way to interact with you in your blog (like a comments section, for example).\r\n\r\nI have thought about this many times and have always rejected the idea due to the amount of spam-busting and moderation required, at least as told by other bloggers. Oh, and I don't want people to see a buggy site if they have JavaScript turned off as comments nearly always require JavaScript.\r\n\r\nHowever, your suggestion has made me look at it again, and I had an idea.\r\n\r\nOne of the best pieces of software, at least for forums, is the software underpinning <https://lobste.rs/>. While I have been banned from that site, I appreciate the software for its moderation capabilities. This includes invite-only registration, which would help a lot to only allow people who want to interact with me and others in a good way.\r\n\r\nI've also always wanted to run a forum site where Free Speech was honored as much as possible because [I think Free Speech is necessary to find the truth][1].\r\n\r\nSo in response to your suggestion, if the lobste.rs software will work for my purposes, I'll spin up an instance at <https://forum.gavinhoward.com/> (or something similar), and I'll send you an invite, along with anyone else whose opinions I trust. And every time I post something new, I'll put it on the instance and link to it from the post. That should allow me to have a \"comments section\" while not interfering with my current site.\r\n\r\nI think I'll also allow others to post stuff too. Maybe I'll make its theme to be anything that is intellectually stimulating. I don't know; I'm just spitballing here.\r\n\r\n> I studied it in my first year at university, but I didn't know that specifically, so thank you.\r\n\r\nYou're welcome!\r\n\r\n> And that's all that matters for me.\r\n\r\nThank goodness!\r\n\r\n> There is nothing that compares to the support that you offer.\r\n\r\nYou're welcome! And thank you. I am overjoyed to hear this, actually.\r\n\r\nI'm starting a business right now, and my product is support for Open Source software that I have written. I was wondering if that would be a good product, but if my support is good, it might work. So I'm *thrilled* that you think so!\r\n\r\n(Don't worry; I'll always support `bc` for free; it's my gift to the world. The software that I'll be supporting for pay is at <https://git.yzena.com/Yzena/Yc>.)\r\n\r\nFull disclosure: this is also why I took your suggestion for a comments section more seriously; it would be a good way for me to network with potential clients. I apologize for having less than perfect motives.\r\n\r\nAlso, to take it one step further, can I point to this interaction we had as an example of the support I will give? I think it would be great material to advertise with. No offense if you don't want that though; I know that's a selfish motive.\r\n\r\n> You did. Thanks again for the time spent on this. I use a different set of files, but the information that you gave me is going to help me improve my system. So, thanks (one more time xD).\r\n\r\nYou're welcome! Glad I could help!\r\n\r\n[1]: https://gavinhoward.com/2019/11/recommendations-and-radicalization/",
+        "createdAt": "2023-03-21T21:13:49Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/66#issuecomment-1478588352",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5YLZeg",
+        "author": {
+          "login": "STSMHQ"
+        },
+        "authorAssociation": "NONE",
+        "body": "> Oh, cool, what is your project? (I dropped out of a Master's; I'm kind of jealous.)\r\n\r\nYou don't need to be. You seem to have the required knowledge to be a teacher on my university. I'm from Portugal, btw.\r\n\r\nMy project is about telemetry. I'm building a telemetry solution using OpenTelemetry and multiple analysis backends for a health company. The problem is that such project is inside DevOps field and that's not my expertice or even the field that I want to work on. I want to be a programmer, a system programmer to be more precise.\r\n\r\n> This includes invite-only registration, which would help a lot to only allow people who want to interact with me and others in a good way.\r\n\r\nThat seems a good way to implement it. I didn't know about that specific website, but after a brief usage of it, I can say that I liked the way that it works.\r\n\r\n> So in response to your suggestion, if the lobste.rs software will work for my purposes, I'll spin up an instance at https://forum.gavinhoward.com/ (or something similar), and I'll send you an invite, along with anyone else whose opinions I trust. And every time I post something new, I'll put it on the instance and link to it from the post. That should allow me to have a \"comments section\" while not interfering with my current site.\r\n\r\nThat makes a lot of sense. I appreciate the consideration for my opinion xD\r\n\r\nWhen that instance is online, let me know, please.\r\n\r\n> I'm starting a business right now, and my product is support for Open Source software that I have written. I was wondering if that would be a good product, but if my support is good, it might work. So I'm thrilled that you think so!\r\n\r\nI see.. something like the commercial support that Daniel Stenberg offers for cURL?\r\n\r\n> (Don't worry; I'll always support bc for free; it's my gift to the world. The software that I'll be supporting for pay is at https://git.yzena.com/Yzena/Yc.)\r\n\r\nThat's nice to read. I'm planning to use `bc` for a very long time :d\r\n\r\n> Full disclosure: this is also why I took your suggestion for a comments section more seriously; it would be a good way for me to network with potential clients. I apologize for having less than perfect motives.\r\n\r\nIt wasn't necessary to make that disclosure. You're too kind just for considering having to do it. \r\n\r\n> Also, to take it one step further, can I point to this interaction we had as an example of the support I will give? I think it would be great material to advertise with. No offense if you don't want that though; I know that's a selfish motive.\r\n\r\nOf course you can. I'm flattered to be part of that.\r\n\r\n> You're welcome! Glad I could help!\r\n\r\nYou always do. Thanks (one more time)!",
+        "createdAt": "2023-03-22T11:20:57Z",
+        "includesCreatedEdit": true,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/66#issuecomment-1479382944",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc5YagqG",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "> The problem is that such project is inside DevOps field and that's not my expertice or even the field that I want to work on. I want to be a programmer, a system programmer to be more precise.\r\n\r\nOuch. I feel for you, and I feel lucky.\r\n\r\nI know this may not help, but I have personally found that my system programming skills (dev) got better after I learned system admininstration (ops).\r\n\r\nSystem administration is important to me for another reason: without it, I can't host my code or the forum that I mentioned.\r\n\r\nOnce you get your Master's, maybe you can try to do what I have done: build excellent system software and support it. That may give you the room you need to make it a career. If it is going to work for me, it will surely work for you too!\r\n\r\n> When that instance is online, let me know, please.\r\n\r\nIt's up at <https://forum.gavinhoward.com/>, but email is not working, so I need to wait. Please send me an email using the email listed at <https://gavinhoward.com/contact/>, and I'll send you an invite once email is working.\r\n\r\n> I see.. something like the commercial support that Daniel Stenberg offers for cURL?\r\n\r\nYes, basically.\r\n\r\n> Of course you can. I'm flattered to be part of that.\r\n\r\nThank you!",
+        "createdAt": "2023-03-24T20:02:20Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/66#issuecomment-1483344518",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5YtkJ8",
+        "author": {
+          "login": "STSMHQ"
+        },
+        "authorAssociation": "NONE",
+        "body": "Sorry for the delay replying (again).\r\n\r\n> I know this may not help, but I have personally found that my system programming skills (dev) got better after I learned system admininstration (ops).\r\n\r\nI hope you're right.\r\n\r\n> Once you get your Master's, maybe you can try to do what I have done: build excellent system software and support it. That may give you the room you need to make it a career. If it is going to work for me, it will surely work for you too!\r\n\r\nI'm trying to learn Rust on my free time, but it's been hard - I know your opinion about Rust xD -, let's see. \r\n\r\n> It's up at https://forum.gavinhoward.com/, but email is not working, so I need to wait. Please send me an email using the email listed at https://gavinhoward.com/contact/, and I'll send you an invite once email is working.\r\n\r\nThe [forum](https://forum.gavinhoward.com/) returns a 500 error code to me and the [contact page](https://gavinhoward.com/contact/) shows me that your e-mail is `<my_first_name>@<this_website>`. I'll send an email to `<redacted>` and hope it works.\r\n\r\n> Yes, basically.\r\n\r\nI see. Well, good luck for your new project. I'm pretty sure that people will love your support as much as I do.",
+        "createdAt": "2023-03-29T10:27:50Z",
+        "includesCreatedEdit": true,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/66#issuecomment-1488339580",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc5YwWgF",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "> I'm trying to learn Rust on my free time, but it's been hard - I know your opinion about Rust xD -, let's see.\r\n\r\nRemember that my Rust opinion is personal; Rust is pretty good in general.\r\n\r\n> The [forum](https://forum.gavinhoward.com/) returns a 500 error code to me and the [contact page](https://gavinhoward.com/contact/) shows me that your e-mail is `<my_first_name>@<this_website>`.\r\n\r\nI'm having trouble with the forum. In fact, it turns out that sending email just doesn't work. My email provider is blaming the lobste.rs software, but the software has the right settings, so...\r\n\r\nI'm probably just going to have to write my own forum software. Sorry for the delay. It may be a year or so.\r\n\r\n> I'll send an email to `<redacted>` and hope it works.\r\n\r\nThat is the correct address. I've redacted it because I don't want it machine-readable (to avoid spam), but it is correct.\r\n\r\n> I see. Well, good luck for your new project. I'm pretty sure that people will love your support as much as I do.\r\n\r\nThank you!",
+        "createdAt": "2023-03-29T18:07:27Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/66#issuecomment-1489070085",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5Y0Yev",
+        "author": {
+          "login": "STSMHQ"
+        },
+        "authorAssociation": "NONE",
+        "body": "> Remember that my Rust opinion is personal; Rust is pretty good in general.\r\n\r\nI hope it is here to stay for the long run.\r\n\r\n> I'm probably just going to have to write my own forum software. Sorry for the delay. It may be a year or so.\r\n\r\nNo problem. I'll put a reminder on my calendar, so. See you in a year (or so). Have a nice week!",
+        "createdAt": "2023-03-30T11:18:53Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/66#issuecomment-1490126767",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc5kIVVh",
+        "author": {
+          "login": "TediusTimmy"
+        },
+        "authorAssociation": "NONE",
+        "body": "Hey, I realize that you asked this five months ago, but I just saw this and I wanted to chime in, because I love REALLLY BIG NUMBERS.\r\n\r\nNow, Gavin noted that `(x^y)*(x^z) == x^(y+z)`. It is also true that `(x^y)^z == x^(y*z)`. So, we can simplify your question to `169287^1670801140084418360`. Hoo, boy is that a big number! How big is it? `2.4917161343640611*10^8735990286585912792` The number that describes how many digits are in the number has 19 digits in it.\r\n\r\nHow did I do this (and what is Julia probably doing under the covers)? The same way a slide rule works: logarithms. It is definitionally true that `a^u=e^(ln(a^u))`. So `a^u=e(u*ln(a))`. But this works in any base, so I'll choose base 10 (I hope you remember your laws of logarithms).\r\n\r\nTo follow along:\r\n```\r\nscale=40\r\n137*920*13256118217109*l(169287)/l(10)\r\n```\r\nThat should give you that exponent. Remember: the number we want is ten raised to this power. To get the leading digits, we extract the mantissa (the fractional portion of a logarithm), and then raise 10 to this power. This works because of what Gavin noted: we can separate `3.2` into `3+.2`, and we are raising ten to this power, so it becomes `(10^3)*(10^.2)`:\r\n```\r\ne(.3964985643509537948664437764527360339575*l(10))\r\n```\r\n\r\nI want to point out two things: firstly, `bc` is going to compute all of the digits of this number; secondly, it is a big number. If we pack 19 decimal digits into every 8 bytes, it will still take over 3,000 petabytes of memory to store this number. To give you a sense of scale: at the end of 2021, Internet Archive had 212 petabytes of data archived.",
+        "createdAt": "2023-08-16T03:29:40Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [
+          {
+            "content": "THUMBS_UP",
+            "users": {
+              "totalCount": 1
+            }
+          }
+        ],
+        "url": "https://github.com/gavinhoward/bc/issues/66#issuecomment-1679906145",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc5kl8FL",
+        "author": {
+          "login": "STSMHQ"
+        },
+        "authorAssociation": "NONE",
+        "body": "Hi, @TediusTimmy. Thank you for your explanation. It helped a lot. I didn't know some of that mathematic equivalences. Have a nice week.",
+        "createdAt": "2023-08-22T07:56:38Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/66#issuecomment-1687667019",
+        "viewerDidAuthor": false
+      }
+    ],
+    "createdAt": "2023-03-16T12:20:42Z",
+    "id": "I_kwDOCL0xJc5g_6ME",
+    "isPinned": false,
+    "labels": [],
+    "milestone": null,
+    "number": 66,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "state": "CLOSED",
+    "stateReason": "COMPLETED",
+    "title": "[QUESTION] Bypass Math Overflow for Large Computations",
+    "updatedAt": "2023-08-22T07:56:38Z",
+    "url": "https://github.com/gavinhoward/bc/issues/66"
+  },
+  {
+    "assignees": [],
+    "author": {
+      "id": "U_kgDOB5Gq1Q",
+      "is_bot": false,
+      "login": "ikolesnikes",
+      "name": ""
+    },
+    "body": "bin/bc enters an infinite loop while evaluating the cube-root of 0.01\r\n\r\nbin/bc -l -e 'cbrt(0.1)'\r\nreturns .46415888336127788924 (which is expected)\r\n\r\nbin/bc -l -e 'cbrt(0.01)'\r\nfreezes\r\n\r\nLooking at the definition of root(x,n) in lib2.bc the following loop never exits\r\n\r\n\twhile(r!=q){\r\n\t\tr=q\r\n\t\tq=(p*r+x/r^p)/n\r\n\t}\r\n\r\nA simple hack makes the cbrt function working.\r\n\r\n\twhile(abs(r-q)>0.000001){\r\n\t\tr=q\r\n\t\tq=(p*r+x/r^p)/n\r\n\t}",
+    "closed": true,
+    "closedAt": "2023-03-15T21:56:14Z",
+    "comments": [
+      {
+        "id": "IC_kwDOCL0xJc5XXKFy",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Yes, this is a bug. I have reproduced it.\r\n\r\nYour fix pointed right to the problem, which I suspected: it ran into a pathological case where the two values, `r` and `q`, never equaled each other because they would keep switching, i.e., `r` would equal `x`, and `q` would equal `y`, then on the next iteration, `r` would equal `y`, and `q` would equal `x`.\r\n\r\nThis is the reason I hate algorithms that are calculated by series. They can easily have problems like this.\r\n\r\nI tried to fix it with 01230fcd9cfb547c5666247e1a36c624d3f2d01c. It increases the precision, but then does the comparison at a smaller precision.\r\n\r\nCan you pull and test it for me? I'll start my release process in the meantime.",
+        "createdAt": "2023-03-13T08:13:31Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/64#issuecomment-1465688434",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5XYwKM",
+        "author": {
+          "login": "ikolesnikes"
+        },
+        "authorAssociation": "NONE",
+        "body": "I tested your solution and it worked!\r\nMaybe it's worth to add a test for this case.\r\n\r\nNever mind, you already did it.",
+        "createdAt": "2023-03-13T13:03:47Z",
+        "includesCreatedEdit": true,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/64#issuecomment-1466106508",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc5XZaRe",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Yes, but you are right that if I did not, I should have!\r\n\r\nI will put out a release with the fix as soon as I can. I'll close this issue at that time.",
+        "createdAt": "2023-03-13T14:45:27Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/64#issuecomment-1466279006",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5XrBvX",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Release `6.5.0` is out! Thank you for the report!",
+        "createdAt": "2023-03-15T21:56:14Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/64#issuecomment-1470897111",
+        "viewerDidAuthor": true
+      }
+    ],
+    "createdAt": "2023-03-13T06:01:54Z",
+    "id": "I_kwDOCL0xJc5gm5mO",
+    "isPinned": false,
+    "labels": [],
+    "milestone": null,
+    "number": 64,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "state": "CLOSED",
+    "stateReason": "COMPLETED",
+    "title": "bc freezes evaluating cbrt(0.01)",
+    "updatedAt": "2023-03-15T21:56:14Z",
+    "url": "https://github.com/gavinhoward/bc/issues/64"
+  },
+  {
+    "assignees": [],
+    "author": {
+      "id": "MDQ6VXNlcjE0ODEyNjg=",
+      "is_bot": false,
+      "login": "pg83",
+      "name": "Anton Samokhvalov"
+    },
+    "body": "https://github.com/gavinhoward/bc/blob/master/scripts/safe-install.sh#L28 creates hard dependency loop on previously available bc for install process, which can be not available:\r\n\r\n* in bootstrap environments\r\n* in cross-compile environments\r\n",
+    "closed": true,
+    "closedAt": "2023-02-25T15:11:27Z",
+    "comments": [
+      {
+        "id": "IC_kwDOCL0xJc5WEExO",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Whoops. I did not think of that. My bad.\r\n\r\nThis should be fixed in 313738df7f6d65875dd91ef63565227d0f782472 and 349cd801d5a7f4ab2fad76096d271397aa738063. I put out `6.3.1` because I know for a fact that Linux from Scratch will need these changes too, and they usually just grab the latest release.\r\n\r\nI hope this new release works for you. Please close this issue if it does.",
+        "createdAt": "2023-02-24T16:05:13Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [
+          {
+            "content": "THUMBS_UP",
+            "users": {
+              "totalCount": 1
+            }
+          }
+        ],
+        "url": "https://github.com/gavinhoward/bc/issues/63#issuecomment-1443908686",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5WIxOt",
+        "author": {
+          "login": "pg83"
+        },
+        "authorAssociation": "NONE",
+        "body": "thanx!",
+        "createdAt": "2023-02-25T15:11:27Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/63#issuecomment-1445139373",
+        "viewerDidAuthor": false
+      }
+    ],
+    "createdAt": "2023-02-24T11:34:48Z",
+    "id": "I_kwDOCL0xJc5fRqQO",
+    "isPinned": false,
+    "labels": [],
+    "milestone": null,
+    "number": 63,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "state": "CLOSED",
+    "stateReason": "COMPLETED",
+    "title": "bc -> bc dependency loop",
+    "updatedAt": "2023-02-25T15:11:28Z",
+    "url": "https://github.com/gavinhoward/bc/issues/63"
+  },
+  {
+    "assignees": [],
+    "author": {
+      "id": "MDQ6VXNlcjUzMTI5ODE2",
+      "is_bot": false,
+      "login": "enh-google",
+      "name": ""
+    },
+    "body": "trying to update AOSP to 6.2.4 (https://android-review.googlesource.com/c/platform/external/bc/+/2433072) i hit:\r\n```\r\ntests/: 413 files pushed, 0 skipped. 6.5 MB/s (1197549 bytes in 0.175s)\r\nscripts/functions.sh: 1 file pushed, 0 skipped. 60.6 MB/s (14190 bytes in 0.000s)\r\n***********************************************************************\r\n\r\nRunning bc tests...\r\n\r\nRunning bc decimal...pass\r\nSkipping bc print test\r\nSkipping bc parse test\r\nSkipping bc lib2\r\nRunning bc print2...pass\r\nRunning bc length...pass\r\nRunning bc scale...pass\r\nSkipping bc shift\r\nRunning bc add...pass\r\nRunning bc subtract...pass\r\nRunning bc multiply...pass\r\nRunning bc divide...pass\r\nRunning bc modulus...pass\r\nRunning bc power...pass\r\nRunning bc sqrt...pass\r\nSkipping bc trunc\r\nSkipping bc places\r\nRunning bc vars...pass\r\nRunning bc boolean...pass\r\nRunning bc comp...pass\r\nRunning bc abs...pass\r\nRunning bc assignments...pass\r\nRunning bc functions...pass\r\nSkipping bc scientific\r\nSkipping bc engineering\r\nRunning bc globals...pass\r\nRunning bc strings...pass\r\nSkipping bc strings2 test\r\nRunning bc letters...pass\r\nRunning bc exponent...pass\r\nRunning bc log...pass\r\nRunning bc pi...pass\r\nRunning bc arctangent...pass\r\nRunning bc sine...pass\r\nRunning bc cosine...pass\r\nSkipping bc bessel test\r\nRunning bc arrays...pass\r\nRunning bc misc...pass\r\nRunning bc misc1...pass\r\nRunning bc misc2...pass\r\nRunning bc misc3...pass\r\nRunning bc misc4...pass\r\nRunning bc misc5...pass\r\nRunning bc misc6...pass\r\nRunning bc misc7...pass\r\nRunning bc misc8...pass\r\nRunning bc void...pass\r\nSkipping bc rand\r\nRunning bc recursive_arrays...pass\r\nRunning bc divmod...pass\r\nRunning bc modexp...pass\r\nSkipping bc bitfuncs\r\nSkipping bc leadingzero\r\nRunning bc is_number...pass\r\nRunning bc is_string...pass\r\nRunning bc asciify_array...pass\r\nRunning bc line_by_line1...pass\r\nRunning bc line_by_line2...pass\r\nRunning bc line_loop_quit1...pass\r\nRunning bc line_loop_quit2...pass\r\nRunning bc stdin tests...pass\r\n/data/local/tmp/bc-tests/tests/scripts.sh[66]: check_d_arg: inaccessible or not found\r\n\r\nExit Code: 127\r\n```\r\nlooking at scripts.sh, it doesn't source functions.sh where the preceding scripts do. i'm not sure why that works with bash? i didn't think bash exported functions by default, but maybe it's doing so?\r\n\r\nanyway, i tested the obvious fix (https://android-review.googlesource.com/c/platform/external/bc/+/2433072/2/tests/scripts.sh).",
+    "closed": true,
+    "closedAt": "2023-02-15T16:15:07Z",
+    "comments": [
+      {
+        "id": "IC_kwDOCL0xJc5VLKwA",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Whoops. That's a bug.\r\n\r\nI tried clicking your links, but they complained that I wasn't signed in our didn't have permission.\r\n\r\nI presume your obvious fix was to source `functions.sh`? I'll do that in my repo when I get home. Do you want a tagged release?",
+        "createdAt": "2023-02-14T01:55:30Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/62#issuecomment-1428990976",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5VLMMt",
+        "author": {
+          "login": "enh-google"
+        },
+        "authorAssociation": "NONE",
+        "body": "> I tried clicking your links, but they complained that I wasn't signed in our didn't have permission.\r\n\r\ngah, don't get me started ... the powers that be inflicted a stupid url rewriter on us recently that mean we can't give working urls to anyone. i'd tried to manually fix these, but didn't test them. fixed now (retconned above).\r\n\r\n> I presume your obvious fix was to source `functions.sh`?\r\n\r\nexactly.\r\n\r\n> I'll do that in my repo when I get home. Do you want a tagged release?\r\n\r\nyes please... our tooling isn't yet clever enough to get us back on to the next tagged release if we switch to a sha, so until we implement that, it's quite a bit more convenient if there's another tag. (especially if i happen to go under a bus :-) )",
+        "createdAt": "2023-02-14T02:02:08Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/62#issuecomment-1428996909",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc5VLqu1",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Fixed in 714782c613ec2a4570f63c1285d38785961edb89, which should also preemptively fix any other occurrences of this same bug.\r\n\r\nI'm running a basic release process to ensure that the release still builds and tests, but I should have a tag out tomorrow morning (US time).",
+        "createdAt": "2023-02-14T05:04:50Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/62#issuecomment-1429121973",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5VP1W1",
+        "author": {
+          "login": "enh-google"
+        },
+        "authorAssociation": "NONE",
+        "body": "> I'm running a basic release process to ensure that the release still builds and tests, but I should have a tag out tomorrow morning (US time).\r\n\r\nthanks! no hurry...",
+        "createdAt": "2023-02-14T18:46:00Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/62#issuecomment-1430214069",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc5VQreo",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "It's out! Because I haven't been able to get an Android environment going yet, I'm still not sure this will work for you. If it does, though, please close this issue. Otherwise, I'll try something else.",
+        "createdAt": "2023-02-14T22:04:15Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/62#issuecomment-1430435752",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5VRBCe",
+        "author": {
+          "login": "enh-google"
+        },
+        "authorAssociation": "NONE",
+        "body": "thanks... testing now: https://android-review.googlesource.com/c/platform/external/bc/+/2436773",
+        "createdAt": "2023-02-14T23:24:21Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/62#issuecomment-1430524062",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc5VVNiI",
+        "author": {
+          "login": "enh-google"
+        },
+        "authorAssociation": "NONE",
+        "body": "merged! thanks for your help :-)",
+        "createdAt": "2023-02-15T16:15:07Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/62#issuecomment-1431623816",
+        "viewerDidAuthor": false
+      }
+    ],
+    "createdAt": "2023-02-14T00:32:53Z",
+    "id": "I_kwDOCL0xJc5eXxKU",
+    "isPinned": false,
+    "labels": [],
+    "milestone": null,
+    "number": 62,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "state": "CLOSED",
+    "stateReason": "COMPLETED",
+    "title": "another mksh/bash difference?",
+    "updatedAt": "2023-02-15T16:15:07Z",
+    "url": "https://github.com/gavinhoward/bc/issues/62"
+  },
+  {
+    "assignees": [],
+    "author": {
+      "id": "MDQ6VXNlcjUzMTI5ODE2",
+      "is_bot": false,
+      "login": "enh-google",
+      "name": ""
+    },
+    "body": "i haven't been able to update for some time (5.0.1 was our last update!) because the tests fail in a weird way without much useful information. i've included the current failures for 6.2.2 below, for example.\r\n\r\nmy guess is that this is something to do with Android using mksh as its /bin/sh. the interleaved output makes it appear like there might be some disagreement about job handling between bash and mksh?\r\n\r\nare the current bc tests known to work on shells other than bash (and in particular mksh)? any ideas where i should look (or some kind of parallelism i can just disable)?\r\n```\r\n~/aosp-master-with-phones/external/bc$ ./run-bc-tests-on-android.sh \r\ntests/: 413 files pushed, 0 skipped. 0.8 MB/s (1191155 bytes in 1.372s)\r\nscripts/functions.sh: 1 file pushed, 0 skipped. 75.4 MB/s (12065 bytes in 0.000s)\r\n***********************************************************************\r\n\r\nRunning bc tests...\r\n\r\nSkipping bc lib2\r\nSkipping bc shift\r\nSkipping bc trunc\r\nSkipping bc places\r\nSkipping bc print test\r\nSkRunning bc decimal...Running bc print2...ipping bc parse test\r\nRunning bc scale...Skipping bc scientific\r\nRunning bc length...Running bc sqrt...Running bc modulus...RuRunning bc add...nning bc divide...Running bc subtract...Skipping bc engineering\r\nRunning bc multiply...Running bc power...Running bc abs...Running bc functions...pass\r\nRunning bc boolean...Running bc comp...Running bc assignments...Running bc vars...pass\r\nSkipping bc rand\r\npass\r\nSRunning bc globals...kipping bc bitfuncs\r\npass\r\nRunning bc strings...pass\r\nRunning bc cosine...pass\r\nSkipping bc strings2 test\r\nSkipping bc bessel test\r\npass\r\nRunning bc sine...Running bc misc2...RRunning bc exponent...pRunning bc log...Running bc misc8...Running bc misc...Running bc misc4...Running bc pi...upass\r\nSkipping bc leadingzero\r\nnning bc misc1...ppasRunning bc arrays...asss\r\n\r\nass\r\nRunning bc arctangent...Running bc misc6...Running bc modexp...Running bc void...Running bc misc3...Running bc letters...pass\r\npass\r\npRunning bc misc7...ass\r\npass\r\npass\r\nRunning bc divmod...Running bc recursive_arrays...Running bc misc5...pass\r\npass\r\npass\r\npass\r\npass\r\npass\r\npass\r\nppass\r\nass\r\nRunning bc is_number...pass\r\npass\r\npass\r\npass\r\nRunning bc asciify_array...Running bc line_loop_quit1...pass\r\nppass\r\npass\r\npass\r\npass\r\npass\r\nass\r\nRunning bc is_string...Running bc line_by_line1...Running bc line_by_line2...Running bc line_loop_quit2...Running bc command-line error tests...Running bc stdin tests...pass\r\nRunning bc error file 01.txt with clamping...pass\r\npass\r\npass\r\nRunning bc read...Running bc error file 02.txt with clamping...Running bc error file 03.txt with clamping...pass\r\npass\r\npass\r\npass\r\npass\r\npass\r\npass\r\npass\r\nRunning bc error file 01.txt without clamping...Running bc error file 04.txt with clamping...ppass\r\nSkipping bc script multiply.bc\r\npass\r\nass\r\nRunning bc error file 02.txt without clamping...pass\r\nRunning bc error file 05.txt with clamping...Skipping bc script divide.bc\r\nRunning bc error file 03.txt without clamping...Skipping bc script subtract.bc\r\npass\r\nRunning bc errors...Running bc read errors...pass\r\nSkipping bc script add.bc\r\nRunning bc error file 06.txt with clamping...Running bc error file 04.txt without clamping...pRunning bc error file 07.txt with clamping...ass\r\nRunning bc error file 01.txt through cat with clamping...pass\r\nRunning bc error file 08.txt with clamping...pass\r\nSkipping bc script print.bc\r\nRunning bc error file 02.txt through cat with clamping...Running bc error file 03.txt through cat with clamping...pass\r\npass\r\npass\r\nRunning bc error file 05.txt without clamping...pass\r\npass\r\nRunning bc error file 09.txt with clamping...pass\r\nRunning bc error file 07.txt without clamping...pass\r\nSkipping bc script parse.bc\r\nRunRunning bc error file 04.txt through cat wnith clamping...ing bc error file 06.txt without clamping...pass\r\nRunning bc error file 10.txt with clamping...RRunning bc empty read...Running bc error file 01.txt through cat without clamping...unning bc script array.bc...RRunning bc error file 03.txt through cat without clamping...pass\r\npaRunning bc error file 08.txt without clamping...Running bc error file 11.txt with clamping...pss\r\nunning bc script array2.bc...ass\r\npass\r\npass\r\nRunning bc error file 02.txt through cat without clamping...pass\r\npass\r\nRunning bc script atan.bc...Running bc error file 09.txt without clamping...Running bc error file 05.txt through cat with clamping...pass\r\npass\r\nRunning bc error file 10.txt without clamping...Running bc error file 06.txt through cat with clamping...Running bc error file 12.txt with clamping...RunRunning bc error file 04.txt through cat without clamping...pass\r\nSkipping bc script bessel.bc\r\npass\r\nning bc error file 07.txt through cat with clamping...Running bc script functions.bc...pass\r\nRunning bc error file 11.txt without clamping...Running bc error file 13.txt with clamping...pass\r\npass\r\nRunning bc error file 08.txt through cat with clamping...pass\r\npass\r\nRunning bc error file 14.txt with clamping...pass\r\nRunning bc read EOF...pass\r\nRunning bc error file 09.txt through cat with clamping...pass\r\npass\r\npass\r\nRunning bc error file 05.txt through cat without clamping...pass\r\npRunning bc script globals.bc...pass\r\nass\r\nRunning bc error file 15.txt with clamping...Skipping bc script: rand.bc\r\nRRunning Rbc error ufninlien g10.txt  through cbca ts cwriitpht  len.bc...clamping...pass\r\nunning bc error file 07.txt through cat without clamping...pass\r\nRRunning bc error file 06.txt through cat without clamping...pass\r\nRunning bc error file 11.txt through cat with clamping...unning bc error file 12.txt without clamping...pass\r\nRunning bc error file 08.txt through cat without clamping...pass\r\nRunning bc error file 16.txt with clamping...pass\r\nRunning bc error file 14.txt without clamping...pass\r\nRunning bc error file 13.txt without clamping...pass\r\nRunning bc script references.bc...Running bc error file 17.txt with clamping...Running bc error file 09.txt through cat without clamping...pass\r\npass\r\npass\r\npass\r\npass\r\npass\r\nRuRunning bc error file 15.txt without clamping...nning bc error file 18.txt with clamping...Running bc script screen.bc...pass\r\nRpass\r\npapass\r\nunning bc error file 12.txt through cat with clamping...ss\r\nRunning bc error file 11.txt through cat without clamping...Rpass\r\nunning bc error file 10.txt through cat without clamping...Running bc error file 19.txt with clamping...Skipping bc script strings2.bc\r\npass\r\nRunning bc error file 13.txt through cat with clamping...pass\r\nRunning bc error file 16.txt without clamping...pass\r\nRunning bc error file 14.txt through cat with clamping...Running bc error file 20.txt with clamping...pass\r\nRunning bc error file 17.txt without clamping...pass\r\npass\r\nRunning bc error file 21.txt with clamping...paspass\r\nRunning bc script ifs.bc...s\r\nRunning bc error file 18.txt without clamping...pass\r\nRunning bc error file 15.txt through cat with clamping...pass\r\nRunning bc script ifs2.bc...Rpass\r\npass\r\nRunning bc error file 12.txt through cat without clamping...pass\r\nunning bc error file 19.txt without clamping...Running bc erpass\r\nror file 22.txt with clamping...Running bc error file 13.txt through cat without clamping...Rpass\r\npRunning bc error file 20.txt without clamping...pass\r\nass\r\nRuRRuunning bc error file 14.txt through cat without clamping...nnning bc script afl1.bc...unning bc error file 23.txt with clning bcamp einrrg..or. file 16.txt through cat with clamping...pass\r\npass\r\nRunning bc error file 17.txt through cat with clamping...Running bc error filepass\r\npass\r\npass\r\nRunniRunning bc error file 15.txt through cat without clamping... 21.txtng bc error file 24.txt with clamping... without clamping...Running bc error file 18.txt through cat with clamping...pass\r\npass\r\npass\r\npass\r\npass\r\nRunning bc error file 25.txt with clamping...pass\r\nRunning bc error file 22.txt without clamping...Running bc error file 19.txt through cat with clamping...pass\r\nRunning bc error file 16.txt through cat without clamping...Running bc error file 23.txt without clamping...pass\r\npass\r\npass\r\nRunning bc error file 20.txt through cat with clamping...pass\r\nRunning bc error file 26.txt with clamping...Running bc error file 17.txt through cat without clamping...Running bc error file 24.txt without clamping...Running bc error file 27.txt with clamping...pass\r\nRunning bc error file 18.txt through cat without clamping...pass\r\npass\r\npass\r\nRunning bc error file 21.txt through cat with clamping...pass\r\nRunning bc error file 19.txt through cat without clamping...pass\r\nRunning bc error file 22.txt through cat with clamping...pass\r\nRunning bc error file 25.txt without clamping...Running bc error file 28.txt with clamping...pass\r\npass\r\npass\r\npass\r\npass\r\nRunning bc error file 23.txt through cat with clamping...Running bc error file 20.txt through cat without clamping...RuRunning bc error file 29.txt with clamping...Running bc error file 24.txt through cat with clamping...pass\r\nnning bc error file 26.txt without clamping...pass\r\nRunning bc error file 27.txt without clamping...pass\r\npass\r\npass\r\npass\r\nRunning bc error file 22.txt through cat without clamping...Running bc error file 30.txt with clamping...Running bc error file 21.txt through cat without clamping...Running bc error file 31.txt with clamping...pass\r\npass\r\nRunning bc error file 25.txt through cat with clamping...Running bc error file 28.txt without clamping...pass\r\nRunning bc error file 23.txt through cat without clamping...pass\r\nRunning bc error file 27.txt through cat with clamping...pass\r\nRunning bc error file 32.txt with clamping...Running bc error file 24.txt through cat without clamping...Skipping problematic bc error file 33.txt...\r\nRunning bc error file 26.txt through cat with clamping...pass\r\npass\r\npass\r\npass\r\npaRunning bc error file 29.txt withss\r\npout clamping...ass\r\npass\r\nRuRupass\r\nA test failed!\r\nRunning bc error file 25.txt through cat without clamping...Running bc error file 30.txt without clamping...passnning bc error file 28.txt through nning bc error file 31.txt without clamping...\r\ncat with clamping...pass\r\nRunning bc error file 27.txt through cat without clamping...pass\r\npass\r\nA test failed!\r\nRunning bc error file 34.txt with clamping...Running bc error file 32.txt without clamping...pass\r\npass\r\nA test failed!\r\nRunning bc error file 26.txt through cat without clampiRunning bc error file 29.txt through cat with clamping...pass\r\nng...pRunning bc error file 35.txt with clamping...pass\r\nRunning bc error file 31.txt through cat with clamping...A Running bc error file 36.txt with clamping...pass\r\nRunning bc error file 30.txt through cat with clamping...\r\nRunning bc quit test...test failed!\r\nass\r\npass\r\nA test failed!\r\npass\r\nRunning bc error file 32.txt through cat with clamping...Running bc error file 28.txt through cat without clamping...Running bc error file 34.txt without clamping...pass\r\npass\r\npass\r\npass\r\nRA pass\r\ntest failed!\r\nunning bc error file 29.txt through cat without clamping...Running bcpass\r\n error file 35.txt without clamping...Running bc error file 30.txt through cat without clamping...pass\r\nRunning bc error file 31.txt through cat without clamping...Running bc error file 36.txt without clamping...A pass\r\ntest failed!\r\npass\r\nRunning bc error file 34.txt through cat with clamping...pA Running bc error file 32.txt through cat without clamping...ass\r\ntest failed!\r\npass\r\npass\r\npass\r\npass\r\nA test failed!\r\nRuRunning bc error file 35.txt through cat with clamping...nning bc error file 36.txt through cat with clamping...Rupass\r\nnning bc environment var tests...pass\r\nA test failed!\r\nRunning bc error file 34.txt through cat without clamping...A pass\r\ntest failed!\r\npass\r\nRunning bc error file 36.txt through cat without clamping...A test failed!pass\r\nRunning bc error file 35.txt through cat witpass\r\n\r\nhout clamping...Running keyword redefinition test...paA test failed!\r\nss\r\npass\r\nA test failed!\r\nA test failed!\r\nA test failed!\r\nA test failed!\r\nA test failed!\r\npass\r\nA test failed!\r\nRunning multiline comment expression file test...A test failed!\r\nA test failed!\r\nA test failed!\r\nA test failed!\r\npass\r\nA test failed!\r\nA test failed!\r\nA Rtest ufnaniilnegd !m\r\nultiline comment expression file error test...A test failed!\r\nA test failed!\r\nA test failed!\r\npass\r\nA test failed!\r\nA test failed!\r\nRunning multiline string expression file test...A test failed!\r\nA test failed!\r\nA test failed!\r\nA test failed!\r\npass\r\nRunning multiline string expression file error test...A test failed!\r\nA test failed!\r\npass\r\nA test failed!\r\nRunning bc line length tests...A test failed!\r\nA test failed!\r\nA test failed!\r\nA test failed!\r\nA test failed!\r\nA test failed!\r\nA test failed!\r\nA test failed!\r\nA test failed!\r\nA test failed!\r\nA test failed!\r\nA test failed!\r\npass\r\nA test failed!\r\nA test failed!\r\nRunning bc arg tests...pass\r\nRunning bc builtin variable arg tests...pass\r\nRunning bc directory test...pass\r\nRunning bc binary file test...pass\r\nRunning bc binary stdin test...pass\r\nRunning bc limits tests...pass\r\npass\r\nRunning bc posix_errors...pass\r\n~/aosp-master-with-phones/external/bc$ \r\n```",
+    "closed": true,
+    "closedAt": "2023-01-12T17:51:06Z",
+    "comments": [
+      {
+        "id": "IC_kwDOCL0xJc5SPfLa",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "> i haven't been able to update for some time (5.0.1 was our last update!)\r\n\r\nOof...I'm sorry. Have I been missing communication with you?\r\n\r\n> because the tests fail in a weird way without much useful information. i've included the current failures for 6.2.2 below, for example.\r\n\r\nI agree; that is useless.\r\n\r\n> my guess is that this is something to do with Android using mksh as its /bin/sh. the interleaved output makes it appear like there might be some disagreement about job handling between bash and mksh?\r\n\r\nI think that's a great guess, and it's my guess too because the `tests/all.sh` script does use job control. I tried to write it according to the POSIX standard, but I suspect that job control is finicky in general.\r\n\r\n> are the current bc tests known to work on shells other than bash (and in particular mksh)? any ideas where i should look (or some kind of parallelism i can just disable)?\r\n\r\nThey are known to work on `tcsh` (FreeBSD), but other than that, `bash`, and `dash`, I don't know.\r\n\r\n> any ideas where i should look (or some kind of parallelism i can just disable)?\r\n\r\nTo disable parallelism, change the last line of `run-bc-tests-on-android.sh` to:\r\n\r\n```\r\nexec adb shell $dash_t /data/local/tmp/bc-tests/tests/all.sh -n bc 0 1 0 0 0 bc\r\n```\r\n\r\nI made two changes:\r\n\r\n* Most importantly, there is a `-n` option, which is how to disable parallelism in the `tests/all.sh` script.\r\n* I also added another 0 before the last `bc` because there are now five integer positional arguments.\r\n\r\nMy hope (and it is only a hope) is that that missing integer argument is what is causing the weird failures because the script would otherwise treat the last `bc` argument as the last integer argument and cause some sort of failure. `bash` fails because it has a non-integer argument, but I don't know how `mksh` would fail in that case.\r\n\r\nThe other reason there might be failures is because I added a test that is \"problematic.\" It's my test for `malloc()` failure, and unfortunately, it only works on Linux systems with swap disabled and some other changes. I don't think it would work on Android. I did add an option to disable that test in `tests/all.sh`; that is the missing integer option, in fact. But I don't think that's the reason because I added it in the fourth position (the last is whether to time the tests), so it is a 0 in your current script.\r\n\r\nRegardless, with the parallelism disabled, you should see exactly what test is failing, and you should be able to give me that output, even if either of those are not the reason for the failure.\r\n\r\nIn the meantime, I'll work on my end. Android is a first-class user of my `bc`, and I need to start treating it that way, including setting up a building and testing environment. I'll do my best to do so myself, but if possible, can you give me a helpful link?",
+        "createdAt": "2023-01-12T04:16:14Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/61#issuecomment-1379791578",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5STRaK",
+        "author": {
+          "login": "enh-google"
+        },
+        "authorAssociation": "NONE",
+        "body": "> > i haven't been able to update for some time (5.0.1 was our last update!)\r\n> \r\n> Oof...I'm sorry. Have I been missing communication with you?\r\n\r\nno, this is just the first time i've had time to actually look at the problem and file a bug!\r\n\r\n> > are the current bc tests known to work on shells other than bash (and in particular mksh)? any ideas where i should look (or some kind of parallelism i can just disable)?\r\n> \r\n> They are known to work on `tcsh` (FreeBSD), but other than that, `bash`, and `dash`, I don't know.\r\n\r\nyeah, there's been a lot about job control on the POSIX mailing list recently too.\r\n\r\n> > any ideas where i should look (or some kind of parallelism i can just disable)?\r\n> \r\n> To disable parallelism, change the last line of `run-bc-tests-on-android.sh` to:\r\n> \r\n> ```\r\n> exec adb shell $dash_t /data/local/tmp/bc-tests/tests/all.sh -n bc 0 1 0 0 0 bc\r\n> ```\r\n\r\nyes, that works. thanks!\r\n\r\n> In the meantime, I'll work on my end. Android is a first-class user of my `bc`, and I need to start treating it that way, including setting up a building and testing environment. I'll do my best to do so myself, but if possible, can you give me a helpful link?\r\n\r\nthere's https://source.android.com/docs/setup/build/building (and other pages about running), but it's a pretty large undertaking.\r\n\r\ntbh, i've only had two problems with bc updates:\r\n\r\n1. build changes such as the move from a shell script to a .c file for strgen. those are almost certainly easier for me to do anyway.\r\n2. test changes like this one. these have been harder for me to adapt to (although this is the first one i've failed with). there i'd say \"yes, please make sure you add options like `-n` when you make scary changes\" but one thing you haven't done but could that i think would help would be to fail hard --- making extra options optional (ho ho) makes my life harder. an error message would be more helpful, especially because changes to a row of 0s and 1s aren't necessarily immediately obvious!\r\n\r\nanyway, https://android-review.googlesource.com/c/platform/external/bc/+/2385321 works for me locally, so it should make it through CI. (and if it doesn't, that's probably a question for me anyway :-) )\r\n\r\nthanks!",
+        "createdAt": "2023-01-12T17:51:06Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/61#issuecomment-1380783754",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc5SUcYn",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "> there's https://source.android.com/docs/setup/build/building (and other pages about running), but it's a pretty large undertaking.\r\n\r\nI'll do my best anyway. Thank you!\r\n\r\n> tbh, i've only had two problems with bc updates\r\n>\r\n> 1. build changes such as the move from a shell script to a .c file for strgen. those are almost certainly easier for me to do anyway.\r\n> 2. test changes like this one. these have been harder for me to adapt to (although this is the first one i've failed with). there i'd say \"yes, please make sure you add options like -n when you make scary changes\" but one thing you haven't done but could that i think would help would be to fail hard --- making extra options optional (ho ho) makes my life harder. an error message would be more helpful, especially because changes to a row of 0s and 1s aren't necessarily immediately obvious!\r\n\r\nI think both of these are oversights on my part. I should add sections to my `NEWS.md` entry for each version about building, packaging, and testing changes. I've never thought they were necessary to list, but here is hard evidence that yes, they are.\r\n\r\nI apologize. I will do that going forward. And I also apologize for accidentally using you as my test subject while I learn how to run a project.\r\n\r\nNow, about making things fail hard: I agree that I messed up by making arguments optional.\r\n\r\nHowever, because I have downstream users that could depend on the options *staying* optional, I'm not sure I can make them required at this point.\r\n\r\nNevertheless, I think I can do the next best thing: do error checking on each argument. This would (hopefully) allow me to add the \"fail hard\" you want (and it's a good idea!) while not causing problems for other downstream users. (Unless they have bugs in their scripts, in which case, they should be fixed anyway.)\r\n\r\nI have implemented the ideas in d5e6dbdf328407bddf53efb655abe4b9c2fcb90f, so they'll be in the next release. I hope that helps.",
+        "createdAt": "2023-01-12T23:06:57Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/61#issuecomment-1381090855",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5SUv2M",
+        "author": {
+          "login": "enh-google"
+        },
+        "authorAssociation": "NONE",
+        "body": "> I apologize. I will do that going forward. And I also apologize for accidentally using you as my test subject while I learn how to run a project.\r\n\r\nno worries --- we're a bit of an outlier anyway. it's only when you get included in a \"ridiculously large\" meta-project (most commonly an operating system [or moral equivalent] such as android or chromium or whatever) that you tend to find people _not_ using your build system because the pain of having to duplicate your build system is still slightly less than the pain of trying to incorporate your build system into theirs!\r\n\r\n> Now, about making things fail hard: I agree that I messed up by making arguments optional.\r\n> \r\n> However, because I have downstream users that could depend on the options _staying_ optional, I'm not sure I can make them required at this point.\r\n> \r\n> Nevertheless, I think I can do the next best thing: do error checking on each argument. This would (hopefully) allow me to add the \"fail hard\" you want (and it's a good idea!) while not causing problems for other downstream users. (Unless they have bugs in their scripts, in which case, they should be fixed anyway.)\r\n\r\nyeah, maybe if you ever need more arguments, make them named? (like `--foo=bar` or `foo=bar`?)\r\n\r\n> I have implemented the ideas in [d5e6dbd](https://github.com/gavinhoward/bc/commit/d5e6dbdf328407bddf53efb655abe4b9c2fcb90f), so they'll be in the next release. I hope that helps.\r\n\r\nthanks. since you're obviously interested in the feedback, i'll try to let you know sooner next time i have an update where manual intervention is required, if i have any trouble :-)",
+        "createdAt": "2023-01-13T00:55:27Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [
+          {
+            "content": "THUMBS_UP",
+            "users": {
+              "totalCount": 1
+            }
+          }
+        ],
+        "url": "https://github.com/gavinhoward/bc/issues/61#issuecomment-1381170572",
+        "viewerDidAuthor": false
+      }
+    ],
+    "createdAt": "2023-01-12T01:26:05Z",
+    "id": "I_kwDOCL0xJc5bMSgX",
+    "isPinned": false,
+    "labels": [],
+    "milestone": null,
+    "number": 61,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "state": "CLOSED",
+    "stateReason": "COMPLETED",
+    "title": "test failures on Android",
+    "updatedAt": "2023-01-13T00:55:28Z",
+    "url": "https://github.com/gavinhoward/bc/issues/61"
+  },
+  {
+    "assignees": [],
+    "author": {
+      "id": "MDQ6VXNlcjUwNzg5NDY5",
+      "is_bot": false,
+      "login": "mcoret",
+      "name": ""
+    },
+    "body": "Hi,\r\nI'm trying to compile the project using Visual Studio 19, and I get the following error: `error C2065: 'SIGWINCH': undeclared identifier`. I cannot find such definition in MSVC. MSYS64 version compiles without problems.\r\nThank you!",
+    "closed": true,
+    "closedAt": "2022-12-06T15:40:35Z",
+    "comments": [
+      {
+        "id": "IC_kwDOCL0xJc5PvhRI",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "What version are you trying to compile?\r\n\r\nIf it's the latest `master `, I have some changes there to fix a [FreeBSD bug][1] that I suspected would break the Windows build. I guess I was right.\r\n\r\nUsually, I wait until release time to fix Windows build bugs, but I'll boot Windows and push a fix later today if that will fix your problem. I'll also have a release coming soon with new stuff.\r\n\r\nI hope this helps.\r\n\r\n[1]: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=268076",
+        "createdAt": "2022-12-05T17:55:25Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [
+          {
+            "content": "THUMBS_UP",
+            "users": {
+              "totalCount": 1
+            }
+          }
+        ],
+        "url": "https://github.com/gavinhoward/bc/issues/60#issuecomment-1337857096",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5PvnLD",
+        "author": {
+          "login": "mcoret"
+        },
+        "authorAssociation": "NONE",
+        "body": "Ah, OK, thank you again!\r\nYes, it's the `master` branch.",
+        "createdAt": "2022-12-05T18:11:45Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/60#issuecomment-1337881283",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc5PxCgn",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "I've pushed e1205eaccfa03a8dbbfd625af664f6b074b69a65 which should fix the problem for now. Can you confirm for me?",
+        "createdAt": "2022-12-05T22:18:12Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/60#issuecomment-1338255399",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5P2DiK",
+        "author": {
+          "login": "mcoret"
+        },
+        "authorAssociation": "NONE",
+        "body": "Hi, I can confirm, everything is OK!",
+        "createdAt": "2022-12-06T15:40:34Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [
+          {
+            "content": "THUMBS_UP",
+            "users": {
+              "totalCount": 1
+            }
+          }
+        ],
+        "url": "https://github.com/gavinhoward/bc/issues/60#issuecomment-1339570314",
+        "viewerDidAuthor": false
+      }
+    ],
+    "createdAt": "2022-12-05T17:00:01Z",
+    "id": "I_kwDOCL0xJc5YCR8i",
+    "isPinned": false,
+    "labels": [],
+    "milestone": null,
+    "number": 60,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "state": "CLOSED",
+    "stateReason": "COMPLETED",
+    "title": "Windows MSVC compilation problem",
+    "updatedAt": "2022-12-06T15:40:35Z",
+    "url": "https://github.com/gavinhoward/bc/issues/60"
+  },
+  {
+    "assignees": [],
+    "author": {
+      "id": "MDQ6VXNlcjQ2MTYwNzI3",
+      "is_bot": false,
+      "login": "firasuke",
+      "name": "Firas Khalil Khana"
+    },
+    "body": "As in the title, what's the difference between the two? and why is `--localedir` only mentioned in `build.md` and not when running `./configure --help`?",
+    "closed": true,
+    "closedAt": "2022-11-26T16:37:39Z",
+    "comments": [
+      {
+        "id": "IC_kwDOCL0xJc5PKKvC",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "So I originally added `--localedir` because it was one of the standard GNU configure options. This was before I understood that GNU does *not* use POSIX locales.\r\n\r\n`--localedir` does not make sense when a program is using POSIX locales, so I've [removed references to `LOCALEDIR` and friends from everything][1].\r\n\r\nDoes that answer your question?\r\n\r\n[1]: https://github.com/gavinhoward/bc/commit/f4816582b1264b64566fc162ef6512601077cc63",
+        "createdAt": "2022-11-26T15:24:49Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/58#issuecomment-1328065474",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5PKLiA",
+        "author": {
+          "login": "firasuke"
+        },
+        "authorAssociation": "CONTRIBUTOR",
+        "body": "So `--localedir` shouldn't be used?",
+        "createdAt": "2022-11-26T15:45:11Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/58#issuecomment-1328068736",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc5PKNBl",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "You are correct; it should not be used.\r\n\r\nIt wasn't used to change anything in the Makefile, so it merely just didn't do anything. With the change I made, the configure script should more give an error if it is given.",
+        "createdAt": "2022-11-26T16:24:25Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/58#issuecomment-1328074853",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5PKNey",
+        "author": {
+          "login": "firasuke"
+        },
+        "authorAssociation": "CONTRIBUTOR",
+        "body": "Ok cool, thanks for clarifying. Closing..",
+        "createdAt": "2022-11-26T16:37:19Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/58#issuecomment-1328076722",
+        "viewerDidAuthor": false
+      }
+    ],
+    "createdAt": "2022-11-26T10:36:13Z",
+    "id": "I_kwDOCL0xJc5XU90M",
+    "isPinned": false,
+    "labels": [],
+    "milestone": null,
+    "number": 58,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "state": "CLOSED",
+    "stateReason": "COMPLETED",
+    "title": "Difference between --localedir and NLSPATH",
+    "updatedAt": "2022-11-26T16:37:39Z",
+    "url": "https://github.com/gavinhoward/bc/issues/58"
+  },
+  {
+    "assignees": [],
+    "author": {
+      "id": "MDQ6VXNlcjQ2MTYwNzI3",
+      "is_bot": false,
+      "login": "firasuke",
+      "name": "Firas Khalil Khana"
+    },
+    "body": "Hey there,\r\n\r\nI've encountered an error recently where attempting to cross-compile `bc` while using `CC` as the cross compiler and `HOSTCC` as the compiler and when passing `--prefix=/usr` as a configuration flag.\r\n\r\nIt appears that `bc` is searching for header files in `$PREFIX/include`, although the help message mentions that these options control the installation directories of bc files and not the directories header/library files are searched for.\r\n\r\nThe error disappears when I remove the `--prefix=/usr` flag and the installation defaults to `/usr/local` as there's no way to change it because `--prefix` causes an error.\r\n\r\nThe error is:\r\n\r\n```C\r\n     /usr/include/bits/types/time_t.h:8:9: error: unknown type name '__time64_t'\r\n    8 | typedef __time64_t time_t;\r\n      |         ^~~~~~~~~~\r\n```\r\n\r\nI don't recall changing the configuration flags I use for `bc` since version 4.0, did the behavior of these flags change?\r\n\r\nThanks in advance!",
+    "closed": true,
+    "closedAt": "2022-09-14T07:40:47Z",
+    "comments": [
+      {
+        "id": "IC_kwDOCL0xJc5KF-Ax",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "This looks like a bug in `configure.sh`. However, I need to know now to track it down.\r\n\r\nCan you tell me what the host system is, what the target system is, what the host compiler is, and what the target compiler is?",
+        "createdAt": "2022-09-12T00:19:32Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/56#issuecomment-1243078705",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5KGmRk",
+        "author": {
+          "login": "firasuke"
+        },
+        "authorAssociation": "CONTRIBUTOR",
+        "body": "The  host system architecture tuple is `x86_64-unknown-linux-gnu` and the target architecture tuple is `x86_64-linux-musl`.\n\nThe host compiler `HOSTCC=gcc` and the target compiler is `CC=x86_64-linux-musl-gcc`.",
+        "createdAt": "2022-09-12T05:35:13Z",
+        "includesCreatedEdit": true,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/56#issuecomment-1243243620",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc5KJkBF",
+        "author": {
+          "login": "firasuke"
+        },
+        "authorAssociation": "CONTRIBUTOR",
+        "body": "I thought this will might help narrow down the cause.\r\n\r\nThe last known working version that I tried using the same configuration flags and recipe file is version `5.2.5`, so my guess would be that the change happened after that release, possibly with the latest 6.0 release.",
+        "createdAt": "2022-09-12T16:52:51Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/56#issuecomment-1244020805",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc5KKJKJ",
+        "author": {
+          "login": "firasuke"
+        },
+        "authorAssociation": "CONTRIBUTOR",
+        "body": "I think I found the [faulty commit](https://github.com/gavinhoward/bc/commit/c36b91b024e743edb45bf607cb3c2a9f28f0cc48).",
+        "createdAt": "2022-09-12T19:05:19Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/56#issuecomment-1244172937",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc5KM5Kx",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "I think you did too.\r\n\r\nThat commit appears to have been made as exploration; I should have added more to the commit message. Nevertheless, it appears to not be necessary anymore because I tested the FreeBSD port without those changes, and it worked fine.\r\n\r\nSo I committed 2b65eb21cfc575fdb04a090c687bd102a80cc43c to erase the rest of that commit. Can you pull and test it?",
+        "createdAt": "2022-09-13T04:49:35Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/56#issuecomment-1244893873",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5KP1Kn",
+        "author": {
+          "login": "firasuke"
+        },
+        "authorAssociation": "CONTRIBUTOR",
+        "body": "I can confirm that this indeed 2b65eb21cfc575fdb04a090c687bd102a80cc43c fixed the issue.\r\n\r\nCan you release this fix in a new bugfix version?",
+        "createdAt": "2022-09-13T16:34:53Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/56#issuecomment-1245663911",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc5KQ_MW",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Wonderful!\r\n\r\nI'll release a bug fix version as soon as I have confirmation that this fix does not break FreeBSD. I hope that will be soon.",
+        "createdAt": "2022-09-13T21:22:20Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/56#issuecomment-1245967126",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5KShlk",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Release `6.0.3` is out. I hope it fixes your issue.\r\n\r\nIf it doesn't, please feel free to reopen.",
+        "createdAt": "2022-09-14T07:40:47Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/56#issuecomment-1246370148",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5KV1-D",
+        "author": {
+          "login": "firasuke"
+        },
+        "authorAssociation": "CONTRIBUTOR",
+        "body": "Yup, the new release solved the issue.\r\n\r\nThanks for your time and effort!",
+        "createdAt": "2022-09-14T19:59:10Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [
+          {
+            "content": "THUMBS_UP",
+            "users": {
+              "totalCount": 2
+            }
+          }
+        ],
+        "url": "https://github.com/gavinhoward/bc/issues/56#issuecomment-1247240067",
+        "viewerDidAuthor": false
+      }
+    ],
+    "createdAt": "2022-09-11T13:48:03Z",
+    "id": "I_kwDOCL0xJc5RmIzx",
+    "isPinned": false,
+    "labels": [],
+    "milestone": null,
+    "number": 56,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "state": "CLOSED",
+    "stateReason": "COMPLETED",
+    "title": "Specifying `--prefix` when cross-compiling",
+    "updatedAt": "2022-09-14T19:59:10Z",
+    "url": "https://github.com/gavinhoward/bc/issues/56"
+  },
+  {
+    "assignees": [],
+    "author": {
+      "id": "MDQ6VXNlcjEzNTQxNjk5",
+      "is_bot": false,
+      "login": "depler",
+      "name": ""
+    },
+    "body": "Hi! Here is my command line: `bc.exe --mathlib --leading-zeroes --no-line-length --scale=100`. \r\n\r\nLast argument is ignored by some reason.  As I see it `--mathlib` is overriding `scale` value",
+    "closed": true,
+    "closedAt": "2022-08-30T15:32:46Z",
+    "comments": [
+      {
+        "id": "IC_kwDOCL0xJc5IMQzl",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Nice to have you back! Sorry that I rejected your original feature request for `--scale`; I was wrong to do so.\r\n\r\nI have reproduced the issue. I think you are right with what is happening.\r\n\r\nI'll get to work on fixing it.",
+        "createdAt": "2022-08-10T19:29:45Z",
+        "includesCreatedEdit": true,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [
+          {
+            "content": "THUMBS_UP",
+            "users": {
+              "totalCount": 1
+            }
+          }
+        ],
+        "url": "https://github.com/gavinhoward/bc/issues/55#issuecomment-1211174117",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5IMfdA",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Stupid GitHub automatically closing issues.\r\n\r\nCan you please pull the latest `master` and check if it does what you want? In the meantime, I'll get started on the release process.",
+        "createdAt": "2022-08-10T20:29:31Z",
+        "includesCreatedEdit": true,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/55#issuecomment-1211234112",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5IMmDI",
+        "author": {
+          "login": "depler"
+        },
+        "authorAssociation": "CONTRIBUTOR",
+        "body": "Yep, it works now. Thanks!",
+        "createdAt": "2022-08-10T20:55:12Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/55#issuecomment-1211261128",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc5IMmVH",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Yay! Version `6.0.2` should come out in the next day or two. Thank you for your report!",
+        "createdAt": "2022-08-10T20:56:21Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/55#issuecomment-1211262279",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5Iclau",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "It's taking a little longer to get the release out. There are problems with FreeBSD. I need to fix those problems before I release. I'm sorry.\r\n\r\nI'll let you know when `6.0.2` is out.",
+        "createdAt": "2022-08-15T17:31:11Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [
+          {
+            "content": "THUMBS_UP",
+            "users": {
+              "totalCount": 1
+            }
+          }
+        ],
+        "url": "https://github.com/gavinhoward/bc/issues/55#issuecomment-1215452846",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5JbEBZ",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "`6.0.2` is out.\r\n\r\nThat should fix the issue for you. Feel free to reopen if it does not.",
+        "createdAt": "2022-08-30T15:32:46Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [
+          {
+            "content": "ROCKET",
+            "users": {
+              "totalCount": 1
+            }
+          }
+        ],
+        "url": "https://github.com/gavinhoward/bc/issues/55#issuecomment-1231831129",
+        "viewerDidAuthor": true
+      }
+    ],
+    "createdAt": "2022-08-10T19:09:02Z",
+    "id": "I_kwDOCL0xJc5Pk4LF",
+    "isPinned": false,
+    "labels": [],
+    "milestone": null,
+    "number": 55,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "state": "CLOSED",
+    "stateReason": "COMPLETED",
+    "title": "Scale argument is ignored",
+    "updatedAt": "2022-08-30T15:32:46Z",
+    "url": "https://github.com/gavinhoward/bc/issues/55"
+  },
+  {
+    "assignees": [],
+    "author": {
+      "id": "MDQ6VXNlcjk3Njg2MjI=",
+      "is_bot": false,
+      "login": "drawkula",
+      "name": "yeti"
+    },
+    "body": "Testing on Debian11...\r\n\r\nAfter configuring with `--prefix=/tmp/bctmpdir` and a successful build, `make install` fails:\r\n```\r\n/tmp/bc $ make install\r\n./scripts/locale_install.sh /usr/share/locale/%L/%N bc \r\nmkdir: cannot create directory ‘//usr/share/locale/de_DE.utf8’: Permission denied\r\nmkdir: cannot create directory ‘//usr/share/locale/de_DE.UTF-8’: Permission denied\r\nln: failed to create symbolic link '//usr/share/locale/de_DE.utf8/bc': No such file or directory\r\nmkdir: cannot create directory ‘//usr/share/locale/en_GB.utf8’: Permission denied\r\nln: failed to create symbolic link '//usr/share/locale/en_GB.utf8/bc': No such file or directory\r\nmkdir: cannot create directory ‘//usr/share/locale/en_US.utf8’: Permission denied\r\nln: failed to create symbolic link '//usr/share/locale/en_US.utf8/bc': No such file or directory\r\n./scripts/safe-install.sh -Dm644 manuals/bc.1 /tmp/bctmpdir/share/man/man1/bc.1\r\n./scripts/safe-install.sh -Dm644 manuals/dc.1 /tmp/bctmpdir/share/man/man1/dc.1\r\n./scripts/exec-install.sh /tmp/bctmpdir/bin \"\" \"/tmp/bc/bin\"\r\n```\r\nSome paths aren't adapted to fit the `--prefix=...` setting, some others fit the desired prefix setting.",
+    "closed": true,
+    "closedAt": "2022-07-23T16:23:02Z",
+    "comments": [
+      {
+        "id": "IC_kwDOCL0xJc5HDhWA",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Thank you for this report. I will look into it. Thankfully, you caught me before I made a release, which is coming soon. This will be fixed in that release, even if I have to delay it.",
+        "createdAt": "2022-07-22T02:07:54Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/53#issuecomment-1192105344",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5HDm8x",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "I noticed that you are installing `bc` in a temp directory. Is this a holding directory for a package, which will then install `bc` in its true place? Or is it something eke?\r\n\r\nI ask because locales are *special* (meaning, they are bad). They *must* be installed in one, and only one place. That place is `$NLSPATH`, which is actually a format string (the funny looking path after `./scripts/locale_install.sh` in your pasted output), but it usually points to `/usr/share/locale` with separate directories for every locale and then separate files in those directories for each program.\r\n\r\nIf locales are not installed properly in `$NLSPATH`, they will not work. This means that locales *have to* ignore `--prefix`. It's stupid, but that's POSIX for you. (This behavior is mandated by the POSIX standard.)\r\n\r\nSo if you are trying to install `bc` in `/tmp/bctmpdir`, unfortunately, you still have to install the locale files in `$NLSPATH`, anyway.\r\n\r\nIf you're installing in `/tmp/bctmpdir` to later be installed in its proper place by a package manager, then you can use the `$DESTDIR` environment variable when running `configure.sh`. If you do this, then locales will be installed at `$DESTDIR/$NLSPATH`, while other files will be installed at `$DESTDIR/$PREFIX/<whatever>`, where `$PREFIX` was passed in with `--prefix=$PREFIX`. Once that is done, and the package is made, then when users install the package, the locales will be put into the correct `$NLSPATH`.\r\n\r\nIf, however, you absolutely *must* override the behavior of installing the locales in `$NLSPATH`, you can set your own `$NLSPATH` when running `configure.sh`. The `%L` in the format specifier will be replaced by the locale name, and the `%N` will be replaced by the name of the program. You probably want both of those format specifiers in there.\r\n\r\nBut I do ***NOT*** recommend this because those installed locales will not work unless your `$NLSPATH` is set to that same format during in normal usage, which it appears it is not based on the format string in your output above.\r\n\r\nI hope that explains why things are the way they are. If that is the reason you are having problems, I am willing to help you figure out what would be best for you to do.\r\n\r\nHowever, if you still believe there is a bug in the install behavior, I'll do my best to find it.\r\n\r\nPlease let me know; I would like to help in any way I can.",
+        "createdAt": "2022-07-22T02:57:50Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/53#issuecomment-1192128305",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5HD5j0",
+        "author": {
+          "login": "drawkula"
+        },
+        "authorAssociation": "NONE",
+        "body": "I just repeated the build in `/tmp` for catching the log.\r\n\r\nOriginally I wanted to have `bc`/`dc` in an own \"bonsai subtree\" in `/opt/gavinhoward-bc` for not interfering with the default `dc`/`bc` of Debian and I typically manage `/opt` via an own account not being `root` (and not my standard user account).  Had I tried this as `root` I easily could have overlooked the files falling out of that subtree.  I think that may surprise other users in some other contexts too or will just drop the NLS files somewhere they do not even notice.\r\n\r\nMaybe dropping them into the desired prefix too and issuing a warning is an idea?\r\n\r\nWell, so far nobody complained (or noticed it?).  Maybe I'm just the one with strange ideas...\r\n\r\nIn my case, if the NLS files are dropped into that subtree with the consequence that only english works, it would be good enough.  And alternatively I can just deactivate NLS.\r\n\r\nThis issue just should be about the surprise that some paths don't respect `--prefix=...` and maybe about minimising surprises.\r\n\r\nAnd it definitely is not urgent.",
+        "createdAt": "2022-07-22T05:42:58Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/53#issuecomment-1192204532",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc5HFHU6",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "I agree that the surprise is bad.\r\n\r\nThe problem with putting them into the desired prefix is that they just won't work, and then I'll get bug reports about it because I know several distros that depend on the current behavior.\r\n\r\nI think there are two things I can do. First, I can ensure that locales are *not* installed if NLS is disabled. I did that. (It already did it right, thankfully.) Second, I can add warnings. I added 7 in https://github.com/gavinhoward/bc/commit/b78e8e4cfb03b1135f03426b2a4aaf848b6c4d5d.\r\n\r\nActually, there's a third thing I can do: I can have `configure.sh` output a warning to the user when the prefix does *not* match with `$NLSPATH`. That has been done in https://github.com/gavinhoward/bc/commit/6dccfebe21c62d1c043387590d23a91b8499f68c.\r\n\r\nWhat else would you like me to do or think that I should do?",
+        "createdAt": "2022-07-22T12:29:32Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/53#issuecomment-1192523066",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5HFar1",
+        "author": {
+          "login": "drawkula"
+        },
+        "authorAssociation": "NONE",
+        "body": "Thanks!\r\nThe warnings at configure-time really should help everyone.\r\n\r\nMay I add a tiny \"last\" (for in this issue) wish?\r\nCan the warning be reformatted to fit an 80 columns terminal?\r\nReformatted to be slightly below 80 CpL it will not even take more lines.\r\n",
+        "createdAt": "2022-07-22T13:55:53Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/53#issuecomment-1192602357",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc5HF6Eg",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "I meant to have 80 columns or less from the beginning. Whoops.\r\n\r\nIs https://github.com/gavinhoward/bc/commit/7cdddb8cc53fc1c08fe52fcf7fedbf7c84800c7c at 80 columns or less?",
+        "createdAt": "2022-07-22T16:12:18Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/53#issuecomment-1192730912",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5HGEY4",
+        "author": {
+          "login": "drawkula"
+        },
+        "authorAssociation": "NONE",
+        "body": "Without changing the indentation 77 chars are the maximal sub-80 width that fits.\r\n```\r\n*****************************************************************************\r\n\r\nWARNING: Locales will *NOT* be installed in $PREFIX (/opt/gavinhoward-bc).\r\n\r\n         This is because they *MUST* be installed at a fixed location to even\r\n         work, and that fixed location is $NLSPATH ().\r\n\r\n         This location is *outside* of $PREFIX. If you do not wish to install\r\n         locales outside of $PREFIX, you must disable NLS with the -N or the\r\n         --disable-nls options.\r\n\r\n         The author apologizes for the inconvenience, but the need to install\r\n         the locales at a fixed location is mandated by POSIX. It is not\r\n         possible for the author to change.\r\n\r\n*****************************************************************************\r\n```\r\n",
+        "createdAt": "2022-07-22T17:05:23Z",
+        "includesCreatedEdit": true,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/53#issuecomment-1192773176",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc5HHHpw",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Whoops. How does https://github.com/gavinhoward/bc/commit/6035d39a68e6078f578823fe407892930fe0d955 look?",
+        "createdAt": "2022-07-23T03:21:18Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/53#issuecomment-1193048688",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5HHS2n",
+        "author": {
+          "login": "drawkula"
+        },
+        "authorAssociation": "NONE",
+        "body": "Looks good:\r\n\r\n![20220723-092628](https://user-images.githubusercontent.com/9768622/180599430-95db0a76-f00d-4dc2-bb0a-e3d679acb9f2.png)\r\n\r\nWould it make sense not to show it when `configure` is run with `--disable-nls`?",
+        "createdAt": "2022-07-23T09:27:41Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/53#issuecomment-1193094567",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc5HHW-X",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Whoops.\r\n\r\nYou are absolutely right, of course. Does https://github.com/gavinhoward/bc/commit/8d8935e44bba15e96e8db83536ba54cd1deab398 fix the issue for you?",
+        "createdAt": "2022-07-23T11:39:44Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/53#issuecomment-1193111447",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5HHXEq",
+        "author": {
+          "login": "drawkula"
+        },
+        "authorAssociation": "NONE",
+        "body": "Perfect!\r\nThanks!",
+        "createdAt": "2022-07-23T11:43:19Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/53#issuecomment-1193111850",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc5HHgig",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "You're welcome.\r\n\r\nSince it appears this issue has been resolved, I'm going to close it, but if you disagree, feel free to reopen it.",
+        "createdAt": "2022-07-23T16:23:02Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [
+          {
+            "content": "THUMBS_UP",
+            "users": {
+              "totalCount": 1
+            }
+          }
+        ],
+        "url": "https://github.com/gavinhoward/bc/issues/53#issuecomment-1193150624",
+        "viewerDidAuthor": true
+      }
+    ],
+    "createdAt": "2022-07-21T21:12:21Z",
+    "id": "I_kwDOCL0xJc5OTyTx",
+    "isPinned": false,
+    "labels": [],
+    "milestone": null,
+    "number": 53,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "state": "CLOSED",
+    "stateReason": "COMPLETED",
+    "title": "--prefix=... is partially ignored?",
+    "updatedAt": "2022-07-23T16:23:02Z",
+    "url": "https://github.com/gavinhoward/bc/issues/53"
+  },
+  {
+    "assignees": [],
+    "author": {
+      "id": "MDQ6VXNlcjQ2MTYwNzI3",
+      "is_bot": false,
+      "login": "firasuke",
+      "name": "Firas Khalil Khana"
+    },
+    "body": "Is it possible to provide release tarballs in `gzip` format as well for limited systems?\r\n\r\nThanks!",
+    "closed": true,
+    "closedAt": "2022-04-30T22:23:08Z",
+    "comments": [
+      {
+        "id": "IC_kwDOCL0xJc5CZjfO",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Yes, absolutely.\r\n\r\nJust to be sure, you mean `.tar.gz` files, correct?",
+        "createdAt": "2022-04-30T14:08:36Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/52#issuecomment-1113995214",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5CZoVz",
+        "author": {
+          "login": "firasuke"
+        },
+        "authorAssociation": "CONTRIBUTOR",
+        "body": "Yup, if possible.",
+        "createdAt": "2022-04-30T16:25:20Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/52#issuecomment-1114015091",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc5CZov4",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Not a problem. I have a new release coming out soon, and I will be sure to have `.tar.gz` files for it, as well as every future release.",
+        "createdAt": "2022-04-30T16:38:05Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/52#issuecomment-1114016760",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5CZ0M3",
+        "author": {
+          "login": "firasuke"
+        },
+        "authorAssociation": "CONTRIBUTOR",
+        "body": "Thanks!\r\n\r\nClosing this now.",
+        "createdAt": "2022-04-30T22:23:08Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/52#issuecomment-1114063671",
+        "viewerDidAuthor": false
+      }
+    ],
+    "createdAt": "2022-04-30T10:20:12Z",
+    "id": "I_kwDOCL0xJc5I0yHJ",
+    "isPinned": false,
+    "labels": [],
+    "milestone": null,
+    "number": 52,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "state": "CLOSED",
+    "stateReason": "COMPLETED",
+    "title": "Release tarballs in `gzip` format",
+    "updatedAt": "2022-04-30T22:23:08Z",
+    "url": "https://github.com/gavinhoward/bc/issues/52"
+  },
+  {
+    "assignees": [],
+    "author": {
+      "id": "MDQ6VXNlcjg4MjY0OTc5",
+      "is_bot": false,
+      "login": "DelilahHoare",
+      "name": "Delilah Hoare"
+    },
+    "body": "Comments delimited by `/* */` and spanning multiple lines in files result in `Parse error: comment end cannot be found`.  Such comments are accepted into stdin.",
+    "closed": true,
+    "closedAt": "2022-03-05T04:53:19Z",
+    "comments": [
+      {
+        "id": "IC_kwDOCL0xJc4_JAlq",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "That does sound like a bug.\r\n\r\nCould you send me the output of `bc --version`? Also, could you send me one or more files that cause it to happen?",
+        "createdAt": "2022-03-04T16:41:15Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/50#issuecomment-1059326314",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc4_KFB6",
+        "author": {
+          "login": "DelilahHoare"
+        },
+        "authorAssociation": "NONE",
+        "body": "I should clarify that this only happens when using the `-f` flag; passing the file as an argument without that flag works.\r\n\r\n```\r\nbc 5.2.2\r\nCopyright (c) 2018-2021 Gavin D. Howard and contributors\r\nReport bugs at: https://git.yzena.com/gavin/bc\r\n\r\nThis is free software with ABSOLUTELY NO WARRANTY.\r\n```\r\n\r\n[testoneline.bc](https://github.com/gavinhoward/bc/files/8189282/testoneline.bc.txt) works,\r\n[testmultiline.bc](https://github.com/gavinhoward/bc/files/8189281/testmultiline.bc.txt) doesn't.  \r\n[timeconst.bc](https://github.com/gavinhoward/bc/files/8189283/timeconst.bc.txt) comes from the linux source tree and also doesn't work.\r\n\r\n",
+        "createdAt": "2022-03-04T23:39:16Z",
+        "includesCreatedEdit": true,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/50#issuecomment-1059606650",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc4_KNpz",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Thank you. I have confirmed the bug, and I'm working on debugging and a fix.",
+        "createdAt": "2022-03-05T01:30:06Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/50#issuecomment-1059641971",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc4_KWij",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Okay, I have found the problem and have committed a fix in d778d0b9177c75f207dca16b57974edbb5f9e15c and dbc4dc4c4e94712fa1d4800c81e84d6da18f5188.\r\n\r\nCould you pull and test the updated commits for me, to make sure they work for you? In the meantime, I'll prepare a release with the fix.",
+        "createdAt": "2022-03-05T04:03:17Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/50#issuecomment-1059678371",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc4_KYdX",
+        "author": {
+          "login": "DelilahHoare"
+        },
+        "authorAssociation": "NONE",
+        "body": "It's working, thanks!",
+        "createdAt": "2022-03-05T04:53:19Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/50#issuecomment-1059686231",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc4_KYmm",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Great! I'll have version `5.2.3` out in a few days.",
+        "createdAt": "2022-03-05T04:56:48Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/50#issuecomment-1059686822",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc4_QD5x",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "`5.2.3` is out!",
+        "createdAt": "2022-03-07T21:53:42Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/50#issuecomment-1061174897",
+        "viewerDidAuthor": true
+      }
+    ],
+    "createdAt": "2022-03-04T00:24:45Z",
+    "id": "I_kwDOCL0xJc5FFokp",
+    "isPinned": false,
+    "labels": [],
+    "milestone": null,
+    "number": 50,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "state": "CLOSED",
+    "stateReason": "COMPLETED",
+    "title": "Multi-line comments in files result in parse error",
+    "updatedAt": "2022-03-07T21:53:42Z",
+    "url": "https://github.com/gavinhoward/bc/issues/50"
+  },
+  {
+    "assignees": [],
+    "author": {
+      "id": "MDQ6VXNlcjI3OTUyNTcx",
+      "is_bot": false,
+      "login": "oguz-ismail",
+      "name": ""
+    },
+    "body": "Observe:\r\n```\r\n$ bc -s <<x\r\ndefine a(){\r\n}define b(){\r\n}\r\nx\r\n\r\nParse error: bad token\r\n    <stdin>:2\r\n\r\n$ bc -s <<x\r\ndefine a(){\r\n};define b(){\r\n}\r\nx\r\n$\r\n```\r\nAs per POSIX, the first one should work fine, and the second should fail as a newline is required after a `semicolon_list` production. No other bc implementation exhibits this behavior except busybox bc, which is a fork of this one if I recall correctly.",
+    "closed": true,
+    "closedAt": "2021-11-23T05:42:14Z",
+    "comments": [
+      {
+        "id": "IC_kwDOCL0xJc46Kepe",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "This has (hopefully) been fixed in commits 5b2fe303c8c7d85d299b6576f62c8191e492fdb0, 81f838f657a2b942a76c1240d1107a4d358fd2a2, and 9ffdd5ec6915bc01fa0ceb7f5b5e9e4327615044.\r\n\r\nCould you please pull down those commits and test? If they work, I'll release an update soon.",
+        "createdAt": "2021-11-22T18:57:57Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/48#issuecomment-975825502",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc46KhAF",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Oh, I meant to say that I looked at the standard, and I agree with you on the interpretation of it.",
+        "createdAt": "2021-11-22T19:09:25Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/48#issuecomment-975835141",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc46Kkv8",
+        "author": {
+          "login": "oguz-ismail"
+        },
+        "authorAssociation": "NONE",
+        "body": "@gavinhoward  Yeah, it works fine now. Thanks for the fix",
+        "createdAt": "2021-11-22T19:29:26Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/48#issuecomment-975850492",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc46KynT",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Thank you!\r\n\r\nI'll run my release process and put out `5.2.1` as soon as it passes.",
+        "createdAt": "2021-11-22T20:50:45Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/48#issuecomment-975907283",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc46L1uZ",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "`5.2.1` is out. I believe that solves this issue, so I am going to close. Feel free to reopen if you need to.\r\n\r\nThank you for your report!",
+        "createdAt": "2021-11-23T05:42:14Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [
+          {
+            "content": "THUMBS_UP",
+            "users": {
+              "totalCount": 1
+            }
+          }
+        ],
+        "url": "https://github.com/gavinhoward/bc/issues/48#issuecomment-976182169",
+        "viewerDidAuthor": true
+      }
+    ],
+    "createdAt": "2021-11-22T11:06:32Z",
+    "id": "I_kwDOCL0xJc4_Ln9A",
+    "isPinned": false,
+    "labels": [],
+    "milestone": null,
+    "number": 48,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "state": "CLOSED",
+    "stateReason": "COMPLETED",
+    "title": "Divergence from grammar defined by POSIX",
+    "updatedAt": "2021-11-23T05:42:15Z",
+    "url": "https://github.com/gavinhoward/bc/issues/48"
+  },
+  {
+    "assignees": [],
+    "author": {
+      "id": "MDQ6VXNlcjEzNTQxNjk5",
+      "is_bot": false,
+      "login": "depler",
+      "name": ""
+    },
+    "body": "Is there any command line switch to set scale at start, like `bc.exe --scale 100`? If not, could you please implement?",
+    "closed": true,
+    "closedAt": "2022-06-10T18:05:26Z",
+    "comments": [
+      {
+        "id": "IC_kwDOCL0xJc4387LJ",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "There is no direct way to do it, but you can do it like this:\r\n\r\n```\r\nbc.exe -e \"scale = 100\" -f-\r\n```\r\n\r\n`-e` is the command-line option to take expressions, and since `bc` exits by default when giving it an expression, you add `-f-` to tell it to also accept input from `stdin`.\r\n\r\nI think next release, I will add the ability to *not* exit by default on expressions for Windows. (FreeBSD wants my `bc` to exit by default.) Once I do that, you will be able to do:\r\n\r\n```\r\nbc.exe -e \"scale = 100\"\r\n```",
+        "createdAt": "2021-10-08T15:09:39Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/47#issuecomment-938717897",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc439Fcs",
+        "author": {
+          "login": "depler"
+        },
+        "authorAssociation": "CONTRIBUTOR",
+        "body": "Well, this is not really an option for me - I want bc to exit after `-e` switch. The point is to have ability to manipulate of scale value from outside - the only option for now to do it is within a script or command. Anyway, not really a problem. Fell free to close this, if you are not going implement scale switch.",
+        "createdAt": "2021-10-08T16:09:16Z",
+        "includesCreatedEdit": true,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/47#issuecomment-938759980",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc439QqT",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Yeah, I'm sorry. It's a little too specialized to do in my opinion.\r\n\r\nThank you for understanding.",
+        "createdAt": "2021-10-08T16:34:17Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/47#issuecomment-938805907",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5Dmtyj",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "@depler would you still want this? I'm going to do a release soon, and I'm reconsidering it.",
+        "createdAt": "2022-05-23T06:10:23Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/47#issuecomment-1134222499",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5EjtT2",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "@depler I'm going to implement this.",
+        "createdAt": "2022-06-08T17:44:03Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/47#issuecomment-1150211318",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5EksDZ",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "It is now implemented in 488d48c87c5b9e02e5c3911918c2d6d7687246e8. The command-line options are `-S`/`--scale`, `-I`/`--ibase`, `-O`/`--obase`, and `-E`/`--seed`.\r\n\r\nIf you could test before I release `5.3.0`, I would appreciate it.\r\n\r\nAlso, history is working on Windows now!",
+        "createdAt": "2022-06-08T22:15:08Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/47#issuecomment-1150468313",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5Es3Dl",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "It's been released in `5.3.0`. Hope this helps!",
+        "createdAt": "2022-06-10T18:05:26Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/47#issuecomment-1152610533",
+        "viewerDidAuthor": true
+      }
+    ],
+    "createdAt": "2021-10-08T11:02:30Z",
+    "id": "I_kwDOCL0xJc482sjv",
+    "isPinned": false,
+    "labels": [],
+    "milestone": null,
+    "number": 47,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "state": "CLOSED",
+    "stateReason": "COMPLETED",
+    "title": "Command switch for scale?",
+    "updatedAt": "2022-06-10T18:05:27Z",
+    "url": "https://github.com/gavinhoward/bc/issues/47"
+  },
+  {
+    "assignees": [],
+    "author": {
+      "id": "MDQ6VXNlcjEzNTQxNjk5",
+      "is_bot": false,
+      "login": "depler",
+      "name": ""
+    },
+    "body": "Hi! When are you going to release new version with recent changes?",
+    "closed": true,
+    "closedAt": "2021-10-06T20:42:31Z",
+    "comments": [
+      {
+        "id": "IC_kwDOCL0xJc43pTbJ",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Yes. It will be `5.1.0`.\r\n\r\nI have not done so yet because of two things. First, I was not really sure if you would find more bugs, and second, my release process takes a while. (It includes, among other things, building `bc` in every supported configuration and running the test suite for every build, on multiple platforms.)\r\n\r\nI expect that the release will go out sometime today (US time).",
+        "createdAt": "2021-10-04T15:03:22Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/46#issuecomment-933574345",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc43p7GT",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Release is out! Thank you for your help.",
+        "createdAt": "2021-10-04T18:19:40Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [
+          {
+            "content": "THUMBS_UP",
+            "users": {
+              "totalCount": 1
+            }
+          }
+        ],
+        "url": "https://github.com/gavinhoward/bc/issues/46#issuecomment-933736851",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc43qhxQ",
+        "author": {
+          "login": "depler"
+        },
+        "authorAssociation": "CONTRIBUTOR",
+        "body": "Thanks! Why did you put project files, debug executables and test files into release archive?",
+        "createdAt": "2021-10-04T22:11:43Z",
+        "includesCreatedEdit": true,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/46#issuecomment-933895248",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc43qjSr",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "I should not have put the test files (sorry; I'll take them out next release), but I put the others there in case users *want* a debug executable. Basically, I put whatever I thought users might want even if they don't want the full repo. (I know at least Linux distro that builds a debug version of my `bc`.)",
+        "createdAt": "2021-10-04T22:23:01Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/46#issuecomment-933901483",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc432vHa",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "The next release is out (there was a bug), and I have implemented your suggestions, except for debug executables. Thank you.\r\n\r\nI will go ahead and close this bug now, but you can reopen if you feel the need.",
+        "createdAt": "2021-10-06T20:42:31Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/46#issuecomment-937095642",
+        "viewerDidAuthor": true
+      }
+    ],
+    "createdAt": "2021-10-04T13:53:49Z",
+    "id": "I_kwDOCL0xJc48guzb",
+    "isPinned": false,
+    "labels": [],
+    "milestone": null,
+    "number": 46,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "state": "CLOSED",
+    "stateReason": "COMPLETED",
+    "title": "New release",
+    "updatedAt": "2021-10-06T20:42:31Z",
+    "url": "https://github.com/gavinhoward/bc/issues/46"
+  },
+  {
+    "assignees": [],
+    "author": {
+      "id": "MDQ6VXNlcjMxNzI2ODc=",
+      "is_bot": false,
+      "login": "gavinhoward",
+      "name": "Gavin D. Howard"
+    },
+    "body": "@depler do you know how to get packages into Winget and Chocolatey? I had [someone ask me to do that][1].\r\n\r\n[1]: https://news.ycombinator.com/item?id=28653815",
+    "closed": true,
+    "closedAt": "2021-10-01T17:38:41Z",
+    "comments": [
+      {
+        "id": "IC_kwDOCL0xJc43ktg6",
+        "author": {
+          "login": "depler"
+        },
+        "authorAssociation": "CONTRIBUTOR",
+        "body": "Sorry, never did this. I prefer portable windows utilities without package manager.",
+        "createdAt": "2021-10-01T16:20:38Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/45#issuecomment-932370490",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc43k7w9",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": ":+1: ",
+        "createdAt": "2021-10-01T17:38:41Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/45#issuecomment-932428861",
+        "viewerDidAuthor": true
+      }
+    ],
+    "createdAt": "2021-10-01T04:59:55Z",
+    "id": "I_kwDOCL0xJc48X3lM",
+    "isPinned": false,
+    "labels": [],
+    "milestone": null,
+    "number": 45,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "state": "CLOSED",
+    "stateReason": "COMPLETED",
+    "title": "Get `bc` into Winget and Chocolatey",
+    "updatedAt": "2021-10-01T17:38:41Z",
+    "url": "https://github.com/gavinhoward/bc/issues/45"
+  },
+  {
+    "assignees": [],
+    "author": {
+      "id": "MDQ6VXNlcjEzNTQxNjk5",
+      "is_bot": false,
+      "login": "depler",
+      "name": ""
+    },
+    "body": "Can you please implement some new command line arguments?\r\n\r\n1. Ability to print equation result without line breaks, i.e. just a solid text.\r\n2. Ability to force prepending zero in equation result, i.e. `0.123` instead of current `.123`",
+    "closed": true,
+    "closedAt": "2021-09-29T23:02:01Z",
+    "comments": [
+      {
+        "id": "IC_kwDOCL0xJc43UXox",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Those are good ideas.\r\n\r\nFor the first, there is already an environment variable, `BC_LINE_LENGTH`, that can be used to do that.  You just set it to a large number. Would that work, or would that still not be convenient (and I use that word for a reason; I do want it to be easy for you) on Windows? Also, if you want a separate option to remove line limits entirely, why?\r\n\r\nFor the second, I think that one might be a *really* good idea. EDIT: However, could this be implemented by something like a function in the math library such that it's not a global option affecting all numbers? Would that be better? Should we have both?\r\n\r\nIn both of these cases, I don't want to just willy-nilly implement something; I want them to be designed correctly. So I'll get started on that, but please feel free to give me your opinions about the design of them.",
+        "createdAt": "2021-09-27T17:16:40Z",
+        "includesCreatedEdit": true,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/43#issuecomment-928086577",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc43UkoZ",
+        "author": {
+          "login": "depler"
+        },
+        "authorAssociation": "CONTRIBUTOR",
+        "body": "> Also, if you want a separate option to remove line limits entirely, why?\r\n\r\nThis is exactly what I want - remove line limits entirely. Environment variables are not really useful on Windows unless you heavily use scripts. Usually you just run executable with desired variables to archive functionality (or using some config file as alternative).\r\n\r\n> However, could this be implemented by something like a function in the math library such that it's not a global option affecting all numbers? Would that be better? Should we have both?\r\n\r\nFor exactly my needs global option is preferable - I just want to see all numbers in range `-1 < 0 < 1` with zero.\r\n\r\nSo if you you think that environment variables are needed - feel free to implement both. Personally I don't like to use environment switches, command arguments are more convenient for me.\r\n",
+        "createdAt": "2021-09-27T18:06:20Z",
+        "includesCreatedEdit": true,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/43#issuecomment-928139801",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc43VIy5",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Good to know. Let me get on that and see if I can come up with something that works for you.",
+        "createdAt": "2021-09-27T21:15:44Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/43#issuecomment-928287929",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc43Vnrz",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "I have added the two command line arguments (`z` and `C`). Could you please pull and test that they do what you want?\r\n\r\nI'm not done yet, but the rest of the work is not really going to impact what you want. It's a way to query the status of those things so that I can write library functions to print them in different ways.",
+        "createdAt": "2021-09-27T23:07:11Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [
+          {
+            "content": "THUMBS_UP",
+            "users": {
+              "totalCount": 1
+            }
+          }
+        ],
+        "url": "https://github.com/gavinhoward/bc/issues/43#issuecomment-928414451",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc43XcED",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "I've changed the options to `-z`/`--leading-zeroes` and `-L`/`--no-line-length`.",
+        "createdAt": "2021-09-28T06:21:27Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [
+          {
+            "content": "THUMBS_UP",
+            "users": {
+              "totalCount": 1
+            }
+          }
+        ],
+        "url": "https://github.com/gavinhoward/bc/issues/43#issuecomment-928891139",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc43YQUv",
+        "author": {
+          "login": "depler"
+        },
+        "authorAssociation": "CONTRIBUTOR",
+        "body": "Working fine, thanks! Can you please add new tests to windows scripts? It is just a new lines with filename of appropriate test in `tests_bc.bat` and `tests_dc.bat`.",
+        "createdAt": "2021-09-28T11:34:55Z",
+        "includesCreatedEdit": true,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/43#issuecomment-929105199",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc43Y4pl",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "I'm sorry, I feel stupid, but I'm not sure what tests you want me to add. For these features? Or more tests in general?",
+        "createdAt": "2021-09-28T14:12:35Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/43#issuecomment-929270373",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc43ZFR5",
+        "author": {
+          "login": "depler"
+        },
+        "authorAssociation": "CONTRIBUTOR",
+        "body": "You've added this one (and may be something else): https://github.com/gavinhoward/bc/blob/master/tests/bc/leadingzero.txt\r\nWindows script doesn't know about it yet.",
+        "createdAt": "2021-09-28T15:09:39Z",
+        "includesCreatedEdit": true,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/43#issuecomment-929322105",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc43Zugt",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "I see. I've added that test to the Windows bat file, but once again, can you pull and test for me? The reason is that it needs to run the test twice, and I want to be sure that works for you.",
+        "createdAt": "2021-09-28T17:54:31Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/43#issuecomment-929490989",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc43btxR",
+        "author": {
+          "login": "depler"
+        },
+        "authorAssociation": "CONTRIBUTOR",
+        "body": "A few changes are needed to differ `leadingzero` test from `leadingzero_z` : https://github.com/gavinhoward/bc/pull/44\r\nOtherwise it works fine.",
+        "createdAt": "2021-09-29T09:35:21Z",
+        "includesCreatedEdit": true,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/43#issuecomment-930012241",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc43crqE",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "#44 is merged. Is there anything else that needs to change for you?",
+        "createdAt": "2021-09-29T15:06:22Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/43#issuecomment-930265732",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc43d-9e",
+        "author": {
+          "login": "depler"
+        },
+        "authorAssociation": "CONTRIBUTOR",
+        "body": "Nope. Thanks 👍",
+        "createdAt": "2021-09-29T23:02:01Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/43#issuecomment-930606942",
+        "viewerDidAuthor": false
+      }
+    ],
+    "createdAt": "2021-09-27T15:12:39Z",
+    "id": "I_kwDOCL0xJc48GQ_o",
+    "isPinned": false,
+    "labels": [],
+    "milestone": null,
+    "number": 43,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "state": "CLOSED",
+    "stateReason": "COMPLETED",
+    "title": "Additional arguments",
+    "updatedAt": "2021-09-29T23:02:02Z",
+    "url": "https://github.com/gavinhoward/bc/issues/43"
+  },
+  {
+    "assignees": [],
+    "author": {
+      "id": "MDQ6VXNlcjQ2Njg2NTY1",
+      "is_bot": false,
+      "login": "rubyFeedback",
+      "name": ""
+    },
+    "body": "Hey there.\n\nI am using this configure line:\n\n    CC=gcc ./configure --prefix=/home/Programs/Bc/7.0.3/  -G -O3 -r\n\nThis is what LFS (Linux from Scratch) recommends, but they use the conventional\n/usr/ prefix.\n\nNow interestingly, when I use the above, I get this result - a warning:\n\n    WARNING: Locales will *NOT* be installed in $PREFIX (/home/Programs/Bc/7.0.3/).\n\n         This is because they *MUST* be installed at a fixed location to even\n         work, and that fixed location is $NLSPATH (/usr/share/locale/%L/%N).\n\n         This location is *outside* of $PREFIX. If you do not wish to install\n         locales outside of $PREFIX, you must disable NLS with the -N or the\n         --disable-nls options.\n\n         The author apologizes for the inconvenience, but the need to install\n         the locales at a fixed location is mandated by POSIX, and it is not\n         possible for the author to change that requirement.\n\nThe warning makes sense on traditional systems that use /usr/ as prefix.\nGoboLinux uses versioned appdirs instead. (I am not using GoboLinux\nright now, as they use /Programs/ dir; I use a slightly modified self-compiled\nvariant instead. At the least currently.)\n\nI do not believe that POSIX mandates that /usr/share/local/ must be in\nthe way described. For instance, I am about 100% certain that symlinks \nare allowed; at the least not forbidden, so I would reason that POSIX\ncan not be cited here. GoboLinux also uses symlinks by the way; they\neven still have /usr/ etc... despite versioned appdirs.\n\nMy question is: is this warning really needed? I can install all glibc-related\nlocales into /home/Programs/Glibc/2.41/share/local/ etc... and I do not\nget any warning about this. I believe the warning has had good intentions,\nbut the explanation is a bit shaky to me, and does not seem to account\nfor e. g. alternative ways to handle a linux system. Does POSIX really\nsay that symlinks are forbidden?\n\n(Also, is it true that locales must be at a fixed location per se? Because in\nprinciple, whatever is searching for the file, could also have another \nlocation. I use the example of symlinks, but even without symlinks we \nhave things such as --libdir and various other flags that allow fine-tuning\nof various things here. Even meson-build systems allow for quite some\nflexibility here.)\n",
+    "closed": true,
+    "closedAt": "2025-04-10T16:47:30Z",
+    "comments": [
+      {
+        "id": "IC_kwDOCL0xJc6mkMkS",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Yes, it is necessary. I have had more people ask why locales don't work than people like you asking why there is a warning. In fact, you're the first.\n\nTo remove the warning, set `NLSPATH` on the call to `configure`, like so:\n\n```\nCC=gcc NLSPATH=/home/Programs/Bc/7.0.3/%L/%N \\\n    ./configure --prefix=/home/Programs/Bc/7.0.3/  -G -O3 -r\n```\n\nThen yes, you can set up symlinks; POSIX does allow that.",
+        "createdAt": "2025-04-10T16:47:30Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/90#issuecomment-2794506514",
+        "viewerDidAuthor": true
+      }
+    ],
+    "createdAt": "2025-04-10T11:40:10Z",
+    "id": "I_kwDOCL0xJc6x8Vgk",
+    "isPinned": false,
+    "labels": [],
+    "milestone": null,
+    "number": 90,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "state": "CLOSED",
+    "stateReason": "COMPLETED",
+    "title": "locales - is the warning for non-standard prefixes still necessary?",
+    "updatedAt": "2025-04-10T16:47:30Z",
+    "url": "https://github.com/gavinhoward/bc/issues/90"
+  },
+  {
+    "assignees": [],
+    "author": {
+      "id": "U_kgDOBxD9gQ",
+      "is_bot": false,
+      "login": "tungstengmd",
+      "name": "harlow foxworthy"
+    },
+    "body": "this might have been excluded for a reason but can you add the \"!\" command back ? only reason being that i wanna clear the screen on certain events",
+    "closed": true,
+    "closedAt": "2025-04-18T20:43:24Z",
+    "comments": [
+      {
+        "id": "IC_kwDOCL0xJc6n20Uz",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "It was excluded for a reason, and no, I will not add it. Have your shell clear the screen.",
+        "createdAt": "2025-04-18T20:43:23Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/91#issuecomment-2816165171",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc6n25O1",
+        "author": {
+          "login": "tungstengmd"
+        },
+        "authorAssociation": "NONE",
+        "body": "had a feeling, and damn you're fast",
+        "createdAt": "2025-04-18T20:58:15Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/91#issuecomment-2816185269",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc6n3ljG",
+        "author": {
+          "login": "drawkula"
+        },
+        "authorAssociation": "NONE",
+        "body": "You can hardcode the sequence to clear the screen.\nTo be a bit independent of the terminal, catching what `clear` will send may be the way.\n```\n$ clear | xxd -C -p -u -\n1B5B481B5B324A\n```\nSo this ...\n```\n$ clear | xxd -C -p -u - | dc -e '16i ? P'\n```\n... demonstrates it.  Capture the value, in base10 if you prefer.\n\nTBH, I miss `!` too.\n",
+        "createdAt": "2025-04-18T23:55:14Z",
+        "includesCreatedEdit": true,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/91#issuecomment-2816366790",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc6n4p5E",
+        "author": {
+          "login": "tungstengmd"
+        },
+        "authorAssociation": "NONE",
+        "body": "oh wait you're onto something",
+        "createdAt": "2025-04-19T10:18:42Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/91#issuecomment-2816646724",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc6n5dwl",
+        "author": {
+          "login": "tungstengmd"
+        },
+        "authorAssociation": "NONE",
+        "body": "ok so basically you can just catch command output [as hex form] in xxd and input it to dc with the input radix as 16\ntherefore bypassing the need for `!`\nthanks @drawkula",
+        "createdAt": "2025-04-19T20:40:25Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/91#issuecomment-2816859173",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc6n-PJv",
+        "author": {
+          "login": "drawkula"
+        },
+        "authorAssociation": "NONE",
+        "body": "Sure you can read ™somewhere™ which control sequence your `$TERM` will use to clear the screen and then manually turn that into this string alike integer, but you'd have to do that anew everywhere you run your code attached to a differently behaving terminal emulation.  So catching the sequence from `clear`, similar `tput` commands or directly looking it up in Terminfo or Termcap terminal definitions makes it portable and I assumed catching the output of `clear` would be the easiest of these alternatives.\n\nUsing `xxd` may limit portability a bit.  That's probably the weak spot of this idea.  There are alternatives, but if available, `xxd` seems to fit this job best.",
+        "createdAt": "2025-04-21T10:18:17Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/91#issuecomment-2818110063",
+        "viewerDidAuthor": false
+      }
+    ],
+    "createdAt": "2025-04-18T20:41:22Z",
+    "id": "I_kwDOCL0xJc6zJ4VJ",
+    "isPinned": false,
+    "labels": [],
+    "milestone": null,
+    "number": 91,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [
+      {
+        "content": "THUMBS_UP",
+        "users": {
+          "totalCount": 1
+        }
+      }
+    ],
+    "state": "CLOSED",
+    "stateReason": "COMPLETED",
+    "title": "add ! command",
+    "updatedAt": "2025-04-21T10:18:18Z",
+    "url": "https://github.com/gavinhoward/bc/issues/91"
+  },
+  {
+    "assignees": [],
+    "author": {
+      "id": "U_kgDOB8YAUQ",
+      "is_bot": false,
+      "login": "tkb-github",
+      "name": ""
+    },
+    "body": "With the release of RHEL 10 and Fedora 42, we’ve tried to build 7.0.3 on both. No issues with Clang.\n\nWith GCC (v14 for RHEL 10, v15 for Fedora 42), though, the build succeeded under the [epel-10-aarch64](https://download.copr.fedorainfracloud.org/results/tkbcopr/bc-gh/epel-10-aarch64/09140402-bc-gh/) chroot but failed with [epel-10-x86_64](https://download.copr.fedorainfracloud.org/results/tkbcopr/bc-gh/epel-10-x86_64/09140402-bc-gh/), [fedora-42-x86_64](https://download.copr.fedorainfracloud.org/results/tkbcopr/bc-gh/fedora-42-x86_64/09140402-bc-gh/) and [fedora-42-aarch64](https://download.copr.fedorainfracloud.org/results/tkbcopr/bc-gh/fedora-42-aarch64/09140402-bc-gh/). Here’s excerpts from the failed builds.\n\nepel-10-x86_64:\n\n```sh\n\ngcc -DBC_ENABLED=1 -DDC_ENABLED=1 -I./include/ -DBUILD_TYPE=A  -DEXECPREFIX= -DMAINEXEC=bc   -DBC_NUM_KARATSUBA_LEN=34 -DBC_ENABLE_NLS=1 -DBC_ENABLE_EXTRA_MATH=1 -DBC_ENABLE_HISTORY=1 -DBC_ENABLE_LIBRARY=0 -DBC_ENABLE_MEMCHECK=0 -DBC_ENABLE_AFL=0 -DBC_ENABLE_OSSFUZZ=0 -DBC_DEFAULT_BANNER=0 -DBC_DEFAULT_SIGINT_RESET=1 -DBC_DEFAULT_TTY_MODE=1 -DBC_DEFAULT_PROMPT=1 -DBC_DEFAULT_EXPR_EXIT=1 -DBC_DEFAULT_DIGIT_CLAMP=0 -DDC_DEFAULT_SIGINT_RESET=1 -DDC_DEFAULT_TTY_MODE=0 -DDC_DEFAULT_PROMPT=0 -DDC_DEFAULT_EXPR_EXIT=1 -DDC_DEFAULT_DIGIT_CLAMP=0  -DBC_ENABLE_EDITLINE=0 -DBC_ENABLE_READLINE=0 -D_POSIX_C_SOURCE=200809L -D_XOPEN_SOURCE=700 -O3 -g -flto ./gen/dc_help.o ./gen/bc_help.o ./gen/lib.o ./gen/lib2.o src/args.o src/bc.o src/bc_lex.o src/bc_parse.o src/data.o src/dc.o src/dc_lex.o src/dc_parse.o src/file.o src/history.o src/lang.o src/lex.o src/main.o src/num.o src/opt.o src/parse.o src/program.o src/rand.o src/read.o src/vector.o src/vm.o -Wl,-z,relro -Wl,--as-needed  -Wl,-z,pack-relative-relocs -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-hardened-ld-errors -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -Wl,--build-id=sha1 -specs=/usr/lib/rpm/redhat/redhat-package-notes  -o bin/bc\n/usr/bin/ld: /tmp/ccMAotuu.ltrans0.ltrans.o: relocation R_X86_64_32 against `.rodata' can not be used when making a PIE object; recompile with -fPIE\n/usr/bin/ld: failed to set dynamic section sizes: bad value\ncollect2: error: ld returned 1 exit status\nmake: *** [Makefile:241: bin/bc] Error 1\nerror: Bad exit status from /var/tmp/rpm-tmp.G7xvMo (%build)\n\nRPM build errors:\n    Bad exit status from /var/tmp/rpm-tmp.G7xvMo (%build)\n\n```\n\nfedora-42-x86_64\n\n```sh\n\ngcc -DBC_ENABLED=1 -DDC_ENABLED=1 -I./include/ -DBUILD_TYPE=A  -DEXECPREFIX= -DMAINEXEC=bc   -DBC_NUM_KARATSUBA_LEN=34 -DBC_ENABLE_NLS=1 -DBC_ENABLE_EXTRA_MATH=1 -DBC_ENABLE_HISTORY=1 -DBC_ENABLE_LIBRARY=0 -DBC_ENABLE_MEMCHECK=0 -DBC_ENABLE_AFL=0 -DBC_ENABLE_OSSFUZZ=0 -DBC_DEFAULT_BANNER=0 -DBC_DEFAULT_SIGINT_RESET=1 -DBC_DEFAULT_TTY_MODE=1 -DBC_DEFAULT_PROMPT=1 -DBC_DEFAULT_EXPR_EXIT=1 -DBC_DEFAULT_DIGIT_CLAMP=0 -DDC_DEFAULT_SIGINT_RESET=1 -DDC_DEFAULT_TTY_MODE=0 -DDC_DEFAULT_PROMPT=0 -DDC_DEFAULT_EXPR_EXIT=1 -DDC_DEFAULT_DIGIT_CLAMP=0  -DBC_ENABLE_EDITLINE=0 -DBC_ENABLE_READLINE=0 -D_POSIX_C_SOURCE=200809L -D_XOPEN_SOURCE=700 -O3 -g -flto -o src/data.o -c ./src/data.c\nIn file included from /usr/lib/gcc/x86_64-redhat-linux/15/include/stdint.h:11,\n                 from ./include/status.h:46,\n                 from ./include/args.h:39,\n                 from ./src/data.c:39:\n./src/data.c:920:29: error: â^@^XfalseULâ^@^Y undeclared here (not in a function)\n  920 |         BC_PARSE_EXPR_ENTRY(false, false, true, true, true, true, true, true),\n      |                             ^~~~~\n./src/data.c:920:9: note: in expansion of macro â^@^XBC_PARSE_EXPR_ENTRYâ^@^Y\n  920 |         BC_PARSE_EXPR_ENTRY(false, false, true, true, true, true, true, true),\n      |         ^~~~~~~~~~~~~~~~~~~\n./src/data.c:920:43: error: â^@^XtrueULâ^@^Y undeclared here (not in a function)\n  920 |         BC_PARSE_EXPR_ENTRY(false, false, true, true, true, true, true, true),\n      |                                           ^~~~\n./src/data.c:920:9: note: in expansion of macro â^@^XBC_PARSE_EXPR_ENTRYâ^@^Y\n  920 |         BC_PARSE_EXPR_ENTRY(false, false, true, true, true, true, true, true),\n      |         ^~~~~~~~~~~~~~~~~~~\nmake: *** [Makefile:668: src/data.o] Error 1\ngcc -DBC_ENABLED=1 -DDC_ENABLED=1 -I./include/ -DBUILD_TYPE=A  -DEXECPREFIX= -DMAINEXEC=bc   -DBC_NUM_KARATSUBA_LEN=34 -DBC_ENABLE_NLS=1 -DBC_ENABLE_EXTRA_MATH=1 -DBC_ENABLE_HISTORY=1 -DBC_ENABLE_LIBRARY=0 -DBC_ENABLE_MEMCHECK=0 -DBC_ENABLE_AFL=0 -DBC_ENABLE_OSSFUZZ=0 -DBC_DEFAULT_BANNER=0 -DBC_DEFAULT_SIGINT_RESET=1 -DBC_DEFAULT_TTY_MODE=1 -DBC_DEFAULT_PROMPT=1 -DBC_DEFAULT_EXPR_EXIT=1 -DBC_DEFAULT_DIGIT_CLAMP=0 -DDC_DEFAULT_SIGINT_RESET=1 -DDC_DEFAULT_TTY_MODE=0 -DDC_DEFAULT_PROMPT=0 -DDC_DEFAULT_EXPR_EXIT=1 -DDC_DEFAULT_DIGIT_CLAMP=0  -DBC_ENABLE_EDITLINE=0 -DBC_ENABLE_READLINE=0 -D_POSIX_C_SOURCE=200809L -D_XOPEN_SOURCE=700 -O3 -g -flto -o src/dc.o -c ./src/dc.c\nmake: *** Waiting for unfinished jobs....\ngcc -DBC_ENABLE_AFL=0 -DBC_ENABLE_OSSFUZZ=0 -I./include/ -flto -o ./gen/strgen ./gen/strgen.c\ngcc -DBC_ENABLED=1 -DDC_ENABLED=1 -I./include/ -DBUILD_TYPE=A  -DEXECPREFIX= -DMAINEXEC=bc   -DBC_NUM_KARATSUBA_LEN=34 -DBC_ENABLE_NLS=1 -DBC_ENABLE_EXTRA_MATH=1 -DBC_ENABLE_HISTORY=1 -DBC_ENABLE_LIBRARY=0 -DBC_ENABLE_MEMCHECK=0 -DBC_ENABLE_AFL=0 -DBC_ENABLE_OSSFUZZ=0 -DBC_DEFAULT_BANNER=0 -DBC_DEFAULT_SIGINT_RESET=1 -DBC_DEFAULT_TTY_MODE=1 -DBC_DEFAULT_PROMPT=1 -DBC_DEFAULT_EXPR_EXIT=1 -DBC_DEFAULT_DIGIT_CLAMP=0 -DDC_DEFAULT_SIGINT_RESET=1 -DDC_DEFAULT_TTY_MODE=0 -DDC_DEFAULT_PROMPT=0 -DDC_DEFAULT_EXPR_EXIT=1 -DDC_DEFAULT_DIGIT_CLAMP=0  -DBC_ENABLE_EDITLINE=0 -DBC_ENABLE_READLINE=0 -D_POSIX_C_SOURCE=200809L -D_XOPEN_SOURCE=700 -O3 -g -flto -o src/bc_parse.o -c ./src/bc_parse.c\nerror: Bad exit status from /var/tmp/rpm-tmp.hRViel (%build)\n\nRPM build errors:\n    Bad exit status from /var/tmp/rpm-tmp.hRViel (%build)\n\n```\n\nfedora-42-aarch64\n\n```sh\n\ngcc -DBC_ENABLED=1 -DDC_ENABLED=1 -I./include/ -DBUILD_TYPE=A  -DEXECPREFIX= -DMAINEXEC=bc   -DBC_NUM_KARATSUBA_LEN=34 -DBC_ENABLE_NLS=1 -DBC_ENABLE_EXTRA_MATH=1 -DBC_ENABLE_HISTORY=1 -DBC_ENABLE_LIBRARY=0 -DBC_ENABLE_MEMCHECK=0 -DBC_ENABLE_AFL=0 -DBC_ENABLE_OSSFUZZ=0 -DBC_DEFAULT_BANNER=0 -DBC_DEFAULT_SIGINT_RESET=1 -DBC_DEFAULT_TTY_MODE=1 -DBC_DEFAULT_PROMPT=1 -DBC_DEFAULT_EXPR_EXIT=1 -DBC_DEFAULT_DIGIT_CLAMP=0 -DDC_DEFAULT_SIGINT_RESET=1 -DDC_DEFAULT_TTY_MODE=0 -DDC_DEFAULT_PROMPT=0 -DDC_DEFAULT_EXPR_EXIT=1 -DDC_DEFAULT_DIGIT_CLAMP=0  -DBC_ENABLE_EDITLINE=0 -DBC_ENABLE_READLINE=0 -D_POSIX_C_SOURCE=200809L -D_XOPEN_SOURCE=700 -O3 -g -flto -o src/data.o -c ./src/data.c\nIn file included from /usr/lib/gcc/aarch64-redhat-linux/15/include/stdint.h:11,\n                 from ./include/status.h:46,\n                 from ./include/args.h:39,\n                 from ./src/data.c:39:\n./src/data.c:920:29: error: â^@^XfalseULâ^@^Y undeclared here (not in a function)\n  920 |         BC_PARSE_EXPR_ENTRY(false, false, true, true, true, true, true, true),\n      |                             ^~~~~\n./src/data.c:920:9: note: in expansion of macro â^@^XBC_PARSE_EXPR_ENTRYâ^@^Y\n  920 |         BC_PARSE_EXPR_ENTRY(false, false, true, true, true, true, true, true),\n      |         ^~~~~~~~~~~~~~~~~~~\n./src/data.c:920:43: error: â^@^XtrueULâ^@^Y undeclared here (not in a function)\n  920 |         BC_PARSE_EXPR_ENTRY(false, false, true, true, true, true, true, true),\n      |                                           ^~~~\n./src/data.c:920:9: note: in expansion of macro â^@^XBC_PARSE_EXPR_ENTRYâ^@^Y\n  920 |         BC_PARSE_EXPR_ENTRY(false, false, true, true, true, true, true, true),\n      |         ^~~~~~~~~~~~~~~~~~~\nmake: *** [Makefile:668: src/data.o] Error 1\nmake: *** Waiting for unfinished jobs....\ngcc -DBC_ENABLED=1 -DDC_ENABLED=1 -I./include/ -DBUILD_TYPE=A  -DEXECPREFIX= -DMAINEXEC=bc   -DBC_NUM_KARATSUBA_LEN=34 -DBC_ENABLE_NLS=1 -DBC_ENABLE_EXTRA_MATH=1 -DBC_ENABLE_HISTORY=1 -DBC_ENABLE_LIBRARY=0 -DBC_ENABLE_MEMCHECK=0 -DBC_ENABLE_AFL=0 -DBC_ENABLE_OSSFUZZ=0 -DBC_DEFAULT_BANNER=0 -DBC_DEFAULT_SIGINT_RESET=1 -DBC_DEFAULT_TTY_MODE=1 -DBC_DEFAULT_PROMPT=1 -DBC_DEFAULT_EXPR_EXIT=1 -DBC_DEFAULT_DIGIT_CLAMP=0 -DDC_DEFAULT_SIGINT_RESET=1 -DDC_DEFAULT_TTY_MODE=0 -DDC_DEFAULT_PROMPT=0 -DDC_DEFAULT_EXPR_EXIT=1 -DDC_DEFAULT_DIGIT_CLAMP=0  -DBC_ENABLE_EDITLINE=0 -DBC_ENABLE_READLINE=0 -D_POSIX_C_SOURCE=200809L -D_XOPEN_SOURCE=700 -O3 -g -flto -o src/dc.o -c ./src/dc.c\ngcc -DBC_ENABLED=1 -DDC_ENABLED=1 -I./include/ -DBUILD_TYPE=A  -DEXECPREFIX= -DMAINEXEC=bc   -DBC_NUM_KARATSUBA_LEN=34 -DBC_ENABLE_NLS=1 -DBC_ENABLE_EXTRA_MATH=1 -DBC_ENABLE_HISTORY=1 -DBC_ENABLE_LIBRARY=0 -DBC_ENABLE_MEMCHECK=0 -DBC_ENABLE_AFL=0 -DBC_ENABLE_OSSFUZZ=0 -DBC_DEFAULT_BANNER=0 -DBC_DEFAULT_SIGINT_RESET=1 -DBC_DEFAULT_TTY_MODE=1 -DBC_DEFAULT_PROMPT=1 -DBC_DEFAULT_EXPR_EXIT=1 -DBC_DEFAULT_DIGIT_CLAMP=0 -DDC_DEFAULT_SIGINT_RESET=1 -DDC_DEFAULT_TTY_MODE=0 -DDC_DEFAULT_PROMPT=0 -DDC_DEFAULT_EXPR_EXIT=1 -DDC_DEFAULT_DIGIT_CLAMP=0  -DBC_ENABLE_EDITLINE=0 -DBC_ENABLE_READLINE=0 -D_POSIX_C_SOURCE=200809L -D_XOPEN_SOURCE=700 -O3 -g -flto -o src/bc_parse.o -c ./src/bc_parse.c\ngcc -DBC_ENABLE_AFL=0 -DBC_ENABLE_OSSFUZZ=0 -I./include/ -flto -o ./gen/strgen ./gen/strgen.c\nerror: Bad exit status from /var/tmp/rpm-tmp.5cLuhE (%build)\n\nRPM build errors:\n    Bad exit status from /var/tmp/rpm-tmp.5cLuhE (%build)\n\n```",
+    "closed": true,
+    "closedAt": "2025-06-08T22:18:49Z",
+    "comments": [
+      {
+        "id": "IC_kwDOCL0xJc6v8kNF",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "For epel-10-x86_64, just add `-fPIE` to the `CFLAGS`, like so:\n\n```\n$ CFLAGS=-fpie ./configure.sh\n$ make\n```\n\nFor the other two, it appears `stdbool.h` does not properly define `false` and `true`.",
+        "createdAt": "2025-06-07T05:46:33Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/92#issuecomment-2951889733",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc6wDPLy",
+        "author": {
+          "login": "tkb-github"
+        },
+        "authorAssociation": "NONE",
+        "body": "Thanks!",
+        "createdAt": "2025-06-08T06:52:46Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/issues/92#issuecomment-2953638642",
+        "viewerDidAuthor": false
+      }
+    ],
+    "createdAt": "2025-06-07T03:51:28Z",
+    "id": "I_kwDOCL0xJc66WQa1",
+    "isPinned": false,
+    "labels": [],
+    "milestone": null,
+    "number": 92,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "state": "CLOSED",
+    "stateReason": "COMPLETED",
+    "title": "Build failures under RHEL 10 & Fedora 42 with GCC",
+    "updatedAt": "2025-06-08T22:18:49Z",
+    "url": "https://github.com/gavinhoward/bc/issues/92"
+  }
+]
diff --git a/contrib/bc/project/github_prs.json b/contrib/bc/project/github_prs.json
new file mode 100644
index 000000000000..c2ca634c3554
--- /dev/null
+++ b/contrib/bc/project/github_prs.json
@@ -0,0 +1,7729 @@
+[
+  {
+    "additions": 8,
+    "assignees": [],
+    "author": {
+      "id": "MDQ6VXNlcjM5MjUwOQ==",
+      "is_bot": false,
+      "login": "bolknote",
+      "name": "Evgeny Stepanischev"
+    },
+    "autoMergeRequest": null,
+    "baseRefName": "master",
+    "baseRefOid": "9f34d2427d3f13c8e95b8485f5a6041789ffe400",
+    "body": "Code:\r\n`define a(*t[], t[]) {}`\r\n\r\nExpected result:\r\nParse error: function parameter or auto \"t[]\" already exists\r\n\r\nActual result:\r\nParses successfully (incorrect)\r\n\r\nThe interpreter now correctly rejects functions with duplicate parameter names, even when one is a reference array (*t[]).",
+    "changedFiles": 3,
+    "closed": true,
+    "closedAt": "2025-03-25T04:55:24Z",
+    "comments": [
+      {
+        "id": "IC_kwDOCL0xJc6j52QL",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Oh, and another thing you could get credit for: if you create `tests/bc/errors/39.txt` and put your reproducer into it, I would accept that too.",
+        "createdAt": "2025-03-25T02:01:13Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/89#issuecomment-2749850635",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc6j6h5M",
+        "author": {
+          "login": "bolknote"
+        },
+        "authorAssociation": "CONTRIBUTOR",
+        "body": "Yes, no problem! I hope I’ve managed to cover everything needed. If something isn’t quite right, please let me know!",
+        "createdAt": "2025-03-25T04:16:09Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/89#issuecomment-2750029388",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc6j6uej",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Looks good!",
+        "createdAt": "2025-03-25T04:55:31Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/89#issuecomment-2750080931",
+        "viewerDidAuthor": true
+      }
+    ],
+    "commits": [
+      {
+        "authoredDate": "2025-03-24T22:31:38Z",
+        "authors": [
+          {
+            "email": "imbolk@gmail.com",
+            "id": "MDQ6VXNlcjM5MjUwOQ==",
+            "login": "bolknote",
+            "name": "Evgeny Stepanischev"
+          }
+        ],
+        "committedDate": "2025-03-24T22:31:38Z",
+        "messageBody": "",
+        "messageHeadline": "Fix duplicate param check for ref arrays",
+        "oid": "97756f3dc17b74c2a9c31488e8680a03f2f016eb"
+      },
+      {
+        "authoredDate": "2025-03-25T04:07:25Z",
+        "authors": [
+          {
+            "email": "imbolk@gmail.com",
+            "id": "MDQ6VXNlcjM5MjUwOQ==",
+            "login": "bolknote",
+            "name": "Evgeny Stepanischev"
+          }
+        ],
+        "committedDate": "2025-03-25T04:07:25Z",
+        "messageBody": "",
+        "messageHeadline": "Fix coding style",
+        "oid": "facbd16ceecdd72015abe21f6f4fe4d686b8e66b"
+      },
+      {
+        "authoredDate": "2025-03-25T04:10:52Z",
+        "authors": [
+          {
+            "email": "imbolk@gmail.com",
+            "id": "MDQ6VXNlcjM5MjUwOQ==",
+            "login": "bolknote",
+            "name": "Evgeny Stepanischev"
+          }
+        ],
+        "committedDate": "2025-03-25T04:10:52Z",
+        "messageBody": "This test ensures the interpreter correctly rejects functions with\nduplicate parameter names, even when one is a reference array (*t[]).",
+        "messageHeadline": "Add test for duplicate ref array parameters",
+        "oid": "a10b2fd6a2b77325dc981a8ce296d1c22c47ba0a"
+      }
+    ],
+    "createdAt": "2025-03-24T22:35:24Z",
+    "deletions": 2,
+    "files": [
+      {
+        "path": "include/lang.h",
+        "additions": 4,
+        "deletions": 0
+      },
+      {
+        "path": "src/lang.c",
+        "additions": 3,
+        "deletions": 2
+      },
+      {
+        "path": "tests/bc/errors/39.txt",
+        "additions": 1,
+        "deletions": 0
+      }
+    ],
+    "fullDatabaseId": "2414968976",
+    "headRefName": "master",
+    "headRefOid": "a10b2fd6a2b77325dc981a8ce296d1c22c47ba0a",
+    "headRepository": {
+      "id": "R_kgDOOARsdw",
+      "name": "bc"
+    },
+    "headRepositoryOwner": {
+      "id": "MDQ6VXNlcjM5MjUwOQ==",
+      "name": "Evgeny Stepanischev",
+      "login": "bolknote"
+    },
+    "id": "PR_kwDOCL0xJc6P8YCQ",
+    "isCrossRepository": true,
+    "isDraft": false,
+    "labels": [],
+    "latestReviews": [
+      {
+        "id": "",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "I'll be upfront: I have accepted this because it passes the tests, and yes, it is a bug.\r\n\r\nHowever, if you run `./scripts/format.sh` on the repo before I do that, I won't have to adjust the style, which would hide your contribution for the `if` statement in `src/lang.c`.\r\n\r\nIf you could do that, I'd appreciate it, and you would get to keep your credit. If not, no problem; just tell me.",
+        "submittedAt": "2025-03-25T01:55:21Z",
+        "includesCreatedEdit": false,
+        "reactionGroups": [],
+        "state": "CHANGES_REQUESTED",
+        "commit": {
+          "oid": ""
+        }
+      }
+    ],
+    "maintainerCanModify": false,
+    "mergeCommit": {
+      "oid": "0013dbee105fad63633ffe11240b18deb3d4bf9e"
+    },
+    "mergeStateStatus": "UNKNOWN",
+    "mergeable": "UNKNOWN",
+    "mergedAt": "2025-03-25T04:55:24Z",
+    "mergedBy": {
+      "id": "MDQ6VXNlcjMxNzI2ODc=",
+      "is_bot": false,
+      "login": "gavinhoward",
+      "name": "Gavin D. Howard"
+    },
+    "milestone": null,
+    "number": 89,
+    "potentialMergeCommit": null,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "reviewDecision": "CHANGES_REQUESTED",
+    "reviewRequests": [],
+    "reviews": [
+      {
+        "id": "PRR_kwDOCL0xJc6hpxI0",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "I'll be upfront: I have accepted this because it passes the tests, and yes, it is a bug.\r\n\r\nHowever, if you run `./scripts/format.sh` on the repo before I do that, I won't have to adjust the style, which would hide your contribution for the `if` statement in `src/lang.c`.\r\n\r\nIf you could do that, I'd appreciate it, and you would get to keep your credit. If not, no problem; just tell me.",
+        "submittedAt": "2025-03-25T01:55:21Z",
+        "includesCreatedEdit": false,
+        "reactionGroups": [],
+        "state": "CHANGES_REQUESTED",
+        "commit": {
+          "oid": "97756f3dc17b74c2a9c31488e8680a03f2f016eb"
+        }
+      }
+    ],
+    "state": "MERGED",
+    "statusCheckRollup": [],
+    "title": "Fix duplicate param check for ref arrays",
+    "updatedAt": "2025-03-25T04:55:32Z",
+    "url": "https://github.com/gavinhoward/bc/pull/89"
+  },
+  {
+    "additions": 21,
+    "assignees": [],
+    "author": {
+      "id": "MDQ6VXNlcjM5MjUwOQ==",
+      "is_bot": false,
+      "login": "bolknote",
+      "name": "Evgeny Stepanischev"
+    },
+    "autoMergeRequest": null,
+    "baseRefName": "master",
+    "baseRefOid": "79d5bffaa1c74888d62c47342e5b99a96797a8b5",
+    "body": "```\r\nsrand = 10\r\n\r\nfor (i = 0; i < 1000000; i++) {\r\n\ta = irand(100000000)\r\n\tb = irand(100000000)\r\n\r\n\t. = new_band(a, b)\r\n}\r\n```\r\n\r\ntime bc -l band.bc\r\n\r\nreal\t0m12.768s\r\nuser\t0m12.735s\r\nsys\t0m0.030s\r\n\r\n```\r\nsrand = 10\r\n\r\nfor (i = 0; i < 1000000; i++) {\r\n\ta = irand(100000000)\r\n\tb = irand(100000000)\r\n\r\n\t. = band(a, b)\r\n}\r\n```\r\ntime bc -l band.bc\r\n\r\nreal\t0m25.416s\r\nuser\t0m25.270s\r\nsys\t0m0.119s",
+    "changedFiles": 1,
+    "closed": true,
+    "closedAt": "2025-03-01T05:22:26Z",
+    "comments": [
+      {
+        "id": "IC_kwDOCL0xJc6gdBpI",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "After convincing myself that your changes are correct, I accept them.\r\n\r\nHowever, I *am* going to adjust the style; the lib2 file gets put into the executable as a string, and I want to eliminate useless characters.",
+        "createdAt": "2025-03-01T05:22:29Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/88#issuecomment-2691963464",
+        "viewerDidAuthor": true
+      }
+    ],
+    "commits": [
+      {
+        "authoredDate": "2025-02-27T06:55:52Z",
+        "authors": [
+          {
+            "email": "imbolk@gmail.com",
+            "id": "MDQ6VXNlcjM5MjUwOQ==",
+            "login": "bolknote",
+            "name": "Evgeny Stepanischev"
+          }
+        ],
+        "committedDate": "2025-02-27T06:55:52Z",
+        "messageBody": "",
+        "messageHeadline": "The band() function has been accelerated almost 2x",
+        "oid": "4112814ae6456dd8d0455a1a6b1d06f7ab78d59a"
+      }
+    ],
+    "createdAt": "2025-02-27T07:03:09Z",
+    "deletions": 19,
+    "files": [
+      {
+        "path": "gen/lib2.bc",
+        "additions": 21,
+        "deletions": 19
+      }
+    ],
+    "fullDatabaseId": "2361404896",
+    "headRefName": "master",
+    "headRefOid": "4112814ae6456dd8d0455a1a6b1d06f7ab78d59a",
+    "headRepository": {
+      "id": "R_kgDOOARsdw",
+      "name": "bc"
+    },
+    "headRepositoryOwner": {
+      "id": "MDQ6VXNlcjM5MjUwOQ==",
+      "name": "Evgeny Stepanischev",
+      "login": "bolknote"
+    },
+    "id": "PR_kwDOCL0xJc6MwC3g",
+    "isCrossRepository": true,
+    "isDraft": false,
+    "labels": [],
+    "latestReviews": [],
+    "maintainerCanModify": false,
+    "mergeCommit": {
+      "oid": "6c12610da98b69e873702479e49218e2944437da"
+    },
+    "mergeStateStatus": "UNKNOWN",
+    "mergeable": "UNKNOWN",
+    "mergedAt": "2025-03-01T05:22:26Z",
+    "mergedBy": {
+      "id": "MDQ6VXNlcjMxNzI2ODc=",
+      "is_bot": false,
+      "login": "gavinhoward",
+      "name": "Gavin D. Howard"
+    },
+    "milestone": null,
+    "number": 88,
+    "potentialMergeCommit": null,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "reviewDecision": "",
+    "reviewRequests": [],
+    "reviews": [],
+    "state": "MERGED",
+    "statusCheckRollup": [],
+    "title": "The band() function has been accelerated almost 2x",
+    "updatedAt": "2025-03-01T05:22:30Z",
+    "url": "https://github.com/gavinhoward/bc/pull/88"
+  },
+  {
+    "additions": 8,
+    "assignees": [],
+    "author": {
+      "id": "MDQ6VXNlcjQ5NzIxNTU=",
+      "is_bot": false,
+      "login": "dag-erling",
+      "name": "Dag-Erling Smørgrav"
+    },
+    "autoMergeRequest": null,
+    "baseRefName": "master",
+    "baseRefOid": "ca389548763c40852040e5c028b0869b47a3710f",
+    "body": "Previously, we would catch `SIGWINCH` and call `el_resize()` from the signal handler.  This is unsafe and led to strange behavior such as terminating on second resize.  The simplest solution is to let libedit handle `SIGWINCH` itself.\r\n\r\nThis reverts 56bb18255a24 and 89d6c3451a60 and removes all traces of `SIGWINCH` from bc itself, and instead sets the `EL_SIGNAL` flag on the editline context, which causes libedit to detect and handle terminal size changes internally.",
+    "changedFiles": 5,
+    "closed": true,
+    "closedAt": "2025-01-09T03:21:56Z",
+    "comments": [
+      {
+        "id": "IC_kwDOCL0xJc6UKjDG",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Thank you for your contribution.\r\n\r\nHowever, I cannot accept it. The man page for libedit says that it installs its own signal handler for a set of signals, one of which is `SIGINT`, which `bc` needs to treat specially. So I cannot use `EL_SIGNAL`. If libedit only handled `SIGWINCH`, this would work.",
+        "createdAt": "2024-11-19T13:57:00Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/86#issuecomment-2485792966",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc6UKzkD",
+        "author": {
+          "login": "dag-erling"
+        },
+        "authorAssociation": "CONTRIBUTOR",
+        "body": "Did you even test my patch? It works just fine, because (except for `SIGWINCH` and `SIGCONT`) libedit restores the previous signal handler and re-posts the signal after cleaning up.",
+        "createdAt": "2024-11-19T14:24:15Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/86#issuecomment-2485860611",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc6ULIip",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "I tested it on macOS. It did not work with `SIGINT`. I do not have access to a Linux machine, but I will later in the day.\r\n\r\nBut I do not like depending on that behavior. Signals are finicky, and that could expose platform differences.",
+        "createdAt": "2024-11-19T14:56:46Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/86#issuecomment-2485946537",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc6ULaEs",
+        "author": {
+          "login": "dag-erling"
+        },
+        "authorAssociation": "CONTRIBUTOR",
+        "body": "I developed the patch on macOS, it works perfectly fine there and on FreeBSD. If you have an issue with it, perhaps you can describe the symptoms so I can help you figure it out instead of dismissing it out of hand?",
+        "createdAt": "2024-11-19T15:22:57Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/86#issuecomment-2486018348",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc6UMfC7",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Please give me some leniency. Testing it is not dismissing it out of hand. I am wary of making changes that may break things. And I have little time.\r\n\r\nHowever, in this case, I decided to test my code as well and found that it had the same problem: that multiple interrupts would not be handled. I found the fix, and it works for your code.\r\n\r\nIt make still take me time to test on Linux and FreeBSD, but this patch may still be viable.",
+        "createdAt": "2024-11-19T17:16:46Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/86#issuecomment-2486300859",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc6Zugh4",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Tested on Linux, FreeBSD, and macOS. With my fix, it works. There should be a release out soon-ish.\r\n\r\nThank you for your patience.",
+        "createdAt": "2025-01-09T03:22:42Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/86#issuecomment-2579105912",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc6aDHFg",
+        "author": {
+          "login": "dag-erling"
+        },
+        "authorAssociation": "CONTRIBUTOR",
+        "body": "Thank you!",
+        "createdAt": "2025-01-10T22:18:03Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/86#issuecomment-2584506720",
+        "viewerDidAuthor": false
+      }
+    ],
+    "commits": [
+      {
+        "authoredDate": "2024-11-12T11:50:39Z",
+        "authors": [
+          {
+            "email": "des@des.dev",
+            "id": "MDQ6VXNlcjQ5NzIxNTU=",
+            "login": "dag-erling",
+            "name": "Dag-Erling Smørgrav"
+          }
+        ],
+        "committedDate": "2024-11-12T11:59:50Z",
+        "messageBody": "Previously, we would catch SIGWINCH and call el_resize() from the signal handler.  This is unsafe and led to strange behavior such as terminating on second resize.  The simplest solution is to let libedit handle SIGWINCH itself.\n\nThis reverts 56bb18255a24 and 89d6c3451a60 and removes all traces of SIGWINCH from bc itself, and instead sets the EL_SIGNAL flag on the editline context, which causes libedit to detect and handle terminal size changes internally.",
+        "messageHeadline": "Let libedit handle terminal size changes.",
+        "oid": "e671399e9dc92181219da87e3aa02d44a0b4a4c3"
+      }
+    ],
+    "createdAt": "2024-11-12T12:02:29Z",
+    "deletions": 79,
+    "files": [
+      {
+        "path": "include/history.h",
+        "additions": 0,
+        "deletions": 24
+      },
+      {
+        "path": "include/status.h",
+        "additions": 0,
+        "deletions": 5
+      },
+      {
+        "path": "src/history.c",
+        "additions": 2,
+        "deletions": 12
+      },
+      {
+        "path": "src/read.c",
+        "additions": 6,
+        "deletions": 12
+      },
+      {
+        "path": "src/vm.c",
+        "additions": 0,
+        "deletions": 26
+      }
+    ],
+    "fullDatabaseId": "2174734014",
+    "headRefName": "des/sigwinch",
+    "headRefOid": "e671399e9dc92181219da87e3aa02d44a0b4a4c3",
+    "headRepository": {
+      "id": "R_kgDONOIgRA",
+      "name": "bc"
+    },
+    "headRepositoryOwner": {
+      "id": "MDQ6VXNlcjQ5NzIxNTU=",
+      "name": "Dag-Erling Smørgrav",
+      "login": "dag-erling"
+    },
+    "id": "PR_kwDOCL0xJc6Bn86-",
+    "isCrossRepository": true,
+    "isDraft": false,
+    "labels": [],
+    "latestReviews": [],
+    "maintainerCanModify": false,
+    "mergeCommit": {
+      "oid": "79d5bffaa1c74888d62c47342e5b99a96797a8b5"
+    },
+    "mergeStateStatus": "UNKNOWN",
+    "mergeable": "UNKNOWN",
+    "mergedAt": "2025-01-09T03:21:55Z",
+    "mergedBy": {
+      "id": "MDQ6VXNlcjMxNzI2ODc=",
+      "is_bot": false,
+      "login": "gavinhoward",
+      "name": "Gavin D. Howard"
+    },
+    "milestone": null,
+    "number": 86,
+    "potentialMergeCommit": null,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "reviewDecision": "",
+    "reviewRequests": [],
+    "reviews": [],
+    "state": "MERGED",
+    "statusCheckRollup": [],
+    "title": "Let libedit handle terminal size changes.",
+    "updatedAt": "2025-01-10T22:18:04Z",
+    "url": "https://github.com/gavinhoward/bc/pull/86"
+  },
+  {
+    "additions": 12,
+    "assignees": [],
+    "author": {
+      "id": "U_kgDOCgjy1g",
+      "is_bot": false,
+      "login": "henke9600",
+      "name": ""
+    },
+    "autoMergeRequest": null,
+    "baseRefName": "master",
+    "baseRefOid": "c5b7724ee07daa729f0123c6024223b834de42e3",
+    "body": "It's possible that the warning being ignored wasn't enabled in the first place, so always enabling it again is wrong.\r\n\r\nIn practice, this resulted in unexpected -Wdisabled-macro-expansion warnings when compiling against musl libc.",
+    "changedFiles": 3,
+    "closed": true,
+    "closedAt": "2024-09-21T19:14:25Z",
+    "comments": [
+      {
+        "id": "IC_kwDOCL0xJc6M-4FI",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "I have no comments. You followed style, and I agree that this was a problem. In fact, I had been intending to fix it, but I kept forgetting.\r\n\r\nThe question now is whether I should release. Do you know of any musl-based distros that use this `bc`? If not, I may not worry about releasing.",
+        "createdAt": "2024-09-21T19:15:47Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/84#issuecomment-2365292872",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc6M-6p8",
+        "author": {
+          "login": "henke9600"
+        },
+        "authorAssociation": "CONTRIBUTOR",
+        "body": "Not sure. I use it in my hobby distro, but i can live with the warning :slightly_smiling_face: ",
+        "createdAt": "2024-09-21T19:57:46Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/84#issuecomment-2365303420",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc6M_b08",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": ":)\r\n\r\nI think I'll do a release soonish for Gentoo's sake; technically, Gentoo users can use musl.",
+        "createdAt": "2024-09-22T03:16:02Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/84#issuecomment-2365439292",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc6NRQWz",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "`7.0.3` is out. I hope it works for you.",
+        "createdAt": "2024-09-24T04:12:15Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/84#issuecomment-2370110899",
+        "viewerDidAuthor": true
+      }
+    ],
+    "commits": [
+      {
+        "authoredDate": "2024-09-21T15:30:32Z",
+        "authors": [
+          {
+            "email": "henrik@lxm.se",
+            "id": "U_kgDOCgjy1g",
+            "login": "henke9600",
+            "name": "Henrik Lindström"
+          }
+        ],
+        "committedDate": "2024-09-21T15:47:44Z",
+        "messageBody": "It's possible that the warning being ignored wasn't enabled in the first\nplace, so always enabling it again is wrong.\n\nIn practice, this resulted in unexpected -Wdisabled-macro-expansion warnings\nwhen compiling against musl libc.\n\nSigned-off-by: Henrik Lindström <henrik@lxm.se>",
+        "messageHeadline": "Don't unconditionally enable warnings after ignoring them",
+        "oid": "16c4f913ed0935a878ce2644aab2ccc0da05c8d0"
+      }
+    ],
+    "createdAt": "2024-09-21T15:49:45Z",
+    "deletions": 6,
+    "files": [
+      {
+        "path": "src/file.c",
+        "additions": 2,
+        "deletions": 1
+      },
+      {
+        "path": "src/program.c",
+        "additions": 8,
+        "deletions": 4
+      },
+      {
+        "path": "src/vm.c",
+        "additions": 2,
+        "deletions": 1
+      }
+    ],
+    "fullDatabaseId": "2084576864",
+    "headRefName": "master",
+    "headRefOid": "16c4f913ed0935a878ce2644aab2ccc0da05c8d0",
+    "headRepository": {
+      "id": "R_kgDOL0az5w",
+      "name": "bc"
+    },
+    "headRepositoryOwner": {
+      "id": "U_kgDOCgjy1g",
+      "login": "henke9600"
+    },
+    "id": "PR_kwDOCL0xJc58QB5g",
+    "isCrossRepository": true,
+    "isDraft": false,
+    "labels": [],
+    "latestReviews": [],
+    "maintainerCanModify": false,
+    "mergeCommit": {
+      "oid": "e5d675785383ce6142116243aa63d21e5afb54f7"
+    },
+    "mergeStateStatus": "UNKNOWN",
+    "mergeable": "UNKNOWN",
+    "mergedAt": "2024-09-21T19:14:25Z",
+    "mergedBy": {
+      "id": "MDQ6VXNlcjMxNzI2ODc=",
+      "is_bot": false,
+      "login": "gavinhoward",
+      "name": "Gavin D. Howard"
+    },
+    "milestone": null,
+    "number": 84,
+    "potentialMergeCommit": null,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "reviewDecision": "",
+    "reviewRequests": [],
+    "reviews": [],
+    "state": "MERGED",
+    "statusCheckRollup": [],
+    "title": "Don't unconditionally enable warnings after ignoring them",
+    "updatedAt": "2024-09-24T04:12:15Z",
+    "url": "https://github.com/gavinhoward/bc/pull/84"
+  },
+  {
+    "additions": 1,
+    "assignees": [],
+    "author": {
+      "id": "U_kgDOBqIXaQ",
+      "is_bot": false,
+      "login": "GregTonoski",
+      "name": "Greg Tonoski"
+    },
+    "autoMergeRequest": null,
+    "baseRefName": "master",
+    "baseRefOid": "324c30985c0d3d6f918fe81f2d8750c0bd1c78b1",
+    "body": "",
+    "changedFiles": 1,
+    "closed": true,
+    "closedAt": "2024-08-31T18:15:37Z",
+    "comments": [
+      {
+        "id": "IC_kwDOCL0xJc6KdjgL",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Thank you for catching that!\r\n\r\nUnfortunately, `A.1.md` is actually generated from `bc.1.md.in`. I edited `bc.1.md.in` instead and regenerated the manpages.\r\n\r\nI wasn't able to set you as the author of the commit because I don't know your email address, but I will if you want.",
+        "createdAt": "2024-08-31T18:16:53Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [
+          {
+            "content": "THUMBS_UP",
+            "users": {
+              "totalCount": 1
+            }
+          }
+        ],
+        "url": "https://github.com/gavinhoward/bc/pull/81#issuecomment-2323003403",
+        "viewerDidAuthor": true
+      }
+    ],
+    "commits": [
+      {
+        "authoredDate": "2024-08-31T07:52:27Z",
+        "authors": [
+          {
+            "email": "111286121+GregTonoski@users.noreply.github.com",
+            "id": "U_kgDOBqIXaQ",
+            "login": "GregTonoski",
+            "name": "Greg Tonoski"
+          }
+        ],
+        "committedDate": "2024-08-31T07:52:27Z",
+        "messageBody": "",
+        "messageHeadline": "Update A.1.md minor correction - number instead of integer",
+        "oid": "8269063d303979de8188f4810a1c6b070494e025"
+      }
+    ],
+    "createdAt": "2024-08-31T07:52:34Z",
+    "deletions": 1,
+    "files": [
+      {
+        "path": "manuals/bc/A.1.md",
+        "additions": 1,
+        "deletions": 1
+      }
+    ],
+    "fullDatabaseId": "2047601609",
+    "headRefName": "patch-1",
+    "headRefOid": "8269063d303979de8188f4810a1c6b070494e025",
+    "headRepository": {
+      "id": "R_kgDOMq13Zg",
+      "name": "bc"
+    },
+    "headRepositoryOwner": {
+      "id": "U_kgDOBqIXaQ",
+      "name": "Greg Tonoski",
+      "login": "GregTonoski"
+    },
+    "id": "PR_kwDOCL0xJc56C-vJ",
+    "isCrossRepository": true,
+    "isDraft": false,
+    "labels": [],
+    "latestReviews": [],
+    "maintainerCanModify": false,
+    "mergeCommit": null,
+    "mergeStateStatus": "UNKNOWN",
+    "mergeable": "UNKNOWN",
+    "mergedAt": null,
+    "mergedBy": null,
+    "milestone": null,
+    "number": 81,
+    "potentialMergeCommit": null,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "reviewDecision": "",
+    "reviewRequests": [],
+    "reviews": [],
+    "state": "CLOSED",
+    "statusCheckRollup": [],
+    "title": "Update A.1.md minor correction - number instead of integer",
+    "updatedAt": "2024-08-31T18:16:54Z",
+    "url": "https://github.com/gavinhoward/bc/pull/81"
+  },
+  {
+    "additions": 1,
+    "assignees": [],
+    "author": {
+      "id": "U_kgDOCgjy1g",
+      "is_bot": false,
+      "login": "henke9600",
+      "name": ""
+    },
+    "autoMergeRequest": null,
+    "baseRefName": "master",
+    "baseRefOid": "3278daef0079c20ccaed3a8666457c531dbe576b",
+    "body": "This avoids the `./configure.sh: 1693: [: unexpected operator` error when using dash.",
+    "changedFiles": 1,
+    "closed": true,
+    "closedAt": "2024-04-30T01:57:03Z",
+    "comments": [
+      {
+        "id": "IC_kwDOCL0xJc58OZbM",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Sorry for the wait.\r\n\r\nYes, you are correct that that is a bug. Yes, your fix is correct. Accepted without comment!\r\n\r\nThank you for your contribution!",
+        "createdAt": "2024-04-30T01:57:40Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/76#issuecomment-2084148940",
+        "viewerDidAuthor": true
+      }
+    ],
+    "commits": [
+      {
+        "authoredDate": "2024-04-28T16:12:24Z",
+        "authors": [
+          {
+            "email": "henrik@lxm.se",
+            "id": "U_kgDOCgjy1g",
+            "login": "henke9600",
+            "name": "Henrik Lindström"
+          }
+        ],
+        "committedDate": "2024-04-28T16:12:24Z",
+        "messageBody": "",
+        "messageHeadline": "Make configure.sh posix compliant",
+        "oid": "938fc2cbcace3fb1fb353a5befff1b4a81180350"
+      }
+    ],
+    "createdAt": "2024-04-28T16:25:19Z",
+    "deletions": 1,
+    "files": [
+      {
+        "path": "configure.sh",
+        "additions": 1,
+        "deletions": 1
+      }
+    ],
+    "fullDatabaseId": "1844494404",
+    "headRefName": "master",
+    "headRefOid": "938fc2cbcace3fb1fb353a5befff1b4a81180350",
+    "headRepository": {
+      "id": "R_kgDOL0az5w",
+      "name": "bc"
+    },
+    "headRepositoryOwner": {
+      "id": "U_kgDOCgjy1g",
+      "login": "henke9600"
+    },
+    "id": "PR_kwDOCL0xJc5t8MBE",
+    "isCrossRepository": true,
+    "isDraft": false,
+    "labels": [],
+    "latestReviews": [],
+    "maintainerCanModify": false,
+    "mergeCommit": {
+      "oid": "59cf3b86eb4cafb6d7aa164d988a8c14c287e7f8"
+    },
+    "mergeStateStatus": "UNKNOWN",
+    "mergeable": "UNKNOWN",
+    "mergedAt": "2024-04-30T01:57:03Z",
+    "mergedBy": {
+      "id": "MDQ6VXNlcjMxNzI2ODc=",
+      "is_bot": false,
+      "login": "gavinhoward",
+      "name": "Gavin D. Howard"
+    },
+    "milestone": null,
+    "number": 76,
+    "potentialMergeCommit": null,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "reviewDecision": "",
+    "reviewRequests": [],
+    "reviews": [],
+    "state": "MERGED",
+    "statusCheckRollup": [],
+    "title": "Make configure.sh posix compliant",
+    "updatedAt": "2024-04-30T01:57:41Z",
+    "url": "https://github.com/gavinhoward/bc/pull/76"
+  },
+  {
+    "additions": 1,
+    "assignees": [],
+    "author": {
+      "id": "U_kgDOB2enHg",
+      "is_bot": false,
+      "login": "naggamura",
+      "name": ""
+    },
+    "autoMergeRequest": null,
+    "baseRefName": "master",
+    "baseRefOid": "1a381d61b079fc3548d3e4dee3a8ccd9200a3f87",
+    "body": "Found a printing error.\r\nTry obase=2; 2^99; 2^100; 2^105; you'll get it right away.",
+    "changedFiles": 1,
+    "closed": true,
+    "closedAt": "2023-12-22T15:38:08Z",
+    "comments": [
+      {
+        "id": "IC_kwDOCL0xJc5vVPQZ",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "You are correct; that is a bug.\r\n\r\nYour fix is correct; I got the condition backwards. Accepted without comment.\r\n\r\nSorry for taking so long, I struggle to read my own code; this is why I put in so many \"useless\" comments!\r\n\r\nAlso, I can think of another place that this *could have been* a problem and quickly tested it.\r\n\r\nThe problem is in printing in bases above base 16, where multiple characters may be printed for one digit.\r\n\r\nGuess what? I tested your fix after accepting it (I wanted your name in the Contributors list regardless), and your fix works for that too!\r\n\r\nTry this:\r\n\r\n```\r\n$ BC_LINE_LENGTH=77 bc\r\n>>> obase=128\r\n>>> 2^126\r\n 001 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000\r\n>>> quit\r\n```\r\n\r\nThat's what it is with the fix. Without, the bug shows:\r\n\r\n```\r\n$ BC_LINE_LENGTH=77 bc\r\n>>> obase=128\r\n>>> 2^126\r\n 001 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 00\\\r\n0\r\n>>> quit\r\n```\r\n\r\nI checked your fix with `BC_LINE_LENGTH=78` and `BC_LINE_LENGTH=76`, and your fix properly handles both.\r\n\r\nI am confident in your fix.\r\n\r\nAnyway, I'll start my release process and put out a release with your fix ASAP.",
+        "createdAt": "2023-12-22T15:53:14Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/74#issuecomment-1867838489",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5vWpvU",
+        "author": {
+          "login": "naggamura"
+        },
+        "authorAssociation": "CONTRIBUTOR",
+        "body": "Oh I helped... ^^; I'm happy.\r\nI'm Jonathan Kim",
+        "createdAt": "2023-12-23T05:14:48Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/74#issuecomment-1868209108",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc5vWqt8",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Yes, you did! And your fix has now passed the release process untouched.\r\n\r\nPlease don't think I'm a jerk for your previous PR; I try to not be.\r\n\r\nI just have ridiculously high standards and personal weaknesses in programming. And an eccentric style.\r\n\r\nIn fact, I [don't accept contributions at all][1] in my [next project][2]. Nothing against people, but I really struggle with patches. It's so bad that I actually can't get a programming job because of that. If you work in the industry, you're doing better than me.\r\n\r\nAnd nice to meet you. :)\r\n\r\n[1]: https://git.yzena.com/Yzena/Yc#user-content-open-source-not-open-contribution\r\n[2]: https://git.yzena.com/Yzena/Yc",
+        "createdAt": "2023-12-23T05:37:53Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/74#issuecomment-1868213116",
+        "viewerDidAuthor": true
+      }
+    ],
+    "commits": [
+      {
+        "authoredDate": "2023-12-22T13:22:27Z",
+        "authors": [
+          {
+            "email": "jonathan@acryl.ai",
+            "id": "U_kgDOB2enHg",
+            "login": "naggamura",
+            "name": "jonathan"
+          }
+        ],
+        "committedDate": "2023-12-22T13:22:27Z",
+        "messageBody": "Try obase=2; 2^105;",
+        "messageHeadline": "Fixed printing error.",
+        "oid": "930cb2fd56d7851ecc1af3de16b4b7357b0b5ba8"
+      }
+    ],
+    "createdAt": "2023-12-22T13:25:36Z",
+    "deletions": 1,
+    "files": [
+      {
+        "path": "src/num.c",
+        "additions": 1,
+        "deletions": 1
+      }
+    ],
+    "fullDatabaseId": "1655098845",
+    "headRefName": "master",
+    "headRefOid": "930cb2fd56d7851ecc1af3de16b4b7357b0b5ba8",
+    "headRepository": null,
+    "headRepositoryOwner": {
+      "id": "U_kgDOB2enHg",
+      "login": "naggamura"
+    },
+    "id": "PR_kwDOCL0xJc5ips3d",
+    "isCrossRepository": true,
+    "isDraft": false,
+    "labels": [],
+    "latestReviews": [],
+    "maintainerCanModify": false,
+    "mergeCommit": {
+      "oid": "39bd2c5622167a3c092ca9e2c38886ff288ba508"
+    },
+    "mergeStateStatus": "UNKNOWN",
+    "mergeable": "UNKNOWN",
+    "mergedAt": "2023-12-22T15:38:08Z",
+    "mergedBy": {
+      "id": "MDQ6VXNlcjMxNzI2ODc=",
+      "is_bot": false,
+      "login": "gavinhoward",
+      "name": "Gavin D. Howard"
+    },
+    "milestone": null,
+    "number": 74,
+    "potentialMergeCommit": null,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "reviewDecision": "",
+    "reviewRequests": [],
+    "reviews": [],
+    "state": "MERGED",
+    "statusCheckRollup": [],
+    "title": "Fixed printing error.",
+    "updatedAt": "2023-12-23T05:37:55Z",
+    "url": "https://github.com/gavinhoward/bc/pull/74"
+  },
+  {
+    "additions": 657,
+    "assignees": [],
+    "author": {
+      "id": "U_kgDOB2enHg",
+      "is_bot": false,
+      "login": "naggamura",
+      "name": ""
+    },
+    "autoMergeRequest": null,
+    "baseRefName": "master",
+    "baseRefOid": "fcbe9d68ccc964fda12457ebbf687a27f57ff31f",
+    "body": "I'm sorry I missed many things on last PR.\r\nI followed your instructions step by step.\r\n\r\nImproved SQRT needs no long division in iteration.\r\nOnly one long division is needed for compose an initial estimation.\r\n\r\nNo meaningful difference for small input.\r\n\r\nFor large input, about 2.4 times faster, no meaningful difference in memory usage.\r\n\r\nHere is the result for large input.\r\n\r\n( 'CC=clang CFLAGS=-flto ./configure -O3' is used for configuring. )\r\n[stat_c1.txt](https://github.com/gavinhoward/bc/files/13696239/stat_c1.txt)\r\n[stat_c4.txt](https://github.com/gavinhoward/bc/files/13696240/stat_c4.txt)\r\n\r\nsqrt1_large.txt : by your code.\r\nsqrt2_large.txt :  by my code.\r\n\r\n---------------------------------\r\n\r\nElapsed time for large input.\r\n\r\nx ../../sqrt1_large.txt\r\n+ ../../sqrt2_large.txt\r\n+--------------------------------------------------------------------------------+\r\n| +                                                                              |\r\n| +                                                                              |\r\n| +                                                                              |\r\n| +                                                                              |\r\n| +                                                                              |\r\n| +                                                                              |\r\n| +                                                                              |\r\n| +                                                                              |\r\n| +                                                                              |\r\n| +                                                                              |\r\n| +                                                                              |\r\n| +                                                                          x   |\r\n| +                                                                          x   |\r\n| +                                                                          x   |\r\n| +                                                                          x   |\r\n| +                                                                          x   |\r\n| +                                                                          x   |\r\n| +                                                                          x   |\r\n| +                                                                          x   |\r\n| +                                                                          x   |\r\n| +                                                                          x   |\r\n| +                                                                          x   |\r\n| +                                                                          x  x|\r\n| ++                                                                         x xx|\r\n|+++                                                                         x xx|\r\n|+++                                                                         x xx|\r\n|+++                                                                         xxxx|\r\n|+++                                                                         xxxx|\r\n|+++                                                                      x  xxxx|\r\n|+++                                                                      x  xxxx|\r\n|+++                                                                      x  xxxx|\r\n|++++                                                                     x  xxxx|\r\n| A|                                                                        |_A| |\r\n+--------------------------------------------------------------------------------+\r\n    N           Min           Max        Median           Avg        Stddev\r\nx  50         87.84         91.81        90.215       90.3572     1.0769137\r\n+  50         36.96         38.71        37.805       37.8088    0.44755408\r\nDifference at 99.5% confidence\r\n        -52.5484 +/- 0.523644\r\n        -58.1563% +/- 0.315605%\r\n        (Student's t, pooled s = 0.824636)\r\n\r\n\r\n----------------------\r\n\r\n\r\nMemory for large input.\r\n\r\nx ../../sqrt1_large.txt\r\n+ ../../sqrt2_large.txt\r\n+--------------------------------------------------------------------------------+\r\n|                  +                                                             |\r\n|                  +                                       x                     |\r\n|                  +                                       x                     |\r\n|                  +          +                        x   x                x    |\r\n|                  +     +    +                        x   x                x    |\r\n|                  +  + ++    ++                      xx x x  x    x        x    |\r\n|+              ++++ +++++ + +++                    x xx x x  x   xx      xxx  xx|\r\n|+ +            +++++++++++++++++     *    + *      x xxxxxxxxx xxxx      xxxx xx|\r\n|              |_______AM_______|                    |______M__A_________|       |\r\n+--------------------------------------------------------------------------------+\r\n    N           Min           Max        Median           Avg        Stddev\r\nx  50          5376          5596          5494       5508.96      51.80535\r\n+  50          5184          5412          5302       5301.12     44.115174\r\nDifference at 99.5% confidence\r\n        -207.84 +/- 30.5525\r\n        -3.77276% +/- 0.542566%\r\n        (Student's t, pooled s = 48.1141)\r\n\r\n\r\n- END -",
+    "changedFiles": 3,
+    "closed": true,
+    "closedAt": "2023-12-20T01:50:17Z",
+    "comments": [
+      {
+        "id": "IC_kwDOCL0xJc5u0b9I",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Unfortunately, you still did not check everything. That's probably my fault because I didn't tell you everything.\r\n\r\nNevertheless, this is what I found this time:\r\n\r\n* `CC=clang ./configure -pDBG; make`, my standard debug build, failed to build.\r\n* `CC=clang ./configure -gO0; make; make test`, a less strict debug build, failed the test suite.\r\n* `CC=clang ./configure -pGDH; make`, my standard release build for myself, failed to build.\r\n* `CC=clang ./configure -pGNU; make; make test`, the standard release build for Linux, failed the test suite.\r\n* `CC=gcc ./configure -pGNU; make; make test`, the same standard Linux build but with `gcc`, also failed the test suite.\r\n* `CC=clang ./configure -pBSD; make; make test`, the standard release build for FreeBSD and friends, failed the test suite.\r\n* `CC=gcc ./configure -pBSD; make; make test`, the same standard FreeBSD build but with `gcc`, also failed the test suite.\r\n\r\nIn addition, what failed on the test suite was off by a lot; the result I got for all cases was:\r\n\r\n```\r\nRunning bc sqrt...FAIL!!!\r\n12c12\r\n< .0000000000000035071355833500363\r\n---\r\n> .8915580480000035071355833500363\r\nbc failed test sqrt\r\n```\r\n\r\nAs you can see, the numbers are the same, except at the beginning, which means that answer was about as far off as it could be.\r\n\r\nIn addition, when I ran this:\r\n\r\n```\r\n$ ./configure -gO0 -v\r\n$ make\r\n$ make test\r\n```\r\n\r\nwhich is a Valgrind-enabled build, I got this:\r\n\r\n```\r\nRunning bc sqrt...==47836== Memcheck, a memory error detector\r\n==47836== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al.\r\n==47836== Using Valgrind-3.22.0 and LibVEX; rerun with -h for copyright info\r\n==47836== Command: bin/bc -lqc ./tests/bc/sqrt.txt\r\n==47836==\r\n==47836== Invalid write of size 8\r\n==47836==    at 0x484C96E: memset (vg_replace_strmem.c:1386)\r\n==47836==    by 0x12A28F: bc_int_elementary_mul (num.c:4274)\r\n==47836==    by 0x1253AA: bc_int_k_mul (num.c:4327)\r\n==47836==    by 0x124972: bc_num_sqrt (num.c:4636)\r\n==47836==    by 0x13156F: bc_program_builtin (program.c:1990)\r\n==47836==    by 0x12DB0C: bc_program_exec (program.c:3332)\r\n==47836==    by 0x13D623: bc_vm_process (vm.c:1046)\r\n==47836==    by 0x13CCA5: bc_vm_file (vm.c:1103)\r\n==47836==    by 0x13C117: bc_vm_exec (vm.c:1498)\r\n==47836==    by 0x13B4E1: bc_vm_boot (vm.c:1718)\r\n==47836==    by 0x10C0CC: bc_main (bc.c:62)\r\n==47836==    by 0x119995: main (main.c:108)\r\n==47836==  Address 0x4aa2270 is 32 bytes inside a block of size 36 alloc'd\r\n==47836==    at 0x4840784: malloc (vg_replace_malloc.c:442)\r\n==47836==    by 0x13A4C3: bc_vm_malloc (vm.c:810)\r\n==47836==    by 0x11BA76: bc_num_init (num.c:3368)\r\n==47836==    by 0x1244B1: bc_num_sqrt (num.c:4567)\r\n==47836==    by 0x13156F: bc_program_builtin (program.c:1990)\r\n==47836==    by 0x12DB0C: bc_program_exec (program.c:3332)\r\n==47836==    by 0x13D623: bc_vm_process (vm.c:1046)\r\n==47836==    by 0x13CCA5: bc_vm_file (vm.c:1103)\r\n==47836==    by 0x13C117: bc_vm_exec (vm.c:1498)\r\n==47836==    by 0x13B4E1: bc_vm_boot (vm.c:1718)\r\n==47836==    by 0x10C0CC: bc_main (bc.c:62)\r\n==47836==    by 0x119995: main (main.c:108)\r\n==47836==\r\n==47836==\r\n==47836== HEAP SUMMARY:\r\n==47836==     in use at exit: 0 bytes in 0 blocks\r\n==47836==   total heap usage: 1,633 allocs, 1,633 frees, 331,419 bytes allocated\r\n==47836==\r\n==47836== All heap blocks were freed -- no leaks are possible\r\n==47836==\r\n==47836== For lists of detected and suppressed errors, rerun with: -s\r\n==47836== ERROR SUMMARY: 8 errors from 1 contexts (suppressed: 0 from 0)\r\nFAIL!!!\r\nbc failed test 'sqrt' with error code 100\r\n```\r\n\r\nThat needs to be fixed, both the out-of-bounds write and the unaligned write.\r\n\r\nIf you're wondering how much testing I do, do this:\r\n\r\n* Create two clones of your branch in separate directories, which I will call `bc1/` and `bc2/`.\r\n* In `bc1/`, run `scripts/release.sh 1 1 1 1 0 1 0 0 1 0 1 0 1 0 0 1 1`.\r\n* In `bc2/`, run `scripts/release.sh 1 1 1 0 1 0 1 0 1 0 1 0 0 1 1 1 1`.\r\n* Run them both in separate terminals and at the same time.\r\n* Leave it overnight.\r\n\r\nYep, you heard that last bit right: my full test run is an overnight thing. And I run both because one does `clang`, and one does `gcc`.\r\n\r\nMoving on to benchmarks, I ran\r\n\r\n```\r\n$ CC=clang CFLAGS=-flto ./configure -O3\r\n$ make\r\n```\r\n\r\nin both branches. Then I ran\r\n\r\n```\r\n$ ./scripts/benchmark.sh -p1 -n50 bc newton_raphson_sqrt_small > ../sqrt2_small.txt\r\n```\r\n\r\nin your branch, copied `benchmarks/bc/newton_raphson_sqrt_small.txt` to my branch and ran\r\n\r\n```\r\n$ ./scripts/benchmark.sh -p1 -n50 bc newton_raphson_sqrt_small > ../sqrt1_small.txt\r\n```\r\n\r\nThese are my results:\r\n\r\n```\r\n$ ./scripts/ministat -w 80 -c99.5 -C1 ../sqrt1_small.txt ../sqrt2_small.txt\r\nx ../sqrt1_small.txt\r\n+ ../sqrt2_small.txt\r\n+--------------------------------------------------------------------------------+\r\n|                       +                           x                            |\r\n|                       +                           x    x                       |\r\n|                       +                           x    x                       |\r\n|                 +     +    +                      x    x                       |\r\n|                 +     +    +                      x    x     x                 |\r\n|           +     +     +    +                      x    x     x                 |\r\n|           +     +     +    +                      x    x     x                 |\r\n|           +     +     +    +                      x    x     x                 |\r\n|           +     +     +    +                      x    x     x                 |\r\n|           +     +     +    +     +          x     x    x     x     x    x      |\r\n|      +    +     +     +    +     +     x    x     x    x     x     x    x      |\r\n|      +    +     +     +    +     +     x    x     x    x     x     x    x      |\r\n|+     +    +     +     +    +     +     *    x     x    x     x     x    x     x|\r\n|            |________A_M_____|                 |________MA________|             |\r\n+--------------------------------------------------------------------------------+\r\n    N           Min           Max        Median           Avg        Stddev\r\nx  50          1.45          1.52          1.48        1.4806   0.016463937\r\n+  50          1.38          1.45          1.42        1.4164   0.015220824\r\nDifference at 99.5% confidence\r\n        -0.0642 +/- 0.0100677\r\n        -4.33608% +/- 0.664237%\r\n        (Student's t, pooled s = 0.0158546)\r\n$ ./scripts/ministat -w 80 -c99.5 -C4 ../sqrt1_small.txt ../sqrt2_small.txt\r\nx ../sqrt1_small.txt\r\n+ ../sqrt2_small.txt\r\n+--------------------------------------------------------------------------------+\r\n|                                                              +                 |\r\n|                                                              +                 |\r\n|                                        x                     +                 |\r\n|                          x             x                     +                 |\r\n|                          x             x         +           +                 |\r\n|                          x             x      +x +     +     +                 |\r\n|                          x         +  xx      +x +  x  +     +                 |\r\n|                          x         *+ xx      *x++  xx +  +  +                 |\r\n|                          xx       +*+xxxx    x**++  xx +  +  +                 |\r\n|x                      x  xx       +*+xxxx   x***++xx*x+++++  +               ++|\r\n|                             |__________A_|_______M|A_________|                 |\r\n+--------------------------------------------------------------------------------+\r\n    N           Min           Max        Median           Avg        Stddev\r\nx  50         18956         19244         19168      19168.16     57.880722\r\n+  50         19144         19376         19224      19232.88      54.73373\r\nDifference at 99.5% confidence\r\n        64.72 +/- 35.769\r\n        0.337643% +/- 0.186939%\r\n        (Student's t, pooled s = 56.3292)\r\n```\r\n\r\nYours was slightly faster and used slightly more memory.\r\n\r\nI ran the same benchmark for large, but only for one sample each, and my numbers say that yours are accurate for that benchmark.\r\n\r\nHowever, I cannot accept code that fails tests or has memory bugs. In addition, because of the test failures, you can expect that I will run a lot more tests on your code before I accept.\r\n\r\nSo I won't close this PR, but you need to fix the problems above (by running that `release.sh` script both ways and fixing every problem) before I'll look at it again.\r\n\r\nAlso, I can't understand `sqrt_2.png`. I can follow `sqrt_1.png`, but I need you to redo `sqrt_2.png` because I also won't accept the code if I don't understand it.",
+        "createdAt": "2023-12-17T18:09:30Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/73#issuecomment-1859239752",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5u10BR",
+        "author": {
+          "login": "naggamura"
+        },
+        "authorAssociation": "CONTRIBUTOR",
+        "body": "BcNum.len is managed as tight as possible. So clearing upper digits is needed for like sqrt(0.000...000xyz...)  \r\nPassed 'make test'\r\n---",
+        "createdAt": "2023-12-18T05:52:00Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/73#issuecomment-1859600465",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc5u12rZ",
+        "author": {
+          "login": "naggamura"
+        },
+        "authorAssociation": "CONTRIBUTOR",
+        "body": "Last push was not the latest version. Pushed again.\r\n\r\nAnyway, test again and passed all tests.\r\n\r\n...\r\n==5965== \r\n==5965== HEAP SUMMARY:\r\n==5965==     in use at exit: 0 bytes in 0 blocks\r\n==5965==   total heap usage: 1,520 allocs, 1,520 frees, 205,685 bytes allocated\r\n==5965== \r\n==5965== All heap blocks were freed -- no leaks are possible\r\n==5965== \r\n==5965== For counts of detected and suppressed errors, rerun with: -v\r\n==5965== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)\r\npass\r\nRunning bc directory test...pass\r\nRunning bc binary file test...pass\r\nRunning bc binary stdin test...pass\r\nRunning bc limits tests...pass\r\n\r\nAll bc tests passed.\r\n\r\n...\r\n...\r\n\r\n==6927== \r\n==6927== HEAP SUMMARY:\r\n==6927==     in use at exit: 0 bytes in 0 blocks\r\n==6927==   total heap usage: 73 allocs, 73 frees, 37,886 bytes allocated\r\n==6927== \r\n==6927== All heap blocks were freed -- no leaks are possible\r\n==6927== \r\n==6927== For counts of detected and suppressed errors, rerun with: -v\r\n==6927== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)\r\npass\r\nRunning dc directory test...pass\r\nRunning dc binary file test...pass\r\nRunning dc binary stdin test...pass\r\n\r\nAll dc tests passed.\r\n\r\n***********************************************************************\r\n\r\n----",
+        "createdAt": "2023-12-18T06:05:29Z",
+        "includesCreatedEdit": true,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/73#issuecomment-1859611353",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc5u3LdX",
+        "author": {
+          "login": "naggamura"
+        },
+        "authorAssociation": "CONTRIBUTOR",
+        "body": "Doing scripts/release.sh test...",
+        "createdAt": "2023-12-18T09:47:53Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/73#issuecomment-1859958615",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc5u_Gjj",
+        "author": {
+          "login": "naggamura"
+        },
+        "authorAssociation": "CONTRIBUTOR",
+        "body": "Passed the tests.\r\n\r\nBenchmarks\r\n\r\n[stat_small_c1.txt](https://github.com/gavinhoward/bc/files/13712108/stat_small_c1.txt)\r\n[stat_small_c4.txt](https://github.com/gavinhoward/bc/files/13712109/stat_small_c4.txt)\r\n[stat_large_c1.txt](https://github.com/gavinhoward/bc/files/13712110/stat_large_c1.txt)\r\n[stat_large_c4.txt](https://github.com/gavinhoward/bc/files/13712111/stat_large_c4.txt)\r\n",
+        "createdAt": "2023-12-19T03:09:54Z",
+        "includesCreatedEdit": true,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/73#issuecomment-1862035683",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc5vCDYq",
+        "author": {
+          "login": "naggamura"
+        },
+        "authorAssociation": "CONTRIBUTOR",
+        "body": "sqrt_2.png updated.",
+        "createdAt": "2023-12-19T13:58:49Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/73#issuecomment-1862809130",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc5vFhZX",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "I have spent two full days on this since the last time I sent a message. I cannot spend any more time on this; I have a project to finish and a hard deadline.\r\n\r\nSo I have to make a final decision, which is to reject this. Thank you for your contribution, but I guess I don't want it.\r\n\r\nThere are several reasons why:\r\n\r\n* Your code still contains debug code.\r\n* You created your own functions to do things when functions to do those things already exist, which shows lack of research again. And duplication.\r\n* Your proof looks wrong to me, or I still can't understand it.\r\n* Your code passes the test suite, but it did not pass another set of tests I threw at it.\r\n* This is purely a performance PR, which is not really important to me right now.\r\n\r\nBut most of all, and this is nothing against you, I just can't read other people's code. I am unable to build a theory of mind, and this extends to reading code written by other people.\r\n\r\nThere is a reason I tend to do things by myself; I can't work on the code otherwise.\r\n\r\nSo I'm afraid I have run out of time and desire. Sorry.",
+        "createdAt": "2023-12-20T01:50:17Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/73#issuecomment-1863718487",
+        "viewerDidAuthor": true
+      }
+    ],
+    "commits": [
+      {
+        "authoredDate": "2023-12-17T12:30:19Z",
+        "authors": [
+          {
+            "email": "jonathan@acryl.ai",
+            "id": "U_kgDOB2enHg",
+            "login": "naggamura",
+            "name": "jonathan"
+          }
+        ],
+        "committedDate": "2023-12-17T12:30:19Z",
+        "messageBody": "",
+        "messageHeadline": "New bc_num_sqrt function needs only one long division.",
+        "oid": "a8821844d9f05df15fde8bed92332226e147b151"
+      },
+      {
+        "authoredDate": "2023-12-18T02:46:18Z",
+        "authors": [
+          {
+            "email": "jonathan@acryl.ai",
+            "id": "U_kgDOB2enHg",
+            "login": "naggamura",
+            "name": "jonathan"
+          }
+        ],
+        "committedDate": "2023-12-18T02:46:18Z",
+        "messageBody": "Passed 'sqrt test'",
+        "messageHeadline": "SQRT fix: post process for numbers like 0.000000...000000xyz...",
+        "oid": "a4e27bb46a0fc9dc59e51ba5de153b6f2fe55f5d"
+      },
+      {
+        "authoredDate": "2023-12-18T05:46:38Z",
+        "authors": [
+          {
+            "email": "jonathan@acryl.ai",
+            "id": "U_kgDOB2enHg",
+            "login": "naggamura",
+            "name": "jonathan"
+          }
+        ],
+        "committedDate": "2023-12-18T05:46:38Z",
+        "messageBody": "",
+        "messageHeadline": "SQRT: fixed memory bug. passed 'make test'",
+        "oid": "f4f8cf72d513f2986bb477d10bcd0fcb520a0e7e"
+      },
+      {
+        "authoredDate": "2023-12-18T06:01:30Z",
+        "authors": [
+          {
+            "email": "jonathan@acryl.ai",
+            "id": "U_kgDOB2enHg",
+            "login": "naggamura",
+            "name": "jonathan"
+          }
+        ],
+        "committedDate": "2023-12-18T06:01:30Z",
+        "messageBody": "",
+        "messageHeadline": "Commit missed!!! fix again.",
+        "oid": "1faa1296390f5e689d78c28fa9b434516f47c15d"
+      },
+      {
+        "authoredDate": "2023-12-18T09:22:18Z",
+        "authors": [
+          {
+            "email": "jonathan@acryl.ai",
+            "id": "U_kgDOB2enHg",
+            "login": "naggamura",
+            "name": "jonathan"
+          }
+        ],
+        "committedDate": "2023-12-18T09:22:18Z",
+        "messageBody": "…r running release.sh",
+        "messageHeadline": "Removed unused variables, explicit type conversion in assignments, fo…",
+        "oid": "fb9d7b88c60ecdb7ce8bdfe8a11e23d09b2342fb"
+      },
+      {
+        "authoredDate": "2023-12-18T13:17:09Z",
+        "authors": [
+          {
+            "email": "jonathan@acryl.ai",
+            "id": "U_kgDOB2enHg",
+            "login": "naggamura",
+            "name": "jonathan"
+          }
+        ],
+        "committedDate": "2023-12-18T13:17:09Z",
+        "messageBody": "…unning release.sh.\n\nRunning release.sh for this commit now...",
+        "messageHeadline": "Fixed memory warning(passing NULL with zero length to memcpy) while r…",
+        "oid": "9f171378fe38619d032107d388eef06519dde4a7"
+      },
+      {
+        "authoredDate": "2023-12-19T03:08:34Z",
+        "authors": [
+          {
+            "email": "jonathan@acryl.ai",
+            "id": "U_kgDOB2enHg",
+            "login": "naggamura",
+            "name": "jonathan"
+          }
+        ],
+        "committedDate": "2023-12-19T03:08:34Z",
+        "messageBody": "…old one!)\n\n2. Passed Valgrind memory test.\n./configure -gO0 -v\nmake\nmake test\n\n3. Passed\nscripts/release.sh 1 1 1 0 1 0 1 0 1 0 1 0 0 1 1 1 1\non Ubuntu 18.04.2 LTS",
+        "messageHeadline": "1. Simple multiplication modified based on Gavin's (much better than …",
+        "oid": "2b3616586454f315a5014360f7f7d5d36f10bd9a"
+      },
+      {
+        "authoredDate": "2023-12-19T13:57:21Z",
+        "authors": [
+          {
+            "email": "jonathan@acryl.ai",
+            "id": "U_kgDOB2enHg",
+            "login": "naggamura",
+            "name": "jonathan"
+          }
+        ],
+        "committedDate": "2023-12-19T13:57:21Z",
+        "messageBody": "",
+        "messageHeadline": "Proof related to sqrt approximation updated.",
+        "oid": "2d7b8fe4efe528076a568b0f174c35a53e47ae93"
+      }
+    ],
+    "createdAt": "2023-12-17T13:16:03Z",
+    "deletions": 72,
+    "files": [
+      {
+        "path": "sqrt_1.png",
+        "additions": 0,
+        "deletions": 0
+      },
+      {
+        "path": "sqrt_2.png",
+        "additions": 0,
+        "deletions": 0
+      },
+      {
+        "path": "src/num.c",
+        "additions": 657,
+        "deletions": 72
+      }
+    ],
+    "fullDatabaseId": "1647316989",
+    "headRefName": "master",
+    "headRefOid": "2d7b8fe4efe528076a568b0f174c35a53e47ae93",
+    "headRepository": null,
+    "headRepositoryOwner": {
+      "id": "U_kgDOB2enHg",
+      "login": "naggamura"
+    },
+    "id": "PR_kwDOCL0xJc5iMA_9",
+    "isCrossRepository": true,
+    "isDraft": false,
+    "labels": [],
+    "latestReviews": [],
+    "maintainerCanModify": false,
+    "mergeCommit": null,
+    "mergeStateStatus": "UNKNOWN",
+    "mergeable": "UNKNOWN",
+    "mergedAt": null,
+    "mergedBy": null,
+    "milestone": null,
+    "number": 73,
+    "potentialMergeCommit": null,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "reviewDecision": "",
+    "reviewRequests": [],
+    "reviews": [],
+    "state": "CLOSED",
+    "statusCheckRollup": [],
+    "title": "New bc_num_sqrt function needs only one long division.",
+    "updatedAt": "2023-12-20T01:50:17Z",
+    "url": "https://github.com/gavinhoward/bc/pull/73"
+  },
+  {
+    "additions": 831,
+    "assignees": [],
+    "author": {
+      "id": "U_kgDOB2enHg",
+      "is_bot": false,
+      "login": "naggamura",
+      "name": ""
+    },
+    "autoMergeRequest": null,
+    "baseRefName": "master",
+    "baseRefOid": "5ee6a05918bd8341a7ed97d6594862ad5d713557",
+    "body": "Newton-Raphson approximation is applied to division and sqrt.\r\nTry 5^1000000 / 2^1000000 and sort(5^999999)\r\n",
+    "changedFiles": 3,
+    "closed": true,
+    "closedAt": "2023-12-14T04:47:11Z",
+    "comments": [
+      {
+        "id": "IC_kwDOCL0xJc5uku2Q",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Thank you for your PR. I have some comments.\r\n\r\n* If you run `CC=clang ./configure.sh -pDBG; make`, my regular debug build, the build fails.\r\n* If you run `CC=clang ./configure.sh -pGDH; make`, my regular release build, the build fails.\r\n* If you run `CC=gcc CFLAGS=\"-pedantic -Wextra -Werror\" ./configure -O3; make`, the build fails.\r\n* If you run `CC=clang ./configure -gO3; make; make test`, a release build with debug information, the build succeeds, but the test suite fails on an assert.\r\n* You have functions that have reserved names (names that begin with an underscore); using those names is undefined behavior.\r\n* You did not follow my style even though there is a script (`scripts/format.sh`) that will style the code for you.\r\n\r\nIn addition, I can unfortunately tell that you did no research into my `bc`. If you had, you would know that [I already use Newton-Raphson for `sqrt()`][1].\r\n\r\nHowever, all of that could be safely discarded if the code shows promise. So I wrote [benchmarks to test your new code][2].\r\n\r\nI ran these commands with my code:\r\n\r\n```\r\n$ CC=clang CFLAGS=-flto ./configure -O3\r\n$ make\r\n```\r\n\r\nThen I ran the benchmarks as follows:\r\n\r\n```\r\n$ ./scripts/benchmark.sh -p1 -n50 bc newton_raphson_div_small > ../div1_small.txt\r\n$ ./scripts/benchmark.sh -p1 -n50 bc newton_raphson_div_large > ../div1_large.txt\r\n$ ./scripts/benchmark.sh -p1 -n50 bc newton_raphson_sqrt_small > ../sqrt1_small.txt\r\n$ ./scripts/benchmark.sh -p1 -n50 bc newton_raphson_sqrt_large > ../sqrt1_large.txt\r\n```\r\n\r\nThen I repeated the steps with your code:\r\n\r\n```\r\n$ CC=clang CFLAGS=-flto ./configure -O3\r\n$ make\r\n$ ./scripts/benchmark.sh -p1 -n50 bc newton_raphson_div_small > ../div2_small.txt\r\n$ ./scripts/benchmark.sh -p1 -n50 bc newton_raphson_div_large > ../div2_large.txt\r\n$ ./scripts/benchmark.sh -p1 -n50 bc newton_raphson_sqrt_small > ../sqrt2_small.txt\r\n$ ./scripts/benchmark.sh -p1 -n50 bc newton_raphson_sqrt_large > ../sqrt2_large.txt\r\n```\r\n\r\nThe `small` benchmarks test the operation on \"small\" numbers (below `2^64`), and the `large` benchmarks test the operation on large numbers (a small number to a power up to 1,000,000).\r\n\r\nTo test how your code did, I used `ministat` in the repo, so I ran this:\r\n\r\n```\r\n$ make ministat\r\n```\r\n\r\nThen to test the time difference on `div_small`, I ran the following:\r\n\r\n```\r\n$ ./scripts/ministat -w80 -c95 -C1 ../div1_small.txt ../div2_small.txt\r\nx ../div1_small.txt\r\n+ ../div2_small.txt\r\n+--------------------------------------------------------------------------------+\r\n|       +  x                                                                     |\r\n|   +   +  x  *                                                                  |\r\n|   +   +  *  *  x                                                               |\r\n|   +   *  *  *  x                                                               |\r\n|   +   *  *  *  x                                                               |\r\n|   +   *  *  *  x                                                               |\r\n|   *   *  *  *  x     +                                                         |\r\n|   *   *  *  *  *  x  +     x                                                   |\r\n|*  *   *  *  *  *  x  *  +  x                                                   |\r\n|*  *   *  *  *  *  *  *  *  x     x  +                                         +|\r\n||____|____M_AA______|___|                                                       |\r\n+--------------------------------------------------------------------------------+\r\n    N           Min           Max        Median           Avg        Stddev\r\nx  50          3.41          3.52          3.45        3.4504   0.024071323\r\n+  50          3.41          3.67          3.44        3.4484   0.039967334\r\nNo difference proven at 95.0% confidence\r\n```\r\n\r\nAs you can tell, there's no difference at the lowest confidence I can accept.\r\n\r\nTo test the memory difference (max RSS) for `div_small`, I ran the following:\r\n\r\n```\r\n$ ./scripts/ministat -w80 -c95 -C4 ../div1_small.txt ../div2_small.txt\r\nx ../div1_small.txt\r\n+ ../div2_small.txt\r\n+--------------------------------------------------------------------------------+\r\n|   x                    x  x+  +   +   x       +xx xx  ++                       |\r\n| x x   +          x     *  x+ +++ ++   x  x *+ +xx xx  ++  +            x     + |\r\n|xx x  +++ +     + x    x*x x* *++ ++ x x +x ** +** ** x++ +* +x      + +xx    ++|\r\n|                 |_____|_____________A____A_M___________|___|                   |\r\n+--------------------------------------------------------------------------------+\r\n    N           Min           Max        Median           Avg        Stddev\r\nx  50         34792         35000         34912      34896.88     55.262136\r\n+  50         34808         35016         34916         34910     52.956663\r\nNo difference proven at 95.0% confidence\r\n```\r\n\r\nNo memory difference. Cool.\r\n\r\nFor the elapsed time for `div_large`:\r\n\r\n```\r\n$ ./scripts/ministat -w80 -c99.5 -C1 ../div1_large.txt ../div2_large.txt\r\nx ../div1_large.txt\r\n+ ../div2_large.txt\r\n+--------------------------------------------------------------------------------+\r\n|     x                                                                      +   |\r\n|     x                                                                     ++   |\r\n|     x                                                                     ++   |\r\n|     x                                                                     ++   |\r\n|     x                                                                     ++   |\r\n|     x                                                                     ++   |\r\n|     x                                                                     ++   |\r\n|     x                                                                     ++   |\r\n|     x                                                                     ++   |\r\n|     x                                                                     ++   |\r\n|     xx                                                                    ++   |\r\n|     xx                                                                    ++   |\r\n|     xx                                                                    ++   |\r\n|     xx                                                                    ++   |\r\n|     xx                                                                    ++   |\r\n|     xx                                                                    +++  |\r\n|     xx                                                                   ++++  |\r\n|     xx                                                                   ++++  |\r\n|    xxx                                                                   ++++  |\r\n|    xxx                                        x                          ++++++|\r\n||____MA_____|                                                              |A|  |\r\n+--------------------------------------------------------------------------------+\r\n    N           Min           Max        Median           Avg        Stddev\r\nx  50         13.72         21.71        13.845        14.013     1.1141964\r\n+  50          26.7         27.64        27.005       27.0158    0.17722452\r\nDifference at 99.5% confidence\r\n        13.0028 +/- 0.506578\r\n        92.791% +/- 6.90636%\r\n        (Student's t, pooled s = 0.79776)\r\n```\r\n\r\nAs you can see, there *is* a difference, with *99.5% confidence*, but in favor of the *old code*. In fact, if not for the one outlier, your code would be twice as slow.\r\n\r\nAnd if we look at the max RSS difference for `div_large`:\r\n\r\n```\r\n$ ./scripts/ministat -w80 -c99.5 -C4 ../div1_large.txt ../div2_large.txt\r\nx ../div1_large.txt\r\n+ ../div2_large.txt\r\n+--------------------------------------------------------------------------------+\r\n|                                                                              + |\r\n|                                                                              + |\r\n|                                                                              + |\r\n| x                                                                            + |\r\n| x                                                                            + |\r\n| x                                                                            + |\r\n| x                                                                            + |\r\n| x                                                                            + |\r\n| x                                                                            + |\r\n| x                                                                            + |\r\n| x                                                                            + |\r\n| x                                                                            + |\r\n| x                                                                            + |\r\n| x                                                                            + |\r\n| x                                                                            + |\r\n| x                                                                            + |\r\n| x                                                                            + |\r\n| x                                                                            + |\r\n| x                                                                            + |\r\n| x                                                                            + |\r\n| xx                                                                           + |\r\n| xx                                                                           ++|\r\n| xx                                                                          +++|\r\n|xxx                                                                          +++|\r\n|xxx                                                                          +++|\r\n|xxx                                                                          +++|\r\n|xxx                                                                          +++|\r\n|xxx                                                                          +++|\r\n|xxx                                                                          +++|\r\n|xxx x                                                                        +++|\r\n|xxxxx                                                                        +++|\r\n||A|                                                                          |A||\r\n+--------------------------------------------------------------------------------+\r\n    N           Min           Max        Median           Avg        Stddev\r\nx  50          8716          8968          8796       8802.72     57.549638\r\n+  50         13812         13960         13888      13890.08     41.837314\r\nDifference at 99.5% confidence\r\n        5087.36 +/- 31.9473\r\n        57.793% +/- 0.51%\r\n        (Student's t, pooled s = 50.3106)\r\n```\r\n\r\nYour code uses 50% more memory, with 99.5% confidence.\r\n\r\nMoving onto `sqrt_small`, for elapsed time, I got this:\r\n\r\n```\r\n$ ./scripts/ministat -w80 -c99.5 -C1 ../sqrt1_small.txt ../sqrt2_small.txt\r\nx ../sqrt1_small.txt\r\n+ ../sqrt2_small.txt\r\n+--------------------------------------------------------------------------------+\r\n| x                                                                        +     |\r\n| xx                                                                       +     |\r\n| xx                                                                       +     |\r\n| xx                                                                       +     |\r\n| xx                                                                     + +     |\r\n| xx                                                                     ++++    |\r\n| xx                                                                     ++++    |\r\n|xxx                                                                     ++++    |\r\n|xxx                                                                     ++++    |\r\n|xxxx                                                                    +++++   |\r\n|xxxx                                                                    +++++   |\r\n|xxxx                                                                    +++++   |\r\n|xxxxx                                                                   +++++   |\r\n|xxxxx x                                                                +++++++ +|\r\n| MA|                                                                    |_A_|   |\r\n+--------------------------------------------------------------------------------+\r\n    N           Min           Max        Median           Avg        Stddev\r\nx  50          1.47           1.6           1.5        1.5072   0.023822473\r\n+  50          3.07          3.26          3.14        3.1452   0.036153866\r\nDifference at 99.5% confidence\r\n        1.638 +/- 0.0194408\r\n        108.678% +/- 1.83123%\r\n        (Student's t, pooled s = 0.0306155)\r\n```\r\n\r\nYour code is twice as slow with 99.5% confidence.\r\n\r\nFor memory on `sqrt_small`, I got this:\r\n\r\n```\r\n$ ./scripts/ministat -w80 -c99.5 -C4 ../sqrt1_small.txt ../sqrt2_small.txt\r\nx ../sqrt1_small.txt\r\n+ ../sqrt2_small.txt\r\n+--------------------------------------------------------------------------------+\r\n|                                            xx    +   x                         |\r\n|                                          x xx    + x x        ++               |\r\n|                              x x         x xx  + + x x        ++               |\r\n|               x             xxxx         x xxx++ + x x  +x x +++      ++    +  |\r\n|xx      +      x x    +   + xxxxx +  + +* *xx***+++ x+xx++***++++    ++++   ++++|\r\n|                           |_____________|__M__________|A_M____________|        |\r\n+--------------------------------------------------------------------------------+\r\n    N           Min           Max        Median           Avg        Stddev\r\nx  50         18964         19252         19176       19160.4     68.353224\r\n+  50         19004         19344         19242      19231.68     71.990203\r\nDifference at 99.5% confidence\r\n        71.28 +/- 44.574\r\n        0.372017% +/- 0.233047%\r\n        (Student's t, pooled s = 70.1953)\r\n```\r\n\r\nSo there's a small increase of memory in your code, even at 99.5% confidence, but that's small enough that I can ignore it.\r\n\r\nFor time on `sqrt_large`, I got this:\r\n\r\n```\r\n$ ./scripts/ministat -w80 -c99.5 -C1 ../sqrt1_large.txt ../sqrt2_large.txt\r\nx ../sqrt1_large.txt\r\n+ ../sqrt2_large.txt\r\n+--------------------------------------------------------------------------------+\r\n| xx                                                                       +     |\r\n| xx                                                                       ++    |\r\n| xx                                                                       +++   |\r\n| xx                                                                       +++   |\r\n| xx                                                                       +++   |\r\n| xx                                                                       +++   |\r\n| xx                                                                      ++++   |\r\n| xx                                                                      ++++   |\r\n| xxx                                                                     +++++  |\r\n|xxxx                                                                     +++++  |\r\n|xxxx                                                                     +++++  |\r\n|xxxx                                                                     +++++  |\r\n|xxxxx                                                                    +++++++|\r\n| |A|                                                                      |A_|  |\r\n+--------------------------------------------------------------------------------+\r\n    N           Min           Max        Median           Avg        Stddev\r\nx  50         176.9        184.63       180.565       180.403     1.6383681\r\n+  50        327.42        339.26        331.24      331.3832     2.8256482\r\nDifference at 99.5% confidence\r\n        150.98 +/- 1.4666\r\n        83.6905% +/- 1.02747%\r\n        (Student's t, pooled s = 2.3096)\r\n```\r\n\r\nYour code is *almost* twice as slow at 99.5% confidence.\r\n\r\nFor memory on `sqrt_large`, I got this:\r\n\r\n```\r\n$ ./scripts/ministat -w80 -c99.5 -C4 ../sqrt1_large.txt ../sqrt2_large.txt\r\nx ../sqrt1_large.txt\r\n+ ../sqrt2_large.txt\r\n+--------------------------------------------------------------------------------+\r\n| x                                                                            + |\r\n| x                                                                            + |\r\n| x                                                                            + |\r\n| x                                                                            + |\r\n| x                                                                            + |\r\n| x                                                                            + |\r\n| x                                                                            + |\r\n| x                                                                            + |\r\n| x                                                                            + |\r\n| x                                                                            + |\r\n| x                                                                            + |\r\n| x                                                                            + |\r\n| x                                                                            + |\r\n| x                                                                            + |\r\n| x                                                                            + |\r\n| x                                                                            + |\r\n| x                                                                            + |\r\n| x                                                                            + |\r\n| x                                                                            + |\r\n| x                                                                            + |\r\n| x                                                                            + |\r\n| x                                                                            + |\r\n| x                                                                            ++|\r\n| x                                                                            ++|\r\n| x                                                                            ++|\r\n| x                                                                            ++|\r\n| x                                                                            ++|\r\n| x                                                                            ++|\r\n| x                                                                            ++|\r\n|xx                                                                            ++|\r\n|xx                                                                            ++|\r\n|xx                                                                            ++|\r\n|xx                                                                            ++|\r\n|xx                                                                            ++|\r\n|xxx                                                                           ++|\r\n|xxx                                                                           ++|\r\n||A                                                                            A||\r\n+--------------------------------------------------------------------------------+\r\n    N           Min           Max        Median           Avg        Stddev\r\nx  50          6952          7156          7044       7046.48     42.561955\r\n+  50         15412         15568         15496      15485.84     51.175313\r\nDifference at 99.5% confidence\r\n        8439.36 +/- 29.887\r\n        119.767% +/- 0.679408%\r\n        (Student's t, pooled s = 47.0661)\r\n```\r\n\r\nYour code uses twice as much memory at 99.5% confidence.\r\n\r\nSo on average, your code is twice as slow and uses more memory.\r\n\r\nUnfortunately, based on the poor performance of your code compared to what already exists, I can't say that it shows promise.\r\n\r\nCombined with the problems I mentioned at the beginning, I'm afraid I must reject this PR completely. Sorry.\r\n\r\n[1]: https://github.com/gavinhoward/bc/blob/master/manuals/algorithms.md#square-root\r\n[2]: https://github.com/gavinhoward/bc/commit/fcbe9d68ccc964fda12457ebbf687a27f57ff31f",
+        "createdAt": "2023-12-14T04:47:11Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [
+          {
+            "content": "THUMBS_UP",
+            "users": {
+              "totalCount": 1
+            }
+          },
+          {
+            "content": "EYES",
+            "users": {
+              "totalCount": 1
+            }
+          }
+        ],
+        "url": "https://github.com/gavinhoward/bc/pull/72#issuecomment-1855122832",
+        "viewerDidAuthor": true
+      }
+    ],
+    "commits": [
+      {
+        "authoredDate": "2023-12-11T20:27:06Z",
+        "authors": [
+          {
+            "email": "jonathan@acryl.ai",
+            "id": "U_kgDOB2enHg",
+            "login": "naggamura",
+            "name": "jonathan"
+          }
+        ],
+        "committedDate": "2023-12-11T20:27:06Z",
+        "messageBody": "",
+        "messageHeadline": "div, sqrt improved using Newton-Raphson algorithm.",
+        "oid": "d6e0849220eea59ff7b380dfc779a43a33a234d1"
+      },
+      {
+        "authoredDate": "2023-12-12T11:49:47Z",
+        "authors": [
+          {
+            "email": "jonathan@acryl.ai",
+            "id": "U_kgDOB2enHg",
+            "login": "naggamura",
+            "name": "jonathan"
+          }
+        ],
+        "committedDate": "2023-12-12T11:49:47Z",
+        "messageBody": "",
+        "messageHeadline": "Make secure more",
+        "oid": "7a1cd5f7667308300e7f9db46b1827fbc1dc2703"
+      },
+      {
+        "authoredDate": "2023-12-13T13:53:11Z",
+        "authors": [
+          {
+            "email": "jonathan@acryl.ai",
+            "id": "U_kgDOB2enHg",
+            "login": "naggamura",
+            "name": "jonathan"
+          }
+        ],
+        "committedDate": "2023-12-13T13:53:11Z",
+        "messageBody": "",
+        "messageHeadline": "markdown test",
+        "oid": "1f0cce37b56205fbc24db847d184ce452bfdb8fa"
+      },
+      {
+        "authoredDate": "2023-12-13T16:30:08Z",
+        "authors": [
+          {
+            "email": "jonathan@acryl.ai",
+            "id": "U_kgDOB2enHg",
+            "login": "naggamura",
+            "name": "jonathan"
+          }
+        ],
+        "committedDate": "2023-12-13T16:30:08Z",
+        "messageBody": "",
+        "messageHeadline": "Newton-Raphson div, sqrt",
+        "oid": "248e3b9b34cf4893f6440c169584592fc78f6090"
+      }
+    ],
+    "createdAt": "2023-12-13T16:38:28Z",
+    "deletions": 50,
+    "files": [
+      {
+        "path": "newton-raphson-div.png",
+        "additions": 0,
+        "deletions": 0
+      },
+      {
+        "path": "newton-raphson-sqrt.png",
+        "additions": 0,
+        "deletions": 0
+      },
+      {
+        "path": "src/num.c",
+        "additions": 831,
+        "deletions": 50
+      }
+    ],
+    "fullDatabaseId": "1642781993",
+    "headRefName": "newton-raphson",
+    "headRefOid": "248e3b9b34cf4893f6440c169584592fc78f6090",
+    "headRepository": null,
+    "headRepositoryOwner": {
+      "id": "U_kgDOB2enHg",
+      "login": "naggamura"
+    },
+    "id": "PR_kwDOCL0xJc5h6t0p",
+    "isCrossRepository": true,
+    "isDraft": false,
+    "labels": [],
+    "latestReviews": [],
+    "maintainerCanModify": false,
+    "mergeCommit": null,
+    "mergeStateStatus": "UNKNOWN",
+    "mergeable": "UNKNOWN",
+    "mergedAt": null,
+    "mergedBy": null,
+    "milestone": null,
+    "number": 72,
+    "potentialMergeCommit": null,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "reviewDecision": "",
+    "reviewRequests": [],
+    "reviews": [],
+    "state": "CLOSED",
+    "statusCheckRollup": [],
+    "title": "Newton-Raphson divison, sqrt",
+    "updatedAt": "2023-12-14T04:47:11Z",
+    "url": "https://github.com/gavinhoward/bc/pull/72"
+  },
+  {
+    "additions": 337,
+    "assignees": [],
+    "author": {
+      "id": "MDQ6VXNlcjgwNzU4MA==",
+      "is_bot": false,
+      "login": "SamuelMarks",
+      "name": "Samuel Marks"
+    },
+    "autoMergeRequest": null,
+    "baseRefName": "master",
+    "baseRefOid": "3f4c8cc5f86092fa4a8d59bc99d8f10ad2894cf0",
+    "body": "WiP\r\n\r\nCan finish if you like. Can also send you a PR on your own website, just make me an account",
+    "changedFiles": 19,
+    "closed": true,
+    "closedAt": "2025-03-25T05:20:50Z",
+    "comments": [
+      {
+        "id": "IC_kwDOCL0xJc5kTkGI",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Thank you for the PR!\r\n\r\nAllow me to I apologize upfront. Usually, I do not question user requests; after all, there is a user, and they have a request, so obviously, there is a need or a want.\r\n\r\n*However*, personally, [I ***hate*** CMake][1]. I hate it so much that I have spent *three years* designing and implementing a build system to remove it from my [other project][2], a build system that would allow building on Windows, Mac OSX, Linux, the BSD's, etc. And I was going to add support for that build system to `bc`, which I hoped would remove any need for people to use CMake to build `bc` cross-platform.\r\n\r\nSo, I apologize because I can tell you put a lot of work into this, but for once, I am asking you to provide justification. I won't ask for much; I just need to know why CMake is necessary and why you believe that keeping a fork would not serve. (Since a separate build system won't touch the code, it seems like an easy fork to keep.)\r\n\r\nAgain, I'm sorry.\r\n\r\nAlso, if I do decide to merge, I'm going to need you to explain the more complicated bits; I've tried to avoid complicated CMake as much as possible. But I need to be able to maintain the CMake code without your help.\r\n\r\n[1]: https://news.ycombinator.com/item?id=36469860\r\n[2]: https://git.yzena.com/Yzena/Yc",
+        "createdAt": "2023-08-17T19:34:43Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/68#issuecomment-1682850184",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5kVWMk",
+        "author": {
+          "login": "SamuelMarks"
+        },
+        "authorAssociation": "NONE",
+        "body": "@gavinhoward I'm obsessed with interoperability. CMake is one way to achieve this. Open to your build system also, where I plan on taking `bc` to:\r\n- Windows (different MSVC versions);\r\n- MinGW (x86, x64, …)\r\n- DOS (via OpenWatcom and maybe via early MSVC versions)\r\n- Cygwin\r\n- Linux\r\n- macOS\r\n- iOS\r\n- Android\r\n- SunOS (Solaris→OpenSolaris→illumos→OpenIndiana)\r\n- *BSD (FreeBSD, OpenBSD, …)\r\n\r\n…and yes I know you support some of these targets already.\r\n\r\nThere are some other nice advantages like CPack and CTest, but honestly there are a number of other nice build generators out there and I tend to choose CMake just because it's the most popular and has a good number of generators.",
+        "createdAt": "2023-08-18T04:01:35Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/68#issuecomment-1683317540",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc5kVpyv",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Okay, interoperability is something I can understand. But oh boy, I would love it if my build system could do all that.\r\n\r\nThat said, my build system (named Rig, by the way) won't be able to cross-compile in the first release, so some of those targets may not be possible in the first release of Rig. (OpenWatcom is the one that makes me most nervous.)\r\n\r\nSo I'll make you a deal. I'll do these things:\r\n\r\n1. Merge your PR,\r\n2. Set up Rig in my `bc` once it's ready,\r\n3. Write you a tutorial on how to use Rig for `bc`, and\r\n4. Help you understand the new build scripts,\r\n\r\nas long as you'll do the following:\r\n\r\n1. Give me your contact info because this is a pretty big commitment, and I want to be able to ask you questions, if at all possible (you can use the info at <https://gavinhoward.com/contact/> to send me that info privately),\r\n2. Point me to material that will help me set up environments for all of those platforms (so I can test `bc` and CMake on them myself),\r\n3. Explain to me any CMake code I don't understand (I'll make them reviews in the PR),\r\n4. Learn how to use Rig for `bc` once it's ready (I don't care if you use it for anything else), and\r\n5. At that point, give me your honest opinion if Rig can fully replace the CMake build.\r\n\r\nIf it can, I'd ***really*** like to remove the CMake then. If it can't, well, it can't, and CMake will stay in perpetuity.\r\n\r\nIn other words, I'll add CMake now if you'll give Rig a fair shake later.\r\n\r\nOh, and point number 2 is crucial; if I can't test `bc` on those platforms with CMake, I won't merge the PR because I would basically be committing to supporting those platforms by merging the PR, and I can't do that without the ability to test.\r\n\r\nBy the way, I only need to know how to set up environments for:\r\n\r\n* Windows (specifically different MSVC versions because I can already compile on the latest Windows 10);\r\n* MinGW\r\n* DOS (via OpenWatcom and maybe via early MSVC versions)\r\n* Cygwin\r\n* iOS (do I need a Mac computer?)\r\n* Android\r\n* SunOS (Solaris, OpenSolaris, illumos, OpenIndiana)\r\n\r\nI have the capability for the rest.",
+        "createdAt": "2023-08-18T06:04:29Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/68#issuecomment-1683397807",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5kX99Z",
+        "author": {
+          "login": "SamuelMarks"
+        },
+        "authorAssociation": "NONE",
+        "body": "Great yeah sure I'll give it a shot. No guaranteed time commitments (because of everything going on in my life); but I'll see what I can do.\r\n\r\nMy email is samuel`   `at symbol     offscale.io; or you can use    myfirstname mylastname`    `at symbol    gmail.com.\r\n\r\nI wrote some Windows Batch scripts for building on these different targets, and lots of things can run in a good CI/CD environment (e.g., GitHub Actions, Cirrus CI, &etc.): https://github.com/offscale/win-cmake-multi-build\r\n\r\nObviously still a ways to go to support all the different targets I'm interested in. But yeah something clean like your `bc` might be just complicated enough to test out my interoperability",
+        "createdAt": "2023-08-18T14:29:25Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/68#issuecomment-1684004697",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc5kcbRH",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Okay. Thank you.\r\n\r\nPlease let me know when this PR is not WIP.",
+        "createdAt": "2023-08-20T04:29:28Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/68#issuecomment-1685173319",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5kc7km",
+        "author": {
+          "login": "SamuelMarks"
+        },
+        "authorAssociation": "NONE",
+        "body": "Sure thing, I'll see if I can get to it later in the week. Last remaining errors:\r\n```\r\nbc.c.obj : error LNK2001: unresolved external symbol _bc_help\r\nvm.c.obj : error LNK2001: unresolved external symbol _bc_lib\r\nvm.c.obj : error LNK2001: unresolved external symbol _bc_lib_name\r\nvm.c.obj : error LNK2001: unresolved external symbol _bc_lib2\r\nvm.c.obj : error LNK2001: unresolved external symbol _bc_lib2_name\r\n```\r\n\r\nWhich should be defined in an object file that you define in your existent configure script:\r\n```sh\r\ncontents=$(replace \"$contents\" \"BC_HELP_O\" \"$bc_help\")\r\n```\r\n\r\nSo I just need to reverse-engineer it into CMake and we should be good to go™.",
+        "createdAt": "2023-08-20T14:58:39Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/68#issuecomment-1685305638",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc6j64Rc",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "It's been a year and a half, unfortunately, with no word since then.\r\n\r\nHowever, I have not stood still. I have [added][1] [Rig][2] [to `bc`][3], and I have [implemented the entire test suite in Rig][4].\r\n\r\nIn addition, Rig has the ability to cross compile now, and it will deactivate the tests under those conditions.\r\n\r\nSo because no progress has been made with CMake, and Rig is now working (except on Windows, but the only thing left is getting itself to bootstrap itself), I am rejecting this PR in favor of Rig.\r\n\r\n[1]: https://github.com/gavinhoward/bc/blob/master/build.gaml\r\n[2]: https://github.com/gavinhoward/bc/blob/master/build.rig\r\n[3]: https://github.com/gavinhoward/bc/blob/master/build.pkg.rig\r\n[4]: https://github.com/gavinhoward/bc/commit/77fcd66898f754cb1dbce262c6c0efd0879f855c",
+        "createdAt": "2025-03-25T05:20:50Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/68#issuecomment-2750121052",
+        "viewerDidAuthor": true
+      }
+    ],
+    "commits": [
+      {
+        "authoredDate": "2023-08-17T18:47:20Z",
+        "authors": [
+          {
+            "email": "807580+SamuelMarks@users.noreply.github.com",
+            "id": "MDQ6VXNlcjgwNzU4MA==",
+            "login": "SamuelMarks",
+            "name": "Samuel Marks"
+          }
+        ],
+        "committedDate": "2023-08-17T18:47:20Z",
+        "messageBody": "",
+        "messageHeadline": "CMake support (initial)",
+        "oid": "4256fe30a6eee88983bbe39b606a793a47b96ec0"
+      },
+      {
+        "authoredDate": "2023-08-17T20:06:53Z",
+        "authors": [
+          {
+            "email": "807580+SamuelMarks@users.noreply.github.com",
+            "id": "MDQ6VXNlcjgwNzU4MA==",
+            "login": "SamuelMarks",
+            "name": "Samuel Marks"
+          }
+        ],
+        "committedDate": "2023-08-17T20:06:53Z",
+        "messageBody": "",
+        "messageHeadline": "Improve CMake suppoprt and remove extraneous code & files",
+        "oid": "63e687a593ca72430a23216ab35eb897a4677b36"
+      },
+      {
+        "authoredDate": "2023-08-18T21:02:52Z",
+        "authors": [
+          {
+            "email": "807580+SamuelMarks@users.noreply.github.com",
+            "id": "MDQ6VXNlcjgwNzU4MA==",
+            "login": "SamuelMarks",
+            "name": "Samuel Marks"
+          }
+        ],
+        "committedDate": "2023-08-18T21:02:52Z",
+        "messageBody": "",
+        "messageHeadline": "Improve CMake support",
+        "oid": "a2e95a6e697fa9d6557a16c17ad6bf8d048b5bd3"
+      },
+      {
+        "authoredDate": "2023-08-19T00:43:54Z",
+        "authors": [
+          {
+            "email": "807580+SamuelMarks@users.noreply.github.com",
+            "id": "MDQ6VXNlcjgwNzU4MA==",
+            "login": "SamuelMarks",
+            "name": "Samuel Marks"
+          }
+        ],
+        "committedDate": "2023-08-19T00:43:54Z",
+        "messageBody": "",
+        "messageHeadline": "Improve CMake support",
+        "oid": "b945314d5edcb660bc286f63e60a5a63697b9ee4"
+      }
+    ],
+    "createdAt": "2023-08-17T18:49:48Z",
+    "deletions": 17,
+    "files": [
+      {
+        "path": ".gitignore",
+        "additions": 3,
+        "deletions": 0
+      },
+      {
+        "path": "CMakeLists.txt",
+        "additions": 123,
+        "deletions": 0
+      },
+      {
+        "path": "bcl.pc.in",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "cmake/BundleIcon.icns",
+        "additions": 0,
+        "deletions": 0
+      },
+      {
+        "path": "cmake/CTestConfig.cmake",
+        "additions": 7,
+        "deletions": 0
+      },
+      {
+        "path": "cmake/Config.cmake.in",
+        "additions": 4,
+        "deletions": 0
+      },
+      {
+        "path": "cmake/CustomVolumeIcon.icns",
+        "additions": 0,
+        "deletions": 0
+      },
+      {
+        "path": "cmake/Info.plist",
+        "additions": 14,
+        "deletions": 0
+      },
+      {
+        "path": "cmake/MultiCPackConfig.cmake",
+        "additions": 6,
+        "deletions": 0
+      },
+      {
+        "path": "cmake/README.txt",
+        "additions": 5,
+        "deletions": 0
+      },
+      {
+        "path": "cmake/Welcome.txt",
+        "additions": 1,
+        "deletions": 0
+      },
+      {
+        "path": "cmake/config.h.in",
+        "additions": 11,
+        "deletions": 0
+      },
+      {
+        "path": "include/bc.h",
+        "additions": 8,
+        "deletions": 7
+      },
+      {
+        "path": "include/dc.h",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "include/history.h",
+        "additions": 6,
+        "deletions": 4
+      },
+      {
+        "path": "include/read.h",
+        "additions": 2,
+        "deletions": 1
+      },
+      {
+        "path": "include/vm.h",
+        "additions": 10,
+        "deletions": 2
+      },
+      {
+        "path": "src/CMakeLists.txt",
+        "additions": 134,
+        "deletions": 0
+      },
+      {
+        "path": "src/vm.c",
+        "additions": 1,
+        "deletions": 1
+      }
+    ],
+    "fullDatabaseId": "1479523420",
+    "headRefName": "cmake",
+    "headRefOid": "b945314d5edcb660bc286f63e60a5a63697b9ee4",
+    "headRepository": {
+      "id": "R_kgDOKIWfvQ",
+      "name": "bc"
+    },
+    "headRepositoryOwner": {
+      "id": "MDQ6VXNlcjgwNzU4MA==",
+      "name": "Samuel Marks",
+      "login": "SamuelMarks"
+    },
+    "id": "PR_kwDOCL0xJc5YL7xc",
+    "isCrossRepository": true,
+    "isDraft": false,
+    "labels": [],
+    "latestReviews": [],
+    "maintainerCanModify": false,
+    "mergeCommit": null,
+    "mergeStateStatus": "DIRTY",
+    "mergeable": "CONFLICTING",
+    "mergedAt": null,
+    "mergedBy": null,
+    "milestone": null,
+    "number": 68,
+    "potentialMergeCommit": null,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "reviewDecision": "",
+    "reviewRequests": [],
+    "reviews": [],
+    "state": "CLOSED",
+    "statusCheckRollup": [],
+    "title": "CMake support",
+    "updatedAt": "2025-03-25T05:20:51Z",
+    "url": "https://github.com/gavinhoward/bc/pull/68"
+  },
+  {
+    "additions": 5,
+    "assignees": [],
+    "author": {
+      "id": "MDQ6VXNlcjc0MTgyNg==",
+      "is_bot": false,
+      "login": "dorjechang",
+      "name": "alexander naumochkin"
+    },
+    "autoMergeRequest": null,
+    "baseRefName": "master",
+    "baseRefOid": "71fa3cd4029d416a5272b262736c4d6ab709b6ce",
+    "body": "Casting int -1 to size_t produces SIZE_T_MAX so\r\nBC_NUM_PRINT_WIDTH is used instead of 0",
+    "changedFiles": 1,
+    "closed": true,
+    "closedAt": "2023-03-15T16:06:35Z",
+    "comments": [],
+    "commits": [
+      {
+        "authoredDate": "2023-03-15T12:46:29Z",
+        "authors": [
+          {
+            "email": "alexander.naumochkin@gmail.com",
+            "id": "MDQ6VXNlcjc0MTgyNg==",
+            "login": "dorjechang",
+            "name": "ash"
+          }
+        ],
+        "committedDate": "2023-03-15T12:46:29Z",
+        "messageBody": "Casting int -1 to size_t produces SIZE_T_MAX so\nBC_NUM_PRINT_WIDTH is used instead of 0",
+        "messageHeadline": "Fix incorrect processing of env:BC_LINE_LENGTH=0",
+        "oid": "31042aed8426850187b43d7e639f244354da0d6c"
+      }
+    ],
+    "createdAt": "2023-03-15T13:08:07Z",
+    "deletions": 2,
+    "files": [
+      {
+        "path": "src/vm.c",
+        "additions": 5,
+        "deletions": 2
+      }
+    ],
+    "fullDatabaseId": "1276831340",
+    "headRefName": "fix_BC_LINE_LENGTH=0",
+    "headRefOid": "31042aed8426850187b43d7e639f244354da0d6c",
+    "headRepository": null,
+    "headRepositoryOwner": {
+      "id": "MDQ6VXNlcjc0MTgyNg==",
+      "name": "alexander naumochkin",
+      "login": "dorjechang"
+    },
+    "id": "PR_kwDOCL0xJc5MGuZs",
+    "isCrossRepository": true,
+    "isDraft": false,
+    "labels": [],
+    "latestReviews": [],
+    "maintainerCanModify": false,
+    "mergeCommit": {
+      "oid": "0c42c52dfc0735026cb6d2534dc24436ff19778f"
+    },
+    "mergeStateStatus": "UNKNOWN",
+    "mergeable": "UNKNOWN",
+    "mergedAt": "2023-03-15T16:06:35Z",
+    "mergedBy": {
+      "id": "MDQ6VXNlcjMxNzI2ODc=",
+      "is_bot": false,
+      "login": "gavinhoward",
+      "name": "Gavin D. Howard"
+    },
+    "milestone": null,
+    "number": 65,
+    "potentialMergeCommit": null,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "reviewDecision": "",
+    "reviewRequests": [],
+    "reviews": [],
+    "state": "MERGED",
+    "statusCheckRollup": [],
+    "title": "Fix incorrect processing of env:BC_LINE_LENGTH=0",
+    "updatedAt": "2023-03-15T16:06:35Z",
+    "url": "https://github.com/gavinhoward/bc/pull/65"
+  },
+  {
+    "additions": 16,
+    "assignees": [],
+    "author": {
+      "id": "MDQ6VXNlcjQ2MTYwNzI3",
+      "is_bot": false,
+      "login": "firasuke",
+      "name": "Firas Khalil Khana"
+    },
+    "autoMergeRequest": null,
+    "baseRefName": "master",
+    "baseRefOid": "2ed62ba26831b34cae22b9e7b2f1dd2f3a74b541",
+    "body": "",
+    "changedFiles": 1,
+    "closed": true,
+    "closedAt": "2022-11-26T15:16:46Z",
+    "comments": [],
+    "commits": [
+      {
+        "authoredDate": "2022-11-26T10:30:09Z",
+        "authors": [
+          {
+            "email": "firasuke@gmail.com",
+            "id": "MDQ6VXNlcjQ2MTYwNzI3",
+            "login": "firasuke",
+            "name": "Firas Khalil Khana"
+          }
+        ],
+        "committedDate": "2022-11-26T10:30:09Z",
+        "messageBody": "",
+        "messageHeadline": "Mention MAN3DIR in build.md",
+        "oid": "f62ecdabc44ca2ed32f7f0895a78099919038da9"
+      }
+    ],
+    "createdAt": "2022-11-26T10:30:59Z",
+    "deletions": 7,
+    "files": [
+      {
+        "path": "manuals/build.md",
+        "additions": 16,
+        "deletions": 7
+      }
+    ],
+    "fullDatabaseId": "1136437158",
+    "headRefName": "master",
+    "headRefOid": "f62ecdabc44ca2ed32f7f0895a78099919038da9",
+    "headRepository": null,
+    "headRepositoryOwner": {
+      "id": "MDQ6VXNlcjQ2MTYwNzI3",
+      "name": "Firas Khalil Khana",
+      "login": "firasuke"
+    },
+    "id": "PR_kwDOCL0xJc5DvKem",
+    "isCrossRepository": true,
+    "isDraft": false,
+    "labels": [],
+    "latestReviews": [],
+    "maintainerCanModify": false,
+    "mergeCommit": {
+      "oid": "09247332bf9dafef6840864598c93df92ebc0820"
+    },
+    "mergeStateStatus": "UNKNOWN",
+    "mergeable": "UNKNOWN",
+    "mergedAt": "2022-11-26T15:16:46Z",
+    "mergedBy": {
+      "id": "MDQ6VXNlcjMxNzI2ODc=",
+      "is_bot": false,
+      "login": "gavinhoward",
+      "name": "Gavin D. Howard"
+    },
+    "milestone": null,
+    "number": 57,
+    "potentialMergeCommit": null,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "reviewDecision": "",
+    "reviewRequests": [],
+    "reviews": [],
+    "state": "MERGED",
+    "statusCheckRollup": [],
+    "title": "Mention MAN3DIR in build.md",
+    "updatedAt": "2022-11-26T15:16:46Z",
+    "url": "https://github.com/gavinhoward/bc/pull/57"
+  },
+  {
+    "additions": 1,
+    "assignees": [],
+    "author": {
+      "id": "MDQ6VXNlcjU3MDUxMDY4",
+      "is_bot": false,
+      "login": "pacordova",
+      "name": "Paul Cordova"
+    },
+    "autoMergeRequest": null,
+    "baseRefName": "master",
+    "baseRefOid": "4355599e9a59834098ed18e670b90cec2b84120d",
+    "body": "On POSIX systems, `find` may have indeterministic output (I believe based on the inode on the filesystem).\r\n`sort` is needed to ensure the output is deterministic.\r\n\r\nIn my builds, this resulted in the build order in the generated `Makefile` changing around.\r\nThus building on a fresh partition made with `mkfs.ext4` would result in the binary being different each time.\r\nThe compiled binary code in the`bc` binary shuffled around depending on which files were built first.\r\nPossibly the build order in the Makefile was affecting the order in which files were linked?\r\n\r\nI added `LC_ALL=C` recommended by reproducible-builds.org. \r\nSee below for reference:\r\n- [https://reproducible-builds.org/docs/archives/](https://reproducible-builds.org/docs/archives/)\r\n- [https://reproducible-builds.org/docs/stable-inputs/](https://reproducible-builds.org/docs/stable-inputs/)",
+    "changedFiles": 1,
+    "closed": true,
+    "closedAt": "2022-08-03T02:35:23Z",
+    "comments": [
+      {
+        "id": "IC_kwDOCL0xJc5Huq4A",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "The only hangup I would have had is if the way you did it was not portable to POSIX `sh`. I consulted the standard, and your solution is portable!\r\n\r\nI agree that reproducible builds are *very* important. So thank you for your contribution! I have accepted it, and it will be in the release out in a day or two. I just have to make sure everything builds correctly.",
+        "createdAt": "2022-08-03T02:37:10Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/54#issuecomment-1203416576",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5HuvNl",
+        "author": {
+          "login": "pacordova"
+        },
+        "authorAssociation": "CONTRIBUTOR",
+        "body": "No problem! Thank you for accepting my pull request!\r\nOne additional comment:\r\nWith this change I do get reproducible builds, although I do not use `-flto`\r\nYour recommended optimization of `-O3` I think should be ok, but I do know that Link Time Optimization (LTO) and Profile Guided Optimization (PGO) can both potentially break build determinism.\r\nEither way the end user should be able get reproducible builds if they want it with this change.\r\nThe CFLAGS I was testing with were `CFLAGS='-march=x86-64 -pipe -Os -fstack-protector-strong -fstack-clash-protection'` with GCC 11.2.0.",
+        "createdAt": "2022-08-03T03:13:48Z",
+        "includesCreatedEdit": true,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/54#issuecomment-1203434341",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc5Hwkv2",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Thank you!",
+        "createdAt": "2022-08-03T12:57:26Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/54#issuecomment-1203915766",
+        "viewerDidAuthor": true
+      }
+    ],
+    "commits": [
+      {
+        "authoredDate": "2022-08-02T16:49:50Z",
+        "authors": [
+          {
+            "email": "pac3nc@virginia.edu",
+            "id": "MDQ6VXNlcjU3MDUxMDY4",
+            "login": "pacordova",
+            "name": "pac"
+          }
+        ],
+        "committedDate": "2022-08-02T16:49:50Z",
+        "messageBody": "find has indeterministic output based on the inode on the filesystem,\nso sort is needed to ensure the output is deterministic",
+        "messageHeadline": "improve reproducibility",
+        "oid": "8c7d5fa125dae5049427cb9b0ddc9ee7bbf099b4"
+      },
+      {
+        "authoredDate": "2022-08-02T23:00:34Z",
+        "authors": [
+          {
+            "email": "pac3nc@virginia.edu",
+            "id": "MDQ6VXNlcjU3MDUxMDY4",
+            "login": "pacordova",
+            "name": "pac"
+          }
+        ],
+        "committedDate": "2022-08-02T23:00:34Z",
+        "messageBody": "",
+        "messageHeadline": "remove -z",
+        "oid": "6ea4d12e2f11e0ce0bed779d991a17230db3a889"
+      }
+    ],
+    "createdAt": "2022-08-02T17:17:46Z",
+    "deletions": 1,
+    "files": [
+      {
+        "path": "configure.sh",
+        "additions": 1,
+        "deletions": 1
+      }
+    ],
+    "fullDatabaseId": "1015375109",
+    "headRefName": "reproducible_builds",
+    "headRefOid": "6ea4d12e2f11e0ce0bed779d991a17230db3a889",
+    "headRepository": null,
+    "headRepositoryOwner": {
+      "id": "MDQ6VXNlcjU3MDUxMDY4",
+      "name": "Paul Cordova",
+      "login": "pacordova"
+    },
+    "id": "PR_kwDOCL0xJc48hWUF",
+    "isCrossRepository": true,
+    "isDraft": false,
+    "labels": [],
+    "latestReviews": [],
+    "maintainerCanModify": false,
+    "mergeCommit": {
+      "oid": "71215b0eb1c20aa622bd77e664ad7f099b349e91"
+    },
+    "mergeStateStatus": "UNKNOWN",
+    "mergeable": "UNKNOWN",
+    "mergedAt": "2022-08-03T02:35:23Z",
+    "mergedBy": {
+      "id": "MDQ6VXNlcjMxNzI2ODc=",
+      "is_bot": false,
+      "login": "gavinhoward",
+      "name": "Gavin D. Howard"
+    },
+    "milestone": null,
+    "number": 54,
+    "potentialMergeCommit": null,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "reviewDecision": "",
+    "reviewRequests": [],
+    "reviews": [],
+    "state": "MERGED",
+    "statusCheckRollup": [],
+    "title": "Improve Reproducibility (Reproducible Builds)",
+    "updatedAt": "2022-08-03T12:57:26Z",
+    "url": "https://github.com/gavinhoward/bc/pull/54"
+  },
+  {
+    "additions": 11,
+    "assignees": [],
+    "author": {
+      "id": "MDQ6VXNlcjQxMzkwMDY=",
+      "is_bot": false,
+      "login": "bsdimp",
+      "name": "Warner Losh"
+    },
+    "autoMergeRequest": null,
+    "baseRefName": "master",
+    "baseRefOid": "cad172d8f0962f47b08007beedc8f4637618ffe6",
+    "body": "The historic gnu bc behavior was to have ^D be delete next character if\r\nthere were any characters in the input, or end of file if there\r\nweren't. This matches what emacs users expect for editing the command\r\nline. Implement this by assuming end of file if the input is empty, and\r\ndelete forward character if it isn't.\r\n\r\nSigned-off-by: Warner Losh <imp@bsdimp.com>",
+    "changedFiles": 1,
+    "closed": true,
+    "closedAt": "2022-04-29T14:06:09Z",
+    "comments": [
+      {
+        "id": "IC_kwDOCL0xJc5CTTkH",
+        "author": {
+          "login": "bsdimp"
+        },
+        "authorAssociation": "CONTRIBUTOR",
+        "body": "I've been using this change in my tree for a while now since FreeBSD merged the Howard bc. If there's a way to write a test case for it, please let me know.\r\n\r\nTo test it out, it's simple: 123^B^D^M should leave you in bc and produce the answer 12. Current behavior is to exit after printing 123.",
+        "createdAt": "2022-04-28T15:36:16Z",
+        "includesCreatedEdit": true,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/51#issuecomment-1112357127",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc5CVMF_",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Thank you for this submission. I have tested it, and it works as advertised. It does require a tweak to the test suite to get all of the tests to pass.\r\n\r\nHowever, there are two hangups.\r\n\r\nFirst, if I do merge this, I'm not sure it warrants another release by itself; it might be better to wait until some other change comes along.\r\n\r\nSecond, this does change the behavior of `bc` and would require a major version bump. This is also the biggest reason for wanting at least one other change; this is a small change that requires a big version bump, and I'd want something big.\r\n\r\nBut the fact that it changes behavior also gives me pause. I don't know how many people depend on the `^D` behavior for end-of-file, even when there's input, and I hesitate to make this change without knowing the numbers.\r\n\r\nHowever, I would be satisfied with just a survey of FreeBSD users, which should be the biggest portion of my userbase. (Not many Linux distros have my `bc`, and history is not available on Windows.) That is, I would be satisfied if the survey showed that the vast majority of the FreeBSD users who respond either don't care or agree with the change.\r\n\r\nI would also be satisfied with the blessing of my regular FreeBSD contact, Stefan Esser, who I believe has a good handle on what changes would be okay to make.\r\n\r\nIf you can give me either one of those two things, I'll merge. If Stefan even gives a blessing for a release, I'll do that too.",
+        "createdAt": "2022-04-29T03:47:48Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/51#issuecomment-1112850815",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5CW3df",
+        "author": {
+          "login": "bsdimp"
+        },
+        "authorAssociation": "CONTRIBUTOR",
+        "body": "Since it's only in the command history editing, I'm having trouble understanding how it would affect tests or other input since that code path appears to be disabled when we aren't reading from a tty.\r\n\r\nAnd even if it didn't, ^D on Unix is only a tty signal of EOF. It's not used at the end of files to signify EOF, which is done by zero read.\r\n\r\nFreeBSD used gnu bc since 1998. It has the behavior I've implemented for the past at least 24 years, so it wouldn't be unreasonable to assume that it's what FreeBSD users that care one way or the other would want. Once you've started to edit the text on the line, you don't want to terminate the program and get an answer for the partially edited line.\r\n\r\nI'd argue that this is a mere bug fix to make things more compatible with bc and isn't such a gross behavior change as to warrant a major release bump, but that's just my sensibilities.\r\n\r\nI'm OK waiting on a release. I'll also chat with Stefan as well about this point.",
+        "createdAt": "2022-04-29T13:07:47Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/51#issuecomment-1113290591",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc5CXG7p",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "I have history tests, but they are only run when you run `make test_history` because they can be...flaky. No worries; I'll make the change to fix them. In fact, I might make a change to test this new behavior.\r\n\r\nYou make a compelling and convincing case that this is merely a bug fix. Stefan seems to agree that it is and that many old Unix users would expect this behavior change.\r\n\r\nIn fact, if old Unix users expect the change, then the fact that no one has said anything is probably a good indicator that no one has been using it, which means I can pull the rug out without making anybody mad.\r\n\r\nSo I'm more than satisfied. I'll make the change, and I'll make it in a bugfix release.",
+        "createdAt": "2022-04-29T14:06:00Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/51#issuecomment-1113353961",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5CXNGY",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "I do have a question: should I remove the EOF behavior entirely?",
+        "createdAt": "2022-04-29T14:22:22Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/51#issuecomment-1113379224",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc5CXQAy",
+        "author": {
+          "login": "bsdimp"
+        },
+        "authorAssociation": "CONTRIBUTOR",
+        "body": "> I do have a question: should I remove the EOF behavior entirely?\r\n\r\nNo. The behavior I implemented matches gnu bc's behavior.",
+        "createdAt": "2022-04-29T14:28:47Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [
+          {
+            "content": "THUMBS_UP",
+            "users": {
+              "totalCount": 1
+            }
+          }
+        ],
+        "url": "https://github.com/gavinhoward/bc/pull/51#issuecomment-1113391154",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "IC_kwDOCL0xJc5CXkZ_",
+        "author": {
+          "login": "stesser"
+        },
+        "authorAssociation": "CONTRIBUTOR",
+        "body": " I had sent a reply to Gavin a few hours ago, and I do see that the pull request has already been merged.\r\n\r\nJust a comment regarding compatibility with the previous bc version in FreeBSD:\r\n\r\nWhile GNU bc has the requested behavior, the previous bc in FreeBSD up to 12.x did not:\r\n\r\n$ bc -v\r\nbc (BSD bc) 1.1-FreeBSD\r\n$ bc\r\n12345^B^B^B  <- cursor on 3\r\n^D <- bell sound, nothing deleted\r\n<DEL>\r\n1245 <- result after pressing DEL\r\n\r\nIn the FreeBSD bc (which had been obtained from OpenBSD) ^D did only signal EOF if the input line was empty, but it did not delete to the right.\r\n\r\nGNU bc actually has the line editing behavior created by this patch, and thus it is further step towards GNU bc compatibility. (And IIRC, GNU bc had been in the FreeBSD base system, a few decades ago ...)",
+        "createdAt": "2022-04-29T15:55:50Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [
+          {
+            "content": "THUMBS_UP",
+            "users": {
+              "totalCount": 1
+            }
+          }
+        ],
+        "url": "https://github.com/gavinhoward/bc/pull/51#issuecomment-1113474687",
+        "viewerDidAuthor": false
+      }
+    ],
+    "commits": [
+      {
+        "authoredDate": "2022-04-28T15:30:25Z",
+        "authors": [
+          {
+            "email": "imp@FreeBSD.org",
+            "id": "MDQ6VXNlcjQxMzkwMDY=",
+            "login": "bsdimp",
+            "name": "Warner Losh"
+          }
+        ],
+        "committedDate": "2022-04-28T15:35:21Z",
+        "messageBody": "The historic gnu bc behavior was to have ^D be delete next character if\nthere were any characters in the input, or end of file if there\nweren't. This matches what emacs users expect for editing the command\nline. Implement this by assuming end of file if the input is empty, and\ndelete forward character if it isn't.\n\nSigned-off-by: Warner Losh <imp@bsdimp.com>",
+        "messageHeadline": "Emacs delete-next-character",
+        "oid": "cee56074a8fe669901e0869ee8a6e23106d1634b"
+      }
+    ],
+    "createdAt": "2022-04-28T15:35:29Z",
+    "deletions": 4,
+    "files": [
+      {
+        "path": "src/history.c",
+        "additions": 11,
+        "deletions": 4
+      }
+    ],
+    "fullDatabaseId": "922011328",
+    "headRefName": "del-forward",
+    "headRefOid": "cee56074a8fe669901e0869ee8a6e23106d1634b",
+    "headRepository": {
+      "id": "R_kgDOHQG2MA",
+      "name": "bc"
+    },
+    "headRepositoryOwner": {
+      "id": "MDQ6VXNlcjQxMzkwMDY=",
+      "name": "Warner Losh",
+      "login": "bsdimp"
+    },
+    "id": "PR_kwDOCL0xJc429MbA",
+    "isCrossRepository": true,
+    "isDraft": false,
+    "labels": [],
+    "latestReviews": [],
+    "maintainerCanModify": false,
+    "mergeCommit": {
+      "oid": "f8fa6febf7521062f0c4ecb6ca4406c91c125360"
+    },
+    "mergeStateStatus": "UNKNOWN",
+    "mergeable": "UNKNOWN",
+    "mergedAt": "2022-04-29T14:06:09Z",
+    "mergedBy": {
+      "id": "MDQ6VXNlcjMxNzI2ODc=",
+      "is_bot": false,
+      "login": "gavinhoward",
+      "name": "Gavin D. Howard"
+    },
+    "milestone": null,
+    "number": 51,
+    "potentialMergeCommit": null,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "reviewDecision": "",
+    "reviewRequests": [],
+    "reviews": [],
+    "state": "MERGED",
+    "statusCheckRollup": [],
+    "title": "Emacs delete-next-character",
+    "updatedAt": "2022-04-29T15:55:50Z",
+    "url": "https://github.com/gavinhoward/bc/pull/51"
+  },
+  {
+    "additions": 1,
+    "assignees": [],
+    "author": {
+      "id": "MDQ6VXNlcjQ2MTYwNzI3",
+      "is_bot": false,
+      "login": "firasuke",
+      "name": "Firas Khalil Khana"
+    },
+    "autoMergeRequest": null,
+    "baseRefName": "master",
+    "baseRefOid": "c3b2d28b2d615ca2b84ba398d796040348c5f13a",
+    "body": "",
+    "changedFiles": 1,
+    "closed": true,
+    "closedAt": "2021-12-26T16:59:58Z",
+    "comments": [
+      {
+        "id": "IC_kwDOCL0xJc47rUun",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Whoops! Thanks for catching.",
+        "createdAt": "2021-12-26T17:00:08Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/49#issuecomment-1001212839",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "IC_kwDOCL0xJc47rVpi",
+        "author": {
+          "login": "firasuke"
+        },
+        "authorAssociation": "CONTRIBUTOR",
+        "body": "Glad I could help!",
+        "createdAt": "2021-12-26T17:27:15Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/49#issuecomment-1001216610",
+        "viewerDidAuthor": false
+      }
+    ],
+    "commits": [
+      {
+        "authoredDate": "2021-12-26T16:30:19Z",
+        "authors": [
+          {
+            "email": "firasuke@gmail.com",
+            "id": "MDQ6VXNlcjQ2MTYwNzI3",
+            "login": "firasuke",
+            "name": "Firas Khalil Khana"
+          }
+        ],
+        "committedDate": "2021-12-26T16:30:19Z",
+        "messageBody": "",
+        "messageHeadline": "Add missing newline character",
+        "oid": "ef5412b1bc939c0dbe18c7cf523e05de8561b25f"
+      }
+    ],
+    "createdAt": "2021-12-26T16:30:26Z",
+    "deletions": 1,
+    "files": [
+      {
+        "path": "configure.sh",
+        "additions": 1,
+        "deletions": 1
+      }
+    ],
+    "fullDatabaseId": "810041419",
+    "headRefName": "patch-1",
+    "headRefOid": "ef5412b1bc939c0dbe18c7cf523e05de8561b25f",
+    "headRepository": null,
+    "headRepositoryOwner": {
+      "id": "MDQ6VXNlcjQ2MTYwNzI3",
+      "name": "Firas Khalil Khana",
+      "login": "firasuke"
+    },
+    "id": "PR_kwDOCL0xJc4wSEBL",
+    "isCrossRepository": true,
+    "isDraft": false,
+    "labels": [],
+    "latestReviews": [],
+    "maintainerCanModify": false,
+    "mergeCommit": {
+      "oid": "232a12f6870eaf8fed95c12aa33fb3dbd7df8715"
+    },
+    "mergeStateStatus": "UNKNOWN",
+    "mergeable": "UNKNOWN",
+    "mergedAt": "2021-12-26T16:59:58Z",
+    "mergedBy": {
+      "id": "MDQ6VXNlcjMxNzI2ODc=",
+      "is_bot": false,
+      "login": "gavinhoward",
+      "name": "Gavin D. Howard"
+    },
+    "milestone": null,
+    "number": 49,
+    "potentialMergeCommit": null,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "reviewDecision": "",
+    "reviewRequests": [],
+    "reviews": [],
+    "state": "MERGED",
+    "statusCheckRollup": [],
+    "title": "Add missing newline character",
+    "updatedAt": "2021-12-26T17:27:19Z",
+    "url": "https://github.com/gavinhoward/bc/pull/49"
+  },
+  {
+    "additions": 7,
+    "assignees": [],
+    "author": {
+      "id": "MDQ6VXNlcjEzNTQxNjk5",
+      "is_bot": false,
+      "login": "depler",
+      "name": ""
+    },
+    "autoMergeRequest": null,
+    "baseRefName": "master",
+    "baseRefOid": "289ad4a08981c4eaf1328ab9d16f184ee0466a34",
+    "body": "",
+    "changedFiles": 1,
+    "closed": true,
+    "closedAt": "2021-09-29T15:05:03Z",
+    "comments": [
+      {
+        "id": "IC_kwDOCL0xJc43crZP",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Looks good! Thank you!",
+        "createdAt": "2021-09-29T15:05:16Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/44#issuecomment-930264655",
+        "viewerDidAuthor": true
+      }
+    ],
+    "commits": [
+      {
+        "authoredDate": "2021-09-29T09:33:47Z",
+        "authors": [
+          {
+            "email": "depler.mv@gmail.com",
+            "id": "MDQ6VXNlcjEzNTQxNjk5",
+            "login": "depler",
+            "name": "depler"
+          }
+        ],
+        "committedDate": "2021-09-29T09:33:47Z",
+        "messageBody": "",
+        "messageHeadline": "tests_bc.bat fix",
+        "oid": "2d05fde966b12cee7e02220f1466efd7a78a56c4"
+      }
+    ],
+    "createdAt": "2021-09-29T09:34:23Z",
+    "deletions": 7,
+    "files": [
+      {
+        "path": "vs/tests/tests_bc.bat",
+        "additions": 7,
+        "deletions": 7
+      }
+    ],
+    "fullDatabaseId": "745557688",
+    "headRefName": "master",
+    "headRefOid": "2d05fde966b12cee7e02220f1466efd7a78a56c4",
+    "headRepository": null,
+    "headRepositoryOwner": {
+      "id": "MDQ6VXNlcjEzNTQxNjk5",
+      "login": "depler"
+    },
+    "id": "PR_kwDOCL0xJc4scE64",
+    "isCrossRepository": true,
+    "isDraft": false,
+    "labels": [],
+    "latestReviews": [],
+    "maintainerCanModify": false,
+    "mergeCommit": {
+      "oid": "74d55ddfc79df8adeb70cdb2fc81dc05f8bacbde"
+    },
+    "mergeStateStatus": "UNKNOWN",
+    "mergeable": "UNKNOWN",
+    "mergedAt": "2021-09-29T15:05:03Z",
+    "mergedBy": {
+      "id": "MDQ6VXNlcjMxNzI2ODc=",
+      "is_bot": false,
+      "login": "gavinhoward",
+      "name": "Gavin D. Howard"
+    },
+    "milestone": null,
+    "number": 44,
+    "potentialMergeCommit": null,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "reviewDecision": "",
+    "reviewRequests": [],
+    "reviews": [],
+    "state": "MERGED",
+    "statusCheckRollup": [],
+    "title": "tests_bc.bat fix",
+    "updatedAt": "2021-09-29T15:05:16Z",
+    "url": "https://github.com/gavinhoward/bc/pull/44"
+  },
+  {
+    "additions": 1017,
+    "assignees": [],
+    "author": {
+      "id": "MDQ6VXNlcjEzNTQxNjk5",
+      "is_bot": false,
+      "login": "depler",
+      "name": ""
+    },
+    "autoMergeRequest": null,
+    "baseRefName": "master",
+    "baseRefOid": "da29d88f70dca79c8a7e274b1cb5dee3c4bccb6f",
+    "body": "Changes:\r\n- projects moved to subfolder `vs`\r\n- projects created from scratch\r\n- fixed release configuration in executable (code optimizations enabled)\r\n- executable is statically linked (should work without any dependencies starting on Vista and newer)\r\n- library contains configurations `ReleaseMD` and  `ReleaseMT` (shared and static linkage)\r\n- added 'vs\\tests' subfolder with scripts for windows (uses original test files, see `tests_bc.bat`, `tests_dc.bat`)\r\n\r\nBy the way, did you test binaries on windows? I've found failed test for dc:\r\n\r\n```\r\nc:\\Data\\Sources\\bc\\vs\\tests>tests_dc.bat\r\nPASS: abs\r\nPASS: add\r\nPASS: arctangent\r\nPASS: arrays\r\nPASS: assignments\r\n\r\n...\r\n\r\nParse error: bad character 't'\r\n    <stdin>:2\r\n\r\nFAIL_RUNTIME: vars\r\n```\r\n",
+    "changedFiles": 15,
+    "closed": true,
+    "closedAt": "2021-09-25T21:06:56Z",
+    "comments": [
+      {
+        "id": "IC_kwDOCL0xJc43Q7BQ",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "I'm pulling this now because I made the fixes for all issues based on your code.\r\n\r\nI'm probably going to need your help still.",
+        "createdAt": "2021-09-25T21:06:52Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/38#issuecomment-927182928",
+        "viewerDidAuthor": true
+      }
+    ],
+    "commits": [
+      {
+        "authoredDate": "2021-09-24T22:42:26Z",
+        "authors": [
+          {
+            "email": "depler.mv@gmail.com",
+            "id": "MDQ6VXNlcjEzNTQxNjk5",
+            "login": "depler",
+            "name": "depler"
+          }
+        ],
+        "committedDate": "2021-09-24T22:42:26Z",
+        "messageBody": "",
+        "messageHeadline": "new bc.vcxproj, static linkage, release configuration",
+        "oid": "ae20dd7c1fedf9a7534aca4fda9783356cd15f86"
+      },
+      {
+        "authoredDate": "2021-09-25T07:07:19Z",
+        "authors": [
+          {
+            "email": "depler.mv@gmail.com",
+            "id": "MDQ6VXNlcjEzNTQxNjk5",
+            "login": "depler",
+            "name": "depler"
+          }
+        ],
+        "committedDate": "2021-09-25T07:07:19Z",
+        "messageBody": "",
+        "messageHeadline": "bcl project",
+        "oid": "1c9479c50217773732f4111e4c3dfbc7e7415c1e"
+      },
+      {
+        "authoredDate": "2021-09-25T07:15:33Z",
+        "authors": [
+          {
+            "email": "depler.mv@gmail.com",
+            "id": "MDQ6VXNlcjEzNTQxNjk5",
+            "login": "depler",
+            "name": "depler"
+          }
+        ],
+        "committedDate": "2021-09-25T07:15:33Z",
+        "messageBody": "",
+        "messageHeadline": "ReleaseMD, ReleaseMT",
+        "oid": "99a58fea193b6bcc1bec4adcd02c53522da20c86"
+      },
+      {
+        "authoredDate": "2021-09-25T07:16:06Z",
+        "authors": [
+          {
+            "email": "depler.mv@gmail.com",
+            "id": "MDQ6VXNlcjEzNTQxNjk5",
+            "login": "depler",
+            "name": "depler"
+          }
+        ],
+        "committedDate": "2021-09-25T07:16:06Z",
+        "messageBody": "",
+        "messageHeadline": "cleanup",
+        "oid": "2230f31c8d4d53223a1dc13b0b399e374e57999f"
+      },
+      {
+        "authoredDate": "2021-09-25T07:20:11Z",
+        "authors": [
+          {
+            "email": "depler.mv@gmail.com",
+            "id": "MDQ6VXNlcjEzNTQxNjk5",
+            "login": "depler",
+            "name": "depler"
+          }
+        ],
+        "committedDate": "2021-09-25T07:20:11Z",
+        "messageBody": "",
+        "messageHeadline": "fix",
+        "oid": "0a08c1a2d382fdf1406eecfc6669d8279810c51a"
+      },
+      {
+        "authoredDate": "2021-09-25T10:48:31Z",
+        "authors": [
+          {
+            "email": "depler.mv@gmail.com",
+            "id": "MDQ6VXNlcjEzNTQxNjk5",
+            "login": "depler",
+            "name": "depler"
+          }
+        ],
+        "committedDate": "2021-09-25T10:48:31Z",
+        "messageBody": "",
+        "messageHeadline": "windows tests",
+        "oid": "2aaf6a7c624b441346200126504e713e1e324553"
+      }
+    ],
+    "createdAt": "2021-09-25T07:27:03Z",
+    "deletions": 760,
+    "files": [
+      {
+        "path": "bc.vcxproj",
+        "additions": 0,
+        "deletions": 278
+      },
+      {
+        "path": "bc.vcxproj.filters",
+        "additions": 0,
+        "deletions": 182
+      },
+      {
+        "path": "bcl.sln",
+        "additions": 0,
+        "deletions": 31
+      },
+      {
+        "path": "bcl.vcxproj",
+        "additions": 0,
+        "deletions": 161
+      },
+      {
+        "path": "bcl.vcxproj.filters",
+        "additions": 0,
+        "deletions": 96
+      },
+      {
+        "path": "src/program.c",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "vs/.gitignore",
+        "additions": 7,
+        "deletions": 0
+      },
+      {
+        "path": "vs/bc.sln",
+        "additions": 11,
+        "deletions": 11
+      },
+      {
+        "path": "vs/bc.vcxproj",
+        "additions": 298,
+        "deletions": 0
+      },
+      {
+        "path": "vs/bc.vcxproj.filters",
+        "additions": 173,
+        "deletions": 0
+      },
+      {
+        "path": "vs/bcl.sln",
+        "additions": 37,
+        "deletions": 0
+      },
+      {
+        "path": "vs/bcl.vcxproj",
+        "additions": 259,
+        "deletions": 0
+      },
+      {
+        "path": "vs/bcl.vcxproj.filters",
+        "additions": 90,
+        "deletions": 0
+      },
+      {
+        "path": "vs/tests/tests_bc.bat",
+        "additions": 81,
+        "deletions": 0
+      },
+      {
+        "path": "vs/tests/tests_dc.bat",
+        "additions": 60,
+        "deletions": 0
+      }
+    ],
+    "fullDatabaseId": "742640199",
+    "headRefName": "master",
+    "headRefOid": "2aaf6a7c624b441346200126504e713e1e324553",
+    "headRepository": null,
+    "headRepositoryOwner": {
+      "id": "MDQ6VXNlcjEzNTQxNjk5",
+      "login": "depler"
+    },
+    "id": "PR_kwDOCL0xJc4sQ8pH",
+    "isCrossRepository": true,
+    "isDraft": false,
+    "labels": [],
+    "latestReviews": [],
+    "maintainerCanModify": false,
+    "mergeCommit": {
+      "oid": "d3793fa5a17c198482baeee027464b98a3869270"
+    },
+    "mergeStateStatus": "UNKNOWN",
+    "mergeable": "UNKNOWN",
+    "mergedAt": "2021-09-25T21:06:56Z",
+    "mergedBy": {
+      "id": "MDQ6VXNlcjMxNzI2ODc=",
+      "is_bot": false,
+      "login": "gavinhoward",
+      "name": "Gavin D. Howard"
+    },
+    "milestone": null,
+    "number": 38,
+    "potentialMergeCommit": null,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "reviewDecision": "",
+    "reviewRequests": [],
+    "reviews": [],
+    "state": "MERGED",
+    "statusCheckRollup": [],
+    "title": "Visual Studio projects refactoring",
+    "updatedAt": "2021-09-25T21:06:56Z",
+    "url": "https://github.com/gavinhoward/bc/pull/38"
+  },
+  {
+    "additions": 1,
+    "assignees": [],
+    "author": {
+      "id": "MDQ6VXNlcjM4ODMzNTE=",
+      "is_bot": false,
+      "login": "ibara",
+      "name": "Brian Callahan"
+    },
+    "autoMergeRequest": null,
+    "baseRefName": "master",
+    "baseRefOid": "3317fc9138148ac48beb4886206be45ebac2a838",
+    "body": "on => one",
+    "changedFiles": 1,
+    "closed": true,
+    "closedAt": "2020-03-11T17:36:56Z",
+    "comments": [
+      {
+        "id": "MDEyOklzc3VlQ29tbWVudDU5NzcwNjM0Nw==",
+        "author": {
+          "login": "codecov"
+        },
+        "authorAssociation": "NONE",
+        "body": "# [Codecov](https://codecov.io/gh/gavinhoward/bc/pull/28?src=pr&el=h1) Report\n> Merging [#28](https://codecov.io/gh/gavinhoward/bc/pull/28?src=pr&el=desc) into [master](https://codecov.io/gh/gavinhoward/bc/commit/3317fc9138148ac48beb4886206be45ebac2a838&el=desc) will **not change** coverage by `%`.\n> The diff coverage is `n/a`.\n\n[![Impacted file tree graph](https://codecov.io/gh/gavinhoward/bc/pull/28/graphs/tree.svg?width=650&height=150&src=pr&token=7VDYTvCBQX)](https://codecov.io/gh/gavinhoward/bc/pull/28?src=pr&el=tree)\n\n```diff\n@@           Coverage Diff           @@\n##           master      #28   +/-   ##\n=======================================\n  Coverage   99.65%   99.65%           \n=======================================\n  Files          16       16           \n  Lines        3497     3497           \n=======================================\n  Hits         3485     3485           \n  Misses         12       12           \n```\n\n\n\n------\n\n[Continue to review full report at Codecov](https://codecov.io/gh/gavinhoward/bc/pull/28?src=pr&el=continue).\n> **Legend** - [Click here to learn more](https://docs.codecov.io/docs/codecov-delta)\n> `Δ = absolute <relative> (impact)`, `ø = not affected`, `? = missing data`\n> Powered by [Codecov](https://codecov.io/gh/gavinhoward/bc/pull/28?src=pr&el=footer). Last update [3317fc9...24c93ff](https://codecov.io/gh/gavinhoward/bc/pull/28?src=pr&el=lastupdated). Read the [comment docs](https://docs.codecov.io/docs/pull-request-comments).\n",
+        "createdAt": "2020-03-11T15:39:52Z",
+        "includesCreatedEdit": true,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/28#issuecomment-597706347",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "MDEyOklzc3VlQ29tbWVudDU5Nzc3MTUwMw==",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Thank you! Merged.",
+        "createdAt": "2020-03-11T17:39:45Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/28#issuecomment-597771503",
+        "viewerDidAuthor": true
+      }
+    ],
+    "commits": [
+      {
+        "authoredDate": "2020-03-11T15:37:45Z",
+        "authors": [
+          {
+            "email": "ibara@users.noreply.github.com",
+            "id": "MDQ6VXNlcjM4ODMzNTE=",
+            "login": "ibara",
+            "name": "Brian Callahan"
+          }
+        ],
+        "committedDate": "2020-03-11T15:37:45Z",
+        "messageBody": "on => one",
+        "messageHeadline": "Fix a typo in build.md",
+        "oid": "24c93ffc52bfcae55f3b694e9684b49a105834e7"
+      }
+    ],
+    "createdAt": "2020-03-11T15:37:54Z",
+    "deletions": 1,
+    "files": [
+      {
+        "path": "manuals/build.md",
+        "additions": 1,
+        "deletions": 1
+      }
+    ],
+    "fullDatabaseId": "386765314",
+    "headRefName": "patch-1",
+    "headRefOid": "24c93ffc52bfcae55f3b694e9684b49a105834e7",
+    "headRepository": null,
+    "headRepositoryOwner": {
+      "id": "MDQ6VXNlcjM4ODMzNTE=",
+      "name": "Brian Callahan",
+      "login": "ibara"
+    },
+    "id": "MDExOlB1bGxSZXF1ZXN0Mzg2NzY1MzE0",
+    "isCrossRepository": true,
+    "isDraft": false,
+    "labels": [],
+    "latestReviews": [],
+    "maintainerCanModify": false,
+    "mergeCommit": {
+      "oid": "725f14b41767d34e6be02fa07dc2db659fa55b02"
+    },
+    "mergeStateStatus": "UNKNOWN",
+    "mergeable": "UNKNOWN",
+    "mergedAt": "2020-03-11T17:36:56Z",
+    "mergedBy": {
+      "id": "MDQ6VXNlcjMxNzI2ODc=",
+      "is_bot": false,
+      "login": "gavinhoward",
+      "name": "Gavin D. Howard"
+    },
+    "milestone": null,
+    "number": 28,
+    "potentialMergeCommit": null,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "reviewDecision": "",
+    "reviewRequests": [],
+    "reviews": [],
+    "state": "MERGED",
+    "statusCheckRollup": [],
+    "title": "Fix a typo in build.md",
+    "updatedAt": "2020-03-11T18:18:12Z",
+    "url": "https://github.com/gavinhoward/bc/pull/28"
+  },
+  {
+    "additions": 86,
+    "assignees": [],
+    "author": {
+      "id": "MDQ6VXNlcjMwOTE2NjEz",
+      "is_bot": false,
+      "login": "zv-io",
+      "name": ""
+    },
+    "autoMergeRequest": null,
+    "baseRefName": "master",
+    "baseRefOid": "358951d4fa58db3077a5675a6547c44e41101de9",
+    "body": "This series addresses some bugs found on Solaris as discussed with the author in IRC earlier today. The following systems have been \"loosely\" tested to compile and pass the non-external-`bc` test suite:\r\n\r\n* Solaris 10 [sun4u] (GCC `5.5.0`) in both 32- and 64- bit modes;\r\n* Solaris 11 [sun4v] (GCC `4.8.2` and `7.5.0`) in both 32- and 64- bit modes;\r\n\r\nNote: Solaris 10 requires aliasing to a POSIX-compliant shell (e.g. `/usr/xpg4/bin/sh`) or modifying the top of any scripts citing `/bin/sh` to this value.",
+    "changedFiles": 62,
+    "closed": true,
+    "closedAt": "2020-01-15T22:33:33Z",
+    "comments": [
+      {
+        "id": "MDEyOklzc3VlQ29tbWVudDU3NDQ5NzI3Mw==",
+        "author": {
+          "login": "codecov"
+        },
+        "authorAssociation": "NONE",
+        "body": "# [Codecov](https://codecov.io/gh/gavinhoward/bc/pull/27?src=pr&el=h1) Report\n> Merging [#27](https://codecov.io/gh/gavinhoward/bc/pull/27?src=pr&el=desc) into [master](https://codecov.io/gh/gavinhoward/bc/commit/358951d4fa58db3077a5675a6547c44e41101de9?src=pr&el=desc) will **not change** coverage.\n> The diff coverage is `n/a`.\n\n[![Impacted file tree graph](https://codecov.io/gh/gavinhoward/bc/pull/27/graphs/tree.svg?width=650&token=7VDYTvCBQX&height=150&src=pr)](https://codecov.io/gh/gavinhoward/bc/pull/27?src=pr&el=tree)\n\n```diff\n@@           Coverage Diff           @@\n##           master      #27   +/-   ##\n=======================================\n  Coverage   99.65%   99.65%           \n=======================================\n  Files          16       16           \n  Lines        3496     3496           \n=======================================\n  Hits         3484     3484           \n  Misses         12       12\n```\n\n\n| [Impacted Files](https://codecov.io/gh/gavinhoward/bc/pull/27?src=pr&el=tree) | Coverage Δ | |\n|---|---|---|\n| [src/bc/parse.c](https://codecov.io/gh/gavinhoward/bc/pull/27/diff?src=pr&el=tree#diff-c3JjL2JjL3BhcnNlLmM=) | `100% <ø> (ø)` | :arrow_up: |\n| [src/parse.c](https://codecov.io/gh/gavinhoward/bc/pull/27/diff?src=pr&el=tree#diff-c3JjL3BhcnNlLmM=) | `100% <ø> (ø)` | :arrow_up: |\n| [src/read.c](https://codecov.io/gh/gavinhoward/bc/pull/27/diff?src=pr&el=tree#diff-c3JjL3JlYWQuYw==) | `100% <ø> (ø)` | :arrow_up: |\n| [src/vm.c](https://codecov.io/gh/gavinhoward/bc/pull/27/diff?src=pr&el=tree#diff-c3JjL3ZtLmM=) | `99.59% <ø> (ø)` | :arrow_up: |\n| [src/main.c](https://codecov.io/gh/gavinhoward/bc/pull/27/diff?src=pr&el=tree#diff-c3JjL21haW4uYw==) | `100% <ø> (ø)` | :arrow_up: |\n| [src/num.c](https://codecov.io/gh/gavinhoward/bc/pull/27/diff?src=pr&el=tree#diff-c3JjL251bS5j) | `99.41% <ø> (ø)` | :arrow_up: |\n| [src/lex.c](https://codecov.io/gh/gavinhoward/bc/pull/27/diff?src=pr&el=tree#diff-c3JjL2xleC5j) | `100% <ø> (ø)` | :arrow_up: |\n| [src/bc/bc.c](https://codecov.io/gh/gavinhoward/bc/pull/27/diff?src=pr&el=tree#diff-c3JjL2JjL2JjLmM=) | `100% <ø> (ø)` | :arrow_up: |\n| [src/bc/lex.c](https://codecov.io/gh/gavinhoward/bc/pull/27/diff?src=pr&el=tree#diff-c3JjL2JjL2xleC5j) | `100% <ø> (ø)` | :arrow_up: |\n| [src/lang.c](https://codecov.io/gh/gavinhoward/bc/pull/27/diff?src=pr&el=tree#diff-c3JjL2xhbmcuYw==) | `97.33% <ø> (ø)` | :arrow_up: |\n| ... and [6 more](https://codecov.io/gh/gavinhoward/bc/pull/27/diff?src=pr&el=tree-more) | |\n\n------\n\n[Continue to review full report at Codecov](https://codecov.io/gh/gavinhoward/bc/pull/27?src=pr&el=continue).\n> **Legend** - [Click here to learn more](https://docs.codecov.io/docs/codecov-delta)\n> `Δ = absolute <relative> (impact)`, `ø = not affected`, `? = missing data`\n> Powered by [Codecov](https://codecov.io/gh/gavinhoward/bc/pull/27?src=pr&el=footer). Last update [358951d...a756285](https://codecov.io/gh/gavinhoward/bc/pull/27?src=pr&el=lastupdated). Read the [comment docs](https://docs.codecov.io/docs/pull-request-comments).\n",
+        "createdAt": "2020-01-15T05:02:18Z",
+        "includesCreatedEdit": true,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/27#issuecomment-574497273",
+        "viewerDidAuthor": false
+      }
+    ],
+    "commits": [
+      {
+        "authoredDate": "2020-01-14T21:56:45Z",
+        "authors": [
+          {
+            "email": "me@zv.io",
+            "id": "MDQ6VXNlcjMwOTE2NjEz",
+            "login": "zv-io",
+            "name": "Zach van Rijn"
+          }
+        ],
+        "committedDate": "2020-01-14T22:17:19Z",
+        "messageBody": "",
+        "messageHeadline": "Fix bug caused by inconsistent preservation of line endings by 'sed'.",
+        "oid": "d3b3813c94d6553caad61752dd7ac99dd860e20c"
+      },
+      {
+        "authoredDate": "2020-01-14T22:03:42Z",
+        "authors": [
+          {
+            "email": "me@zv.io",
+            "id": "MDQ6VXNlcjMwOTE2NjEz",
+            "login": "zv-io",
+            "name": "Zach van Rijn"
+          }
+        ],
+        "committedDate": "2020-01-14T22:17:26Z",
+        "messageBody": "…'ls' command. Improve robustness of test conditions.",
+        "messageHeadline": "Switch from POSIX 2008 --> 2001 build flags. Remove use of dangerous …",
+        "oid": "72238e589bf7e8cb6a9bb380f367c1a5edcc8b82"
+      },
+      {
+        "authoredDate": "2020-01-14T22:05:02Z",
+        "authors": [
+          {
+            "email": "me@zv.io",
+            "id": "MDQ6VXNlcjMwOTE2NjEz",
+            "login": "zv-io",
+            "name": "Zach van Rijn"
+          }
+        ],
+        "committedDate": "2020-01-14T22:17:27Z",
+        "messageBody": "",
+        "messageHeadline": "Update copyright year 2019 --> 2020.",
+        "oid": "eb34ee5e9d5607c08e7080d9c44e03d393756493"
+      },
+      {
+        "authoredDate": "2020-01-14T22:24:01Z",
+        "authors": [
+          {
+            "email": "me@zv.io",
+            "id": "MDQ6VXNlcjMwOTE2NjEz",
+            "login": "zv-io",
+            "name": "Zach van Rijn"
+          }
+        ],
+        "committedDate": "2020-01-14T22:24:01Z",
+        "messageBody": "…sions.",
+        "messageHeadline": "Explicit '-std=c99' to avoid ambiguity across different compilers/ver…",
+        "oid": "a38469fd93c20d1de3f972c982de3c234000116a"
+      },
+      {
+        "authoredDate": "2020-01-14T22:57:04Z",
+        "authors": [
+          {
+            "email": "me@zv.io",
+            "id": "MDQ6VXNlcjMwOTE2NjEz",
+            "login": "zv-io",
+            "name": "Zach van Rijn"
+          }
+        ],
+        "committedDate": "2020-01-14T22:59:48Z",
+        "messageBody": "",
+        "messageHeadline": "Update documentation and prepare for release.",
+        "oid": "f022d5dedc841bb1d23fa2e03fdc97a639de700d"
+      },
+      {
+        "authoredDate": "2020-01-15T13:56:00Z",
+        "authors": [
+          {
+            "email": "me@zv.io",
+            "id": "MDQ6VXNlcjMwOTE2NjEz",
+            "login": "zv-io",
+            "name": "Zach van Rijn"
+          }
+        ],
+        "committedDate": "2020-01-15T13:56:00Z",
+        "messageBody": "…lers/versions.\"\n\nThis reverts commit a38469fd93c20d1de3f972c982de3c234000116a.",
+        "messageHeadline": "Revert \"Explicit '-std=c99' to avoid ambiguity across different compi…",
+        "oid": "8b83e334177701cd2c05fd10090a1f582bd7e9f8"
+      },
+      {
+        "authoredDate": "2020-01-15T13:57:24Z",
+        "authors": [
+          {
+            "email": "me@zv.io",
+            "id": "MDQ6VXNlcjMwOTE2NjEz",
+            "login": "zv-io",
+            "name": "Zach van Rijn"
+          }
+        ],
+        "committedDate": "2020-01-15T13:57:24Z",
+        "messageBody": "",
+        "messageHeadline": "Comply with versioning policy as per author feedback in PR 27.",
+        "oid": "a756285f60b2139fc629c3edf230c8b1f9a875ed"
+      }
+    ],
+    "createdAt": "2020-01-15T04:59:12Z",
+    "deletions": 79,
+    "files": [
+      {
+        "path": "Makefile.in",
+        "additions": 3,
+        "deletions": 3
+      },
+      {
+        "path": "NEWS.md",
+        "additions": 6,
+        "deletions": 0
+      },
+      {
+        "path": "README.md",
+        "additions": 3,
+        "deletions": 2
+      },
+      {
+        "path": "configure.sh",
+        "additions": 12,
+        "deletions": 12
+      },
+      {
+        "path": "functions.sh",
+        "additions": 3,
+        "deletions": 3
+      },
+      {
+        "path": "gen/bc_help.txt",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "gen/dc_help.txt",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "gen/lib.bc",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "gen/lib2.bc",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "gen/strgen.c",
+        "additions": 2,
+        "deletions": 2
+      },
+      {
+        "path": "include/args.h",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "include/bc.h",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "include/dc.h",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "include/history.h",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "include/lang.h",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "include/lex.h",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "include/num.h",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "include/parse.h",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "include/program.h",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "include/read.h",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "include/status.h",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "include/vector.h",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "include/vm.h",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "install.sh",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "karatsuba.py",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "link.sh",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "locale_install.sh",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "locale_uninstall.sh",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "locales/en_US.msg",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "locales/fr_FR.ISO8859-1.msg",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "locales/fr_FR.UTF-8.msg",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "locales/pt_PT.ISO-8859-1.msg",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "locales/pt_PT.UTF-8.msg",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "release.sh",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "src/args.c",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "src/bc/bc.c",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "src/bc/lex.c",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "src/bc/parse.c",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "src/data.c",
+        "additions": 2,
+        "deletions": 2
+      },
+      {
+        "path": "src/dc/dc.c",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "src/dc/lex.c",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "src/dc/parse.c",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "src/history/history.c",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "src/lang.c",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "src/lex.c",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "src/main.c",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "src/num.c",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "src/parse.c",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "src/program.c",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "src/read.c",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "src/vector.c",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "src/vm.c",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "tests/afl.py",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "tests/all.sh",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "tests/bc/timeconst.sh",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "tests/errors.sh",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "tests/randmath.py",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "tests/read.sh",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "tests/script.sh",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "tests/scripts.sh",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "tests/stdin.sh",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "tests/test.sh",
+        "additions": 1,
+        "deletions": 1
+      }
+    ],
+    "fullDatabaseId": "362957298",
+    "headRefName": "master",
+    "headRefOid": "a756285f60b2139fc629c3edf230c8b1f9a875ed",
+    "headRepository": null,
+    "headRepositoryOwner": {
+      "id": "MDQ6VXNlcjMwOTE2NjEz",
+      "login": "zv-io"
+    },
+    "id": "MDExOlB1bGxSZXF1ZXN0MzYyOTU3Mjk4",
+    "isCrossRepository": true,
+    "isDraft": false,
+    "labels": [],
+    "latestReviews": [
+      {
+        "id": "",
+        "author": {
+          "login": "michaelforney"
+        },
+        "authorAssociation": "CONTRIBUTOR",
+        "body": "",
+        "submittedAt": "2020-01-15T06:00:48Z",
+        "includesCreatedEdit": false,
+        "reactionGroups": [],
+        "state": "COMMENTED",
+        "commit": {
+          "oid": ""
+        }
+      },
+      {
+        "id": "",
+        "author": {
+          "login": "ibara"
+        },
+        "authorAssociation": "CONTRIBUTOR",
+        "body": "",
+        "submittedAt": "2020-01-15T20:20:03Z",
+        "includesCreatedEdit": false,
+        "reactionGroups": [],
+        "state": "COMMENTED",
+        "commit": {
+          "oid": ""
+        }
+      },
+      {
+        "id": "",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "",
+        "submittedAt": "2020-01-15T22:33:19Z",
+        "includesCreatedEdit": false,
+        "reactionGroups": [],
+        "state": "APPROVED",
+        "commit": {
+          "oid": ""
+        }
+      }
+    ],
+    "maintainerCanModify": false,
+    "mergeCommit": {
+      "oid": "063a155d1ee6c68bfba37733777ad1331810fdf1"
+    },
+    "mergeStateStatus": "UNKNOWN",
+    "mergeable": "UNKNOWN",
+    "mergedAt": "2020-01-15T22:33:33Z",
+    "mergedBy": {
+      "id": "MDQ6VXNlcjMxNzI2ODc=",
+      "is_bot": false,
+      "login": "gavinhoward",
+      "name": "Gavin D. Howard"
+    },
+    "milestone": null,
+    "number": 27,
+    "potentialMergeCommit": null,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "reviewDecision": "APPROVED",
+    "reviewRequests": [],
+    "reviews": [
+      {
+        "id": "MDE3OlB1bGxSZXF1ZXN0UmV2aWV3MzQyOTk0NDA3",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Thank you for this PR! Unfortunately, it needs some work before I can accept it. See reviews below.",
+        "submittedAt": "2020-01-15T05:32:13Z",
+        "includesCreatedEdit": false,
+        "reactionGroups": [],
+        "state": "CHANGES_REQUESTED",
+        "commit": {
+          "oid": "d3b3813c94d6553caad61752dd7ac99dd860e20c"
+        }
+      },
+      {
+        "id": "MDE3OlB1bGxSZXF1ZXN0UmV2aWV3MzQzMDAyMDEx",
+        "author": {
+          "login": "michaelforney"
+        },
+        "authorAssociation": "CONTRIBUTOR",
+        "body": "",
+        "submittedAt": "2020-01-15T06:00:48Z",
+        "includesCreatedEdit": false,
+        "reactionGroups": [],
+        "state": "COMMENTED",
+        "commit": {
+          "oid": "f022d5dedc841bb1d23fa2e03fdc97a639de700d"
+        }
+      },
+      {
+        "id": "MDE3OlB1bGxSZXF1ZXN0UmV2aWV3MzQzMDAyNTYx",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "",
+        "submittedAt": "2020-01-15T06:02:59Z",
+        "includesCreatedEdit": false,
+        "reactionGroups": [],
+        "state": "COMMENTED",
+        "commit": {
+          "oid": "f022d5dedc841bb1d23fa2e03fdc97a639de700d"
+        }
+      },
+      {
+        "id": "MDE3OlB1bGxSZXF1ZXN0UmV2aWV3MzQzMDEwNjM1",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "",
+        "submittedAt": "2020-01-15T06:34:47Z",
+        "includesCreatedEdit": false,
+        "reactionGroups": [],
+        "state": "COMMENTED",
+        "commit": {
+          "oid": "f022d5dedc841bb1d23fa2e03fdc97a639de700d"
+        }
+      },
+      {
+        "id": "MDE3OlB1bGxSZXF1ZXN0UmV2aWV3MzQzMjM5MTU3",
+        "author": {
+          "login": "zv-io"
+        },
+        "authorAssociation": "CONTRIBUTOR",
+        "body": "",
+        "submittedAt": "2020-01-15T14:04:17Z",
+        "includesCreatedEdit": false,
+        "reactionGroups": [],
+        "state": "COMMENTED",
+        "commit": {
+          "oid": "f022d5dedc841bb1d23fa2e03fdc97a639de700d"
+        }
+      },
+      {
+        "id": "MDE3OlB1bGxSZXF1ZXN0UmV2aWV3MzQzMjQ0ODg5",
+        "author": {
+          "login": "zv-io"
+        },
+        "authorAssociation": "CONTRIBUTOR",
+        "body": "",
+        "submittedAt": "2020-01-15T14:12:43Z",
+        "includesCreatedEdit": false,
+        "reactionGroups": [],
+        "state": "COMMENTED",
+        "commit": {
+          "oid": "f022d5dedc841bb1d23fa2e03fdc97a639de700d"
+        }
+      },
+      {
+        "id": "MDE3OlB1bGxSZXF1ZXN0UmV2aWV3MzQzMjU1NTQ0",
+        "author": {
+          "login": "zv-io"
+        },
+        "authorAssociation": "CONTRIBUTOR",
+        "body": "",
+        "submittedAt": "2020-01-15T14:27:10Z",
+        "includesCreatedEdit": false,
+        "reactionGroups": [],
+        "state": "COMMENTED",
+        "commit": {
+          "oid": "f022d5dedc841bb1d23fa2e03fdc97a639de700d"
+        }
+      },
+      {
+        "id": "MDE3OlB1bGxSZXF1ZXN0UmV2aWV3MzQzMjU2MjE0",
+        "author": {
+          "login": "zv-io"
+        },
+        "authorAssociation": "CONTRIBUTOR",
+        "body": "",
+        "submittedAt": "2020-01-15T14:28:02Z",
+        "includesCreatedEdit": false,
+        "reactionGroups": [],
+        "state": "COMMENTED",
+        "commit": {
+          "oid": "f022d5dedc841bb1d23fa2e03fdc97a639de700d"
+        }
+      },
+      {
+        "id": "MDE3OlB1bGxSZXF1ZXN0UmV2aWV3MzQzMjczNTgx",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "",
+        "submittedAt": "2020-01-15T14:50:50Z",
+        "includesCreatedEdit": false,
+        "reactionGroups": [],
+        "state": "COMMENTED",
+        "commit": {
+          "oid": "f022d5dedc841bb1d23fa2e03fdc97a639de700d"
+        }
+      },
+      {
+        "id": "MDE3OlB1bGxSZXF1ZXN0UmV2aWV3MzQzMjc3MTQ4",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "",
+        "submittedAt": "2020-01-15T14:55:18Z",
+        "includesCreatedEdit": false,
+        "reactionGroups": [],
+        "state": "COMMENTED",
+        "commit": {
+          "oid": "f022d5dedc841bb1d23fa2e03fdc97a639de700d"
+        }
+      },
+      {
+        "id": "MDE3OlB1bGxSZXF1ZXN0UmV2aWV3MzQzNDk1MzQ1",
+        "author": {
+          "login": "ibara"
+        },
+        "authorAssociation": "CONTRIBUTOR",
+        "body": "",
+        "submittedAt": "2020-01-15T20:20:03Z",
+        "includesCreatedEdit": false,
+        "reactionGroups": [],
+        "state": "COMMENTED",
+        "commit": {
+          "oid": "a756285f60b2139fc629c3edf230c8b1f9a875ed"
+        }
+      },
+      {
+        "id": "MDE3OlB1bGxSZXF1ZXN0UmV2aWV3MzQzNDk5ODcx",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "",
+        "submittedAt": "2020-01-15T20:28:14Z",
+        "includesCreatedEdit": false,
+        "reactionGroups": [],
+        "state": "COMMENTED",
+        "commit": {
+          "oid": "a756285f60b2139fc629c3edf230c8b1f9a875ed"
+        }
+      },
+      {
+        "id": "MDE3OlB1bGxSZXF1ZXN0UmV2aWV3MzQzNTY3ODE3",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "",
+        "submittedAt": "2020-01-15T22:33:01Z",
+        "includesCreatedEdit": false,
+        "reactionGroups": [],
+        "state": "COMMENTED",
+        "commit": {
+          "oid": "a756285f60b2139fc629c3edf230c8b1f9a875ed"
+        }
+      },
+      {
+        "id": "MDE3OlB1bGxSZXF1ZXN0UmV2aWV3MzQzNTY3OTcx",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "",
+        "submittedAt": "2020-01-15T22:33:19Z",
+        "includesCreatedEdit": false,
+        "reactionGroups": [],
+        "state": "APPROVED",
+        "commit": {
+          "oid": "a756285f60b2139fc629c3edf230c8b1f9a875ed"
+        }
+      }
+    ],
+    "state": "MERGED",
+    "statusCheckRollup": [],
+    "title": "Improve portability, enable build on Solaris SPARC.",
+    "updatedAt": "2020-01-15T22:33:33Z",
+    "url": "https://github.com/gavinhoward/bc/pull/27"
+  },
+  {
+    "additions": 218,
+    "assignees": [],
+    "author": {
+      "id": "MDQ6VXNlcjM5NzU3OTY3",
+      "is_bot": false,
+      "login": "bugcrazy",
+      "name": ""
+    },
+    "autoMergeRequest": null,
+    "baseRefName": "master",
+    "baseRefOid": "39b0dc440325511db730ad8fbd7012ba6f3f4b4d",
+    "body": "Portuguese Translations pt_PT and pt_BR",
+    "changedFiles": 8,
+    "closed": true,
+    "closedAt": "2020-01-14T15:08:19Z",
+    "comments": [
+      {
+        "id": "MDEyOklzc3VlQ29tbWVudDU3NDAyODE2Nw==",
+        "author": {
+          "login": "codecov"
+        },
+        "authorAssociation": "NONE",
+        "body": "# [Codecov](https://codecov.io/gh/gavinhoward/bc/pull/26?src=pr&el=h1) Report\n> Merging [#26](https://codecov.io/gh/gavinhoward/bc/pull/26?src=pr&el=desc) into [master](https://codecov.io/gh/gavinhoward/bc/commit/39b0dc440325511db730ad8fbd7012ba6f3f4b4d?src=pr&el=desc) will **not change** coverage.\n> The diff coverage is `n/a`.\n\n[![Impacted file tree graph](https://codecov.io/gh/gavinhoward/bc/pull/26/graphs/tree.svg?width=650&token=7VDYTvCBQX&height=150&src=pr)](https://codecov.io/gh/gavinhoward/bc/pull/26?src=pr&el=tree)\n\n```diff\n@@           Coverage Diff           @@\n##           master      #26   +/-   ##\n=======================================\n  Coverage   99.65%   99.65%           \n=======================================\n  Files          16       16           \n  Lines        3496     3496           \n=======================================\n  Hits         3484     3484           \n  Misses         12       12\n```\n\n\n\n------\n\n[Continue to review full report at Codecov](https://codecov.io/gh/gavinhoward/bc/pull/26?src=pr&el=continue).\n> **Legend** - [Click here to learn more](https://docs.codecov.io/docs/codecov-delta)\n> `Δ = absolute <relative> (impact)`, `ø = not affected`, `? = missing data`\n> Powered by [Codecov](https://codecov.io/gh/gavinhoward/bc/pull/26?src=pr&el=footer). Last update [39b0dc4...2572333](https://codecov.io/gh/gavinhoward/bc/pull/26?src=pr&el=lastupdated). Read the [comment docs](https://docs.codecov.io/docs/pull-request-comments).\n",
+        "createdAt": "2020-01-14T06:43:10Z",
+        "includesCreatedEdit": true,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/26#issuecomment-574028167",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "MDEyOklzc3VlQ29tbWVudDU3NDIxOTEzMg==",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Thank you for your translations! They look good. Release of Version `2.5.0` with the translations will happen in a few minutes.",
+        "createdAt": "2020-01-14T15:09:22Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/26#issuecomment-574219132",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "MDEyOklzc3VlQ29tbWVudDU3NDIyMzU0Mw==",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Version `2.5.0` is out with your translations. Thank you!",
+        "createdAt": "2020-01-14T15:17:19Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [
+          {
+            "content": "THUMBS_UP",
+            "users": {
+              "totalCount": 1
+            }
+          }
+        ],
+        "url": "https://github.com/gavinhoward/bc/pull/26#issuecomment-574223543",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "MDEyOklzc3VlQ29tbWVudDU3NDI0MTA2Mw==",
+        "author": {
+          "login": "bugcrazy"
+        },
+        "authorAssociation": "CONTRIBUTOR",
+        "body": "Thank you!",
+        "createdAt": "2020-01-14T15:52:18Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/26#issuecomment-574241063",
+        "viewerDidAuthor": false
+      }
+    ],
+    "commits": [
+      {
+        "authoredDate": "2020-01-14T06:32:59Z",
+        "authors": [
+          {
+            "email": "39757967+bugcrazy@users.noreply.github.com",
+            "id": "MDQ6VXNlcjM5NzU3OTY3",
+            "login": "bugcrazy",
+            "name": "bugcrazy"
+          }
+        ],
+        "committedDate": "2020-01-14T06:32:59Z",
+        "messageBody": "Portuguese Translations pt_PT and pt_BR",
+        "messageHeadline": "Portuguese Translations",
+        "oid": "25723337b998ced4976dc5beae8717d81056dc5f"
+      }
+    ],
+    "createdAt": "2020-01-14T06:40:25Z",
+    "deletions": 0,
+    "files": [
+      {
+        "path": "locales/pt_BR.ISO-8859-1.msg",
+        "additions": 1,
+        "deletions": 0
+      },
+      {
+        "path": "locales/pt_BR.ISO-8859-15.msg",
+        "additions": 1,
+        "deletions": 0
+      },
+      {
+        "path": "locales/pt_BR.UTF-8.msg",
+        "additions": 1,
+        "deletions": 0
+      },
+      {
+        "path": "locales/pt_BR.utf8.msg",
+        "additions": 1,
+        "deletions": 0
+      },
+      {
+        "path": "locales/pt_PT.ISO-8859-1.msg",
+        "additions": 106,
+        "deletions": 0
+      },
+      {
+        "path": "locales/pt_PT.ISO-8859-15.msg",
+        "additions": 1,
+        "deletions": 0
+      },
+      {
+        "path": "locales/pt_PT.UTF-8.msg",
+        "additions": 106,
+        "deletions": 0
+      },
+      {
+        "path": "locales/pt_PT.utf8.msg",
+        "additions": 1,
+        "deletions": 0
+      }
+    ],
+    "fullDatabaseId": "362470901",
+    "headRefName": "master",
+    "headRefOid": "25723337b998ced4976dc5beae8717d81056dc5f",
+    "headRepository": {
+      "id": "MDEwOlJlcG9zaXRvcnkyMzM3NjI4NjY=",
+      "name": "bc"
+    },
+    "headRepositoryOwner": {
+      "id": "MDQ6VXNlcjM5NzU3OTY3",
+      "login": "bugcrazy"
+    },
+    "id": "MDExOlB1bGxSZXF1ZXN0MzYyNDcwOTAx",
+    "isCrossRepository": true,
+    "isDraft": false,
+    "labels": [],
+    "latestReviews": [],
+    "maintainerCanModify": false,
+    "mergeCommit": {
+      "oid": "c322c80e62415e69c8d65c69904a0e1ea37f4da3"
+    },
+    "mergeStateStatus": "UNKNOWN",
+    "mergeable": "UNKNOWN",
+    "mergedAt": "2020-01-14T15:08:19Z",
+    "mergedBy": {
+      "id": "MDQ6VXNlcjMxNzI2ODc=",
+      "is_bot": false,
+      "login": "gavinhoward",
+      "name": "Gavin D. Howard"
+    },
+    "milestone": null,
+    "number": 26,
+    "potentialMergeCommit": null,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "reviewDecision": "",
+    "reviewRequests": [],
+    "reviews": [],
+    "state": "MERGED",
+    "statusCheckRollup": [],
+    "title": "Portuguese Translations",
+    "updatedAt": "2020-01-14T15:52:18Z",
+    "url": "https://github.com/gavinhoward/bc/pull/26"
+  },
+  {
+    "additions": 6,
+    "assignees": [],
+    "author": {
+      "id": "MDQ6VXNlcjIyMjk2NzA2",
+      "is_bot": false,
+      "login": "eg15",
+      "name": "Eugene Gladchenko"
+    },
+    "autoMergeRequest": null,
+    "baseRefName": "master",
+    "baseRefOid": "38cc5145cb66ba9f1706630d5f987d60a46fb1b1",
+    "body": "Looks like I found a bug.\r\n\"-1000000000 < -1\" returns 0 (false) on my machine which is obviously wrong.\r\nThe fix will follow.",
+    "changedFiles": 4,
+    "closed": true,
+    "closedAt": "2019-11-22T04:42:08Z",
+    "comments": [
+      {
+        "id": "MDEyOklzc3VlQ29tbWVudDU1NzE0ODY4Mw==",
+        "author": {
+          "login": "codecov"
+        },
+        "authorAssociation": "NONE",
+        "body": "# [Codecov](https://codecov.io/gh/gavinhoward/bc/pull/25?src=pr&el=h1) Report\n> Merging [#25](https://codecov.io/gh/gavinhoward/bc/pull/25?src=pr&el=desc) into [master](https://codecov.io/gh/gavinhoward/bc/commit/38cc5145cb66ba9f1706630d5f987d60a46fb1b1?src=pr&el=desc) will **not change** coverage.\n> The diff coverage is `100%`.\n\n[![Impacted file tree graph](https://codecov.io/gh/gavinhoward/bc/pull/25/graphs/tree.svg?width=650&token=7VDYTvCBQX&height=150&src=pr)](https://codecov.io/gh/gavinhoward/bc/pull/25?src=pr&el=tree)\n\n```diff\n@@           Coverage Diff           @@\n##           master      #25   +/-   ##\n=======================================\n  Coverage   99.71%   99.71%           \n=======================================\n  Files          16       16           \n  Lines        3478     3478           \n=======================================\n  Hits         3468     3468           \n  Misses         10       10\n```\n\n\n| [Impacted Files](https://codecov.io/gh/gavinhoward/bc/pull/25?src=pr&el=tree) | Coverage Δ | |\n|---|---|---|\n| [src/num.c](https://codecov.io/gh/gavinhoward/bc/pull/25/diff?src=pr&el=tree#diff-c3JjL251bS5j) | `99.41% <100%> (ø)` | :arrow_up: |\n\n------\n\n[Continue to review full report at Codecov](https://codecov.io/gh/gavinhoward/bc/pull/25?src=pr&el=continue).\n> **Legend** - [Click here to learn more](https://docs.codecov.io/docs/codecov-delta)\n> `Δ = absolute <relative> (impact)`, `ø = not affected`, `? = missing data`\n> Powered by [Codecov](https://codecov.io/gh/gavinhoward/bc/pull/25?src=pr&el=footer). Last update [38cc514...96518d8](https://codecov.io/gh/gavinhoward/bc/pull/25?src=pr&el=lastupdated). Read the [comment docs](https://docs.codecov.io/docs/pull-request-comments).\n",
+        "createdAt": "2019-11-21T15:56:12Z",
+        "includesCreatedEdit": true,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/25#issuecomment-557148683",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "MDEyOklzc3VlQ29tbWVudDU1NzE2MDgyMg==",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Yes, you did find a bug.\r\n\r\nYour fix looks great, and your tests do as well. I just have two requests:\r\n\r\n1. Move your tests and results into files called `comp.txt` and `comp_results.txt`.\r\n2. Change the name in `tests/bc/all.txt`.\r\n\r\nI want you to do this because I am going to write a more comprehensive set of tests for comparisons in general to make sure I did not miss anything else.\r\n\r\nIf you don't have the time to do this, I could always pull it and do the change myself.",
+        "createdAt": "2019-11-21T16:22:26Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/25#issuecomment-557160822",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "MDEyOklzc3VlQ29tbWVudDU1NzIwNjQwNw==",
+        "author": {
+          "login": "eg15"
+        },
+        "authorAssociation": "CONTRIBUTOR",
+        "body": "Just finished, thank you.\r\n\r\nBTW it looks like busybox guys took your code and kept the bug in their modified version.\r\nJust fixed it there as well: https://bugs.busybox.net/show_bug.cgi?id=12336\r\n\r\nThen it should be fixed in Alpine (that's where I encountered it this morning).",
+        "createdAt": "2019-11-21T18:10:24Z",
+        "includesCreatedEdit": true,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/25#issuecomment-557206407",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "MDEyOklzc3VlQ29tbWVudDU1NzIzMDk2NA==",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "`busybox` didn't exactly take my code; I gave them my code, when it had a lot more bugs as well. Unfortunately, they decided to go their own way with it, so I don't really contribute back. (They added even more bugs.)\r\n\r\nI will merge this when I get home from work. I should have a release out after testing, which could take up to a week. I don't expect this to take that long to test, since it's so small, but I may find other problems.",
+        "createdAt": "2019-11-21T19:14:33Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/25#issuecomment-557230964",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "MDEyOklzc3VlQ29tbWVudDU1NzM4NjYzOQ==",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "I pulled manually. Thank you for your help!",
+        "createdAt": "2019-11-22T04:44:22Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [
+          {
+            "content": "THUMBS_UP",
+            "users": {
+              "totalCount": 1
+            }
+          }
+        ],
+        "url": "https://github.com/gavinhoward/bc/pull/25#issuecomment-557386639",
+        "viewerDidAuthor": true
+      }
+    ],
+    "commits": [
+      {
+        "authoredDate": "2019-11-21T15:31:00Z",
+        "authors": [
+          {
+            "email": "gladchenko@gmail.com",
+            "id": "MDQ6VXNlcjIyMjk2NzA2",
+            "login": "eg15",
+            "name": "Eugene Gladchenko"
+          }
+        ],
+        "committedDate": "2019-11-21T15:31:00Z",
+        "messageBody": "",
+        "messageHeadline": "Add a test to compare negative numbers",
+        "oid": "888c422c21b558d3778d4ad215fd54f9387a137b"
+      },
+      {
+        "authoredDate": "2019-11-21T16:00:43Z",
+        "authors": [
+          {
+            "email": "gladchenko@gmail.com",
+            "id": "MDQ6VXNlcjIyMjk2NzA2",
+            "login": "eg15",
+            "name": "Eugene Gladchenko"
+          }
+        ],
+        "committedDate": "2019-11-21T16:00:43Z",
+        "messageBody": "",
+        "messageHeadline": "Fix a bug in comparing negative numbers",
+        "oid": "ddbecaa0601375b86dffb525973148cdd0dda8f7"
+      },
+      {
+        "authoredDate": "2019-11-21T18:05:15Z",
+        "authors": [
+          {
+            "email": "gladchenko@gmail.com",
+            "id": "MDQ6VXNlcjIyMjk2NzA2",
+            "login": "eg15",
+            "name": "Eugene Gladchenko"
+          }
+        ],
+        "committedDate": "2019-11-21T18:05:15Z",
+        "messageBody": "",
+        "messageHeadline": "The name of the test file changed",
+        "oid": "96518d8fd63fca1d01b82ac78a42251844f39201"
+      }
+    ],
+    "createdAt": "2019-11-21T15:52:02Z",
+    "deletions": 1,
+    "files": [
+      {
+        "path": "src/num.c",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "tests/bc/all.txt",
+        "additions": 1,
+        "deletions": 0
+      },
+      {
+        "path": "tests/bc/comp.txt",
+        "additions": 2,
+        "deletions": 0
+      },
+      {
+        "path": "tests/bc/comp_results.txt",
+        "additions": 2,
+        "deletions": 0
+      }
+    ],
+    "fullDatabaseId": "344102387",
+    "headRefName": "master",
+    "headRefOid": "96518d8fd63fca1d01b82ac78a42251844f39201",
+    "headRepository": {
+      "id": "MDEwOlJlcG9zaXRvcnkyMjMyMDIxNDg=",
+      "name": "bc"
+    },
+    "headRepositoryOwner": {
+      "id": "MDQ6VXNlcjIyMjk2NzA2",
+      "name": "Eugene Gladchenko",
+      "login": "eg15"
+    },
+    "id": "MDExOlB1bGxSZXF1ZXN0MzQ0MTAyMzg3",
+    "isCrossRepository": true,
+    "isDraft": false,
+    "labels": [],
+    "latestReviews": [],
+    "maintainerCanModify": false,
+    "mergeCommit": {
+      "oid": "96518d8fd63fca1d01b82ac78a42251844f39201"
+    },
+    "mergeStateStatus": "UNKNOWN",
+    "mergeable": "UNKNOWN",
+    "mergedAt": "2019-11-22T04:42:07Z",
+    "mergedBy": {
+      "id": "MDQ6VXNlcjMxNzI2ODc=",
+      "is_bot": false,
+      "login": "gavinhoward",
+      "name": "Gavin D. Howard"
+    },
+    "milestone": null,
+    "number": 25,
+    "potentialMergeCommit": null,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "reviewDecision": "",
+    "reviewRequests": [],
+    "reviews": [],
+    "state": "MERGED",
+    "statusCheckRollup": [],
+    "title": "Add a test to compare negative numbers",
+    "updatedAt": "2019-11-22T04:44:22Z",
+    "url": "https://github.com/gavinhoward/bc/pull/25"
+  },
+  {
+    "additions": 43,
+    "assignees": [],
+    "author": {
+      "id": "MDQ6VXNlcjYyNjQ1NDY=",
+      "is_bot": false,
+      "login": "stesser",
+      "name": "Stefan Eßer"
+    },
+    "autoMergeRequest": null,
+    "baseRefName": "master",
+    "baseRefOid": "b6cc5efba0e127c5a344c25505c807865494cc66",
+    "body": "I do not know how to restrict the pull request to just the two commits I consider relevant (probably is the GIT way to create a temporary branch for that purpose?)\r\n\r\nThe relevant commits are: \r\n\r\nca56e06\r\n684e3f6",
+    "changedFiles": 3,
+    "closed": true,
+    "closedAt": "2019-06-14T01:43:15Z",
+    "comments": [
+      {
+        "id": "MDEyOklzc3VlQ29tbWVudDUwMTgzMTY1Ng==",
+        "author": {
+          "login": "codecov"
+        },
+        "authorAssociation": "NONE",
+        "body": "# [Codecov](https://codecov.io/gh/gavinhoward/bc/pull/24?src=pr&el=h1) Report\n> Merging [#24](https://codecov.io/gh/gavinhoward/bc/pull/24?src=pr&el=desc) into [master](https://codecov.io/gh/gavinhoward/bc/commit/b6cc5efba0e127c5a344c25505c807865494cc66?src=pr&el=desc) will **increase** coverage by `<.01%`.\n> The diff coverage is `100%`.\n\n[![Impacted file tree graph](https://codecov.io/gh/gavinhoward/bc/pull/24/graphs/tree.svg?width=650&token=7VDYTvCBQX&height=150&src=pr)](https://codecov.io/gh/gavinhoward/bc/pull/24?src=pr&el=tree)\n\n```diff\n@@            Coverage Diff             @@\n##           master      #24      +/-   ##\n==========================================\n+ Coverage   99.73%   99.73%   +<.01%     \n==========================================\n  Files          16       16              \n  Lines        3431     3435       +4     \n==========================================\n+ Hits         3422     3426       +4     \n  Misses          9        9\n```\n\n\n| [Impacted Files](https://codecov.io/gh/gavinhoward/bc/pull/24?src=pr&el=tree) | Coverage Δ | |\n|---|---|---|\n| [src/bc/parse.c](https://codecov.io/gh/gavinhoward/bc/pull/24/diff?src=pr&el=tree#diff-c3JjL2JjL3BhcnNlLmM=) | `100% <ø> (ø)` | :arrow_up: |\n| [src/program.c](https://codecov.io/gh/gavinhoward/bc/pull/24/diff?src=pr&el=tree#diff-c3JjL3Byb2dyYW0uYw==) | `99.73% <100%> (ø)` | :arrow_up: |\n| [src/num.c](https://codecov.io/gh/gavinhoward/bc/pull/24/diff?src=pr&el=tree#diff-c3JjL251bS5j) | `99.8% <100%> (ø)` | :arrow_up: |\n\n------\n\n[Continue to review full report at Codecov](https://codecov.io/gh/gavinhoward/bc/pull/24?src=pr&el=continue).\n> **Legend** - [Click here to learn more](https://docs.codecov.io/docs/codecov-delta)\n> `Δ = absolute <relative> (impact)`, `ø = not affected`, `? = missing data`\n> Powered by [Codecov](https://codecov.io/gh/gavinhoward/bc/pull/24?src=pr&el=footer). Last update [b6cc5ef...ca56e06](https://codecov.io/gh/gavinhoward/bc/pull/24?src=pr&el=lastupdated). Read the [comment docs](https://docs.codecov.io/docs/pull-request-comments).\n",
+        "createdAt": "2019-06-13T18:43:42Z",
+        "includesCreatedEdit": true,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/24#issuecomment-501831656",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "MDEyOklzc3VlQ29tbWVudDUwMTg1MDQyMQ==",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "I have already made these changes in my local branch. I just haven't pushed them yet. I will push them when I get home from work, and I will close this then to remind me.\r\n\r\nThank you.",
+        "createdAt": "2019-06-13T19:39:54Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/24#issuecomment-501850421",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "MDEyOklzc3VlQ29tbWVudDUwMTkzNzA0Ng==",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Changes are pushed.",
+        "createdAt": "2019-06-14T01:43:15Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/24#issuecomment-501937046",
+        "viewerDidAuthor": true
+      }
+    ],
+    "commits": [
+      {
+        "authoredDate": "2019-06-09T11:10:39Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-06-09T11:10:39Z",
+        "messageBody": "",
+        "messageHeadline": "Small optimization: no data to copy for BC_RESULT_ONE or _LAST",
+        "oid": "b32b26ca8a533480155a427906025cbe9a0c061c"
+      },
+      {
+        "authoredDate": "2019-06-10T21:15:49Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-06-10T21:15:49Z",
+        "messageBody": "",
+        "messageHeadline": "Make limit for extension of division results depend on BC_BASE_DIGS",
+        "oid": "1846088a5d37f02e608228e4214ed76464abdd05"
+      },
+      {
+        "authoredDate": "2019-06-10T21:17:33Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-06-10T21:17:33Z",
+        "messageBody": "",
+        "messageHeadline": "Simplify and speed up parsing of decimal numbers",
+        "oid": "5954930eb013ed5e10bea2599735f06b05b89caa"
+      },
+      {
+        "authoredDate": "2019-06-12T10:16:50Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-06-12T10:16:50Z",
+        "messageBody": "Do not allocate one BcDig per character of the string passed in.\nFor ibase between 11 and 26 (decimal) more than one BcDig may be\nneeded to store the value expressed by BC_BASE_DIGS characters.\n\nTesting for that case will probably cause more overhead than just\napplying a fudge factor (not verified - special casing the ibase\nrange that needs this factor and using a factor of 1.5 instead of\n2 might be worth the extra code complexity).",
+        "messageHeadline": "Fix allocation size for parsed number",
+        "oid": "c2dc7941ee0115ba8e820685021d70ab2ab13a91"
+      },
+      {
+        "authoredDate": "2019-06-12T10:25:11Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-06-12T10:25:11Z",
+        "messageBody": "",
+        "messageHeadline": "Merge branch 'master' of https://github.com/gavinhoward/bc",
+        "oid": "036b112a9d04b56b98ba3697e1641afa6352bbeb"
+      },
+      {
+        "authoredDate": "2019-06-12T12:00:07Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-06-12T12:00:07Z",
+        "messageBody": "This change improves \"make test\" performance by more than 2%.",
+        "messageHeadline": "Better estimate of the number of BcDigs required to store a constant",
+        "oid": "43caceec40e4265edc8244b092bd39ba483361c5"
+      },
+      {
+        "authoredDate": "2019-06-12T21:43:54Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-06-12T21:43:54Z",
+        "messageBody": "This implementation is not optimized for speed, yet. I have plans to\nadd copy-on-write semantics for BcNums (i.e. add a reference count and\ncopy the BcNum only if its refcount is > 1 it is about to be\nmodified).\n\nThis version fails in the bc/stdin test, but diagnosing this problem\nwill have to wait for tomorrow ...",
+        "messageHeadline": "Implement caching of numeric constants in vectors of BcNums",
+        "oid": "515dfe44886667eb9fbea48c214b559549d69417"
+      },
+      {
+        "authoredDate": "2019-06-13T08:23:45Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-06-13T08:23:45Z",
+        "messageBody": "Beyond the changes performed by the automatic merge, remove references\nto the constvals field in struct BcFunc.",
+        "messageHeadline": "Merge branch 'master' of https://github.com/gavinhoward/bc",
+        "oid": "cd30020d2fe2d4cef802b2e65299f4e0e1a3972f"
+      },
+      {
+        "authoredDate": "2019-06-13T08:33:21Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-06-13T08:33:21Z",
+        "messageBody": "",
+        "messageHeadline": "Merge more changes from upstream",
+        "oid": "21e4395740342aa65e728d02e1a5d658a9a15bc0"
+      },
+      {
+        "authoredDate": "2019-06-13T08:49:54Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-06-13T08:49:54Z",
+        "messageBody": "",
+        "messageHeadline": "Adjust whitespace and use value of \"base\" instead of fetching it again",
+        "oid": "684e3f6f8a7dd8efb5b49211ef20948710cf6457"
+      },
+      {
+        "authoredDate": "2019-06-13T09:14:04Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-06-13T09:14:04Z",
+        "messageBody": "",
+        "messageHeadline": "Fix for failing scale(0.0000000000000000000) test case",
+        "oid": "25799a6fa21c69cb7f9e77e53329d3b735564c9b"
+      },
+      {
+        "authoredDate": "2019-06-13T11:05:20Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-06-13T11:05:20Z",
+        "messageBody": "FreeBSD uses strict checks for base system components and the build\nfailed due to the compiler warnings being treated as errors in base.",
+        "messageHeadline": "Remove unused local variable declarations (fix build in FreeBSD)",
+        "oid": "ca56e060a471ed5476a78b38c1b2d0584777d693"
+      }
+    ],
+    "createdAt": "2019-06-13T18:39:56Z",
+    "deletions": 49,
+    "files": [
+      {
+        "path": "src/bc/parse.c",
+        "additions": 0,
+        "deletions": 2
+      },
+      {
+        "path": "src/num.c",
+        "additions": 37,
+        "deletions": 39
+      },
+      {
+        "path": "src/program.c",
+        "additions": 6,
+        "deletions": 8
+      }
+    ],
+    "fullDatabaseId": "288048911",
+    "headRefName": "master",
+    "headRefOid": "ca56e060a471ed5476a78b38c1b2d0584777d693",
+    "headRepository": {
+      "id": "MDEwOlJlcG9zaXRvcnkxODAzNzI3NzY=",
+      "name": "bc"
+    },
+    "headRepositoryOwner": {
+      "id": "MDQ6VXNlcjYyNjQ1NDY=",
+      "name": "Stefan Eßer",
+      "login": "stesser"
+    },
+    "id": "MDExOlB1bGxSZXF1ZXN0Mjg4MDQ4OTEx",
+    "isCrossRepository": true,
+    "isDraft": false,
+    "labels": [],
+    "latestReviews": [],
+    "maintainerCanModify": false,
+    "mergeCommit": null,
+    "mergeStateStatus": "DIRTY",
+    "mergeable": "CONFLICTING",
+    "mergedAt": null,
+    "mergedBy": null,
+    "milestone": null,
+    "number": 24,
+    "potentialMergeCommit": null,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "reviewDecision": "",
+    "reviewRequests": [],
+    "reviews": [],
+    "state": "CLOSED",
+    "statusCheckRollup": [],
+    "title": "Whitespace adjustment and removal of some unused variables",
+    "updatedAt": "2019-06-14T01:43:15Z",
+    "url": "https://github.com/gavinhoward/bc/pull/24"
+  },
+  {
+    "additions": 1,
+    "assignees": [],
+    "author": {
+      "id": "MDQ6VXNlcjYyNjQ1NDY=",
+      "is_bot": false,
+      "login": "stesser",
+      "name": "Stefan Eßer"
+    },
+    "autoMergeRequest": null,
+    "baseRefName": "master",
+    "baseRefOid": "f555270c99e7d354704071628486df0870968286",
+    "body": "Benchmarks show a small but significant speed-up of \"make test\" if the\r\nlimit for the shifting of operands is made more strict. Many operands\r\nwill require a second iteration of the inner loop anyway, and shifting\r\nof the operands uses cycles for no gain, then.\r\n\r\nTo my surprise, BC_BASE_DIGS=4 and =9 seem to have near identical\r\nperformance after this change. Some operations (multiplication and\r\npower) ought to be faster with larger BcDigs, but at least for the\r\nperformance of \"make test\" on my system this does not seem to affect\r\nthe run-time by a significant amount.",
+    "changedFiles": 1,
+    "closed": true,
+    "closedAt": "2019-06-07T13:25:25Z",
+    "comments": [
+      {
+        "id": "MDEyOklzc3VlQ29tbWVudDQ5OTg4MzYwNQ==",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "I am not planning on future releases, except for bug fixes. I will merge this now.",
+        "createdAt": "2019-06-07T13:25:27Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/23#issuecomment-499883605",
+        "viewerDidAuthor": true
+      }
+    ],
+    "commits": [
+      {
+        "authoredDate": "2019-06-07T07:33:26Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-06-07T07:33:26Z",
+        "messageBody": "Benchmarks show a small but significant speed-up of \"make test\" if the\nlimit for the shifting of operands is made more strict. Many operands\nwill require a second iteration of the inner loop anyway, and shifting\nof the operands uses cycles for no gain, then.\n\nTo my surprise, BC_BASE_DIGS=4 and =9 seem to have near identical\nperformance after this change. Some operations (multiplication and\npower) ought to be faster with larger BcDigs, but at least for the\nperformance of \"make test\" on my system this does not seem to affect\nthe run-time by a significant amount.",
+        "messageHeadline": "Small performance optimization",
+        "oid": "d8526df195150f9f20ed4e8430dff3457e5d2913"
+      }
+    ],
+    "createdAt": "2019-06-07T08:28:48Z",
+    "deletions": 1,
+    "files": [
+      {
+        "path": "src/num.c",
+        "additions": 1,
+        "deletions": 1
+      }
+    ],
+    "fullDatabaseId": "286093193",
+    "headRefName": "master",
+    "headRefOid": "d8526df195150f9f20ed4e8430dff3457e5d2913",
+    "headRepository": {
+      "id": "MDEwOlJlcG9zaXRvcnkxODAzNzI3NzY=",
+      "name": "bc"
+    },
+    "headRepositoryOwner": {
+      "id": "MDQ6VXNlcjYyNjQ1NDY=",
+      "name": "Stefan Eßer",
+      "login": "stesser"
+    },
+    "id": "MDExOlB1bGxSZXF1ZXN0Mjg2MDkzMTkz",
+    "isCrossRepository": true,
+    "isDraft": false,
+    "labels": [],
+    "latestReviews": [],
+    "maintainerCanModify": false,
+    "mergeCommit": {
+      "oid": "6f662190645f8fb84b36a513b1369a8bf61e215e"
+    },
+    "mergeStateStatus": "UNKNOWN",
+    "mergeable": "UNKNOWN",
+    "mergedAt": "2019-06-07T13:25:25Z",
+    "mergedBy": {
+      "id": "MDQ6VXNlcjMxNzI2ODc=",
+      "is_bot": false,
+      "login": "gavinhoward",
+      "name": "Gavin D. Howard"
+    },
+    "milestone": null,
+    "number": 23,
+    "potentialMergeCommit": null,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "reviewDecision": "",
+    "reviewRequests": [],
+    "reviews": [],
+    "state": "MERGED",
+    "statusCheckRollup": [],
+    "title": "Small performance optimization (perhaps for the next following release?)",
+    "updatedAt": "2019-06-07T13:25:28Z",
+    "url": "https://github.com/gavinhoward/bc/pull/23"
+  },
+  {
+    "additions": 38,
+    "assignees": [],
+    "author": {
+      "id": "MDQ6VXNlcjYyNjQ1NDY=",
+      "is_bot": false,
+      "login": "stesser",
+      "name": "Stefan Eßer"
+    },
+    "autoMergeRequest": null,
+    "baseRefName": "master",
+    "baseRefOid": "7373e5f89c9ce873eb1a84f129c1f9be3b1ec400",
+    "body": "",
+    "changedFiles": 1,
+    "closed": true,
+    "closedAt": "2019-06-07T04:04:59Z",
+    "comments": [
+      {
+        "id": "MDEyOklzc3VlQ29tbWVudDQ5OTY2Nzc4Nw==",
+        "author": {
+          "login": "codecov"
+        },
+        "authorAssociation": "NONE",
+        "body": "# [Codecov](https://codecov.io/gh/gavinhoward/bc/pull/22?src=pr&el=h1) Report\n> Merging [#22](https://codecov.io/gh/gavinhoward/bc/pull/22?src=pr&el=desc) into [master](https://codecov.io/gh/gavinhoward/bc/commit/7373e5f89c9ce873eb1a84f129c1f9be3b1ec400?src=pr&el=desc) will **increase** coverage by `<.01%`.\n> The diff coverage is `100%`.\n\n[![Impacted file tree graph](https://codecov.io/gh/gavinhoward/bc/pull/22/graphs/tree.svg?width=650&token=7VDYTvCBQX&height=150&src=pr)](https://codecov.io/gh/gavinhoward/bc/pull/22?src=pr&el=tree)\n\n```diff\n@@            Coverage Diff             @@\n##           master      #22      +/-   ##\n==========================================\n+ Coverage   99.73%   99.73%   +<.01%     \n==========================================\n  Files          16       16              \n  Lines        3392     3409      +17     \n==========================================\n+ Hits         3383     3400      +17     \n  Misses          9        9\n```\n\n\n| [Impacted Files](https://codecov.io/gh/gavinhoward/bc/pull/22?src=pr&el=tree) | Coverage Δ | |\n|---|---|---|\n| [src/num.c](https://codecov.io/gh/gavinhoward/bc/pull/22/diff?src=pr&el=tree#diff-c3JjL251bS5j) | `99.8% <100%> (ø)` | :arrow_up: |\n\n------\n\n[Continue to review full report at Codecov](https://codecov.io/gh/gavinhoward/bc/pull/22?src=pr&el=continue).\n> **Legend** - [Click here to learn more](https://docs.codecov.io/docs/codecov-delta)\n> `Δ = absolute <relative> (impact)`, `ø = not affected`, `? = missing data`\n> Powered by [Codecov](https://codecov.io/gh/gavinhoward/bc/pull/22?src=pr&el=footer). Last update [7373e5f...98719ee](https://codecov.io/gh/gavinhoward/bc/pull/22?src=pr&el=lastupdated). Read the [comment docs](https://docs.codecov.io/docs/pull-request-comments).\n",
+        "createdAt": "2019-06-06T21:06:55Z",
+        "includesCreatedEdit": true,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/22#issuecomment-499667787",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "MDEyOklzc3VlQ29tbWVudDQ5OTc0OTQ5MQ==",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Merging...for now. If it passes (which I think it will), it will stay.",
+        "createdAt": "2019-06-07T04:05:18Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/22#issuecomment-499749491",
+        "viewerDidAuthor": true
+      }
+    ],
+    "commits": [
+      {
+        "authoredDate": "2019-06-06T05:13:40Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-06-06T05:13:40Z",
+        "messageBody": "Since stdout is not affected by this debug print function, nchars\nshould not be modified, or printing of large numbers will be broken.",
+        "messageHeadline": "Resetting of nchars after printing to stderr corrupts the output",
+        "oid": "76794442357318437574ec8c0aa3f71903ec419a"
+      },
+      {
+        "authoredDate": "2019-06-06T06:14:43Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-06-06T06:14:43Z",
+        "messageBody": "If the top-most BcDig contains a small value and there are lower\nnon-zero BcDigs, the integer divisor is incremented to prevent\ndivision results that do not fit into a BcDig (are > BC_BASE_POW).\n\nE.g. for 1000 / 1.1 the integer divisor will become 2 and the first\nestimate of the result will be 1000 / 2 = 500, giving a reminder of\n1000 - 500 * 1.1 = 450. The next estimate will be 700 = 500 + 450 / 2\nand so on with the reminder slowly decreasing in each iteration.\n\nSince the relative error due to the approximation of the full division\nby an integer division becomes significant for small integer divisors,\nit makes sense to extend the divisor if it i ssmall. In fact, it seems\nto pay off for all divisors that are < BC_BASE_POW / 10.",
+        "messageHeadline": "Fix pathological behavior in case integer is rounded up a lot",
+        "oid": "035ace7d24afd722ce9a3325c90213d36772e5bd"
+      },
+      {
+        "authoredDate": "2019-06-06T06:25:29Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-06-06T06:25:29Z",
+        "messageBody": "",
+        "messageHeadline": "Merge branch 'div'",
+        "oid": "c1e655b2dd38ea27668b3a0c5b7c86ef06a8dd88"
+      },
+      {
+        "authoredDate": "2019-06-06T08:21:51Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-06-06T08:21:51Z",
+        "messageBody": "If there was a new-line character in the string, then strrchr will\nreturn a pointer to that character. If the length of the string\nstarting at the new-line position is 1, then no text follows on the\nnew line and nchars should be set to 0,not 2.",
+        "messageHeadline": "Fix calculation of nchars",
+        "oid": "54e3cd86494fd1e2c817ea3fa49c357738da5f82"
+      },
+      {
+        "authoredDate": "2019-06-06T11:32:50Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-06-06T11:32:50Z",
+        "messageBody": "This reverts commit 54e3cd86494fd1e2c817ea3fa49c357738da5f82.\n\nI had misread the code (thought the + 1 was outside the brackets).",
+        "messageHeadline": "Revert \"Fix calculation of nchars\"",
+        "oid": "210d9c5863215d0c371f0ec68a0fda2f601920f3"
+      },
+      {
+        "authoredDate": "2019-06-06T20:07:20Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-06-06T20:07:20Z",
+        "messageBody": "This version does not pass all tests (hangs in divide.bc).\nI'm commiting anyway, to have a basis that is ismilar to the upstream\nrepo for further testing.",
+        "messageHeadline": "Merge latest upstream version.",
+        "oid": "94fb480d06c4e082a635d2f4866682d4f6a7b6bb"
+      },
+      {
+        "authoredDate": "2019-06-06T20:50:44Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-06-06T20:50:44Z",
+        "messageBody": "",
+        "messageHeadline": "Remove debug dump of operands and intermediate results",
+        "oid": "59e2953c61615ff5f3deecd181f15c5249fe0bb4"
+      },
+      {
+        "authoredDate": "2019-06-06T20:59:42Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-06-06T20:59:42Z",
+        "messageBody": "",
+        "messageHeadline": "Merge branch 'master' of https://github.com/gavinhoward/bc",
+        "oid": "6fe9b2fba0e7359152598d4e38ff93020b24b8e7"
+      },
+      {
+        "authoredDate": "2019-06-06T21:01:19Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-06-06T21:01:19Z",
+        "messageBody": "",
+        "messageHeadline": "Reduce whitespace diff relative to upstream",
+        "oid": "595d84e4792bffa63ece31aa146ea7ccfc87ea4b"
+      },
+      {
+        "authoredDate": "2019-06-06T21:03:03Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-06-06T21:03:03Z",
+        "messageBody": "",
+        "messageHeadline": "Fix lines that resulted from a mis-merge of upstream",
+        "oid": "98719eecc5f599365f5d2c3aa042a9cb7cdb6d6c"
+      }
+    ],
+    "createdAt": "2019-06-06T20:53:49Z",
+    "deletions": 6,
+    "files": [
+      {
+        "path": "src/num.c",
+        "additions": 38,
+        "deletions": 6
+      }
+    ],
+    "fullDatabaseId": "285965666",
+    "headRefName": "master",
+    "headRefOid": "98719eecc5f599365f5d2c3aa042a9cb7cdb6d6c",
+    "headRepository": {
+      "id": "MDEwOlJlcG9zaXRvcnkxODAzNzI3NzY=",
+      "name": "bc"
+    },
+    "headRepositoryOwner": {
+      "id": "MDQ6VXNlcjYyNjQ1NDY=",
+      "name": "Stefan Eßer",
+      "login": "stesser"
+    },
+    "id": "MDExOlB1bGxSZXF1ZXN0Mjg1OTY1NjY2",
+    "isCrossRepository": true,
+    "isDraft": false,
+    "labels": [],
+    "latestReviews": [],
+    "maintainerCanModify": false,
+    "mergeCommit": {
+      "oid": "016a5eed2e5cc0d7e65cea785e609a0bb8a0fa70"
+    },
+    "mergeStateStatus": "UNKNOWN",
+    "mergeable": "UNKNOWN",
+    "mergedAt": "2019-06-07T04:04:59Z",
+    "mergedBy": {
+      "id": "MDQ6VXNlcjMxNzI2ODc=",
+      "is_bot": false,
+      "login": "gavinhoward",
+      "name": "Gavin D. Howard"
+    },
+    "milestone": null,
+    "number": 22,
+    "potentialMergeCommit": null,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "reviewDecision": "",
+    "reviewRequests": [],
+    "reviews": [],
+    "state": "MERGED",
+    "statusCheckRollup": [],
+    "title": "This version completes all tests on my system",
+    "updatedAt": "2019-06-07T04:05:18Z",
+    "url": "https://github.com/gavinhoward/bc/pull/22"
+  },
+  {
+    "additions": 30,
+    "assignees": [],
+    "author": {
+      "id": "MDQ6VXNlcjYyNjQ1NDY=",
+      "is_bot": false,
+      "login": "stesser",
+      "name": "Stefan Eßer"
+    },
+    "autoMergeRequest": null,
+    "baseRefName": "master",
+    "baseRefOid": "81eb6fba565695dfe054e0b3f651fa5fa089b605",
+    "body": "Reduce the number of iterations required for cases where the top-most BcDig of the divisor is a small value and there are lower non-zero BcDigs. This makes the performance of the division more even for all types of operands of a given length and speeds up \"make test\" by about 3% on my system. The worst case performance of the division is improved by about a factor of 20 (estimated, not measured) for operations like 1/1.000000001.",
+    "changedFiles": 1,
+    "closed": true,
+    "closedAt": "2019-06-06T15:34:13Z",
+    "comments": [
+      {
+        "id": "MDEyOklzc3VlQ29tbWVudDQ5OTM5OTU1Nw==",
+        "author": {
+          "login": "stesser"
+        },
+        "authorAssociation": "CONTRIBUTOR",
+        "body": "While here, fix calculation of vm->nchars in 2 places ...",
+        "createdAt": "2019-06-06T08:27:09Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/21#issuecomment-499399557",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "MDEyOklzc3VlQ29tbWVudDQ5OTU0NzEzMA==",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Rejected for reasons stated in an email.",
+        "createdAt": "2019-06-06T15:34:13Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/21#issuecomment-499547130",
+        "viewerDidAuthor": true
+      }
+    ],
+    "commits": [
+      {
+        "authoredDate": "2019-06-06T05:13:40Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-06-06T05:13:40Z",
+        "messageBody": "Since stdout is not affected by this debug print function, nchars\nshould not be modified, or printing of large numbers will be broken.",
+        "messageHeadline": "Resetting of nchars after printing to stderr corrupts the output",
+        "oid": "76794442357318437574ec8c0aa3f71903ec419a"
+      },
+      {
+        "authoredDate": "2019-06-06T06:14:43Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-06-06T06:14:43Z",
+        "messageBody": "If the top-most BcDig contains a small value and there are lower\nnon-zero BcDigs, the integer divisor is incremented to prevent\ndivision results that do not fit into a BcDig (are > BC_BASE_POW).\n\nE.g. for 1000 / 1.1 the integer divisor will become 2 and the first\nestimate of the result will be 1000 / 2 = 500, giving a reminder of\n1000 - 500 * 1.1 = 450. The next estimate will be 700 = 500 + 450 / 2\nand so on with the reminder slowly decreasing in each iteration.\n\nSince the relative error due to the approximation of the full division\nby an integer division becomes significant for small integer divisors,\nit makes sense to extend the divisor if it i ssmall. In fact, it seems\nto pay off for all divisors that are < BC_BASE_POW / 10.",
+        "messageHeadline": "Fix pathological behavior in case integer is rounded up a lot",
+        "oid": "035ace7d24afd722ce9a3325c90213d36772e5bd"
+      },
+      {
+        "authoredDate": "2019-06-06T06:25:29Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-06-06T06:25:29Z",
+        "messageBody": "",
+        "messageHeadline": "Merge branch 'div'",
+        "oid": "c1e655b2dd38ea27668b3a0c5b7c86ef06a8dd88"
+      },
+      {
+        "authoredDate": "2019-06-06T08:21:51Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-06-06T08:21:51Z",
+        "messageBody": "If there was a new-line character in the string, then strrchr will\nreturn a pointer to that character. If the length of the string\nstarting at the new-line position is 1, then no text follows on the\nnew line and nchars should be set to 0,not 2.",
+        "messageHeadline": "Fix calculation of nchars",
+        "oid": "54e3cd86494fd1e2c817ea3fa49c357738da5f82"
+      },
+      {
+        "authoredDate": "2019-06-06T11:32:50Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-06-06T11:32:50Z",
+        "messageBody": "This reverts commit 54e3cd86494fd1e2c817ea3fa49c357738da5f82.\n\nI had misread the code (thought the + 1 was outside the brackets).",
+        "messageHeadline": "Revert \"Fix calculation of nchars\"",
+        "oid": "210d9c5863215d0c371f0ec68a0fda2f601920f3"
+      }
+    ],
+    "createdAt": "2019-06-06T06:53:09Z",
+    "deletions": 8,
+    "files": [
+      {
+        "path": "src/num.c",
+        "additions": 30,
+        "deletions": 8
+      }
+    ],
+    "fullDatabaseId": "285665970",
+    "headRefName": "master",
+    "headRefOid": "210d9c5863215d0c371f0ec68a0fda2f601920f3",
+    "headRepository": {
+      "id": "MDEwOlJlcG9zaXRvcnkxODAzNzI3NzY=",
+      "name": "bc"
+    },
+    "headRepositoryOwner": {
+      "id": "MDQ6VXNlcjYyNjQ1NDY=",
+      "name": "Stefan Eßer",
+      "login": "stesser"
+    },
+    "id": "MDExOlB1bGxSZXF1ZXN0Mjg1NjY1OTcw",
+    "isCrossRepository": true,
+    "isDraft": false,
+    "labels": [],
+    "latestReviews": [],
+    "maintainerCanModify": false,
+    "mergeCommit": null,
+    "mergeStateStatus": "DIRTY",
+    "mergeable": "CONFLICTING",
+    "mergedAt": null,
+    "mergedBy": null,
+    "milestone": null,
+    "number": 21,
+    "potentialMergeCommit": null,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "reviewDecision": "",
+    "reviewRequests": [],
+    "reviews": [],
+    "state": "CLOSED",
+    "statusCheckRollup": [],
+    "title": "Improve worst case behavior of the division",
+    "updatedAt": "2019-06-06T15:34:14Z",
+    "url": "https://github.com/gavinhoward/bc/pull/21"
+  },
+  {
+    "additions": 91,
+    "assignees": [],
+    "author": {
+      "id": "MDQ6VXNlcjYyNjQ1NDY=",
+      "is_bot": false,
+      "login": "stesser",
+      "name": "Stefan Eßer"
+    },
+    "autoMergeRequest": null,
+    "baseRefName": "master",
+    "baseRefOid": "7be2294e3a91ae4f93bf4db1888d89a6c0d4537b",
+    "body": "I had not fully understood the current division algorithm when I suggested to \"overshoot\" subtractions and to attempt convergence from both sides.\r\n\r\nAfter analysis of the current implementation I have noticed that it can be significantly simplified and at the same time sped-up (by a factor of about 2 in my tests). The run-time of \"make test\" is reduced by some 15% on my system.",
+    "changedFiles": 1,
+    "closed": true,
+    "closedAt": "2019-06-06T00:26:39Z",
+    "comments": [
+      {
+        "id": "MDEyOklzc3VlQ29tbWVudDQ5OTIyMjQ0Mw==",
+        "author": {
+          "login": "codecov"
+        },
+        "authorAssociation": "NONE",
+        "body": "# [Codecov](https://codecov.io/gh/gavinhoward/bc/pull/20?src=pr&el=h1) Report\n> Merging [#20](https://codecov.io/gh/gavinhoward/bc/pull/20?src=pr&el=desc) into [master](https://codecov.io/gh/gavinhoward/bc/commit/7be2294e3a91ae4f93bf4db1888d89a6c0d4537b?src=pr&el=desc) will **not change** coverage.\n> The diff coverage is `100%`.\n\n[![Impacted file tree graph](https://codecov.io/gh/gavinhoward/bc/pull/20/graphs/tree.svg?width=650&token=7VDYTvCBQX&height=150&src=pr)](https://codecov.io/gh/gavinhoward/bc/pull/20?src=pr&el=tree)\n\n```diff\n@@           Coverage Diff           @@\n##           master      #20   +/-   ##\n=======================================\n  Coverage   99.73%   99.73%           \n=======================================\n  Files          16       16           \n  Lines        3405     3405           \n=======================================\n  Hits         3396     3396           \n  Misses          9        9\n```\n\n\n| [Impacted Files](https://codecov.io/gh/gavinhoward/bc/pull/20?src=pr&el=tree) | Coverage Δ | |\n|---|---|---|\n| [src/num.c](https://codecov.io/gh/gavinhoward/bc/pull/20/diff?src=pr&el=tree#diff-c3JjL251bS5j) | `99.8% <100%> (ø)` | :arrow_up: |\n\n------\n\n[Continue to review full report at Codecov](https://codecov.io/gh/gavinhoward/bc/pull/20?src=pr&el=continue).\n> **Legend** - [Click here to learn more](https://docs.codecov.io/docs/codecov-delta)\n> `Δ = absolute <relative> (impact)`, `ø = not affected`, `? = missing data`\n> Powered by [Codecov](https://codecov.io/gh/gavinhoward/bc/pull/20?src=pr&el=footer). Last update [7be2294...45edd42](https://codecov.io/gh/gavinhoward/bc/pull/20?src=pr&el=lastupdated). Read the [comment docs](https://docs.codecov.io/docs/pull-request-comments).\n",
+        "createdAt": "2019-06-05T19:28:56Z",
+        "includesCreatedEdit": true,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/20#issuecomment-499222443",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "MDEyOklzc3VlQ29tbWVudDQ5OTIzNzA4NA==",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Can you send me your tests?",
+        "createdAt": "2019-06-05T20:12:45Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/20#issuecomment-499237084",
+        "viewerDidAuthor": true
+      }
+    ],
+    "commits": [
+      {
+        "authoredDate": "2019-05-20T11:00:48Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-05-20T11:00:48Z",
+        "messageBody": "…mod per BcDig\n\nIn the last iteration of the per BcDig print loop, acc is known to be less than\npow, therefore the last div and mod operations can be skipped, resulting in a\nspeed-up of about 2% in my tests.",
+        "messageHeadline": "Slightly speed up printing for the obase!=10 case by skipping one div…",
+        "oid": "b2c2fe4f75bff27e183db6e8b4211e8f602b0e68"
+      },
+      {
+        "authoredDate": "2019-06-05T10:06:38Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-06-05T10:06:38Z",
+        "messageBody": "",
+        "messageHeadline": "Merge branch 'master' of github.com:stesser/bc",
+        "oid": "caf977797a95fecc39e78b35ef964e69d7851e8a"
+      },
+      {
+        "authoredDate": "2019-06-05T19:04:42Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-06-05T19:04:42Z",
+        "messageBody": "The run-time of \"make test\" is reduced by some 15% on my system.",
+        "messageHeadline": "Implement faster and simpler division algorithm",
+        "oid": "45edd42ef28c52287e664e2d00b5b7de31a30e22"
+      }
+    ],
+    "createdAt": "2019-06-05T19:25:44Z",
+    "deletions": 99,
+    "files": [
+      {
+        "path": "src/num.c",
+        "additions": 91,
+        "deletions": 99
+      }
+    ],
+    "fullDatabaseId": "285517299",
+    "headRefName": "master",
+    "headRefOid": "45edd42ef28c52287e664e2d00b5b7de31a30e22",
+    "headRepository": {
+      "id": "MDEwOlJlcG9zaXRvcnkxODAzNzI3NzY=",
+      "name": "bc"
+    },
+    "headRepositoryOwner": {
+      "id": "MDQ6VXNlcjYyNjQ1NDY=",
+      "name": "Stefan Eßer",
+      "login": "stesser"
+    },
+    "id": "MDExOlB1bGxSZXF1ZXN0Mjg1NTE3Mjk5",
+    "isCrossRepository": true,
+    "isDraft": false,
+    "labels": [],
+    "latestReviews": [],
+    "maintainerCanModify": false,
+    "mergeCommit": {
+      "oid": "8904602cd9be7d6433f9ed6c2caab0f9c745dd9c"
+    },
+    "mergeStateStatus": "UNKNOWN",
+    "mergeable": "UNKNOWN",
+    "mergedAt": "2019-06-06T00:26:39Z",
+    "mergedBy": {
+      "id": "MDQ6VXNlcjMxNzI2ODc=",
+      "is_bot": false,
+      "login": "gavinhoward",
+      "name": "Gavin D. Howard"
+    },
+    "milestone": null,
+    "number": 20,
+    "potentialMergeCommit": null,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "reviewDecision": "",
+    "reviewRequests": [],
+    "reviews": [],
+    "state": "MERGED",
+    "statusCheckRollup": [],
+    "title": "Speed up and simplify division",
+    "updatedAt": "2019-06-06T00:26:40Z",
+    "url": "https://github.com/gavinhoward/bc/pull/20"
+  },
+  {
+    "additions": 10,
+    "assignees": [],
+    "author": {
+      "id": "MDQ6VXNlcjYyNjQ1NDY=",
+      "is_bot": false,
+      "login": "stesser",
+      "name": "Stefan Eßer"
+    },
+    "autoMergeRequest": null,
+    "baseRefName": "master",
+    "baseRefOid": "e318529d852cee9ce40c06f1a91f0063d8e0bd62",
+    "body": "In the last iteration of the per BcDig print loop, \"acc\" is known to be less than \"pow\", therefore the last div and mod operations can be skipped, resulting in a speed-up of about 2% in my tests.",
+    "changedFiles": 1,
+    "closed": true,
+    "closedAt": "2019-05-20T14:08:11Z",
+    "comments": [
+      {
+        "id": "MDEyOklzc3VlQ29tbWVudDQ5Mzk1ODQwMw==",
+        "author": {
+          "login": "codecov"
+        },
+        "authorAssociation": "NONE",
+        "body": "# [Codecov](https://codecov.io/gh/gavinhoward/bc/pull/19?src=pr&el=h1) Report\n> Merging [#19](https://codecov.io/gh/gavinhoward/bc/pull/19?src=pr&el=desc) into [master](https://codecov.io/gh/gavinhoward/bc/commit/e318529d852cee9ce40c06f1a91f0063d8e0bd62?src=pr&el=desc) will **increase** coverage by `<.01%`.\n> The diff coverage is `100%`.\n\n[![Impacted file tree graph](https://codecov.io/gh/gavinhoward/bc/pull/19/graphs/tree.svg?width=650&token=7VDYTvCBQX&height=150&src=pr)](https://codecov.io/gh/gavinhoward/bc/pull/19?src=pr&el=tree)\n\n```diff\n@@            Coverage Diff             @@\n##           master      #19      +/-   ##\n==========================================\n+ Coverage   99.88%   99.88%   +<.01%     \n==========================================\n  Files          16       16              \n  Lines        3409     3411       +2     \n==========================================\n+ Hits         3405     3407       +2     \n  Misses          4        4\n```\n\n\n| [Impacted Files](https://codecov.io/gh/gavinhoward/bc/pull/19?src=pr&el=tree) | Coverage Δ | |\n|---|---|---|\n| [src/num.c](https://codecov.io/gh/gavinhoward/bc/pull/19/diff?src=pr&el=tree#diff-c3JjL251bS5j) | `99.8% <100%> (ø)` | :arrow_up: |\n\n------\n\n[Continue to review full report at Codecov](https://codecov.io/gh/gavinhoward/bc/pull/19?src=pr&el=continue).\n> **Legend** - [Click here to learn more](https://docs.codecov.io/docs/codecov-delta)\n> `Δ = absolute <relative> (impact)`, `ø = not affected`, `? = missing data`\n> Powered by [Codecov](https://codecov.io/gh/gavinhoward/bc/pull/19?src=pr&el=footer). Last update [e318529...b2c2fe4](https://codecov.io/gh/gavinhoward/bc/pull/19?src=pr&el=lastupdated). Read the [comment docs](https://docs.codecov.io/docs/pull-request-comments).\n",
+        "createdAt": "2019-05-20T12:05:10Z",
+        "includesCreatedEdit": true,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/19#issuecomment-493958403",
+        "viewerDidAuthor": false
+      },
+      {
+        "id": "MDEyOklzc3VlQ29tbWVudDQ5NDAwMjk1MQ==",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Oh whoops. I did not notice this PR; I merged in the patch instead, though I did list you as the author of the commit. I hope that is okay.\r\n\r\nClosing since the code is already merged.",
+        "createdAt": "2019-05-20T14:08:11Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/19#issuecomment-494002951",
+        "viewerDidAuthor": true
+      }
+    ],
+    "commits": [
+      {
+        "authoredDate": "2019-05-20T11:00:48Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-05-20T11:00:48Z",
+        "messageBody": "…mod per BcDig\n\nIn the last iteration of the per BcDig print loop, acc is known to be less than\npow, therefore the last div and mod operations can be skipped, resulting in a\nspeed-up of about 2% in my tests.",
+        "messageHeadline": "Slightly speed up printing for the obase!=10 case by skipping one div…",
+        "oid": "b2c2fe4f75bff27e183db6e8b4211e8f602b0e68"
+      }
+    ],
+    "createdAt": "2019-05-20T12:00:46Z",
+    "deletions": 4,
+    "files": [
+      {
+        "path": "src/num.c",
+        "additions": 10,
+        "deletions": 4
+      }
+    ],
+    "fullDatabaseId": "280360533",
+    "headRefName": "d9",
+    "headRefOid": "b2c2fe4f75bff27e183db6e8b4211e8f602b0e68",
+    "headRepository": {
+      "id": "MDEwOlJlcG9zaXRvcnkxODAzNzI3NzY=",
+      "name": "bc"
+    },
+    "headRepositoryOwner": {
+      "id": "MDQ6VXNlcjYyNjQ1NDY=",
+      "name": "Stefan Eßer",
+      "login": "stesser"
+    },
+    "id": "MDExOlB1bGxSZXF1ZXN0MjgwMzYwNTMz",
+    "isCrossRepository": true,
+    "isDraft": false,
+    "labels": [],
+    "latestReviews": [],
+    "maintainerCanModify": false,
+    "mergeCommit": null,
+    "mergeStateStatus": "DIRTY",
+    "mergeable": "CONFLICTING",
+    "mergedAt": null,
+    "mergedBy": null,
+    "milestone": null,
+    "number": 19,
+    "potentialMergeCommit": null,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "reviewDecision": "",
+    "reviewRequests": [],
+    "reviews": [],
+    "state": "CLOSED",
+    "statusCheckRollup": [],
+    "title": "Slightly speed up printing for the obase!=10 case",
+    "updatedAt": "2019-06-02T10:54:35Z",
+    "url": "https://github.com/gavinhoward/bc/pull/19"
+  },
+  {
+    "additions": 11813,
+    "assignees": [],
+    "author": {
+      "id": "MDQ6VXNlcjYyNjQ1NDY=",
+      "is_bot": false,
+      "login": "stesser",
+      "name": "Stefan Eßer"
+    },
+    "autoMergeRequest": null,
+    "baseRefName": "master",
+    "baseRefOid": "b3ba59502ee5cc81e2019a724b94b648a35d7897",
+    "body": "All division and modulo test cases pass with this version.\r\n\r\nMaybe the scale could be reduced (for better performance) in parts of the algorithm, but for now the functionality is there. I have optimized the pow10 function by use of a look-up table. This table will be cached and the indexing faster than repetitive multiplication, IMHO. (Should be tested, but will not be significant in the overall picture, I guess.)\r\n\r\nI have introduced a function that rounds to a given precision. This was necessary to get the division match previous results to the last relevant digit. Just cutting off excess digits gives small errors in division and modulo results.\r\n\r\nAnother new function normalizes its argument to make len == rdx (i.e. to give a value strictly less than 1 but without 0 in the uppermost BcDig of num[]). This was required for the division, which operates on \"normalized\" values and adjusts the position of the decimal point as a final step.\r\n\r\nNeither of these functions has been added to num.h, since I was not sure about your policy with regard to having all static functions in num.c declared therein).",
+    "changedFiles": 17,
+    "closed": true,
+    "closedAt": "2019-05-06T13:42:00Z",
+    "comments": [
+      {
+        "id": "MDEyOklzc3VlQ29tbWVudDQ4NzU3MzUyNA==",
+        "author": {
+          "login": "stesser"
+        },
+        "authorAssociation": "CONTRIBUTOR",
+        "body": "The power has been fixed and passes all tests.\r\nThe sqrt operator gives results that do not pass the tests but differ only in the number of decimals or the precision of the calculation.",
+        "createdAt": "2019-04-29T13:11:00Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/18#issuecomment-487573524",
+        "viewerDidAuthor": false
+      }
+    ],
+    "commits": [
+      {
+        "authoredDate": "2019-04-19T08:06:46Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-19T08:06:46Z",
+        "messageBody": "…ot found.",
+        "messageHeadline": "The test should use the same file name as is created if the file is n…",
+        "oid": "d9bda13740c6d4f67c1d69955a4ea8e3477bad4f"
+      },
+      {
+        "authoredDate": "2019-04-19T14:09:03Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-19T14:09:03Z",
+        "messageBody": "The output has been verified to be identical to that of the C language\nversion for all files in this project by comparing the resulting .o files.",
+        "messageHeadline": "Provide shell version of strgen.c to allow use without compilation.",
+        "oid": "7d9fb3e6ffb7008afec4c7168498751366213b0f"
+      },
+      {
+        "authoredDate": "2019-04-19T14:11:23Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-19T14:11:23Z",
+        "messageBody": "",
+        "messageHeadline": "Merge branch 'master' of https://github.com/gavinhoward/bc",
+        "oid": "fddcd0f53021d8f3164f5618ba952ab36932d8fc"
+      },
+      {
+        "authoredDate": "2019-04-19T18:39:00Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-19T18:39:00Z",
+        "messageBody": "…nature.",
+        "messageHeadline": "Change parameter from char* to char** as required by the function sig…",
+        "oid": "a010b3e82408024f12e34030591349c4a344465b"
+      },
+      {
+        "authoredDate": "2019-04-19T18:41:07Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-19T18:41:07Z",
+        "messageBody": "",
+        "messageHeadline": "Fix test to work if empty or null string is passed.",
+        "oid": "22fd1e9277a34ead069e9dd64942ed3cd55c2ac6"
+      },
+      {
+        "authoredDate": "2019-04-20T08:34:13Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-20T08:34:13Z",
+        "messageBody": "",
+        "messageHeadline": "Merge branch 'master' of https://github.com/gavinhoward/bc",
+        "oid": "461c523fcbb8ff4c758ddb6ba2d9cfcf71a0a412"
+      },
+      {
+        "authoredDate": "2019-04-20T08:35:20Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-20T08:35:20Z",
+        "messageBody": "…e was broken,",
+        "messageHeadline": "Change reference to v.v to use bc_vec_item(&v, 0) - my previous chang…",
+        "oid": "52b52a81ea9ea993d9835900398ee48d6e1dc1ad"
+      },
+      {
+        "authoredDate": "2019-04-20T08:37:07Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-20T08:37:07Z",
+        "messageBody": "…nset",
+        "messageHeadline": "Split test into two parts to prevent parse error if the variable is u…",
+        "oid": "04ddff0bd1de2bde9c1af167cd59488a8fa3800c"
+      },
+      {
+        "authoredDate": "2019-04-20T15:11:30Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-20T15:11:30Z",
+        "messageBody": "",
+        "messageHeadline": "Merge branch 'master' of https://github.com/gavinhoward/bc",
+        "oid": "eb62a6521bcdaea48a8a69a346facf14a46604be"
+      },
+      {
+        "authoredDate": "2019-04-20T16:14:00Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-20T16:14:00Z",
+        "messageBody": "",
+        "messageHeadline": "Add information about recently added message catalogs.",
+        "oid": "b2950329c49de32e8dccf39ad3a64c3d210c9a46"
+      },
+      {
+        "authoredDate": "2019-04-20T16:16:06Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-20T16:16:06Z",
+        "messageBody": "",
+        "messageHeadline": "Add quotes around fr_CA and fr_CH.",
+        "oid": "eaf8bc5fa067eb2c55c96d14ad21ba952e83f6c5"
+      },
+      {
+        "authoredDate": "2019-04-20T16:17:04Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-20T16:17:04Z",
+        "messageBody": "",
+        "messageHeadline": "Fix quotes around fr_CA and fr_CH.",
+        "oid": "7c87d5892205451fcabb38edf42ca4c948427dd7"
+      },
+      {
+        "authoredDate": "2019-04-20T16:18:07Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-20T16:18:07Z",
+        "messageBody": "Anyway, I'm no native speaker of English and therefore the change is only\na crude example for what might be added ... ;-)",
+        "messageHeadline": "I think \"for\" is better than \"in\", here.",
+        "oid": "ecd6481f5aeabf178cc0fc7614840f08d74473b0"
+      },
+      {
+        "authoredDate": "2019-04-24T09:16:49Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-24T09:16:49Z",
+        "messageBody": "",
+        "messageHeadline": "Merge branch 'master' of https://github.com/gavinhoward/bc",
+        "oid": "004ad884ed95213a1a14cc7a5b05353ff91fcceb"
+      },
+      {
+        "authoredDate": "2019-04-24T21:28:32Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-24T21:28:32Z",
+        "messageBody": "…esent numbers\n\nThis code has been tested with add/sub, multiplicaton and power of integer values.\nNo tests have been performed for division and square root, yet.\n\nNumbers with fractional parts are not supported due to the missing scaling of the\n\"scale\" parameter.",
+        "messageHeadline": "Initial support for 32 bit integers instead of decimal digits to repr…",
+        "oid": "a299ffc466db2360d0cd21f8e872a4b9ccac8f0b"
+      },
+      {
+        "authoredDate": "2019-04-24T23:23:08Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Eßer"
+          }
+        ],
+        "committedDate": "2019-04-24T23:23:08Z",
+        "messageBody": "This patch starts a branch exploring the possibility of using a more\npacked representation of digits in BcNum's. I am not sure this will work\nout, but it can't hurt to try, especially since Stefan was so kind to\ncome up with a patch and send it.\n\nAs of right now, the things that are known to be broken:\n\n* Printing decimal numbers\n* Power (seg fault)",
+        "messageHeadline": "Commit an adjusted patch sent to me by Stefan Eßer",
+        "oid": "4b111c28c02ac4c999ad62de5a448eb21e01489b"
+      },
+      {
+        "authoredDate": "2019-04-24T23:31:23Z",
+        "authors": [
+          {
+            "email": "yzena.tech@gmail.com",
+            "id": "",
+            "login": "",
+            "name": "Gavin Howard"
+          }
+        ],
+        "committedDate": "2019-04-24T23:31:23Z",
+        "messageBody": "",
+        "messageHeadline": "Attempt to make Stefan's work more portable",
+        "oid": "0700efc9bb2aad8921d035f18bb30e4e211e0115"
+      },
+      {
+        "authoredDate": "2019-04-24T23:33:48Z",
+        "authors": [
+          {
+            "email": "yzena.tech@gmail.com",
+            "id": "",
+            "login": "",
+            "name": "Gavin Howard"
+          }
+        ],
+        "committedDate": "2019-04-24T23:33:48Z",
+        "messageBody": "",
+        "messageHeadline": "Fix a bit of code that is not portable to 8-bit arches",
+        "oid": "d7e4d6e8e6e0c46c3ab378c8066ceedf02fe2784"
+      },
+      {
+        "authoredDate": "2019-04-25T04:33:10Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-25T04:33:10Z",
+        "messageBody": "… of BcDig",
+        "messageHeadline": "Introduce 3 function to perform memcpy, memmove, and memset on arrays…",
+        "oid": "394a516fb6d95a9314783e4b920f9078b8d6217b"
+      },
+      {
+        "authoredDate": "2019-04-25T05:05:24Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-25T05:05:24Z",
+        "messageBody": "",
+        "messageHeadline": "Modify malloc and realloc functions to operate on BcDig arrays",
+        "oid": "5fd43a372b887cae774309dae0482410eaa64344"
+      },
+      {
+        "authoredDate": "2019-04-25T05:14:54Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-25T05:14:54Z",
+        "messageBody": "…ctions for use in vector.c",
+        "messageHeadline": "Add BcDig alloc functions to header and re-enable the plain alloc fun…",
+        "oid": "ca5a74eedef9edea724f90c386cf13322a972511"
+      },
+      {
+        "authoredDate": "2019-04-25T05:42:03Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-25T05:42:03Z",
+        "messageBody": "",
+        "messageHeadline": "Merge branch 'base9' of https://github.com/gavinhoward/bc into d9",
+        "oid": "14eff4647371265957e125e44ca8666cc845b54f"
+      },
+      {
+        "authoredDate": "2019-04-25T05:56:10Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-25T05:56:10Z",
+        "messageBody": "",
+        "messageHeadline": "Use bc_num_set instead of memset in merged code",
+        "oid": "887d6b9b2fb148490d373f60cc13f42fb3a47102"
+      },
+      {
+        "authoredDate": "2019-04-25T06:01:03Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-25T06:01:03Z",
+        "messageBody": "",
+        "messageHeadline": "Allow passing of -DBC_DEBUG_CODE on the command line",
+        "oid": "010dd2a01af69462ee1c94053e9f82cde65f171d"
+      },
+      {
+        "authoredDate": "2019-04-25T06:09:13Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-25T06:09:13Z",
+        "messageBody": "",
+        "messageHeadline": "Remove duplicate definitioon of DUMP_NUM",
+        "oid": "a3430556302146f917be5266b7c6021ecd2e1133"
+      },
+      {
+        "authoredDate": "2019-04-25T09:25:17Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-25T09:25:17Z",
+        "messageBody": "",
+        "messageHeadline": "Remove obsolete local variables",
+        "oid": "bf3b1b206e6e6a88c7ffc6ca7e10388f3fb1eb4a"
+      },
+      {
+        "authoredDate": "2019-04-25T09:50:39Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-25T09:50:39Z",
+        "messageBody": "",
+        "messageHeadline": "Fix printing of the decimal point (occured multiple times)",
+        "oid": "610a8ee9e89626f9789ba63a3e5692adc19a46ef"
+      },
+      {
+        "authoredDate": "2019-04-25T10:25:15Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-25T10:25:15Z",
+        "messageBody": "",
+        "messageHeadline": "Suppress printing of trailing zeroes of fractional parts of a result",
+        "oid": "0da1775703abdbd337f024a4b46208976b08508a"
+      },
+      {
+        "authoredDate": "2019-04-25T17:33:54Z",
+        "authors": [
+          {
+            "email": "yzena.tech@gmail.com",
+            "id": "",
+            "login": "",
+            "name": "Gavin Howard"
+          }
+        ],
+        "committedDate": "2019-04-25T17:33:54Z",
+        "messageBody": "",
+        "messageHeadline": "Fix a problem I introduced",
+        "oid": "b53a994e74fd2f226bac7756063b557dfd03f172"
+      },
+      {
+        "authoredDate": "2019-04-25T21:18:49Z",
+        "authors": [
+          {
+            "email": "yzena.tech@gmail.com",
+            "id": "",
+            "login": "",
+            "name": "Gavin D. Howard"
+          }
+        ],
+        "committedDate": "2019-04-25T21:18:49Z",
+        "messageBody": "A number of fixes and improvements ...",
+        "messageHeadline": "Merge pull request #15 from stesser/d9",
+        "oid": "7daf7e6cf26a6b3b11eeddd9d6bcc38bd52da3dc"
+      },
+      {
+        "authoredDate": "2019-04-26T01:35:41Z",
+        "authors": [
+          {
+            "email": "yzena.tech@gmail.com",
+            "id": "",
+            "login": "",
+            "name": "Gavin Howard"
+          }
+        ],
+        "committedDate": "2019-04-26T01:35:41Z",
+        "messageBody": "",
+        "messageHeadline": "Fix some style",
+        "oid": "af107d94c9352b37d4bf31815663fd68effa55b6"
+      },
+      {
+        "authoredDate": "2019-04-26T01:43:49Z",
+        "authors": [
+          {
+            "email": "yzena.tech@gmail.com",
+            "id": "",
+            "login": "",
+            "name": "Gavin Howard"
+          }
+        ],
+        "committedDate": "2019-04-26T01:43:49Z",
+        "messageBody": "",
+        "messageHeadline": "Fix some more style",
+        "oid": "f49fdaa396f2cda25379b056cf7ca9fffb0a68d6"
+      },
+      {
+        "authoredDate": "2019-04-26T02:12:19Z",
+        "authors": [
+          {
+            "email": "yzena.tech@gmail.com",
+            "id": "",
+            "login": "",
+            "name": "Gavin Howard"
+          }
+        ],
+        "committedDate": "2019-04-26T02:12:19Z",
+        "messageBody": "",
+        "messageHeadline": "Make some changes and mark functions that need work",
+        "oid": "fcf290110df0d7b09b5f89798888f05b8b371484"
+      },
+      {
+        "authoredDate": "2019-04-26T03:13:54Z",
+        "authors": [
+          {
+            "email": "yzena.tech@gmail.com",
+            "id": "",
+            "login": "",
+            "name": "Gavin Howard"
+          }
+        ],
+        "committedDate": "2019-04-26T03:13:54Z",
+        "messageBody": "There is still one bug: it allows in an extra 0 in the most significant\nspot if there is one, but it does produce the right numbers.",
+        "messageHeadline": "Make decimal parsing work",
+        "oid": "d43ec37d48c69660ba7098c88a8ef3002a49636d"
+      },
+      {
+        "authoredDate": "2019-04-26T14:48:19Z",
+        "authors": [
+          {
+            "email": "yzena.tech@gmail.com",
+            "id": "",
+            "login": "",
+            "name": "Gavin Howard"
+          }
+        ],
+        "committedDate": "2019-04-26T14:48:19Z",
+        "messageBody": "",
+        "messageHeadline": "Fix the definitions for BcDig",
+        "oid": "2eaeebffdce7fcd52b3a62d1537002b3580b6e28"
+      },
+      {
+        "authoredDate": "2019-04-26T14:48:44Z",
+        "authors": [
+          {
+            "email": "yzena.tech@gmail.com",
+            "id": "",
+            "login": "",
+            "name": "Gavin Howard"
+          }
+        ],
+        "committedDate": "2019-04-26T14:48:44Z",
+        "messageBody": "",
+        "messageHeadline": "Add more decimal tests",
+        "oid": "a0e90f3e79ef5b619b801753877d94992f6bdc95"
+      },
+      {
+        "authoredDate": "2019-04-26T14:49:05Z",
+        "authors": [
+          {
+            "email": "yzena.tech@gmail.com",
+            "id": "",
+            "login": "",
+            "name": "Gavin Howard"
+          }
+        ],
+        "committedDate": "2019-04-26T14:49:05Z",
+        "messageBody": "",
+        "messageHeadline": "Fix a warning",
+        "oid": "f196fbe426ea69bcf4fb3046cc4fedffd7fc54b7"
+      },
+      {
+        "authoredDate": "2019-04-26T14:49:17Z",
+        "authors": [
+          {
+            "email": "yzena.tech@gmail.com",
+            "id": "",
+            "login": "",
+            "name": "Gavin Howard"
+          }
+        ],
+        "committedDate": "2019-04-26T14:49:17Z",
+        "messageBody": "",
+        "messageHeadline": "Make parsing decimal work",
+        "oid": "3b60abb028266f4ff0e1aa3bdf42f440eae646c5"
+      },
+      {
+        "authoredDate": "2019-04-26T15:46:29Z",
+        "authors": [
+          {
+            "email": "yzena.tech@gmail.com",
+            "id": "",
+            "login": "",
+            "name": "Gavin Howard"
+          }
+        ],
+        "committedDate": "2019-04-26T15:46:29Z",
+        "messageBody": "",
+        "messageHeadline": "Fix a test result file",
+        "oid": "de5fcf3618c6a9ca342ed749459f395783de28d7"
+      },
+      {
+        "authoredDate": "2019-04-26T15:47:50Z",
+        "authors": [
+          {
+            "email": "yzena.tech@gmail.com",
+            "id": "",
+            "login": "",
+            "name": "Gavin Howard"
+          }
+        ],
+        "committedDate": "2019-04-26T15:47:50Z",
+        "messageBody": "",
+        "messageHeadline": "Fix another bug in the parse decimal procedure",
+        "oid": "6076dbb54bf4503abefeab22ee2a3edf6075e2e6"
+      },
+      {
+        "authoredDate": "2019-04-26T15:48:12Z",
+        "authors": [
+          {
+            "email": "yzena.tech@gmail.com",
+            "id": "",
+            "login": "",
+            "name": "Gavin Howard"
+          }
+        ],
+        "committedDate": "2019-04-26T15:48:25Z",
+        "messageBody": "This still uses an idea from Stefan Eßer and some code, mainly the\nbuffer for calculating the numbers. Other than that, I did it my way.\n\nThe reason for this is because I *really* want to make sure the radix is\non a BcDig boundary.",
+        "messageHeadline": "Make printing decimal numbers work",
+        "oid": "51cd7ea27608359bf4298766cbf1579da9c35242"
+      },
+      {
+        "authoredDate": "2019-04-26T15:50:35Z",
+        "authors": [
+          {
+            "email": "yzena.tech@gmail.com",
+            "id": "",
+            "login": "",
+            "name": "Gavin Howard"
+          }
+        ],
+        "committedDate": "2019-04-26T15:50:35Z",
+        "messageBody": "",
+        "messageHeadline": "Remove some TODO comments that are done",
+        "oid": "9cf865f8396f76015b63d5f719e1ba4f0504a629"
+      },
+      {
+        "authoredDate": "2019-04-26T16:07:21Z",
+        "authors": [
+          {
+            "email": "yzena.tech@gmail.com",
+            "id": "",
+            "login": "",
+            "name": "Gavin Howard"
+          }
+        ],
+        "committedDate": "2019-04-26T16:07:21Z",
+        "messageBody": "",
+        "messageHeadline": "Make add work",
+        "oid": "fba50a2a7d78923ffc98e593bff06913f283b9af"
+      },
+      {
+        "authoredDate": "2019-04-26T16:07:45Z",
+        "authors": [
+          {
+            "email": "yzena.tech@gmail.com",
+            "id": "",
+            "login": "",
+            "name": "Gavin Howard"
+          }
+        ],
+        "committedDate": "2019-04-26T16:07:45Z",
+        "messageBody": "",
+        "messageHeadline": "Add a useful #define",
+        "oid": "1c1697cdc5724c5e2a2969e59fb17059d84b2272"
+      },
+      {
+        "authoredDate": "2019-04-26T16:13:45Z",
+        "authors": [
+          {
+            "email": "yzena.tech@gmail.com",
+            "id": "",
+            "login": "",
+            "name": "Gavin Howard"
+          }
+        ],
+        "committedDate": "2019-04-26T16:13:45Z",
+        "messageBody": "",
+        "messageHeadline": "Make subtract work",
+        "oid": "e6f326ed2d30c6814fed8a26d57ac6a5847587c6"
+      },
+      {
+        "authoredDate": "2019-04-26T16:17:02Z",
+        "authors": [
+          {
+            "email": "yzena.tech@gmail.com",
+            "id": "",
+            "login": "",
+            "name": "Gavin Howard"
+          }
+        ],
+        "committedDate": "2019-04-26T16:17:02Z",
+        "messageBody": "",
+        "messageHeadline": "Get rid of some compiler warnings",
+        "oid": "6fccd22b21b7f8cbf7ab2b48af912dd1ffb8bf8c"
+      },
+      {
+        "authoredDate": "2019-04-26T16:17:57Z",
+        "authors": [
+          {
+            "email": "yzena.tech@gmail.com",
+            "id": "",
+            "login": "",
+            "name": "Gavin Howard"
+          }
+        ],
+        "committedDate": "2019-04-26T16:17:57Z",
+        "messageBody": "",
+        "messageHeadline": "Remove some done TODO comments",
+        "oid": "e2e67ecbda93721e0820a01ce4e5ce660010f7bc"
+      },
+      {
+        "authoredDate": "2019-04-26T16:40:02Z",
+        "authors": [
+          {
+            "email": "yzena.tech@gmail.com",
+            "id": "",
+            "login": "",
+            "name": "Gavin Howard"
+          }
+        ],
+        "committedDate": "2019-04-26T16:40:02Z",
+        "messageBody": "",
+        "messageHeadline": "Fix some compiler warnings",
+        "oid": "c4783ac369bf46f1fbc894979fee2040e29008eb"
+      },
+      {
+        "authoredDate": "2019-04-26T20:32:07Z",
+        "authors": [
+          {
+            "email": "yzena.tech@gmail.com",
+            "id": "",
+            "login": "",
+            "name": "Gavin Howard"
+          }
+        ],
+        "committedDate": "2019-04-26T20:32:07Z",
+        "messageBody": "",
+        "messageHeadline": "Some general cleanup on math",
+        "oid": "971a26711ea6c03cbd23fd22bc93d03ead700f14"
+      },
+      {
+        "authoredDate": "2019-04-26T20:32:55Z",
+        "authors": [
+          {
+            "email": "yzena.tech@gmail.com",
+            "id": "",
+            "login": "",
+            "name": "Gavin Howard"
+          }
+        ],
+        "committedDate": "2019-04-26T20:32:55Z",
+        "messageBody": "",
+        "messageHeadline": "Make shift work",
+        "oid": "b155866dbb923e50d104ec210d095e14083fa372"
+      },
+      {
+        "authoredDate": "2019-04-26T20:33:43Z",
+        "authors": [
+          {
+            "email": "yzena.tech@gmail.com",
+            "id": "",
+            "login": "",
+            "name": "Gavin Howard"
+          }
+        ],
+        "committedDate": "2019-04-26T20:33:43Z",
+        "messageBody": "",
+        "messageHeadline": "Remove a compiler warning",
+        "oid": "da6b543c1501f01e4b781c7b24d16b950cbf0bd1"
+      },
+      {
+        "authoredDate": "2019-04-26T20:46:52Z",
+        "authors": [
+          {
+            "email": "yzena.tech@gmail.com",
+            "id": "",
+            "login": "",
+            "name": "Gavin Howard"
+          }
+        ],
+        "committedDate": "2019-04-26T20:46:52Z",
+        "messageBody": "",
+        "messageHeadline": "Fix truncate and extend",
+        "oid": "c9bef2d421dda2b0796a9ccb6198fe98ff56dd34"
+      },
+      {
+        "authoredDate": "2019-04-26T21:39:46Z",
+        "authors": [
+          {
+            "email": "yzena.tech@gmail.com",
+            "id": "",
+            "login": "",
+            "name": "Gavin Howard"
+          }
+        ],
+        "committedDate": "2019-04-26T21:39:46Z",
+        "messageBody": "I don't think it is done, however; power still needs to be tested.",
+        "messageHeadline": "Make multiply pass its tests",
+        "oid": "48a0e4793be1f58638be5c1b8820944f92afc498"
+      },
+      {
+        "authoredDate": "2019-04-26T21:41:15Z",
+        "authors": [
+          {
+            "email": "yzena.tech@gmail.com",
+            "id": "",
+            "login": "",
+            "name": "Gavin Howard"
+          }
+        ],
+        "committedDate": "2019-04-26T21:41:15Z",
+        "messageBody": "",
+        "messageHeadline": "Remove some TODO comments that are done",
+        "oid": "74b16c3bc8ec25b8c1e562ce04d68045692e1864"
+      },
+      {
+        "authoredDate": "2019-04-26T21:47:25Z",
+        "authors": [
+          {
+            "email": "yzena.tech@gmail.com",
+            "id": "",
+            "login": "",
+            "name": "Gavin Howard"
+          }
+        ],
+        "committedDate": "2019-04-26T21:47:25Z",
+        "messageBody": "",
+        "messageHeadline": "Remove more TODO comments that are done",
+        "oid": "a3f260c53adfcdd0fcd01404e08260b65c87e1e7"
+      },
+      {
+        "authoredDate": "2019-04-26T21:59:15Z",
+        "authors": [
+          {
+            "email": "yzena.tech@gmail.com",
+            "id": "",
+            "login": "",
+            "name": "Gavin Howard"
+          }
+        ],
+        "committedDate": "2019-04-26T21:59:15Z",
+        "messageBody": "",
+        "messageHeadline": "Clean up some style",
+        "oid": "404ece77d2e3e5009511e77a5f9e56d4e1afb3f7"
+      },
+      {
+        "authoredDate": "2019-04-26T21:59:33Z",
+        "authors": [
+          {
+            "email": "yzena.tech@gmail.com",
+            "id": "",
+            "login": "",
+            "name": "Gavin Howard"
+          }
+        ],
+        "committedDate": "2019-04-26T21:59:33Z",
+        "messageBody": "",
+        "messageHeadline": "Fix various small issues",
+        "oid": "774454354a9354023b6fb7e3aa396b269a5562f7"
+      },
+      {
+        "authoredDate": "2019-04-26T23:29:01Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-26T23:29:01Z",
+        "messageBody": "",
+        "messageHeadline": "Iterative division based on Newton Raphson algorithm",
+        "oid": "193f8529ad93306e39914ca7a2aa877669383f6f"
+      },
+      {
+        "authoredDate": "2019-04-27T01:31:31Z",
+        "authors": [
+          {
+            "email": "yzena.tech@gmail.com",
+            "id": "",
+            "login": "",
+            "name": "Gavin Howard"
+          }
+        ],
+        "committedDate": "2019-04-27T01:31:31Z",
+        "messageBody": "",
+        "messageHeadline": "Change some code back to what it was (with adjustments)",
+        "oid": "c25fd61637390cc993c91258dda2c01404b37147"
+      },
+      {
+        "authoredDate": "2019-04-27T07:16:26Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-27T07:16:26Z",
+        "messageBody": "",
+        "messageHeadline": "Merge branch 'base9' of https://github.com/gavinhoward/bc into d9",
+        "oid": "87c27b5715646eb4deec4a6795c17b4c5facc408"
+      },
+      {
+        "authoredDate": "2019-04-27T08:39:00Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-27T08:39:00Z",
+        "messageBody": "",
+        "messageHeadline": "Fix mismerge regarding nBcDig vs. places",
+        "oid": "70f118574077b6e61cae08bd576ca7fccc167786"
+      },
+      {
+        "authoredDate": "2019-04-27T08:40:14Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-27T08:40:14Z",
+        "messageBody": "…e current rdx",
+        "messageHeadline": "Fix segmentation fault that occurs if the target rdx is lower than th…",
+        "oid": "6189d95036f123d48d505bf4d4a49ba11ca30aee"
+      },
+      {
+        "authoredDate": "2019-04-27T08:42:00Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-27T08:42:00Z",
+        "messageBody": "",
+        "messageHeadline": "Add simple debug print macro",
+        "oid": "cdda6e99974b8f9551ad1bc184b3c735afac6f4a"
+      },
+      {
+        "authoredDate": "2019-04-27T11:47:09Z",
+        "authors": [
+          {
+            "email": "root@StefanEsser.freebsd.org",
+            "id": "",
+            "login": "",
+            "name": "Charlie Root"
+          }
+        ],
+        "committedDate": "2019-04-27T11:47:09Z",
+        "messageBody": "",
+        "messageHeadline": "Fix calculation of scale in multiplications",
+        "oid": "ac244bdb3ebe6e6a2693f3d5c2ae13d7723b3517"
+      },
+      {
+        "authoredDate": "2019-04-27T12:36:28Z",
+        "authors": [
+          {
+            "email": "yzena.tech@gmail.com",
+            "id": "",
+            "login": "",
+            "name": "Gavin Howard"
+          }
+        ],
+        "committedDate": "2019-04-27T12:36:28Z",
+        "messageBody": "",
+        "messageHeadline": "Fix seg fault in bc_num_shiftLeft()",
+        "oid": "b1d29c24cb4bfa07f3bc3e665811ab8b100b0b5e"
+      },
+      {
+        "authoredDate": "2019-04-27T12:40:58Z",
+        "authors": [
+          {
+            "email": "yzena.tech@gmail.com",
+            "id": "",
+            "login": "",
+            "name": "Gavin D. Howard"
+          }
+        ],
+        "committedDate": "2019-04-27T12:40:58Z",
+        "messageBody": "Newton-Raphson based division",
+        "messageHeadline": "Merge pull request #16 from stesser/d9",
+        "oid": "769fcbed7a3a0005a60254c0ed5203406b533ae3"
+      },
+      {
+        "authoredDate": "2019-04-27T12:41:58Z",
+        "authors": [
+          {
+            "email": "yzena.tech@gmail.com",
+            "id": "",
+            "login": "",
+            "name": "Gavin Howard"
+          }
+        ],
+        "committedDate": "2019-04-27T12:41:58Z",
+        "messageBody": "",
+        "messageHeadline": "Fix some style",
+        "oid": "2e736dee1ae4ddadbe4305296fc98ecc9a917e45"
+      },
+      {
+        "authoredDate": "2019-04-27T12:43:57Z",
+        "authors": [
+          {
+            "email": "yzena.tech@gmail.com",
+            "id": "",
+            "login": "",
+            "name": "Gavin Howard"
+          }
+        ],
+        "committedDate": "2019-04-27T12:43:57Z",
+        "messageBody": "",
+        "messageHeadline": "Fix the multiplication scale back",
+        "oid": "cf9f246919f39e50c911c6552d9b16f05a0fc2cf"
+      },
+      {
+        "authoredDate": "2019-04-27T12:51:33Z",
+        "authors": [
+          {
+            "email": "yzena.tech@gmail.com",
+            "id": "",
+            "login": "",
+            "name": "Gavin Howard"
+          }
+        ],
+        "committedDate": "2019-04-27T12:51:33Z",
+        "messageBody": "",
+        "messageHeadline": "Merge branch 'master' into base9",
+        "oid": "5de0bd695347a0ef5bde2d526472a2a3ba6d2a17"
+      },
+      {
+        "authoredDate": "2019-04-27T13:26:35Z",
+        "authors": [
+          {
+            "email": "yzena.tech@gmail.com",
+            "id": "",
+            "login": "",
+            "name": "Gavin Howard"
+          }
+        ],
+        "committedDate": "2019-04-27T13:26:35Z",
+        "messageBody": "",
+        "messageHeadline": "Add another print debug function",
+        "oid": "5b40e402dc37897052129db14441695a25bd86f8"
+      },
+      {
+        "authoredDate": "2019-04-27T13:28:24Z",
+        "authors": [
+          {
+            "email": "yzena.tech@gmail.com",
+            "id": "",
+            "login": "",
+            "name": "Gavin Howard"
+          }
+        ],
+        "committedDate": "2019-04-27T13:28:24Z",
+        "messageBody": "",
+        "messageHeadline": "Change bc_num_printDigs() a bit",
+        "oid": "37118f4c4f26f64bb4becb0caa55149659ca8ac3"
+      },
+      {
+        "authoredDate": "2019-04-27T13:28:45Z",
+        "authors": [
+          {
+            "email": "yzena.tech@gmail.com",
+            "id": "",
+            "login": "",
+            "name": "Gavin Howard"
+          }
+        ],
+        "committedDate": "2019-04-27T13:28:45Z",
+        "messageBody": "",
+        "messageHeadline": "Fix a divide by 0",
+        "oid": "edd9d9dd1459746a4bb2012194a3d3c831414c68"
+      },
+      {
+        "authoredDate": "2019-04-27T13:28:56Z",
+        "authors": [
+          {
+            "email": "yzena.tech@gmail.com",
+            "id": "",
+            "login": "",
+            "name": "Gavin Howard"
+          }
+        ],
+        "committedDate": "2019-04-27T13:28:56Z",
+        "messageBody": "",
+        "messageHeadline": "Fix some style",
+        "oid": "034b5b9e16e57becf5121ed60ae1dac8b8dc4ece"
+      },
+      {
+        "authoredDate": "2019-04-27T13:33:16Z",
+        "authors": [
+          {
+            "email": "yzena.tech@gmail.com",
+            "id": "",
+            "login": "",
+            "name": "Gavin Howard"
+          }
+        ],
+        "committedDate": "2019-04-27T13:33:16Z",
+        "messageBody": "",
+        "messageHeadline": "Fix more style",
+        "oid": "c88e5231008923290d1ead34ff987fb2e17043c5"
+      },
+      {
+        "authoredDate": "2019-04-27T13:34:13Z",
+        "authors": [
+          {
+            "email": "yzena.tech@gmail.com",
+            "id": "",
+            "login": "",
+            "name": "Gavin Howard"
+          }
+        ],
+        "committedDate": "2019-04-27T13:34:13Z",
+        "messageBody": "",
+        "messageHeadline": "Fix even more style",
+        "oid": "20afaeab2ffca9a32e1fa65feeb33050d9c4e204"
+      },
+      {
+        "authoredDate": "2019-04-27T13:53:23Z",
+        "authors": [
+          {
+            "email": "yzena.tech@gmail.com",
+            "id": "",
+            "login": "",
+            "name": "Gavin Howard"
+          }
+        ],
+        "committedDate": "2019-04-27T13:53:23Z",
+        "messageBody": "",
+        "messageHeadline": "Move an item",
+        "oid": "948b639a0674f3ce836fe3ba843e2253ef798cd8"
+      },
+      {
+        "authoredDate": "2019-04-27T13:53:36Z",
+        "authors": [
+          {
+            "email": "yzena.tech@gmail.com",
+            "id": "",
+            "login": "",
+            "name": "Gavin Howard"
+          }
+        ],
+        "committedDate": "2019-04-27T13:53:36Z",
+        "messageBody": "",
+        "messageHeadline": "Remove two unused functions",
+        "oid": "2316cb42fdff7b768debf3d9c65b73c9c8fc6137"
+      },
+      {
+        "authoredDate": "2019-04-27T14:09:32Z",
+        "authors": [
+          {
+            "email": "yzena.tech@gmail.com",
+            "id": "",
+            "login": "",
+            "name": "Gavin Howard"
+          }
+        ],
+        "committedDate": "2019-04-27T14:09:32Z",
+        "messageBody": "",
+        "messageHeadline": "Add length and scale tests",
+        "oid": "805328cdb9342eb249dc398b4569190d7ca78747"
+      },
+      {
+        "authoredDate": "2019-04-27T14:30:10Z",
+        "authors": [
+          {
+            "email": "yzena.tech@gmail.com",
+            "id": "",
+            "login": "",
+            "name": "Gavin Howard"
+          }
+        ],
+        "committedDate": "2019-04-27T14:30:10Z",
+        "messageBody": "",
+        "messageHeadline": "Make length work",
+        "oid": "b41483b364bf8fe8841e8875febeb4d58743e32f"
+      },
+      {
+        "authoredDate": "2019-04-27T21:33:08Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-27T21:33:08Z",
+        "messageBody": "…upstream changes",
+        "messageHeadline": "Updated implementation of Newton-Raphson division algorithm to match …",
+        "oid": "b5aeb445a556de9d9b41a7b2d196b59bcaca90ae"
+      },
+      {
+        "authoredDate": "2019-04-27T21:41:21Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-27T21:41:21Z",
+        "messageBody": "",
+        "messageHeadline": "Small optimization of the division function",
+        "oid": "6e129fc621b358d219036e6e4d01f572adb133ff"
+      },
+      {
+        "authoredDate": "2019-04-27T21:43:02Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-27T21:43:02Z",
+        "messageBody": "",
+        "messageHeadline": "Small optimization of the division function",
+        "oid": "217379d6199e6bb8b586716b382731882c6096fe"
+      },
+      {
+        "authoredDate": "2019-04-27T21:45:48Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-27T21:45:48Z",
+        "messageBody": "",
+        "messageHeadline": "Merge branch 'base9' of https://github.com/gavinhoward/bc into d9",
+        "oid": "45a56123c3c6ede3cf157419e56427a01ff48e2a"
+      },
+      {
+        "authoredDate": "2019-04-28T00:04:02Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Eßer"
+          }
+        ],
+        "committedDate": "2019-04-28T00:04:02Z",
+        "messageBody": "He says that he made division work. Cool.",
+        "messageHeadline": "Import more code from Stefan",
+        "oid": "daaaaa795095115e813ad7c7afbae0937a046246"
+      },
+      {
+        "authoredDate": "2019-04-28T10:30:47Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-28T10:30:47Z",
+        "messageBody": "I had missed to set scsale values in the parameters passed in by the divide\nfunction and thus got results that had 0 fractional digits.",
+        "messageHeadline": "Undo change to scale calculation in bc_num_m",
+        "oid": "d793fa5c3a03370627e45d5f03968039b10f34c6"
+      },
+      {
+        "authoredDate": "2019-04-28T12:58:58Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-28T12:58:58Z",
+        "messageBody": "This function will be used in the division algorithm.",
+        "messageHeadline": "Add function to round number to a given number of decimal places",
+        "oid": "db970636e68f62f41c17c6053e5ccc242161e5a0"
+      },
+      {
+        "authoredDate": "2019-04-28T13:50:14Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-28T13:50:14Z",
+        "messageBody": "I had a local change that made bc_num_invert implicily extend this variable,\nbut noticed with that change reverted that the precision of the calculation\nwas reduced to BC_BASE_POWER decimals, leading to imprecise division results.",
+        "messageHeadline": "Fix division: Extend variable to required number of decimal places",
+        "oid": "70997150a28b4df49639924431cb0706a403207f"
+      },
+      {
+        "authoredDate": "2019-04-28T15:21:34Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-28T15:21:34Z",
+        "messageBody": "For now, keep the Newton-Raphson algorithm in an #if 0 block for reference and to\nallow to compare them in further tests.\n\nI have noticed segmentation faults when dividing very large numbers, which probably\nare due to missing calls of bc_num_extend() for destination variables of arithmetic\noperations. I'll try to fix the length calculations, but I do not know the exact\nsemantics of a number of low level calls.",
+        "messageHeadline": "Replace Newton-Raphson algorithm by Goldschmidt algorithm.",
+        "oid": "154b473a9c65f081d673556ce163c50754cf75de"
+      },
+      {
+        "authoredDate": "2019-04-28T18:19:51Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-28T18:19:51Z",
+        "messageBody": "",
+        "messageHeadline": "Merge branch 'base9' of https://github.com/gavinhoward/bc into d9",
+        "oid": "307ce024f26a0433460a84ad5ad22bd3ac6f094f"
+      },
+      {
+        "authoredDate": "2019-04-28T19:32:13Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-28T19:32:13Z",
+        "messageBody": "",
+        "messageHeadline": "Optimize bc_num_pow10",
+        "oid": "72109f49b8cd1e877c4b4252652d73f21d0ad689"
+      },
+      {
+        "authoredDate": "2019-04-28T22:59:32Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-28T22:59:32Z",
+        "messageBody": "This makes bc complete the tests without crash, but with a result that\nhas too few digits printed. This will need to be debugged next ...",
+        "messageHeadline": "Fix scale parameters and remove bogus bc_num_extend calls",
+        "oid": "4c1e43af931618094a761dff7d1e4b0374e7576d"
+      },
+      {
+        "authoredDate": "2019-04-29T10:56:32Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-29T10:56:32Z",
+        "messageBody": "Now all division and multiplication tests pass.",
+        "messageHeadline": "Fix position of decimal point when dividing by a very small number.",
+        "oid": "40b53d23eb92b69a9d079ead59def298cb089370"
+      },
+      {
+        "authoredDate": "2019-04-29T11:00:23Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-29T11:00:23Z",
+        "messageBody": "",
+        "messageHeadline": "Improve format of dumped BcNum values in debug traces",
+        "oid": "33a1c689f4d5cf2026c92a954c36a50f6e772c8e"
+      },
+      {
+        "authoredDate": "2019-04-29T12:24:31Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-29T12:24:31Z",
+        "messageBody": "There were 4 places where \"rdx\" had to be replaced by \"scale\".\nThis version passes all tests.",
+        "messageHeadline": "Fix \"power\" operator (bc_num_p).",
+        "oid": "c66e44871c84fc81a3595d21d9174082b62da1d3"
+      },
+      {
+        "authoredDate": "2019-04-29T13:06:00Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-29T13:06:00Z",
+        "messageBody": "Results seem to be correct except for the number of decimals calculated and returned.\nThe tests still fail for that reason, but show results that are near to what is expected.",
+        "messageHeadline": "Mostly fix the sqrt operation.",
+        "oid": "627693667ff6b0bc70f4a636bd282423af74df62"
+      },
+      {
+        "authoredDate": "2019-04-29T13:36:46Z",
+        "authors": [
+          {
+            "email": "yzena.tech@gmail.com",
+            "id": "",
+            "login": "",
+            "name": "Gavin Howard"
+          }
+        ],
+        "committedDate": "2019-04-29T13:36:46Z",
+        "messageBody": "",
+        "messageHeadline": "Start building Goldschmidt",
+        "oid": "fdbcd063e2eab65ca07be9f62bdd10cc965a220d"
+      },
+      {
+        "authoredDate": "2019-04-29T13:56:04Z",
+        "authors": [
+          {
+            "email": "yzena.tech@gmail.com",
+            "id": "",
+            "login": "",
+            "name": "Gavin Howard"
+          }
+        ],
+        "committedDate": "2019-04-29T13:56:04Z",
+        "messageBody": "",
+        "messageHeadline": "Add a useful function",
+        "oid": "08f7856b38ca730b120e450dea482d0e18fd2232"
+      },
+      {
+        "authoredDate": "2019-04-29T15:10:43Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-29T15:10:43Z",
+        "messageBody": "…orithm\n\nIntroduce and use a function bc_num_int_digits() that counts the number of digits\nto the left of the decimalpoint.",
+        "messageHeadline": "Fix and improve the calculation of the initial value for the sqrt alg…",
+        "oid": "cc7cd938dadfd8ecbaf61e79f7fba8060ff7194c"
+      },
+      {
+        "authoredDate": "2019-04-29T16:14:21Z",
+        "authors": [
+          {
+            "email": "yzena.tech@gmail.com",
+            "id": "",
+            "login": "",
+            "name": "Gavin Howard"
+          }
+        ],
+        "committedDate": "2019-04-29T16:14:21Z",
+        "messageBody": "There are still some cases that fail, but this is mostly working, and I\nwould like to save my progress.",
+        "messageHeadline": "Make most of divide work",
+        "oid": "36ec987c22af5d7ccc3b8aef0fe9758ce85c56a0"
+      },
+      {
+        "authoredDate": "2019-04-29T16:28:33Z",
+        "authors": [
+          {
+            "email": "yzena.tech@gmail.com",
+            "id": "",
+            "login": "",
+            "name": "Gavin Howard"
+          }
+        ],
+        "committedDate": "2019-04-29T16:28:33Z",
+        "messageBody": "",
+        "messageHeadline": "Make divide work",
+        "oid": "cef0397c810152aed4116fdc56dcf920d20eda32"
+      }
+    ],
+    "createdAt": "2019-04-29T11:21:03Z",
+    "deletions": 234,
+    "files": [
+      {
+        "path": "include/num.h",
+        "additions": 71,
+        "deletions": 4
+      },
+      {
+        "path": "include/status.h",
+        "additions": 2,
+        "deletions": 0
+      },
+      {
+        "path": "include/vm.h",
+        "additions": 0,
+        "deletions": 2
+      },
+      {
+        "path": "src/num.c",
+        "additions": 838,
+        "deletions": 223
+      },
+      {
+        "path": "src/program.c",
+        "additions": 2,
+        "deletions": 2
+      },
+      {
+        "path": "tests/all.sh",
+        "additions": 1,
+        "deletions": 1
+      },
+      {
+        "path": "tests/bc/all.txt",
+        "additions": 4,
+        "deletions": 2
+      },
+      {
+        "path": "tests/bc/decimal.txt",
+        "additions": 23,
+        "deletions": 0
+      },
+      {
+        "path": "tests/bc/decimal_results.txt",
+        "additions": 23,
+        "deletions": 0
+      },
+      {
+        "path": "tests/bc/divide.txt",
+        "additions": 31,
+        "deletions": 0
+      },
+      {
+        "path": "tests/bc/divide_results.txt",
+        "additions": 30,
+        "deletions": 0
+      },
+      {
+        "path": "tests/bc/length.txt",
+        "additions": 59,
+        "deletions": 0
+      },
+      {
+        "path": "tests/bc/length_results.txt",
+        "additions": 57,
+        "deletions": 0
+      },
+      {
+        "path": "tests/bc/scale.txt",
+        "additions": 56,
+        "deletions": 0
+      },
+      {
+        "path": "tests/bc/scale_results.txt",
+        "additions": 56,
+        "deletions": 0
+      },
+      {
+        "path": "tests/bc/shift.txt",
+        "additions": 5280,
+        "deletions": 0
+      },
+      {
+        "path": "tests/bc/shift_results.txt",
+        "additions": 5280,
+        "deletions": 0
+      }
+    ],
+    "fullDatabaseId": "274334078",
+    "headRefName": "d9",
+    "headRefOid": "914a7f66807b3567fa438c8d668a040e9d2bcc4a",
+    "headRepository": {
+      "id": "MDEwOlJlcG9zaXRvcnkxODAzNzI3NzY=",
+      "name": "bc"
+    },
+    "headRepositoryOwner": {
+      "id": "MDQ6VXNlcjYyNjQ1NDY=",
+      "name": "Stefan Eßer",
+      "login": "stesser"
+    },
+    "id": "MDExOlB1bGxSZXF1ZXN0Mjc0MzM0MDc4",
+    "isCrossRepository": true,
+    "isDraft": false,
+    "labels": [],
+    "latestReviews": [],
+    "maintainerCanModify": false,
+    "mergeCommit": {
+      "oid": "914a7f66807b3567fa438c8d668a040e9d2bcc4a"
+    },
+    "mergeStateStatus": "UNKNOWN",
+    "mergeable": "UNKNOWN",
+    "mergedAt": "2019-05-06T13:42:00Z",
+    "mergedBy": {
+      "id": "MDQ6VXNlcjMxNzI2ODc=",
+      "is_bot": false,
+      "login": "gavinhoward",
+      "name": "Gavin D. Howard"
+    },
+    "milestone": null,
+    "number": 18,
+    "potentialMergeCommit": null,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "reviewDecision": "",
+    "reviewRequests": [],
+    "reviews": [],
+    "state": "MERGED",
+    "statusCheckRollup": [],
+    "title": "Division and modulo pass all tests",
+    "updatedAt": "2019-05-06T13:42:00Z",
+    "url": "https://github.com/gavinhoward/bc/pull/18"
+  },
+  {
+    "additions": 295,
+    "assignees": [],
+    "author": {
+      "id": "MDQ6VXNlcjYyNjQ1NDY=",
+      "is_bot": false,
+      "login": "stesser",
+      "name": "Stefan Eßer"
+    },
+    "autoMergeRequest": null,
+    "baseRefName": "base9",
+    "baseRefOid": "e396dff5929071da830a84b64405f7a7c8e0113e",
+    "body": "I'm still not sure about correct scale values and situations in which bc_num_extend must be called to prepare a BcNum that is to receive the result of an arithmetic operation. This leads to overflow for large values (the algorithm is essentially correct, but variables need to be extended in some cases).",
+    "changedFiles": 4,
+    "closed": true,
+    "closedAt": "2019-05-06T13:42:50Z",
+    "comments": [
+      {
+        "id": "MDEyOklzc3VlQ29tbWVudDQ4NzM5MDI1OA==",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "How does this new algorithm compare to Newton-Raphson performance-wise?",
+        "createdAt": "2019-04-28T15:38:21Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/17#issuecomment-487390258",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "MDEyOklzc3VlQ29tbWVudDQ4NzQwNzQ5NA==",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Also, would it be possible for you to fix the crashes on both algorithms? The test suite crashes on both. It would also be nice if you could put them in a #if 0 #else #endif set so I can test the changes and see which one is faster. Thank you.",
+        "createdAt": "2019-04-28T19:14:59Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/17#issuecomment-487407494",
+        "viewerDidAuthor": true
+      },
+      {
+        "id": "MDEyOklzc3VlQ29tbWVudDQ4OTYyNTA2NA==",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Closed by manually merging.",
+        "createdAt": "2019-05-06T13:42:50Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/17#issuecomment-489625064",
+        "viewerDidAuthor": true
+      }
+    ],
+    "commits": [
+      {
+        "authoredDate": "2019-04-27T21:33:08Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-27T21:33:08Z",
+        "messageBody": "…upstream changes",
+        "messageHeadline": "Updated implementation of Newton-Raphson division algorithm to match …",
+        "oid": "b5aeb445a556de9d9b41a7b2d196b59bcaca90ae"
+      },
+      {
+        "authoredDate": "2019-04-27T21:41:21Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-27T21:41:21Z",
+        "messageBody": "",
+        "messageHeadline": "Small optimization of the division function",
+        "oid": "6e129fc621b358d219036e6e4d01f572adb133ff"
+      },
+      {
+        "authoredDate": "2019-04-27T21:43:02Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-27T21:43:02Z",
+        "messageBody": "",
+        "messageHeadline": "Small optimization of the division function",
+        "oid": "217379d6199e6bb8b586716b382731882c6096fe"
+      },
+      {
+        "authoredDate": "2019-04-27T21:45:48Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-27T21:45:48Z",
+        "messageBody": "",
+        "messageHeadline": "Merge branch 'base9' of https://github.com/gavinhoward/bc into d9",
+        "oid": "45a56123c3c6ede3cf157419e56427a01ff48e2a"
+      },
+      {
+        "authoredDate": "2019-04-28T10:30:47Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-28T10:30:47Z",
+        "messageBody": "I had missed to set scsale values in the parameters passed in by the divide\nfunction and thus got results that had 0 fractional digits.",
+        "messageHeadline": "Undo change to scale calculation in bc_num_m",
+        "oid": "d793fa5c3a03370627e45d5f03968039b10f34c6"
+      },
+      {
+        "authoredDate": "2019-04-28T12:58:58Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-28T12:58:58Z",
+        "messageBody": "This function will be used in the division algorithm.",
+        "messageHeadline": "Add function to round number to a given number of decimal places",
+        "oid": "db970636e68f62f41c17c6053e5ccc242161e5a0"
+      },
+      {
+        "authoredDate": "2019-04-28T13:50:14Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-28T13:50:14Z",
+        "messageBody": "I had a local change that made bc_num_invert implicily extend this variable,\nbut noticed with that change reverted that the precision of the calculation\nwas reduced to BC_BASE_POWER decimals, leading to imprecise division results.",
+        "messageHeadline": "Fix division: Extend variable to required number of decimal places",
+        "oid": "70997150a28b4df49639924431cb0706a403207f"
+      },
+      {
+        "authoredDate": "2019-04-28T15:21:34Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-28T15:21:34Z",
+        "messageBody": "For now, keep the Newton-Raphson algorithm in an #if 0 block for reference and to\nallow to compare them in further tests.\n\nI have noticed segmentation faults when dividing very large numbers, which probably\nare due to missing calls of bc_num_extend() for destination variables of arithmetic\noperations. I'll try to fix the length calculations, but I do not know the exact\nsemantics of a number of low level calls.",
+        "messageHeadline": "Replace Newton-Raphson algorithm by Goldschmidt algorithm.",
+        "oid": "154b473a9c65f081d673556ce163c50754cf75de"
+      },
+      {
+        "authoredDate": "2019-04-28T18:19:51Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-28T18:19:51Z",
+        "messageBody": "",
+        "messageHeadline": "Merge branch 'base9' of https://github.com/gavinhoward/bc into d9",
+        "oid": "307ce024f26a0433460a84ad5ad22bd3ac6f094f"
+      },
+      {
+        "authoredDate": "2019-04-28T19:32:13Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-28T19:32:13Z",
+        "messageBody": "",
+        "messageHeadline": "Optimize bc_num_pow10",
+        "oid": "72109f49b8cd1e877c4b4252652d73f21d0ad689"
+      },
+      {
+        "authoredDate": "2019-04-28T22:59:32Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-28T22:59:32Z",
+        "messageBody": "This makes bc complete the tests without crash, but with a result that\nhas too few digits printed. This will need to be debugged next ...",
+        "messageHeadline": "Fix scale parameters and remove bogus bc_num_extend calls",
+        "oid": "4c1e43af931618094a761dff7d1e4b0374e7576d"
+      },
+      {
+        "authoredDate": "2019-04-29T10:56:32Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-29T10:56:32Z",
+        "messageBody": "Now all division and multiplication tests pass.",
+        "messageHeadline": "Fix position of decimal point when dividing by a very small number.",
+        "oid": "40b53d23eb92b69a9d079ead59def298cb089370"
+      },
+      {
+        "authoredDate": "2019-04-29T11:00:23Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-29T11:00:23Z",
+        "messageBody": "",
+        "messageHeadline": "Improve format of dumped BcNum values in debug traces",
+        "oid": "33a1c689f4d5cf2026c92a954c36a50f6e772c8e"
+      },
+      {
+        "authoredDate": "2019-04-29T12:24:31Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-29T12:24:31Z",
+        "messageBody": "There were 4 places where \"rdx\" had to be replaced by \"scale\".\nThis version passes all tests.",
+        "messageHeadline": "Fix \"power\" operator (bc_num_p).",
+        "oid": "c66e44871c84fc81a3595d21d9174082b62da1d3"
+      },
+      {
+        "authoredDate": "2019-04-29T13:06:00Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-29T13:06:00Z",
+        "messageBody": "Results seem to be correct except for the number of decimals calculated and returned.\nThe tests still fail for that reason, but show results that are near to what is expected.",
+        "messageHeadline": "Mostly fix the sqrt operation.",
+        "oid": "627693667ff6b0bc70f4a636bd282423af74df62"
+      },
+      {
+        "authoredDate": "2019-04-29T15:10:43Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-29T15:10:43Z",
+        "messageBody": "…orithm\n\nIntroduce and use a function bc_num_int_digits() that counts the number of digits\nto the left of the decimalpoint.",
+        "messageHeadline": "Fix and improve the calculation of the initial value for the sqrt alg…",
+        "oid": "cc7cd938dadfd8ecbaf61e79f7fba8060ff7194c"
+      },
+      {
+        "authoredDate": "2019-04-29T18:13:51Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-29T18:13:51Z",
+        "messageBody": "",
+        "messageHeadline": "Make more Sqrt tests work",
+        "oid": "8f7c5a565c0c8cb4f674982c6fbb3174d6eaeee9"
+      },
+      {
+        "authoredDate": "2019-04-29T18:49:15Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-29T18:49:15Z",
+        "messageBody": "",
+        "messageHeadline": "Make all Sqrt tests work",
+        "oid": "1f0f69f0d249d14270fe14a993405926a536ce05"
+      },
+      {
+        "authoredDate": "2019-04-29T19:28:52Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-29T19:28:52Z",
+        "messageBody": "",
+        "messageHeadline": "Apply existing style to my changes - no functional change",
+        "oid": "f76f0365e272d675c73fb62dcfa09653960106fc"
+      },
+      {
+        "authoredDate": "2019-04-29T20:10:41Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-29T20:10:41Z",
+        "messageBody": "",
+        "messageHeadline": "Fix debug printing of BcNum variables",
+        "oid": "0dea79ffb116b3395b949b18d80473af9e969ced"
+      },
+      {
+        "authoredDate": "2019-04-30T08:47:06Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-30T08:47:06Z",
+        "messageBody": "…uns easier to decode",
+        "messageHeadline": "Make debug printing of BcNum variables use signed values to make over…",
+        "oid": "f8610b15aeed384d520d83ba66c964abd828d096"
+      },
+      {
+        "authoredDate": "2019-04-30T09:24:44Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-30T09:24:44Z",
+        "messageBody": "",
+        "messageHeadline": "Fix printing of numbers with obase != 10 (length of fractional part)",
+        "oid": "36220832c7341fd267fdfb4010c579c5bc840a60"
+      },
+      {
+        "authoredDate": "2019-05-02T08:43:02Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-05-02T08:43:02Z",
+        "messageBody": "",
+        "messageHeadline": "Merge branch 'base9' of https://github.com/gavinhoward/bc into d9",
+        "oid": "4534283defbcd20faf921666b0b32693633c3ec2"
+      },
+      {
+        "authoredDate": "2019-05-02T08:43:21Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-05-02T08:43:21Z",
+        "messageBody": "…results.\n\nThe implementation can be changed back to a macro that accesses the array\nwithout any further computation, if the function should take non-negligible\ntime. But the function will be inlined or optimized away in most cases and\nthus should not have a significant impact on the run-time ...",
+        "messageHeadline": "Revert bc_num_pow10 to a function instead of an array that holds the …",
+        "oid": "6167e2231df4f606278ca414931612a0e7d595e1"
+      },
+      {
+        "authoredDate": "2019-05-02T08:56:01Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-05-02T08:56:01Z",
+        "messageBody": "",
+        "messageHeadline": "Add back the forward declaration of bc_num_pow10.",
+        "oid": "5b2af58b477230aea07d7f69d401390d500b5a75"
+      },
+      {
+        "authoredDate": "2019-05-02T11:38:00Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-05-02T11:38:00Z",
+        "messageBody": "",
+        "messageHeadline": "Allow to pass BC_BASE_POWER on the compiler command line",
+        "oid": "4d90ccff6ac554b33b5832d79bca935cb8d03fc3"
+      },
+      {
+        "authoredDate": "2019-05-04T07:12:09Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-05-04T07:12:09Z",
+        "messageBody": "",
+        "messageHeadline": "Fix decoding of BcNum in debug print function",
+        "oid": "f28be31518134f169a64d4a8104414c335b5c947"
+      },
+      {
+        "authoredDate": "2019-05-04T07:14:02Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-05-04T07:14:02Z",
+        "messageBody": "",
+        "messageHeadline": "Fix merge errors in idivision based on Goldschmidt algorithm",
+        "oid": "10bca1171455d813a70b60a6bb05538b40831c1a"
+      },
+      {
+        "authoredDate": "2019-05-04T07:24:27Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-05-04T07:24:27Z",
+        "messageBody": "\"shift\" operations are used within all arithmetic operations\n\"print\" is a pre-requisite of generating the results file for the \"parse\" test",
+        "messageHeadline": "Change order of tests to first test features that later tests depend on",
+        "oid": "f213e28e1a70e1ca581f9d137a1498dedcf97095"
+      },
+      {
+        "authoredDate": "2019-05-04T13:58:41Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-05-04T13:58:41Z",
+        "messageBody": "…compiler warning",
+        "messageHeadline": "Change type of variables in debug print function to int to silence a …",
+        "oid": "013aeffa913df9dd96eec9c2dacfb64c9e766868"
+      },
+      {
+        "authoredDate": "2019-05-04T14:19:12Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-05-04T14:19:12Z",
+        "messageBody": "The correction is derived from the difference of the input parameter times it inverse.\nThis value could be used for a final Newton-Raphson step (at the cost of an additional\nmultiplication), but since we can assume that the input\tparameter was very near\tto 1.0,\nthe multiplication would only add non-zero digits beyond the current scale range.\n\nThe Goldschmidt\talgorithm is an\tinfinite series\tof ever smaller positive values\tand\nif the series is cut off at some point,\tthe result is known to be exact\tor smaller\nthan the exact value.\n\nThe correction applied is meant\tto compensate for the neglected\tseries elements.\nIf it is found that there are boundary cases where we over-compensate, then the\nNewton-Raphson step could be used to apply a slightly smaller correction.",
+        "messageHeadline": "Add correction to result of Goldschmidt\talgorithm",
+        "oid": "85f59a665e6b20380accdb7c9f5fbca0d39d693b"
+      },
+      {
+        "authoredDate": "2019-05-04T14:24:40Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-05-04T14:24:40Z",
+        "messageBody": "After a correction is applied to the returned reciprocal to account for the finite\nnumber of elements used in teh Goldschmidt algorithm, the result should be correct\nwithout the final rounding step.\n\nWhile here also remove the assignment of 1 to a variable that is not used for the\nspecific case anymore, anyway ...",
+        "messageHeadline": "Adapt division algorithm to use the updated bc_num_invert()",
+        "oid": "7e21b3cca2b93e7d5509e05dbf3d2076dcffa74d"
+      },
+      {
+        "authoredDate": "2019-05-04T15:01:21Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-05-04T15:01:21Z",
+        "messageBody": "",
+        "messageHeadline": "Fix width of value printed for base > 17",
+        "oid": "017f0c843a3439651ce310cdb6ffc90cc09f6203"
+      },
+      {
+        "authoredDate": "2019-05-04T15:05:12Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-05-04T15:05:12Z",
+        "messageBody": "",
+        "messageHeadline": "Fix printing of fractional parts for obase > 10",
+        "oid": "1a503e62ff9e642740577f8df68e439a1b9e1d10"
+      },
+      {
+        "authoredDate": "2019-05-04T16:02:15Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-05-04T16:02:15Z",
+        "messageBody": "It has been found to be too low e.g. when calculating l(256)/l(16) with scale=40.\nThe result is exact with this increased correction applied.",
+        "messageHeadline": "Double correction value applied in bc_num_invert()",
+        "oid": "b9db23ba3b452798cc5b4ded0125565e5940f3e3"
+      },
+      {
+        "authoredDate": "2019-05-04T18:12:43Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-05-04T18:12:43Z",
+        "messageBody": "The locations with these markers should be checked, although the tests seem to\nsucceed wíthiut them.\n\nCurrently test succeed until \"reference.bc2\", which returns zeroes for some of\nthe test arrays. But these marked locations are probably not related to that\ntest failing.",
+        "messageHeadline": "Mark a few places where changes might be required with // <se>",
+        "oid": "276de8c876ba72f1357dd0ce7cc1ef403902cedf"
+      },
+      {
+        "authoredDate": "2019-05-04T21:48:51Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-05-04T21:48:51Z",
+        "messageBody": "This change has been performed due to a source code analysis.\nNo tests failed with the old code (i.e., no test covered this case).",
+        "messageHeadline": "Fix length parameter which obviously should be scale not rdx",
+        "oid": "e6bd86bdb390d0a74b31aabdde56d5824f38741c"
+      },
+      {
+        "authoredDate": "2019-05-04T21:50:38Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-05-04T21:50:38Z",
+        "messageBody": "",
+        "messageHeadline": "Add comments to the division based on the Goldschmidt algorithm",
+        "oid": "28ffb91991cb5ca2c8687de2ff355161088d5997"
+      },
+      {
+        "authoredDate": "2019-05-05T19:54:54Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-05-05T19:54:54Z",
+        "messageBody": "… crashing\n\nThe cut-off value is arbitrary, a significantly lower limit could be applied.",
+        "messageHeadline": "Make shiftLeft return an error for too large shift amounts instead of…",
+        "oid": "e274dbe523657c7bfc4228ddbf2e6dfbbca36059"
+      },
+      {
+        "authoredDate": "2019-05-05T20:00:21Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-05-05T20:00:21Z",
+        "messageBody": "The Goldschmidt algorithm needs larger arguments than supported by the\narray.\n\nA larger array could be used, but a disassembly showed, that the array\naccess was converted to an inlined and rolled out chain of comparisons\nand assignments.",
+        "messageHeadline": "Optimize bc_num_pow10() and remove the unused bc_num_pow10 array",
+        "oid": "914a7f66807b3567fa438c8d668a040e9d2bcc4a"
+      }
+    ],
+    "createdAt": "2019-04-28T15:29:42Z",
+    "deletions": 63,
+    "files": [
+      {
+        "path": "include/num.h",
+        "additions": 33,
+        "deletions": 13
+      },
+      {
+        "path": "src/data.c",
+        "additions": 0,
+        "deletions": 19
+      },
+      {
+        "path": "src/num.c",
+        "additions": 260,
+        "deletions": 29
+      },
+      {
+        "path": "tests/bc/all.txt",
+        "additions": 2,
+        "deletions": 2
+      }
+    ],
+    "fullDatabaseId": "274187961",
+    "headRefName": "d9",
+    "headRefOid": "914a7f66807b3567fa438c8d668a040e9d2bcc4a",
+    "headRepository": {
+      "id": "MDEwOlJlcG9zaXRvcnkxODAzNzI3NzY=",
+      "name": "bc"
+    },
+    "headRepositoryOwner": {
+      "id": "MDQ6VXNlcjYyNjQ1NDY=",
+      "name": "Stefan Eßer",
+      "login": "stesser"
+    },
+    "id": "MDExOlB1bGxSZXF1ZXN0Mjc0MTg3OTYx",
+    "isCrossRepository": true,
+    "isDraft": false,
+    "labels": [],
+    "latestReviews": [],
+    "maintainerCanModify": false,
+    "mergeCommit": null,
+    "mergeStateStatus": "DIRTY",
+    "mergeable": "CONFLICTING",
+    "mergedAt": null,
+    "mergedBy": null,
+    "milestone": null,
+    "number": 17,
+    "potentialMergeCommit": null,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "reviewDecision": "",
+    "reviewRequests": [],
+    "reviews": [],
+    "state": "CLOSED",
+    "statusCheckRollup": [],
+    "title": "Implementation of an alternate algorithm for reciprocal values",
+    "updatedAt": "2019-05-06T13:42:51Z",
+    "url": "https://github.com/gavinhoward/bc/pull/17"
+  },
+  {
+    "additions": 147,
+    "assignees": [],
+    "author": {
+      "id": "MDQ6VXNlcjYyNjQ1NDY=",
+      "is_bot": false,
+      "login": "stesser",
+      "name": "Stefan Eßer"
+    },
+    "autoMergeRequest": null,
+    "baseRefName": "base9",
+    "baseRefOid": "c25fd61637390cc993c91258dda2c01404b37147",
+    "body": "The code is not cleaned up, but since you said your are waiting for it ...",
+    "changedFiles": 1,
+    "closed": true,
+    "closedAt": "2019-04-27T12:40:59Z",
+    "comments": [
+      {
+        "id": "MDEyOklzc3VlQ29tbWVudDQ4NzI4Mjk1Ng==",
+        "author": {
+          "login": "gavinhoward"
+        },
+        "authorAssociation": "OWNER",
+        "body": "Merged. Will get to work on it now.",
+        "createdAt": "2019-04-27T12:41:09Z",
+        "includesCreatedEdit": false,
+        "isMinimized": false,
+        "minimizedReason": "",
+        "reactionGroups": [],
+        "url": "https://github.com/gavinhoward/bc/pull/16#issuecomment-487282956",
+        "viewerDidAuthor": true
+      }
+    ],
+    "commits": [
+      {
+        "authoredDate": "2019-04-26T23:29:01Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-26T23:29:01Z",
+        "messageBody": "",
+        "messageHeadline": "Iterative division based on Newton Raphson algorithm",
+        "oid": "193f8529ad93306e39914ca7a2aa877669383f6f"
+      },
+      {
+        "authoredDate": "2019-04-27T07:16:26Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-27T07:16:26Z",
+        "messageBody": "",
+        "messageHeadline": "Merge branch 'base9' of https://github.com/gavinhoward/bc into d9",
+        "oid": "87c27b5715646eb4deec4a6795c17b4c5facc408"
+      },
+      {
+        "authoredDate": "2019-04-27T08:39:00Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-27T08:39:00Z",
+        "messageBody": "",
+        "messageHeadline": "Fix mismerge regarding nBcDig vs. places",
+        "oid": "70f118574077b6e61cae08bd576ca7fccc167786"
+      },
+      {
+        "authoredDate": "2019-04-27T08:40:14Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-27T08:40:14Z",
+        "messageBody": "…e current rdx",
+        "messageHeadline": "Fix segmentation fault that occurs if the target rdx is lower than th…",
+        "oid": "6189d95036f123d48d505bf4d4a49ba11ca30aee"
+      },
+      {
+        "authoredDate": "2019-04-27T08:42:00Z",
+        "authors": [
+          {
+            "email": "se@freebsd.org",
+            "id": "MDQ6VXNlcjYyNjQ1NDY=",
+            "login": "stesser",
+            "name": "Stefan Esser"
+          }
+        ],
+        "committedDate": "2019-04-27T08:42:00Z",
+        "messageBody": "",
+        "messageHeadline": "Add simple debug print macro",
+        "oid": "cdda6e99974b8f9551ad1bc184b3c735afac6f4a"
+      },
+      {
+        "authoredDate": "2019-04-27T11:47:09Z",
+        "authors": [
+          {
+            "email": "root@StefanEsser.freebsd.org",
+            "id": "",
+            "login": "",
+            "name": "Charlie Root"
+          }
+        ],
+        "committedDate": "2019-04-27T11:47:09Z",
+        "messageBody": "",
+        "messageHeadline": "Fix calculation of scale in multiplications",
+        "oid": "ac244bdb3ebe6e6a2693f3d5c2ae13d7723b3517"
+      }
+    ],
+    "createdAt": "2019-04-26T23:33:21Z",
+    "deletions": 63,
+    "files": [
+      {
+        "path": "src/num.c",
+        "additions": 147,
+        "deletions": 63
+      }
+    ],
+    "fullDatabaseId": "274063201",
+    "headRefName": "d9",
+    "headRefOid": "ac244bdb3ebe6e6a2693f3d5c2ae13d7723b3517",
+    "headRepository": {
+      "id": "MDEwOlJlcG9zaXRvcnkxODAzNzI3NzY=",
+      "name": "bc"
+    },
+    "headRepositoryOwner": {
+      "id": "MDQ6VXNlcjYyNjQ1NDY=",
+      "name": "Stefan Eßer",
+      "login": "stesser"
+    },
+    "id": "MDExOlB1bGxSZXF1ZXN0Mjc0MDYzMjAx",
+    "isCrossRepository": true,
+    "isDraft": false,
+    "labels": [],
+    "latestReviews": [],
+    "maintainerCanModify": false,
+    "mergeCommit": {
+      "oid": "769fcbed7a3a0005a60254c0ed5203406b533ae3"
+    },
+    "mergeStateStatus": "DIRTY",
+    "mergeable": "CONFLICTING",
+    "mergedAt": "2019-04-27T12:40:59Z",
+    "mergedBy": {
+      "id": "MDQ6VXNlcjMxNzI2ODc=",
+      "is_bot": false,
+      "login": "gavinhoward",
+      "name": "Gavin D. Howard"
+    },
+    "milestone": null,
+    "number": 16,
+    "potentialMergeCommit": null,
+    "projectCards": [],
+    "projectItems": [],
+    "reactionGroups": [],
+    "reviewDecision": "",
+    "reviewRequests": [],
+    "reviews": [],
+    "state": "MERGED",
+    "statusCheckRollup": [],
+    "title": "Newton-Raphson based division",
+    "updatedAt": "2019-04-27T12:41:09Z",
+    "url": "https://github.com/gavinhoward/bc/pull/16"
+  }
+]
diff --git a/contrib/bc/project/issue10.md b/contrib/bc/project/issue10.md
new file mode 100644
index 000000000000..4c417f1922ab
--- /dev/null
+++ b/contrib/bc/project/issue10.md
@@ -0,0 +1,104 @@
+# "scale" not set correctly with -l when first command is a syntax error
+
+## `mathieu`
+
+I just hit a (small and unlikely to be triggered) problem when using the `-l` flag:
+
+```
+$ bc -l
+>>> 2+; # or any other syntax error it seems
+
+Parse error: bad expression
+    <stdin>:1
+
+>>> l(1000)
+6
+>>> scale
+0
+```
+
+The math library still gets loaded but `scale` doesn't get set (or gets reset)?
+
+The syntax error has to be on the first command and other kinds of errors (like say a divide by zero) don't seem to cause the problem.
+
+## `gavin`
+
+Hmm...let me investigate this and get back to you. This does seem like a bug.
+
+## `gavin`
+
+I'm not seeing the behavior. Can you send me the output of `bc -v`?
+
+## `gavin`
+
+I should also ask: what OS are you on? What version? What compiler did you use? Did you install from a package?
+
+Basically, send me as much info as you can. I would appreciate it.
+
+## `mathieu`
+
+Oh sorry yeah I should've given more details.
+
+That's on FreeBSD with the base system's bc, built with the default base compiler.
+
+On recent 12.2-STABLE:
+
+```
+$ bc -v
+bc 4.0.1
+Copyright (c) 2018-2021 Gavin D. Howard and contributors
+Report bugs at: https://git.yzena.com/gavin/bc
+
+This is free software with ABSOLUTELY NO WARRANTY.
+```
+
+Your bc is not default on 12.X yet but I enabled it with WITH_GH_BC=yes in /etc/src.conf to try it out.
+
+And on somewhat less recent 14-CURRENT:
+
+```
+$ bc -v
+bc 4.0.0
+Copyright (c) 2018-2021 Gavin D. Howard and contributors
+Report bugs at: https://git.yzena.com/gavin/bc
+
+This is free software with ABSOLUTELY NO WARRANTY.
+```
+
+Both amd64. Happens every time on both.
+
+I could give it a try on 13-STABLE too if that helps but I'd need to reboot something.
+
+The syntax error really has to be the FIRST input, even entering an empty line before it makes the problem not happen.
+
+I thought it could be an editline(3) problem since some programs end up using that pretty much only on the BSDs it seems, but that's not it.
+
+## `gavin`
+
+Yeah, my `bc` uses a custom history implementation, so it could be mine, but not `editline(3)`.
+
+I will pull up a FreeBSD VM and check it out. Sorry for the wait.
+
+## `gavin`
+
+I have confirmed the bug on FreeBSD with the port at version `4.0.1`. Since it is the port, and not the system one, I think the problem may lie with some incompatibility between my history implementation and what FreeBSD provides.
+
+This one may take me a long time to debug because I have to do it manually in the VM. Thank you for your patience.
+
+## `gavin`
+
+I found the problem!
+
+It is fixed in `299a4fd353`, but if you can pull that down and test, I would appreciate it.
+
+I will put out a release as soon as I can, and my FreeBSD contact will probably update 14-CURRENT soon thereafter. He will also update the port, but the version in 12.2 may not be updated for a bit.
+
+Feel free to reopen if the fix does not work for you.
+
+## `mathieu`
+
+Oof... yeah makes sense that an rc file could interfere with this.
+
+Yes, that fixes it here too. With that diff applied on both 12.2-STABLE and 14-CURRENT's versions. And everything else seems to still work fine too.
+
+Thanks for fixing this! You'd think it's really hard to trigger but I do enough typos and I start bc (with an alias with -l) often enough to make a quick calculation that I hit it twice and had decimals mysteriously missing before I started trying to reproduce it.
diff --git a/contrib/bc/scripts/exec-install.sh b/contrib/bc/scripts/exec-install.sh
index 581b6bd1ed24..835b7491ac66 100755
--- a/contrib/bc/scripts/exec-install.sh
+++ b/contrib/bc/scripts/exec-install.sh
@@ -2,7 +2,7 @@
 #
 # SPDX-License-Identifier: BSD-2-Clause
 #
-# Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+# Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/scripts/format.sh b/contrib/bc/scripts/format.sh
index f76aed378186..e8836c6ba1e0 100755
--- a/contrib/bc/scripts/format.sh
+++ b/contrib/bc/scripts/format.sh
@@ -2,7 +2,7 @@
 #
 # SPDX-License-Identifier: BSD-2-Clause
 #
-# Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+# Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/scripts/functions.sh b/contrib/bc/scripts/functions.sh
index 1599fea4847e..13ccbf8f3f31 100755
--- a/contrib/bc/scripts/functions.sh
+++ b/contrib/bc/scripts/functions.sh
@@ -2,7 +2,7 @@
 #
 # SPDX-License-Identifier: BSD-2-Clause
 #
-# Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+# Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/scripts/karatsuba.py b/contrib/bc/scripts/karatsuba.py
index 637887986ee8..c4e0720b3408 100755
--- a/contrib/bc/scripts/karatsuba.py
+++ b/contrib/bc/scripts/karatsuba.py
@@ -2,7 +2,7 @@
 #
 # SPDX-License-Identifier: BSD-2-Clause
 #
-# Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+# Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/scripts/link.sh b/contrib/bc/scripts/link.sh
index 772de27a08c2..4562677d7b38 100755
--- a/contrib/bc/scripts/link.sh
+++ b/contrib/bc/scripts/link.sh
@@ -2,7 +2,7 @@
 #
 # SPDX-License-Identifier: BSD-2-Clause
 #
-# Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+# Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/scripts/lint.sh b/contrib/bc/scripts/lint.sh
index 14cdc5c3afc8..611560ced31a 100755
--- a/contrib/bc/scripts/lint.sh
+++ b/contrib/bc/scripts/lint.sh
@@ -2,7 +2,7 @@
 #
 # SPDX-License-Identifier: BSD-2-Clause
 #
-# Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+# Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/scripts/locale_install.sh b/contrib/bc/scripts/locale_install.sh
index e891bf57db81..cec69d7201f4 100755
--- a/contrib/bc/scripts/locale_install.sh
+++ b/contrib/bc/scripts/locale_install.sh
@@ -2,7 +2,7 @@
 #
 # SPDX-License-Identifier: BSD-2-Clause
 #
-# Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+# Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/scripts/locale_uninstall.sh b/contrib/bc/scripts/locale_uninstall.sh
index 1bf292b801e6..274b6bcf49f1 100755
--- a/contrib/bc/scripts/locale_uninstall.sh
+++ b/contrib/bc/scripts/locale_uninstall.sh
@@ -2,7 +2,7 @@
 #
 # SPDX-License-Identifier: BSD-2-Clause
 #
-# Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+# Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/scripts/os.c b/contrib/bc/scripts/os.c
index 212a61772ccf..89c5b1b95b3f 100644
--- a/contrib/bc/scripts/os.c
+++ b/contrib/bc/scripts/os.c
@@ -3,7 +3,7 @@
  *
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/scripts/release.pkg.yao b/contrib/bc/scripts/release.pkg.yao
new file mode 100644
index 000000000000..525709c28164
--- /dev/null
+++ b/contrib/bc/scripts/release.pkg.yao
@@ -0,0 +1,1410 @@
+/**
+ * SPDX-License-Identifier: BSD-2-Clause
+ *
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, this
+ *   list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ *   this list of conditions and the following disclaimer in the documentation
+ *   and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+PROG: str = path.realpath(sys.program);
+REAL: str = path.realpath(PROG +~ "..");
+
+SCRIPTDIR: str = path.dirname(PROG);
+
+WINDOWS: bool = (host.os == "Windows");
+
+DEFOPT: str = if WINDOWS { "/D"; } else { "-D"; };
+C11OPT: str = if WINDOWS { "/std:c11"; } else { "-std=c11"; };
+C99OPT: str = if WINDOWS { "/std:c99"; } else { "-std=c99"; };
+
+/**
+ * Turns a string array into a string by joining all strings together with
+ * spaces.
+ * @param arr  The array to join.
+ * @return     The joined array.
+ */
+fn strv2str(arr: []str) -> str
+{
+	ret: !str = "";
+
+	for item: arr
+	{
+		if ret == ""
+		{
+			ret! = item;
+		}
+		else
+		{
+			ret! = ret +~ " " +~ item;
+		}
+	}
+
+	return ret;
+}
+
+opts: Gaml = @(gaml){
+	help: [
+		"Runs the testing part of the release process.\n"
+		"\n"
+		"Usage: ", $PROG, " [-h|--help] [<options> \n"
+	]
+	options: {
+		no64: {
+			help: "Turn off building and testing 64-bit builds."
+			long: @no-64
+			type: @NONE
+		}
+		no128: {
+			help: "Turn off building and testing builds with 128-bit integers."
+			long: @no-128
+			type: @NONE
+		}
+		C: {
+			help: "Turn off building under Clang."
+			short: @C
+			long: @no-clang
+			type: @NONE
+		}
+		C11: {
+			help: "Turn off building under C11."
+			long: @no-c11
+			type: @NONE
+		}
+		G: {
+			help: "Turn off building under GCC."
+			short: @G
+			long: @no-gcc
+			type: @NONE
+		}
+		GEN: {
+			help: "Turn off running the gen script."
+			short: @G
+			long: @no-gen-script
+			type: @NONE
+		}
+		MAKE: {
+			help: "Turn off running the build with `configure.sh` and `make`."
+			long: @no-make
+			type: @NONE
+		}
+		RIG: {
+			help: "Turn off running the build with Rig."
+			long: @no-rig
+			type: @NONE
+		}
+		T: {
+			help: "Turn off running tests."
+			short: @T
+			long: @no-tests
+			type: @NONE
+		}
+		computed-goto: {
+			help: "Whether to test with computed goto or not."
+			long: @computed-goto
+			type: @NONE
+		}
+		e: {
+			help: "Whether to test with editline or not."
+			short: @e
+			long: @editline
+			type: @NONE
+		}
+		g: {
+			help: "Whether generate tests that are generated or not."
+			short: @g
+			long: @generate
+			type: @NONE
+		}
+		history: {
+			help: "Whether to test with history or not."
+			long: @history
+			type: @NONE
+		}
+		k: {
+			help: "Whether to run the Karatsuba tests or not."
+			short: @k
+			long: @karatsuba
+			type: @NONE
+		}
+		p: {
+			help: "Whether to run problematic tests or not."
+			short: @p
+			long: @problematic-tests
+			type: @NONE
+		}
+		r: {
+			help: "Whether to test with readline or not."
+			short: @r
+			long: @readline
+			type: @NONE
+		}
+		s: {
+			help: "Whether to run tests under sanitizers or not."
+			short: @s
+			long: @sanitizers
+			type: @NONE
+		}
+		settings: {
+			help: "Whether to test settings or not."
+			long: @settings
+			type: @NONE
+		}
+		v: {
+			help: "Whether to run under Valgrind or not."
+			short: @v
+			long: @valgrind
+			type: @NONE
+		}
+	}
+};
+
+// These are the booleans for the command-line flags.
+no64: !bool = false;
+no128: !bool = false;
+clang: !bool = true;
+c11: !bool = true;
+gcc: !bool = true;
+gen_host: !bool = true;
+run_make: !bool = !WINDOWS;
+run_rig: !bool = true;
+tests: !bool = true;
+computed_goto: !bool = false;
+editline: !bool = false;
+generated: !bool = false;
+history: !bool = false;
+karatsuba: !bool = false;
+problematic: !bool = false;
+readline: !bool = false;
+sanitizers: !bool = false;
+settings: !bool = false;
+valgrind: !bool = false;
+
+defcc: str = if clang { "clang"; } else if gcc { "gcc"; } else { "c99"; };
+defbits: usize = if no64 { usize(32); } else { usize(64); };
+
+cgoto_flags: []str = if !computed_goto { @[ "-DBC_NO_COMPUTED_GOTO" ]; };
+
+// Set some strict warning flags. Clang's -Weverything can be way too strict, so
+// we actually have to turn off some things.
+CLANG_FLAGS: []str = @[ "-Weverything", "-Wno-padded",
+                        "-Wno-unsafe-buffer-usage",
+                        "-Wno-poison-system-directories",
+                        "-Wno-switch-default", "-Wno-unknown-warning-option",
+                        "-Wno-pre-c11-compat" ] +~ cgoto_flags;
+GCC_FLAGS: []str = @[ "-Wno-clobbered" ] +~ cgoto_flags;
+
+CLANG_FLAGS_STR: str = strv2str(CLANG_FLAGS);
+
+GCC_FLAGS_STR: str = strv2str(GCC_FLAGS);
+
+// Common CFLAGS.
+CFLAGS: []str = @[ "-Wall", "-Wextra", "-Werror", "-pedantic" ];
+
+CFLAGS_STR: str = strv2str(CFLAGS);
+
+// Common debug and release flags.
+DEBUG_CFLAGS: []str = CFLAGS +~ @[ "-fno-omit-frame-pointer" ];
+DEBUG_CFLAGS_STR: str = CFLAGS_STR +~ " -fno-omit-frame-pointer";
+RELEASE_CFLAGS: []str = CFLAGS +~ @[ "-DNDEBUG" ];
+RELEASE_CFLAGS_STR: str = CFLAGS_STR +~ " -DNDEBUG";
+
+/**
+ * Print a header with a message. This is just to make it easy to track
+ * progress.
+ * @param msg  The message to print in the header.
+ */
+fn header(msg: str) -> void
+{
+	io.eprint("\n*******************\n");
+	io.eprint(msg);
+	io.eprint("\n*******************\n\n");
+}
+
+/**
+ * An easy way to call `make`.
+ * @param args  The arguments to pass to `make`, if any.
+ */
+fn do_make(args: []str) -> void
+{
+	$ make -j64 %(args);
+}
+
+/**
+ * An easy way to call Rig.
+ * @param args  The arguments to pass to Rig, if any.
+ */
+fn do_rig(args: []str) -> void
+{
+	$ rig -j64 %(args);
+}
+
+/**
+ * Runs `configure.sh`.
+ * @param cflags    The C compiler flags.
+ * @param cc        The C compiler.
+ * @param flags     The flags to pass to `configure.sh` itself.
+ * @param gen       The setting for `GEN_HOST`.
+ * @param long_bit  The number of bits in longs.
+ */
+fn configure(
+	cflags: str,
+	cc: str,
+	flags: str,
+	gen: bool,
+	long_bit: usize
+) -> void
+{
+	if !run_make
+	{
+		sys.panic("Cannot run `configure.sh` or make");
+	}
+
+	extra_flags: str =
+	if !generated
+	{
+		if !problematic { "-GP"; } else { "-G"; }
+	}
+	else if !problematic
+	{
+		"-P";
+	};
+
+	extra_cflags: str =
+	if cc == "clang"
+	{
+		// We need to quiet this warning from Clang because the configure.sh
+		// docs have this warning, so people should know. Also, I want this
+		// script to work.
+		CLANG_FLAGS_STR +~ (if !gen_host { " -Wno-overlength-strings"; });
+	}
+	else if cc == "gcc"
+	{
+		// We need to quiet this warning from GCC because the configure.sh docs
+		// have this warning, so people should know. Also, I want this script to
+		// work.
+		GCC_FLAGS_STR +~ (if !gen_host { "-Wno-overlength-strings"; });
+	};
+
+	all_flags: str = flags +~ " " +~ extra_flags;
+	all_cflags: str = cflags +~ " " +~ extra_cflags;
+
+	hdr := "Running configure.sh " +~ all_flags +~
+	       "..." +~
+	       "\n    CC=\"" +~ cc +~ "\"\n" +~
+	       "\n    CFLAGS=\"" +~ all_cflags +~ "\"\n" +~
+	       "\n    LONG_BIT=" +~ str(long_bit) +~
+	       "\n    GEN_HOST=" +~ str(gen);
+
+	// Print the header and do the job.
+	header(hdr);
+
+	env.set env.str("CFLAGS", str(cflags +~ extra_cflags)),
+	        env.str("CC", cc), env.str("GEN_HOST", str(gen)),
+	        env.str("LONG_BIT", str(long_bit))
+	{
+		$ @(path.join(REAL, "configure.sh")) $flags $extra_flags > /dev/null
+		  !> /dev/null;
+	}
+}
+
+/**
+ * Build with `make`. This function also captures and outputs any warnings if
+ * they exist because as far as I am concerned, warnings are not acceptable for
+ * release.
+ * @param cflags    The C compiler flags.
+ * @param cc        The C compiler.
+ * @param flags     The flags to pass to `configure.sh` itself.
+ * @param gen       The setting for `GEN_HOST`.
+ * @param long_bit  The number of bits in longs.
+ */
+fn build_make(
+	cflags: str,
+	cc: str,
+	flags: str,
+	gen: bool,
+	long_bit: usize
+) -> void
+{
+	if !run_make
+	{
+		sys.panic("Cannot run `configure.sh` or make");
+	}
+
+	configure(cflags, cc, flags, gen, long_bit);
+
+	hdr := "Building with `make`...\n    CC=" +~ cc +~
+	       "\n    CFLAGS=\"" +~ cflags +~
+	       "\n    LONG_BIT=" +~ str(long_bit) +~
+	       "\n    GEN_HOST=" +~ str(gen);
+
+	header(hdr);
+
+	res := $ make;
+
+	if res.stderr.len != 0
+	{
+		io.eprint(cc +~ "generated warning(s):\n\n");
+		io.eprint(str(res.stderr));
+		sys.exit(1);
+	}
+
+	if res.exitcode != 0
+	{
+		sys.exit(res.exitcode);
+	}
+}
+
+/**
+ * Build with Rig. This function also captures and outputs any warnings if they
+ * exist because as far as I am concerned, warnings are not acceptable for
+ * release.
+ * @param cflags    The C compiler flags.
+ * @param cc        The C compiler.
+ * @param flags     The flags to pass to `configure.sh` itself.
+ * @param long_bit  The number of bits in longs.
+ */
+fn build_rig(
+	cflags: []str,
+	cc: str,
+	flags: []str,
+	long_bit: usize
+) -> void
+{
+	if !run_rig
+	{
+		sys.panic("Cannot run Rig");
+	}
+
+	cflags_str: str = strv2str(cflags);
+
+	hdr := "Building with Rig...\n    CC=" +~ cc +~
+	       "\n    CFLAGS=\"" +~ cflags_str +~
+	       "\n    LONG_BIT=" +~ str(long_bit);
+
+	header(hdr);
+
+	res := $ rig;
+
+	if res.stderr.len != 0
+	{
+		io.eprint(cc +~ "generated warning(s):\n\n");
+		io.eprint(str(res.stderr));
+		sys.exit(1);
+	}
+
+	if res.exitcode != 0
+	{
+		sys.exit(res.exitcode);
+	}
+}
+
+/**
+ * Run tests with `make`.
+ * @param args  Any arguments to pass to `make`, if any.
+ */
+fn run_test_make(args: []str) -> void
+{
+	if !run_make
+	{
+		sys.panic("Cannot run `configure.sh` or make");
+	}
+
+	header("Running `make` tests");
+
+	if args.len > 0
+	{
+		do_make(args);
+	}
+	else
+	{
+		do_make(@[ "test" ]);
+
+		if history
+		{
+			do_make(@[ "test_history" ]);
+		}
+	}
+}
+
+/**
+ * Run tests with Rig.
+ * @param args  Any arguments to pass to Rig, if any.
+ */
+fn run_test_rig(args: []str) -> void
+{
+	if !run_rig
+	{
+		sys.panic("Cannot run Rig");
+	}
+
+	header("Running Rig tests");
+
+	if args.len > 0
+	{
+		do_rig(args);
+	}
+	else
+	{
+		do_rig(@[ "test" ]);
+
+		if history
+		{
+			do_rig(@[ "test_history" ]);
+		}
+	}
+}
+
+/**
+ * Builds and runs tests using `make` with both calculators, then bc only, then
+ * dc only. If `tests` is false, then it just does the builds.
+ * @param cflags    The C compiler flags.
+ * @param cc        The C compiler.
+ * @param flags     The flags to pass to `configure.sh` itself.
+ * @param gen       The setting for `GEN_HOST`.
+ * @param long_bit  The number of bits in longs.
+ */
+fn run_config_tests_make(
+	cflags: str,
+	cc: str,
+	flags: str,
+	gen: bool,
+	long_bit: usize,
+) -> void
+{
+	if !run_make
+	{
+		sys.panic("Cannot run `configure.sh` or make");
+	}
+
+	header_start: str =
+	if tests
+	{
+		"Running tests with configure flags and `make`";
+	}
+	else
+	{
+		"Building with configure flags and `make`";
+	};
+
+	header("\"" +~ header_start +~ "\" ...\n" +~
+	       "    CC=" +~ cc +~ "\n" +~
+	       "    CFLAGS=\"" +~ cflags +~ "\"\n" +~
+	       "    LONG_BIT=" +~ str(long_bit) +~ "\n" +~
+	       "    GEN_HOST=" +~ str(gen));
+
+	build_make(cflags, cc, flags, gen, long_bit);
+
+	if tests
+	{
+		run_test_make(@[]);
+	}
+
+	do_make(@[ "clean" ]);
+
+	build_make(cflags, cc, flags +~ " -b", gen, long_bit);
+
+	if tests
+	{
+		run_test_make(@[]);
+	}
+
+	do_make(@[ "clean" ]);
+
+	build_make(cflags, cc, flags +~ " -d", gen, long_bit);
+
+	if tests
+	{
+		run_test_make(@[]);
+	}
+
+	do_make(@[ "clean" ]);
+}
+
+/**
+ * Builds and runs tests using Rig with both calculators, then bc only, then dc
+ * only. If `tests` is false, then it just does the builds.
+ * @param cflags    The C compiler flags.
+ * @param cc        The C compiler.
+ * @param flags     The flags to pass to Rig itself.
+ * @param long_bit  The number of bits in longs.
+ */
+fn run_config_tests_rig(
+	cflags: []str,
+	cc: str,
+	flags: []str,
+	long_bit: usize,
+) -> void
+{
+	if !run_rig
+	{
+		sys.panic("Cannot run Rig");
+	}
+
+	header_start: str =
+	if tests
+	{
+		"Running tests with Rig";
+	}
+	else
+	{
+		"Building with Rig";
+	};
+
+	header("\"" +~ header_start +~ "\" ...\n" +~
+	       "    CC=" +~ cc +~ "\n" +~
+	       "    CFLAGS=\"" +~ strv2str(cflags) +~ "\"\n" +~
+	       "    flags=\"" +~ strv2str(flags) +~ "\"\n" +~
+	       "    LONG_BIT=" +~ str(long_bit));
+
+	build_rig(cflags, cc, flags, long_bit);
+
+	if tests
+	{
+		run_test_rig(@[]);
+	}
+
+	do_rig(@[ "clean" ]);
+
+	build_rig(cflags, cc, flags +~ @[ "-Dbuild_mode=bc" ], long_bit);
+
+	if tests
+	{
+		run_test_rig(@[]);
+	}
+
+	do_rig(@[ "clean" ]);
+
+	build_rig(cflags, cc, flags +~ @[ "-Dbuild_mode=dc" ], long_bit);
+
+	if tests
+	{
+		run_test_rig(@[]);
+	}
+
+	do_rig(@[ "clean" ]);
+}
+
+/**
+ * Builds and runs tests using `run_config_tests_make()` with both calculators,
+ * then bc only, then dc only. If `tests` is false, then it just does the
+ * builds.
+ * @param cflags  The C compiler flags.
+ * @param cc      The C compiler.
+ * @param flags   The flags to pass to `configure.sh` itself.
+ */
+fn run_config_series_make(
+	cflags: str,
+	cc: str,
+	flags: str,
+) -> void
+{
+	if !run_make
+	{
+		sys.panic("Cannot run `configure.sh` or make");
+	}
+
+	if !no64
+	{
+		if !no128
+		{
+			run_config_tests_make(cflags, cc, flags, true, usize(64));
+		}
+
+		if gen_host
+		{
+			run_config_tests_make(cflags, cc, flags, false, usize(64));
+		}
+
+		run_config_tests_make(cflags +~ " " +~ DEFOPT +~ "BC_RAND_BUILTIN=0",
+		                      cc, flags, true, usize(64));
+
+		// Test Editline if history is not turned off.
+		if editline && !(flags contains "H")
+		{
+			run_config_tests_make(cflags +~ " " +~ DEFOPT +~
+			                          "BC_RAND_BUILTIN=0",
+			                      cc, flags +~ " -e", true, usize(64));
+		}
+
+		// Test Readline if history is not turned off.
+		if readline && !(flags contains "H")
+		{
+			run_config_tests_make(cflags +~ " " +~ DEFOPT +~
+			                          "BC_RAND_BUILTIN=0",
+			                      cc, flags +~ " -r", true, usize(64));
+		}
+	}
+
+	run_config_tests_make(cflags, cc, flags, true, usize(32));
+
+	if gen_host
+	{
+		run_config_tests_make(cflags, cc, flags, false, usize(32));
+	}
+}
+
+/**
+ * Builds and runs tests using `run_config_tests_rig()` with both calculators,
+ * then bc only, then dc only. If `tests` is false, then it just does the
+ * builds.
+ * @param cflags  The C compiler flags.
+ * @param cc      The C compiler.
+ * @param flags   The flags to pass to Rig itself.
+ */
+fn run_config_series_rig(
+	cflags: []str,
+	cc: str,
+	flags: []str,
+) -> void
+{
+	if !run_rig
+	{
+		sys.panic("Cannot run Rig");
+	}
+
+	if !no64
+	{
+		if !no128
+		{
+			run_config_tests_rig(cflags, cc, flags, usize(64));
+		}
+
+		run_config_tests_rig(cflags +~ @[ DEFOPT +~ "BC_RAND_BUILTIN=0" ], cc,
+		                     flags, usize(64));
+
+		// Test Editline if history is not turned off.
+		if editline && !(flags contains "-Dhistory=none")
+		{
+			run_config_tests_rig(cflags +~ @[ DEFOPT +~ "BC_RAND_BUILTIN=0" ],
+			                     cc, flags +~ @[ "-Dhistory=editline" ],
+			                     usize(64));
+		}
+
+		// Test Readline if history is not turned off.
+		if readline && !(flags contains "-Dhistory=none")
+		{
+			run_config_tests_rig(cflags +~ @[ DEFOPT +~ "BC_RAND_BUILTIN=0" ],
+			                     cc, flags +~ @[ "-Dhistory=readline" ],
+			                     usize(64));
+		}
+	}
+
+	run_config_tests_rig(cflags, cc, flags, usize(32));
+}
+
+/**
+ * Builds and runs tests with each setting combo running
+ * `run_config_series_make()`. If `tests` is false, it just does the builds.
+ * @param cflags  The C compiler flags.
+ * @param cc      The C compiler.
+ * @param flags   The flags to pass to `configure.sh` itself.
+ */
+fn run_settings_series_make(
+	cflags: str,
+	cc: str,
+	flags: str,
+) -> void
+{
+	if !run_make
+	{
+		sys.panic("Cannot run `configure.sh` or make");
+	}
+
+	if settings
+	{
+		settings_path: str = path.join(SCRIPTDIR, "release_settings_make.txt");
+		settings_txt: str = io.read_file(settings_path);
+		lines: []str = settings_txt.split("\n");
+
+		for line: lines
+		{
+			run_config_series_make(cflags, cc, flags +~ " " +~ line);
+		}
+	}
+	else
+	{
+		run_config_series_make(cflags, cc, flags);
+	}
+}
+
+/**
+ * Builds and runs tests with each setting combo running
+ * `run_config_series_rig()`. If `tests` is false, it just does the builds.
+ * @param cflags  The C compiler flags.
+ * @param cc      The C compiler.
+ * @param flags   The flags to pass to Rig itself.
+ */
+fn run_settings_series_rig(
+	cflags: []str,
+	cc: str,
+	flags: []str,
+) -> void
+{
+	if !run_rig
+	{
+		sys.panic("Cannot run Rig");
+	}
+
+	if settings
+	{
+		settings_path: str = path.join(SCRIPTDIR, "release_settings_rig.txt");
+		settings_txt: str = io.read_file(settings_path);
+		lines: []str = settings_txt.split("\n");
+
+		for line: lines
+		{
+			opts_list: []str =
+			for opt: line.split(" ")
+			{
+				DEFOPT +~ opt;
+			};
+
+			run_config_series_rig(cflags, cc, flags +~ opts_list);
+		}
+	}
+	else
+	{
+		run_config_series_rig(cflags, cc, flags);
+	}
+}
+
+/**
+ * Builds and runs tests with each build type running
+ * `run_settings_series_make()`. If `tests` is false, it just does the builds.
+ * @param cflags  The C compiler flags.
+ * @param cc      The C compiler.
+ * @param flags   The flags to pass to `configure.sh` itself.
+ */
+fn run_test_series_make(
+	cflags: str,
+	cc: str,
+	flags: str,
+) -> void
+{
+	if !run_make
+	{
+		sys.panic("Cannot run `configure.sh` or make");
+	}
+
+	series_flags: []str = @[ "E", "H", "N", "EH", "EN", "HN", "EHN" ];
+
+	run_settings_series_make(cflags, cc, flags);
+
+	for sflag: series_flags
+	{
+		run_settings_series_make(cflags, cc, flags +~ " -" +~ sflag);
+	}
+}
+
+/**
+ * Builds and runs tests with each build type running
+ * `run_settings_series_rig()`. If `tests` is false, it just does the builds.
+ * @param cflags  The C compiler flags.
+ * @param cc      The C compiler.
+ * @param flags   The flags to pass to Rig itself.
+ */
+fn run_test_series_rig(
+	cflags: []str,
+	cc: str,
+	flags: []str,
+) -> void
+{
+	if !run_rig
+	{
+		sys.panic("Cannot run Rig");
+	}
+
+	series_path: str = path.join(SCRIPTDIR, "release_flags_rig.txt");
+	series_txt: str = io.read_file(series_path);
+	series_flags: []str = series_txt.split("\n");
+
+	run_settings_series_rig(cflags, cc, flags);
+
+	for line: series_flags
+	{
+		opts_list: []str =
+		for opt: line.split(" ")
+		{
+			DEFOPT +~ opt;
+		};
+
+		run_settings_series_rig(cflags, cc, flags +~ opts_list);
+	}
+}
+
+/**
+ * Builds and runs tests for `bcl` with `make`. If `tests` is false, it just
+ * does the builds.
+ * @param cflags  The C compiler flags.
+ * @param cc      The C compiler.
+ * @param flags   The flags to pass to `configure.sh` itself.
+ */
+fn run_lib_tests_make(
+	cflags: str,
+	cc: str,
+	flags: str,
+) -> void
+{
+	if !run_make
+	{
+		sys.panic("Cannot run `configure.sh` or make");
+	}
+
+	build_make(cflags +~ " -a", cc, flags, true, usize(64));
+
+	if tests
+	{
+		run_test_make(@[ "test" ]);
+	}
+
+	build_make(cflags +~ " -a", cc, flags, true, usize(32));
+
+	if tests
+	{
+		run_test_make(@[ "test" ]);
+	}
+}
+
+/**
+ * Builds and runs tests for `bcl` with Rig. If `tests` is false, it just does
+ * the builds.
+ * @param cflags  The C compiler flags.
+ * @param cc      The C compiler.
+ * @param flags   The flags to pass to Rig itself.
+ */
+fn run_lib_tests_rig(
+	cflags: []str,
+	cc: str,
+	flags: []str,
+) -> void
+{
+	if !run_rig
+	{
+		sys.panic("Cannot run Rig");
+	}
+
+	build_rig(cflags, cc, flags +~ @[ "-Dbuild_mode=library" ], usize(64));
+
+	if tests
+	{
+		run_test_rig(@[ "test" ]);
+	}
+
+	build_rig(cflags, cc, flags +~ @[ "-Dbuild_mode=library" ], usize(32));
+
+	if tests
+	{
+		run_test_rig(@[ "test" ]);
+	}
+}
+
+/**
+ * Builds and runs tests under C99, then C11, if requested, using
+ * `run_test_series_make()`. If run_tests is false, it just does the builds.
+ * @param cflags  The C compiler flags.
+ * @param cc      The C compiler.
+ * @param flags   The flags to pass to Rig itself.
+ */
+fn run_tests_make(
+	cflags: str,
+	cc: str,
+	flags: str,
+) -> void
+{
+	if !run_make
+	{
+		sys.panic("Cannot run `configure.sh` or make");
+	}
+
+	run_test_series_make(cflags +~ " " +~ C99OPT, cc, flags);
+
+	if c11
+	{
+		run_test_series_make(cflags +~ " " +~ C11OPT, cc, flags);
+	}
+}
+
+/**
+ * Builds and runs tests under C99, then C11, if requested, using
+ * `run_test_series_rig()`. If run_tests is false, it just does the builds.
+ * @param cflags  The C compiler flags.
+ * @param cc      The C compiler.
+ * @param flags   The flags to pass to Rig itself.
+ */
+fn run_tests_rig(
+	cflags: []str,
+	cc: str,
+	flags: []str,
+) -> void
+{
+	if !run_rig
+	{
+		sys.panic("Cannot run Rig");
+	}
+
+	run_test_series_rig(cflags +~ @[ C99OPT ], cc, flags);
+
+	if c11
+	{
+		run_test_series_rig(cflags +~ @[ C11OPT ], cc, flags);
+	}
+}
+
+/**
+ * Runs the Karatsuba tests with `make`.
+ */
+fn karatsuba_make() -> void
+{
+	if !run_make
+	{
+		sys.panic("Cannot run `configure.sh` or make");
+	}
+
+	header("Running Karatsuba tests");
+
+	do_make(@[ "karatsuba_test" ]);
+}
+
+/**
+ * Runs the Karatsuba tests with Rig.
+ */
+fn karatsuba_rig() -> void
+{
+	if !run_rig
+	{
+		sys.panic("Cannot run Rig");
+	}
+
+	header("Running Karatsuba tests");
+
+	build_rig(RELEASE_CFLAGS, defcc, @[ "-O3" ], usize(64));
+
+	do_rig(@[ "karatsuba_test" ]);
+}
+
+/**
+ * Builds with `make` and runs under valgrind. It runs both, bc only, then dc
+ * only, then the library.
+ */
+fn vg_make() -> void
+{
+	if !run_make
+	{
+		sys.panic("Cannot run `configure.sh` or make");
+	}
+
+	header("Running Valgrind under `make`");
+
+	build_make(DEBUG_CFLAGS_STR +~ " -std=c99", "gcc", "-O3 -gv", true,
+	           defbits);
+	run_test_make(@[ "test" ]);
+
+	do_make(@[ "clean_config" ]);
+
+	build_make(DEBUG_CFLAGS_STR +~ " -std=c99", "gcc", "-O3 -gvb", true,
+	           defbits);
+	run_test_make(@[ "test" ]);
+
+	do_make(@[ "clean_config" ]);
+
+	build_make(DEBUG_CFLAGS_STR +~ " -std=c99", "gcc", "-O3 -gvd", true,
+	           defbits);
+	run_test_make(@[ "test" ]);
+
+	do_make(@[ "clean_config" ]);
+
+	build_make(DEBUG_CFLAGS_STR +~ " -std=c99", "gcc", "-O3 -gva", true,
+	           defbits);
+	run_test_make(@[ "test" ]);
+
+	do_make(@[ "clean_config" ]);
+}
+
+fn vg_rig() -> void
+{
+	if !run_rig
+	{
+		sys.panic("Cannot run Rig");
+	}
+
+	header("Running Valgrind under Rig");
+
+	build_rig(DEBUG_CFLAGS +~ @[ "-std=c99" ], "gcc", @[ "-O3", "-gv" ],
+	          defbits);
+	run_test_rig(@[ "test" ]);
+
+	do_rig(@[ "clean_config" ]);
+
+	build_rig(DEBUG_CFLAGS +~ @[ "-std=c99" ], "gcc", @[ "-O3", "-gvb" ],
+	          defbits);
+	run_test_rig(@[ "test" ]);
+
+	do_rig(@[ "clean_config" ]);
+
+	build_rig(DEBUG_CFLAGS +~ @[ "-std=c99" ], "gcc", @[ "-O3", "-gvd" ],
+	          defbits);
+	run_test_rig(@[ "test" ]);
+
+	do_rig(@[ "clean_config" ]);
+
+	build_rig(DEBUG_CFLAGS +~ @[ "-std=c99" ], "gcc", @[ "-O3", "-gva" ],
+	          defbits);
+	run_test_rig(@[ "test" ]);
+
+	do_rig(@[ "clean_config" ]);
+}
+
+/**
+ * Builds the debug series with `make` and runs the tests if `tests` allows.
+ * @param cc  The C compiler.
+ */
+fn debug_make(
+	cc: str,
+) -> void
+{
+	if !run_make
+	{
+		sys.panic("Cannot run `configure.sh` or make");
+	}
+
+	if cc == "clang" && sanitizers
+	{
+		run_tests_make(DEBUG_CFLAGS_STR +~ " -fsanitize=undefined", cc, "-mg");
+	}
+	else
+	{
+		run_tests_make(DEBUG_CFLAGS_STR, cc, "-g");
+	}
+}
+
+/**
+ * Builds the release series with `make` and runs the tests if `tests` allows.
+ * @param cc  The C compiler.
+ */
+fn release_make(
+	cc: str,
+) -> void
+{
+	if !run_make
+	{
+		sys.panic("Cannot run `configure.sh` or make");
+	}
+
+	run_tests_make(RELEASE_CFLAGS_STR, cc, "-O3");
+	run_lib_tests_make(RELEASE_CFLAGS_STR, cc, "-O3");
+}
+
+/**
+ * Builds the release debug series with `make` and runs the tests if `tests`
+ * allows.
+ * @param cc  The C compiler.
+ */
+fn reldebug_make(
+	cc: str,
+) -> void
+{
+	if !run_make
+	{
+		sys.panic("Cannot run `configure.sh` or make");
+	}
+
+	if cc == "clang" && sanitizers
+	{
+		run_tests_make(DEBUG_CFLAGS_STR +~ " -fsanitize=address", cc, "-mgO3");
+		run_tests_make(DEBUG_CFLAGS_STR +~ " -fsanitize=memory", cc, "-mgO3");
+	}
+	else
+	{
+		run_tests_make(DEBUG_CFLAGS_STR, cc, "-gO3");
+	}
+
+	if cc == "clang" && sanitizers
+	{
+		run_lib_tests_make(DEBUG_CFLAGS_STR +~ " -fsanitize=address", cc,
+		                   "-mgO3");
+		run_lib_tests_make(DEBUG_CFLAGS_STR +~ " -fsanitize=memory", cc,
+		                   "-mgO3");
+	}
+	else
+	{
+		run_lib_tests_make(DEBUG_CFLAGS_STR, cc, "-gO3");
+	}
+}
+
+/**
+ * Builds the min size release with `make` and runs the tests if `tests` allows.
+ * @param cc  The C compiler.
+ */
+fn minsize_make(
+	cc: str,
+) -> void
+{
+	if !run_make
+	{
+		sys.panic("Cannot run `configure.sh` or make");
+	}
+
+	run_tests_make(RELEASE_CFLAGS_STR, cc, "-Os");
+	run_lib_tests_make(RELEASE_CFLAGS_STR, cc, "-Os");
+}
+
+/**
+ * Builds all sets with `make`: debug, release, release debug, and min size, and
+ * runs the tests if `tests` allows.
+ * @param cc  The C compiler.
+ */
+fn build_set_make(
+	cc: str,
+) -> void
+{
+	if !run_make
+	{
+		sys.panic("Cannot run `configure.sh` or make");
+	}
+
+	debug_make(cc);
+	release_make(cc);
+	reldebug_make(cc);
+	minsize_make(cc);
+
+	if karatsuba
+	{
+		karatsuba_make();
+	}
+
+	if valgrind
+	{
+		vg_make();
+	}
+}
+
+/**
+ * Builds the debug series with Rig and runs the tests if `tests` allows.
+ * @param cc  The C compiler.
+ */
+fn debug_rig(
+	cc: str,
+) -> void
+{
+	if !run_rig
+	{
+		sys.panic("Cannot run Rig");
+	}
+
+	if cc == "clang" && sanitizers
+	{
+		run_tests_rig(DEBUG_CFLAGS +~ @[ " -fsanitize=undefined" ], cc,
+		              @[ "-Dmemcheck=1", "-Ddebug=1" ]);
+	}
+	else
+	{
+		run_tests_rig(DEBUG_CFLAGS, cc, @[ "-Ddebug=1" ]);
+	}
+}
+
+/**
+ * Builds the release series with Rig and runs the tests if `tests` allows.
+ * @param cc  The C compiler.
+ */
+fn release_rig(
+	cc: str,
+) -> void
+{
+	if !run_rig
+	{
+		sys.panic("Cannot run Rig");
+	}
+
+	run_tests_rig(RELEASE_CFLAGS, cc, @[ "-Doptimization=3" ]);
+	run_lib_tests_rig(RELEASE_CFLAGS, cc, @[ "-Doptimization=3" ]);
+}
+
+/**
+ * Builds the release debug series with Rig and runs the tests if `tests`
+ * allows.
+ * @param cc  The C compiler.
+ */
+fn reldebug_rig(
+	cc: str,
+) -> void
+{
+	if !run_rig
+	{
+		sys.panic("Cannot run Rig");
+	}
+
+	if cc == "clang" && sanitizers
+	{
+		run_tests_rig(DEBUG_CFLAGS +~ @[ " -fsanitize=address" ], cc,
+		              @[ "-Dmemcheck=1", "-Ddebug=1", "-Doptimization=3" ]);
+		run_tests_rig(DEBUG_CFLAGS +~ @[ " -fsanitize=memory" ], cc,
+		              @[ "-Dmemcheck=1", "-Ddebug=1", "-Doptimization=3" ]);
+	}
+	else
+	{
+		run_tests_rig(DEBUG_CFLAGS, cc, @[ "-gO3" ]);
+	}
+
+	if cc == "clang" && sanitizers
+	{
+		run_lib_tests_rig(DEBUG_CFLAGS +~ @[ " -fsanitize=address" ], cc,
+		                  @[ "-Dmemcheck=1", "-Ddebug=1", "-Doptimization=3" ]);
+		run_lib_tests_rig(DEBUG_CFLAGS +~ @[ " -fsanitize=memory" ], cc,
+		                  @[ "-Dmemcheck=1", "-Ddebug=1", "-Doptimization=3" ]);
+	}
+	else
+	{
+		run_lib_tests_rig(DEBUG_CFLAGS, cc,
+		                  @[ "-Ddebug=1", "-Doptimization=3" ]);
+	}
+}
+
+/**
+ * Builds the min size release with Rig and runs the tests if `tests` allows.
+ * @param cc  The C compiler.
+ */
+fn minsize_rig(
+	cc: str,
+) -> void
+{
+	if !run_rig
+	{
+		sys.panic("Cannot run Rig");
+	}
+
+	run_tests_rig(RELEASE_CFLAGS, cc, @[ "-Doptimization=s" ]);
+	run_lib_tests_rig(RELEASE_CFLAGS, cc, @[ "-Doptimization=s" ]);
+}
+
+/**
+ * Builds all sets with Rig: debug, release, release debug, and min size, and
+ * runs the tests if `tests` allows.
+ * @param cc  The C compiler.
+ */
+fn build_set_rig(
+	cc: str,
+) -> void
+{
+	if !run_rig
+	{
+		sys.panic("Cannot run Rig");
+	}
+
+	debug_rig(cc);
+	release_rig(cc);
+	reldebug_rig(cc);
+	minsize_rig(cc);
+
+	if karatsuba
+	{
+		karatsuba_rig();
+	}
+
+	if valgrind
+	{
+		vg_rig();
+	}
+}
+
+/**
+ * Builds all sets with `make` under all compilers.
+ */
+fn build_sets_make() -> void
+{
+	header("Running math library under --standard with Rig");
+
+	build_make(DEBUG_CFLAGS_STR +~ " -std=c99", defcc, "-g", true,
+	           defbits);
+
+	$ bin/bc -ls << @("quit\n");
+
+	do_rig(@[ "clean_tests" ]);
+
+	if clang
+	{
+		build_set_make("clang");
+	}
+
+	if gcc
+	{
+		build_set_make("gcc");
+	}
+}
+
+/**
+ * Builds all sets with Rig under all compilers.
+ */
+fn build_sets_rig() -> void
+{
+	header("Running math library under --standard with Rig");
+
+	build_rig(DEBUG_CFLAGS +~ @[ "-std=c99" ], defcc, @[ "-Ddebug=1" ],
+	          defbits);
+
+	$ build/bc -ls << @("quit\n");
+
+	do_rig(@[ "clean_tests" ]);
+
+	if clang
+	{
+		build_set_rig("clang");
+	}
+
+	if gcc
+	{
+		build_set_rig("gcc");
+	}
+}
+
+fn build_sets() -> void
+{
+	if !run_make
+	{
+		build_sets_rig();
+	}
+	else if !run_rig
+	{
+		build_sets_make();
+	}
+	else
+	{
+		parallel.map @[ "rig", "make" ]:
+		(builder: str) -> void
+		{
+			if builder == "rig"
+			{
+				build_sets_rig();
+			}
+			else if builder == "make"
+			{
+				build_sets_make();
+			}
+			else
+			{
+				sys.panic("Bad builder: " +~ builder +~ "\n");
+			}
+		}
+	}
+
+	io.eprint("\nTests successful.\n");
+}
diff --git a/contrib/bc/scripts/sqrt_frac_guess.bc b/contrib/bc/scripts/sqrt_frac_guess.bc
index acbcb368d2de..4591e95a216f 100644
--- a/contrib/bc/scripts/sqrt_frac_guess.bc
+++ b/contrib/bc/scripts/sqrt_frac_guess.bc
@@ -2,7 +2,7 @@
 #
 # SPDX-License-Identifier: BSD-2-Clause
 #
-# Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+# Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/scripts/sqrt_int_guess.bc b/contrib/bc/scripts/sqrt_int_guess.bc
index 925b7af7e103..9fabea874aeb 100644
--- a/contrib/bc/scripts/sqrt_int_guess.bc
+++ b/contrib/bc/scripts/sqrt_int_guess.bc
@@ -2,7 +2,7 @@
 #
 # SPDX-License-Identifier: BSD-2-Clause
 #
-# Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+# Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/scripts/sqrt_random.bc b/contrib/bc/scripts/sqrt_random.bc
index 1f58c2e30c5d..08eeddab07a3 100644
--- a/contrib/bc/scripts/sqrt_random.bc
+++ b/contrib/bc/scripts/sqrt_random.bc
@@ -2,7 +2,7 @@
 #
 # SPDX-License-Identifier: BSD-2-Clause
 #
-# Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+# Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/scripts/sqrt_random.sh b/contrib/bc/scripts/sqrt_random.sh
index e107ef532f6e..0f7013da0e0e 100755
--- a/contrib/bc/scripts/sqrt_random.sh
+++ b/contrib/bc/scripts/sqrt_random.sh
@@ -2,7 +2,7 @@
 #
 # SPDX-License-Identifier: BSD-2-Clause
 #
-# Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+# Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/src/args.c b/contrib/bc/src/args.c
index 6eba802d34ac..71a340bce1d9 100644
--- a/contrib/bc/src/args.c
+++ b/contrib/bc/src/args.c
@@ -3,7 +3,7 @@
  *
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/src/bc.c b/contrib/bc/src/bc.c
index 572e42b1a16d..3e324cfb8ba0 100644
--- a/contrib/bc/src/bc.c
+++ b/contrib/bc/src/bc.c
@@ -3,7 +3,7 @@
  *
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/src/bc_fuzzer.c b/contrib/bc/src/bc_fuzzer.c
index 7d7b3292b727..9c68d6acbd10 100644
--- a/contrib/bc/src/bc_fuzzer.c
+++ b/contrib/bc/src/bc_fuzzer.c
@@ -3,7 +3,7 @@
  *
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
@@ -36,7 +36,6 @@
 #include <setjmp.h>
 #include <string.h>
 
-#include <version.h>
 #include <status.h>
 #include <ossfuzz.h>
 #include <vm.h>
diff --git a/contrib/bc/src/bc_lex.c b/contrib/bc/src/bc_lex.c
index f83eaf731622..c53d583a0183 100644
--- a/contrib/bc/src/bc_lex.c
+++ b/contrib/bc/src/bc_lex.c
@@ -3,7 +3,7 @@
  *
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/src/bc_parse.c b/contrib/bc/src/bc_parse.c
index cf4398709e58..f66e392a9e99 100644
--- a/contrib/bc/src/bc_parse.c
+++ b/contrib/bc/src/bc_parse.c
@@ -3,7 +3,7 @@
  *
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/src/data.c b/contrib/bc/src/data.c
index bb1a6796f752..00f692a4599c 100644
--- a/contrib/bc/src/data.c
+++ b/contrib/bc/src/data.c
@@ -3,7 +3,7 @@
  *
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
@@ -70,8 +70,8 @@ const uchar dc_sig_msg_len = (uchar) (sizeof(dc_sig_msg) - 1);
 
 /// The copyright banner.
 const char bc_copyright[] =
-	"Copyright (c) 2018-2024 Gavin D. Howard and contributors\n"
-	"Report bugs at: https://git.gavinhoward.com/gavin/bc\n\n"
+	"Copyright (c) 2018-2025 Gavin D. Howard and contributors\n"
+	"Report bugs at: https://github.com/gavinhoward/bc\n\n"
 	"This is free software with ABSOLUTELY NO WARRANTY.\n";
 
 // clang-format on
@@ -850,51 +850,51 @@ const char bc_parse_one[2] = "1";
 
 /// A list of keywords for bc. This needs to be updated if keywords change.
 const BcLexKeyword bc_lex_kws[] = {
-	BC_LEX_KW_ENTRY("auto", 4, true),
-	BC_LEX_KW_ENTRY("break", 5, true),
-	BC_LEX_KW_ENTRY("continue", 8, false),
-	BC_LEX_KW_ENTRY("define", 6, true),
-	BC_LEX_KW_ENTRY("for", 3, true),
-	BC_LEX_KW_ENTRY("if", 2, true),
-	BC_LEX_KW_ENTRY("limits", 6, false),
-	BC_LEX_KW_ENTRY("return", 6, true),
-	BC_LEX_KW_ENTRY("while", 5, true),
-	BC_LEX_KW_ENTRY("halt", 4, false),
-	BC_LEX_KW_ENTRY("last", 4, false),
-	BC_LEX_KW_ENTRY("ibase", 5, true),
-	BC_LEX_KW_ENTRY("obase", 5, true),
-	BC_LEX_KW_ENTRY("scale", 5, true),
+	BC_LEX_KW_ENTRY("auto", 4, 1),
+	BC_LEX_KW_ENTRY("break", 5, 1),
+	BC_LEX_KW_ENTRY("continue", 8, 0),
+	BC_LEX_KW_ENTRY("define", 6, 1),
+	BC_LEX_KW_ENTRY("for", 3, 1),
+	BC_LEX_KW_ENTRY("if", 2, 1),
+	BC_LEX_KW_ENTRY("limits", 6, 0),
+	BC_LEX_KW_ENTRY("return", 6, 1),
+	BC_LEX_KW_ENTRY("while", 5, 1),
+	BC_LEX_KW_ENTRY("halt", 4, 0),
+	BC_LEX_KW_ENTRY("last", 4, 0),
+	BC_LEX_KW_ENTRY("ibase", 5, 1),
+	BC_LEX_KW_ENTRY("obase", 5, 1),
+	BC_LEX_KW_ENTRY("scale", 5, 1),
 #if BC_ENABLE_EXTRA_MATH
-	BC_LEX_KW_ENTRY("seed", 4, false),
+	BC_LEX_KW_ENTRY("seed", 4, 0),
 #endif // BC_ENABLE_EXTRA_MATH
-	BC_LEX_KW_ENTRY("length", 6, true),
-	BC_LEX_KW_ENTRY("print", 5, false),
-	BC_LEX_KW_ENTRY("sqrt", 4, true),
-	BC_LEX_KW_ENTRY("abs", 3, false),
-	BC_LEX_KW_ENTRY("is_number", 9, false),
-	BC_LEX_KW_ENTRY("is_string", 9, false),
+	BC_LEX_KW_ENTRY("length", 6, 1),
+	BC_LEX_KW_ENTRY("print", 5, 0),
+	BC_LEX_KW_ENTRY("sqrt", 4, 1),
+	BC_LEX_KW_ENTRY("abs", 3, 0),
+	BC_LEX_KW_ENTRY("is_number", 9, 0),
+	BC_LEX_KW_ENTRY("is_string", 9, 0),
 #if BC_ENABLE_EXTRA_MATH
-	BC_LEX_KW_ENTRY("irand", 5, false),
+	BC_LEX_KW_ENTRY("irand", 5, 0),
 #endif // BC_ENABLE_EXTRA_MATH
-	BC_LEX_KW_ENTRY("asciify", 7, false),
-	BC_LEX_KW_ENTRY("modexp", 6, false),
-	BC_LEX_KW_ENTRY("divmod", 6, false),
-	BC_LEX_KW_ENTRY("quit", 4, true),
-	BC_LEX_KW_ENTRY("read", 4, false),
+	BC_LEX_KW_ENTRY("asciify", 7, 0),
+	BC_LEX_KW_ENTRY("modexp", 6, 0),
+	BC_LEX_KW_ENTRY("divmod", 6, 0),
+	BC_LEX_KW_ENTRY("quit", 4, 1),
+	BC_LEX_KW_ENTRY("read", 4, 0),
 #if BC_ENABLE_EXTRA_MATH
-	BC_LEX_KW_ENTRY("rand", 4, false),
+	BC_LEX_KW_ENTRY("rand", 4, 0),
 #endif // BC_ENABLE_EXTRA_MATH
-	BC_LEX_KW_ENTRY("maxibase", 8, false),
-	BC_LEX_KW_ENTRY("maxobase", 8, false),
-	BC_LEX_KW_ENTRY("maxscale", 8, false),
+	BC_LEX_KW_ENTRY("maxibase", 8, 0),
+	BC_LEX_KW_ENTRY("maxobase", 8, 0),
+	BC_LEX_KW_ENTRY("maxscale", 8, 0),
 #if BC_ENABLE_EXTRA_MATH
-	BC_LEX_KW_ENTRY("maxrand", 7, false),
+	BC_LEX_KW_ENTRY("maxrand", 7, 0),
 #endif // BC_ENABLE_EXTRA_MATH
-	BC_LEX_KW_ENTRY("line_length", 11, false),
-	BC_LEX_KW_ENTRY("global_stacks", 13, false),
-	BC_LEX_KW_ENTRY("leading_zero", 12, false),
-	BC_LEX_KW_ENTRY("stream", 6, false),
-	BC_LEX_KW_ENTRY("else", 4, false),
+	BC_LEX_KW_ENTRY("line_length", 11, 0),
+	BC_LEX_KW_ENTRY("global_stacks", 13, 0),
+	BC_LEX_KW_ENTRY("leading_zero", 12, 0),
+	BC_LEX_KW_ENTRY("stream", 6, 0),
+	BC_LEX_KW_ENTRY("else", 4, 0),
 };
 
 /// The length of the list of bc keywords.
@@ -917,64 +917,64 @@ _Static_assert(sizeof(bc_lex_kws) / sizeof(BcLexKeyword) == BC_LEX_NKWS,
 const uint8_t bc_parse_exprs[] = {
 
 	// Starts with BC_LEX_EOF.
-	BC_PARSE_EXPR_ENTRY(false, false, true, true, true, true, true, true),
+	BC_PARSE_EXPR_ENTRY(0, 0, 1, 1, 1, 1, 1, 1),
 
 	// Starts with BC_LEX_OP_MULTIPLY if extra math is enabled, BC_LEX_OP_DIVIDE
 	// otherwise.
-	BC_PARSE_EXPR_ENTRY(true, true, true, true, true, true, true, true),
+	BC_PARSE_EXPR_ENTRY(1, 1, 1, 1, 1, 1, 1, 1),
 
 	// Starts with BC_LEX_OP_REL_EQ if extra math is enabled, BC_LEX_OP_REL_LT
 	// otherwise.
-	BC_PARSE_EXPR_ENTRY(true, true, true, true, true, true, true, true),
+	BC_PARSE_EXPR_ENTRY(1, 1, 1, 1, 1, 1, 1, 1),
 
 #if BC_ENABLE_EXTRA_MATH
 
 	// Starts with BC_LEX_OP_ASSIGN_POWER.
-	BC_PARSE_EXPR_ENTRY(true, true, true, true, true, true, true, true),
+	BC_PARSE_EXPR_ENTRY(1, 1, 1, 1, 1, 1, 1, 1),
 
 	// Starts with BC_LEX_OP_ASSIGN_RSHIFT.
-	BC_PARSE_EXPR_ENTRY(true, true, false, false, true, true, false, false),
+	BC_PARSE_EXPR_ENTRY(1, 1, 0, 0, 1, 1, 0, 0),
 
 	// Starts with BC_LEX_RBRACKET.
-	BC_PARSE_EXPR_ENTRY(false, false, false, false, true, true, true, false),
+	BC_PARSE_EXPR_ENTRY(0, 0, 0, 0, 1, 1, 1, 0),
 
 	// Starts with BC_LEX_KW_BREAK.
-	BC_PARSE_EXPR_ENTRY(false, false, false, false, false, false, false, false),
+	BC_PARSE_EXPR_ENTRY(0, 0, 0, 0, 0, 0, 0, 0),
 
 	// Starts with BC_LEX_KW_HALT.
-	BC_PARSE_EXPR_ENTRY(false, true, true, true, true, true, true, false),
+	BC_PARSE_EXPR_ENTRY(0, 1, 1, 1, 1, 1, 1, 0),
 
 	// Starts with BC_LEX_KW_SQRT.
-	BC_PARSE_EXPR_ENTRY(true, true, true, true, true, true, true, true),
+	BC_PARSE_EXPR_ENTRY(1, 1, 1, 1, 1, 1, 1, 1),
 
 	// Starts with BC_LEX_KW_QUIT.
-	BC_PARSE_EXPR_ENTRY(false, true, true, true, true, true, true, true),
+	BC_PARSE_EXPR_ENTRY(0, 1, 1, 1, 1, 1, 1, 1),
 
 	// Starts with BC_LEX_KW_GLOBAL_STACKS.
-	BC_PARSE_EXPR_ENTRY(true, true, false, false, 0, 0, 0, 0)
+	BC_PARSE_EXPR_ENTRY(1, 1, 0, 0, 0, 0, 0, 0)
 
 #else // BC_ENABLE_EXTRA_MATH
 
 	// Starts with BC_LEX_OP_ASSIGN_PLUS.
-	BC_PARSE_EXPR_ENTRY(true, true, true, false, false, true, true, false),
+	BC_PARSE_EXPR_ENTRY(1, 1, 1, 0, 0, 1, 1, 0),
 
 	// Starts with BC_LEX_COMMA.
-	BC_PARSE_EXPR_ENTRY(false, false, false, false, false, true, true, true),
+	BC_PARSE_EXPR_ENTRY(0, 0, 0, 0, 0, 1, 1, 1),
 
 	// Starts with BC_LEX_KW_AUTO.
-	BC_PARSE_EXPR_ENTRY(false, false, false, false, false, false, false, false),
+	BC_PARSE_EXPR_ENTRY(0, 0, 0, 0, 0, 0, 0, 0),
 
 	// Starts with BC_LEX_KW_WHILE.
-	BC_PARSE_EXPR_ENTRY(false, false, true, true, true, true, true, false),
+	BC_PARSE_EXPR_ENTRY(0, 0, 1, 1, 1, 1, 1, 0),
 
 	// Starts with BC_LEX_KW_SQRT.
-	BC_PARSE_EXPR_ENTRY(true, true, true, true, true, true, true, false),
+	BC_PARSE_EXPR_ENTRY(1, 1, 1, 1, 1, 1, 1, 0),
 
 	// Starts with BC_LEX_KW_MAXIBASE.
-	BC_PARSE_EXPR_ENTRY(true, true, true, true, true, true, true, false),
+	BC_PARSE_EXPR_ENTRY(1, 1, 1, 1, 1, 1, 1, 0),
 
 	// Starts with  BC_LEX_KW_ELSE.
-	BC_PARSE_EXPR_ENTRY(false, 0, 0, 0, 0, 0, 0, 0)
+	BC_PARSE_EXPR_ENTRY(0, 0, 0, 0, 0, 0, 0, 0)
 
 #endif // BC_ENABLE_EXTRA_MATH
 };
@@ -982,25 +982,25 @@ const uint8_t bc_parse_exprs[] = {
 /// An array of data for operators that correspond to token types. Note that a
 /// lower precedence *value* means a higher precedence.
 const uchar bc_parse_ops[] = {
-	BC_PARSE_OP(0, false), BC_PARSE_OP(0, false), BC_PARSE_OP(1, false),
-	BC_PARSE_OP(1, false),
+	BC_PARSE_OP(0, 0), BC_PARSE_OP(0, 0), BC_PARSE_OP(1, 0),
+	BC_PARSE_OP(1, 0),
 #if BC_ENABLE_EXTRA_MATH
-	BC_PARSE_OP(2, false),
+	BC_PARSE_OP(2, 0),
 #endif // BC_ENABLE_EXTRA_MATH
-	BC_PARSE_OP(4, false), BC_PARSE_OP(5, true),  BC_PARSE_OP(5, true),
-	BC_PARSE_OP(5, true),  BC_PARSE_OP(6, true),  BC_PARSE_OP(6, true),
+	BC_PARSE_OP(4, 0), BC_PARSE_OP(5, 1),  BC_PARSE_OP(5, 1),
+	BC_PARSE_OP(5, 1),  BC_PARSE_OP(6, 1),  BC_PARSE_OP(6, 1),
 #if BC_ENABLE_EXTRA_MATH
-	BC_PARSE_OP(3, false), BC_PARSE_OP(7, true),  BC_PARSE_OP(7, true),
+	BC_PARSE_OP(3, 0), BC_PARSE_OP(7, 1),  BC_PARSE_OP(7, 1),
 #endif // BC_ENABLE_EXTRA_MATH
-	BC_PARSE_OP(9, true),  BC_PARSE_OP(9, true),  BC_PARSE_OP(9, true),
-	BC_PARSE_OP(9, true),  BC_PARSE_OP(9, true),  BC_PARSE_OP(9, true),
-	BC_PARSE_OP(11, true), BC_PARSE_OP(10, true), BC_PARSE_OP(8, false),
-	BC_PARSE_OP(8, false), BC_PARSE_OP(8, false), BC_PARSE_OP(8, false),
-	BC_PARSE_OP(8, false), BC_PARSE_OP(8, false),
+	BC_PARSE_OP(9, 1),  BC_PARSE_OP(9, 1),  BC_PARSE_OP(9, 1),
+	BC_PARSE_OP(9, 1),  BC_PARSE_OP(9, 1),  BC_PARSE_OP(9, 1),
+	BC_PARSE_OP(11, 1), BC_PARSE_OP(10, 1), BC_PARSE_OP(8, 0),
+	BC_PARSE_OP(8, 0), BC_PARSE_OP(8, 0), BC_PARSE_OP(8, 0),
+	BC_PARSE_OP(8, 0), BC_PARSE_OP(8, 0),
 #if BC_ENABLE_EXTRA_MATH
-	BC_PARSE_OP(8, false), BC_PARSE_OP(8, false), BC_PARSE_OP(8, false),
+	BC_PARSE_OP(8, 0), BC_PARSE_OP(8, 0), BC_PARSE_OP(8, 0),
 #endif // BC_ENABLE_EXTRA_MATH
-	BC_PARSE_OP(8, false),
+	BC_PARSE_OP(8, 0),
 };
 
 // These identify what tokens can come after expressions in certain cases.
diff --git a/contrib/bc/src/dc.c b/contrib/bc/src/dc.c
index 37419acd4bd4..1376f5e00a95 100644
--- a/contrib/bc/src/dc.c
+++ b/contrib/bc/src/dc.c
@@ -3,7 +3,7 @@
  *
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/src/dc_fuzzer.c b/contrib/bc/src/dc_fuzzer.c
index adaf486a668c..0cb12e4fdf4c 100644
--- a/contrib/bc/src/dc_fuzzer.c
+++ b/contrib/bc/src/dc_fuzzer.c
@@ -3,7 +3,7 @@
  *
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
@@ -36,7 +36,6 @@
 #include <setjmp.h>
 #include <string.h>
 
-#include <version.h>
 #include <status.h>
 #include <ossfuzz.h>
 #include <vm.h>
diff --git a/contrib/bc/src/dc_lex.c b/contrib/bc/src/dc_lex.c
index d5131b45331d..763957edc2ee 100644
--- a/contrib/bc/src/dc_lex.c
+++ b/contrib/bc/src/dc_lex.c
@@ -3,7 +3,7 @@
  *
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/src/dc_parse.c b/contrib/bc/src/dc_parse.c
index 1996120461a8..b607bfd4c39f 100644
--- a/contrib/bc/src/dc_parse.c
+++ b/contrib/bc/src/dc_parse.c
@@ -3,7 +3,7 @@
  *
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/src/file.c b/contrib/bc/src/file.c
index 9baea585603b..bc8097c5b8ce 100644
--- a/contrib/bc/src/file.c
+++ b/contrib/bc/src/file.c
@@ -3,7 +3,7 @@
  *
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
@@ -291,11 +291,12 @@ bc_file_vprintf(BcFile* restrict f, const char* fmt, va_list args)
 
 		// This mess is to silence a warning.
 #if BC_CLANG
+#pragma clang diagnostic push
 #pragma clang diagnostic ignored "-Wformat-nonliteral"
 #endif // BC_CLANG
 		r = vfprintf(f->f, fmt, args);
 #if BC_CLANG
-#pragma clang diagnostic warning "-Wformat-nonliteral"
+#pragma clang diagnostic pop
 #endif // BC_CLANG
 
 		// Just print and propagate the error.
diff --git a/contrib/bc/src/history.c b/contrib/bc/src/history.c
index 32a19f71d777..594cc4eb46de 100644
--- a/contrib/bc/src/history.c
+++ b/contrib/bc/src/history.c
@@ -3,7 +3,7 @@
  *
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
@@ -199,6 +199,7 @@ bc_history_init(BcHistory* h)
 
 	h->el = el_init(vm->name, stdin, stdout, stderr);
 	if (BC_ERR(h->el == NULL)) bc_vm_fatalError(BC_ERR_FATAL_ALLOC_ERR);
+	el_set(h->el, EL_SIGNAL, 1);
 
 	// I want history and a prompt.
 	history(h->hist, &bc_history_event, H_SETSIZE, 100);
@@ -264,18 +265,7 @@ bc_history_line(BcHistory* h, BcVec* vec, const char* prompt)
 	errno = EINTR;
 
 	// Get the line.
-	//
-	// XXX: Why have a macro here? Because macOS needs to be special. Honestly,
-	// it's starting to feel special like Windows at this point. Anyway, the
-	// second SIGWINCH signal of multiple will  return a valid line length on
-	// macOS, so we need to allow for that on macOS. However, FreeBSD's editline
-	// is different and will mess up the terminal if we do it that way.
-	//
-	// There is one limitation with this, however: Ctrl+D won't work on macOS.
-	// But it's because of macOS that this problem exists, and I can't really do
-	// anything about it. So macOS should fix their broken editline; once they
-	// do, I'll fix Ctrl+D on macOS.
-	while (BC_HISTORY_INVALID_LINE(line, len))
+	while (line == NULL && len == -1 && errno == EINTR)
 	{
 		line = el_gets(h->el, &len);
 		bc_history_use_prompt = false;
diff --git a/contrib/bc/src/lang.c b/contrib/bc/src/lang.c
index 7968bcbd9dfd..2a62509c98b0 100644
--- a/contrib/bc/src/lang.c
+++ b/contrib/bc/src/lang.c
@@ -3,7 +3,7 @@
  *
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
@@ -73,9 +73,10 @@ bc_func_insert(BcFunc* f, BcProgram* p, char* name, BcType type, size_t line)
 		BcAuto* aptr = bc_vec_item(&f->autos, i);
 
 		// If they match, barf.
-		if (BC_ERR(idx == aptr->idx && type == aptr->type))
+		if (BC_ERR(idx == aptr->idx &&
+		           BC_IS_ARRAY(type) == BC_IS_ARRAY(aptr->type)))
 		{
-			const char* array = type == BC_TYPE_ARRAY ? "[]" : "";
+			const char* array = BC_IS_ARRAY(type) ? "[]" : "";
 
 			bc_error(BC_ERR_PARSE_DUP_LOCAL, line, name, array);
 		}
diff --git a/contrib/bc/src/lex.c b/contrib/bc/src/lex.c
index 37e52c33fffd..6b639a65b6a8 100644
--- a/contrib/bc/src/lex.c
+++ b/contrib/bc/src/lex.c
@@ -3,7 +3,7 @@
  *
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/src/library.c b/contrib/bc/src/library.c
index 5451e91684a2..282dddff27d2 100644
--- a/contrib/bc/src/library.c
+++ b/contrib/bc/src/library.c
@@ -3,7 +3,7 @@
  *
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/src/main.c b/contrib/bc/src/main.c
index da4c27156029..749248048e78 100644
--- a/contrib/bc/src/main.c
+++ b/contrib/bc/src/main.c
@@ -3,7 +3,7 @@
  *
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
@@ -47,7 +47,6 @@
 
 #include <setjmp.h>
 
-#include <version.h>
 #include <status.h>
 #include <vm.h>
 #include <bc.h>
diff --git a/contrib/bc/src/num.c b/contrib/bc/src/num.c
index 83f84edb91fc..2cdc6eea0087 100644
--- a/contrib/bc/src/num.c
+++ b/contrib/bc/src/num.c
@@ -3,7 +3,7 @@
  *
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
@@ -1093,6 +1093,7 @@ bc_num_as(BcNum* a, BcNum* b, BcNum* restrict c, size_t sub)
 
 	max_len = max_int + max_rdx;
 
+	// Figure out the max length and also if we need to reverse the operation.
 	if (do_sub)
 	{
 		// Check whether b has to be subtracted from a or a from b.
diff --git a/contrib/bc/src/opt.c b/contrib/bc/src/opt.c
index a1c8e813b1ea..6a24291ac401 100644
--- a/contrib/bc/src/opt.c
+++ b/contrib/bc/src/opt.c
@@ -3,7 +3,7 @@
  *
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/src/parse.c b/contrib/bc/src/parse.c
index 0107d4cdef0d..026607994984 100644
--- a/contrib/bc/src/parse.c
+++ b/contrib/bc/src/parse.c
@@ -3,7 +3,7 @@
  *
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/src/program.c b/contrib/bc/src/program.c
index 3b6ebc003a3e..af032c5f1e86 100644
--- a/contrib/bc/src/program.c
+++ b/contrib/bc/src/program.c
@@ -3,7 +3,7 @@
  *
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
@@ -623,6 +623,9 @@ bc_program_prepResult(BcProgram* p)
 {
 	BcResult* res = bc_vec_pushEmpty(&p->results);
 
+	// Mark a result as not retired.
+	p->nresults += 1;
+
 	bc_result_clear(res);
 
 	return res;
@@ -646,6 +649,8 @@ bc_program_const(BcProgram* p, const char* code, size_t* bgn)
 	BcConst* c = bc_vec_item(&p->consts, bc_program_index(code, bgn));
 	BcBigDig base = BC_PROG_IBASE(p);
 
+	assert(p->nresults == 1);
+
 	// Only reparse if the base changed.
 	if (c->base != base)
 	{
@@ -673,6 +678,9 @@ bc_program_const(BcProgram* p, const char* code, size_t* bgn)
 	bc_num_createCopy(&r->d.n, &c->num);
 
 	BC_SIG_UNLOCK;
+
+	// XXX: Make sure to clear the number of results.
+	p->nresults -= 1;
 }
 
 /**
@@ -692,6 +700,8 @@ bc_program_op(BcProgram* p, uchar inst)
 
 	res = bc_program_prepResult(p);
 
+	assert(p->nresults == 1);
+
 	bc_program_binOpPrep(p, &opd1, &n1, &opd2, &n2, 1);
 
 	BC_SIG_LOCK;
@@ -709,7 +719,7 @@ bc_program_op(BcProgram* p, uchar inst)
 	// Run the operation. This also executes an item of an array.
 	bc_program_ops[idx](n1, n2, &res->d.n, BC_PROG_SCALE(p));
 
-	bc_program_retire(p, 1, 2);
+	bc_program_retire(p, 2);
 }
 
 /**
@@ -1060,6 +1070,8 @@ bc_program_unary(BcProgram* p, uchar inst)
 
 	res = bc_program_prepResult(p);
 
+	assert(p->nresults == 1);
+
 	bc_program_prep(p, &ptr, &num, 1);
 
 	BC_SIG_LOCK;
@@ -1070,7 +1082,7 @@ bc_program_unary(BcProgram* p, uchar inst)
 
 	// This calls a function that is in an array.
 	bc_program_unarys[inst - BC_INST_NEG](res, num);
-	bc_program_retire(p, 1, 1);
+	bc_program_retire(p, 1);
 }
 
 /**
@@ -1091,6 +1103,8 @@ bc_program_logical(BcProgram* p, uchar inst)
 
 	res = bc_program_prepResult(p);
 
+	assert(p->nresults == 1);
+
 	// All logical operators (except boolean not, which is taken care of by
 	// bc_program_unary()), are binary operators.
 	bc_program_binOpPrep(p, &opd1, &n1, &opd2, &n2, 1);
@@ -1165,7 +1179,7 @@ bc_program_logical(BcProgram* p, uchar inst)
 
 	if (cond) bc_num_one(&res->d.n);
 
-	bc_program_retire(p, 1, 2);
+	bc_program_retire(p, 2);
 }
 
 /**
@@ -1880,6 +1894,8 @@ bc_program_return(BcProgram* p, uchar inst)
 
 	res = bc_program_prepResult(p);
 
+	assert(p->nresults == 1);
+
 	// If we are returning normally...
 	if (inst == BC_INST_RET)
 	{
@@ -1930,7 +1946,7 @@ bc_program_return(BcProgram* p, uchar inst)
 	BC_SIG_LOCK;
 
 	// When we retire, pop all of the unused results.
-	bc_program_retire(p, 1, nresults);
+	bc_program_retire(p, nresults);
 
 	// Pop the globals, if necessary.
 	if (BC_G) bc_program_popGlobals(p, false);
@@ -1974,6 +1990,8 @@ bc_program_builtin(BcProgram* p, uchar inst)
 
 	res = bc_program_prepResult(p);
 
+	assert(p->nresults == 1);
+
 	bc_program_operand(p, &opd, &num, 1);
 
 	assert(num != NULL);
@@ -2102,7 +2120,7 @@ bc_program_builtin(BcProgram* p, uchar inst)
 		BC_SIG_UNLOCK;
 	}
 
-	bc_program_retire(p, 1, 1);
+	bc_program_retire(p, 1);
 }
 
 /**
@@ -2127,6 +2145,7 @@ bc_program_divmod(BcProgram* p)
 	// the capacity is enough due to the line above.
 	res2 = bc_program_prepResult(p);
 	res = bc_program_prepResult(p);
+	assert(p->nresults == 2);
 
 	// Prepare the operands.
 	bc_program_binOpPrep(p, &opd1, &n1, &opd2, &n2, 2);
@@ -2144,7 +2163,7 @@ bc_program_divmod(BcProgram* p)
 	// Execute.
 	bc_num_divmod(n1, n2, &res2->d.n, &res->d.n, BC_PROG_SCALE(p));
 
-	bc_program_retire(p, 2, 2);
+	bc_program_retire(p, 2);
 }
 
 /**
@@ -2176,6 +2195,8 @@ bc_program_modexp(BcProgram* p)
 
 	res = bc_program_prepResult(p);
 
+	assert(p->nresults == 1);
+
 	// Get the first operand and typecheck.
 	bc_program_operand(p, &r1, &n1, 3);
 	bc_program_type_num(r1, n1);
@@ -2198,7 +2219,7 @@ bc_program_modexp(BcProgram* p)
 
 	bc_num_modexp(n1, n2, n3, &res->d.n);
 
-	bc_program_retire(p, 1, 3);
+	bc_program_retire(p, 3);
 }
 
 /**
@@ -2737,6 +2758,9 @@ bc_program_pushSeed(BcProgram* p)
 	BcResult* res;
 
 	res = bc_program_prepResult(p);
+
+	assert(p->nresults == 1);
+
 	res->t = BC_RESULT_SEED;
 
 	BC_SIG_LOCK;
@@ -2747,6 +2771,9 @@ bc_program_pushSeed(BcProgram* p)
 	BC_SIG_UNLOCK;
 
 	bc_num_createFromRNG(&res->d.n, &p->rng);
+
+	// XXX: Clear the number of results.
+	p->nresults = 0;
 }
 
 #endif // BC_ENABLE_EXTRA_MATH
@@ -2932,6 +2959,9 @@ bc_program_init(BcProgram* p)
 	bc_map_init(&p->const_map);
 	bc_vec_init(&p->strs, sizeof(char*), BC_DTOR_NONE);
 	bc_map_init(&p->str_map);
+
+	// XXX: Clear the number of results.
+	p->nresults = 0;
 }
 
 void
@@ -2985,13 +3015,18 @@ bc_program_reset(BcProgram* p)
 	if (BC_IS_DC) bc_vec_npop(&p->tail_calls, p->tail_calls.len - 1);
 #endif // DC_ENABLED
 
-#if BC_ENABLED
 	// Clear the stack if we are in bc. We have to do this in bc because bc's
 	// stack is implicit.
 	//
 	// XXX: We don't do this in dc because other dc implementations don't.
-	if (BC_IS_BC || !BC_I) bc_vec_popAll(&p->results);
+	// However, we *MUST* pop the items for results that are not retired yet.
+	if (BC_IS_DC && BC_I) bc_vec_npop(&p->results, p->nresults);
+	else bc_vec_popAll(&p->results);
 
+	// Now clear how many results there are.
+	p->nresults = 0;
+
+#if BC_ENABLED
 	// Clear the globals' stacks.
 	if (BC_G) bc_program_popGlobals(p, true);
 #endif // BC_ENABLED
@@ -3039,10 +3074,12 @@ bc_program_exec(BcProgram* p)
 #if BC_HAS_COMPUTED_GOTO
 
 #if BC_GCC
+#pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wpedantic"
 #endif // BC_GCC
 
 #if BC_CLANG
+#pragma clang diagnostic push
 #pragma clang diagnostic ignored "-Wgnu-label-as-value"
 #endif // BC_CLANG
 
@@ -3050,11 +3087,11 @@ bc_program_exec(BcProgram* p)
 	BC_PROG_LBLS_ASSERT;
 
 #if BC_CLANG
-#pragma clang diagnostic warning "-Wgnu-label-as-value"
+#pragma clang diagnostic pop
 #endif // BC_CLANG
 
 #if BC_GCC
-#pragma GCC diagnostic warning "-Wpedantic"
+#pragma GCC diagnostic pop
 #endif // BC_GCC
 
 	// BC_INST_INVALID is a marker for the end so that we don't have to have an
@@ -3085,10 +3122,12 @@ bc_program_exec(BcProgram* p)
 #if BC_HAS_COMPUTED_GOTO
 
 #if BC_GCC
+#pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wpedantic"
 #endif // BC_GCC
 
 #if BC_CLANG
+#pragma clang diagnostic push
 #pragma clang diagnostic ignored "-Wgnu-label-as-value"
 #endif // BC_CLANG
 
@@ -3711,11 +3750,11 @@ bc_program_exec(BcProgram* p)
 #if BC_HAS_COMPUTED_GOTO
 
 #if BC_CLANG
-#pragma clang diagnostic warning "-Wgnu-label-as-value"
+#pragma clang diagnostic pop
 #endif // BC_CLANG
 
 #if BC_GCC
-#pragma GCC diagnostic warning "-Wpedantic"
+#pragma GCC diagnostic pop
 #endif // BC_GCC
 
 #else // BC_HAS_COMPUTED_GOTO
diff --git a/contrib/bc/src/rand.c b/contrib/bc/src/rand.c
index 0f9950788f7c..3aaf905f8520 100644
--- a/contrib/bc/src/rand.c
+++ b/contrib/bc/src/rand.c
@@ -13,7 +13,7 @@
  * This code is under the following license:
  *
  * Copyright (c) 2014-2017 Melissa O'Neill and PCG Project contributors
- * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal
diff --git a/contrib/bc/src/read.c b/contrib/bc/src/read.c
index 01d804848945..650c2813bd1e 100644
--- a/contrib/bc/src/read.c
+++ b/contrib/bc/src/read.c
@@ -3,7 +3,7 @@
  *
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
@@ -171,34 +171,23 @@ bc_read_chars(BcVec* vec, const char* prompt)
 			// If interupted...
 			if (errno == EINTR)
 			{
-				int sig;
-
 				// Jump out if we are supposed to quit, which certain signals
 				// will require.
 				if (vm->status == (sig_atomic_t) BC_STATUS_QUIT) BC_JMP;
 
 				assert(vm->sig != 0);
 
-				sig = (int) vm->sig;
-
 				// Clear the signal and status.
 				vm->sig = 0;
 				vm->status = (sig_atomic_t) BC_STATUS_SUCCESS;
 
-#ifndef _WIN32
-				// We don't want to print anything on a SIGWINCH.
-				if (sig != SIGWINCH)
-#endif // _WIN32
+				// Print the ready message and prompt again.
+				bc_file_puts(&vm->fout, bc_flush_none, bc_program_ready_msg);
+				if (BC_PROMPT)
 				{
-					// Print the ready message and prompt again.
-					bc_file_puts(&vm->fout, bc_flush_none,
-					             bc_program_ready_msg);
-					if (BC_PROMPT)
-					{
-						bc_file_puts(&vm->fout, bc_flush_none, prompt);
-					}
-					bc_file_flush(&vm->fout, bc_flush_none);
+					bc_file_puts(&vm->fout, bc_flush_none, prompt);
 				}
+				bc_file_flush(&vm->fout, bc_flush_none);
 
 				BC_SIG_UNLOCK;
 
diff --git a/contrib/bc/src/vector.c b/contrib/bc/src/vector.c
index 4b49e61968df..7d5c0bc7376f 100644
--- a/contrib/bc/src/vector.c
+++ b/contrib/bc/src/vector.c
@@ -3,7 +3,7 @@
  *
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/src/vm.c b/contrib/bc/src/vm.c
index 636cd4ba0c1b..95bfd73f19e5 100644
--- a/contrib/bc/src/vm.c
+++ b/contrib/bc/src/vm.c
@@ -3,7 +3,7 @@
  *
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
@@ -124,27 +124,6 @@ bc_vm_jmp(void)
 static void
 bc_vm_sig(int sig)
 {
-#if BC_ENABLE_EDITLINE
-	// Editline needs this to resize the terminal. This also needs to come first
-	// because a resize always needs to happen.
-	if (sig == SIGWINCH)
-	{
-		if (BC_TTY)
-		{
-			el_resize(vm->history.el);
-
-			// If the signal was a SIGWINCH, clear it because we don't need to
-			// print a stack trace in that case.
-			if (vm->sig == SIGWINCH)
-			{
-				vm->sig = 0;
-			}
-		}
-
-		return;
-	}
-#endif // BC_ENABLE_EDITLINE
-
 	// There is already a signal in flight if this is true.
 	if (vm->status == (sig_atomic_t) BC_STATUS_QUIT || vm->sig != 0)
 	{
@@ -217,27 +196,23 @@ bc_vm_sigaction(void)
 	struct sigaction sa;
 
 	sigemptyset(&sa.sa_mask);
-	sa.sa_flags = BC_ENABLE_EDITLINE ? 0 : SA_NODEFER;
+	sa.sa_flags = SA_NODEFER;
 
 	// This mess is to silence a warning on Clang with regards to glibc's
 	// sigaction handler, which activates the warning here.
 #if BC_CLANG
+#pragma clang diagnostic push
 #pragma clang diagnostic ignored "-Wdisabled-macro-expansion"
 #endif // BC_CLANG
 	sa.sa_handler = bc_vm_sig;
 #if BC_CLANG
-#pragma clang diagnostic warning "-Wdisabled-macro-expansion"
+#pragma clang diagnostic pop
 #endif // BC_CLANG
 
 	sigaction(SIGTERM, &sa, NULL);
 	sigaction(SIGQUIT, &sa, NULL);
 	sigaction(SIGINT, &sa, NULL);
 
-#if BC_ENABLE_EDITLINE
-	// Editline needs this to resize the terminal.
-	if (BC_TTY) sigaction(SIGWINCH, &sa, NULL);
-#endif // BC_ENABLE_EDITLINE
-
 #if BC_ENABLE_HISTORY
 	if (BC_TTY) sigaction(SIGHUP, &sa, NULL);
 #endif // BC_ENABLE_HISTORY
@@ -544,7 +519,7 @@ bc_vm_envArgs(const char* const env_args_name, BcBigDig* scale, BcBigDig* ibase,
 
 	if (env_args == NULL) return;
 
-		// Windows already allocates, so we don't need to.
+	// Windows already allocates, so we don't need to.
 #ifndef _WIN32
 	start = buf = vm->env_args_buffer = bc_vm_strdup(env_args);
 #else // _WIN32
diff --git a/contrib/bc/tests/all.sh b/contrib/bc/tests/all.sh
index 28631c048e71..d5d084341e36 100755
--- a/contrib/bc/tests/all.sh
+++ b/contrib/bc/tests/all.sh
@@ -2,7 +2,7 @@
 #
 # SPDX-License-Identifier: BSD-2-Clause
 #
-# Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+# Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are met:
@@ -39,7 +39,7 @@ usage() {
 	if [ $# -eq 1 ]; then
 		printf '%s\n\n' "$1"
 	fi
-	print 'usage: %s [-n] dir [run_extra_tests] [run_stack_tests] [gen_tests] [run_problematic_tests] [time_tests] [exec args...]\n' \
+	print 'usage: %s [-n] dir [run_extra_tests] [run_stack_tests] [gen_tests] [run_problematic_tests] [exec args...]\n' \
 		"$script"
 	exit 1
 }
@@ -103,15 +103,6 @@ else
 fi
 
 if [ "$#" -lt 1 ]; then
-	time_tests=0
-	check_bool_arg "$time_tests"
-else
-	time_tests="$1"
-	shift
-	check_bool_arg "$time_tests"
-fi
-
-if [ "$#" -lt 1 ]; then
 	exe="$testdir/../bin/$d"
 	check_exec_arg "$exe"
 else
@@ -155,10 +146,10 @@ while read t; do
 	fi
 
 	if [ "$pll" -ne 0 ]; then
-		sh "$testdir/test.sh" "$d" "$t" "$generate_tests" "$time_tests" "$exe" "$@" &
+		sh "$testdir/test.sh" "$d" "$t" "$generate_tests" "$exe" "$@" &
 		pids="$pids $!"
 	else
-		sh "$testdir/test.sh" "$d" "$t" "$generate_tests" "$time_tests" "$exe" "$@"
+		sh "$testdir/test.sh" "$d" "$t" "$generate_tests" "$exe" "$@"
 	fi
 
 done < "$testdir/$d/all.txt"
@@ -174,19 +165,11 @@ fi
 # Script tests.
 if [ "$pll" -ne 0 ]; then
 	sh "$testdir/scripts.sh" "$d" "$extra" "$run_stack_tests" "$generate_tests" \
-		"$time_tests" "$exe" "$@" &
+		"$exe" "$@" &
 	pids="$pids $!"
 else
 	sh "$testdir/scripts.sh" -n "$d" "$extra" "$run_stack_tests" "$generate_tests" \
-		"$time_tests" "$exe" "$@"
-fi
-
-# Read tests.
-if [ "$pll" -ne 0 ]; then
-	sh "$testdir/read.sh" "$d" "$exe" "$@" &
-	pids="$pids $!"
-else
-	sh "$testdir/read.sh" "$d" "$exe" "$@"
+		"$exe" "$@"
 fi
 
 # Error tests.
@@ -198,8 +181,9 @@ else
 fi
 
 # Test all the files in the errors directory. While the other error test (in
-# tests/errors.sh) does a test for every line, this does one test per file, but
-# it runs the file through stdin and as a file on the command-line.
+# tests/errors.sh) does a test for every line of certain error files in the main
+# directory, this does one test per file in the errors directory, but it runs
+# the file through stdin and as a file on the command-line.
 for testfile in $testdir/$d/errors/*.txt; do
 
 	b=$(basename "$testfile")
@@ -213,14 +197,6 @@ for testfile in $testdir/$d/errors/*.txt; do
 
 done
 
-# Other tests.
-if [ "$pll" -ne 0 ]; then
-	sh "$testdir/other.sh" "$d" "$extra" "$exe" "$@" &
-	pids="$pids $!"
-else
-	sh "$testdir/other.sh" "$d" "$extra" "$exe" "$@"
-fi
-
 if [ "$pll" -ne 0 ]; then
 
 	exit_err=0
diff --git a/contrib/bc/tests/bc/all.txt b/contrib/bc/tests/bc/all.txt
index c710534aac1b..2fd582118adb 100644
--- a/contrib/bc/tests/bc/all.txt
+++ b/contrib/bc/tests/bc/all.txt
@@ -1,7 +1,132 @@
 decimal
-print
-parse
-lib2
+print_002
+print_003
+print_004
+print_005
+print_006
+print_007
+print_008
+print_009
+print_011
+print_012
+print_013
+print_014
+print_015
+print_016
+print_017
+print_018
+print_019
+print_020
+print_021
+print_022
+print_023
+print_024
+print_025
+print_026
+print_027
+print_028
+print_029
+print_030
+print_031
+print_032
+print_033
+print_034
+print_035
+print_036
+print_037
+print_038
+print_039
+print_040
+print_041
+print_042
+print_043
+print_044
+print_045
+print_046
+print_047
+print_048
+print_049
+print_050
+print_051
+print_052
+print_053
+print_054
+print_055
+print_056
+print_057
+print_058
+print_059
+print_060
+print_061
+print_062
+print_063
+print_064
+print_065
+print_066
+print_067
+print_068
+print_069
+print_070
+print_071
+print_072
+print_073
+print_074
+print_075
+print_076
+print_077
+print_078
+print_079
+print_080
+print_081
+print_082
+print_083
+print_084
+print_085
+print_086
+print_087
+print_088
+print_089
+print_090
+print_091
+print_092
+print_093
+print_094
+print_095
+print_096
+print_097
+print_098
+print_099
+print_100
+parse_02
+parse_03
+parse_04
+parse_05
+parse_06
+parse_07
+parse_08
+parse_09
+parse_11
+parse_12
+parse_13
+parse_14
+parse_15
+parse_16
+lib2_p
+lib2_r
+lib2_ceil
+lib2_log
+lib2_root
+lib2_gcd
+lib2_bytes
+lib2_pi
+lib2_tan
+lib2_a2
+lib2_r2d
+lib2_d2r
+lib2_fac
+lib2_perm
+lib2_uint
+lib2_rand
 print2
 length
 scale
diff --git a/contrib/bc/tests/bc/errors/39.txt b/contrib/bc/tests/bc/errors/39.txt
new file mode 100644
index 000000000000..104d16136b22
--- /dev/null
+++ b/contrib/bc/tests/bc/errors/39.txt
@@ -0,0 +1 @@
+define a(*t[], t[]) {}
diff --git a/contrib/bc/tests/bc/lib2.txt b/contrib/bc/tests/bc/lib2.txt
deleted file mode 100644
index 74e1256d7bbf..000000000000
--- a/contrib/bc/tests/bc/lib2.txt
+++ /dev/null
@@ -1,477 +0,0 @@
-p(2, 8.0000)
-p(2, 8.0001)
-p(2, -8.0001)
-p(1024,32.1)
-r(0, 0)
-r(0, 1)
-r(0, 100)
-r(1, 0)
-r(1, 3)
-r(1.4, 0)
-r(1.5, 0)
-r(34.45, 2)
-r(64.1223, 4)
-r(283.1983893, 6)
-r(283.1983895, 6)
-r(283.1983899, 6)
-r(99.999999999, 5)
-r(-1, 0)
-r(-1, 3)
-r(-1.4, 0)
-r(-1.5, 0)
-r(-34.45, 2)
-r(-64.1223, 4)
-r(-283.1983893, 6)
-r(-283.1983895, 6)
-r(-283.1983899, 6)
-r(-99.999999999, 5)
-ceil(0, 0)
-ceil(0, 1)
-ceil(0, 100)
-ceil(1, 0)
-ceil(1, 3)
-ceil(1.4, 0)
-ceil(1.5, 0)
-ceil(34.45, 2)
-ceil(64.1223, 4)
-ceil(283.1983893, 6)
-ceil(283.1983895, 6)
-ceil(283.1983899, 6)
-ceil(99.999999999, 5)
-ceil(-1, 0)
-ceil(-1, 3)
-ceil(-1.4, 0)
-ceil(-1.5, 0)
-ceil(-34.45, 2)
-ceil(-64.1223, 4)
-ceil(-283.1983893, 6)
-ceil(-283.1983895, 6)
-ceil(-283.1983899, 6)
-ceil(-99.999999999, 5)
-ceil(8770735.0705156250000000000, 0)
-l2(0)
-l2(1)
-l2(2)
-l2(7)
-l2(7.9999999999999999999999)
-l2(8)
-l10(0)
-l10(1)
-l10(2)
-l10(5)
-l10(9)
-l10(9.999999999999999999999)
-l10(10)
-l10(11)
-l10(99)
-l10(99.99999999999999999999)
-l10(100)
-l2(-1)
-l2(-2)
-l2(-7)
-l2(-7.9999999999999999999999)
-l2(-8)
-l10(-1)
-l10(-2)
-l10(-5)
-l10(-9)
-l10(-9.999999999999999999999)
-l10(-10)
-l10(-11)
-l10(-99)
-l10(-99.99999999999999999999)
-l10(-100)
-cbrt(27)
-cbrt(-27)
-cbrt(4096)
-cbrt(-4096)
-root(0, 3)
-root(0, 4)
-root(0, 5)
-root(0.0000000000000, 3)
-root(0.0000000000000, 4)
-root(0.0000000000000, 5)
-root(16, 4)
-root(3125, 5)
-root(-3125, 5)
-gcd(285, 35)
-gcd(1, 6)
-gcd(5, 1)
-gcd(8, 12)
-gcd(40, 4096)
-lcm(40, 4096)
-lcm(555, 55)
-ubytes(0)
-ubytes(1)
-ubytes(2)
-ubytes(254)
-ubytes(255)
-ubytes(256)
-ubytes(65535)
-ubytes(65536)
-ubytes(131072)
-ubytes(4294967295)
-ubytes(4294967296)
-ubytes(18446744073709551615)
-ubytes(18446744073709551616)
-sbytes(0)
-sbytes(1)
-sbytes(-1)
-sbytes(2)
-sbytes(127)
-sbytes(128)
-sbytes(-127)
-sbytes(-128)
-sbytes(-129)
-sbytes(254)
-sbytes(255)
-sbytes(256)
-sbytes(32767)
-sbytes(32768)
-sbytes(-32767)
-sbytes(-32768)
-sbytes(65535)
-sbytes(65536)
-sbytes(131072)
-sbytes(2147483647)
-sbytes(2147483648)
-sbytes(2147483649)
-sbytes(-2147483647)
-sbytes(-2147483648)
-sbytes(-2147483649)
-sbytes(4294967295)
-sbytes(4294967296)
-sbytes(9223372036854775807)
-sbytes(9223372036854775808)
-sbytes(9223372036854775809)
-sbytes(-9223372036854775807)
-sbytes(-9223372036854775808)
-sbytes(-9223372036854775809)
-pi(0)
-pi(1)
-pi(2)
-pi(5)
-pi(100)
-p=pi(100)
-t(0)
-t(1)
-t(-1)
-t(2)
-t(-2)
-t(3)
-t(-3)
-t(p)
-t(-p)
-t(p/2)
-t(-p/2)
-t(p/3)
-t(-p/3)
-t(p/4)
-t(-p/4)
-t(p/5)
-t(-p/5)
-t(p/6)
-t(-p/6)
-t(p/7)
-t(-p/7)
-t(p/8)
-t(-p/8)
-t(p/9)
-t(-p/9)
-t(p/10)
-t(-p/10)
-t(p/15)
-t(-p/15)
-a2(0, 1)
-a2(1, 1)
-a2(2, 1)
-a2(1, 2)
-a2(0, -1)
-a2(1, -1)
-a2(2, -1)
-a2(1, -2)
-a2(-1, 1)
-a2(-2, 1)
-a2(-1, 2)
-a2(-1, -1)
-a2(-2, -1)
-a2(-1, -2)
-a2(1, 0)
-a2(2, 0)
-a2(-1, 0)
-a2(-2, 0)
-r2d(p)
-r2d(2 * p)
-r2d(p / 2)
-r2d(p / 4)
-r2d(p / 3)
-r2d(p / 5)
-r2d(p / 6)
-r2d(p / 10)
-r2d(-p)
-r2d(2 * -p)
-r2d(-p / 2)
-r2d(-p / 4)
-r2d(-p / 3)
-r2d(-p / 5)
-r2d(-p / 6)
-r2d(-p / 10)
-d2r(180)
-d2r(360)
-d2r(90)
-d2r(45)
-d2r(120)
-d2r(72)
-d2r(60)
-d2r(36)
-d2r(-180)
-d2r(-360)
-d2r(-90)
-d2r(-45)
-d2r(-120)
-d2r(-72)
-d2r(-60)
-d2r(-36)
-f(0)
-f(1)
-f(2)
-f(3)
-f(4)
-f(5)
-perm(10, 2)
-comb(10, 2)
-perm(6, 2)
-comb(6, 2)
-perm(12, 10)
-comb(12, 10)
-perm(24, 15)
-comb(24, 15)
-binary(0)
-hex(0)
-binary(1)
-hex(1)
-binary(2)
-hex(2)
-binary(15)
-hex(15)
-binary(16)
-hex(16)
-uint(0)
-int(0)
-uint(1)
-int(1)
-int(-1)
-uint(127)
-int(127)
-int(-127)
-uint(128)
-int(128)
-int(-128)
-uint(129)
-int(129)
-int(-129)
-uint(255)
-int(255)
-int(-255)
-uint(256)
-int(256)
-int(-256)
-uint(32767)
-int(32767)
-int(-32767)
-uint(32768)
-int(32768)
-int(-32768)
-uint(32769)
-int(32769)
-int(-32769)
-uint(65535)
-int(65535)
-int(-65535)
-uint(65536)
-int(65536)
-int(-65536)
-uint(2147483647)
-int(2147483647)
-int(-2147483647)
-uint(2147483648)
-int(2147483648)
-int(-2147483648)
-uint(2147483649)
-int(2147483649)
-int(-2147483649)
-uint(4294967295)
-int(4294967295)
-int(-4294967295)
-uint(4294967296)
-int(4294967296)
-int(-4294967296)
-uint8(0)
-int8(0)
-uint16(0)
-int16(0)
-uint32(0)
-int32(0)
-uint64(0)
-int64(0)
-uint8(1)
-int8(1)
-int8(-1)
-uint16(1)
-int16(1)
-int16(-1)
-uint32(1)
-int32(1)
-int32(-1)
-uint64(1)
-int64(1)
-int64(-1)
-uint8(127)
-int8(127)
-int8(-127)
-uint16(127)
-int16(127)
-int16(-127)
-uint32(127)
-int32(127)
-int32(-127)
-uint64(127)
-int64(127)
-int64(-127)
-uint8(128)
-int8(128)
-int8(-128)
-uint16(128)
-int16(128)
-int16(-128)
-uint32(128)
-int32(128)
-int32(-128)
-uint64(128)
-int64(128)
-int64(-128)
-uint8(129)
-int8(129)
-int8(-129)
-uint16(129)
-int16(129)
-int16(-129)
-uint32(129)
-int32(129)
-int32(-129)
-uint64(129)
-int64(129)
-int64(-129)
-uint8(255)
-int8(255)
-int8(-255)
-uint16(255)
-int16(255)
-int16(-255)
-uint32(255)
-int32(255)
-int32(-255)
-uint64(255)
-int64(255)
-int64(-255)
-uint8(256)
-int8(256)
-int8(-256)
-uint16(256)
-int16(256)
-int16(-256)
-uint32(256)
-int32(256)
-int32(-256)
-uint64(256)
-int64(256)
-int64(-256)
-uint16(32767)
-int16(32767)
-int16(-32767)
-uint32(32767)
-int32(32767)
-int32(-32767)
-uint64(32767)
-int64(32767)
-int64(-32767)
-uint16(32768)
-int16(32768)
-int16(-32768)
-uint32(32768)
-int32(32768)
-int32(-32768)
-uint64(32768)
-int64(32768)
-int64(-32768)
-uint16(32769)
-int16(32769)
-int16(-32769)
-uint32(32769)
-int32(32769)
-int32(-32769)
-uint64(32769)
-int64(32769)
-int64(-32769)
-uint16(65535)
-int16(65535)
-int16(-65535)
-uint32(65535)
-int32(65535)
-int32(-65535)
-uint64(65535)
-int64(65535)
-int64(-65535)
-uint16(65536)
-int16(65536)
-int16(-65536)
-uint32(65536)
-int32(65536)
-int32(-65536)
-uint64(65536)
-int64(65536)
-int64(-65536)
-uint32(2147483647)
-int32(2147483647)
-int32(-2147483647)
-uint64(2147483647)
-int64(2147483647)
-int64(-2147483647)
-uint32(2147483648)
-int32(2147483648)
-int32(-2147483648)
-uint64(2147483648)
-int64(2147483648)
-int64(-2147483648)
-uint32(2147483649)
-int32(2147483649)
-int32(-2147483649)
-uint64(2147483649)
-int64(2147483649)
-int64(-2147483649)
-uint32(4294967295)
-int32(4294967295)
-int32(-4294967295)
-uint64(4294967295)
-int64(4294967295)
-int64(-4294967295)
-uint32(4294967296)
-int32(4294967296)
-int32(-4294967296)
-uint64(4294967296)
-int64(4294967296)
-int64(-4294967296)
-uint(-3)
-uint(3.928375)
-int(4.000000)
-b = brand()
-b < 2
-b >= 0
-i = irand(maxrand() + 1)
-i <= maxrand()
-i >= 0
-f = frand(10)
-scale(f) == 10
-fi = ifrand(123, 28)
-scale(fi) == 28
-fi < 128
diff --git a/contrib/bc/tests/bc/lib2_a2.txt b/contrib/bc/tests/bc/lib2_a2.txt
new file mode 100644
index 000000000000..a0b24942676d
--- /dev/null
+++ b/contrib/bc/tests/bc/lib2_a2.txt
@@ -0,0 +1,18 @@
+a2(0, 1)
+a2(1, 1)
+a2(2, 1)
+a2(1, 2)
+a2(0, -1)
+a2(1, -1)
+a2(2, -1)
+a2(1, -2)
+a2(-1, 1)
+a2(-2, 1)
+a2(-1, 2)
+a2(-1, -1)
+a2(-2, -1)
+a2(-1, -2)
+a2(1, 0)
+a2(2, 0)
+a2(-1, 0)
+a2(-2, 0)
diff --git a/contrib/bc/tests/bc/lib2_a2_results.txt b/contrib/bc/tests/bc/lib2_a2_results.txt
new file mode 100644
index 000000000000..4915b6ad142e
--- /dev/null
+++ b/contrib/bc/tests/bc/lib2_a2_results.txt
@@ -0,0 +1,18 @@
+0
+.78539816339744830961
+1.10714871779409050301
+.46364760900080611621
+3.14159265358979323846
+2.35619449019234492884
+2.03444393579570273544
+2.67794504458898712224
+-.78539816339744830961
+-1.10714871779409050301
+-.46364760900080611621
+-2.35619449019234492884
+-2.03444393579570273544
+-2.67794504458898712224
+1.57079632679489661923
+1.57079632679489661923
+-1.57079632679489661923
+-1.57079632679489661923
diff --git a/contrib/bc/tests/bc/lib2_bytes.txt b/contrib/bc/tests/bc/lib2_bytes.txt
new file mode 100644
index 000000000000..79183d7a88b0
--- /dev/null
+++ b/contrib/bc/tests/bc/lib2_bytes.txt
@@ -0,0 +1,46 @@
+ubytes(0)
+ubytes(1)
+ubytes(2)
+ubytes(254)
+ubytes(255)
+ubytes(256)
+ubytes(65535)
+ubytes(65536)
+ubytes(131072)
+ubytes(4294967295)
+ubytes(4294967296)
+ubytes(18446744073709551615)
+ubytes(18446744073709551616)
+sbytes(0)
+sbytes(1)
+sbytes(-1)
+sbytes(2)
+sbytes(127)
+sbytes(128)
+sbytes(-127)
+sbytes(-128)
+sbytes(-129)
+sbytes(254)
+sbytes(255)
+sbytes(256)
+sbytes(32767)
+sbytes(32768)
+sbytes(-32767)
+sbytes(-32768)
+sbytes(65535)
+sbytes(65536)
+sbytes(131072)
+sbytes(2147483647)
+sbytes(2147483648)
+sbytes(2147483649)
+sbytes(-2147483647)
+sbytes(-2147483648)
+sbytes(-2147483649)
+sbytes(4294967295)
+sbytes(4294967296)
+sbytes(9223372036854775807)
+sbytes(9223372036854775808)
+sbytes(9223372036854775809)
+sbytes(-9223372036854775807)
+sbytes(-9223372036854775808)
+sbytes(-9223372036854775809)
diff --git a/contrib/bc/tests/bc/lib2_bytes_results.txt b/contrib/bc/tests/bc/lib2_bytes_results.txt
new file mode 100644
index 000000000000..494be6df11f6
--- /dev/null
+++ b/contrib/bc/tests/bc/lib2_bytes_results.txt
@@ -0,0 +1,46 @@
+1
+1
+1
+1
+1
+2
+2
+4
+4
+4
+8
+8
+16
+1
+1
+1
+1
+1
+2
+1
+1
+2
+2
+2
+2
+2
+4
+2
+2
+4
+4
+4
+4
+8
+8
+4
+4
+8
+8
+8
+8
+16
+16
+8
+8
+16
diff --git a/contrib/bc/tests/bc/lib2_ceil.txt b/contrib/bc/tests/bc/lib2_ceil.txt
new file mode 100644
index 000000000000..6da43cc70822
--- /dev/null
+++ b/contrib/bc/tests/bc/lib2_ceil.txt
@@ -0,0 +1,24 @@
+ceil(0, 0)
+ceil(0, 1)
+ceil(0, 100)
+ceil(1, 0)
+ceil(1, 3)
+ceil(1.4, 0)
+ceil(1.5, 0)
+ceil(34.45, 2)
+ceil(64.1223, 4)
+ceil(283.1983893, 6)
+ceil(283.1983895, 6)
+ceil(283.1983899, 6)
+ceil(99.999999999, 5)
+ceil(-1, 0)
+ceil(-1, 3)
+ceil(-1.4, 0)
+ceil(-1.5, 0)
+ceil(-34.45, 2)
+ceil(-64.1223, 4)
+ceil(-283.1983893, 6)
+ceil(-283.1983895, 6)
+ceil(-283.1983899, 6)
+ceil(-99.999999999, 5)
+ceil(8770735.0705156250000000000, 0)
diff --git a/contrib/bc/tests/bc/lib2_ceil_results.txt b/contrib/bc/tests/bc/lib2_ceil_results.txt
new file mode 100644
index 000000000000..2e9ba9c25022
--- /dev/null
+++ b/contrib/bc/tests/bc/lib2_ceil_results.txt
@@ -0,0 +1,24 @@
+0
+0
+0
+1
+1.000
+2
+2
+34.45
+64.1223
+283.198390
+283.198390
+283.198390
+100.00000
+-1
+-1.000
+-2
+-2
+-34.45
+-64.1223
+-283.198390
+-283.198390
+-283.198390
+-100.00000
+8770736
diff --git a/contrib/bc/tests/bc/lib2_d2r.txt b/contrib/bc/tests/bc/lib2_d2r.txt
new file mode 100644
index 000000000000..dd908be8ec43
--- /dev/null
+++ b/contrib/bc/tests/bc/lib2_d2r.txt
@@ -0,0 +1,16 @@
+d2r(180)
+d2r(360)
+d2r(90)
+d2r(45)
+d2r(120)
+d2r(72)
+d2r(60)
+d2r(36)
+d2r(-180)
+d2r(-360)
+d2r(-90)
+d2r(-45)
+d2r(-120)
+d2r(-72)
+d2r(-60)
+d2r(-36)
diff --git a/contrib/bc/tests/bc/lib2_d2r_results.txt b/contrib/bc/tests/bc/lib2_d2r_results.txt
new file mode 100644
index 000000000000..a64165087783
--- /dev/null
+++ b/contrib/bc/tests/bc/lib2_d2r_results.txt
@@ -0,0 +1,16 @@
+3.14159265358979323846
+6.28318530717958647692
+1.57079632679489661923
+.78539816339744830961
+2.09439510239319549230
+1.25663706143591729538
+1.04719755119659774615
+.62831853071795864769
+-3.14159265358979323846
+-6.28318530717958647692
+-1.57079632679489661923
+-.78539816339744830961
+-2.09439510239319549230
+-1.25663706143591729538
+-1.04719755119659774615
+-.62831853071795864769
diff --git a/contrib/bc/tests/bc/lib2_fac.txt b/contrib/bc/tests/bc/lib2_fac.txt
new file mode 100644
index 000000000000..1da42385ea44
--- /dev/null
+++ b/contrib/bc/tests/bc/lib2_fac.txt
@@ -0,0 +1,6 @@
+f(0)
+f(1)
+f(2)
+f(3)
+f(4)
+f(5)
diff --git a/contrib/bc/tests/bc/lib2_fac_results.txt b/contrib/bc/tests/bc/lib2_fac_results.txt
new file mode 100644
index 000000000000..b1fa2729fd55
--- /dev/null
+++ b/contrib/bc/tests/bc/lib2_fac_results.txt
@@ -0,0 +1,6 @@
+1
+1
+2
+6
+24
+120
diff --git a/contrib/bc/tests/bc/lib2_gcd.txt b/contrib/bc/tests/bc/lib2_gcd.txt
new file mode 100644
index 000000000000..e7e69a65a841
--- /dev/null
+++ b/contrib/bc/tests/bc/lib2_gcd.txt
@@ -0,0 +1,7 @@
+gcd(285, 35)
+gcd(1, 6)
+gcd(5, 1)
+gcd(8, 12)
+gcd(40, 4096)
+lcm(40, 4096)
+lcm(555, 55)
diff --git a/contrib/bc/tests/bc/lib2_gcd_results.txt b/contrib/bc/tests/bc/lib2_gcd_results.txt
new file mode 100644
index 000000000000..952305d197ff
--- /dev/null
+++ b/contrib/bc/tests/bc/lib2_gcd_results.txt
@@ -0,0 +1,7 @@
+5
+1
+1
+4
+8
+20480
+6105
diff --git a/contrib/bc/tests/bc/lib2_log.txt b/contrib/bc/tests/bc/lib2_log.txt
new file mode 100644
index 000000000000..8b5c62e6d71a
--- /dev/null
+++ b/contrib/bc/tests/bc/lib2_log.txt
@@ -0,0 +1,32 @@
+l2(0)
+l2(1)
+l2(2)
+l2(7)
+l2(7.9999999999999999999999)
+l2(8)
+l10(0)
+l10(1)
+l10(2)
+l10(5)
+l10(9)
+l10(9.999999999999999999999)
+l10(10)
+l10(11)
+l10(99)
+l10(99.99999999999999999999)
+l10(100)
+l2(-1)
+l2(-2)
+l2(-7)
+l2(-7.9999999999999999999999)
+l2(-8)
+l10(-1)
+l10(-2)
+l10(-5)
+l10(-9)
+l10(-9.999999999999999999999)
+l10(-10)
+l10(-11)
+l10(-99)
+l10(-99.99999999999999999999)
+l10(-100)
diff --git a/contrib/bc/tests/bc/lib2_log_results.txt b/contrib/bc/tests/bc/lib2_log_results.txt
new file mode 100644
index 000000000000..05e0c2b0209a
--- /dev/null
+++ b/contrib/bc/tests/bc/lib2_log_results.txt
@@ -0,0 +1,32 @@
+-14426950408889634073599246810018921374265.01964302164603717234
+0
+1.00000000000000000000
+2.80735492205760410744
+2.99999999999999999999
+3.00000000000000000000
+-4342944819032518276511289189166050822943.53857128275332257904
+0
+.30102999566398119521
+.69897000433601880478
+.95424250943932487459
+.99999999999999999999
+1.00000000000000000000
+1.04139268515822504075
+1.99563519459754991534
+1.99999999999999999999
+2.00000000000000000000
+-14426950408889634073599246810018921374265.01964302164603717234
+-14426950408889634073599246810018921374265.01964302164603717234
+-14426950408889634073599246810018921374265.01964302164603717234
+-144269504088896340735992468100189213742664594.88013355604393225658
+-14426950408889634073599246810018921374265.01964302164603717234
+-4342944819032518276511289189166050822943.53857128275332257904
+-4342944819032518276511289189166050822943.53857128275332257904
+-4342944819032518276511289189166050822943.53857128275332257904
+-4342944819032518276511289189166050822943.53857128275332257904
+-434294481903251827651128918916605082294396.66367028674257491242
+-4342944819032518276511289189166050822943.53857128275332257904
+-4342944819032518276511289189166050822943.53857128275332257904
+-4342944819032518276511289189166050822943.53857128275332257904
+-4342944819032518276511289189166050822943.53857128275332257904
+-4342944819032518276511289189166050822943.53857128275332257904
diff --git a/contrib/bc/tests/bc/lib2_p.txt b/contrib/bc/tests/bc/lib2_p.txt
new file mode 100644
index 000000000000..7026d5812845
--- /dev/null
+++ b/contrib/bc/tests/bc/lib2_p.txt
@@ -0,0 +1,4 @@
+p(2, 8.0000)
+p(2, 8.0001)
+p(2, -8.0001)
+p(1024,32.1)
diff --git a/contrib/bc/tests/bc/lib2_p_results.txt b/contrib/bc/tests/bc/lib2_p_results.txt
new file mode 100644
index 000000000000..54089deab2b4
--- /dev/null
+++ b/contrib/bc/tests/bc/lib2_p_results.txt
@@ -0,0 +1,5 @@
+256.00000000000000000000
+256.01774518281640171326
+.00390597924876622489
+42719740718418201647900434123391042292054090447133055398940832156444\
+39451561281100045924173873151.99999999999999999999
diff --git a/contrib/bc/tests/bc/lib2_perm.txt b/contrib/bc/tests/bc/lib2_perm.txt
new file mode 100644
index 000000000000..84fe6afd1e52
--- /dev/null
+++ b/contrib/bc/tests/bc/lib2_perm.txt
@@ -0,0 +1,9 @@
+perm(10, 2)
+comb(10, 2)
+perm(6, 2)
+comb(6, 2)
+perm(12, 10)
+comb(12, 10)
+perm(24, 15)
+comb(24, 15)
+
diff --git a/contrib/bc/tests/bc/lib2_perm_results.txt b/contrib/bc/tests/bc/lib2_perm_results.txt
new file mode 100644
index 000000000000..bf57dc0ea5f8
--- /dev/null
+++ b/contrib/bc/tests/bc/lib2_perm_results.txt
@@ -0,0 +1,8 @@
+90
+45
+30
+15
+239500800
+66
+1709789466857472000
+1307504
diff --git a/contrib/bc/tests/bc/lib2_pi.txt b/contrib/bc/tests/bc/lib2_pi.txt
new file mode 100644
index 000000000000..25bef3101e0b
--- /dev/null
+++ b/contrib/bc/tests/bc/lib2_pi.txt
@@ -0,0 +1,5 @@
+pi(0)
+pi(1)
+pi(2)
+pi(5)
+pi(100)
diff --git a/contrib/bc/tests/bc/lib2_pi_results.txt b/contrib/bc/tests/bc/lib2_pi_results.txt
new file mode 100644
index 000000000000..90975cb6a726
--- /dev/null
+++ b/contrib/bc/tests/bc/lib2_pi_results.txt
@@ -0,0 +1,6 @@
+3
+3.1
+3.14
+3.14159
+3.141592653589793238462643383279502884197169399375105820974944592307\
+8164062862089986280348253421170679
diff --git a/contrib/bc/tests/bc/lib2_r.txt b/contrib/bc/tests/bc/lib2_r.txt
new file mode 100644
index 000000000000..2f82d85d9042
--- /dev/null
+++ b/contrib/bc/tests/bc/lib2_r.txt
@@ -0,0 +1,23 @@
+r(0, 0)
+r(0, 1)
+r(0, 100)
+r(1, 0)
+r(1, 3)
+r(1.4, 0)
+r(1.5, 0)
+r(34.45, 2)
+r(64.1223, 4)
+r(283.1983893, 6)
+r(283.1983895, 6)
+r(283.1983899, 6)
+r(99.999999999, 5)
+r(-1, 0)
+r(-1, 3)
+r(-1.4, 0)
+r(-1.5, 0)
+r(-34.45, 2)
+r(-64.1223, 4)
+r(-283.1983893, 6)
+r(-283.1983895, 6)
+r(-283.1983899, 6)
+r(-99.999999999, 5)
diff --git a/contrib/bc/tests/bc/lib2_r2d.txt b/contrib/bc/tests/bc/lib2_r2d.txt
new file mode 100644
index 000000000000..904e55df9cd1
--- /dev/null
+++ b/contrib/bc/tests/bc/lib2_r2d.txt
@@ -0,0 +1,17 @@
+p=pi(100)
+r2d(p)
+r2d(2 * p)
+r2d(p / 2)
+r2d(p / 4)
+r2d(p / 3)
+r2d(p / 5)
+r2d(p / 6)
+r2d(p / 10)
+r2d(-p)
+r2d(2 * -p)
+r2d(-p / 2)
+r2d(-p / 4)
+r2d(-p / 3)
+r2d(-p / 5)
+r2d(-p / 6)
+r2d(-p / 10)
diff --git a/contrib/bc/tests/bc/lib2_r2d_results.txt b/contrib/bc/tests/bc/lib2_r2d_results.txt
new file mode 100644
index 000000000000..38abe6dfdd52
--- /dev/null
+++ b/contrib/bc/tests/bc/lib2_r2d_results.txt
@@ -0,0 +1,16 @@
+180.00000000000000000000
+360.00000000000000000000
+89.99999999999999999992
+44.99999999999999999967
+59.99999999999999999975
+35.99999999999999999985
+29.99999999999999999959
+17.99999999999999999964
+-180.00000000000000000000
+-360.00000000000000000000
+-89.99999999999999999992
+-44.99999999999999999967
+-59.99999999999999999975
+-35.99999999999999999985
+-29.99999999999999999959
+-17.99999999999999999964
diff --git a/contrib/bc/tests/bc/lib2_r_results.txt b/contrib/bc/tests/bc/lib2_r_results.txt
new file mode 100644
index 000000000000..4ae686836a41
--- /dev/null
+++ b/contrib/bc/tests/bc/lib2_r_results.txt
@@ -0,0 +1,23 @@
+0
+0
+0
+1
+1.000
+1
+2
+34.45
+64.1223
+283.198389
+283.198390
+283.198390
+100.00000
+-1
+-1.000
+-1
+-2
+-34.45
+-64.1223
+-283.198389
+-283.198390
+-283.198390
+-100.00000
diff --git a/contrib/bc/tests/bc/lib2_rand.txt b/contrib/bc/tests/bc/lib2_rand.txt
new file mode 100644
index 000000000000..a9d94509c79f
--- /dev/null
+++ b/contrib/bc/tests/bc/lib2_rand.txt
@@ -0,0 +1,11 @@
+b = brand()
+b < 2
+b >= 0
+i = irand(maxrand() + 1)
+i <= maxrand()
+i >= 0
+f = frand(10)
+scale(f) == 10
+fi = ifrand(123, 28)
+scale(fi) == 28
+fi < 128
diff --git a/contrib/bc/tests/bc/lib2_rand_results.txt b/contrib/bc/tests/bc/lib2_rand_results.txt
new file mode 100644
index 000000000000..fcb49fa99454
--- /dev/null
+++ b/contrib/bc/tests/bc/lib2_rand_results.txt
@@ -0,0 +1,7 @@
+1
+1
+1
+1
+1
+1
+1
diff --git a/contrib/bc/tests/bc/lib2_root.txt b/contrib/bc/tests/bc/lib2_root.txt
new file mode 100644
index 000000000000..6a0558414c44
--- /dev/null
+++ b/contrib/bc/tests/bc/lib2_root.txt
@@ -0,0 +1,13 @@
+cbrt(27)
+cbrt(-27)
+cbrt(4096)
+cbrt(-4096)
+root(0, 3)
+root(0, 4)
+root(0, 5)
+root(0.0000000000000, 3)
+root(0.0000000000000, 4)
+root(0.0000000000000, 5)
+root(16, 4)
+root(3125, 5)
+root(-3125, 5)
diff --git a/contrib/bc/tests/bc/lib2_root_results.txt b/contrib/bc/tests/bc/lib2_root_results.txt
new file mode 100644
index 000000000000..74ebfc514abf
--- /dev/null
+++ b/contrib/bc/tests/bc/lib2_root_results.txt
@@ -0,0 +1,13 @@
+3.00000000000000000000
+-3.00000000000000000000
+16.00000000000000000000
+-16.00000000000000000000
+0
+0
+0
+0
+0
+0
+2.00000000000000000000
+5.00000000000000000000
+-5.00000000000000000000
diff --git a/contrib/bc/tests/bc/lib2_tan.txt b/contrib/bc/tests/bc/lib2_tan.txt
new file mode 100644
index 000000000000..624e798b71d8
--- /dev/null
+++ b/contrib/bc/tests/bc/lib2_tan.txt
@@ -0,0 +1,30 @@
+p=pi(100)
+t(0)
+t(1)
+t(-1)
+t(2)
+t(-2)
+t(3)
+t(-3)
+t(p)
+t(-p)
+t(p/2)
+t(-p/2)
+t(p/3)
+t(-p/3)
+t(p/4)
+t(-p/4)
+t(p/5)
+t(-p/5)
+t(p/6)
+t(-p/6)
+t(p/7)
+t(-p/7)
+t(p/8)
+t(-p/8)
+t(p/9)
+t(-p/9)
+t(p/10)
+t(-p/10)
+t(p/15)
+t(-p/15)
diff --git a/contrib/bc/tests/bc/lib2_tan_results.txt b/contrib/bc/tests/bc/lib2_tan_results.txt
new file mode 100644
index 000000000000..53fafa8d496b
--- /dev/null
+++ b/contrib/bc/tests/bc/lib2_tan_results.txt
@@ -0,0 +1,29 @@
+0
+1.55740772465490223050
+-1.55740772465490223050
+-2.18503986326151899164
+2.18503986326151899164
+-.14254654307427780529
+.14254654307427780529
+0
+0
+769230769230769230769.23076923076923076923
+-769230769230769230769.23076923076923076923
+1.73205080756887729351
+-1.73205080756887729351
+.99999999999999999998
+-.99999999999999999998
+.72654252800536088589
+-.72654252800536088589
+.57735026918962576449
+-.57735026918962576449
+.48157461880752864432
+-.48157461880752864432
+.41421356237309504879
+-.41421356237309504879
+.36397023426620236134
+-.36397023426620236134
+.32491969623290632614
+-.32491969623290632614
+.21255656167002212525
+-.21255656167002212525
diff --git a/contrib/bc/tests/bc/lib2_uint.txt b/contrib/bc/tests/bc/lib2_uint.txt
new file mode 100644
index 000000000000..a3c62519ca94
--- /dev/null
+++ b/contrib/bc/tests/bc/lib2_uint.txt
@@ -0,0 +1,218 @@
+binary(0)
+hex(0)
+binary(1)
+hex(1)
+binary(2)
+hex(2)
+binary(15)
+hex(15)
+binary(16)
+hex(16)
+uint(0)
+int(0)
+uint(1)
+int(1)
+int(-1)
+uint(127)
+int(127)
+int(-127)
+uint(128)
+int(128)
+int(-128)
+uint(129)
+int(129)
+int(-129)
+uint(255)
+int(255)
+int(-255)
+uint(256)
+int(256)
+int(-256)
+uint(32767)
+int(32767)
+int(-32767)
+uint(32768)
+int(32768)
+int(-32768)
+uint(32769)
+int(32769)
+int(-32769)
+uint(65535)
+int(65535)
+int(-65535)
+uint(65536)
+int(65536)
+int(-65536)
+uint(2147483647)
+int(2147483647)
+int(-2147483647)
+uint(2147483648)
+int(2147483648)
+int(-2147483648)
+uint(2147483649)
+int(2147483649)
+int(-2147483649)
+uint(4294967295)
+int(4294967295)
+int(-4294967295)
+uint(4294967296)
+int(4294967296)
+int(-4294967296)
+uint8(0)
+int8(0)
+uint16(0)
+int16(0)
+uint32(0)
+int32(0)
+uint64(0)
+int64(0)
+uint8(1)
+int8(1)
+int8(-1)
+uint16(1)
+int16(1)
+int16(-1)
+uint32(1)
+int32(1)
+int32(-1)
+uint64(1)
+int64(1)
+int64(-1)
+uint8(127)
+int8(127)
+int8(-127)
+uint16(127)
+int16(127)
+int16(-127)
+uint32(127)
+int32(127)
+int32(-127)
+uint64(127)
+int64(127)
+int64(-127)
+uint8(128)
+int8(128)
+int8(-128)
+uint16(128)
+int16(128)
+int16(-128)
+uint32(128)
+int32(128)
+int32(-128)
+uint64(128)
+int64(128)
+int64(-128)
+uint8(129)
+int8(129)
+int8(-129)
+uint16(129)
+int16(129)
+int16(-129)
+uint32(129)
+int32(129)
+int32(-129)
+uint64(129)
+int64(129)
+int64(-129)
+uint8(255)
+int8(255)
+int8(-255)
+uint16(255)
+int16(255)
+int16(-255)
+uint32(255)
+int32(255)
+int32(-255)
+uint64(255)
+int64(255)
+int64(-255)
+uint8(256)
+int8(256)
+int8(-256)
+uint16(256)
+int16(256)
+int16(-256)
+uint32(256)
+int32(256)
+int32(-256)
+uint64(256)
+int64(256)
+int64(-256)
+uint16(32767)
+int16(32767)
+int16(-32767)
+uint32(32767)
+int32(32767)
+int32(-32767)
+uint64(32767)
+int64(32767)
+int64(-32767)
+uint16(32768)
+int16(32768)
+int16(-32768)
+uint32(32768)
+int32(32768)
+int32(-32768)
+uint64(32768)
+int64(32768)
+int64(-32768)
+uint16(32769)
+int16(32769)
+int16(-32769)
+uint32(32769)
+int32(32769)
+int32(-32769)
+uint64(32769)
+int64(32769)
+int64(-32769)
+uint16(65535)
+int16(65535)
+int16(-65535)
+uint32(65535)
+int32(65535)
+int32(-65535)
+uint64(65535)
+int64(65535)
+int64(-65535)
+uint16(65536)
+int16(65536)
+int16(-65536)
+uint32(65536)
+int32(65536)
+int32(-65536)
+uint64(65536)
+int64(65536)
+int64(-65536)
+uint32(2147483647)
+int32(2147483647)
+int32(-2147483647)
+uint64(2147483647)
+int64(2147483647)
+int64(-2147483647)
+uint32(2147483648)
+int32(2147483648)
+int32(-2147483648)
+uint64(2147483648)
+int64(2147483648)
+int64(-2147483648)
+uint32(2147483649)
+int32(2147483649)
+int32(-2147483649)
+uint64(2147483649)
+int64(2147483649)
+int64(-2147483649)
+uint32(4294967295)
+int32(4294967295)
+int32(-4294967295)
+uint64(4294967295)
+int64(4294967295)
+int64(-4294967295)
+uint32(4294967296)
+int32(4294967296)
+int32(-4294967296)
+uint64(4294967296)
+int64(4294967296)
+int64(-4294967296)
+uint(-3)
+uint(3.928375)
+int(4.000000)
diff --git a/contrib/bc/tests/bc/lib2_results.txt b/contrib/bc/tests/bc/lib2_uint_results.txt
index e5ddb51642a5..7e494e2a0812 100644
--- a/contrib/bc/tests/bc/lib2_results.txt
+++ b/contrib/bc/tests/bc/lib2_uint_results.txt
@@ -1,252 +1,3 @@
-256.00000000000000000000
-256.01774518281640171326
-.00390597924876622489
-42719740718418201647900434123391042292054090447133055398940832156444\
-39451561281100045924173873151.99999999999999999999
-0
-0
-0
-1
-1.000
-1
-2
-34.45
-64.1223
-283.198389
-283.198390
-283.198390
-100.00000
--1
--1.000
--1
--2
--34.45
--64.1223
--283.198389
--283.198390
--283.198390
--100.00000
-0
-0
-0
-1
-1.000
-2
-2
-34.45
-64.1223
-283.198390
-283.198390
-283.198390
-100.00000
--1
--1.000
--2
--2
--34.45
--64.1223
--283.198390
--283.198390
--283.198390
--100.00000
-8770736
--14426950408889634073599246810018921374265.01964302164603717234
-0
-1.00000000000000000000
-2.80735492205760410744
-2.99999999999999999999
-3.00000000000000000000
--4342944819032518276511289189166050822943.53857128275332257904
-0
-.30102999566398119521
-.69897000433601880478
-.95424250943932487459
-.99999999999999999999
-1.00000000000000000000
-1.04139268515822504075
-1.99563519459754991534
-1.99999999999999999999
-2.00000000000000000000
--14426950408889634073599246810018921374265.01964302164603717234
--14426950408889634073599246810018921374265.01964302164603717234
--14426950408889634073599246810018921374265.01964302164603717234
--144269504088896340735992468100189213742664594.88013355604393225658
--14426950408889634073599246810018921374265.01964302164603717234
--4342944819032518276511289189166050822943.53857128275332257904
--4342944819032518276511289189166050822943.53857128275332257904
--4342944819032518276511289189166050822943.53857128275332257904
--4342944819032518276511289189166050822943.53857128275332257904
--434294481903251827651128918916605082294396.66367028674257491242
--4342944819032518276511289189166050822943.53857128275332257904
--4342944819032518276511289189166050822943.53857128275332257904
--4342944819032518276511289189166050822943.53857128275332257904
--4342944819032518276511289189166050822943.53857128275332257904
--4342944819032518276511289189166050822943.53857128275332257904
-3.00000000000000000000
--3.00000000000000000000
-16.00000000000000000000
--16.00000000000000000000
-0
-0
-0
-0
-0
-0
-2.00000000000000000000
-5.00000000000000000000
--5.00000000000000000000
-5
-1
-1
-4
-8
-20480
-6105
-1
-1
-1
-1
-1
-2
-2
-4
-4
-4
-8
-8
-16
-1
-1
-1
-1
-1
-2
-1
-1
-2
-2
-2
-2
-2
-4
-2
-2
-4
-4
-4
-4
-8
-8
-4
-4
-8
-8
-8
-8
-16
-16
-8
-8
-16
-3
-3.1
-3.14
-3.14159
-3.141592653589793238462643383279502884197169399375105820974944592307\
-8164062862089986280348253421170679
-0
-1.55740772465490223050
--1.55740772465490223050
--2.18503986326151899164
-2.18503986326151899164
--.14254654307427780529
-.14254654307427780529
-0
-0
-769230769230769230769.23076923076923076923
--769230769230769230769.23076923076923076923
-1.73205080756887729351
--1.73205080756887729351
-.99999999999999999998
--.99999999999999999998
-.72654252800536088589
--.72654252800536088589
-.57735026918962576449
--.57735026918962576449
-.48157461880752864432
--.48157461880752864432
-.41421356237309504879
--.41421356237309504879
-.36397023426620236134
--.36397023426620236134
-.32491969623290632614
--.32491969623290632614
-.21255656167002212525
--.21255656167002212525
-0
-.78539816339744830961
-1.10714871779409050301
-.46364760900080611621
-3.14159265358979323846
-2.35619449019234492884
-2.03444393579570273544
-2.67794504458898712224
--.78539816339744830961
--1.10714871779409050301
--.46364760900080611621
--2.35619449019234492884
--2.03444393579570273544
--2.67794504458898712224
-1.57079632679489661923
-1.57079632679489661923
--1.57079632679489661923
--1.57079632679489661923
-180.00000000000000000000
-360.00000000000000000000
-89.99999999999999999992
-44.99999999999999999967
-59.99999999999999999975
-35.99999999999999999985
-29.99999999999999999959
-17.99999999999999999964
--180.00000000000000000000
--360.00000000000000000000
--89.99999999999999999992
--44.99999999999999999967
--59.99999999999999999975
--35.99999999999999999985
--29.99999999999999999959
--17.99999999999999999964
-3.14159265358979323846
-6.28318530717958647692
-1.57079632679489661923
-.78539816339744830961
-2.09439510239319549230
-1.25663706143591729538
-1.04719755119659774615
-.62831853071795864769
--3.14159265358979323846
--6.28318530717958647692
--1.57079632679489661923
--.78539816339744830961
--2.09439510239319549230
--1.25663706143591729538
--1.04719755119659774615
--.62831853071795864769
-1
-1
-2
-6
-24
-120
-90
-45
-30
-15
-239500800
-66
-1709789466857472000
-1307504
 0
 0
 1
@@ -704,10 +455,3 @@ FF FF FF FF 00 00 00 00
 Error: -3 is negative.
 Error: 3.928375 is not an integer.
 Error: 4.000000 is not an integer.
-1
-1
-1
-1
-1
-1
-1
diff --git a/contrib/bc/tests/bc/scripts/add.bc b/contrib/bc/tests/bc/scripts/add_00100.bc
index 9cffa2c28750..687ba889c307 100644
--- a/contrib/bc/tests/bc/scripts/add.bc
+++ b/contrib/bc/tests/bc/scripts/add_00100.bc
@@ -10,7 +10,7 @@ for (i = 0; i <= len; ++i) {
 	a[i]
 }
 
-for (i = 1; i <= 10000; ++i) {
+for (i = 1; i <= 100; ++i) {
 	for (j = 0; j < len; ++j) {
 		a[i] + a[j]
 	}
diff --git a/contrib/bc/tests/bc/scripts/add_00200.bc b/contrib/bc/tests/bc/scripts/add_00200.bc
new file mode 100644
index 000000000000..21112195c65d
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_00200.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 101; i <= 200; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_00300.bc b/contrib/bc/tests/bc/scripts/add_00300.bc
new file mode 100644
index 000000000000..1b2cb7784754
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_00300.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 201; i <= 300; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_00400.bc b/contrib/bc/tests/bc/scripts/add_00400.bc
new file mode 100644
index 000000000000..e8a8def0450c
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_00400.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 301; i <= 400; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_00500.bc b/contrib/bc/tests/bc/scripts/add_00500.bc
new file mode 100644
index 000000000000..971991e0f457
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_00500.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 401; i <= 500; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_00600.bc b/contrib/bc/tests/bc/scripts/add_00600.bc
new file mode 100644
index 000000000000..dc758b170e5e
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_00600.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 501; i <= 600; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_00700.bc b/contrib/bc/tests/bc/scripts/add_00700.bc
new file mode 100644
index 000000000000..6819689561d5
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_00700.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 601; i <= 700; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_00800.bc b/contrib/bc/tests/bc/scripts/add_00800.bc
new file mode 100644
index 000000000000..593144457957
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_00800.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 701; i <= 800; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_00900.bc b/contrib/bc/tests/bc/scripts/add_00900.bc
new file mode 100644
index 000000000000..a6cee4ff0b39
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_00900.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 801; i <= 900; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_01000.bc b/contrib/bc/tests/bc/scripts/add_01000.bc
new file mode 100644
index 000000000000..6f3d42a3590f
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_01000.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 901; i <= 1000; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_01100.bc b/contrib/bc/tests/bc/scripts/add_01100.bc
new file mode 100644
index 000000000000..98866672d814
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_01100.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 1001; i <= 1100; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_01200.bc b/contrib/bc/tests/bc/scripts/add_01200.bc
new file mode 100644
index 000000000000..82b74b103fb0
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_01200.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 1101; i <= 1200; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_01300.bc b/contrib/bc/tests/bc/scripts/add_01300.bc
new file mode 100644
index 000000000000..45e0ea4637cb
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_01300.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 1201; i <= 1300; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_01400.bc b/contrib/bc/tests/bc/scripts/add_01400.bc
new file mode 100644
index 000000000000..123fba19dcc0
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_01400.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 1301; i <= 1400; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_01500.bc b/contrib/bc/tests/bc/scripts/add_01500.bc
new file mode 100644
index 000000000000..59a2a0dac4d1
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_01500.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 1401; i <= 1500; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_01600.bc b/contrib/bc/tests/bc/scripts/add_01600.bc
new file mode 100644
index 000000000000..2df24a0c006c
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_01600.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 1501; i <= 1600; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_01700.bc b/contrib/bc/tests/bc/scripts/add_01700.bc
new file mode 100644
index 000000000000..0646f0b881c8
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_01700.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 1601; i <= 1700; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_01800.bc b/contrib/bc/tests/bc/scripts/add_01800.bc
new file mode 100644
index 000000000000..65a725c9cc0c
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_01800.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 1701; i <= 1800; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_01900.bc b/contrib/bc/tests/bc/scripts/add_01900.bc
new file mode 100644
index 000000000000..b73af970dd5c
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_01900.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 1801; i <= 1900; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_02000.bc b/contrib/bc/tests/bc/scripts/add_02000.bc
new file mode 100644
index 000000000000..ea76021121c3
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_02000.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 1901; i <= 2000; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_02100.bc b/contrib/bc/tests/bc/scripts/add_02100.bc
new file mode 100644
index 000000000000..0bc93bf08aa2
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_02100.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 2001; i <= 2100; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_02200.bc b/contrib/bc/tests/bc/scripts/add_02200.bc
new file mode 100644
index 000000000000..ad1aa7a32708
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_02200.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 2101; i <= 2200; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_02300.bc b/contrib/bc/tests/bc/scripts/add_02300.bc
new file mode 100644
index 000000000000..8e9622db6390
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_02300.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 2201; i <= 2300; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_02400.bc b/contrib/bc/tests/bc/scripts/add_02400.bc
new file mode 100644
index 000000000000..4cedd06b481f
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_02400.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 2301; i <= 2400; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_02500.bc b/contrib/bc/tests/bc/scripts/add_02500.bc
new file mode 100644
index 000000000000..75b599350b6a
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_02500.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 2401; i <= 2500; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_02600.bc b/contrib/bc/tests/bc/scripts/add_02600.bc
new file mode 100644
index 000000000000..ea371d5b3e96
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_02600.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 2501; i <= 2600; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_02700.bc b/contrib/bc/tests/bc/scripts/add_02700.bc
new file mode 100644
index 000000000000..6e03b41c9549
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_02700.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 2601; i <= 2700; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_02800.bc b/contrib/bc/tests/bc/scripts/add_02800.bc
new file mode 100644
index 000000000000..91e3dc906498
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_02800.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 2701; i <= 2800; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_02900.bc b/contrib/bc/tests/bc/scripts/add_02900.bc
new file mode 100644
index 000000000000..ab103da6cc1f
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_02900.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 2801; i <= 2900; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_03000.bc b/contrib/bc/tests/bc/scripts/add_03000.bc
new file mode 100644
index 000000000000..f0149001652e
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_03000.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 2901; i <= 3000; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_03100.bc b/contrib/bc/tests/bc/scripts/add_03100.bc
new file mode 100644
index 000000000000..371d3d6d0977
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_03100.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 3001; i <= 3100; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_03200.bc b/contrib/bc/tests/bc/scripts/add_03200.bc
new file mode 100644
index 000000000000..d8f361df8748
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_03200.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 3101; i <= 3200; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_03300.bc b/contrib/bc/tests/bc/scripts/add_03300.bc
new file mode 100644
index 000000000000..115f61b128c5
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_03300.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 3201; i <= 3300; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_03400.bc b/contrib/bc/tests/bc/scripts/add_03400.bc
new file mode 100644
index 000000000000..c5dbb7b1148c
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_03400.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 3301; i <= 3400; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_03500.bc b/contrib/bc/tests/bc/scripts/add_03500.bc
new file mode 100644
index 000000000000..f487c0d05ce9
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_03500.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 3401; i <= 3500; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_03600.bc b/contrib/bc/tests/bc/scripts/add_03600.bc
new file mode 100644
index 000000000000..eab41fd22f77
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_03600.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 3501; i <= 3600; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_03700.bc b/contrib/bc/tests/bc/scripts/add_03700.bc
new file mode 100644
index 000000000000..40c7f6c9f72a
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_03700.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 3601; i <= 3700; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_03800.bc b/contrib/bc/tests/bc/scripts/add_03800.bc
new file mode 100644
index 000000000000..9732ea39866b
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_03800.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 3701; i <= 3800; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_03900.bc b/contrib/bc/tests/bc/scripts/add_03900.bc
new file mode 100644
index 000000000000..c4bb1e4f5023
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_03900.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 3801; i <= 3900; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_04000.bc b/contrib/bc/tests/bc/scripts/add_04000.bc
new file mode 100644
index 000000000000..9f4c832d40a2
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_04000.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 3901; i <= 4000; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_04100.bc b/contrib/bc/tests/bc/scripts/add_04100.bc
new file mode 100644
index 000000000000..a54f8711ad32
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_04100.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 4001; i <= 4100; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_04200.bc b/contrib/bc/tests/bc/scripts/add_04200.bc
new file mode 100644
index 000000000000..f0d7f4ac2200
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_04200.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 4101; i <= 4200; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_04300.bc b/contrib/bc/tests/bc/scripts/add_04300.bc
new file mode 100644
index 000000000000..6f1fd34d1d83
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_04300.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 4201; i <= 4300; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_04400.bc b/contrib/bc/tests/bc/scripts/add_04400.bc
new file mode 100644
index 000000000000..d61ebb5cb850
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_04400.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 4301; i <= 4400; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_04500.bc b/contrib/bc/tests/bc/scripts/add_04500.bc
new file mode 100644
index 000000000000..dec1d8d51a0a
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_04500.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 4401; i <= 4500; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_04600.bc b/contrib/bc/tests/bc/scripts/add_04600.bc
new file mode 100644
index 000000000000..c11374d541c2
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_04600.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 4501; i <= 4600; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_04700.bc b/contrib/bc/tests/bc/scripts/add_04700.bc
new file mode 100644
index 000000000000..f58c124a04b4
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_04700.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 4601; i <= 4700; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_04800.bc b/contrib/bc/tests/bc/scripts/add_04800.bc
new file mode 100644
index 000000000000..a814317464d0
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_04800.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 4701; i <= 4800; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_04900.bc b/contrib/bc/tests/bc/scripts/add_04900.bc
new file mode 100644
index 000000000000..e6c45fda681f
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_04900.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 4801; i <= 4900; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_05000.bc b/contrib/bc/tests/bc/scripts/add_05000.bc
new file mode 100644
index 000000000000..b5f942c75b9c
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_05000.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 4901; i <= 5000; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_05100.bc b/contrib/bc/tests/bc/scripts/add_05100.bc
new file mode 100644
index 000000000000..7b6db4cab7c7
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_05100.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 5001; i <= 5100; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_05200.bc b/contrib/bc/tests/bc/scripts/add_05200.bc
new file mode 100644
index 000000000000..e00390c3a185
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_05200.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 5101; i <= 5200; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_05300.bc b/contrib/bc/tests/bc/scripts/add_05300.bc
new file mode 100644
index 000000000000..bba349b19f58
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_05300.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 5201; i <= 5300; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_05400.bc b/contrib/bc/tests/bc/scripts/add_05400.bc
new file mode 100644
index 000000000000..4d56e6444d22
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_05400.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 5301; i <= 5400; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_05500.bc b/contrib/bc/tests/bc/scripts/add_05500.bc
new file mode 100644
index 000000000000..f44e5da24185
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_05500.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 5401; i <= 5500; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_05600.bc b/contrib/bc/tests/bc/scripts/add_05600.bc
new file mode 100644
index 000000000000..7085cfb977a0
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_05600.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 5501; i <= 5600; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_05700.bc b/contrib/bc/tests/bc/scripts/add_05700.bc
new file mode 100644
index 000000000000..3cb664410ce6
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_05700.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 5601; i <= 5700; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_05800.bc b/contrib/bc/tests/bc/scripts/add_05800.bc
new file mode 100644
index 000000000000..2b2371a97dbc
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_05800.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 5701; i <= 5800; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_05900.bc b/contrib/bc/tests/bc/scripts/add_05900.bc
new file mode 100644
index 000000000000..263c186e6e4a
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_05900.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 5801; i <= 5900; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_06000.bc b/contrib/bc/tests/bc/scripts/add_06000.bc
new file mode 100644
index 000000000000..6a0c9adba929
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_06000.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 5901; i <= 6000; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_06100.bc b/contrib/bc/tests/bc/scripts/add_06100.bc
new file mode 100644
index 000000000000..a39e08d837a5
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_06100.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 6001; i <= 6100; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_06200.bc b/contrib/bc/tests/bc/scripts/add_06200.bc
new file mode 100644
index 000000000000..3c027b50e4c7
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_06200.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 6101; i <= 6200; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_06300.bc b/contrib/bc/tests/bc/scripts/add_06300.bc
new file mode 100644
index 000000000000..0034dff383c4
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_06300.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 6201; i <= 6300; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_06400.bc b/contrib/bc/tests/bc/scripts/add_06400.bc
new file mode 100644
index 000000000000..e76787fff84b
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_06400.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 6301; i <= 6400; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_06500.bc b/contrib/bc/tests/bc/scripts/add_06500.bc
new file mode 100644
index 000000000000..219b0bfb1f21
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_06500.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 6401; i <= 6500; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_06600.bc b/contrib/bc/tests/bc/scripts/add_06600.bc
new file mode 100644
index 000000000000..c881cdd331a5
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_06600.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 6501; i <= 6600; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_06700.bc b/contrib/bc/tests/bc/scripts/add_06700.bc
new file mode 100644
index 000000000000..89578ced8323
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_06700.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 6601; i <= 6700; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_06800.bc b/contrib/bc/tests/bc/scripts/add_06800.bc
new file mode 100644
index 000000000000..43808bbad6db
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_06800.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 6701; i <= 6800; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_06900.bc b/contrib/bc/tests/bc/scripts/add_06900.bc
new file mode 100644
index 000000000000..aa3e232f95c3
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_06900.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 6801; i <= 6900; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_07000.bc b/contrib/bc/tests/bc/scripts/add_07000.bc
new file mode 100644
index 000000000000..619efe0b1fbc
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_07000.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 6901; i <= 7000; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_07100.bc b/contrib/bc/tests/bc/scripts/add_07100.bc
new file mode 100644
index 000000000000..7f62385972ba
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_07100.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 7001; i <= 7100; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_07200.bc b/contrib/bc/tests/bc/scripts/add_07200.bc
new file mode 100644
index 000000000000..9275056c7b48
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_07200.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 7101; i <= 7200; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_07300.bc b/contrib/bc/tests/bc/scripts/add_07300.bc
new file mode 100644
index 000000000000..aae0593d5453
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_07300.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 7201; i <= 7300; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_07400.bc b/contrib/bc/tests/bc/scripts/add_07400.bc
new file mode 100644
index 000000000000..5ec925f71453
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_07400.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 7301; i <= 7400; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_07500.bc b/contrib/bc/tests/bc/scripts/add_07500.bc
new file mode 100644
index 000000000000..79e3da3795ae
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_07500.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 7401; i <= 7500; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_07600.bc b/contrib/bc/tests/bc/scripts/add_07600.bc
new file mode 100644
index 000000000000..0a6787de4f9a
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_07600.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 7501; i <= 7600; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_07700.bc b/contrib/bc/tests/bc/scripts/add_07700.bc
new file mode 100644
index 000000000000..68a270cb2149
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_07700.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 7601; i <= 7700; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_07800.bc b/contrib/bc/tests/bc/scripts/add_07800.bc
new file mode 100644
index 000000000000..266fb799877e
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_07800.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 7701; i <= 7800; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_07900.bc b/contrib/bc/tests/bc/scripts/add_07900.bc
new file mode 100644
index 000000000000..34759324fbe9
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_07900.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 7801; i <= 7900; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_08000.bc b/contrib/bc/tests/bc/scripts/add_08000.bc
new file mode 100644
index 000000000000..7194e35553bd
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_08000.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 7901; i <= 8000; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_08100.bc b/contrib/bc/tests/bc/scripts/add_08100.bc
new file mode 100644
index 000000000000..899afff7c49f
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_08100.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 8001; i <= 8100; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_08200.bc b/contrib/bc/tests/bc/scripts/add_08200.bc
new file mode 100644
index 000000000000..7898c65c3f39
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_08200.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 8101; i <= 8200; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_08300.bc b/contrib/bc/tests/bc/scripts/add_08300.bc
new file mode 100644
index 000000000000..e524af4e6365
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_08300.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 8201; i <= 8300; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_08400.bc b/contrib/bc/tests/bc/scripts/add_08400.bc
new file mode 100644
index 000000000000..e1835790b535
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_08400.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 8301; i <= 8400; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_08500.bc b/contrib/bc/tests/bc/scripts/add_08500.bc
new file mode 100644
index 000000000000..33a1b69888fb
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_08500.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 8401; i <= 8500; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_08600.bc b/contrib/bc/tests/bc/scripts/add_08600.bc
new file mode 100644
index 000000000000..a0a85ed50d2e
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_08600.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 8501; i <= 8600; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_08700.bc b/contrib/bc/tests/bc/scripts/add_08700.bc
new file mode 100644
index 000000000000..cf453c39167c
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_08700.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 8601; i <= 8700; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_08800.bc b/contrib/bc/tests/bc/scripts/add_08800.bc
new file mode 100644
index 000000000000..0714a10c14dd
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_08800.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 8701; i <= 8800; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_08900.bc b/contrib/bc/tests/bc/scripts/add_08900.bc
new file mode 100644
index 000000000000..1cf95e2507f0
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_08900.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 8801; i <= 8900; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_09000.bc b/contrib/bc/tests/bc/scripts/add_09000.bc
new file mode 100644
index 000000000000..3838cb3e90e0
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_09000.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 8901; i <= 9000; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_09100.bc b/contrib/bc/tests/bc/scripts/add_09100.bc
new file mode 100644
index 000000000000..f5771ed8b8f9
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_09100.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 9001; i <= 9100; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_09200.bc b/contrib/bc/tests/bc/scripts/add_09200.bc
new file mode 100644
index 000000000000..4f9e0638fdd7
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_09200.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 9101; i <= 9200; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_09300.bc b/contrib/bc/tests/bc/scripts/add_09300.bc
new file mode 100644
index 000000000000..b4fc793980c6
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_09300.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 9201; i <= 9300; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_09400.bc b/contrib/bc/tests/bc/scripts/add_09400.bc
new file mode 100644
index 000000000000..302f328b3c16
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_09400.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 9301; i <= 9400; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_09500.bc b/contrib/bc/tests/bc/scripts/add_09500.bc
new file mode 100644
index 000000000000..a2fc67f64439
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_09500.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 9401; i <= 9500; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_09600.bc b/contrib/bc/tests/bc/scripts/add_09600.bc
new file mode 100644
index 000000000000..0b36a67aeff6
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_09600.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 9501; i <= 9600; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_09700.bc b/contrib/bc/tests/bc/scripts/add_09700.bc
new file mode 100644
index 000000000000..5f7c395c3a22
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_09700.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 9601; i <= 9700; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_09800.bc b/contrib/bc/tests/bc/scripts/add_09800.bc
new file mode 100644
index 000000000000..23c044c7dbc9
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_09800.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 9701; i <= 9800; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_09900.bc b/contrib/bc/tests/bc/scripts/add_09900.bc
new file mode 100644
index 000000000000..42d1a28d42b6
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_09900.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 9801; i <= 9900; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/add_10000.bc b/contrib/bc/tests/bc/scripts/add_10000.bc
new file mode 100644
index 000000000000..518e937c48a3
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/add_10000.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 9901; i <= 10000; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] + a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/all.txt b/contrib/bc/tests/bc/scripts/all.txt
index 7b49f7c4e77a..935f05cf9fb2 100644
--- a/contrib/bc/tests/bc/scripts/all.txt
+++ b/contrib/bc/tests/bc/scripts/all.txt
@@ -1,10 +1,404 @@
-multiply.bc
-divide.bc
-subtract.bc
-add.bc
-print.bc
+multiply_00100.bc
+multiply_00200.bc
+multiply_00300.bc
+multiply_00400.bc
+multiply_00500.bc
+multiply_00600.bc
+multiply_00700.bc
+multiply_00800.bc
+multiply_00900.bc
+multiply_01000.bc
+multiply_01100.bc
+multiply_01200.bc
+multiply_01300.bc
+multiply_01400.bc
+multiply_01500.bc
+multiply_01600.bc
+multiply_01700.bc
+multiply_01800.bc
+multiply_01900.bc
+multiply_02000.bc
+multiply_02100.bc
+multiply_02200.bc
+multiply_02300.bc
+multiply_02400.bc
+multiply_02500.bc
+multiply_02600.bc
+multiply_02700.bc
+multiply_02800.bc
+multiply_02900.bc
+multiply_03000.bc
+multiply_03100.bc
+multiply_03200.bc
+multiply_03300.bc
+multiply_03400.bc
+multiply_03500.bc
+multiply_03600.bc
+multiply_03700.bc
+multiply_03800.bc
+multiply_03900.bc
+multiply_04000.bc
+multiply_04100.bc
+multiply_04200.bc
+multiply_04300.bc
+multiply_04400.bc
+multiply_04500.bc
+multiply_04600.bc
+multiply_04700.bc
+multiply_04800.bc
+multiply_04900.bc
+multiply_05000.bc
+multiply_05100.bc
+multiply_05200.bc
+multiply_05300.bc
+multiply_05400.bc
+multiply_05500.bc
+multiply_05600.bc
+multiply_05700.bc
+multiply_05800.bc
+multiply_05900.bc
+multiply_06000.bc
+multiply_06100.bc
+multiply_06200.bc
+multiply_06300.bc
+multiply_06400.bc
+multiply_06500.bc
+multiply_06600.bc
+multiply_06700.bc
+multiply_06800.bc
+multiply_06900.bc
+multiply_07000.bc
+multiply_07100.bc
+multiply_07200.bc
+multiply_07300.bc
+multiply_07400.bc
+multiply_07500.bc
+multiply_07600.bc
+multiply_07700.bc
+multiply_07800.bc
+multiply_07900.bc
+multiply_08000.bc
+multiply_08100.bc
+multiply_08200.bc
+multiply_08300.bc
+multiply_08400.bc
+multiply_08500.bc
+multiply_08600.bc
+multiply_08700.bc
+multiply_08800.bc
+multiply_08900.bc
+multiply_09000.bc
+multiply_09100.bc
+multiply_09200.bc
+multiply_09300.bc
+multiply_09400.bc
+multiply_09500.bc
+multiply_09600.bc
+multiply_09700.bc
+multiply_09800.bc
+multiply_09900.bc
+multiply_10000.bc
+divide_00100.bc
+divide_00200.bc
+divide_00300.bc
+divide_00400.bc
+divide_00500.bc
+divide_00600.bc
+divide_00700.bc
+divide_00800.bc
+divide_00900.bc
+divide_01000.bc
+divide_01100.bc
+divide_01200.bc
+divide_01300.bc
+divide_01400.bc
+divide_01500.bc
+divide_01600.bc
+divide_01700.bc
+divide_01800.bc
+divide_01900.bc
+divide_02000.bc
+divide_02100.bc
+divide_02200.bc
+divide_02300.bc
+divide_02400.bc
+divide_02500.bc
+divide_02600.bc
+divide_02700.bc
+divide_02800.bc
+divide_02900.bc
+divide_03000.bc
+divide_03100.bc
+divide_03200.bc
+divide_03300.bc
+divide_03400.bc
+divide_03500.bc
+divide_03600.bc
+divide_03700.bc
+divide_03800.bc
+divide_03900.bc
+divide_04000.bc
+divide_04100.bc
+divide_04200.bc
+divide_04300.bc
+divide_04400.bc
+divide_04500.bc
+divide_04600.bc
+divide_04700.bc
+divide_04800.bc
+divide_04900.bc
+divide_05000.bc
+divide_05100.bc
+divide_05200.bc
+divide_05300.bc
+divide_05400.bc
+divide_05500.bc
+divide_05600.bc
+divide_05700.bc
+divide_05800.bc
+divide_05900.bc
+divide_06000.bc
+divide_06100.bc
+divide_06200.bc
+divide_06300.bc
+divide_06400.bc
+divide_06500.bc
+divide_06600.bc
+divide_06700.bc
+divide_06800.bc
+divide_06900.bc
+divide_07000.bc
+divide_07100.bc
+divide_07200.bc
+divide_07300.bc
+divide_07400.bc
+divide_07500.bc
+divide_07600.bc
+divide_07700.bc
+divide_07800.bc
+divide_07900.bc
+divide_08000.bc
+divide_08100.bc
+divide_08200.bc
+divide_08300.bc
+divide_08400.bc
+divide_08500.bc
+divide_08600.bc
+divide_08700.bc
+divide_08800.bc
+divide_08900.bc
+divide_09000.bc
+divide_09100.bc
+divide_09200.bc
+divide_09300.bc
+divide_09400.bc
+divide_09500.bc
+divide_09600.bc
+divide_09700.bc
+divide_09800.bc
+divide_09900.bc
+divide_10000.bc
+subtract_00100.bc
+subtract_00200.bc
+subtract_00300.bc
+subtract_00400.bc
+subtract_00500.bc
+subtract_00600.bc
+subtract_00700.bc
+subtract_00800.bc
+subtract_00900.bc
+subtract_01000.bc
+subtract_01100.bc
+subtract_01200.bc
+subtract_01300.bc
+subtract_01400.bc
+subtract_01500.bc
+subtract_01600.bc
+subtract_01700.bc
+subtract_01800.bc
+subtract_01900.bc
+subtract_02000.bc
+subtract_02100.bc
+subtract_02200.bc
+subtract_02300.bc
+subtract_02400.bc
+subtract_02500.bc
+subtract_02600.bc
+subtract_02700.bc
+subtract_02800.bc
+subtract_02900.bc
+subtract_03000.bc
+subtract_03100.bc
+subtract_03200.bc
+subtract_03300.bc
+subtract_03400.bc
+subtract_03500.bc
+subtract_03600.bc
+subtract_03700.bc
+subtract_03800.bc
+subtract_03900.bc
+subtract_04000.bc
+subtract_04100.bc
+subtract_04200.bc
+subtract_04300.bc
+subtract_04400.bc
+subtract_04500.bc
+subtract_04600.bc
+subtract_04700.bc
+subtract_04800.bc
+subtract_04900.bc
+subtract_05000.bc
+subtract_05100.bc
+subtract_05200.bc
+subtract_05300.bc
+subtract_05400.bc
+subtract_05500.bc
+subtract_05600.bc
+subtract_05700.bc
+subtract_05800.bc
+subtract_05900.bc
+subtract_06000.bc
+subtract_06100.bc
+subtract_06200.bc
+subtract_06300.bc
+subtract_06400.bc
+subtract_06500.bc
+subtract_06600.bc
+subtract_06700.bc
+subtract_06800.bc
+subtract_06900.bc
+subtract_07000.bc
+subtract_07100.bc
+subtract_07200.bc
+subtract_07300.bc
+subtract_07400.bc
+subtract_07500.bc
+subtract_07600.bc
+subtract_07700.bc
+subtract_07800.bc
+subtract_07900.bc
+subtract_08000.bc
+subtract_08100.bc
+subtract_08200.bc
+subtract_08300.bc
+subtract_08400.bc
+subtract_08500.bc
+subtract_08600.bc
+subtract_08700.bc
+subtract_08800.bc
+subtract_08900.bc
+subtract_09000.bc
+subtract_09100.bc
+subtract_09200.bc
+subtract_09300.bc
+subtract_09400.bc
+subtract_09500.bc
+subtract_09600.bc
+subtract_09700.bc
+subtract_09800.bc
+subtract_09900.bc
+subtract_10000.bc
+add_00100.bc
+add_00200.bc
+add_00300.bc
+add_00400.bc
+add_00500.bc
+add_00600.bc
+add_00700.bc
+add_00800.bc
+add_00900.bc
+add_01000.bc
+add_01100.bc
+add_01200.bc
+add_01300.bc
+add_01400.bc
+add_01500.bc
+add_01600.bc
+add_01700.bc
+add_01800.bc
+add_01900.bc
+add_02000.bc
+add_02100.bc
+add_02200.bc
+add_02300.bc
+add_02400.bc
+add_02500.bc
+add_02600.bc
+add_02700.bc
+add_02800.bc
+add_02900.bc
+add_03000.bc
+add_03100.bc
+add_03200.bc
+add_03300.bc
+add_03400.bc
+add_03500.bc
+add_03600.bc
+add_03700.bc
+add_03800.bc
+add_03900.bc
+add_04000.bc
+add_04100.bc
+add_04200.bc
+add_04300.bc
+add_04400.bc
+add_04500.bc
+add_04600.bc
+add_04700.bc
+add_04800.bc
+add_04900.bc
+add_05000.bc
+add_05100.bc
+add_05200.bc
+add_05300.bc
+add_05400.bc
+add_05500.bc
+add_05600.bc
+add_05700.bc
+add_05800.bc
+add_05900.bc
+add_06000.bc
+add_06100.bc
+add_06200.bc
+add_06300.bc
+add_06400.bc
+add_06500.bc
+add_06600.bc
+add_06700.bc
+add_06800.bc
+add_06900.bc
+add_07000.bc
+add_07100.bc
+add_07200.bc
+add_07300.bc
+add_07400.bc
+add_07500.bc
+add_07600.bc
+add_07700.bc
+add_07800.bc
+add_07900.bc
+add_08000.bc
+add_08100.bc
+add_08200.bc
+add_08300.bc
+add_08400.bc
+add_08500.bc
+add_08600.bc
+add_08700.bc
+add_08800.bc
+add_08900.bc
+add_09000.bc
+add_09100.bc
+add_09200.bc
+add_09300.bc
+add_09400.bc
+add_09500.bc
+add_09600.bc
+add_09700.bc
+add_09800.bc
+add_09900.bc
+add_10000.bc
 print2.bc
-parse.bc
 root.bc
 array.bc
 array2.bc
diff --git a/contrib/bc/tests/bc/scripts/divide.bc b/contrib/bc/tests/bc/scripts/divide_00100.bc
index 51a4c0082d6a..d2685faf9cd3 100644
--- a/contrib/bc/tests/bc/scripts/divide.bc
+++ b/contrib/bc/tests/bc/scripts/divide_00100.bc
@@ -12,7 +12,7 @@ for (i = 0; i <= len; ++i) {
 	a[i]
 }
 
-for (i = 1; i <= 10000; ++i) {
+for (i = 1; i <= 100; ++i) {
 	for (j = 0; j < len; ++j) {
 		a[0] / a[j]
 		a[i] / a[j]
diff --git a/contrib/bc/tests/bc/scripts/divide_00200.bc b/contrib/bc/tests/bc/scripts/divide_00200.bc
new file mode 100644
index 000000000000..027642c504d0
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_00200.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 101; i <= 200; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_00300.bc b/contrib/bc/tests/bc/scripts/divide_00300.bc
new file mode 100644
index 000000000000..53a3fb2e3d3a
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_00300.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 201; i <= 300; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_00400.bc b/contrib/bc/tests/bc/scripts/divide_00400.bc
new file mode 100644
index 000000000000..15f8ba961e61
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_00400.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 301; i <= 400; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_00500.bc b/contrib/bc/tests/bc/scripts/divide_00500.bc
new file mode 100644
index 000000000000..732bd2867a23
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_00500.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 401; i <= 500; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_00600.bc b/contrib/bc/tests/bc/scripts/divide_00600.bc
new file mode 100644
index 000000000000..4ac87e33319f
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_00600.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 501; i <= 600; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_00700.bc b/contrib/bc/tests/bc/scripts/divide_00700.bc
new file mode 100644
index 000000000000..0b272167f0fb
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_00700.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 601; i <= 700; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_00800.bc b/contrib/bc/tests/bc/scripts/divide_00800.bc
new file mode 100644
index 000000000000..0e08bb7016e3
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_00800.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 701; i <= 800; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_00900.bc b/contrib/bc/tests/bc/scripts/divide_00900.bc
new file mode 100644
index 000000000000..cef55f474661
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_00900.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 801; i <= 900; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_01000.bc b/contrib/bc/tests/bc/scripts/divide_01000.bc
new file mode 100644
index 000000000000..5291d71fc316
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_01000.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 901; i <= 1000; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_01100.bc b/contrib/bc/tests/bc/scripts/divide_01100.bc
new file mode 100644
index 000000000000..ff9a49a6bd9a
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_01100.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 1001; i <= 1100; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_01200.bc b/contrib/bc/tests/bc/scripts/divide_01200.bc
new file mode 100644
index 000000000000..9dd0fadf3a4d
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_01200.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 1101; i <= 1200; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_01300.bc b/contrib/bc/tests/bc/scripts/divide_01300.bc
new file mode 100644
index 000000000000..5ac02c35a087
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_01300.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 1201; i <= 1300; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_01400.bc b/contrib/bc/tests/bc/scripts/divide_01400.bc
new file mode 100644
index 000000000000..9189a546b01c
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_01400.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 1301; i <= 1400; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_01500.bc b/contrib/bc/tests/bc/scripts/divide_01500.bc
new file mode 100644
index 000000000000..7feed3c7389d
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_01500.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 1401; i <= 1500; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_01600.bc b/contrib/bc/tests/bc/scripts/divide_01600.bc
new file mode 100644
index 000000000000..4847d9dbe62c
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_01600.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 1501; i <= 1600; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_01700.bc b/contrib/bc/tests/bc/scripts/divide_01700.bc
new file mode 100644
index 000000000000..81db9b7b4bbe
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_01700.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 1601; i <= 1700; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_01800.bc b/contrib/bc/tests/bc/scripts/divide_01800.bc
new file mode 100644
index 000000000000..25b7476e7d6e
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_01800.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 1701; i <= 1800; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_01900.bc b/contrib/bc/tests/bc/scripts/divide_01900.bc
new file mode 100644
index 000000000000..80a8292c0b52
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_01900.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 1801; i <= 1900; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_02000.bc b/contrib/bc/tests/bc/scripts/divide_02000.bc
new file mode 100644
index 000000000000..268f1636f65f
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_02000.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 1901; i <= 2000; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_02100.bc b/contrib/bc/tests/bc/scripts/divide_02100.bc
new file mode 100644
index 000000000000..cd5f57546856
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_02100.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 2001; i <= 2100; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_02200.bc b/contrib/bc/tests/bc/scripts/divide_02200.bc
new file mode 100644
index 000000000000..40eb46b58dc8
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_02200.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 2101; i <= 2200; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_02300.bc b/contrib/bc/tests/bc/scripts/divide_02300.bc
new file mode 100644
index 000000000000..50da630cdeb1
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_02300.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 2201; i <= 2300; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_02400.bc b/contrib/bc/tests/bc/scripts/divide_02400.bc
new file mode 100644
index 000000000000..744e082c95b5
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_02400.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 2301; i <= 2400; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_02500.bc b/contrib/bc/tests/bc/scripts/divide_02500.bc
new file mode 100644
index 000000000000..294f2677971f
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_02500.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 2401; i <= 2500; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_02600.bc b/contrib/bc/tests/bc/scripts/divide_02600.bc
new file mode 100644
index 000000000000..0adb8203d56b
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_02600.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 2501; i <= 2600; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_02700.bc b/contrib/bc/tests/bc/scripts/divide_02700.bc
new file mode 100644
index 000000000000..7107d6674bcf
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_02700.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 2601; i <= 2700; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_02800.bc b/contrib/bc/tests/bc/scripts/divide_02800.bc
new file mode 100644
index 000000000000..0a818c9461c6
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_02800.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 2701; i <= 2800; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_02900.bc b/contrib/bc/tests/bc/scripts/divide_02900.bc
new file mode 100644
index 000000000000..8113032c261b
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_02900.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 2801; i <= 2900; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_03000.bc b/contrib/bc/tests/bc/scripts/divide_03000.bc
new file mode 100644
index 000000000000..772d2e8cd2c3
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_03000.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 2901; i <= 3000; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_03100.bc b/contrib/bc/tests/bc/scripts/divide_03100.bc
new file mode 100644
index 000000000000..916759661db5
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_03100.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 3001; i <= 3100; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_03200.bc b/contrib/bc/tests/bc/scripts/divide_03200.bc
new file mode 100644
index 000000000000..52542b9b6dd1
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_03200.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 3101; i <= 3200; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_03300.bc b/contrib/bc/tests/bc/scripts/divide_03300.bc
new file mode 100644
index 000000000000..d2315cf2ad43
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_03300.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 3201; i <= 3300; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_03400.bc b/contrib/bc/tests/bc/scripts/divide_03400.bc
new file mode 100644
index 000000000000..03cf3e5c7d67
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_03400.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 3301; i <= 3400; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_03500.bc b/contrib/bc/tests/bc/scripts/divide_03500.bc
new file mode 100644
index 000000000000..8fac5cc5bb82
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_03500.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 3401; i <= 3500; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_03600.bc b/contrib/bc/tests/bc/scripts/divide_03600.bc
new file mode 100644
index 000000000000..a8a3af330a29
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_03600.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 3501; i <= 3600; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_03700.bc b/contrib/bc/tests/bc/scripts/divide_03700.bc
new file mode 100644
index 000000000000..9f38b3e61350
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_03700.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 3601; i <= 3700; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_03800.bc b/contrib/bc/tests/bc/scripts/divide_03800.bc
new file mode 100644
index 000000000000..db59cdd08602
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_03800.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 3701; i <= 3800; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_03900.bc b/contrib/bc/tests/bc/scripts/divide_03900.bc
new file mode 100644
index 000000000000..d7de3afba717
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_03900.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 3801; i <= 3900; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_04000.bc b/contrib/bc/tests/bc/scripts/divide_04000.bc
new file mode 100644
index 000000000000..86755a73ef5b
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_04000.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 3901; i <= 4000; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_04100.bc b/contrib/bc/tests/bc/scripts/divide_04100.bc
new file mode 100644
index 000000000000..03156cd3a747
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_04100.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 4001; i <= 4100; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_04200.bc b/contrib/bc/tests/bc/scripts/divide_04200.bc
new file mode 100644
index 000000000000..2df36aa73292
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_04200.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 4101; i <= 4200; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_04300.bc b/contrib/bc/tests/bc/scripts/divide_04300.bc
new file mode 100644
index 000000000000..527cbb191fa3
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_04300.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 4201; i <= 4300; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_04400.bc b/contrib/bc/tests/bc/scripts/divide_04400.bc
new file mode 100644
index 000000000000..358cf70a6a81
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_04400.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 4301; i <= 4400; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_04500.bc b/contrib/bc/tests/bc/scripts/divide_04500.bc
new file mode 100644
index 000000000000..d298c5ba1801
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_04500.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 4401; i <= 4500; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_04600.bc b/contrib/bc/tests/bc/scripts/divide_04600.bc
new file mode 100644
index 000000000000..b58a50a8c5a3
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_04600.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 4501; i <= 4600; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_04700.bc b/contrib/bc/tests/bc/scripts/divide_04700.bc
new file mode 100644
index 000000000000..05a561bd145b
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_04700.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 4601; i <= 4700; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_04800.bc b/contrib/bc/tests/bc/scripts/divide_04800.bc
new file mode 100644
index 000000000000..5ed04489a07f
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_04800.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 4701; i <= 4800; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_04900.bc b/contrib/bc/tests/bc/scripts/divide_04900.bc
new file mode 100644
index 000000000000..ff3b46812838
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_04900.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 4801; i <= 4900; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_05000.bc b/contrib/bc/tests/bc/scripts/divide_05000.bc
new file mode 100644
index 000000000000..a32273f5ac38
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_05000.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 4901; i <= 5000; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_05100.bc b/contrib/bc/tests/bc/scripts/divide_05100.bc
new file mode 100644
index 000000000000..9b5aa7fcf72c
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_05100.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 5001; i <= 5100; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_05200.bc b/contrib/bc/tests/bc/scripts/divide_05200.bc
new file mode 100644
index 000000000000..178dcac6ec5f
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_05200.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 5101; i <= 5200; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_05300.bc b/contrib/bc/tests/bc/scripts/divide_05300.bc
new file mode 100644
index 000000000000..49768eca0511
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_05300.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 5201; i <= 5300; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_05400.bc b/contrib/bc/tests/bc/scripts/divide_05400.bc
new file mode 100644
index 000000000000..c0078a2fac94
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_05400.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 5301; i <= 5400; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_05500.bc b/contrib/bc/tests/bc/scripts/divide_05500.bc
new file mode 100644
index 000000000000..9d289e0f6a2e
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_05500.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 5401; i <= 5500; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_05600.bc b/contrib/bc/tests/bc/scripts/divide_05600.bc
new file mode 100644
index 000000000000..66193069e42d
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_05600.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 5501; i <= 5600; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_05700.bc b/contrib/bc/tests/bc/scripts/divide_05700.bc
new file mode 100644
index 000000000000..483622bfc219
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_05700.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 5601; i <= 5700; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_05800.bc b/contrib/bc/tests/bc/scripts/divide_05800.bc
new file mode 100644
index 000000000000..c8bc59d63aaf
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_05800.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 5701; i <= 5800; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_05900.bc b/contrib/bc/tests/bc/scripts/divide_05900.bc
new file mode 100644
index 000000000000..13e5a0f2209b
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_05900.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 5801; i <= 5900; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_06000.bc b/contrib/bc/tests/bc/scripts/divide_06000.bc
new file mode 100644
index 000000000000..318fc5b25f5f
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_06000.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 5901; i <= 6000; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_06100.bc b/contrib/bc/tests/bc/scripts/divide_06100.bc
new file mode 100644
index 000000000000..57bf61d4730f
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_06100.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 6001; i <= 6100; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_06200.bc b/contrib/bc/tests/bc/scripts/divide_06200.bc
new file mode 100644
index 000000000000..ab1ac853431e
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_06200.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 6101; i <= 6200; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_06300.bc b/contrib/bc/tests/bc/scripts/divide_06300.bc
new file mode 100644
index 000000000000..e2a320b0abd2
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_06300.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 6201; i <= 6300; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_06400.bc b/contrib/bc/tests/bc/scripts/divide_06400.bc
new file mode 100644
index 000000000000..f3e0557b7e8b
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_06400.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 6301; i <= 6400; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_06500.bc b/contrib/bc/tests/bc/scripts/divide_06500.bc
new file mode 100644
index 000000000000..62c84d07f3cd
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_06500.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 6401; i <= 6500; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_06600.bc b/contrib/bc/tests/bc/scripts/divide_06600.bc
new file mode 100644
index 000000000000..04e1d9dcdf07
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_06600.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 6501; i <= 6600; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_06700.bc b/contrib/bc/tests/bc/scripts/divide_06700.bc
new file mode 100644
index 000000000000..af23039798d9
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_06700.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 6601; i <= 6700; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_06800.bc b/contrib/bc/tests/bc/scripts/divide_06800.bc
new file mode 100644
index 000000000000..6da3f2da386b
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_06800.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 6701; i <= 6800; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_06900.bc b/contrib/bc/tests/bc/scripts/divide_06900.bc
new file mode 100644
index 000000000000..769d57fb1656
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_06900.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 6801; i <= 6900; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_07000.bc b/contrib/bc/tests/bc/scripts/divide_07000.bc
new file mode 100644
index 000000000000..758b61fb99ec
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_07000.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 6901; i <= 7000; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_07100.bc b/contrib/bc/tests/bc/scripts/divide_07100.bc
new file mode 100644
index 000000000000..2ef9f19390b8
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_07100.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 7001; i <= 7100; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_07200.bc b/contrib/bc/tests/bc/scripts/divide_07200.bc
new file mode 100644
index 000000000000..dcab8948d540
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_07200.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 7101; i <= 7200; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_07300.bc b/contrib/bc/tests/bc/scripts/divide_07300.bc
new file mode 100644
index 000000000000..f8aeae59b336
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_07300.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 7201; i <= 7300; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_07400.bc b/contrib/bc/tests/bc/scripts/divide_07400.bc
new file mode 100644
index 000000000000..7a26ce5583fc
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_07400.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 7301; i <= 7400; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_07500.bc b/contrib/bc/tests/bc/scripts/divide_07500.bc
new file mode 100644
index 000000000000..0c197595ae9f
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_07500.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 7401; i <= 7500; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_07600.bc b/contrib/bc/tests/bc/scripts/divide_07600.bc
new file mode 100644
index 000000000000..868d0702f3db
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_07600.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 7501; i <= 7600; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_07700.bc b/contrib/bc/tests/bc/scripts/divide_07700.bc
new file mode 100644
index 000000000000..b30f66ebb5b8
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_07700.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 7601; i <= 7700; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_07800.bc b/contrib/bc/tests/bc/scripts/divide_07800.bc
new file mode 100644
index 000000000000..118df8fe112d
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_07800.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 7701; i <= 7800; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_07900.bc b/contrib/bc/tests/bc/scripts/divide_07900.bc
new file mode 100644
index 000000000000..42fd0771dca6
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_07900.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 7801; i <= 7900; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_08000.bc b/contrib/bc/tests/bc/scripts/divide_08000.bc
new file mode 100644
index 000000000000..3bdaa26e707e
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_08000.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 7901; i <= 8000; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_08100.bc b/contrib/bc/tests/bc/scripts/divide_08100.bc
new file mode 100644
index 000000000000..f0e4592382b2
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_08100.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 8001; i <= 8100; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_08200.bc b/contrib/bc/tests/bc/scripts/divide_08200.bc
new file mode 100644
index 000000000000..ef1bb329cff1
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_08200.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 8101; i <= 8200; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_08300.bc b/contrib/bc/tests/bc/scripts/divide_08300.bc
new file mode 100644
index 000000000000..f3fe8a69eeda
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_08300.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 8201; i <= 8300; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_08400.bc b/contrib/bc/tests/bc/scripts/divide_08400.bc
new file mode 100644
index 000000000000..5c9ec5c8fba2
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_08400.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 8301; i <= 8400; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_08500.bc b/contrib/bc/tests/bc/scripts/divide_08500.bc
new file mode 100644
index 000000000000..64059da94286
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_08500.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 8401; i <= 8500; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_08600.bc b/contrib/bc/tests/bc/scripts/divide_08600.bc
new file mode 100644
index 000000000000..72fe4114998b
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_08600.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 8501; i <= 8600; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_08700.bc b/contrib/bc/tests/bc/scripts/divide_08700.bc
new file mode 100644
index 000000000000..c1927841a49f
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_08700.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 8601; i <= 8700; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_08800.bc b/contrib/bc/tests/bc/scripts/divide_08800.bc
new file mode 100644
index 000000000000..4ae7fcab3dcd
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_08800.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 8701; i <= 8800; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_08900.bc b/contrib/bc/tests/bc/scripts/divide_08900.bc
new file mode 100644
index 000000000000..7e59baa4a150
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_08900.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 8801; i <= 8900; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_09000.bc b/contrib/bc/tests/bc/scripts/divide_09000.bc
new file mode 100644
index 000000000000..26d3f62ac6a1
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_09000.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 8901; i <= 9000; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_09100.bc b/contrib/bc/tests/bc/scripts/divide_09100.bc
new file mode 100644
index 000000000000..e8a372db80e2
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_09100.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 9001; i <= 9100; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_09200.bc b/contrib/bc/tests/bc/scripts/divide_09200.bc
new file mode 100644
index 000000000000..00d391459a46
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_09200.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 9101; i <= 9200; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_09300.bc b/contrib/bc/tests/bc/scripts/divide_09300.bc
new file mode 100644
index 000000000000..4a64b9347192
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_09300.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 9201; i <= 9300; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_09400.bc b/contrib/bc/tests/bc/scripts/divide_09400.bc
new file mode 100644
index 000000000000..55a70f7cbf41
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_09400.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 9301; i <= 9400; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_09500.bc b/contrib/bc/tests/bc/scripts/divide_09500.bc
new file mode 100644
index 000000000000..09df2d540454
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_09500.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 9401; i <= 9500; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_09600.bc b/contrib/bc/tests/bc/scripts/divide_09600.bc
new file mode 100644
index 000000000000..491e3c2caa33
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_09600.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 9501; i <= 9600; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_09700.bc b/contrib/bc/tests/bc/scripts/divide_09700.bc
new file mode 100644
index 000000000000..33a183e2493e
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_09700.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 9601; i <= 9700; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_09800.bc b/contrib/bc/tests/bc/scripts/divide_09800.bc
new file mode 100644
index 000000000000..ae007e8a7a00
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_09800.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 9701; i <= 9800; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_09900.bc b/contrib/bc/tests/bc/scripts/divide_09900.bc
new file mode 100644
index 000000000000..e8fdc75987b6
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_09900.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 9801; i <= 9900; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/divide_10000.bc b/contrib/bc/tests/bc/scripts/divide_10000.bc
new file mode 100644
index 000000000000..f4490d7d220d
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/divide_10000.bc
@@ -0,0 +1,23 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 * 10^(-scale)
+len = 1 + 2 * scale
+
+x
+scale += 10
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 9901; i <= 10000; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] / a[j]
+		a[i] / a[j]
+		(a[0] * i) / a[j]
+		a[0] / (a[j] * i)
+		(a[0] * i) / (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply.bc b/contrib/bc/tests/bc/scripts/multiply_00100.bc
index 3aa64cc5e031..bc979d176c2a 100644
--- a/contrib/bc/tests/bc/scripts/multiply.bc
+++ b/contrib/bc/tests/bc/scripts/multiply_00100.bc
@@ -9,7 +9,7 @@ for (i = 0; i <= len; ++i) {
 	a[i]
 }
 
-for (i = 1; i <= 10000; ++i) {
+for (i = 1; i <= 100; ++i) {
 	for (j = 0; j < len; ++j) {
 		a[0] * a[j]
 		a[i] * a[j]
diff --git a/contrib/bc/tests/bc/scripts/multiply_00200.bc b/contrib/bc/tests/bc/scripts/multiply_00200.bc
new file mode 100644
index 000000000000..08c36d5dd4b3
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_00200.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 101; i <= 200; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_00300.bc b/contrib/bc/tests/bc/scripts/multiply_00300.bc
new file mode 100644
index 000000000000..3c56a569d2ee
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_00300.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 201; i <= 300; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_00400.bc b/contrib/bc/tests/bc/scripts/multiply_00400.bc
new file mode 100644
index 000000000000..3dc750947aee
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_00400.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 301; i <= 400; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_00500.bc b/contrib/bc/tests/bc/scripts/multiply_00500.bc
new file mode 100644
index 000000000000..a1f14e121cbb
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_00500.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 401; i <= 500; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_00600.bc b/contrib/bc/tests/bc/scripts/multiply_00600.bc
new file mode 100644
index 000000000000..21a017a7f7cb
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_00600.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 501; i <= 600; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_00700.bc b/contrib/bc/tests/bc/scripts/multiply_00700.bc
new file mode 100644
index 000000000000..3246b5e1a568
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_00700.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 601; i <= 700; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_00800.bc b/contrib/bc/tests/bc/scripts/multiply_00800.bc
new file mode 100644
index 000000000000..4bc39b0a1fef
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_00800.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 701; i <= 800; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_00900.bc b/contrib/bc/tests/bc/scripts/multiply_00900.bc
new file mode 100644
index 000000000000..febc77dead15
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_00900.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 801; i <= 900; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_01000.bc b/contrib/bc/tests/bc/scripts/multiply_01000.bc
new file mode 100644
index 000000000000..ba5c1d984f67
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_01000.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 901; i <= 1000; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_01100.bc b/contrib/bc/tests/bc/scripts/multiply_01100.bc
new file mode 100644
index 000000000000..a09c35252286
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_01100.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 1001; i <= 1100; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_01200.bc b/contrib/bc/tests/bc/scripts/multiply_01200.bc
new file mode 100644
index 000000000000..7a6b04c48b9e
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_01200.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 1101; i <= 1200; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_01300.bc b/contrib/bc/tests/bc/scripts/multiply_01300.bc
new file mode 100644
index 000000000000..4fab6beb0a62
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_01300.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 1201; i <= 1300; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_01400.bc b/contrib/bc/tests/bc/scripts/multiply_01400.bc
new file mode 100644
index 000000000000..954afe5473de
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_01400.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 1301; i <= 1400; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_01500.bc b/contrib/bc/tests/bc/scripts/multiply_01500.bc
new file mode 100644
index 000000000000..8d150418618a
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_01500.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 1401; i <= 1500; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_01600.bc b/contrib/bc/tests/bc/scripts/multiply_01600.bc
new file mode 100644
index 000000000000..45f170705f99
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_01600.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 1501; i <= 1600; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_01700.bc b/contrib/bc/tests/bc/scripts/multiply_01700.bc
new file mode 100644
index 000000000000..7eb34740139e
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_01700.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 1601; i <= 1700; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_01800.bc b/contrib/bc/tests/bc/scripts/multiply_01800.bc
new file mode 100644
index 000000000000..719db5b358a2
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_01800.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 1701; i <= 1800; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_01900.bc b/contrib/bc/tests/bc/scripts/multiply_01900.bc
new file mode 100644
index 000000000000..4a4a6c8b43c6
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_01900.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 1801; i <= 1900; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_02000.bc b/contrib/bc/tests/bc/scripts/multiply_02000.bc
new file mode 100644
index 000000000000..432e0d078dee
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_02000.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 1901; i <= 2000; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_02100.bc b/contrib/bc/tests/bc/scripts/multiply_02100.bc
new file mode 100644
index 000000000000..825b96a7c0d3
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_02100.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 2001; i <= 2100; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_02200.bc b/contrib/bc/tests/bc/scripts/multiply_02200.bc
new file mode 100644
index 000000000000..fd3d71684054
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_02200.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 2101; i <= 2200; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_02300.bc b/contrib/bc/tests/bc/scripts/multiply_02300.bc
new file mode 100644
index 000000000000..1e2adbe81fc0
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_02300.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 2201; i <= 2300; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_02400.bc b/contrib/bc/tests/bc/scripts/multiply_02400.bc
new file mode 100644
index 000000000000..6f648ae5eb9d
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_02400.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 2301; i <= 2400; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_02500.bc b/contrib/bc/tests/bc/scripts/multiply_02500.bc
new file mode 100644
index 000000000000..6990fa78af64
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_02500.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 2401; i <= 2500; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_02600.bc b/contrib/bc/tests/bc/scripts/multiply_02600.bc
new file mode 100644
index 000000000000..22d0eca373c9
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_02600.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 2501; i <= 2600; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_02700.bc b/contrib/bc/tests/bc/scripts/multiply_02700.bc
new file mode 100644
index 000000000000..ea8d632288ec
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_02700.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 2601; i <= 2700; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_02800.bc b/contrib/bc/tests/bc/scripts/multiply_02800.bc
new file mode 100644
index 000000000000..5cd01d5012c0
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_02800.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 2701; i <= 2800; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_02900.bc b/contrib/bc/tests/bc/scripts/multiply_02900.bc
new file mode 100644
index 000000000000..cdb1cb1e43c9
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_02900.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 2801; i <= 2900; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_03000.bc b/contrib/bc/tests/bc/scripts/multiply_03000.bc
new file mode 100644
index 000000000000..1afcd634ade1
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_03000.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 2901; i <= 3000; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_03100.bc b/contrib/bc/tests/bc/scripts/multiply_03100.bc
new file mode 100644
index 000000000000..a39ef85bdfc5
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_03100.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 3001; i <= 3100; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_03200.bc b/contrib/bc/tests/bc/scripts/multiply_03200.bc
new file mode 100644
index 000000000000..33f465a82bf6
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_03200.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 3101; i <= 3200; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_03300.bc b/contrib/bc/tests/bc/scripts/multiply_03300.bc
new file mode 100644
index 000000000000..2cc412b5837f
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_03300.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 3201; i <= 3300; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_03400.bc b/contrib/bc/tests/bc/scripts/multiply_03400.bc
new file mode 100644
index 000000000000..40f528023e17
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_03400.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 3301; i <= 3400; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_03500.bc b/contrib/bc/tests/bc/scripts/multiply_03500.bc
new file mode 100644
index 000000000000..dce2f326a54a
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_03500.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 3401; i <= 3500; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_03600.bc b/contrib/bc/tests/bc/scripts/multiply_03600.bc
new file mode 100644
index 000000000000..1223415dc675
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_03600.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 3501; i <= 3600; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_03700.bc b/contrib/bc/tests/bc/scripts/multiply_03700.bc
new file mode 100644
index 000000000000..80397b3d0cfd
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_03700.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 3601; i <= 3700; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_03800.bc b/contrib/bc/tests/bc/scripts/multiply_03800.bc
new file mode 100644
index 000000000000..0431d8b1c9d5
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_03800.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 3701; i <= 3800; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_03900.bc b/contrib/bc/tests/bc/scripts/multiply_03900.bc
new file mode 100644
index 000000000000..0f60df9aae71
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_03900.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 3801; i <= 3900; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_04000.bc b/contrib/bc/tests/bc/scripts/multiply_04000.bc
new file mode 100644
index 000000000000..ceeafea6975c
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_04000.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 3901; i <= 4000; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_04100.bc b/contrib/bc/tests/bc/scripts/multiply_04100.bc
new file mode 100644
index 000000000000..980fa7cb1c7e
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_04100.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 4001; i <= 4100; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_04200.bc b/contrib/bc/tests/bc/scripts/multiply_04200.bc
new file mode 100644
index 000000000000..1b16065ce434
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_04200.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 4101; i <= 4200; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_04300.bc b/contrib/bc/tests/bc/scripts/multiply_04300.bc
new file mode 100644
index 000000000000..ae2549f392b6
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_04300.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 4201; i <= 4300; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_04400.bc b/contrib/bc/tests/bc/scripts/multiply_04400.bc
new file mode 100644
index 000000000000..0b22a8b36cca
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_04400.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 4301; i <= 4400; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_04500.bc b/contrib/bc/tests/bc/scripts/multiply_04500.bc
new file mode 100644
index 000000000000..374b595501f4
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_04500.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 4401; i <= 4500; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_04600.bc b/contrib/bc/tests/bc/scripts/multiply_04600.bc
new file mode 100644
index 000000000000..f4e0150e100b
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_04600.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 4501; i <= 4600; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_04700.bc b/contrib/bc/tests/bc/scripts/multiply_04700.bc
new file mode 100644
index 000000000000..351cf2ae3bd7
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_04700.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 4601; i <= 4700; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_04800.bc b/contrib/bc/tests/bc/scripts/multiply_04800.bc
new file mode 100644
index 000000000000..75bab62c7467
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_04800.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 4701; i <= 4800; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_04900.bc b/contrib/bc/tests/bc/scripts/multiply_04900.bc
new file mode 100644
index 000000000000..bb127c4e685d
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_04900.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 4801; i <= 4900; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_05000.bc b/contrib/bc/tests/bc/scripts/multiply_05000.bc
new file mode 100644
index 000000000000..2b817f2e4f31
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_05000.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 4901; i <= 5000; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_05100.bc b/contrib/bc/tests/bc/scripts/multiply_05100.bc
new file mode 100644
index 000000000000..a5067e8d60e6
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_05100.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 5001; i <= 5100; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_05200.bc b/contrib/bc/tests/bc/scripts/multiply_05200.bc
new file mode 100644
index 000000000000..4cecc2212520
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_05200.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 5101; i <= 5200; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_05300.bc b/contrib/bc/tests/bc/scripts/multiply_05300.bc
new file mode 100644
index 000000000000..03c475b3de26
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_05300.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 5201; i <= 5300; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_05400.bc b/contrib/bc/tests/bc/scripts/multiply_05400.bc
new file mode 100644
index 000000000000..5bfeb9c4f048
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_05400.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 5301; i <= 5400; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_05500.bc b/contrib/bc/tests/bc/scripts/multiply_05500.bc
new file mode 100644
index 000000000000..1e12f9233a30
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_05500.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 5401; i <= 5500; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_05600.bc b/contrib/bc/tests/bc/scripts/multiply_05600.bc
new file mode 100644
index 000000000000..25a60e2d25a1
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_05600.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 5501; i <= 5600; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_05700.bc b/contrib/bc/tests/bc/scripts/multiply_05700.bc
new file mode 100644
index 000000000000..c824af19bacd
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_05700.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 5601; i <= 5700; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_05800.bc b/contrib/bc/tests/bc/scripts/multiply_05800.bc
new file mode 100644
index 000000000000..a7eedc9fb733
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_05800.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 5701; i <= 5800; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_05900.bc b/contrib/bc/tests/bc/scripts/multiply_05900.bc
new file mode 100644
index 000000000000..9bd0f7044428
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_05900.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 5801; i <= 5900; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_06000.bc b/contrib/bc/tests/bc/scripts/multiply_06000.bc
new file mode 100644
index 000000000000..6353c74cbf73
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_06000.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 5901; i <= 6000; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_06100.bc b/contrib/bc/tests/bc/scripts/multiply_06100.bc
new file mode 100644
index 000000000000..d49224821a06
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_06100.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 6001; i <= 6100; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_06200.bc b/contrib/bc/tests/bc/scripts/multiply_06200.bc
new file mode 100644
index 000000000000..c4483f401a2c
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_06200.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 6101; i <= 6200; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_06300.bc b/contrib/bc/tests/bc/scripts/multiply_06300.bc
new file mode 100644
index 000000000000..c86e62d3a87f
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_06300.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 6201; i <= 6300; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_06400.bc b/contrib/bc/tests/bc/scripts/multiply_06400.bc
new file mode 100644
index 000000000000..0140f164f1ac
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_06400.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 6301; i <= 6400; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_06500.bc b/contrib/bc/tests/bc/scripts/multiply_06500.bc
new file mode 100644
index 000000000000..e9ee4fe5a896
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_06500.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 6401; i <= 6500; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_06600.bc b/contrib/bc/tests/bc/scripts/multiply_06600.bc
new file mode 100644
index 000000000000..267dcbf8aa6b
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_06600.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 6501; i <= 6600; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_06700.bc b/contrib/bc/tests/bc/scripts/multiply_06700.bc
new file mode 100644
index 000000000000..851c771952e1
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_06700.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 6601; i <= 6700; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_06800.bc b/contrib/bc/tests/bc/scripts/multiply_06800.bc
new file mode 100644
index 000000000000..d2141d7c065c
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_06800.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 6701; i <= 6800; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_06900.bc b/contrib/bc/tests/bc/scripts/multiply_06900.bc
new file mode 100644
index 000000000000..5a9e9affde94
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_06900.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 6801; i <= 6900; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_07000.bc b/contrib/bc/tests/bc/scripts/multiply_07000.bc
new file mode 100644
index 000000000000..549a1df72211
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_07000.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 6901; i <= 7000; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_07100.bc b/contrib/bc/tests/bc/scripts/multiply_07100.bc
new file mode 100644
index 000000000000..0a664833487d
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_07100.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 7001; i <= 7100; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_07200.bc b/contrib/bc/tests/bc/scripts/multiply_07200.bc
new file mode 100644
index 000000000000..913f053eab19
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_07200.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 7101; i <= 7200; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_07300.bc b/contrib/bc/tests/bc/scripts/multiply_07300.bc
new file mode 100644
index 000000000000..50643873d43f
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_07300.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 7201; i <= 7300; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_07400.bc b/contrib/bc/tests/bc/scripts/multiply_07400.bc
new file mode 100644
index 000000000000..8c401f0da1dd
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_07400.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 7301; i <= 7400; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_07500.bc b/contrib/bc/tests/bc/scripts/multiply_07500.bc
new file mode 100644
index 000000000000..fedd47a45d45
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_07500.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 7401; i <= 7500; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_07600.bc b/contrib/bc/tests/bc/scripts/multiply_07600.bc
new file mode 100644
index 000000000000..b1b5727d0314
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_07600.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 7501; i <= 7600; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_07700.bc b/contrib/bc/tests/bc/scripts/multiply_07700.bc
new file mode 100644
index 000000000000..40531a676a12
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_07700.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 7601; i <= 7700; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_07800.bc b/contrib/bc/tests/bc/scripts/multiply_07800.bc
new file mode 100644
index 000000000000..dd847d26911d
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_07800.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 7701; i <= 7800; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_07900.bc b/contrib/bc/tests/bc/scripts/multiply_07900.bc
new file mode 100644
index 000000000000..8313633df2f9
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_07900.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 7801; i <= 7900; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_08000.bc b/contrib/bc/tests/bc/scripts/multiply_08000.bc
new file mode 100644
index 000000000000..e496cf78b42c
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_08000.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 7901; i <= 8000; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_08100.bc b/contrib/bc/tests/bc/scripts/multiply_08100.bc
new file mode 100644
index 000000000000..7f07ce4e3525
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_08100.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 8001; i <= 8100; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_08200.bc b/contrib/bc/tests/bc/scripts/multiply_08200.bc
new file mode 100644
index 000000000000..0916404d35d4
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_08200.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 8101; i <= 8200; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_08300.bc b/contrib/bc/tests/bc/scripts/multiply_08300.bc
new file mode 100644
index 000000000000..9de6c4997520
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_08300.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 8201; i <= 8300; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_08400.bc b/contrib/bc/tests/bc/scripts/multiply_08400.bc
new file mode 100644
index 000000000000..429bd41bd843
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_08400.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 8301; i <= 8400; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_08500.bc b/contrib/bc/tests/bc/scripts/multiply_08500.bc
new file mode 100644
index 000000000000..c84c3fb66c6e
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_08500.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 8401; i <= 8500; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_08600.bc b/contrib/bc/tests/bc/scripts/multiply_08600.bc
new file mode 100644
index 000000000000..30492744af01
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_08600.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 8501; i <= 8600; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_08700.bc b/contrib/bc/tests/bc/scripts/multiply_08700.bc
new file mode 100644
index 000000000000..06cc0e094cf5
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_08700.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 8601; i <= 8700; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_08800.bc b/contrib/bc/tests/bc/scripts/multiply_08800.bc
new file mode 100644
index 000000000000..9ae52a604a04
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_08800.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 8701; i <= 8800; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_08900.bc b/contrib/bc/tests/bc/scripts/multiply_08900.bc
new file mode 100644
index 000000000000..b1a1ccfa2dc1
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_08900.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 8801; i <= 8900; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_09000.bc b/contrib/bc/tests/bc/scripts/multiply_09000.bc
new file mode 100644
index 000000000000..487cb5a678bc
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_09000.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 8901; i <= 9000; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_09100.bc b/contrib/bc/tests/bc/scripts/multiply_09100.bc
new file mode 100644
index 000000000000..1c187475a5ed
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_09100.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 9001; i <= 9100; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_09200.bc b/contrib/bc/tests/bc/scripts/multiply_09200.bc
new file mode 100644
index 000000000000..2dbdb1bec1b9
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_09200.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 9101; i <= 9200; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_09300.bc b/contrib/bc/tests/bc/scripts/multiply_09300.bc
new file mode 100644
index 000000000000..ffc5b8cea907
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_09300.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 9201; i <= 9300; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_09400.bc b/contrib/bc/tests/bc/scripts/multiply_09400.bc
new file mode 100644
index 000000000000..6932c1dd73c7
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_09400.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 9301; i <= 9400; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_09500.bc b/contrib/bc/tests/bc/scripts/multiply_09500.bc
new file mode 100644
index 000000000000..2ac486b146a0
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_09500.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 9401; i <= 9500; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_09600.bc b/contrib/bc/tests/bc/scripts/multiply_09600.bc
new file mode 100644
index 000000000000..782176ba711b
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_09600.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 9501; i <= 9600; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_09700.bc b/contrib/bc/tests/bc/scripts/multiply_09700.bc
new file mode 100644
index 000000000000..fe4135de594d
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_09700.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 9601; i <= 9700; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_09800.bc b/contrib/bc/tests/bc/scripts/multiply_09800.bc
new file mode 100644
index 000000000000..3115b311f312
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_09800.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 9701; i <= 9800; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_09900.bc b/contrib/bc/tests/bc/scripts/multiply_09900.bc
new file mode 100644
index 000000000000..abbcfeefbbe9
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_09900.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 9801; i <= 9900; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/multiply_10000.bc b/contrib/bc/tests/bc/scripts/multiply_10000.bc
new file mode 100644
index 000000000000..e97e61623eac
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/multiply_10000.bc
@@ -0,0 +1,20 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 9901; i <= 10000; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[0] * a[j]
+		a[i] * a[j]
+		(a[0] * i) * a[j]
+		a[0] * (a[j] * i)
+		(a[0] * i) * (a[j] * i)
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/parse.bc b/contrib/bc/tests/bc/scripts/parse.bc
deleted file mode 100644
index 179daf116efd..000000000000
--- a/contrib/bc/tests/bc/scripts/parse.bc
+++ /dev/null
@@ -1,20 +0,0 @@
-#! /usr/bin/bc -q
-
-for (b = 2; b <= 16; ++b) {
-	if (b == 10) continue
-	obase = 10
-	print "ibase = A; ibase = ", b, "\n"
-	print "\qibase = \q\n"
-	b
-	obase = b
-	for (i = 0; i <= 4096; ++i) {
-		i
-		print "0.", i, "\n"
-		print ".", i, "\n"
-		print "1.", i, "\n"
-		print i, ".", "\n"
-		print i, ".", i, "\n"
-	}
-}
-
-halt
diff --git a/contrib/bc/tests/bc/scripts/parse_02.bc b/contrib/bc/tests/bc/scripts/parse_02.bc
new file mode 100644
index 000000000000..dc695e8a63ed
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/parse_02.bc
@@ -0,0 +1,19 @@
+#! /usr/bin/bc -q
+
+b = 2
+
+obase = 10
+print "ibase = A; ibase = ", b, "\n"
+print "\qibase = \q\n"
+b
+obase = b
+for (i = 0; i <= 4096; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/parse_03.bc b/contrib/bc/tests/bc/scripts/parse_03.bc
new file mode 100644
index 000000000000..8418c472184e
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/parse_03.bc
@@ -0,0 +1,19 @@
+#! /usr/bin/bc -q
+
+b = 3
+
+obase = 10
+print "ibase = A; ibase = ", b, "\n"
+print "\qibase = \q\n"
+b
+obase = b
+for (i = 0; i <= 4096; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/parse_04.bc b/contrib/bc/tests/bc/scripts/parse_04.bc
new file mode 100644
index 000000000000..6671dc3093e6
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/parse_04.bc
@@ -0,0 +1,19 @@
+#! /usr/bin/bc -q
+
+b = 4
+
+obase = 10
+print "ibase = A; ibase = ", b, "\n"
+print "\qibase = \q\n"
+b
+obase = b
+for (i = 0; i <= 4096; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/parse_05.bc b/contrib/bc/tests/bc/scripts/parse_05.bc
new file mode 100644
index 000000000000..868c003a507a
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/parse_05.bc
@@ -0,0 +1,19 @@
+#! /usr/bin/bc -q
+
+b = 5
+
+obase = 10
+print "ibase = A; ibase = ", b, "\n"
+print "\qibase = \q\n"
+b
+obase = b
+for (i = 0; i <= 4096; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/parse_06.bc b/contrib/bc/tests/bc/scripts/parse_06.bc
new file mode 100644
index 000000000000..ddef2fd58686
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/parse_06.bc
@@ -0,0 +1,19 @@
+#! /usr/bin/bc -q
+
+b = 6
+
+obase = 10
+print "ibase = A; ibase = ", b, "\n"
+print "\qibase = \q\n"
+b
+obase = b
+for (i = 0; i <= 4096; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/parse_07.bc b/contrib/bc/tests/bc/scripts/parse_07.bc
new file mode 100644
index 000000000000..83fb125d719a
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/parse_07.bc
@@ -0,0 +1,19 @@
+#! /usr/bin/bc -q
+
+b = 7
+
+obase = 10
+print "ibase = A; ibase = ", b, "\n"
+print "\qibase = \q\n"
+b
+obase = b
+for (i = 0; i <= 4096; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/parse_08.bc b/contrib/bc/tests/bc/scripts/parse_08.bc
new file mode 100644
index 000000000000..c8f798e4e82e
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/parse_08.bc
@@ -0,0 +1,19 @@
+#! /usr/bin/bc -q
+
+b = 8
+
+obase = 10
+print "ibase = A; ibase = ", b, "\n"
+print "\qibase = \q\n"
+b
+obase = b
+for (i = 0; i <= 4096; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/parse_09.bc b/contrib/bc/tests/bc/scripts/parse_09.bc
new file mode 100644
index 000000000000..98463b24edde
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/parse_09.bc
@@ -0,0 +1,19 @@
+#! /usr/bin/bc -q
+
+b = 9
+
+obase = 10
+print "ibase = A; ibase = ", b, "\n"
+print "\qibase = \q\n"
+b
+obase = b
+for (i = 0; i <= 4096; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/parse_11.bc b/contrib/bc/tests/bc/scripts/parse_11.bc
new file mode 100644
index 000000000000..efaf17293ce8
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/parse_11.bc
@@ -0,0 +1,19 @@
+#! /usr/bin/bc -q
+
+b = 11
+
+obase = 10
+print "ibase = A; ibase = ", b, "\n"
+print "\qibase = \q\n"
+b
+obase = b
+for (i = 0; i <= 4096; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/parse_12.bc b/contrib/bc/tests/bc/scripts/parse_12.bc
new file mode 100644
index 000000000000..a71a05a3b9dd
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/parse_12.bc
@@ -0,0 +1,19 @@
+#! /usr/bin/bc -q
+
+b = 12
+
+obase = 10
+print "ibase = A; ibase = ", b, "\n"
+print "\qibase = \q\n"
+b
+obase = b
+for (i = 0; i <= 4096; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/parse_13.bc b/contrib/bc/tests/bc/scripts/parse_13.bc
new file mode 100644
index 000000000000..37d88e7168f0
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/parse_13.bc
@@ -0,0 +1,19 @@
+#! /usr/bin/bc -q
+
+b = 13
+
+obase = 10
+print "ibase = A; ibase = ", b, "\n"
+print "\qibase = \q\n"
+b
+obase = b
+for (i = 0; i <= 4096; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/parse_14.bc b/contrib/bc/tests/bc/scripts/parse_14.bc
new file mode 100644
index 000000000000..e824db979639
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/parse_14.bc
@@ -0,0 +1,19 @@
+#! /usr/bin/bc -q
+
+b = 14
+
+obase = 10
+print "ibase = A; ibase = ", b, "\n"
+print "\qibase = \q\n"
+b
+obase = b
+for (i = 0; i <= 4096; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/parse_15.bc b/contrib/bc/tests/bc/scripts/parse_15.bc
new file mode 100644
index 000000000000..ad954a2ac4a8
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/parse_15.bc
@@ -0,0 +1,19 @@
+#! /usr/bin/bc -q
+
+b = 15
+
+obase = 10
+print "ibase = A; ibase = ", b, "\n"
+print "\qibase = \q\n"
+b
+obase = b
+for (i = 0; i <= 4096; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/parse_16.bc b/contrib/bc/tests/bc/scripts/parse_16.bc
new file mode 100644
index 000000000000..3a716cbe40ec
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/parse_16.bc
@@ -0,0 +1,19 @@
+#! /usr/bin/bc -q
+
+b = 16
+
+obase = 10
+print "ibase = A; ibase = ", b, "\n"
+print "\qibase = \q\n"
+b
+obase = b
+for (i = 0; i <= 4096; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print.bc b/contrib/bc/tests/bc/scripts/print.bc
deleted file mode 100644
index 9530cbdb3fc2..000000000000
--- a/contrib/bc/tests/bc/scripts/print.bc
+++ /dev/null
@@ -1,25 +0,0 @@
-#! /usr/bin/bc -q
-
-for (b = 2; b <= 100; ++b) {
-
-	if (b == 10) continue
-
-	s = b * b
-
-	print "obase = ", b, "\n"
-	print "\qobase = \q\n"
-	b
-
-	for (i = 0; i <= s; ++i) {
-		i
-		print "0.", i, "\n"
-		print ".", i, "\n"
-		print "1.", i, "\n"
-		print i, ".", "\n"
-		print i, ".", i, "\n"
-	}
-
-	2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
-}
-
-halt
diff --git a/contrib/bc/tests/bc/scripts/print_002.bc b/contrib/bc/tests/bc/scripts/print_002.bc
new file mode 100644
index 000000000000..e96bd8d3f440
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_002.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 2
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_003.bc b/contrib/bc/tests/bc/scripts/print_003.bc
new file mode 100644
index 000000000000..46365153a3c8
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_003.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 3
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_004.bc b/contrib/bc/tests/bc/scripts/print_004.bc
new file mode 100644
index 000000000000..ff0b285930fe
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_004.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 4
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_005.bc b/contrib/bc/tests/bc/scripts/print_005.bc
new file mode 100644
index 000000000000..6a5982ae6a5e
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_005.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 5
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_006.bc b/contrib/bc/tests/bc/scripts/print_006.bc
new file mode 100644
index 000000000000..3b9bbccb2850
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_006.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 6
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_007.bc b/contrib/bc/tests/bc/scripts/print_007.bc
new file mode 100644
index 000000000000..f6e784792575
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_007.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 7
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_008.bc b/contrib/bc/tests/bc/scripts/print_008.bc
new file mode 100644
index 000000000000..a77d41751233
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_008.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 8
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_009.bc b/contrib/bc/tests/bc/scripts/print_009.bc
new file mode 100644
index 000000000000..1aef988112a1
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_009.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 9
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_011.bc b/contrib/bc/tests/bc/scripts/print_011.bc
new file mode 100644
index 000000000000..fb2d29293ad8
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_011.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 11
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_012.bc b/contrib/bc/tests/bc/scripts/print_012.bc
new file mode 100644
index 000000000000..466e64e2798e
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_012.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 12
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_013.bc b/contrib/bc/tests/bc/scripts/print_013.bc
new file mode 100644
index 000000000000..55525fd1398c
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_013.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 13
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_014.bc b/contrib/bc/tests/bc/scripts/print_014.bc
new file mode 100644
index 000000000000..dfa40541c7a3
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_014.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 14
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_015.bc b/contrib/bc/tests/bc/scripts/print_015.bc
new file mode 100644
index 000000000000..2426e409d94a
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_015.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 15
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_016.bc b/contrib/bc/tests/bc/scripts/print_016.bc
new file mode 100644
index 000000000000..44131bfe3ab7
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_016.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 16
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_017.bc b/contrib/bc/tests/bc/scripts/print_017.bc
new file mode 100644
index 000000000000..e6c802166d2a
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_017.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 17
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_018.bc b/contrib/bc/tests/bc/scripts/print_018.bc
new file mode 100644
index 000000000000..256c3436ab5a
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_018.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 18
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_019.bc b/contrib/bc/tests/bc/scripts/print_019.bc
new file mode 100644
index 000000000000..a2552236a144
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_019.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 19
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_020.bc b/contrib/bc/tests/bc/scripts/print_020.bc
new file mode 100644
index 000000000000..df15b92c727a
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_020.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 20
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_021.bc b/contrib/bc/tests/bc/scripts/print_021.bc
new file mode 100644
index 000000000000..83b3d2ad3c73
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_021.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 21
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_022.bc b/contrib/bc/tests/bc/scripts/print_022.bc
new file mode 100644
index 000000000000..9ab0d5e92f5c
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_022.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 22
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_023.bc b/contrib/bc/tests/bc/scripts/print_023.bc
new file mode 100644
index 000000000000..4641ee25d325
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_023.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 23
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_024.bc b/contrib/bc/tests/bc/scripts/print_024.bc
new file mode 100644
index 000000000000..7c02ba179d71
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_024.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 24
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_025.bc b/contrib/bc/tests/bc/scripts/print_025.bc
new file mode 100644
index 000000000000..95883f34338f
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_025.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 25
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_026.bc b/contrib/bc/tests/bc/scripts/print_026.bc
new file mode 100644
index 000000000000..152fe8053ddd
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_026.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 26
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_027.bc b/contrib/bc/tests/bc/scripts/print_027.bc
new file mode 100644
index 000000000000..60b56ca3112e
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_027.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 27
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_028.bc b/contrib/bc/tests/bc/scripts/print_028.bc
new file mode 100644
index 000000000000..b41b482aaec9
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_028.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 28
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_029.bc b/contrib/bc/tests/bc/scripts/print_029.bc
new file mode 100644
index 000000000000..3637407473e3
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_029.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 29
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_030.bc b/contrib/bc/tests/bc/scripts/print_030.bc
new file mode 100644
index 000000000000..066546061a72
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_030.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 30
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_031.bc b/contrib/bc/tests/bc/scripts/print_031.bc
new file mode 100644
index 000000000000..5f0ba04afdc3
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_031.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 31
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_032.bc b/contrib/bc/tests/bc/scripts/print_032.bc
new file mode 100644
index 000000000000..8c1f7b83b505
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_032.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 32
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_033.bc b/contrib/bc/tests/bc/scripts/print_033.bc
new file mode 100644
index 000000000000..d4af3e843772
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_033.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 33
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_034.bc b/contrib/bc/tests/bc/scripts/print_034.bc
new file mode 100644
index 000000000000..90607dac7a14
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_034.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 34
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_035.bc b/contrib/bc/tests/bc/scripts/print_035.bc
new file mode 100644
index 000000000000..175054b155ca
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_035.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 35
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_036.bc b/contrib/bc/tests/bc/scripts/print_036.bc
new file mode 100644
index 000000000000..63c212f3723d
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_036.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 36
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_037.bc b/contrib/bc/tests/bc/scripts/print_037.bc
new file mode 100644
index 000000000000..8e51d9af1c40
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_037.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 37
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_038.bc b/contrib/bc/tests/bc/scripts/print_038.bc
new file mode 100644
index 000000000000..7208ed1e8507
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_038.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 38
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_039.bc b/contrib/bc/tests/bc/scripts/print_039.bc
new file mode 100644
index 000000000000..0459f33f2e0d
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_039.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 39
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_040.bc b/contrib/bc/tests/bc/scripts/print_040.bc
new file mode 100644
index 000000000000..53df241dbaf0
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_040.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 40
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_041.bc b/contrib/bc/tests/bc/scripts/print_041.bc
new file mode 100644
index 000000000000..c539ad9592ee
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_041.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 41
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_042.bc b/contrib/bc/tests/bc/scripts/print_042.bc
new file mode 100644
index 000000000000..088c3b2f4cb4
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_042.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 42
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_043.bc b/contrib/bc/tests/bc/scripts/print_043.bc
new file mode 100644
index 000000000000..8646a8f2af4c
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_043.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 43
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_044.bc b/contrib/bc/tests/bc/scripts/print_044.bc
new file mode 100644
index 000000000000..1bd208266f4b
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_044.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 44
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_045.bc b/contrib/bc/tests/bc/scripts/print_045.bc
new file mode 100644
index 000000000000..7463c3e5575a
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_045.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 45
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_046.bc b/contrib/bc/tests/bc/scripts/print_046.bc
new file mode 100644
index 000000000000..dd78294c5bb1
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_046.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 46
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_047.bc b/contrib/bc/tests/bc/scripts/print_047.bc
new file mode 100644
index 000000000000..3b0654918876
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_047.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 47
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_048.bc b/contrib/bc/tests/bc/scripts/print_048.bc
new file mode 100644
index 000000000000..71dba3d7e536
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_048.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 48
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_049.bc b/contrib/bc/tests/bc/scripts/print_049.bc
new file mode 100644
index 000000000000..7ab19539ef2a
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_049.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 49
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_050.bc b/contrib/bc/tests/bc/scripts/print_050.bc
new file mode 100644
index 000000000000..93983f5f5c6f
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_050.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 50
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_051.bc b/contrib/bc/tests/bc/scripts/print_051.bc
new file mode 100644
index 000000000000..32f5e76a46b5
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_051.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 51
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_052.bc b/contrib/bc/tests/bc/scripts/print_052.bc
new file mode 100644
index 000000000000..662170d78452
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_052.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 52
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_053.bc b/contrib/bc/tests/bc/scripts/print_053.bc
new file mode 100644
index 000000000000..05986f27bd7e
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_053.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 53
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_054.bc b/contrib/bc/tests/bc/scripts/print_054.bc
new file mode 100644
index 000000000000..92e20b70329a
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_054.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 54
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_055.bc b/contrib/bc/tests/bc/scripts/print_055.bc
new file mode 100644
index 000000000000..014637b461c2
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_055.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 55
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_056.bc b/contrib/bc/tests/bc/scripts/print_056.bc
new file mode 100644
index 000000000000..42642cb8e29d
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_056.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 56
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_057.bc b/contrib/bc/tests/bc/scripts/print_057.bc
new file mode 100644
index 000000000000..e4dd3d1eb8f6
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_057.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 57
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_058.bc b/contrib/bc/tests/bc/scripts/print_058.bc
new file mode 100644
index 000000000000..cc2e5e5e1dae
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_058.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 58
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_059.bc b/contrib/bc/tests/bc/scripts/print_059.bc
new file mode 100644
index 000000000000..2abe27da21da
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_059.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 59
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_060.bc b/contrib/bc/tests/bc/scripts/print_060.bc
new file mode 100644
index 000000000000..c542d10d1e57
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_060.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 60
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_061.bc b/contrib/bc/tests/bc/scripts/print_061.bc
new file mode 100644
index 000000000000..bcd520e0f38e
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_061.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 61
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_062.bc b/contrib/bc/tests/bc/scripts/print_062.bc
new file mode 100644
index 000000000000..4b9875e077c3
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_062.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 62
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_063.bc b/contrib/bc/tests/bc/scripts/print_063.bc
new file mode 100644
index 000000000000..9f4d77042b23
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_063.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 63
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_064.bc b/contrib/bc/tests/bc/scripts/print_064.bc
new file mode 100644
index 000000000000..8878d0a8e05a
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_064.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 64
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_065.bc b/contrib/bc/tests/bc/scripts/print_065.bc
new file mode 100644
index 000000000000..faf3b4361d09
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_065.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 65
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_066.bc b/contrib/bc/tests/bc/scripts/print_066.bc
new file mode 100644
index 000000000000..07f30fa22c0f
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_066.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 66
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_067.bc b/contrib/bc/tests/bc/scripts/print_067.bc
new file mode 100644
index 000000000000..202604d755b0
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_067.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 67
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_068.bc b/contrib/bc/tests/bc/scripts/print_068.bc
new file mode 100644
index 000000000000..f90912bef26a
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_068.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 68
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_069.bc b/contrib/bc/tests/bc/scripts/print_069.bc
new file mode 100644
index 000000000000..175263e39074
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_069.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 69
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_070.bc b/contrib/bc/tests/bc/scripts/print_070.bc
new file mode 100644
index 000000000000..0786f4d3aa14
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_070.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 70
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_071.bc b/contrib/bc/tests/bc/scripts/print_071.bc
new file mode 100644
index 000000000000..292c38e91852
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_071.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 71
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_072.bc b/contrib/bc/tests/bc/scripts/print_072.bc
new file mode 100644
index 000000000000..e6506ee7ee37
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_072.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 72
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_073.bc b/contrib/bc/tests/bc/scripts/print_073.bc
new file mode 100644
index 000000000000..6b7d3efae5cd
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_073.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 73
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_074.bc b/contrib/bc/tests/bc/scripts/print_074.bc
new file mode 100644
index 000000000000..e61abaf98f94
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_074.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 74
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_075.bc b/contrib/bc/tests/bc/scripts/print_075.bc
new file mode 100644
index 000000000000..84704063a65e
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_075.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 75
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_076.bc b/contrib/bc/tests/bc/scripts/print_076.bc
new file mode 100644
index 000000000000..3efed22515d9
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_076.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 76
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_077.bc b/contrib/bc/tests/bc/scripts/print_077.bc
new file mode 100644
index 000000000000..ef01f150c1b0
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_077.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 77
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_078.bc b/contrib/bc/tests/bc/scripts/print_078.bc
new file mode 100644
index 000000000000..8f431f54c12f
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_078.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 78
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_079.bc b/contrib/bc/tests/bc/scripts/print_079.bc
new file mode 100644
index 000000000000..5eb213c19431
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_079.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 79
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_080.bc b/contrib/bc/tests/bc/scripts/print_080.bc
new file mode 100644
index 000000000000..46b1a547d3a3
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_080.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 80
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_081.bc b/contrib/bc/tests/bc/scripts/print_081.bc
new file mode 100644
index 000000000000..9b0f2415f19e
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_081.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 81
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_082.bc b/contrib/bc/tests/bc/scripts/print_082.bc
new file mode 100644
index 000000000000..ac1cc4028775
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_082.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 82
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_083.bc b/contrib/bc/tests/bc/scripts/print_083.bc
new file mode 100644
index 000000000000..8f6966e280f4
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_083.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 83
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_084.bc b/contrib/bc/tests/bc/scripts/print_084.bc
new file mode 100644
index 000000000000..e5e2c167c6f7
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_084.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 84
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_085.bc b/contrib/bc/tests/bc/scripts/print_085.bc
new file mode 100644
index 000000000000..3e5b50b591f7
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_085.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 85
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_086.bc b/contrib/bc/tests/bc/scripts/print_086.bc
new file mode 100644
index 000000000000..9cfcc8982fa7
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_086.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 86
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_087.bc b/contrib/bc/tests/bc/scripts/print_087.bc
new file mode 100644
index 000000000000..ed3c6687272b
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_087.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 87
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_088.bc b/contrib/bc/tests/bc/scripts/print_088.bc
new file mode 100644
index 000000000000..1e001883e576
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_088.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 88
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_089.bc b/contrib/bc/tests/bc/scripts/print_089.bc
new file mode 100644
index 000000000000..4234219f487d
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_089.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 89
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_090.bc b/contrib/bc/tests/bc/scripts/print_090.bc
new file mode 100644
index 000000000000..ebe4650c1696
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_090.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 90
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_091.bc b/contrib/bc/tests/bc/scripts/print_091.bc
new file mode 100644
index 000000000000..5c5fd5c95256
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_091.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 91
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_092.bc b/contrib/bc/tests/bc/scripts/print_092.bc
new file mode 100644
index 000000000000..992a738fee41
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_092.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 92
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_093.bc b/contrib/bc/tests/bc/scripts/print_093.bc
new file mode 100644
index 000000000000..7e91b2b5e8fd
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_093.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 93
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_094.bc b/contrib/bc/tests/bc/scripts/print_094.bc
new file mode 100644
index 000000000000..3567fe0bf69e
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_094.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 94
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_095.bc b/contrib/bc/tests/bc/scripts/print_095.bc
new file mode 100644
index 000000000000..1945f2daee1e
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_095.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 95
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_096.bc b/contrib/bc/tests/bc/scripts/print_096.bc
new file mode 100644
index 000000000000..837f87a57e63
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_096.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 96
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_097.bc b/contrib/bc/tests/bc/scripts/print_097.bc
new file mode 100644
index 000000000000..efcf4a096ece
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_097.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 97
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_098.bc b/contrib/bc/tests/bc/scripts/print_098.bc
new file mode 100644
index 000000000000..d14203d29656
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_098.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 98
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_099.bc b/contrib/bc/tests/bc/scripts/print_099.bc
new file mode 100644
index 000000000000..0bbb410318ee
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_099.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 99
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/print_100.bc b/contrib/bc/tests/bc/scripts/print_100.bc
new file mode 100644
index 000000000000..4ac46e3eba42
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/print_100.bc
@@ -0,0 +1,22 @@
+#! /usr/bin/bc -q
+
+b = 100
+
+s = b * b
+
+print "obase = ", b, "\n"
+print "\qobase = \q\n"
+b
+
+for (i = 0; i <= s; ++i) {
+	i
+	print "0.", i, "\n"
+	print ".", i, "\n"
+	print "1.", i, "\n"
+	print i, ".", "\n"
+	print i, ".", i, "\n"
+}
+
+2189432174861923048671023498128347619023487610234689172304.192748960128745108927461089237469018723460
+
+halt
diff --git a/contrib/bc/tests/bc/scripts/subtract.bc b/contrib/bc/tests/bc/scripts/subtract_00100.bc
index 1e592942cab3..93339780f2f7 100644
--- a/contrib/bc/tests/bc/scripts/subtract.bc
+++ b/contrib/bc/tests/bc/scripts/subtract_00100.bc
@@ -10,7 +10,7 @@ for (i = 0; i <= len; ++i) {
 	a[i]
 }
 
-for (i = 1; i <= 10000; ++i) {
+for (i = 1; i <= 100; ++i) {
 	for (j = 0; j < len; ++j) {
 		a[i] - a[j]
 	}
diff --git a/contrib/bc/tests/bc/scripts/subtract_00200.bc b/contrib/bc/tests/bc/scripts/subtract_00200.bc
new file mode 100644
index 000000000000..2bcad94d76d1
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_00200.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 101; i <= 200; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_00300.bc b/contrib/bc/tests/bc/scripts/subtract_00300.bc
new file mode 100644
index 000000000000..5d5b5fd2bf61
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_00300.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 201; i <= 300; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_00400.bc b/contrib/bc/tests/bc/scripts/subtract_00400.bc
new file mode 100644
index 000000000000..9298eeec0007
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_00400.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 301; i <= 400; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_00500.bc b/contrib/bc/tests/bc/scripts/subtract_00500.bc
new file mode 100644
index 000000000000..581a8144fea7
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_00500.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 401; i <= 500; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_00600.bc b/contrib/bc/tests/bc/scripts/subtract_00600.bc
new file mode 100644
index 000000000000..2a1a5e6eb1ae
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_00600.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 501; i <= 600; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_00700.bc b/contrib/bc/tests/bc/scripts/subtract_00700.bc
new file mode 100644
index 000000000000..867277161d2c
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_00700.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 601; i <= 700; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_00800.bc b/contrib/bc/tests/bc/scripts/subtract_00800.bc
new file mode 100644
index 000000000000..68dfd28f1108
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_00800.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 701; i <= 800; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_00900.bc b/contrib/bc/tests/bc/scripts/subtract_00900.bc
new file mode 100644
index 000000000000..b343861ecf26
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_00900.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 801; i <= 900; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_01000.bc b/contrib/bc/tests/bc/scripts/subtract_01000.bc
new file mode 100644
index 000000000000..4e8e5951c8d9
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_01000.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 901; i <= 1000; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_01100.bc b/contrib/bc/tests/bc/scripts/subtract_01100.bc
new file mode 100644
index 000000000000..0b7d1a5ca314
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_01100.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 1001; i <= 1100; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_01200.bc b/contrib/bc/tests/bc/scripts/subtract_01200.bc
new file mode 100644
index 000000000000..bfa237043f89
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_01200.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 1101; i <= 1200; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_01300.bc b/contrib/bc/tests/bc/scripts/subtract_01300.bc
new file mode 100644
index 000000000000..c83483db9e8b
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_01300.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 1201; i <= 1300; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_01400.bc b/contrib/bc/tests/bc/scripts/subtract_01400.bc
new file mode 100644
index 000000000000..e979361f49f4
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_01400.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 1301; i <= 1400; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_01500.bc b/contrib/bc/tests/bc/scripts/subtract_01500.bc
new file mode 100644
index 000000000000..c2ef1ee1385e
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_01500.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 1401; i <= 1500; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_01600.bc b/contrib/bc/tests/bc/scripts/subtract_01600.bc
new file mode 100644
index 000000000000..2113ddefeb5f
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_01600.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 1501; i <= 1600; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_01700.bc b/contrib/bc/tests/bc/scripts/subtract_01700.bc
new file mode 100644
index 000000000000..ca9505c1983f
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_01700.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 1601; i <= 1700; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_01800.bc b/contrib/bc/tests/bc/scripts/subtract_01800.bc
new file mode 100644
index 000000000000..650cc6a7d551
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_01800.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 1701; i <= 1800; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_01900.bc b/contrib/bc/tests/bc/scripts/subtract_01900.bc
new file mode 100644
index 000000000000..72c17fd1af8a
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_01900.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 1801; i <= 1900; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_02000.bc b/contrib/bc/tests/bc/scripts/subtract_02000.bc
new file mode 100644
index 000000000000..579c84e67f8f
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_02000.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 1901; i <= 2000; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_02100.bc b/contrib/bc/tests/bc/scripts/subtract_02100.bc
new file mode 100644
index 000000000000..2ed9f5f0c8a9
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_02100.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 2001; i <= 2100; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_02200.bc b/contrib/bc/tests/bc/scripts/subtract_02200.bc
new file mode 100644
index 000000000000..0a11cab25d6e
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_02200.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 2101; i <= 2200; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_02300.bc b/contrib/bc/tests/bc/scripts/subtract_02300.bc
new file mode 100644
index 000000000000..29c66c1913fd
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_02300.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 2201; i <= 2300; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_02400.bc b/contrib/bc/tests/bc/scripts/subtract_02400.bc
new file mode 100644
index 000000000000..b0f2f197a2c6
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_02400.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 2301; i <= 2400; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_02500.bc b/contrib/bc/tests/bc/scripts/subtract_02500.bc
new file mode 100644
index 000000000000..7e9d46a8bc3b
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_02500.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 2401; i <= 2500; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_02600.bc b/contrib/bc/tests/bc/scripts/subtract_02600.bc
new file mode 100644
index 000000000000..49acabcf66e5
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_02600.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 2501; i <= 2600; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_02700.bc b/contrib/bc/tests/bc/scripts/subtract_02700.bc
new file mode 100644
index 000000000000..8d7473e93f75
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_02700.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 2601; i <= 2700; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_02800.bc b/contrib/bc/tests/bc/scripts/subtract_02800.bc
new file mode 100644
index 000000000000..588db5a26ee7
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_02800.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 2701; i <= 2800; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_02900.bc b/contrib/bc/tests/bc/scripts/subtract_02900.bc
new file mode 100644
index 000000000000..1e6a4fea0416
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_02900.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 2801; i <= 2900; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_03000.bc b/contrib/bc/tests/bc/scripts/subtract_03000.bc
new file mode 100644
index 000000000000..0eb1e3da7cf9
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_03000.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 2901; i <= 3000; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_03100.bc b/contrib/bc/tests/bc/scripts/subtract_03100.bc
new file mode 100644
index 000000000000..6513ee49fe93
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_03100.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 3001; i <= 3100; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_03200.bc b/contrib/bc/tests/bc/scripts/subtract_03200.bc
new file mode 100644
index 000000000000..310541d4de02
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_03200.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 3101; i <= 3200; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_03300.bc b/contrib/bc/tests/bc/scripts/subtract_03300.bc
new file mode 100644
index 000000000000..c984f7c73e04
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_03300.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 3201; i <= 3300; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_03400.bc b/contrib/bc/tests/bc/scripts/subtract_03400.bc
new file mode 100644
index 000000000000..608ab651fc2b
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_03400.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 3301; i <= 3400; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_03500.bc b/contrib/bc/tests/bc/scripts/subtract_03500.bc
new file mode 100644
index 000000000000..215b96d850d4
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_03500.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 3401; i <= 3500; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_03600.bc b/contrib/bc/tests/bc/scripts/subtract_03600.bc
new file mode 100644
index 000000000000..90d0d4d5144e
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_03600.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 3501; i <= 3600; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_03700.bc b/contrib/bc/tests/bc/scripts/subtract_03700.bc
new file mode 100644
index 000000000000..511bf1ed4f9d
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_03700.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 3601; i <= 3700; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_03800.bc b/contrib/bc/tests/bc/scripts/subtract_03800.bc
new file mode 100644
index 000000000000..99b69618b745
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_03800.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 3701; i <= 3800; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_03900.bc b/contrib/bc/tests/bc/scripts/subtract_03900.bc
new file mode 100644
index 000000000000..a438bdfb86be
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_03900.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 3801; i <= 3900; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_04000.bc b/contrib/bc/tests/bc/scripts/subtract_04000.bc
new file mode 100644
index 000000000000..7371044e02c3
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_04000.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 3901; i <= 4000; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_04100.bc b/contrib/bc/tests/bc/scripts/subtract_04100.bc
new file mode 100644
index 000000000000..f9f47d394f65
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_04100.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 4001; i <= 4100; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_04200.bc b/contrib/bc/tests/bc/scripts/subtract_04200.bc
new file mode 100644
index 000000000000..56ff98e521b1
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_04200.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 4101; i <= 4200; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_04300.bc b/contrib/bc/tests/bc/scripts/subtract_04300.bc
new file mode 100644
index 000000000000..2ee5767b2088
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_04300.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 4201; i <= 4300; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_04400.bc b/contrib/bc/tests/bc/scripts/subtract_04400.bc
new file mode 100644
index 000000000000..b355f189948f
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_04400.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 4301; i <= 4400; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_04500.bc b/contrib/bc/tests/bc/scripts/subtract_04500.bc
new file mode 100644
index 000000000000..aa34485891ce
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_04500.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 4401; i <= 4500; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_04600.bc b/contrib/bc/tests/bc/scripts/subtract_04600.bc
new file mode 100644
index 000000000000..cd5bea596488
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_04600.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 4501; i <= 4600; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_04700.bc b/contrib/bc/tests/bc/scripts/subtract_04700.bc
new file mode 100644
index 000000000000..36de8058bb93
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_04700.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 4601; i <= 4700; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_04800.bc b/contrib/bc/tests/bc/scripts/subtract_04800.bc
new file mode 100644
index 000000000000..cc714dd72fd9
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_04800.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 4701; i <= 4800; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_04900.bc b/contrib/bc/tests/bc/scripts/subtract_04900.bc
new file mode 100644
index 000000000000..6e8cfb8c931d
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_04900.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 4801; i <= 4900; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_05000.bc b/contrib/bc/tests/bc/scripts/subtract_05000.bc
new file mode 100644
index 000000000000..f4847219bdb9
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_05000.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 4901; i <= 5000; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_05100.bc b/contrib/bc/tests/bc/scripts/subtract_05100.bc
new file mode 100644
index 000000000000..bea4f5b09f2d
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_05100.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 5001; i <= 5100; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_05200.bc b/contrib/bc/tests/bc/scripts/subtract_05200.bc
new file mode 100644
index 000000000000..38a7b5c6d234
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_05200.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 5101; i <= 5200; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_05300.bc b/contrib/bc/tests/bc/scripts/subtract_05300.bc
new file mode 100644
index 000000000000..9004108f3e8d
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_05300.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 5201; i <= 5300; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_05400.bc b/contrib/bc/tests/bc/scripts/subtract_05400.bc
new file mode 100644
index 000000000000..eec164c504cb
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_05400.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 5301; i <= 5400; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_05500.bc b/contrib/bc/tests/bc/scripts/subtract_05500.bc
new file mode 100644
index 000000000000..864f05e70d25
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_05500.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 5401; i <= 5500; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_05600.bc b/contrib/bc/tests/bc/scripts/subtract_05600.bc
new file mode 100644
index 000000000000..874f45183b7c
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_05600.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 5501; i <= 5600; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_05700.bc b/contrib/bc/tests/bc/scripts/subtract_05700.bc
new file mode 100644
index 000000000000..6a5c351c574f
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_05700.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 5601; i <= 5700; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_05800.bc b/contrib/bc/tests/bc/scripts/subtract_05800.bc
new file mode 100644
index 000000000000..5fc99fe84503
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_05800.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 5701; i <= 5800; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_05900.bc b/contrib/bc/tests/bc/scripts/subtract_05900.bc
new file mode 100644
index 000000000000..cb12eba549b2
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_05900.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 5801; i <= 5900; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_06000.bc b/contrib/bc/tests/bc/scripts/subtract_06000.bc
new file mode 100644
index 000000000000..0c85a7267eb1
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_06000.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 5901; i <= 6000; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_06100.bc b/contrib/bc/tests/bc/scripts/subtract_06100.bc
new file mode 100644
index 000000000000..8f43fc2687d3
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_06100.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 6001; i <= 6100; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_06200.bc b/contrib/bc/tests/bc/scripts/subtract_06200.bc
new file mode 100644
index 000000000000..d508561b5838
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_06200.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 6101; i <= 6200; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_06300.bc b/contrib/bc/tests/bc/scripts/subtract_06300.bc
new file mode 100644
index 000000000000..3073a3f75dfc
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_06300.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 6201; i <= 6300; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_06400.bc b/contrib/bc/tests/bc/scripts/subtract_06400.bc
new file mode 100644
index 000000000000..ee25fc01bca3
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_06400.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 6301; i <= 6400; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_06500.bc b/contrib/bc/tests/bc/scripts/subtract_06500.bc
new file mode 100644
index 000000000000..ff59fcde38c2
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_06500.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 6401; i <= 6500; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_06600.bc b/contrib/bc/tests/bc/scripts/subtract_06600.bc
new file mode 100644
index 000000000000..8bd56c8d2df9
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_06600.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 6501; i <= 6600; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_06700.bc b/contrib/bc/tests/bc/scripts/subtract_06700.bc
new file mode 100644
index 000000000000..160a31bdf4a2
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_06700.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 6601; i <= 6700; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_06800.bc b/contrib/bc/tests/bc/scripts/subtract_06800.bc
new file mode 100644
index 000000000000..7d2bc99dec0d
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_06800.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 6701; i <= 6800; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_06900.bc b/contrib/bc/tests/bc/scripts/subtract_06900.bc
new file mode 100644
index 000000000000..716d7c273111
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_06900.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 6801; i <= 6900; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_07000.bc b/contrib/bc/tests/bc/scripts/subtract_07000.bc
new file mode 100644
index 000000000000..259dc55507f2
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_07000.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 6901; i <= 7000; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_07100.bc b/contrib/bc/tests/bc/scripts/subtract_07100.bc
new file mode 100644
index 000000000000..b992c30681ec
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_07100.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 7001; i <= 7100; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_07200.bc b/contrib/bc/tests/bc/scripts/subtract_07200.bc
new file mode 100644
index 000000000000..afa77522e912
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_07200.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 7101; i <= 7200; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_07300.bc b/contrib/bc/tests/bc/scripts/subtract_07300.bc
new file mode 100644
index 000000000000..5dd6997fbeff
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_07300.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 7201; i <= 7300; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_07400.bc b/contrib/bc/tests/bc/scripts/subtract_07400.bc
new file mode 100644
index 000000000000..70b88b1bc04b
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_07400.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 7301; i <= 7400; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_07500.bc b/contrib/bc/tests/bc/scripts/subtract_07500.bc
new file mode 100644
index 000000000000..806565dc5fa8
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_07500.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 7401; i <= 7500; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_07600.bc b/contrib/bc/tests/bc/scripts/subtract_07600.bc
new file mode 100644
index 000000000000..b063df122391
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_07600.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 7501; i <= 7600; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_07700.bc b/contrib/bc/tests/bc/scripts/subtract_07700.bc
new file mode 100644
index 000000000000..f31cb7b170a8
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_07700.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 7601; i <= 7700; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_07800.bc b/contrib/bc/tests/bc/scripts/subtract_07800.bc
new file mode 100644
index 000000000000..222b583de5c5
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_07800.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 7701; i <= 7800; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_07900.bc b/contrib/bc/tests/bc/scripts/subtract_07900.bc
new file mode 100644
index 000000000000..8a36cb2020c2
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_07900.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 7801; i <= 7900; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_08000.bc b/contrib/bc/tests/bc/scripts/subtract_08000.bc
new file mode 100644
index 000000000000..8b10e0644622
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_08000.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 7901; i <= 8000; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_08100.bc b/contrib/bc/tests/bc/scripts/subtract_08100.bc
new file mode 100644
index 000000000000..b7bf9481f6ff
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_08100.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 8001; i <= 8100; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_08200.bc b/contrib/bc/tests/bc/scripts/subtract_08200.bc
new file mode 100644
index 000000000000..2cf2b2282ca1
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_08200.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 8101; i <= 8200; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_08300.bc b/contrib/bc/tests/bc/scripts/subtract_08300.bc
new file mode 100644
index 000000000000..43e1090b2708
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_08300.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 8201; i <= 8300; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_08400.bc b/contrib/bc/tests/bc/scripts/subtract_08400.bc
new file mode 100644
index 000000000000..ecde1157ef8d
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_08400.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 8301; i <= 8400; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_08500.bc b/contrib/bc/tests/bc/scripts/subtract_08500.bc
new file mode 100644
index 000000000000..5e6e8ac95d34
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_08500.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 8401; i <= 8500; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_08600.bc b/contrib/bc/tests/bc/scripts/subtract_08600.bc
new file mode 100644
index 000000000000..f56db3c36a3b
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_08600.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 8501; i <= 8600; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_08700.bc b/contrib/bc/tests/bc/scripts/subtract_08700.bc
new file mode 100644
index 000000000000..3d5d9b94598b
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_08700.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 8601; i <= 8700; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_08800.bc b/contrib/bc/tests/bc/scripts/subtract_08800.bc
new file mode 100644
index 000000000000..87a5449472da
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_08800.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 8701; i <= 8800; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_08900.bc b/contrib/bc/tests/bc/scripts/subtract_08900.bc
new file mode 100644
index 000000000000..2ac715811882
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_08900.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 8801; i <= 8900; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_09000.bc b/contrib/bc/tests/bc/scripts/subtract_09000.bc
new file mode 100644
index 000000000000..7c39d922b736
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_09000.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 8901; i <= 9000; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_09100.bc b/contrib/bc/tests/bc/scripts/subtract_09100.bc
new file mode 100644
index 000000000000..5b8c99cf0312
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_09100.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 9001; i <= 9100; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_09200.bc b/contrib/bc/tests/bc/scripts/subtract_09200.bc
new file mode 100644
index 000000000000..173f64d70786
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_09200.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 9101; i <= 9200; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_09300.bc b/contrib/bc/tests/bc/scripts/subtract_09300.bc
new file mode 100644
index 000000000000..6226e6fecb1f
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_09300.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 9201; i <= 9300; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_09400.bc b/contrib/bc/tests/bc/scripts/subtract_09400.bc
new file mode 100644
index 000000000000..0e76fa04f14f
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_09400.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 9301; i <= 9400; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_09500.bc b/contrib/bc/tests/bc/scripts/subtract_09500.bc
new file mode 100644
index 000000000000..b5336018e368
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_09500.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 9401; i <= 9500; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_09600.bc b/contrib/bc/tests/bc/scripts/subtract_09600.bc
new file mode 100644
index 000000000000..479bfe29e361
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_09600.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 9501; i <= 9600; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_09700.bc b/contrib/bc/tests/bc/scripts/subtract_09700.bc
new file mode 100644
index 000000000000..14c5df67605e
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_09700.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 9601; i <= 9700; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_09800.bc b/contrib/bc/tests/bc/scripts/subtract_09800.bc
new file mode 100644
index 000000000000..5d62bae24a40
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_09800.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 9701; i <= 9800; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_09900.bc b/contrib/bc/tests/bc/scripts/subtract_09900.bc
new file mode 100644
index 000000000000..d2926980b543
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_09900.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 9801; i <= 9900; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/scripts/subtract_10000.bc b/contrib/bc/tests/bc/scripts/subtract_10000.bc
new file mode 100644
index 000000000000..32cafefd324f
--- /dev/null
+++ b/contrib/bc/tests/bc/scripts/subtract_10000.bc
@@ -0,0 +1,17 @@
+#! /usr/bin/bc -lq
+
+scale = 20
+x = 1234567890 / scale
+len = length(x) + 1 + scale
+len *= 2
+
+for (i = 0; i <= len; ++i) {
+	a[i] = x * (10^i)
+	a[i]
+}
+
+for (i = 9901; i <= 10000; ++i) {
+	for (j = 0; j < len; ++j) {
+		a[i] - a[j]
+	}
+}
diff --git a/contrib/bc/tests/bc/timeconst.sh b/contrib/bc/tests/bc/timeconst.sh
index 35bd80d56040..393268843649 100755
--- a/contrib/bc/tests/bc/timeconst.sh
+++ b/contrib/bc/tests/bc/timeconst.sh
@@ -1,6 +1,6 @@
 #! /bin/sh
 #
-# Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+# Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are met:
@@ -81,6 +81,9 @@ base=$(basename "$timeconst")
 # If the script does not exist, just skip. Running this test is not necessary.
 if [ ! -f "$timeconst" ]; then
 	printf 'Warning: %s does not exist\n' "$timeconst"
+	printf '%s is not part of this bc because of license incompatibility\n' "$timeconst"
+	printf 'Get it at https://github.com/torvalds/linux/blob/master/kernel/time/timeconst.bc\n'
+	printf 'if you want to test it\n'
 	printf 'Skipping...\n'
 	exit 0
 fi
diff --git a/contrib/bc/tests/bcl.c b/contrib/bc/tests/bcl.c
index 3a2df4488c05..fb730e773c6d 100644
--- a/contrib/bc/tests/bcl.c
+++ b/contrib/bc/tests/bcl.c
@@ -3,7 +3,7 @@
  *
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+ * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/tests/dc/scripts/easter.dc b/contrib/bc/tests/dc/scripts/easter.dc
new file mode 100644
index 000000000000..e2c126ba1129
--- /dev/null
+++ b/contrib/bc/tests/dc/scripts/easter.dc
@@ -0,0 +1,49 @@
+#! /usr/bin/dc
+
+# This is the actual script.
+[
+	ddsf
+	[
+		lfp
+		[too early
+		]P
+		q
+	]s@
+	1583>@
+	ddd19%1+sg100/1+d3*4/12-sx8*5+25/5-sz5*4/lx-10-sdlg11*20+lz+lx-30%
+	d
+	[30+]s@
+	0>@d
+	[
+		[1+]s@
+		lg11<@
+	]s@
+	25=@d
+	[1+]s@
+	24=@se44le-d
+	[30+]s@
+	21>@dld+7%-7+
+	[March ]sm
+	d
+	[
+		31-
+		[April ]sm
+	]s@
+	31<@dn32PsnlmPdnsn1z>p
+	10P
+]sp
+
+2021
+lpx
+
+2022
+lpx
+
+2023
+lpx
+
+2024
+lpx
+
+2025
+lpx
diff --git a/contrib/bc/tests/dc/scripts/easter.sh b/contrib/bc/tests/dc/scripts/easter.sh
deleted file mode 100755
index ee8fa1d94c81..000000000000
--- a/contrib/bc/tests/dc/scripts/easter.sh
+++ /dev/null
@@ -1,93 +0,0 @@
-#!/bin/sh
-#
-# SPDX-License-Identifier: BSD-2-Clause
-#
-# Copyright (c) 2018-2024 Gavin D. Howard and contributors.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are met:
-#
-# * Redistributions of source code must retain the above copyright notice, this
-#   list of conditions and the following disclaimer.
-#
-# * Redistributions in binary form must reproduce the above copyright notice,
-#   this list of conditions and the following disclaimer in the documentation
-#   and/or other materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
-# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-# POSSIBILITY OF SUCH DAMAGE.
-#
-
-set -e
-
-script="$0"
-
-testdir=$(dirname "${script}")
-
-# Just print the usage and exit with an error. This can receive a message to
-# print.
-# @param 1  A message to print.
-usage() {
-	if [ $# -eq 1 ]; then
-		printf '%s\n\n' "$1"
-	fi
-	printf 'usage: %s dc_exec year [options...]\n' "$script"
-	exit 1
-}
-
-. "$testdir/../../../scripts/functions.sh"
-
-if test $# -lt 2
-then
-	usage "Not enough arguments; need 2"
-fi
-
-dc_exec="$1"
-shift
-check_exec_arg "$dc_exec"
-
-year="$1"
-shift
-
-echo $year '
-[
-	ddsf
-	[
-		lfp
-		[too early
-		]P
-		q
-	]s@
-	1583>@
-	ddd19%1+sg100/1+d3*4/12-sx8*5+25/5-sz5*4/lx-10-sdlg11*20+lz+lx-30%
-	d
-	[30+]s@
-	0>@d
-	[
-		[1+]s@
-		lg11<@
-	]s@
-	25=@d
-	[1+]s@
-	24=@se44le-d
-	[30+]s@
-	21>@dld+7%-7+
-	[March ]sm
-	d
-	[
-		31-
-		[April ]sm
-	]s@
-	31<@psnlmPpsn1z>p
-]sp
-lpx' | "$dc_exec" "$@" | tr '\012' ' '
-echo ''
diff --git a/contrib/bc/tests/dc/scripts/easter.txt b/contrib/bc/tests/dc/scripts/easter.txt
new file mode 100644
index 000000000000..0aef9531346d
--- /dev/null
+++ b/contrib/bc/tests/dc/scripts/easter.txt
@@ -0,0 +1,5 @@
+4 April 2021
+17 April 2022
+9 April 2023
+31 March 2024
+20 April 2025
diff --git a/contrib/bc/tests/dc/scripts/prime.dc b/contrib/bc/tests/dc/scripts/prime.dc
index cc769d2bbee1..6902aaef8f0c 100644
--- a/contrib/bc/tests/dc/scripts/prime.dc
+++ b/contrib/bc/tests/dc/scripts/prime.dc
@@ -1 +1 @@
-0k2p3p[dl!d2+s!%0=@l!l^!<#]s#[s/0ds^]s@[p]s&[ddvs^3s!l# x0<&2+d100000>.]ds.x
+0k2p3p[dl!d2+s!%0=@l!l^!<#]s#[s/0ds^]s@[p]s&[ddvs^3s!l# x0<&2+d10000>.]ds.x
diff --git a/contrib/bc/tests/error.sh b/contrib/bc/tests/error.sh
index 15cbd5577ed6..aa229a916809 100755
--- a/contrib/bc/tests/error.sh
+++ b/contrib/bc/tests/error.sh
@@ -2,7 +2,7 @@
 #
 # SPDX-License-Identifier: BSD-2-Clause
 #
-# Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+# Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are met:
@@ -100,8 +100,6 @@ fi
 if [ "$d" = "bc" ]; then
 	opts="-l"
 	halt="halt"
-	read_call="read()"
-	read_expr="${read_call}\n5+5;"
 else
 	opts="-x"
 	halt="q"
diff --git a/contrib/bc/tests/errors.sh b/contrib/bc/tests/errors.sh
index 47053f9c7b43..93e4f5d0dedf 100755
--- a/contrib/bc/tests/errors.sh
+++ b/contrib/bc/tests/errors.sh
@@ -2,7 +2,7 @@
 #
 # SPDX-License-Identifier: BSD-2-Clause
 #
-# Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+# Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are met:
@@ -89,8 +89,6 @@ read_errors="read_errors"
 if [ "$d" = "bc" ]; then
 	opts="-l"
 	halt="halt"
-	read_call="read()"
-	read_expr="${read_call}\n5+5;"
 else
 	opts="-x"
 	halt="q"
diff --git a/contrib/bc/tests/extra_required.txt b/contrib/bc/tests/extra_required.txt
index 038e6775d644..b335af4d57bf 100644
--- a/contrib/bc/tests/extra_required.txt
+++ b/contrib/bc/tests/extra_required.txt
@@ -1,5 +1,20 @@
 engineering
-lib2
+lib2_p
+lib2_r
+lib2_ceil
+lib2_log
+lib2_root
+lib2_gcd
+lib2_bytes
+lib2_pi
+lib2_tan
+lib2_a2
+lib2_r2d
+lib2_d2r
+lib2_fac
+lib2_perm
+lib2_uint
+lib2_rand
 fib
 places
 rand
diff --git a/contrib/bc/tests/history.py b/contrib/bc/tests/history.py
index a3b722386a62..cf19174f6d90 100755
--- a/contrib/bc/tests/history.py
+++ b/contrib/bc/tests/history.py
@@ -2,7 +2,7 @@
 #
 # SPDX-License-Identifier: BSD-2-Clause
 #
-# Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+# Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are met:
@@ -128,7 +128,7 @@ def write_str(child, s):
 def bc_banner(child):
 	bc_banner1 = "bc [0-9]+\\.[0-9]+\\.[0-9]+\r\n"
 	bc_banner2 = "Copyright \\(c\\) 2018-[2-9][0-9][0-9][0-9] Gavin D. Howard and contributors\r\n"
-	bc_banner3 = "Report bugs at: https://git.gavinhoward.com/gavin/bc\r\n\r\n"
+	bc_banner3 = "Report bugs at: https://github.com/gavinhoward/bc\r\n\r\n"
 	bc_banner4 = "This is free software with ABSOLUTELY NO WARRANTY.\r\n\r\n"
 	expect(child, bc_banner1)
 	expect(child, bc_banner2)
diff --git a/contrib/bc/tests/history.sh b/contrib/bc/tests/history.sh
index d06d3c6af104..514ee1769903 100755
--- a/contrib/bc/tests/history.sh
+++ b/contrib/bc/tests/history.sh
@@ -2,7 +2,7 @@
 #
 # SPDX-License-Identifier: BSD-2-Clause
 #
-# Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+# Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/tests/other.sh b/contrib/bc/tests/other.sh
deleted file mode 100755
index 1012fe919dea..000000000000
--- a/contrib/bc/tests/other.sh
+++ /dev/null
@@ -1,593 +0,0 @@
-#! /bin/sh
-#
-# SPDX-License-Identifier: BSD-2-Clause
-#
-# Copyright (c) 2018-2024 Gavin D. Howard and contributors.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are met:
-#
-# * Redistributions of source code must retain the above copyright notice, this
-#   list of conditions and the following disclaimer.
-#
-# * Redistributions in binary form must reproduce the above copyright notice,
-#   this list of conditions and the following disclaimer in the documentation
-#   and/or other materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
-# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-# POSSIBILITY OF SUCH DAMAGE.
-#
-
-set -e
-
-script="$0"
-testdir=$(dirname "$script")
-
-. "$testdir/../scripts/functions.sh"
-
-outputdir=${BC_TEST_OUTPUT_DIR:-$testdir}
-
-# Just print the usage and exit with an error. This can receive a message to
-# print.
-# @param 1  A message to print.
-usage() {
-	if [ $# -eq 1 ]; then
-		printf '%s\n\n' "$1"
-	fi
-	printf 'usage: %s dir extra_math [exec args...]\n' "$script"
-	exit 1
-}
-
-# Command-line processing.
-if [ "$#" -ge 2 ]; then
-
-	d="$1"
-	shift
-	check_d_arg "$d"
-
-	extra_math="$1"
-	shift
-	check_bool_arg "$extra_math"
-
-else
-	usage "Not enough arguments; need 2"
-fi
-
-if [ "$#" -lt 1 ]; then
-	exe="$testdir/../bin/$d"
-	check_exec_arg "$exe"
-else
-	exe="$1"
-	shift
-	check_exec_arg "$exe"
-fi
-
-if [ "$d" = "bc" ]; then
-	halt="quit"
-else
-	halt="q"
-fi
-
-mkdir -p "$outputdir"
-
-# For tests later.
-num=100000000000000000000000000000000000000000000000000000000000000000000000000000
-num2="$num"
-numres="$num"
-num70="10000000000000000000000000000000000000000000000000000000000000000000\\
-0000000000"
-
-# Set stuff for the correct calculator.
-if [ "$d" = "bc" ]; then
-	halt="halt"
-	opt="x"
-	lopt="extended-register"
-	line_var="BC_LINE_LENGTH"
-	lltest="line_length()"
-else
-	halt="q"
-	opt="l"
-	lopt="mathlib"
-	line_var="DC_LINE_LENGTH"
-	num="$num pR"
-	lltest="glpR"
-fi
-
-# I use these, so unset them to make the tests work.
-unset BC_ENV_ARGS
-unset BC_LINE_LENGTH
-unset DC_ENV_ARGS
-unset DC_LINE_LENGTH
-
-set +e
-
-printf '\nRunning %s quit test...' "$d"
-
-printf '%s\n' "$halt" 2> /dev/null | "$exe" "$@" > /dev/null 2>&1
-
-checktest_retcode "$d" "$?" "quit"
-
-# bc has two halt or quit commands, so test the second as well.
-if [ "$d" = bc ]; then
-
-	printf '%s\n' "quit" 2> /dev/null | "$exe" "$@" > /dev/null 2>&1
-
-	checktest_retcode "$d" "$?" quit
-
-	two=$("$exe" "$@" -e 1+1 -e quit)
-
-	checktest_retcode "$d" "$?" quit
-
-	if [ "$two" != "2" ]; then
-		err_exit "$d failed test quit" 1
-	fi
-fi
-
-printf 'pass\n'
-
-base=$(basename "$exe")
-
-printf 'Running %s environment var tests...' "$d"
-
-if [ "$d" = "bc" ]; then
-
-	export BC_ENV_ARGS=" '-l' '' -q"
-
-	printf 's(.02893)\n' 2> /dev/null | "$exe" "$@" > /dev/null
-
-	checktest_retcode "$d" "$?" "environment var"
-
-	printf 'halt\n' 2> /dev/null | "$exe" "$@" -e 4 > /dev/null
-
-	err="$?"
-	checktest_retcode "$d" "$?" "environment var"
-
-	printf 'pass\n'
-
-	printf 'Running keyword redefinition test...'
-
-	unset BC_ENV_ARGS
-
-	redefine_res="$outputdir/bc_outputs/redefine.txt"
-	redefine_out="$outputdir/bc_outputs/redefine_results.txt"
-
-	outdir=$(dirname "$redefine_out")
-
-	if [ ! -d "$outdir" ]; then
-		mkdir -p "$outdir"
-	fi
-
-	printf '5\n0\n' > "$redefine_res"
-
-	printf 'halt\n' 2> /dev/null | "$exe" "$@" --redefine=print -e 'define print(x) { x }' -e 'print(5)' > "$redefine_out"
-	err="$?"
-
-	checktest "$d" "$err" "keyword redefinition" "$redefine_res" "$redefine_out"
-
-	printf 'halt\n' 2> /dev/null | "$exe" "$@" -r "abs" -r "else" -e 'abs = 5;else = 0' -e 'abs;else' > "$redefine_out"
-	err="$?"
-
-	checktest "$d" "$err" "keyword redefinition" "$redefine_res" "$redefine_out"
-
-	if [ "$extra_math" -ne 0 ]; then
-
-		printf 'halt\n' 2> /dev/null | "$exe" "$@" -lr abs -e "perm(5, 1)" -e "0" > "$redefine_out"
-		err="$?"
-
-		checktest "$d" "$err" "keyword not redefined in builtin library" "$redefine_res" "$redefine_out"
-
-	fi
-
-	"$exe" "$@" -r "break" -e 'define break(x) { x }' 2> "$redefine_out"
-	err="$?"
-
-	checkerrtest "$d" "$err" "keyword redefinition error" "$redefine_out" "$d"
-
-	"$exe" "$@" -e 'define read(x) { x }' 2> "$redefine_out"
-	err="$?"
-
-	checkerrtest "$d" "$err" "Keyword redefinition error without BC_REDEFINE_KEYWORDS" "$redefine_out" "$d"
-
-	printf 'pass\n'
-	printf 'Running multiline comment expression file test...'
-
-	multiline_expr_res=""
-	multiline_expr_out="$outputdir/bc_outputs/multiline_expr_results.txt"
-
-	# tests/bc/misc1.txt happens to have a multiline comment in it.
-	printf 'halt\n' 2> /dev/null | "$exe" "$@" -f "$testdir/bc/misc1.txt" > "$multiline_expr_out"
-	err="$?"
-
-	checktest "$d" "$err" "multiline comment in expression file" "$testdir/bc/misc1_results.txt" \
-		"$multiline_expr_out"
-
-	printf 'pass\n'
-	printf 'Running multiline comment expression file error test...'
-
-	printf 'halt\n' 2> /dev/null | "$exe" "$@" -f "$testdir/bc/errors/05.txt" 2> "$multiline_expr_out"
-	err="$?"
-
-	checkerrtest "$d" "$err" "multiline comment in expression file error" \
-		"$multiline_expr_out" "$d"
-
-	printf 'pass\n'
-	printf 'Running multiline string expression file test...'
-
-	# tests/bc/strings.txt happens to have a multiline string in it.
-	printf 'halt\n' 2> /dev/null | "$exe" "$@" -f "$testdir/bc/strings.txt" > "$multiline_expr_out"
-	err="$?"
-
-	checktest "$d" "$err" "multiline string in expression file" "$testdir/bc/strings_results.txt" \
-		"$multiline_expr_out"
-
-	printf 'pass\n'
-	printf 'Running multiline string expression file error test...'
-
-	printf 'halt\n' 2> /dev/null | "$exe" "$@" -f "$testdir/bc/errors/16.txt" 2> "$multiline_expr_out"
-	err="$?"
-
-	checkerrtest "$d" "$err" "multiline string in expression file with backslash error" \
-		"$multiline_expr_out" "$d"
-
-	printf 'halt\n' 2> /dev/null | "$exe" "$@" -f "$testdir/bc/errors/04.txt" 2> "$multiline_expr_out"
-	err="$?"
-
-	checkerrtest "$d" "$err" "multiline string in expression file error" \
-		"$multiline_expr_out" "$d"
-
-	printf 'pass\n'
-
-else
-
-	export DC_ENV_ARGS="'-x'"
-	export DC_EXPR_EXIT="1"
-
-	printf '4s stuff\n' 2> /dev/null | "$exe" "$@" > /dev/null
-
-	checktest_retcode "$d" "$?" "environment var"
-
-	"$exe" "$@" -e 4pR > /dev/null
-
-	checktest_retcode "$d" "$?" "environment var"
-
-	printf 'pass\n'
-
-	set +e
-
-	# dc has an extra test for a case that someone found running this easter.dc
-	# script. It went into an infinite loop, so we want to check that we did not
-	# regress.
-	printf 'three\n' 2> /dev/null | cut -c1-3 > /dev/null
-	err=$?
-
-	if [ "$err" -eq 0 ]; then
-
-		printf 'Running dc Easter script...'
-
-		easter_out="$outputdir/dc_outputs/easter.txt"
-		easter_res="$outputdir/dc_outputs/easter_results.txt"
-
-		outdir=$(dirname "$easter_out")
-
-		if [ ! -d "$outdir" ]; then
-			mkdir -p "$outdir"
-		fi
-
-		printf '4 April 2021\n' > "$easter_res"
-
-		"$testdir/dc/scripts/easter.sh" "$exe" 2021 "$@" 2> /dev/null | cut -c1-12 > "$easter_out"
-		err="$?"
-
-		checktest "$d" "$err" "Easter script" "$easter_out" "$easter_res"
-
-		printf 'pass\n'
-	fi
-
-	unset DC_ENV_ARGS
-	unset DC_EXPR_EXIT
-
-	printf 'Running dc extended register command tests...'
-
-	ext_reg_out="$outputdir/dc_outputs/ext_reg.txt"
-	ext_reg_res="$outputdir/dc_outputs/ext_reg_results.txt"
-
-	outdir=$(dirname "$ext_reg_out")
-
-	if [ ! -d "$outdir" ]; then
-		mkdir -p "$outdir"
-	fi
-
-	printf '0\n' > "$ext_reg_res"
-
-	printf '%s\n' "$halt" | "$exe" "$@" -e "gxpR" 2> /dev/null > "$ext_reg_out"
-	err="$?"
-
-	checktest "$d" "$err" "Extended register command" "$ext_reg_out" "$ext_reg_res"
-
-	printf '1\n' > "$ext_reg_res"
-
-	printf '%s\n' "$halt" | "$exe" "$@" -x -e "gxpR" 2> /dev/null > "$ext_reg_out"
-	err="$?"
-
-	checktest "$d" "$err" "Extended register command" "$ext_reg_out" "$ext_reg_res"
-
-	printf 'pass\n'
-
-fi
-
-out1="$outputdir/${d}_outputs/${d}_other.txt"
-out2="$outputdir/${d}_outputs/${d}_other_test.txt"
-
-printf 'Running %s line length tests...' "$d"
-
-printf '%s\n' "$numres" > "$out1"
-
-export "$line_var"=80
-printf '%s\n' "$num" 2> /dev/null | "$exe" "$@" > "$out2"
-
-checktest "$d" "$?" "line length" "$out1" "$out2"
-
-printf '%s\n' "$num70" > "$out1"
-
-export "$line_var"=2147483647
-printf '%s\n' "$num" 2> /dev/null | "$exe" "$@" > "$out2"
-
-checktest "$d" "$?" "line length 2" "$out1" "$out2"
-
-printf '%s\n' "$num2" > "$out1"
-
-export "$line_var"=62
-printf '%s\n' "$num" 2> /dev/null | "$exe" "$@" -L > "$out2"
-
-checktest "$d" "$?" "line length 3" "$out1" "$out2"
-
-printf '0\n' > "$out1"
-printf '%s\n' "$lltest" 2> /dev/null | "$exe" "$@" -L > "$out2"
-
-checktest "$d" "$?" "line length 3" "$out1" "$out2"
-
-printf 'pass\n'
-
-printf '%s\n' "$numres" > "$out1"
-export "$line_var"=2147483647
-
-printf 'Running %s arg tests...' "$d"
-
-f="$testdir/$d/add.txt"
-exprs=$(cat "$f")
-results=$(cat "$testdir/$d/add_results.txt")
-
-printf '%s\n%s\n%s\n%s\n' "$results" "$results" "$results" "$results" > "$out1"
-
-"$exe" "$@" -e "$exprs" -f "$f" --expression "$exprs" --file "$f" -e "$halt" > "$out2"
-
-checktest "$d" "$?" "arg" "$out1" "$out2"
-
-printf '%s\n' "$halt" 2> /dev/null | "$exe" "$@" -- "$f" "$f" "$f" "$f" > "$out2"
-
-checktest "$d" "$?" "arg" "$out1" "$out2"
-
-if [ "$d" = "bc" ]; then
-	printf '%s\n' "$halt" 2> /dev/null | "$exe" "$@" -i > /dev/null 2>&1
-fi
-
-printf '%s\n' "$halt" 2> /dev/null | "$exe" "$@" -h > /dev/null
-checktest_retcode "$d" "$?" "arg"
-printf '%s\n' "$halt" 2> /dev/null | "$exe" "$@" -P > /dev/null
-checktest_retcode "$d" "$?" "arg"
-printf '%s\n' "$halt" 2> /dev/null | "$exe" "$@" -R > /dev/null
-checktest_retcode "$d" "$?" "arg"
-printf '%s\n' "$halt" 2> /dev/null | "$exe" "$@" -v > /dev/null
-checktest_retcode "$d" "$?" "arg"
-printf '%s\n' "$halt" 2> /dev/null | "$exe" "$@" -V > /dev/null
-checktest_retcode "$d" "$?" "arg"
-
-out=$(printf '0.1\n-0.1\n1.1\n-1.1\n0.1\n-0.1\n')
-printf '%s\n' "$out" > "$out1"
-
-if [ "$d" = "bc" ]; then
-	data=$(printf '0.1\n-0.1\n1.1\n-1.1\n.1\n-.1\n')
-else
-	data=$(printf '0.1pR\n_0.1pR\n1.1pR\n_1.1pR\n.1pR\n_.1pR\n')
-fi
-
-printf '%s\n' "$data" 2> /dev/null | "$exe" "$@" -z > "$out2"
-checktest "$d" "$?" "leading zero" "$out1" "$out2"
-
-if [ "$d" = "bc" ] && [ "$extra_math" -ne 0 ]; then
-
-	printf '%s\n' "$halt" 2> /dev/null | "$exe" "$@" -lz "$testdir/bc/leadingzero.txt" > "$out2"
-
-	checktest "$d" "$?" "leading zero script" "$testdir/bc/leadingzero_results.txt" "$out2"
-
-fi
-
-"$exe" "$@" -f "saotehasotnehasthistohntnsahxstnhalcrgxgrlpyasxtsaosysxsatnhoy.txt" > /dev/null 2> "$out2"
-err="$?"
-
-checkerrtest "$d" "$err" "invalid file argument" "$out2" "$d"
-
-"$exe" "$@" "-$opt" -e "$exprs" > /dev/null 2> "$out2"
-err="$?"
-
-checkerrtest "$d" "$err" "invalid option argument" "$out2" "$d"
-
-"$exe" "$@" "--$lopt" -e "$exprs" > /dev/null 2> "$out2"
-err="$?"
-
-checkerrtest "$d" "$err" "invalid long option argument" "$out2" "$d"
-
-"$exe" "$@" "-u" -e "$exprs" > /dev/null 2> "$out2"
-err="$?"
-
-checkerrtest "$d" "$err" "unrecognized option argument" "$out2" "$d"
-
-"$exe" "$@" "--uniform" -e "$exprs" > /dev/null 2> "$out2"
-err="$?"
-
-checkerrtest "$d" "$err" "unrecognized long option argument" "$out2" "$d"
-
-"$exe" "$@" -f > /dev/null 2> "$out2"
-err="$?"
-
-checkerrtest "$d" "$err" "missing required argument to short option" "$out2" "$d"
-
-"$exe" "$@" --file > /dev/null 2> "$out2"
-err="$?"
-
-checkerrtest "$d" "$err" "missing required argument to long option" "$out2" "$d"
-
-"$exe" "$@" --version=5 > /dev/null 2> "$out2"
-err="$?"
-
-checkerrtest "$d" "$err" "given argument to long option with no argument" "$out2" "$d"
-
-"$exe" "$@" -: > /dev/null 2> "$out2"
-err="$?"
-
-checkerrtest "$d" "$err" "colon short option" "$out2" "$d"
-
-"$exe" "$@" --: > /dev/null 2> "$out2"
-err="$?"
-
-checkerrtest "$d" "$err" "colon long option" "$out2" "$d"
-
-printf 'pass\n'
-
-printf 'Running %s builtin variable arg tests...' "$d"
-
-if [ "$extra_math" -ne 0 ]; then
-
-	out=$(printf '14\n15\n16\n17.25\n')
-	printf '%s\n' "$out" > "$out1"
-
-	if [ "$d" = "bc" ]; then
-		data=$(printf 's=scale;i=ibase;o=obase;t=seed@2;ibase=A;obase=A;s;i;o;t;')
-	else
-		data=$(printf 'J2@OIKAiAopRpRpRpR')
-	fi
-
-	printf '%s\n' "$data" 2> /dev/null | "$exe" "$@" -S14 -I15 -O16 -E17.25 > "$out2"
-	checktest "$d" "$?" "builtin variable args" "$out1" "$out2"
-
-	printf '%s\n' "$data" 2> /dev/null | "$exe" "$@" --scale=14 --ibase=15 --obase=16 --seed=17.25 > "$out2"
-	checktest "$d" "$?" "builtin variable long args" "$out1" "$out2"
-
-else
-
-	out=$(printf '14\n15\n16\n')
-	printf '%s\n' "$out" > "$out1"
-
-	if [ "$d" = "bc" ]; then
-		data=$(printf 's=scale;i=ibase;o=obase;ibase=A;obase=A;s;i;o;')
-	else
-		data=$(printf 'OIKAiAopRpRpR')
-	fi
-
-	printf '%s\n' "$data" 2> /dev/null | "$exe" "$@" -S14 -I15 -O16 > "$out2"
-	checktest "$d" "$?" "builtin variable args" "$out1" "$out2"
-
-	printf '%s\n' "$data" 2> /dev/null | "$exe" "$@" --scale=14 --ibase=15 --obase=16 > "$out2"
-	checktest "$d" "$?" "builtin variable long args" "$out1" "$out2"
-
-fi
-
-if [ "$d" = "bc" ]; then
-
-	out=$(printf '100\n')
-	printf '%s\n' "$out" > "$out1"
-
-	printf 'scale\n' 2> /dev/null | "$exe" "$@" -S100 -l > "$out2"
-	checktest "$d" "$?" "builtin variable args with math lib" "$out1" "$out2"
-
-	printf 'scale\n' 2> /dev/null | "$exe" "$@" --scale=100 --mathlib > "$out2"
-	checktest "$d" "$?" "builtin variable long args with math lib" "$out1" "$out2"
-
-	export BC_ENV_ARGS="-l"
-
-	printf 'scale\n' 2> /dev/null | "$exe" "$@" -S100 > "$out2"
-	checktest "$d" "$?" "builtin variable args with math lib env arg" "$out1" "$out2"
-
-	printf 'scale\n' 2> /dev/null | "$exe" "$@" --scale=100 > "$out2"
-	checktest "$d" "$?" "builtin variable long args with math lib env arg" "$out1" "$out2"
-
-	export BC_ENV_ARGS="-S100"
-
-	printf 'scale\n' 2> /dev/null | "$exe" "$@" -l > "$out2"
-	checktest "$d" "$?" "builtin variable args with math lib arg" "$out1" "$out2"
-
-	export BC_ENV_ARGS="--scale=100"
-
-	printf 'scale\n' 2> /dev/null | "$exe" "$@" -l > "$out2"
-	checktest "$d" "$?" "builtin variable long args with math lib arg" "$out1" "$out2"
-
-fi
-
-printf 'scale\n' 2> /dev/null | "$exe" "$@" --scale=18923c.rlg > /dev/null 2> "$out2"
-err="$?"
-
-checkerrtest "$d" "$err" "invalid command-line arg for builtin variable" "$out2" "$d"
-
-if [ "$extra_math" -ne 0 ]; then
-
-	printf 'seed\n' 2> /dev/null | "$exe" "$@" --seed=18923c.rlg > /dev/null 2> "$out2"
-	err="$?"
-
-	checkerrtest "$d" "$err" "invalid command-line arg for seed" "$out2" "$d"
-
-fi
-
-printf 'pass\n'
-
-printf 'Running %s directory test...' "$d"
-
-"$exe" "$@" "$testdir" > /dev/null 2> "$out2"
-err="$?"
-
-checkerrtest "$d" "$err" "directory" "$out2" "$d"
-
-printf 'pass\n'
-
-printf 'Running %s binary file test...' "$d"
-
-bin="/bin/sh"
-
-"$exe" "$@" "$bin" > /dev/null 2> "$out2"
-err="$?"
-
-checkerrtest "$d" "$err" "binary file" "$out2" "$d"
-
-printf 'pass\n'
-
-printf 'Running %s binary stdin test...' "$d"
-
-cat "$bin" 2> /dev/null | "$exe" "$@" > /dev/null 2> "$out2"
-err="$?"
-
-checkerrtest "$d" "$err" "binary stdin" "$out2" "$d"
-
-printf 'pass\n'
-
-if [ "$d" = "bc" ]; then
-
-	printf 'Running %s limits tests...' "$d"
-	printf 'limits\n' 2> /dev/null | "$exe" "$@" /dev/null > "$out2" 2>&1
-
-	checktest_retcode "$d" "$?" "limits"
-
-	if [ ! -s "$out2" ]; then
-		err_exit "$d did not produce output on the limits test" 1
-	fi
-
-	exec printf 'pass\n'
-
-fi
diff --git a/contrib/bc/tests/read.sh b/contrib/bc/tests/read.sh
deleted file mode 100755
index fd4b9b6721a5..000000000000
--- a/contrib/bc/tests/read.sh
+++ /dev/null
@@ -1,166 +0,0 @@
-#! /bin/sh
-#
-# SPDX-License-Identifier: BSD-2-Clause
-#
-# Copyright (c) 2018-2024 Gavin D. Howard and contributors.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are met:
-#
-# * Redistributions of source code must retain the above copyright notice, this
-#   list of conditions and the following disclaimer.
-#
-# * Redistributions in binary form must reproduce the above copyright notice,
-#   this list of conditions and the following disclaimer in the documentation
-#   and/or other materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
-# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-# POSSIBILITY OF SUCH DAMAGE.
-#
-
-set -e
-
-script="$0"
-testdir=$(dirname "$script")
-
-. "$testdir/../scripts/functions.sh"
-
-outputdir=${BC_TEST_OUTPUT_DIR:-$testdir}
-
-# Just print the usage and exit with an error. This can receive a message to
-# print.
-# @param 1  A message to print.
-usage() {
-	if [ $# -eq 1 ]; then
-		printf '%s\n\n' "$1"
-	fi
-	printf 'usage: %s dir [exe [args...]]\n' "$script"
-	printf 'valid dirs are:\n'
-	printf '\n'
-	cat "$testdir/all.txt"
-	printf '\n'
-	exit 1
-}
-
-# Command-line processing.
-if [ "$#" -lt 1 ]; then
-	usage "Not enough arguments"
-fi
-
-d="$1"
-shift
-check_d_arg "$d"
-
-if [ "$#" -gt 0 ]; then
-	exe="$1"
-	shift
-	check_exec_arg "$exe"
-else
-	exe="$testdir/../bin/$d"
-	check_exec_arg "$exe"
-fi
-
-name="$testdir/$d/read.txt"
-results="$testdir/$d/read_results.txt"
-errors="$testdir/$d/read_errors.txt"
-
-out="$outputdir/${d}_outputs/read_results.txt"
-multiple_res="$outputdir/${d}_outputs/read_multiple_results.txt"
-outdir=$(dirname "$out")
-
-# Make sure the directory exists.
-if [ ! -d "$outdir" ]; then
-	mkdir -p "$outdir"
-fi
-
-exebase=$(basename "$exe")
-
-# Set stuff for the correct calculator.
-if [ "$d" = "bc" ]; then
-	options="-lq"
-	halt="halt"
-	read_call="read()"
-	read_expr="${read_call}\n5+5;"
-	read_multiple=$(printf '%s\n%s\n%s\n' "3" "2" "1")
-else
-	options="-x"
-	halt="q"
-	read_call="?"
-	read_expr="${read_call}"
-	read_multiple=$(printf '%spR\n%spR\n%spR\n' "3" "2" "1")
-fi
-
-# I use these, so unset them to make the tests work.
-unset BC_ENV_ARGS
-unset BC_LINE_LENGTH
-unset DC_ENV_ARGS
-unset DC_LINE_LENGTH
-
-printf 'Running %s read...' "$d"
-
-set +e
-
-# Run read() on every line.
-while read line; do
-
-	printf '%s\n%s\n' "$read_call" "$line" | "$exe" "$@" "$options" > "$out"
-	checktest "$d" "$?" 'read' "$results" "$out"
-
-done < "$name"
-
-printf 'pass\n'
-
-printf 'Running %s read multiple...' "$d"
-
-printf '3\n2\n1\n' > "$multiple_res"
-
-# Run multiple read() calls.
-printf '%s\n' "$read_multiple" | "$exe" "$@" "$options" -e "$read_call" -e "$read_call" -e "$read_call" > "$out"
-checktest "$d" "$?" 'read multiple' "$multiple_res" "$out"
-
-printf 'pass\n'
-
-printf 'Running %s read errors...' "$d"
-
-# Run read on every line.
-while read line; do
-
-	printf '%s\n%s\n' "$read_call" "$line" | "$exe" "$@" "$options" 2> "$out" > /dev/null
-	err="$?"
-
-	checkerrtest "$d" "$err" "$line" "$out" "$exebase"
-
-done < "$errors"
-
-printf 'pass\n'
-
-printf 'Running %s empty read...' "$d"
-
-read_test=$(printf '%s\n' "$read_call")
-
-printf '%s\n' "$read_test" | "$exe" "$@" "$opts" 2> "$out" > /dev/null
-err="$?"
-
-checkerrtest "$d" "$err" "$read_test" "$out" "$exebase"
-
-printf 'pass\n'
-
-printf 'Running %s read EOF...' "$d"
-
-read_test=$(printf '%s' "$read_call")
-
-printf '%s' "$read_test" | "$exe" "$@" "$opts" 2> "$out" > /dev/null
-err="$?"
-
-checkerrtest "$d" "$err" "$read_test" "$out" "$exebase"
-
-exec printf 'pass\n'
diff --git a/contrib/bc/tests/script.sh b/contrib/bc/tests/script.sh
index b1346ef09904..ce5cf19ee275 100755
--- a/contrib/bc/tests/script.sh
+++ b/contrib/bc/tests/script.sh
@@ -2,7 +2,7 @@
 #
 # SPDX-License-Identifier: BSD-2-Clause
 #
-# Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+# Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are met:
@@ -44,7 +44,7 @@ usage() {
 	if [ $# -eq 1 ]; then
 		printf '%s\n\n' "$1"
 	fi
-	printf 'usage: %s dir script [run_extra_tests] [run_stack_tests] [generate_tests] [time_tests] [exec args...]\n' "$script"
+	printf 'usage: %s dir script [run_extra_tests] [run_stack_tests] [generate_tests] [exec args...]\n' "$script"
 	exit 1
 }
 
@@ -91,15 +91,6 @@ else
 fi
 
 if [ "$#" -gt 0 ]; then
-	time_tests="$1"
-	shift
-	check_bool_arg "$time_tests"
-else
-	time_tests=0
-	check_bool_arg "$generate"
-fi
-
-if [ "$#" -gt 0 ]; then
 	exe="$1"
 	shift
 	check_exec_arg "$exe"
@@ -209,16 +200,8 @@ set +e
 
 printf 'Running %s script %s...' "$d" "$f"
 
-# Yes this is poor timing, but it works.
-if [ "$time_tests" -ne 0 ]; then
-	printf '\n'
-	printf '%s\n' "$halt" 2> /dev/null | /usr/bin/time -p "$exe" "$@" $options "$s" > "$out"
-	err="$?"
-	printf '\n'
-else
-	printf '%s\n' "$halt" 2> /dev/null | "$exe" "$@" $options "$s" > "$out"
-	err="$?"
-fi
+printf '%s\n' "$halt" 2> /dev/null | "$exe" "$@" $options "$s" > "$out"
+err="$?"
 
 checktest "$d" "$err" "script $f" "$res" "$out"
 
diff --git a/contrib/bc/tests/scripts.sh b/contrib/bc/tests/scripts.sh
index 2c8af6c06df0..eb2963e4a9ed 100755
--- a/contrib/bc/tests/scripts.sh
+++ b/contrib/bc/tests/scripts.sh
@@ -2,7 +2,7 @@
 #
 # SPDX-License-Identifier: BSD-2-Clause
 #
-# Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+# Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are met:
@@ -40,7 +40,7 @@ usage() {
 	if [ $# -eq 1 ]; then
 		printf '%s\n\n' "$1"
 	fi
-	printf 'usage: %s [-n] dir [run_extra_tests] [run_stack_tests] [generate_tests] [time_tests] [exec args...]\n' "$script"
+	printf 'usage: %s [-n] dir [run_extra_tests] [run_stack_tests] [generate_tests] [exec args...]\n' "$script"
 	exit 1
 }
 
@@ -96,15 +96,6 @@ else
 fi
 
 if [ "$#" -gt 0 ]; then
-	time_tests="$1"
-	shift
-	check_bool_arg "$time_tests"
-else
-	time_tests=0
-	check_bool_arg "$time_tests"
-fi
-
-if [ "$#" -gt 0 ]; then
 	exe="$1"
 	shift
 	check_exec_arg "$exe"
@@ -124,11 +115,11 @@ for s in $scripts; do
 
 	if [ "$pll" -ne 0 ]; then
 		sh "$testdir/script.sh" "$d" "$f" "$run_extra_tests" "$run_stack_tests" \
-			"$generate" "$time_tests" "$exe" "$@" &
+			"$generate" "$exe" "$@" &
 		pids="$pids $!"
 	else
 		sh "$testdir/script.sh" "$d" "$f" "$run_extra_tests" "$run_stack_tests" \
-			"$generate" "$time_tests" "$exe" "$@"
+			"$generate" "$exe" "$@"
 	fi
 
 done
diff --git a/contrib/bc/tests/stdin.sh b/contrib/bc/tests/stdin.sh
index 7061e950367e..ba56606b18c4 100755
--- a/contrib/bc/tests/stdin.sh
+++ b/contrib/bc/tests/stdin.sh
@@ -2,7 +2,7 @@
 #
 # SPDX-License-Identifier: BSD-2-Clause
 #
-# Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+# Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bc/tests/test.sh b/contrib/bc/tests/test.sh
index 7b5916f02990..3dd3e19963fa 100755
--- a/contrib/bc/tests/test.sh
+++ b/contrib/bc/tests/test.sh
@@ -2,7 +2,7 @@
 #
 # SPDX-License-Identifier: BSD-2-Clause
 #
-# Copyright (c) 2018-2024 Gavin D. Howard and contributors.
+# Copyright (c) 2018-2025 Gavin D. Howard and contributors.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are met:
@@ -44,7 +44,7 @@ usage() {
 	if [ $# -eq 1 ]; then
 		printf '%s\n\n' "$1"
 	fi
-	printf 'usage: %s dir test [generate_tests] [time_tests] [exe [args...]]\n' "$0"
+	printf 'usage: %s dir test [generate_tests] [exe [args...]]\n' "$0"
 	printf 'valid dirs are:\n'
 	printf '\n'
 	cat "$testdir/all.txt"
@@ -78,15 +78,6 @@ else
 fi
 
 if [ "$#" -gt 0 ]; then
-	time_tests="$1"
-	shift
-	check_bool_arg "$time_tests"
-else
-	time_tests=0
-	check_bool_arg "$time_tests"
-fi
-
-if [ "$#" -gt 0 ]; then
 	exe="$1"
 	shift
 	check_exec_arg "$exe"
@@ -155,15 +146,8 @@ set +e
 
 printf 'Running %s %s...' "$d" "$t"
 
-if [ "$time_tests" -ne 0 ]; then
-	printf '\n'
-	printf '%s\n' "$halt" 2> /dev/null | /usr/bin/time -p "$exe" "$@" $options "$name" > "$out"
-	err="$?"
-	printf '\n'
-else
-	printf '%s\n' "$halt" 2> /dev/null | "$exe" "$@" $options "$name" > "$out"
-	err="$?"
-fi
+printf '%s\n' "$halt" 2> /dev/null | "$exe" "$@" $options "$name" > "$out"
+err="$?"
 
 checktest "$d" "$err" "$t" "$results" "$out"
 
diff --git a/contrib/bc/vs/bc.vcxproj b/contrib/bc/vs/bc.vcxproj
index c98ebc6eee53..baffabbb2b4f 100644
--- a/contrib/bc/vs/bc.vcxproj
+++ b/contrib/bc/vs/bc.vcxproj
@@ -204,7 +204,6 @@
     <ClInclude Include="..\include\read.h" />
     <ClInclude Include="..\include\status.h" />
     <ClInclude Include="..\include\vector.h" />
-    <ClInclude Include="..\include\version.h" />
     <ClInclude Include="..\include\vm.h" />
   </ItemGroup>
   <ItemGroup>
diff --git a/contrib/bc/vs/bc.vcxproj.filters b/contrib/bc/vs/bc.vcxproj.filters
index f26387253f27..caa30d9c7fa4 100644
--- a/contrib/bc/vs/bc.vcxproj.filters
+++ b/contrib/bc/vs/bc.vcxproj.filters
@@ -66,9 +66,6 @@
     <ClInclude Include="..\include\vector.h">
       <Filter>include</Filter>
     </ClInclude>
-    <ClInclude Include="..\include\version.h">
-      <Filter>include</Filter>
-    </ClInclude>
     <ClInclude Include="..\include\vm.h">
       <Filter>include</Filter>
     </ClInclude>
diff --git a/contrib/bc/vs/bcl.vcxproj b/contrib/bc/vs/bcl.vcxproj
index f838cac7cbd1..96bd3ba2a552 100644
--- a/contrib/bc/vs/bcl.vcxproj
+++ b/contrib/bc/vs/bcl.vcxproj
@@ -256,7 +256,6 @@
     <ClInclude Include="..\include\read.h" />
     <ClInclude Include="..\include\status.h" />
     <ClInclude Include="..\include\vector.h" />
-    <ClInclude Include="..\include\version.h" />
     <ClInclude Include="..\include\vm.h" />
   </ItemGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
diff --git a/contrib/bc/vs/bcl.vcxproj.filters b/contrib/bc/vs/bcl.vcxproj.filters
index b62d1899e2bf..ae3d24125dd6 100644
--- a/contrib/bc/vs/bcl.vcxproj.filters
+++ b/contrib/bc/vs/bcl.vcxproj.filters
@@ -80,9 +80,6 @@
     <ClInclude Include="..\include\vector.h">
       <Filter>include</Filter>
     </ClInclude>
-    <ClInclude Include="..\include\version.h">
-      <Filter>include</Filter>
-    </ClInclude>
     <ClInclude Include="..\include\vm.h">
       <Filter>include</Filter>
     </ClInclude>
diff --git a/contrib/blocklist/Makefile b/contrib/blocklist/Makefile
index da4411d0ca75..899746d01431 100644
--- a/contrib/blocklist/Makefile
+++ b/contrib/blocklist/Makefile
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.2 2015/01/22 17:49:41 christos Exp $
+# $NetBSD: Makefile,v 1.1.1.1 2020/06/15 01:52:52 christos Exp $
 
 SUBDIR = lib .WAIT include bin etc libexec
 
diff --git a/contrib/blocklist/Makefile.inc b/contrib/blocklist/Makefile.inc
index 85c82783cd35..b22d4a801240 100644
--- a/contrib/blocklist/Makefile.inc
+++ b/contrib/blocklist/Makefile.inc
@@ -1,10 +1,11 @@
-#	$NetBSD: Makefile.inc,v 1.3 2015/01/23 03:57:22 christos Exp $
+#	$NetBSD: Makefile.inc,v 1.3 2025/02/11 17:48:30 christos Exp $
 
 WARNS=6
 .if !defined(LIB)
-LDADD+=	-lblacklist
-DPADD+= ${LIBBLACKLIST}
+LDADD+=	-lblocklist
+DPADD+= ${LIBBLOCKLIST}
 .endif
 CPPFLAGS+= -I${.CURDIR}/../include
 CPPFLAGS+=-DHAVE_STRUCT_SOCKADDR_SA_LEN -DHAVE_UTIL_H -DHAVE_DB_H
+CPPFLAGS+=-DHAVE_SYS_CDEFS_H
 
diff --git a/contrib/blocklist/README b/contrib/blocklist/README
index 7da3317a77fe..4b34138e01ec 100644
--- a/contrib/blocklist/README
+++ b/contrib/blocklist/README
@@ -1,21 +1,21 @@
-# $NetBSD: README,v 1.8 2017/04/13 17:59:34 christos Exp $
+# $NetBSD: README,v 1.3 2024/02/09 00:53:30 wiz Exp $
 
 This package contains library that can be used by network daemons to
 communicate with a packet filter via a daemon to enforce opening and
 closing ports dynamically based on policy.
 
-The interface to the packet filter is in libexec/blacklistd-helper
+The interface to the packet filter is in libexec/blocklistd-helper
 (this is currently designed for npf) and the configuration file
-(inspired from inetd.conf) is in etc/blacklistd.conf.
+(inspired from inetd.conf) is in etc/blocklistd.conf.
 
-On NetBSD you can find an example npf.conf and blacklistd.conf in
-/usr/share/examples/blacklistd; you need to adjust the interface
+On NetBSD you can find an example npf.conf and blocklistd.conf in
+/usr/share/examples/blocklistd; you need to adjust the interface
 in npf.conf and copy both files to /etc; then you just enable
-blacklistd=YES in /etc/rc.conf, start it up, and you are all set.
+blocklistd=YES in /etc/rc.conf, start it up, and you are all set.
 
-There is also a startup file in etc/rc.d/blacklistd
+There is also a startup file in etc/rc.d/blocklistd
 
-Patches to various daemons to add blacklisting capabilitiers are in the
+Patches to various daemons to add blocklisting capabilities are in the
 "diff" directory:
     - OpenSSH: diff/ssh.diff [tcp socket example]
     - Bind: diff/named.diff [both tcp and udp]
@@ -23,21 +23,21 @@ Patches to various daemons to add blacklisting capabilitiers are in the
 
 These patches have been applied to NetBSD-current.
 
-The network daemon (for example sshd) communicates to blacklistd, via
-a unix socket like syslog. The library calls are simple and everything
+The network daemon (for example sshd) communicates to blocklistd, via
+a Unix socket like syslog. The library calls are simple and everything
 is handled by the library. In the simplest form the only thing the
 daemon needs to do is to call:
 
-	blacklist(action, acceptedfd, message);
+	blocklist(action, acceptedfd, message);
 
 Where:
-	action = 0 -> successful login clear blacklist state
+	action = 0 -> successful login clear blocklist state
 		 1 -> failed login, add to the failed count
 	acceptedfd -> the file descriptor where the server is
 		      connected to the remote client. It is used
 		      to determine the listening socket, and the
 		      remote address. This allows any program to
-		      contact the blacklist daemon, since the verification
+		      contact the blocklist daemon, since the verification
 		      if the program has access to the listening
 		      socket is done by virtue that the port
 		      number is retrieved from the kernel.
@@ -46,13 +46,13 @@ Where:
 Unfortunately there is no way to get information about the "peer"
 from a udp socket, because there is no connection and that information
 is kept with the server. In that case the daemon can provide the
-peer information to blacklistd via:
+peer information to blocklistd via:
 
-	blacklist_sa(action, acceptedfd, sockaddr, sockaddr_len, message);
+	blocklist_sa(action, acceptedfd, sockaddr, sockaddr_len, message);
 
 The configuration file contains entries of the form:
 
-# Blacklist rule
+# Blocklist rule
 # host/Port	type	protocol	owner	name	nfail	disable
 192.168.1.1:ssh	stream	tcp		*	-int	10	1m
 8.8.8.8:ssh	stream	tcp		*	-ext	6	60m
@@ -60,18 +60,18 @@ ssh		stream	tcp6		*	*	6	60m
 http		stream	tcp		*	*	6	60m
 
 Here note that owner is * because the connection is done from the
-child ssh socket which runs with user privs. We treat ipv4 connections
+child ssh socket which runs with user privs. We treat IPv4 connections
 differently by maintaining two different rules one for the external
 interface and one from the internal We also register for both tcp
 and tcp6 since those are different listening sockets and addresses;
-we don't bother with ipv6 and separate rules. We use nfail = 6,
+we don't bother with IPv6 and separate rules. We use nfail = 6,
 because ssh allows 3 password attempts per connection, and this
 will let us have 2 connections before blocking. Finally we block
 for an hour; we could block forever too by specifying * in the
 duration column.
 
-blacklistd and the library use syslog(3) to report errors. The
-blacklist filter state is persisted automatically in /var/db/blacklistd.db
+blocklistd and the library use syslog(3) to report errors. The
+blocklist filter state is persisted automatically in /var/db/blocklistd.db
 so that if the daemon is restarted, it remembers what connections
 is currently handling. To start from a fresh state (if you restart
 npf too for example), you can use -f. To watch the daemon at work,
@@ -80,27 +80,27 @@ you can use -d.
 The current control file is designed for npf, and it uses the
 dynamic rule feature. You need to create a dynamic rule in your
 /etc/npf.conf on the group referring to the interface you want to block
-called blacklistd as follows:
+called blocklistd as follows:
 
 ext_if=bge0
 int_if=sk0
 	
 group "external" on $ext_if {
 	...
-        ruleset "blacklistd-ext" 
-        ruleset "blacklistd" 
+        ruleset "blocklistd-ext" 
+        ruleset "blocklistd" 
 	...
 }
 
 group "internal" on $int_if {
 	...
-        ruleset "blacklistd-int" 
+        ruleset "blocklistd-int" 
 	...
 }
 
-You can use 'blacklistctl dump -a' to list all the current entries
+You can use 'blocklistctl dump -a' to list all the current entries
 in the database; the ones that have nfail <c>/<t> where <c>urrent
->= <t>otal, should have an id assosiated with them; this means that
+>= <t>otal, should have an id associated with them; this means that
 there is a packet filter rule added for that entry. For npf, you
 can examine the packet filter dynamic rule entries using 'npfctl
 rule <rulename> list'.  The number of current entries can exceed
diff --git a/contrib/blocklist/TODO b/contrib/blocklist/TODO
index 9925020d54bb..d67111bd5139 100644
--- a/contrib/blocklist/TODO
+++ b/contrib/blocklist/TODO
@@ -1,4 +1,4 @@
-# $NetBSD: TODO,v 1.7 2015/01/23 21:34:01 christos Exp $
+# $NetBSD: TODO,v 1.3 2025/02/05 20:22:26 christos Exp $
 
 - don't poll periodically, find the next timeout
 - use the socket also for commands? Or separate socket?
@@ -17,5 +17,48 @@
 	-n
 	block
 	unblock
-- do we need an api in blacklistctl to perform maintenance
-- fix the blacklistctl output to be more user friendly
+- do we need an api in blocklistctl to perform maintenance
+- fix the blocklistctl output to be more user friendly
+
+- figure out some way to do distributed operation securely (perhaps with
+  a helper daemon that authenticates local sockets and then communicates
+  local DB changes to the central server over a secure channel --
+  perhaps blocklistd-helper can have a back-end that can send updates to
+  a central server)
+
+- add "blocklistd -l" to enable filter logging on all rules by default
+
+- add some new options in the config file
+
+	"/all"	- block both TCP and UDP (on the proto field?)
+
+	"/log"	- enable filter logging (if not the default) (on the name field?)
+	"/nolog"- disable filter logging (if not the default) (on the name field?)
+
+  The latter two probably require a new parameter for blocklistd-helper.
+
+- "blocklistd -f" should (also?) be a blocklistctl function!?!?!
+
+- if blocklistd was started with '-r' then a SIGHUP should also do a
+  "control flush $rulename" and then re-add all the filter rules?
+
+- should/could /etc/rc.conf.d/ipfilter be created with the following?
+
+	reload_postcmd=blocklistd_reload
+	start_postcmd=blocklistd_start
+	stop_precmd=blocklistd_stop
+	blocklistd_reload ()
+	{
+		/etc/rc.d/blocklistd reload	# IFF SIGHUP does flush/re-add
+		# /etc/rc.d/blocklistd restart
+	}
+	blocklistd_stop ()
+	{
+		/etc/rc.d/blocklistd stop
+	}
+	blocklistd_start ()
+	{
+		/etc/rc.d/blocklistd start
+	}
+
+  or is there a better way?
diff --git a/contrib/blocklist/bin/Makefile b/contrib/blocklist/bin/Makefile
index 280c72fd3af1..1856e2524f3c 100644
--- a/contrib/blocklist/bin/Makefile
+++ b/contrib/blocklist/bin/Makefile
@@ -1,12 +1,12 @@
-# $NetBSD: Makefile,v 1.11 2015/01/27 19:40:36 christos Exp $
+# $NetBSD: Makefile,v 1.1.1.1 2020/06/15 01:52:52 christos Exp $
 
 BINDIR=/sbin
 
-PROGS=blacklistd blacklistctl
-MAN.blacklistd=blacklistd.8 blacklistd.conf.5
-MAN.blacklistctl=blacklistctl.8
-SRCS.blacklistd = blacklistd.c conf.c run.c state.c support.c internal.c
-SRCS.blacklistctl = blacklistctl.c conf.c state.c support.c internal.c
+PROGS=blocklistd blocklistctl
+MAN.blocklistd=blocklistd.8 blocklistd.conf.5
+MAN.blocklistctl=blocklistctl.8
+SRCS.blocklistd = blocklistd.c conf.c run.c state.c support.c internal.c
+SRCS.blocklistctl = blocklistctl.c conf.c state.c support.c internal.c
 DBG=-g
 
 LDADD+=-lutil
diff --git a/contrib/blocklist/bin/blacklistctl.8 b/contrib/blocklist/bin/blacklistctl.8
index 7c6521117745..4d557c0c979d 100644
--- a/contrib/blocklist/bin/blacklistctl.8
+++ b/contrib/blocklist/bin/blacklistctl.8
@@ -1,4 +1,4 @@
-.\" $NetBSD: blacklistctl.8,v 1.9 2016/06/08 12:48:37 wiz Exp $
+.\" $NetBSD: blocklistctl.8,v 1.4 2025/02/07 01:35:38 kre Exp $
 .\"
 .\" Copyright (c) 2015 The NetBSD Foundation, Inc.
 .\" All rights reserved.
@@ -27,27 +27,43 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd June 7, 2016
+.Dd January 27, 2025
 .Dt BLACKLISTCTL 8
 .Os
 .Sh NAME
 .Nm blacklistctl
-.Nd display and change the state of blacklistd
+.Nd display and change the state of the blacklistd database
 .Sh SYNOPSIS
 .Nm
 .Cm dump
 .Op Fl abdnrw
+.Op Fl D Ar dbname
 .Sh DESCRIPTION
 .Nm
-is a program used to display the state of
+is a program used to display and change the state of the
 .Xr blacklistd 8
+database.
+The following sub-commands are supported:
+.Ss dump
 .Pp
-The following options are available:
+The following options are available for the
+.Cm dump
+sub-command:
 .Bl -tag -width indent
 .It Fl a
-Show all database entries, by default it shows only the embryonic ones.
+Show all database entries, by default it shows only the active ones.
+Inactive entries will be shown with a last-access (or, with
+.Fl r ,
+the remaining) time of
+.Ql never .
 .It Fl b
 Show only the blocked entries.
+.It Fl D Ar dbname
+Specify the location of the
+.Ic blacklistd
+database file to use.
+The default is
+.Pa /var/db/blocklistd.db .
 .It Fl d
 Increase debugging level.
 .It Fl n
@@ -59,9 +75,43 @@ Normally the width of addresses is good for IPv4, the
 .Fl w
 flag, makes the display wide enough for IPv6 addresses.
 .El
+.Pp
+The output of the
+.Cm dump
+sub-command consists of a header (unless
+.Fl n
+was given) and one line for each record in the database, where each line
+has the following columns:
+.Bl -tag -width indent
+.It Ql address/ma:port
+The remote address, mask, and local port number of the client connection
+associated with the database entry.
+.It Ql id
+column will show the identifier for the packet filter rule associated
+with the database entry, though this may only be the word
+.Ql OK
+for packet filters which do not creat a unique identifier for each rule.
+.It Ql nfail
+The number of
+.Em failures
+reported for the client on the noted port, as well as the number of
+failures allowed before blocking (or, with
+.Fl a ,
+an asterisk
+.Aq * )
+.It So last access Sc | So remaining time Sc
+The last time a the client was reported as attempting access, or, with
+.Fl r ,
+the time remaining before the rule blocking the client will be removed.
+.El
 .Sh SEE ALSO
 .Xr blacklistd 8
 .Sh NOTES
+The
+.Nm
+program has been renamed to
+.Xr blocklistctl 8 .
+.Pp
 Sometimes the reported number of failed attempts can exceed the number
 of attempts that
 .Xr blacklistd 8
diff --git a/contrib/blocklist/bin/blacklistctl.c b/contrib/blocklist/bin/blacklistctl.c
index 89b72921caf5..6298a08b10b4 100644
--- a/contrib/blocklist/bin/blacklistctl.c
+++ b/contrib/blocklist/bin/blacklistctl.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: blacklistctl.c,v 1.23 2018/05/24 19:21:01 christos Exp $	*/
+/*	$NetBSD: blocklistctl.c,v 1.4 2025/02/11 17:48:30 christos Exp $	*/
 
 /*-
  * Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -32,8 +32,10 @@
 #include "config.h"
 #endif
 
+#ifdef HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: blacklistctl.c,v 1.23 2018/05/24 19:21:01 christos Exp $");
+#endif
+__RCSID("$NetBSD: blocklistctl.c,v 1.4 2025/02/11 17:48:30 christos Exp $");
 
 #include <stdio.h>
 #include <time.h>
@@ -53,7 +55,7 @@ __RCSID("$NetBSD: blacklistctl.c,v 1.23 2018/05/24 19:21:01 christos Exp $");
 
 #include "conf.h"
 #include "state.h"
-#include "internal.h"
+#include "old_internal.h"
 #include "support.h"
 
 static __dead void
@@ -63,7 +65,8 @@ usage(int c)
 		warnx("Missing/unknown command");
 	else if (c != '?')
 		warnx("Unknown option `%c'", (char)c);
-	fprintf(stderr, "Usage: %s dump [-abdnrw]\n", getprogname());
+	fprintf(stderr,
+	    "Usage: %s dump [-abdnrw] [-D dbname]\n", getprogname());
 	exit(EXIT_FAILURE);
 }
 
diff --git a/contrib/blocklist/bin/blacklistd.8 b/contrib/blocklist/bin/blacklistd.8
index 82e1f15f61c9..9ca886e9c4d3 100644
--- a/contrib/blocklist/bin/blacklistd.8
+++ b/contrib/blocklist/bin/blacklistd.8
@@ -1,4 +1,4 @@
-.\" $NetBSD: blacklistd.8,v 1.23 2020/04/21 13:57:12 christos Exp $
+.\" $NetBSD: blocklistd.8,v 1.8 2025/02/25 22:13:34 christos Exp $
 .\"
 .\" Copyright (c) 2015 The NetBSD Foundation, Inc.
 .\" All rights reserved.
@@ -27,7 +27,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd April 21, 2020
+.Dd February 25, 2025
 .Dt BLACKLISTD 8
 .Os
 .Sh NAME
@@ -53,18 +53,31 @@ for notifications from other daemons about successful or failed connection
 attempts.
 If no such file is specified, then it only listens to the socket path
 specified by
-.Ar sockspath
+.Ar sockpath
 or if that is not specified to
-.Pa /var/run/blacklistd.sock .
+.Pa /var/run/blocklistd.sock .
 Each notification contains an (action, port, protocol, address, owner) tuple
 that identifies the remote connection and the action.
-This tuple is consulted against entries in
-.Ar configfile
-with syntax specified in
+This tuple is consulted against entries from the
+.Ar configfile ,
+with the syntax specified in
 .Xr blacklistd.conf 5 .
 If an entry is matched, a state entry is created for that tuple.
 Each entry contains a number of tries limit and a duration.
 .Pp
+If
+.Ar configfile
+is a directory, or a directory exists with the same name as
+.Ar configfile
+with
+.Qq .d
+appended to it, each file in the directory will be read as configuration file.
+If
+.Ar configfile
+exists as a file it will be processed before the contents of the
+.Ar configfile Ns .d
+directory if that also exists.
+.Pp
 The way
 .Nm
 does configuration entry matching is by having the client side pass the
@@ -152,7 +165,7 @@ The following options are available:
 .It Fl C Ar controlprog
 Use
 .Ar controlprog
-to communicate with the packet filter, usually
+to communicate with the packet filter, instead of the default, which is
 .Pa /usr/libexec/blacklistd-helper .
 The following arguments are passed to the control program:
 .Bl -tag -width protocol
@@ -161,7 +174,7 @@ The action to perform:
 .Dv add ,
 .Dv rem ,
 or
-.Dv flush
+.Dv flush ;
 to add, remove or flush a firewall rule.
 .It name
 The rule name.
@@ -183,13 +196,17 @@ identifier of the rule to be removed.
 The add command is expected to return the rule identifier string to stdout.
 .El
 .It Fl c Ar configuration
-The name of the configuration file to read, usually
+The name of the configuration file to read.
+The default when
+.Fl c
+is not given is
 .Pa /etc/blacklistd.conf .
 .It Fl D Ar dbfile
 The Berkeley DB file where
 .Nm
-stores its state, usually
-.Pa /var/db/blacklistd.db .
+stores its state.
+It defaults to
+.Pa /var/db/blocklistd.db .
 .It Fl d
 Normally,
 .Nm
@@ -203,7 +220,7 @@ are deleted by invoking the control script as:
 .Bd -literal -offset indent
 control flush <rulename>
 .Ed
-.It Fl P Ar sockspathsfile
+.It Fl P Ar sockpathsfile
 A file containing a list of pathnames, one per line that
 .Nm
 will create sockets to listen to.
@@ -261,16 +278,23 @@ to decrease the internal debugging level by 1.
 Shell script invoked to interface with the packet filter.
 .It Pa /etc/blacklistd.conf
 Configuration file.
-.It Pa /var/db/blacklistd.db
+.It Pa /var/db/blocklistd.db
 Database of current connection entries.
-.It Pa /var/run/blacklistd.sock
+.It Pa /var/run/blocklistd.sock
 Socket to receive connection notifications.
 .El
 .Sh SEE ALSO
 .Xr blacklistd.conf 5 ,
 .Xr blacklistctl 8 ,
+.Xr ipf 8 ,
+.Xr ipfw 8 ,
 .Xr pfctl 8 ,
 .Xr syslogd 8
+.Sh NOTES
+The
+.Nm
+daemon has been renamed to
+.Xr blocklistd 8 .
 .Sh HISTORY
 .Nm
 first appeared in
diff --git a/contrib/blocklist/bin/blacklistd.c b/contrib/blocklist/bin/blacklistd.c
index 714abcbcaf0e..ded3075ed707 100644
--- a/contrib/blocklist/bin/blacklistd.c
+++ b/contrib/blocklist/bin/blacklistd.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: blacklistd.c,v 1.38 2019/02/27 02:20:18 christos Exp $	*/
+/*	$NetBSD: blocklistd.c,v 1.10 2025/03/26 17:09:35 christos Exp $	*/
 
 /*-
  * Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -31,8 +31,11 @@
 #ifdef HAVE_CONFIG_H
 #include "config.h"
 #endif
+
+#ifdef HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: blacklistd.c,v 1.38 2019/02/27 02:20:18 christos Exp $");
+#endif
+__RCSID("$NetBSD: blocklistd.c,v 1.10 2025/03/26 17:09:35 christos Exp $");
 
 #include <sys/types.h>
 #include <sys/socket.h>
@@ -64,8 +67,8 @@ __RCSID("$NetBSD: blacklistd.c,v 1.38 2019/02/27 02:20:18 christos Exp $");
 #include <ifaddrs.h>
 #include <netinet/in.h>
 
-#include "bl.h"
-#include "internal.h"
+#include "old_bl.h"
+#include "old_internal.h"
 #include "conf.h"
 #include "run.h"
 #include "state.h"
@@ -175,6 +178,8 @@ process(bl_t bl)
 	struct dbinfo dbi;
 	struct timespec ts;
 
+	memset(&dbi, 0, sizeof(dbi));
+	memset(&c, 0, sizeof(c));
 	if (clock_gettime(CLOCK_REALTIME, &ts) == -1) {
 		(*lfun)(LOG_ERR, "clock_gettime failed (%m)");
 		return;
@@ -188,10 +193,11 @@ process(bl_t bl)
 	if (getremoteaddress(bi, &rss, &rsl) == -1)
 		goto out;
 
-	if (debug) {
+	if (debug || bi->bi_msg[0]) {
 		sockaddr_snprintf(rbuf, sizeof(rbuf), "%a:%p", (void *)&rss);
-		(*lfun)(LOG_DEBUG, "processing type=%d fd=%d remote=%s msg=%s"
-		    " uid=%lu gid=%lu", bi->bi_type, bi->bi_fd, rbuf,
+		(*lfun)(bi->bi_msg[0] ? LOG_INFO : LOG_DEBUG,
+		    "processing type=%d fd=%d remote=%s msg=%s uid=%lu gid=%lu",
+		    bi->bi_type, bi->bi_fd, rbuf,
 		    bi->bi_msg, (unsigned long)bi->bi_uid,
 		    (unsigned long)bi->bi_gid);
 	}
@@ -334,7 +340,7 @@ static void
 addfd(struct pollfd **pfdp, bl_t **blp, size_t *nfd, size_t *maxfd,
     const char *path)
 {
-	bl_t bl = bl_create(true, path, vflag ? vdlog : vsyslog);
+	bl_t bl = bl_create(true, path, vflag ? vdlog : vsyslog_r);
 	if (bl == NULL || !bl_isconnected(bl))
 		exit(EXIT_FAILURE);
 	if (*nfd >= *maxfd) {
@@ -395,15 +401,25 @@ rules_flush(void)
 static void
 rules_restore(void)
 {
+	DB *db;
 	struct conf c;
 	struct dbinfo dbi;
 	unsigned int f;
 
-	for (f = 1; state_iterate(state, &c, &dbi, f) == 1; f = 0) {
+	db = state_open(dbfile, O_RDONLY, 0);
+	if (db == NULL) {
+		(*lfun)(LOG_ERR, "Can't open `%s' to restore state (%m)",
+			dbfile);
+		return;
+	}
+	for (f = 1; state_iterate(db, &c, &dbi, f) == 1; f = 0) {
 		if (dbi.id[0] == '\0')
 			continue;
 		(void)run_change("add", &c, dbi.id, sizeof(dbi.id));
+		state_put(state, &c, &dbi);
 	}
+	state_close(db);
+	state_sync(state);
 }
 
 int
diff --git a/contrib/blocklist/bin/blacklistd.conf.5 b/contrib/blocklist/bin/blacklistd.conf.5
index 70036441eb4b..e775d30e7e8e 100644
--- a/contrib/blocklist/bin/blacklistd.conf.5
+++ b/contrib/blocklist/bin/blacklistd.conf.5
@@ -1,6 +1,6 @@
-.\" $NetBSD: blacklistd.conf.5,v 1.9 2019/11/06 20:33:30 para Exp $
+.\" $NetBSD: blocklistd.conf.5,v 1.7 2025/02/11 17:47:05 christos Exp $
 .\"
-.\" Copyright (c) 2015 The NetBSD Foundation, Inc.
+.\" Copyright (c) 2015, 2025 The NetBSD Foundation, Inc.
 .\" All rights reserved.
 .\"
 .\" This code is derived from software contributed to The NetBSD Foundation
@@ -27,7 +27,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd May 18, 2020
+.Dd February 5, 2025
 .Dt BLACKLISTD.CONF 5
 .Os
 .Sh NAME
@@ -48,34 +48,34 @@ Comments are denoted by a
 at the beginning of a line.
 .Pp
 There are two kinds of configuration lines,
-.Va local
+.Va [local]
 and
-.Va remote .
+.Va [remote] .
 By default, configuration lines are
-.Va local ,
+.Va [local] ,
 i.e. the address specified refers to the addresses on the local machine.
 To switch to between
-.Va local
+.Va [local]
 and
-.Va remote
+.Va [remote]
 configuration lines you can specify the stanzas:
 .Dq [local]
 and
 .Dq [remote] .
 .Pp
 On
-.Va local
+.Va [local]
 and
-.Va remote
+.Va [remote]
 lines
 .Dq *
 means use the default, or wildcard match.
 In addition, for
-.Va remote
+.Va [remote]
 lines
 .Dq =
 means use the values from the matched
-.Va local
+.Va [local]
 configuration line.
 .Pp
 The first four fields,
@@ -85,9 +85,9 @@ The first four fields,
 and
 .Va owner
 are used to match the
-.Va local
+.Va [local]
 or
-.Va remote
+.Va [remote]
 addresses, whereas the last 3 fields
 .Va name ,
 .Va nfail ,
@@ -110,8 +110,8 @@ The
 can be an IPv4 address in numeric format, an IPv6 address
 in numeric format and enclosed by square brackets, or an interface name.
 Mask modifiers are not allowed on interfaces because interfaces
-can have multiple addresses in different protocols where the mask has a different
-size.
+can have multiple addresses in different protocols where the mask has a
+different size.
 .Pp
 The
 .Dv mask
@@ -143,8 +143,8 @@ The
 field, is the name of the packet filter rule to be used.
 If the
 .Va name
-starts with a
-.Dq - ,
+starts with a hyphen
+.Pq Dq - ,
 then the default rulename is prepended to the given name.
 If the
 .Dv name
@@ -160,13 +160,13 @@ field contains the number of failed attempts before access is blocked,
 defaulting to
 .Dq *
 meaning never, and the last field
-.Va disable
+.Va duration
 specifies the amount of time since the last access that the blocking
 rule should be active, defaulting to
 .Dq *
 meaning forever.
 The default unit for
-.Va disable
+.Va duration
 is seconds, but one can specify suffixes for different units, such as
 .Dq m
 for minutes
@@ -176,25 +176,31 @@ for hours and
 for days.
 .Pp
 Matching is done first by checking the
-.Va local
+.Va [local]
 rules individually, in the order of the most specific to the least specific.
-If a match is found, then the
-.Va remote
+If a match is found, then the matching
+.Va [remote]
 rules are applied.
 The
 .Va name ,
 .Va nfail ,
 and
-.Va disable
+.Va duration
 fields can be altered by the
-.Va remote
+.Va [remote]
 rule that matched.
 .Pp
 The
-.Va remote
+.Va [remote]
 rules can be used for allowing specific addresses, changing the mask
-size, the rule that the packet filter uses, the number of failed attempts,
-or the block duration.
+size (via
+.Va name ) ,
+the rule that the packet filter uses (also via
+.Va name ) ,
+the number of failed attempts (via
+.Va nfail ) ,
+or the duration to block (via
+.Va duration ) .
 .Sh FILES
 .Bl -tag -width /etc/blacklistd.conf -compact
 .It Pa /etc/blacklistd.conf
@@ -209,13 +215,20 @@ bnx0:ssh	*	*	*	*	3	6h
 [remote]
 # Never block 1.2.3.4
 1.2.3.4:ssh	*	*	*	*	*	*
-# For addresses coming from 8.8.0.0/16 block whole /24 networks instead of
+# Never block the example IPv6 subnet either
+[2001:db8::]/32:ssh	*	*	*	*	*	*
+# For addresses coming from 8.8.0.0/16 block whole /24 networks instead
 # individual hosts, but keep the rest of the blocking parameters the same.
 8.8.0.0/16:ssh	*	*	*	/24	=	=
 .Ed
 .Sh SEE ALSO
 .Xr blacklistctl 8 ,
 .Xr blacklistd 8
+.Sh NOTES
+The
+.Nm
+file has been renamed to
+.Xr blocklistd.conf 8 .
 .Sh HISTORY
 .Nm
 first appeared in
diff --git a/contrib/blocklist/bin/blocklistctl.8 b/contrib/blocklist/bin/blocklistctl.8
new file mode 100644
index 000000000000..a98c16374f19
--- /dev/null
+++ b/contrib/blocklist/bin/blocklistctl.8
@@ -0,0 +1,131 @@
+.\" $NetBSD: blocklistctl.8,v 1.4 2025/02/07 01:35:38 kre Exp $
+.\"
+.\" Copyright (c) 2015 The NetBSD Foundation, Inc.
+.\" All rights reserved.
+.\"
+.\" This code is derived from software contributed to The NetBSD Foundation
+.\" by Christos Zoulas.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+.\" POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd January 27, 2025
+.Dt BLOCKLISTCTL 8
+.Os
+.Sh NAME
+.Nm blocklistctl
+.Nd display and change the state of the blocklistd database
+.Sh SYNOPSIS
+.Nm
+.Cm dump
+.Op Fl abdnrw
+.Op Fl D Ar dbname
+.Sh DESCRIPTION
+.Nm
+is a program used to display and change the state of the
+.Xr blocklistd 8
+database.
+The following sub-commands are supported:
+.Ss dump
+.Pp
+The following options are available for the
+.Cm dump
+sub-command:
+.Bl -tag -width indent
+.It Fl a
+Show all database entries, by default it shows only the active ones.
+Inactive entries will be shown with a last-access (or, with
+.Fl r ,
+the remaining) time of
+.Ql never .
+.It Fl b
+Show only the blocked entries.
+.It Fl D Ar dbname
+Specify the location of the
+.Ic blocklistd
+database file to use.
+The default is
+.Pa /var/db/blocklistd.db .
+.It Fl d
+Increase debugging level.
+.It Fl n
+Don't display a header.
+.It Fl r
+Show the remaining blocked time instead of the last activity time.
+.It Fl w
+Normally the width of addresses is good for IPv4, the
+.Fl w
+flag, makes the display wide enough for IPv6 addresses.
+.El
+.Pp
+The output of the
+.Cm dump
+sub-command consists of a header (unless
+.Fl n
+was given) and one line for each record in the database, where each line
+has the following columns:
+.Bl -tag -width indent
+.It Ql address/ma:port
+The remote address, mask, and local port number of the client connection
+associated with the database entry.
+.It Ql id
+column will show the identifier for the packet filter rule associated
+with the database entry, though this may only be the word
+.Ql OK
+for packet filters which do not creat a unique identifier for each rule.
+.It Ql nfail
+The number of
+.Em failures
+reported for the client on the noted port, as well as the number of
+failures allowed before blocking (or, with
+.Fl a ,
+an asterisk
+.Aq * )
+.It So last access Sc | So remaining time Sc
+The last time a the client was reported as attempting access, or, with
+.Fl r ,
+the time remaining before the rule blocking the client will be removed.
+.El
+.Sh SEE ALSO
+.Xr blocklistd 8
+.Sh NOTES
+Sometimes the reported number of failed attempts can exceed the number
+of attempts that
+.Xr blocklistd 8
+is configured to block.
+This can happen either because the rule has been removed manually, or
+because there were more attempts in flight while the rule block was being
+added.
+This condition is normal; in that case
+.Xr blocklistd 8
+will first attempt to remove the existing rule, and then it will re-add
+it to make sure that there is only one rule active.
+.Sh HISTORY
+.Nm
+first appeared in
+.Nx 7 .
+.Fx
+support for
+.Nm
+was implemented in
+.Fx 11 .
+.Sh AUTHORS
+.An Christos Zoulas
diff --git a/contrib/blocklist/bin/blocklistctl.c b/contrib/blocklist/bin/blocklistctl.c
new file mode 100644
index 000000000000..8c75e0430c61
--- /dev/null
+++ b/contrib/blocklist/bin/blocklistctl.c
@@ -0,0 +1,170 @@
+/*	$NetBSD: blocklistctl.c,v 1.4 2025/02/11 17:48:30 christos Exp $	*/
+
+/*-
+ * Copyright (c) 2015 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#ifdef HAVE_SYS_CDEFS_H
+#include <sys/cdefs.h>
+#endif
+__RCSID("$NetBSD: blocklistctl.c,v 1.4 2025/02/11 17:48:30 christos Exp $");
+
+#include <stdio.h>
+#include <time.h>
+#ifdef HAVE_LIBUTIL_H
+#include <libutil.h>
+#endif
+#ifdef HAVE_UTIL_H
+#include <util.h>
+#endif
+#include <fcntl.h>
+#include <string.h>
+#include <syslog.h>
+#include <err.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <sys/socket.h>
+
+#include "conf.h"
+#include "state.h"
+#include "internal.h"
+#include "support.h"
+
+static __dead void
+usage(int c)
+{
+	if (c == 0)
+		warnx("Missing/unknown command");
+	else if (c != '?')
+		warnx("Unknown option `%c'", (char)c);
+	fprintf(stderr,
+	    "Usage: %s dump [-abdnrw] [-D dbname]\n", getprogname());
+	exit(EXIT_FAILURE);
+}
+
+static const char *
+star(char *buf, size_t len, int val)
+{
+	if (val == -1)
+		return "*";
+	snprintf(buf, len, "%d", val);
+	return buf;
+}
+
+int
+main(int argc, char *argv[])
+{
+	const char *dbname = _PATH_BLSTATE;
+	DB *db;
+	struct conf c;
+	struct dbinfo dbi;
+	unsigned int i;
+	struct timespec ts;
+	int all, blocked, remain, wide, noheader;
+	int o;
+
+	noheader = wide = blocked = all = remain = 0;
+	lfun = dlog;
+
+	if (argc == 1 || strcmp(argv[1], "dump") != 0)
+		usage(0);
+
+	argc--;
+	argv++;
+
+	while ((o = getopt(argc, argv, "abD:dnrw")) != -1)
+		switch (o) {
+		case 'a':
+			all = 1;
+			blocked = 0;
+			break;
+		case 'b':
+			blocked = 1;
+			break;
+		case 'D':
+			dbname = optarg;
+			break;
+		case 'd':
+			debug++;
+			break;
+		case 'n':
+			noheader = 1;
+			break;
+		case 'r':
+			remain = 1;
+			break;
+		case 'w':
+			wide = 1;
+			break;
+		default:
+			usage(o);
+		}
+
+	db = state_open(dbname, O_RDONLY, 0);
+	if (db == NULL)
+		err(EXIT_FAILURE, "Can't open `%s'", dbname);
+
+	clock_gettime(CLOCK_REALTIME, &ts);
+	wide = wide ? 8 * 4 + 7 : 4 * 3 + 3;
+	if (!noheader)
+		printf("%*.*s/ma:port\tid\tnfail\t%s\n", wide, wide,
+		    "address", remain ? "remaining time" : "last access");
+	for (i = 1; state_iterate(db, &c, &dbi, i) != 0; i = 0) {
+		char buf[BUFSIZ];
+		char mbuf[64], pbuf[64];
+		if (!all) {
+			if (blocked) {
+				if (c.c_nfail == -1 || dbi.count < c.c_nfail)
+					continue;
+			} else {
+				if (dbi.count >= c.c_nfail)
+					continue;
+			}
+		}
+		sockaddr_snprintf(buf, sizeof(buf), "%a", (void *)&c.c_ss);
+		printf("%*.*s/%s:%s\t", wide, wide, buf,
+		    star(mbuf, sizeof(mbuf), c.c_lmask),
+		    star(pbuf, sizeof(pbuf), c.c_port));
+		if (c.c_duration == -1) {
+			strlcpy(buf, "never", sizeof(buf));
+		} else {
+			if (remain)
+				fmtydhms(buf, sizeof(buf),
+				    c.c_duration - (ts.tv_sec - dbi.last));
+			else
+				fmttime(buf, sizeof(buf), dbi.last);
+		}
+		printf("%s\t%d/%s\t%-s\n", dbi.id, dbi.count,
+		    star(mbuf, sizeof(mbuf), c.c_nfail), buf);
+	}
+	state_close(db);
+	return EXIT_SUCCESS;
+}
diff --git a/contrib/blocklist/bin/blocklistd.8 b/contrib/blocklist/bin/blocklistd.8
new file mode 100644
index 000000000000..e0b9fb482cbd
--- /dev/null
+++ b/contrib/blocklist/bin/blocklistd.8
@@ -0,0 +1,303 @@
+.\" $NetBSD: blocklistd.8,v 1.8 2025/02/25 22:13:34 christos Exp $
+.\"
+.\" Copyright (c) 2015 The NetBSD Foundation, Inc.
+.\" All rights reserved.
+.\"
+.\" This code is derived from software contributed to The NetBSD Foundation
+.\" by Christos Zoulas.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+.\" POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd February 25, 2025
+.Dt BLOCKLISTD 8
+.Os
+.Sh NAME
+.Nm blocklistd
+.Nd block and release ports on demand to avoid DoS abuse
+.Sh SYNOPSIS
+.Nm
+.Op Fl dfrv
+.Op Fl C Ar controlprog
+.Op Fl c Ar configfile
+.Op Fl D Ar dbfile
+.Op Fl P Ar sockpathsfile
+.Op Fl R Ar rulename
+.Op Fl s Ar sockpath
+.Op Fl t Ar timeout
+.Sh DESCRIPTION
+.Nm
+is a daemon similar to
+.Xr syslogd 8
+that listens to sockets at paths specified in the
+.Ar sockpathsfile
+for notifications from other daemons about successful or failed connection
+attempts.
+If no such file is specified, then it only listens to the socket path
+specified by
+.Ar sockpath
+or if that is not specified to
+.Pa /var/run/blocklistd.sock .
+Each notification contains an (action, port, protocol, address, owner) tuple
+that identifies the remote connection and the action.
+This tuple is consulted against entries from the
+.Ar configfile ,
+with the syntax specified in
+.Xr blocklistd.conf 5 .
+If an entry is matched, a state entry is created for that tuple.
+Each entry contains a number of tries limit and a duration.
+.Pp
+If
+.Ar configfile
+is a directory, or a directory exists with the same name as
+.Ar configfile
+with
+.Qq .d
+appended to it, each file in the directory will be read as configuration file.
+If
+.Ar configfile
+exists as a file it will be processed before the contents of the
+.Ar configfile Ns .d
+directory if that also exists.
+.Pp
+The way
+.Nm
+does configuration entry matching is by having the client side pass the
+file descriptor associated with the connection the client wants to blocklist
+as well as passing socket credentials.
+.Pp
+The file descriptor is used to retrieve information (address and port)
+about the remote side with
+.Xr getpeername 2
+and the local side with
+.Xr getsockname 2 .
+.Pp
+By examining the port of the local side,
+.Nm
+can determine if the client program
+.Dq owns
+the port.
+By examining the optional address portion on the local side, it can match
+interfaces.
+By examining the remote address, it can match specific allow or deny rules.
+.Pp
+Finally
+.Nm
+can examine the socket credentials to match the user in the configuration file.
+.Pp
+While this works well for TCP sockets, it cannot be relied on for unbound
+UDP sockets.
+It is also less meaningful when it comes to connections using non-privileged
+ports.
+On the other hand, if we receive a request that has a local endpoint indicating
+a UDP privileged port, we can presume that the client was privileged to be
+able to acquire that port.
+.Pp
+Once an entry is matched
+.Nm
+can perform various actions.
+If the action is
+.Dq add
+and the number of tries limit is reached, then a
+control script
+.Ar controlprog
+is invoked with arguments:
+.Bd -literal -offset indent
+control add <rulename> <proto> <address> <mask> <port>
+.Ed
+.Pp
+and should invoke a packet filter command to block the connection
+specified by the arguments.
+The
+.Ar rulename
+argument can be set from the command line (default
+.Dv blocklistd ) .
+The script could print a numerical id to stdout as a handle for
+the rule that can be used later to remove that connection, but
+that is not required as all information to remove the rule is
+kept.
+.Pp
+If the action is
+.Dq rem
+Then the same control script is invoked as:
+.Bd -literal -offset indent
+control rem <rulename> <proto> <address> <mask> <port> <id>
+.Ed
+.Pp
+where
+.Ar id
+is the number returned from the
+.Dq add
+action.
+.Pp
+.Nm
+maintains a database of known connections in
+.Ar dbfile .
+On startup it reads entries from that file, and updates its internal state.
+.Pp
+.Nm
+checks the list of active entries every
+.Ar timeout
+seconds (default
+.Dv 15 )
+and removes entries and block rules using the control program as necessary.
+.Pp
+The following options are available:
+.Bl -tag -width indent
+.It Fl C Ar controlprog
+Use
+.Ar controlprog
+to communicate with the packet filter, instead of the default, which is
+.Pa /usr/libexec/blocklistd-helper .
+The following arguments are passed to the control program:
+.Bl -tag -width protocol
+.It action
+The action to perform:
+.Dv add ,
+.Dv rem ,
+or
+.Dv flush ;
+to add, remove or flush a firewall rule.
+.It name
+The rule name.
+.It protocol
+The optional protocol name (can be empty):
+.Dv tcp ,
+.Dv tcp6 ,
+.Dv udp ,
+.Dv udp6 .
+.It address
+The IPv4 or IPv6 numeric address to be blocked or released.
+.It mask
+The numeric mask to be applied to the blocked or released address
+.It port
+The optional numeric port to be blocked (can be empty).
+.It id
+For packet filters that support removal of rules by rule identifier, the
+identifier of the rule to be removed.
+The add command is expected to return the rule identifier string to stdout.
+.El
+.It Fl c Ar configuration
+The name of the configuration file to read.
+The default when
+.Fl c
+is not given is
+.Pa /etc/blocklistd.conf .
+.It Fl D Ar dbfile
+The Berkeley DB file where
+.Nm
+stores its state.
+It defaults to
+.Pa /var/db/blocklistd.db .
+.It Fl d
+Normally,
+.Nm
+disassociates itself from the terminal unless the
+.Fl d
+flag is specified, in which case it stays in the foreground.
+.It Fl f
+Truncate the state database and flush all the rules named
+.Ar rulename
+are deleted by invoking the control script as:
+.Bd -literal -offset indent
+control flush <rulename>
+.Ed
+.It Fl P Ar sockpathsfile
+A file containing a list of pathnames, one per line that
+.Nm
+will create sockets to listen to.
+This is useful for chrooted environments.
+.It Fl R Ar rulename
+Specify the default rule name for the packet filter rules, usually
+.Dv blocklistd .
+.It Fl r
+Re-read the firewall rules from the internal database, then
+remove and re-add them.
+This helps for packet filters that do not retain state across reboots.
+.It Fl s Ar sockpath
+Add
+.Ar sockpath
+to the list of Unix sockets
+.Nm
+listens to.
+.It Fl t Ar timeout
+The interval in seconds
+.Nm
+polls the state file to update the rules.
+.It Fl v
+Cause
+.Nm
+to print
+diagnostic messages to
+.Dv stdout
+instead of
+.Xr syslogd 8 .
+.El
+.Sh SIGNAL HANDLING
+.Nm
+deals with the following signals:
+.Bl -tag -width "USR2"
+.It Dv HUP
+Receipt of this signal causes
+.Nm
+to re-read the configuration file.
+.It Dv INT , Dv TERM & Dv QUIT
+These signals tell
+.Nm
+to exit in an orderly fashion.
+.It Dv USR1
+This signal tells
+.Nm
+to increase the internal debugging level by 1.
+.It Dv USR2
+This signal tells
+.Nm
+to decrease the internal debugging level by 1.
+.El
+.Sh FILES
+.Bl -tag -width /usr/libexec/blocklistd-helper -compact
+.It Pa /usr/libexec/blocklistd-helper
+Shell script invoked to interface with the packet filter.
+.It Pa /etc/blocklistd.conf
+Configuration file.
+.It Pa /var/db/blocklistd.db
+Database of current connection entries.
+.It Pa /var/run/blocklistd.sock
+Socket to receive connection notifications.
+.El
+.Sh SEE ALSO
+.Xr blocklistd.conf 5 ,
+.Xr blocklistctl 8 ,
+.Xr ipf 8 ,
+.Xr ipfw 8 ,
+.Xr pfctl 8 ,
+.Xr syslogd 8
+.Sh HISTORY
+.Nm
+first appeared in
+.Nx 7 .
+.Fx
+support for
+.Nm
+was implemented in
+.Fx 11 .
+.Sh AUTHORS
+.An Christos Zoulas
diff --git a/contrib/blocklist/bin/blocklistd.c b/contrib/blocklist/bin/blocklistd.c
new file mode 100644
index 000000000000..03a1dbbf056c
--- /dev/null
+++ b/contrib/blocklist/bin/blocklistd.c
@@ -0,0 +1,592 @@
+/*	$NetBSD: blocklistd.c,v 1.10 2025/03/26 17:09:35 christos Exp $	*/
+
+/*-
+ * Copyright (c) 2015 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#ifdef HAVE_SYS_CDEFS_H
+#include <sys/cdefs.h>
+#endif
+__RCSID("$NetBSD: blocklistd.c,v 1.10 2025/03/26 17:09:35 christos Exp $");
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/queue.h>
+
+#ifdef HAVE_LIBUTIL_H
+#include <libutil.h>
+#endif
+#ifdef HAVE_UTIL_H
+#include <util.h>
+#endif
+#include <string.h>
+#include <signal.h>
+#include <netdb.h>
+#include <stdio.h>
+#include <stdbool.h>
+#include <string.h>
+#include <inttypes.h>
+#include <syslog.h>
+#include <ctype.h>
+#include <limits.h>
+#include <errno.h>
+#include <poll.h>
+#include <fcntl.h>
+#include <err.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <time.h>
+#include <ifaddrs.h>
+#include <netinet/in.h>
+
+#include "bl.h"
+#include "internal.h"
+#include "conf.h"
+#include "run.h"
+#include "state.h"
+#include "support.h"
+
+static const char *configfile = _PATH_BLCONF;
+static DB *state;
+static const char *dbfile = _PATH_BLSTATE;
+static sig_atomic_t readconf;
+static sig_atomic_t done;
+static int vflag;
+
+static void
+sigusr1(int n __unused)
+{
+	debug++;
+}
+
+static void
+sigusr2(int n __unused)
+{
+	debug--;
+}
+
+static void
+sighup(int n __unused)
+{
+	readconf++;
+}
+
+static void
+sigdone(int n __unused)
+{
+	done++;
+}
+
+static __dead void
+usage(int c)
+{
+	if (c != '?')
+		warnx("Unknown option `%c'", (char)c);
+	fprintf(stderr, "Usage: %s [-vdfr] [-c <config>] [-R <rulename>] "
+	    "[-P <sockpathsfile>] [-C <controlprog>] [-D <dbfile>] "
+	    "[-s <sockpath>] [-t <timeout>]\n", getprogname());
+	exit(EXIT_FAILURE);
+}
+
+static int
+getremoteaddress(bl_info_t *bi, struct sockaddr_storage *rss, socklen_t *rsl)
+{
+	*rsl = sizeof(*rss);
+	memset(rss, 0, *rsl);
+
+	if (getpeername(bi->bi_fd, (void *)rss, rsl) != -1)
+		return 0;
+
+	if (errno != ENOTCONN) {
+		(*lfun)(LOG_ERR, "getpeername failed (%m)");
+		return -1;
+	}
+
+	if (bi->bi_slen == 0) {
+		(*lfun)(LOG_ERR, "unconnected socket with no peer in message");
+		return -1;
+	}
+
+	switch (bi->bi_ss.ss_family) {
+	case AF_INET:
+		*rsl = sizeof(struct sockaddr_in);
+		break;
+	case AF_INET6:
+		*rsl = sizeof(struct sockaddr_in6);
+		break;
+	default:
+		(*lfun)(LOG_ERR, "bad client passed socket family %u",
+		    (unsigned)bi->bi_ss.ss_family);
+		return -1;
+	}
+
+	if (*rsl != bi->bi_slen) {
+		(*lfun)(LOG_ERR, "bad client passed socket length %u != %u",
+		    (unsigned)*rsl, (unsigned)bi->bi_slen);
+		return -1;
+	}
+
+	memcpy(rss, &bi->bi_ss, *rsl);
+
+#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
+	if (*rsl != rss->ss_len) {
+		(*lfun)(LOG_ERR,
+		    "bad client passed socket internal length %u != %u",
+		    (unsigned)*rsl, (unsigned)rss->ss_len);
+		return -1;
+	}
+#endif
+	return 0;
+}
+
+static void
+process(bl_t bl)
+{
+	struct sockaddr_storage rss;
+	socklen_t rsl;
+	char rbuf[BUFSIZ];
+	bl_info_t *bi;
+	struct conf c;
+	struct dbinfo dbi;
+	struct timespec ts;
+
+	memset(&dbi, 0, sizeof(dbi));
+	memset(&c, 0, sizeof(c));
+	if (clock_gettime(CLOCK_REALTIME, &ts) == -1) {
+		(*lfun)(LOG_ERR, "clock_gettime failed (%m)");
+		return;
+	}
+
+	if ((bi = bl_recv(bl)) == NULL) {
+		(*lfun)(LOG_ERR, "no message (%m)");
+		return;
+	}
+
+	if (getremoteaddress(bi, &rss, &rsl) == -1)
+		goto out;
+
+	if (debug || bi->bi_msg[0]) {
+		sockaddr_snprintf(rbuf, sizeof(rbuf), "%a:%p", (void *)&rss);
+		(*lfun)(bi->bi_msg[0] ? LOG_INFO : LOG_DEBUG,
+		    "processing type=%d fd=%d remote=%s msg=%s uid=%lu gid=%lu",
+		    bi->bi_type, bi->bi_fd, rbuf,
+		    bi->bi_msg, (unsigned long)bi->bi_uid,
+		    (unsigned long)bi->bi_gid);
+	}
+
+	if (conf_find(bi->bi_fd, bi->bi_uid, &rss, &c) == NULL) {
+		(*lfun)(LOG_DEBUG, "no rule matched");
+		goto out;
+	}
+
+
+	if (state_get(state, &c, &dbi) == -1)
+		goto out;
+
+	if (debug) {
+		char b1[128], b2[128];
+		(*lfun)(LOG_DEBUG, "%s: initial db state for %s: count=%d/%d "
+		    "last=%s now=%s", __func__, rbuf, dbi.count, c.c_nfail,
+		    fmttime(b1, sizeof(b1), dbi.last),
+		    fmttime(b2, sizeof(b2), ts.tv_sec));
+	}
+
+	switch (bi->bi_type) {
+	case BL_ABUSE:
+		/*
+		 * If the application has signaled abusive behavior,
+		 * set the number of fails to be one less than the
+		 * configured limit.  Fallthrough to the normal BL_ADD
+		 * processing, which will increment the failure count
+		 * to the threshhold, and block the abusive address.
+		 */
+		if (c.c_nfail != -1)
+			dbi.count = c.c_nfail - 1;
+		/*FALLTHROUGH*/
+	case BL_ADD:
+		dbi.count++;
+		dbi.last = ts.tv_sec;
+		if (c.c_nfail != -1 && dbi.count >= c.c_nfail) {
+			/*
+			 * No point in re-adding the rule.
+			 * It might exist already due to latency in processing
+			 * and removing the rule is the wrong thing to do as
+			 * it allows a window to attack again.
+			 */
+			if (dbi.id[0] == '\0') {
+				int res = run_change("add", &c,
+				    dbi.id, sizeof(dbi.id));
+				if (res == -1)
+					goto out;
+			}
+			sockaddr_snprintf(rbuf, sizeof(rbuf), "%a",
+			    (void *)&rss);
+			(*lfun)(LOG_INFO,
+			    "blocked %s/%d:%d for %d seconds",
+			    rbuf, c.c_lmask, c.c_port, c.c_duration);
+		}
+		break;
+	case BL_DELETE:
+		if (dbi.last == 0)
+			goto out;
+		dbi.count = 0;
+		dbi.last = 0;
+		break;
+	case BL_BADUSER:
+		/* ignore for now */
+		break;
+	default:
+		(*lfun)(LOG_ERR, "unknown message %d", bi->bi_type);
+	}
+	state_put(state, &c, &dbi);
+
+out:
+	close(bi->bi_fd);
+
+	if (debug) {
+		char b1[128], b2[128];
+		(*lfun)(LOG_DEBUG, "%s: final db state for %s: count=%d/%d "
+		    "last=%s now=%s", __func__, rbuf, dbi.count, c.c_nfail,
+		    fmttime(b1, sizeof(b1), dbi.last),
+		    fmttime(b2, sizeof(b2), ts.tv_sec));
+	}
+}
+
+static void
+update_interfaces(void)
+{
+	struct ifaddrs *oifas, *nifas;
+
+	if (getifaddrs(&nifas) == -1)
+		return;
+
+	oifas = ifas;
+	ifas = nifas;
+
+	if (oifas)
+		freeifaddrs(oifas);
+}
+
+static void
+update(void)
+{
+	struct timespec ts;
+	struct conf c;
+	struct dbinfo dbi;
+	unsigned int f, n;
+	char buf[128];
+	void *ss = &c.c_ss;
+
+	if (clock_gettime(CLOCK_REALTIME, &ts) == -1) {
+		(*lfun)(LOG_ERR, "clock_gettime failed (%m)");
+		return;
+	}
+
+again:
+	for (n = 0, f = 1; state_iterate(state, &c, &dbi, f) == 1;
+	    f = 0, n++)
+	{
+		time_t when = c.c_duration + dbi.last;
+		if (debug > 1) {
+			char b1[64], b2[64];
+			sockaddr_snprintf(buf, sizeof(buf), "%a:%p", ss);
+			(*lfun)(LOG_DEBUG, "%s:[%u] %s count=%d duration=%d "
+			    "last=%s " "now=%s", __func__, n, buf, dbi.count,
+			    c.c_duration, fmttime(b1, sizeof(b1), dbi.last),
+			    fmttime(b2, sizeof(b2), ts.tv_sec));
+		}
+		if (c.c_duration == -1 || when >= ts.tv_sec)
+			continue;
+		if (dbi.id[0]) {
+			run_change("rem", &c, dbi.id, 0);
+			sockaddr_snprintf(buf, sizeof(buf), "%a", ss);
+			(*lfun)(LOG_INFO, "released %s/%d:%d after %d seconds",
+			    buf, c.c_lmask, c.c_port, c.c_duration);
+		}
+		state_del(state, &c);
+		goto again;
+	}
+}
+
+static void
+addfd(struct pollfd **pfdp, bl_t **blp, size_t *nfd, size_t *maxfd,
+    const char *path)
+{
+	bl_t bl = bl_create(true, path, vflag ? vdlog : vsyslog_r);
+	if (bl == NULL || !bl_isconnected(bl))
+		exit(EXIT_FAILURE);
+	if (*nfd >= *maxfd) {
+		*maxfd += 10;
+		*blp = realloc(*blp, sizeof(**blp) * *maxfd);
+		if (*blp == NULL)
+			err(EXIT_FAILURE, "malloc");
+		*pfdp = realloc(*pfdp, sizeof(**pfdp) * *maxfd);
+		if (*pfdp == NULL)
+			err(EXIT_FAILURE, "malloc");
+	}
+
+	(*pfdp)[*nfd].fd = bl_getfd(bl);
+	(*pfdp)[*nfd].events = POLLIN;
+	(*blp)[*nfd] = bl;
+	*nfd += 1;
+}
+
+static void
+uniqueadd(struct conf ***listp, size_t *nlist, size_t *mlist, struct conf *c)
+{
+	struct conf **list = *listp;
+
+	if (c->c_name[0] == '\0')
+		return;
+	for (size_t i = 0; i < *nlist; i++) {
+		if (strcmp(list[i]->c_name, c->c_name) == 0)
+			return;
+	}
+	if (*nlist == *mlist) {
+		*mlist += 10;
+		void *p = realloc(*listp, *mlist * sizeof(*list));
+		if (p == NULL)
+			err(EXIT_FAILURE, "Can't allocate for rule list");
+		list = *listp = p;
+	}
+	list[(*nlist)++] = c;
+}
+
+static void
+rules_flush(void)
+{
+	struct conf **list;
+	size_t nlist, mlist;
+
+	list = NULL;
+	mlist = nlist = 0;
+	for (size_t i = 0; i < rconf.cs_n; i++)
+		uniqueadd(&list, &nlist, &mlist, &rconf.cs_c[i]);
+	for (size_t i = 0; i < lconf.cs_n; i++)
+		uniqueadd(&list, &nlist, &mlist, &lconf.cs_c[i]);
+
+	for (size_t i = 0; i < nlist; i++)
+		run_flush(list[i]);
+	free(list);
+}
+
+static void
+rules_restore(void)
+{
+	DB *db;
+	struct conf c;
+	struct dbinfo dbi;
+	unsigned int f;
+
+	db = state_open(dbfile, O_RDONLY, 0);
+	if (db == NULL) {
+		(*lfun)(LOG_ERR, "Can't open `%s' to restore state (%m)",
+			dbfile);
+		return;
+	}
+	for (f = 1; state_iterate(db, &c, &dbi, f) == 1; f = 0) {
+		if (dbi.id[0] == '\0')
+			continue;
+		(void)run_change("add", &c, dbi.id, sizeof(dbi.id));
+		state_put(state, &c, &dbi);
+	}
+	state_close(db);
+	state_sync(state);
+}
+
+int
+main(int argc, char *argv[])
+{
+	int c, tout, flags, flush, restore, ret;
+	const char *spath, **blsock;
+	size_t nblsock, maxblsock;
+
+	setprogname(argv[0]);
+
+	spath = NULL;
+	blsock = NULL;
+	maxblsock = nblsock = 0;
+	flush = 0;
+	restore = 0;
+	tout = 0;
+	flags = O_RDWR|O_EXCL|O_CLOEXEC;
+	while ((c = getopt(argc, argv, "C:c:D:dfP:rR:s:t:v")) != -1) {
+		switch (c) {
+		case 'C':
+			controlprog = optarg;
+			break;
+		case 'c':
+			configfile = optarg;
+			break;
+		case 'D':
+			dbfile = optarg;
+			break;
+		case 'd':
+			debug++;
+			break;
+		case 'f':
+			flush++;
+			break;
+		case 'P':
+			spath = optarg;
+			break;
+		case 'R':
+			rulename = optarg;
+			break;
+		case 'r':
+			restore++;
+			break;
+		case 's':
+			if (nblsock >= maxblsock) {
+				maxblsock += 10;
+				void *p = realloc(blsock,
+				    sizeof(*blsock) * maxblsock);
+				if (p == NULL)
+				    err(EXIT_FAILURE,
+					"Can't allocate memory for %zu sockets",
+					maxblsock);
+				blsock = p;
+			}
+			blsock[nblsock++] = optarg;
+			break;
+		case 't':
+			tout = atoi(optarg) * 1000;
+			break;
+		case 'v':
+			vflag++;
+			break;
+		default:
+			usage(c);
+		}
+	}
+
+	argc -= optind;
+	if (argc)
+		usage('?');
+
+	signal(SIGHUP, sighup);
+	signal(SIGINT, sigdone);
+	signal(SIGQUIT, sigdone);
+	signal(SIGTERM, sigdone);
+	signal(SIGUSR1, sigusr1);
+	signal(SIGUSR2, sigusr2);
+
+	openlog(getprogname(), LOG_PID, LOG_DAEMON);
+
+	if (debug) {
+		lfun = dlog;
+		if (tout == 0)
+			tout = 5000;
+	} else {
+		if (tout == 0)
+			tout = 15000;
+	}
+
+	update_interfaces();
+	conf_parse(configfile);
+	if (flush) {
+		rules_flush();
+		if (!restore)
+			flags |= O_TRUNC;
+	}
+
+	struct pollfd *pfd = NULL;
+	bl_t *bl = NULL;
+	size_t nfd = 0;
+	size_t maxfd = 0;
+
+	for (size_t i = 0; i < nblsock; i++)
+		addfd(&pfd, &bl, &nfd, &maxfd, blsock[i]);
+	free(blsock);
+
+	if (spath) {
+		FILE *fp = fopen(spath, "r");
+		char *line;
+		if (fp == NULL)
+			err(EXIT_FAILURE, "Can't open `%s'", spath);
+		for (; (line = fparseln(fp, NULL, NULL, NULL, 0)) != NULL;
+		    free(line))
+			addfd(&pfd, &bl, &nfd, &maxfd, line);
+		fclose(fp);
+	}
+	if (nfd == 0)
+		addfd(&pfd, &bl, &nfd, &maxfd, _PATH_BLSOCK);
+
+	state = state_open(dbfile, flags, 0600);
+	if (state == NULL)
+		state = state_open(dbfile,  flags | O_CREAT, 0600);
+	if (state == NULL)
+		return EXIT_FAILURE;
+
+	if (restore) {
+		if (!flush)
+			rules_flush();
+		rules_restore();
+	}
+
+	if (!debug) {
+		if (daemon(0, 0) == -1)
+			err(EXIT_FAILURE, "daemon failed");
+		if (pidfile(NULL) == -1)
+			err(EXIT_FAILURE, "Can't create pidfile");
+	}
+
+	for (size_t t = 0; !done; t++) {
+		if (readconf) {
+			readconf = 0;
+			conf_parse(configfile);
+		}
+		ret = poll(pfd, (nfds_t)nfd, tout);
+		if (debug)
+			(*lfun)(LOG_DEBUG, "received %d from poll()", ret);
+		switch (ret) {
+		case -1:
+			if (errno == EINTR)
+				continue;
+			(*lfun)(LOG_ERR, "poll (%m)");
+			return EXIT_FAILURE;
+		case 0:
+			state_sync(state);
+			break;
+		default:
+			for (size_t i = 0; i < nfd; i++)
+				if (pfd[i].revents & POLLIN)
+					process(bl[i]);
+		}
+		if (t % 100 == 0)
+			state_sync(state);
+		if (t % 10000 == 0)
+			update_interfaces();
+		update();
+	}
+	state_close(state);
+	return 0;
+}
diff --git a/contrib/blocklist/bin/blocklistd.conf.5 b/contrib/blocklist/bin/blocklistd.conf.5
new file mode 100644
index 000000000000..3a7dbfc07f58
--- /dev/null
+++ b/contrib/blocklist/bin/blocklistd.conf.5
@@ -0,0 +1,237 @@
+.\" $NetBSD: blocklistd.conf.5,v 1.7 2025/02/11 17:47:05 christos Exp $
+.\"
+.\" Copyright (c) 2015, 2025 The NetBSD Foundation, Inc.
+.\" All rights reserved.
+.\"
+.\" This code is derived from software contributed to The NetBSD Foundation
+.\" by Christos Zoulas.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+.\" POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd February 5, 2025
+.Dt BLOCKLISTD.CONF 5
+.Os
+.Sh NAME
+.Nm blocklistd.conf
+.Nd configuration file format for blocklistd
+.Sh DESCRIPTION
+The
+.Nm
+file contains configuration entries for
+.Xr blocklistd 8
+in a fashion similar to
+.Xr inetd.conf 5 .
+Only one entry per line is permitted.
+Every entry must have all fields populated.
+Each field can be separated by a tab or a space.
+Comments are denoted by a
+.Dq #
+at the beginning of a line.
+.Pp
+There are two kinds of configuration lines,
+.Va [local]
+and
+.Va [remote] .
+By default, configuration lines are
+.Va [local] ,
+i.e. the address specified refers to the addresses on the local machine.
+To switch to between
+.Va [local]
+and
+.Va [remote]
+configuration lines you can specify the stanzas:
+.Dq [local]
+and
+.Dq [remote] .
+.Pp
+On
+.Va [local]
+and
+.Va [remote]
+lines
+.Dq *
+means use the default, or wildcard match.
+In addition, for
+.Va [remote]
+lines
+.Dq =
+means use the values from the matched
+.Va [local]
+configuration line.
+.Pp
+The first four fields,
+.Va location ,
+.Va type ,
+.Va proto ,
+and
+.Va owner
+are used to match the
+.Va [local]
+or
+.Va [remote]
+addresses, whereas the last 3 fields
+.Va name ,
+.Va nfail ,
+and
+.Va disable
+are used to modify the filtering action.
+.Pp
+The first field denotes the
+.Va location
+as an address, mask, and port.
+The syntax for the
+.Va location
+is:
+.Bd -literal -offset indent
+	[<address>|<interface>][/<mask>][:<port>]
+.Ed
+.Pp
+The
+.Dv address
+can be an IPv4 address in numeric format, an IPv6 address
+in numeric format and enclosed by square brackets, or an interface name.
+Mask modifiers are not allowed on interfaces because interfaces
+can have multiple addresses in different protocols where the mask has a
+different size.
+.Pp
+The
+.Dv mask
+is always numeric, but the
+.Dv port
+can be either numeric or symbolic.
+.Pp
+The second field is the socket
+.Va type :
+.Dv stream ,
+.Dv dgram ,
+or numeric.
+The third field is the
+.Va protocol :
+.Dv tcp ,
+.Dv udp ,
+.Dv tcp6 ,
+.Dv udp6 ,
+or numeric.
+The fourth field is the effective user
+.Va ( owner )
+of the daemon process reporting the event,
+either as a username or a userid.
+.Pp
+The rest of the fields control the behavior of the filter.
+.Pp
+The
+.Va name
+field, is the name of the packet filter rule to be used.
+If the
+.Va name
+starts with a hyphen
+.Pq Dq - ,
+then the default rulename is prepended to the given name.
+If the
+.Dv name
+contains a
+.Dq / ,
+the remaining portion of the name is interpreted as the mask to be
+applied to the address specified in the rule, causing a single rule violation to
+block the entire subnet for the configured prefix.
+.Pp
+The
+.Va nfail
+field contains the number of failed attempts before access is blocked,
+defaulting to
+.Dq *
+meaning never, and the last field
+.Va duration
+specifies the amount of time since the last access that the blocking
+rule should be active, defaulting to
+.Dq *
+meaning forever.
+The default unit for
+.Va duration
+is seconds, but one can specify suffixes for different units, such as
+.Dq m
+for minutes
+.Dq h
+for hours and
+.Dq d
+for days.
+.Pp
+Matching is done first by checking the
+.Va [local]
+rules individually, in the order of the most specific to the least specific.
+If a match is found, then the matching
+.Va [remote]
+rules are applied.
+The
+.Va name ,
+.Va nfail ,
+and
+.Va duration
+fields can be altered by the
+.Va [remote]
+rule that matched.
+.Pp
+The
+.Va [remote]
+rules can be used for allowing specific addresses, changing the mask
+size (via
+.Va name ) ,
+the rule that the packet filter uses (also via
+.Va name ) ,
+the number of failed attempts (via
+.Va nfail ) ,
+or the duration to block (via
+.Va duration ) .
+.Sh FILES
+.Bl -tag -width /etc/blocklistd.conf -compact
+.It Pa /etc/blocklistd.conf
+Configuration file.
+.El
+.Sh EXAMPLES
+.Bd -literal -offset 8n
+# Block ssh, after 3 attempts for 6 hours on the bnx0 interface
+[local]
+# location	type	proto	owner	name	nfail	duration
+bnx0:ssh	*	*	*	*	3	6h
+[remote]
+# Never block 1.2.3.4
+1.2.3.4:ssh	*	*	*	*	*	*
+# Never block the example IPv6 subnet either
+[2001:db8::]/32:ssh	*	*	*	*	*	*
+# For addresses coming from 8.8.0.0/16 block whole /24 networks instead
+# individual hosts, but keep the rest of the blocking parameters the same.
+8.8.0.0/16:ssh	*	*	*	/24	=	=
+.Ed
+.Sh SEE ALSO
+.Xr blocklistctl 8 ,
+.Xr blocklistd 8
+.Sh HISTORY
+.Nm
+first appeared in
+.Nx 7 .
+.Fx
+support for
+.Nm
+was implemented in
+.Fx 11 .
+.Sh AUTHORS
+.An Christos Zoulas
diff --git a/contrib/blocklist/bin/conf.c b/contrib/blocklist/bin/conf.c
index 8f7e75a56be1..f469e28235cd 100644
--- a/contrib/blocklist/bin/conf.c
+++ b/contrib/blocklist/bin/conf.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: conf.c,v 1.24 2016/04/04 15:52:56 christos Exp $	*/
+/*	$NetBSD: conf.c,v 1.10 2025/02/11 17:48:30 christos Exp $	*/
 
 /*-
  * Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -32,8 +32,10 @@
 #include "config.h"
 #endif
 
+#ifdef HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: conf.c,v 1.24 2016/04/04 15:52:56 christos Exp $");
+#endif
+__RCSID("$NetBSD: conf.c,v 1.10 2025/02/11 17:48:30 christos Exp $");
 
 #include <stdio.h>
 #ifdef HAVE_LIBUTIL_H
@@ -58,6 +60,7 @@ __RCSID("$NetBSD: conf.c,v 1.24 2016/04/04 15:52:56 christos Exp $");
 #include <net/if.h>
 #include <net/route.h>
 #include <sys/socket.h>
+#include <dirent.h>
 
 #include "bl.h"
 #include "internal.h"
@@ -261,7 +264,7 @@ conf_gethostport(const char *f, size_t l, bool local, struct conf *c,
 		if (debug)
 			(*lfun)(LOG_DEBUG, "%s: host6 %s", __func__, p);
 		if (strcmp(p, "*") != 0) {
-			if (inet_pton(AF_INET6, p, &sin6->sin6_addr) == -1)
+			if (inet_pton(AF_INET6, p, &sin6->sin6_addr) != 1)
 				goto out;
 			sin6->sin6_family = AF_INET6;
 #ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
@@ -269,6 +272,8 @@ conf_gethostport(const char *f, size_t l, bool local, struct conf *c,
 #endif
 			port = &sin6->sin6_port;
 		}
+		if (!*pstr)
+			pstr = "*";
 	} else if (pstr != p || strchr(p, '.') || conf_is_interface(p)) {
 		if (pstr == p)
 			pstr = "*";
@@ -311,7 +316,7 @@ conf_gethostport(const char *f, size_t l, bool local, struct conf *c,
 		*port = htons((in_port_t)c->c_port);
 	return 0;
 out:
-	(*lfun)(LOG_ERR, "%s: %s, %zu: Bad address [%s]", __func__, f, l, pstr);
+	(*lfun)(LOG_ERR, "%s: %s, %zu: Bad address [%s]", __func__, f, l, p);
 	return -1;
 out1:
 	(*lfun)(LOG_ERR, "%s: %s, %zu: Can't specify mask %d with "
@@ -407,6 +412,8 @@ conf_parseline(const char *f, size_t l, char *p, struct conf *c, bool local)
 {
 	int e;
 
+	c->c_lineno = l;
+
 	while (*p && isspace((unsigned char)*p))
 		p++;
 
@@ -471,7 +478,6 @@ conf_amask_eq(const void *v1, const void *v2, size_t len, int mask)
 	uint32_t m;
 	int omask = mask;
 
-	len >>= 2;
 	switch (mask) {
 	case FSTAR:
 		if (memcmp(v1, v2, len) == 0)
@@ -485,7 +491,7 @@ conf_amask_eq(const void *v1, const void *v2, size_t len, int mask)
 		break;
 	}
 
-	for (size_t i = 0; i < len; i++) {
+	for (size_t i = 0; i < (len >> 2); i++) {
 		if (mask > 32) {
 			m = htonl((uint32_t)~0);
 			mask -= 32;
@@ -501,7 +507,6 @@ conf_amask_eq(const void *v1, const void *v2, size_t len, int mask)
 out:
 	if (debug > 1) {
 		char b1[256], b2[256];
-		len <<= 2;
 		blhexdump(b1, sizeof(b1), "a1", v1, len);
 		blhexdump(b2, sizeof(b2), "a2", v2, len);
 		(*lfun)(LOG_DEBUG, "%s: %s != %s [0x%x]", __func__,
@@ -691,6 +696,25 @@ conf_addr_eq(const struct sockaddr_storage *s1,
 static int
 conf_eq(const struct conf *c1, const struct conf *c2)
 {
+	if (!conf_addr_eq(&c1->c_ss, &c2->c_ss, FSTAR))
+		return 0;
+
+#define	CMP(a, b, f) \
+	if ((a)->f != (b)->f) \
+		return 0;
+
+	CMP(c1, c2, c_port);
+	CMP(c1, c2, c_proto);
+	CMP(c1, c2, c_family);
+	CMP(c1, c2, c_uid);
+#undef CMP
+
+	return 1;
+}
+
+static int
+conf_match(const struct conf *c1, const struct conf *c2)
+{
 
 	if (!conf_addr_eq(&c1->c_ss, &c2->c_ss, c2->c_lmask))
 		return 0;
@@ -953,13 +977,54 @@ confset_free(struct confset *cs)
 }
 
 static void
-confset_replace(struct confset *dc, struct confset *sc)
+confset_merge(struct confset *dc, struct confset *sc)
 {
-	struct confset tc;
-	tc = *dc;
-	*dc = *sc;
-	confset_init(sc);
-	confset_free(&tc);
+	size_t i, j;
+	char buf[BUFSIZ];
+
+	/* Check each rule of the src confset (sc) */
+	for (i = 0; i < sc->cs_n; i++) {
+		/* Compare to each rule in the dest confset (dc) */
+		for (j = 0; j < dc->cs_n; j++) {
+			if (conf_eq(&dc->cs_c[j], &sc->cs_c[i])) {
+				break;
+			}
+		}
+
+		if (j == dc->cs_n) {
+			/* This is a new rule to add to the dest confset. */
+			if (confset_full(dc) && confset_grow(dc) == -1)
+				return;
+
+			*confset_get(dc) = sc->cs_c[i];
+			confset_add(dc);
+			continue;
+		}
+
+		/* We had a match above. */
+		/*
+		 * Check whether the rule from the src confset is more
+		 * restrictive than the existing one. Adjust the
+		 * existing rule if necessary.
+		 */
+		if (sc->cs_c[i].c_nfail == dc->cs_c[j].c_nfail &&
+		    sc->cs_c[i].c_duration && dc->cs_c[j].c_duration) {
+			(*lfun)(LOG_DEBUG, "skipping existing rule: %s",
+			conf_print(buf, sizeof (buf), "", "\t", &sc->cs_c[i]));
+			continue;
+		}
+
+		if (sc->cs_c[i].c_nfail < dc->cs_c[j].c_nfail)
+			dc->cs_c[j].c_nfail = sc->cs_c[i].c_nfail;
+
+		if (sc->cs_c[i].c_duration > dc->cs_c[j].c_duration)
+			dc->cs_c[j].c_duration = sc->cs_c[i].c_duration;
+
+		(*lfun)(LOG_DEBUG, "adjusted existing rule: %s",
+		    conf_print(buf, sizeof (buf), "", "\t", &dc->cs_c[j]));
+	}
+
+	confset_free(sc);
 }
 
 static void
@@ -990,7 +1055,7 @@ confset_match(const struct confset *cs, struct conf *c,
 		if (debug)
 			(*lfun)(LOG_DEBUG, "%s", conf_print(buf, sizeof(buf),
 			    "check:\t", "", &cs->cs_c[i]));
-		if (conf_eq(c, &cs->cs_c[i])) {
+		if (conf_match(c, &cs->cs_c[i])) {
 			if (debug)
 				(*lfun)(LOG_DEBUG, "%s",
 				    conf_print(buf, sizeof(buf),
@@ -1160,21 +1225,14 @@ conf_find(int fd, uid_t uid, const struct sockaddr_storage *rss,
 	return cr;
 }
 
-
-void
-conf_parse(const char *f)
+static void
+conf_parsefile(FILE *fp, const char *config_file)
 {
-	FILE *fp;
 	char *line;
 	size_t lineno, len;
 	struct confset lc, rc, *cs;
 
-	if ((fp = fopen(f, "r")) == NULL) {
-		(*lfun)(LOG_ERR, "%s: Cannot open `%s' (%m)", __func__, f);
-		return;
-	}
-
-	lineno = 1;
+	lineno = 0;
 
 	confset_init(&rc);
 	confset_init(&lc);
@@ -1197,23 +1255,103 @@ conf_parse(const char *f)
 			if (confset_grow(cs) == -1) {
 				confset_free(&lc);
 				confset_free(&rc);
-				fclose(fp);
 				free(line);
 				return;
 			}
 		}
-		if (conf_parseline(f, lineno, line, confset_get(cs),
+		if (conf_parseline(config_file, lineno, line, confset_get(cs),
 		    cs == &lc) == -1)
 			continue;
 		confset_add(cs);
 	}
 
-	fclose(fp);
-	confset_sort(&lc);
-	confset_sort(&rc);
+	confset_merge(&rconf, &rc);
+	confset_merge(&lconf, &lc);
+}
+
+
+static void
+conf_parsedir(DIR *dir, const char *config_path)
+{
+	long path_max;
+	struct dirent *dent;
+	char *path;
+	FILE *fp;
+
+	if ((path_max = pathconf(config_path, _PC_PATH_MAX)) == -1)
+		path_max = 2048;
+
+	if ((path = malloc((size_t)path_max)) == NULL) {
+		(*lfun)(LOG_ERR, "%s: Failed to allocate memory for path (%m)",
+		    __func__);
+		return;
+	}
+
+	while ((dent = readdir(dir)) != NULL) {
+		if (strcmp(dent->d_name, ".") == 0 ||
+		    strcmp(dent->d_name, "..") == 0)
+			continue;
+
+		(void) snprintf(path, (size_t)path_max, "%s/%s", config_path,
+		    dent->d_name);
+		if ((fp = fopen(path, "r")) == NULL) {
+			(*lfun)(LOG_ERR, "%s: Cannot open `%s' (%m)", __func__,
+			    path);
+			continue;
+		}
+		conf_parsefile(fp, path);
+		fclose(fp);
+	}
+
+	free(path);
+}
+
+void
+conf_parse(const char *config_path)
+{
+	char *path;
+	DIR *dir;
+	FILE *fp;
+
+	if ((dir = opendir(config_path)) != NULL) {
+		/*
+		 * If config_path is a directory, parse the configuration files
+		 * in the directory. Then we're done here.
+		 */
+		conf_parsedir(dir, config_path);
+		closedir(dir);
+		goto out;
+	} else if ((fp = fopen(config_path, "r")) != NULL) {
+		/* If config_path is a file, parse it. */
+		conf_parsefile(fp, config_path);
+		fclose(fp);
+	}
+
+	/*
+	 * Append ".d" to config_path, and if that is a directory, parse the
+	 * configuration files in the directory.
+	 */
+	if (asprintf(&path, "%s.d", config_path) < 0) {
+		(*lfun)(LOG_ERR, "%s: Failed to allocate memory for path (%m)",
+		    __func__);
+		goto out;
+	}
+
+	if ((dir = opendir(path)) != NULL) {
+		conf_parsedir(dir, path);
+		closedir(dir);
+	}
+	free(path);
+
+out:
+	if (dir == NULL && fp == NULL) {
+		(*lfun)(LOG_ERR, "%s: Cannot open `%s' (%m)", __func__,
+		    config_path);
+		return;
+	}
 
-	confset_replace(&rconf, &rc);
-	confset_replace(&lconf, &lc);
+	confset_sort(&lconf);
+	confset_sort(&rconf);
 
 	if (debug) {
 		confset_list(&lconf, "local", "target");
diff --git a/contrib/blocklist/bin/conf.h b/contrib/blocklist/bin/conf.h
index 03f1942e3e32..8e4cd3a41fae 100644
--- a/contrib/blocklist/bin/conf.h
+++ b/contrib/blocklist/bin/conf.h
@@ -1,4 +1,4 @@
-/*	$NetBSD: conf.h,v 1.6 2015/01/27 19:40:36 christos Exp $	*/
+/*	$NetBSD: conf.h,v 1.2 2025/02/05 20:09:33 christos Exp $	*/
 
 /*-
  * Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -34,6 +34,7 @@
 #include <sys/socket.h>
 
 struct conf {
+	size_t			c_lineno;
 	struct sockaddr_storage	c_ss;
 	int			c_lmask;
 	int			c_port;
diff --git a/contrib/blocklist/bin/internal.c b/contrib/blocklist/bin/internal.c
index 5c039e4dc5d2..625de55928d8 100644
--- a/contrib/blocklist/bin/internal.c
+++ b/contrib/blocklist/bin/internal.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: internal.c,v 1.5 2015/01/27 19:40:37 christos Exp $	*/
+/*	$NetBSD: internal.c,v 1.2 2025/02/11 17:48:30 christos Exp $	*/
 
 /*-
  * Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -32,8 +32,10 @@
 #include "config.h"
 #endif
 
+#ifdef HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: internal.c,v 1.5 2015/01/27 19:40:37 christos Exp $");
+#endif
+__RCSID("$NetBSD: internal.c,v 1.2 2025/02/11 17:48:30 christos Exp $");
 
 #include <stdio.h>
 #include <syslog.h>
@@ -41,7 +43,7 @@ __RCSID("$NetBSD: internal.c,v 1.5 2015/01/27 19:40:37 christos Exp $");
 #include "internal.h"
 
 int debug;
-const char *rulename = "blacklistd";
+const char *rulename = "blocklistd";
 const char *controlprog = _PATH_BLCONTROL;
 struct confset lconf, rconf;
 struct ifaddrs *ifas;
diff --git a/contrib/blocklist/bin/internal.h b/contrib/blocklist/bin/internal.h
index 5a40e49fbbd5..553320e7afd5 100644
--- a/contrib/blocklist/bin/internal.h
+++ b/contrib/blocklist/bin/internal.h
@@ -1,4 +1,4 @@
-/*	$NetBSD: internal.h,v 1.14 2016/04/04 15:52:56 christos Exp $	*/
+/*	$NetBSD: internal.h,v 1.1.1.1 2020/06/15 01:52:53 christos Exp $	*/
 
 /*-
  * Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -32,13 +32,13 @@
 #define _INTERNAL_H
 
 #ifndef _PATH_BLCONF
-#define	_PATH_BLCONF	"/etc/blacklistd.conf"
+#define	_PATH_BLCONF	"/etc/blocklistd.conf"
 #endif
 #ifndef _PATH_BLCONTROL
-#define	_PATH_BLCONTROL	"/libexec/blacklistd-helper"
+#define	_PATH_BLCONTROL	"/usr/libexec/blocklistd-helper"
 #endif
 #ifndef _PATH_BLSTATE
-#define	_PATH_BLSTATE	"/var/db/blacklistd.db"
+#define	_PATH_BLSTATE	"/var/db/blocklistd.db"
 #endif
 
 extern struct confset rconf, lconf;
diff --git a/contrib/blocklist/bin/old_internal.c b/contrib/blocklist/bin/old_internal.c
new file mode 100644
index 000000000000..79093cc8b8ab
--- /dev/null
+++ b/contrib/blocklist/bin/old_internal.c
@@ -0,0 +1,50 @@
+/*	$NetBSD: internal.c,v 1.2 2025/02/11 17:48:30 christos Exp $	*/
+
+/*-
+ * Copyright (c) 2015 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#ifdef HAVE_SYS_CDEFS_H
+#include <sys/cdefs.h>
+#endif
+__RCSID("$NetBSD: internal.c,v 1.2 2025/02/11 17:48:30 christos Exp $");
+
+#include <stdio.h>
+#include <syslog.h>
+#include "conf.h"
+#include "old_internal.h"
+
+int debug;
+const char *rulename = "blacklistd";
+const char *controlprog = _PATH_BLCONTROL;
+struct confset lconf, rconf;
+struct ifaddrs *ifas;
+void (*lfun)(int, const char *, ...) = syslog;
diff --git a/contrib/blocklist/bin/old_internal.h b/contrib/blocklist/bin/old_internal.h
new file mode 100644
index 000000000000..becee563e81d
--- /dev/null
+++ b/contrib/blocklist/bin/old_internal.h
@@ -0,0 +1,58 @@
+/*	$NetBSD: internal.h,v 1.1.1.1 2020/06/15 01:52:53 christos Exp $	*/
+
+/*-
+ * Copyright (c) 2015 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#ifndef _OLD_INTERNAL_H
+#define _OLD_INTERNAL_H
+
+#ifndef _PATH_BLCONF
+#define	_PATH_BLCONF	"/etc/blacklistd.conf"
+#endif
+#ifndef _PATH_BLCONTROL
+#define	_PATH_BLCONTROL	"/usr/libexec/blacklistd-helper"
+#endif
+#ifndef _PATH_BLSTATE
+/* We want the new name, the old one would be incompatible after 24932b6 */
+#define	_PATH_BLSTATE	"/var/db/blocklistd.db"
+#endif
+
+extern struct confset rconf, lconf;
+extern int debug;
+extern const char *rulename;
+extern const char *controlprog;
+extern struct ifaddrs *ifas;
+
+#if !defined(__syslog_attribute__) && !defined(__syslog__)
+#define __syslog__ __printf__
+#endif
+
+extern void (*lfun)(int, const char *, ...)
+    __attribute__((__format__(__syslog__, 2, 3)));
+
+#endif /* _OLD_INTERNAL_H */
diff --git a/contrib/blocklist/bin/run.c b/contrib/blocklist/bin/run.c
index 5588f0198c04..adcc407e65c6 100644
--- a/contrib/blocklist/bin/run.c
+++ b/contrib/blocklist/bin/run.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: run.c,v 1.14 2016/04/04 15:52:56 christos Exp $	*/
+/*	$NetBSD: run.c,v 1.3 2025/02/11 17:48:30 christos Exp $	*/
 
 /*-
  * Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -32,8 +32,10 @@
 #include "config.h"
 #endif
 
+#ifdef HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: run.c,v 1.14 2016/04/04 15:52:56 christos Exp $");
+#endif
+__RCSID("$NetBSD: run.c,v 1.3 2025/02/11 17:48:30 christos Exp $");
 
 #include <stdio.h>
 #ifdef HAVE_LIBUTIL_H
@@ -131,7 +133,8 @@ run_change(const char *how, const struct conf *c, char *id, size_t len)
 		prname = "udp";
 		break;
 	default:
-		(*lfun)(LOG_ERR, "%s: bad protocol %d", __func__, c->c_proto);
+		(*lfun)(LOG_ERR, "%s: bad protocol %d (line %zu)", __func__,
+		     c->c_proto, c->c_lineno);
 		return -1;
 	}
 
diff --git a/contrib/blocklist/bin/run.h b/contrib/blocklist/bin/run.h
index bafc3e554690..da21906e0db6 100644
--- a/contrib/blocklist/bin/run.h
+++ b/contrib/blocklist/bin/run.h
@@ -1,4 +1,4 @@
-/*	$NetBSD: run.h,v 1.5 2015/01/27 19:40:37 christos Exp $	*/
+/*	$NetBSD: run.h,v 1.1.1.1 2020/06/15 01:52:53 christos Exp $	*/
 
 /*-
  * Copyright (c) 2015 The NetBSD Foundation, Inc.
diff --git a/contrib/blocklist/bin/state.c b/contrib/blocklist/bin/state.c
index f2622c82c251..08e2622e223f 100644
--- a/contrib/blocklist/bin/state.c
+++ b/contrib/blocklist/bin/state.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: state.c,v 1.19 2016/09/26 19:43:43 christos Exp $	*/
+/*	$NetBSD: state.c,v 1.2 2025/02/11 17:48:30 christos Exp $	*/
 
 /*-
  * Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -32,8 +32,10 @@
 #include "config.h"
 #endif
 
+#ifdef HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: state.c,v 1.19 2016/09/26 19:43:43 christos Exp $");
+#endif
+__RCSID("$NetBSD: state.c,v 1.2 2025/02/11 17:48:30 christos Exp $");
 
 #include <sys/types.h>
 #include <sys/socket.h>
diff --git a/contrib/blocklist/bin/state.h b/contrib/blocklist/bin/state.h
index 2e9257006e80..48f63a41ef33 100644
--- a/contrib/blocklist/bin/state.h
+++ b/contrib/blocklist/bin/state.h
@@ -1,4 +1,4 @@
-/*	$NetBSD: state.h,v 1.5 2015/01/27 19:40:37 christos Exp $	*/
+/*	$NetBSD: state.h,v 1.1.1.1 2020/06/15 01:52:53 christos Exp $	*/
 
 /*-
  * Copyright (c) 2015 The NetBSD Foundation, Inc.
diff --git a/contrib/blocklist/bin/support.c b/contrib/blocklist/bin/support.c
index d560d2303223..91e40812611e 100644
--- a/contrib/blocklist/bin/support.c
+++ b/contrib/blocklist/bin/support.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: support.c,v 1.9 2018/09/18 22:12:19 christos Exp $	*/
+/*	$NetBSD: support.c,v 1.3 2025/02/11 17:48:30 christos Exp $	*/
 
 /*-
  * Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -32,8 +32,10 @@
 #include "config.h"
 #endif
 
+#ifdef HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: support.c,v 1.9 2018/09/18 22:12:19 christos Exp $");
+#endif
+__RCSID("$NetBSD: support.c,v 1.3 2025/02/11 17:48:30 christos Exp $");
 
 #include <time.h>
 #include <string.h>
@@ -66,7 +68,8 @@ expandm(char *buf, size_t len, const char *fmt)
 }
 
 void
-vdlog(int level __unused, const char *fmt, va_list ap)
+vdlog(int level __unused, struct syslog_data *sd __unused,
+    const char *fmt, va_list ap)
 {
 	char buf[BUFSIZ];
 
@@ -81,7 +84,7 @@ dlog(int level, const char *fmt, ...)
 	va_list ap;
 
 	va_start(ap, fmt);
-	vdlog(level, fmt, ap);
+	vdlog(level, NULL, fmt, ap);
 	va_end(ap);
 }
 
diff --git a/contrib/blocklist/bin/support.h b/contrib/blocklist/bin/support.h
index 899649ce8319..bb865cb8fe68 100644
--- a/contrib/blocklist/bin/support.h
+++ b/contrib/blocklist/bin/support.h
@@ -1,4 +1,4 @@
-/*	$NetBSD: support.h,v 1.7 2016/04/04 15:52:56 christos Exp $	*/
+/*	$NetBSD: support.h,v 1.2 2024/08/02 17:11:55 christos Exp $	*/
 
 /*-
  * Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -34,8 +34,9 @@
 __BEGIN_DECLS
 const char *fmttime(char *, size_t, time_t);
 const char *fmtydhms(char *, size_t, time_t);
-void vdlog(int, const char *, va_list)
-    __attribute__((__format__(__printf__, 2, 0)));
+struct syslog_data;
+void vdlog(int, struct syslog_data *, const char *, va_list)
+    __attribute__((__format__(__printf__, 3, 0)));
 void dlog(int, const char *, ...)
     __attribute__((__format__(__printf__, 2, 3)));
 ssize_t blhexdump(char *, size_t, const char *, const void *, size_t);
diff --git a/contrib/blocklist/diff/ftpd.diff b/contrib/blocklist/diff/ftpd.diff
index d28577f3ef5f..37b43dae2295 100644
--- a/contrib/blocklist/diff/ftpd.diff
+++ b/contrib/blocklist/diff/ftpd.diff
@@ -2,17 +2,17 @@
 +++ pfilter.c	2015-01-23 17:12:02.000000000 -0500
 @@ -0,0 +1,24 @@
 +#include <stdio.h>
-+#include <blacklist.h>
++#include <blocklist.h>
 +
 +#include "pfilter.h"
 +
-+static struct blacklist *blstate;
++static struct blocklist *blstate;
 +
 +void
 +pfilter_open(void)
 +{
 +	if (blstate == NULL)
-+		blstate = blacklist_open();
++		blstate = blocklist_open();
 +}
 +
 +void
@@ -23,7 +23,7 @@
 +	if (blstate == NULL)
 +		return;
 +
-+	blacklist_r(blstate, what, 0, msg);
++	blocklist_r(blstate, what, 0, msg);
 +}
 --- /dev/null	2015-01-23 17:30:40.000000000 -0500
 +++ pfilter.h	2015-01-23 17:07:25.000000000 -0500
@@ -42,8 +42,8 @@ diff -u -p -u -r1.63 Makefile
  MLINKS=	ftpusers.5 ftpchroot.5
  
 +SRCS+=	pfilter.c
-+LDADD+=	-lblacklist
-+DPADD+=	${LIBBLACKLIST}
++LDADD+=	-lblocklist
++DPADD+=	${LIBBLOCKLIST}
 +
  .if defined(NO_INTERNAL_LS)
  CPPFLAGS+=-DNO_INTERNAL_LS
diff --git a/contrib/blocklist/diff/named.diff b/contrib/blocklist/diff/named.diff
index fcd97ba7ec1f..a5069ff94df7 100644
--- a/contrib/blocklist/diff/named.diff
+++ b/contrib/blocklist/diff/named.diff
@@ -8,17 +8,17 @@
 +#include <named/types.h>
 +#include <named/client.h>
 +
-+#include <blacklist.h>
++#include <blocklist.h>
 +
 +#include "pfilter.h"
 +
-+static struct blacklist *blstate;
++static struct blocklist *blstate;
 +
 +void
 +pfilter_open(void)
 +{
 +	if (blstate == NULL)
-+		blstate = blacklist_open();
++		blstate = blocklist_open();
 +}
 +
 +#define TCP_CLIENT(c)  (((c)->attributes & NS_CLIENTATTR_TCP) != 0)
@@ -39,7 +39,7 @@
 +	}
 +	if (socket == NULL)
 +		return;
-+	blacklist_sa_r(blstate, 
++	blocklist_sa_r(blstate, 
 +	    res != ISC_R_SUCCESS, isc_socket_getfd(socket),
 +	    &client->peeraddr.type.sa, client->peeraddr.length, msg);
 +}
@@ -63,8 +63,8 @@ diff -u -u -r1.8 Makefile
 +	pfilter.c tkeyconf.c tsigconf.c \
  	update.c xfrout.c zoneconf.c ${SRCS_UNIX}
  
-+LDADD+=-lblacklist
-+DPADD+=${LIBBLACKLIST}
++LDADD+=-lblocklist
++DPADD+=${LIBBLOCKLIST}
  .include <bsd.prog.mk>
 Index: dist/bin/named/client.c
 ===================================================================
diff --git a/contrib/blocklist/diff/postfix.diff b/contrib/blocklist/diff/postfix.diff
new file mode 100644
index 000000000000..6f14389515cf
--- /dev/null
+++ b/contrib/blocklist/diff/postfix.diff
@@ -0,0 +1,98 @@
+Index: dist/src/smtpd/pfilter.c
+===================================================================
+RCS file: dist/src/smtpd/pfilter.c
+diff -N dist/src/smtpd/pfilter.c
+--- /dev/null	1 Jan 1970 00:00:00 -0000
++++ dist/src/smtpd/pfilter.c	1 Feb 2018 03:29:09 -0000
+@@ -0,0 +1,19 @@
++#include "pfilter.h"
++#include <stdio.h>	/* for NULL */
++#include <blocklist.h>
++
++static struct blocklist *blstate;
++
++void
++pfilter_notify(int a, int fd)
++{
++	if (blstate == NULL)
++		blstate = blocklist_open();
++	if (blstate == NULL)
++		return;
++	(void)blocklist_r(blstate, a, fd, "smtpd");
++	if (a == 0) {
++		blocklist_close(blstate);
++		blstate = NULL;
++	}
++}
+Index: dist/src/smtpd/pfilter.h
+===================================================================
+RCS file: dist/src/smtpd/pfilter.h
+diff -N dist/src/smtpd/pfilter.h
+--- /dev/null	1 Jan 1970 00:00:00 -0000
++++ dist/src/smtpd/pfilter.h	1 Feb 2018 03:29:09 -0000
+@@ -0,0 +1,2 @@
++
++void pfilter_notify(int, int);
+Index: dist/src/smtpd/smtpd.c
+===================================================================
+RCS file: /cvsroot/src/external/ibm-public/postfix/dist/src/smtpd/smtpd.c,v
+retrieving revision 1.14
+diff -u -r1.14 smtpd.c
+--- dist/src/smtpd/smtpd.c	14 Feb 2017 01:16:48 -0000	1.14
++++ dist/src/smtpd/smtpd.c	1 Feb 2018 03:29:09 -0000
+@@ -1197,6 +1197,8 @@
+ #include <smtpd_milter.h>
+ #include <smtpd_expand.h>
+ 
++#include "pfilter.h"
++
+  /*
+   * Tunable parameters. Make sure that there is some bound on the length of
+   * an SMTP command, so that the mail system stays in control even when a
+@@ -5048,6 +5050,7 @@
+ 	    if (state->error_count >= var_smtpd_hard_erlim) {
+ 		state->reason = REASON_ERROR_LIMIT;
+ 		state->error_mask |= MAIL_ERROR_PROTOCOL;
++		pfilter_notify(1, vstream_fileno(state->client));
+ 		smtpd_chat_reply(state, "421 4.7.0 %s Error: too many errors",
+ 				 var_myhostname);
+ 		break;
+Index: libexec/smtpd/Makefile
+===================================================================
+RCS file: /cvsroot/src/external/ibm-public/postfix/libexec/smtpd/Makefile,v
+retrieving revision 1.6
+diff -u -r1.6 Makefile
+--- libexec/smtpd/Makefile	21 May 2017 15:28:40 -0000	1.6
++++ libexec/smtpd/Makefile	1 Feb 2018 03:29:09 -0000
+@@ -13,11 +13,14 @@
+ SRCS=	smtpd.c smtpd_token.c smtpd_check.c smtpd_chat.c smtpd_state.c \
+ 	smtpd_peer.c smtpd_sasl_proto.c smtpd_sasl_glue.c smtpd_proxy.c \
+ 	smtpd_xforward.c smtpd_dsn_fix.c smtpd_milter.c smtpd_resolve.c \
+-	smtpd_expand.c smtpd_haproxy.c
++	smtpd_expand.c smtpd_haproxy.c pfilter.c
+ 
+ DPADD+= ${LIBPMASTER} ${LIBPMILTER} ${LIBPGLOBAL} ${LIBPDNS} ${LIBPXSASL}
+ LDADD+= ${LIBPMASTER} ${LIBPMILTER} ${LIBPGLOBAL} ${LIBPDNS} ${LIBPXSASL}
+ 
++DPADD+=	${LIBBLOCKLIST}
++LDADD+=	-lblocklist
++
+ DPADD+=	${LIBPTLS} ${LIBSSL} ${LIBCRYPTO}
+ LDADD+=	${LIBPTLS} -lssl -lcrypto
+ 
+Index: dist/src/smtpd/smtpd.c
+===================================================================
+RCS file: /cvsroot/src/external/ibm-public/postfix/dist/src/smtpd/smtpd.c,v
+retrieving revision 1.17
+diff -u -u -r1.17 smtpd.c
+--- dist/src/smtpd/smtpd.c	18 Mar 2020 19:05:20 -0000	1.17
++++ dist/src/smtpd/smtpd.c	25 Sep 2020 12:51:52 -0000
+@@ -5795,6 +5795,8 @@
+ 		   || strcmp(state->reason, REASON_LOST_CONNECTION)) {
+ 	    msg_info("%s after %s from %s",
+ 		     state->reason, state->where, state->namaddr);
++	    if (strcmp(state->where, SMTPD_CMD_AUTH) == 0)
++		pfilter_notify(1, vstream_fileno(state->client));
+ 	}
+     }
+ 
diff --git a/contrib/blocklist/diff/proftpd.diff b/contrib/blocklist/diff/proftpd.diff
index 455b7cd60c64..e8d2cc5e9e07 100644
--- a/contrib/blocklist/diff/proftpd.diff
+++ b/contrib/blocklist/diff/proftpd.diff
@@ -1,12 +1,12 @@
 --- Make.rules.in.orig	2015-05-27 20:25:54.000000000 -0400
 +++ Make.rules.in	2016-01-25 21:48:47.000000000 -0500
 @@ -110,3 +110,8 @@
-
+ 
  FTPWHO_OBJS=ftpwho.o scoreboard.o misc.o
  BUILD_FTPWHO_OBJS=utils/ftpwho.o utils/scoreboard.o utils/misc.o
 +
-+CPPFLAGS+=-DHAVE_BLACKLIST
-+LIBS+=-lblacklist
++CPPFLAGS+=-DHAVE_BLOCKLIST
++LIBS+=-lblocklist
 +OBJS+= pfilter.o
 +BUILD_OBJS+= src/pfilter.o
 --- /dev/null	2016-01-22 17:30:55.000000000 -0500
@@ -84,25 +84,25 @@
 +#include "pfilter.h"
 +#include "conf.h"
 +#include "privs.h"
-+#ifdef HAVE_BLACKLIST
-+#include <blacklist.h>
++#ifdef HAVE_BLOCKLIST
++#include <blocklist.h>
 +#endif
 +
-+static struct blacklist *blstate;
++static struct blocklist *blstate;
 +
 +void
 +pfilter_init(void)
 +{
-+#ifdef HAVE_BLACKLIST
++#ifdef HAVE_BLOCKLIST
 +	if (blstate == NULL)
-+		blstate = blacklist_open();
++		blstate = blocklist_open();
 +#endif
 +}
 +
 +void
 +pfilter_notify(int a)
 +{
-+#ifdef HAVE_BLACKLIST
++#ifdef HAVE_BLOCKLIST
 +	conn_t *c = session.c;
 +	int fd;
 +
@@ -119,6 +119,6 @@
 +		pfilter_init();
 +	if (blstate == NULL)
 +		return;
-+	(void)blacklist_r(blstate, a, fd, "proftpd");
++	(void)blocklist_r(blstate, a, fd, "proftpd");
 +#endif
 +}
diff --git a/contrib/blocklist/diff/ssh.diff b/contrib/blocklist/diff/ssh.diff
index 9427fc8ddb36..17300bb5dc8d 100644
--- a/contrib/blocklist/diff/ssh.diff
+++ b/contrib/blocklist/diff/ssh.diff
@@ -7,14 +7,14 @@
 +#include "packet.h"
 +#include "log.h"
 +#include "pfilter.h"
-+#include <blacklist.h>
++#include <blocklist.h>
 +
-+static struct blacklist *blstate;
++static struct blocklist *blstate;
 +
 +void
 +pfilter_init(void)
 +{
-+	blstate = blacklist_open();
++	blstate = blocklist_open();
 +}
 +
 +void
@@ -27,9 +27,9 @@
 +		return;
 +	// XXX: 3?
 + 	fd = packet_connection_is_on_socket() ? packet_get_connection_in() : 3;
-+	(void)blacklist_r(blstate, a, fd, "ssh");
++	(void)blocklist_r(blstate, a, fd, "ssh");
 +	if (a == 0) {
-+		blacklist_close(blstate);
++		blocklist_close(blstate);
 +		blstate = NULL;
 +	}
 +}
@@ -60,8 +60,8 @@ diff -u -u -r1.10 Makefile
  LDADD+=	-lwrap
  DPADD+=	${LIBWRAP}
 +
-+LDADD+=	-lblacklist
-+DPADD+=	${LIBBLACKLIST}
++LDADD+=	-lblocklist
++DPADD+=	${LIBBLOCKLIST}
 diff -ru openssh-7.7p1/auth-pam.c dist/auth-pam.c
 --- openssh-7.7p1/auth-pam.c	2018-04-02 01:38:28.000000000 -0400
 +++ dist/auth-pam.c	2018-05-23 11:56:22.206661484 -0400
diff --git a/contrib/blocklist/etc/Makefile b/contrib/blocklist/etc/Makefile
index 669528ddca89..f4f2dc79f857 100644
--- a/contrib/blocklist/etc/Makefile
+++ b/contrib/blocklist/etc/Makefile
@@ -1,10 +1,10 @@
-#	$NetBSD: Makefile,v 1.3 2015/01/26 00:18:40 christos Exp $
+#	$NetBSD: Makefile,v 1.2 2025/02/05 20:24:26 christos Exp $
 
-SUBDIR=rc.d
+SUBDIR=		rc.d
 
-FILESDIR=               /usr/share/examples/blacklist
-FILESMODE=    644
-FILES=	blacklistd.conf npf.conf
+FILESDIR=	/usr/share/examples/blocklist
+FILESMODE=	644
+FILES=		blocklistd.conf ipf.conf npf.conf
 
 .include <bsd.files.mk>
 .include <bsd.subdir.mk>
diff --git a/contrib/blocklist/etc/blacklistd.conf b/contrib/blocklist/etc/blocklistd.conf
index f061b004ad36..b52b994fe950 100644
--- a/contrib/blocklist/etc/blacklistd.conf
+++ b/contrib/blocklist/etc/blocklistd.conf
@@ -1,5 +1,5 @@
-# Blacklist rule
-# adr/mask:port	type	proto	owner		name	nfail	disable
+# Blocklist rule
+# adr/mask:port	type	proto	owner		name	nfail	duration
 [local]
 ssh		stream	*	*		*	3	6h
 ftp		stream	*	*		*	3	6h
@@ -7,8 +7,9 @@ domain		*	*	named		*	3	12h
 #6161		stream	tcp6	christos	*	2	10m
 *		*	*	*		*	3	60
 
-# adr/mask:port	type	proto	owner		name	nfail	disable
+# adr/mask:port	type	proto	owner		name	nfail	duration
 [remote]
 #129.168.0.0/16	*	*	*		=	*	*
+#[2001:db8::]/32:ssh	*	*	*		=	*	*
 #6161		=	=	=		=/24	=	=
 #*		stream	tcp	*		=	=	=
diff --git a/contrib/blocklist/etc/ipf.conf b/contrib/blocklist/etc/ipf.conf
new file mode 100644
index 000000000000..f6bec74238d6
--- /dev/null
+++ b/contrib/blocklist/etc/ipf.conf
@@ -0,0 +1,45 @@
+#========================================
+#
+#	subsection for abuse blocking
+#
+#========================================
+#
+# This section should be included early in the main /etc/ipf.conf file, right
+# after any basic generic accounting ("count") rules, and any cleanup rules to
+# block invalid fragments, invalid options (e.g. "ssrr"), etc.
+#
+# Note these will not actually block anything since they don't include the
+# "quick" flag, and are thus part of a last-match group.  They simply set up a
+# group such that any connection logging rule further below won't also match if
+# one of the rules in the group matches, no matter when or where the subsequent
+# matching rule is added.  I.e. all rules in the group are checked for a match
+# (and a possible "first match" with "quick") before any subsequent rules
+# further below are used.  Note group rules can be added at any time, including
+# at runtime after all other rules have been added -- they will still belong to
+# the group and once added will be checked as part of the group.
+#
+#	head of "blocklistd" group:
+#
+# The "blocklistd" group will be used by blocklistd(8).
+#
+block in proto tcp/udp from any to any head blocklistd
+#
+#	head of "attackers" group to block all attackers:
+#
+# The "attackers" group is intended to be used for manually maintained rules
+# e.g. as could be added like this:
+#
+#	echo 'block return-rst in log quick proto tcp from 118.136.0.0/15 to any flags S/SAFR group attackers' >> /etc/ipf.conf
+#	/etc/rc.d/ipfliter reload
+#
+# Note the choice in this example is to return RST packets for blocked SYN
+# packets to help the other end close.  This is not necessary, but it better
+# mimics what the kernel does by default, thus perhaps hiding the fact a
+# firewall is present.
+#
+# XXX This example still allows UDP services, but we would need to duplicate
+# each rule with "proto udp" (and without "flags blah") due to IPF parsing
+# limitations....
+#
+block in proto tcp/udp from any to any head attackers
+#
diff --git a/contrib/blocklist/etc/npf.conf b/contrib/blocklist/etc/npf.conf
index 42d56044ad6e..b1c33f2738f0 100644
--- a/contrib/blocklist/etc/npf.conf
+++ b/contrib/blocklist/etc/npf.conf
@@ -1,4 +1,4 @@
-# Transparent firewall example for blacklistd
+# Transparent firewall example for blocklistd
 
 $ext_if = "bnx0"
 
@@ -6,7 +6,7 @@ set bpf.jit on;
 alg "icmp"
 
 group "external" on $ext_if {
-	ruleset "blacklistd"
+	ruleset "blocklistd"
 	pass final all
 }
 
diff --git a/contrib/blocklist/etc/rc.d/Makefile b/contrib/blocklist/etc/rc.d/Makefile
index e863d0853a0f..9e214984f7c2 100644
--- a/contrib/blocklist/etc/rc.d/Makefile
+++ b/contrib/blocklist/etc/rc.d/Makefile
@@ -1,6 +1,6 @@
-#	$NetBSD: Makefile,v 1.1 2015/01/22 17:49:41 christos Exp $
+#	$NetBSD: Makefile,v 1.1.1.1 2020/06/15 01:52:53 christos Exp $
 
-SCRIPTS=blacklistd
+SCRIPTS=blocklistd
 SCRIPTSDIR=/etc/rc.d
 
 .include <bsd.prog.mk>
diff --git a/contrib/blocklist/etc/rc.d/blacklistd b/contrib/blocklist/etc/rc.d/blocklistd
index 278a6742e63c..89871ebda4a0 100644
--- a/contrib/blocklist/etc/rc.d/blacklistd
+++ b/contrib/blocklist/etc/rc.d/blocklistd
@@ -1,15 +1,15 @@
 #!/bin/sh
 #
-# $NetBSD: blacklistd,v 1.2 2016/10/17 22:47:16 christos Exp $
+# $NetBSD: blocklistd,v 1.2 2021/03/07 00:46:39 christos Exp $
 #
 
-# PROVIDE: blacklistd
-# REQUIRE: npf
+# PROVIDE: blocklistd
+# REQUIRE: npf pf ipfilter
 # BEFORE:  SERVERS
 
 $_rc_subr_loaded . /etc/rc.subr
 
-name="blacklistd"
+name="blocklistd"
 rcvar=$name
 command="/sbin/${name}"
 pidfile="/var/run/${name}.pid"
@@ -18,17 +18,17 @@ start_precmd="${name}_precmd"
 extra_commands="reload"
 
 _sockfile="/var/run/${name}.sockets"
-_sockname="blacklistd.sock"
+_sockname="blocklistd.sock"
 
-blacklistd_precmd()
+blocklistd_precmd()
 {
-	#	Create default list of blacklistd sockets to watch
+	#	Create default list of blocklistd sockets to watch
 	#
 	( umask 022 ; > $_sockfile )
 
 	#	Find /etc/rc.d scripts with "chrootdir" rcorder(8) keyword,
 	#	and if $${app}_chrootdir is a directory, add appropriate
-	#	blacklistd socket to list of sockets to watch.
+	#	blocklistd socket to list of sockets to watch.
 	#
 	for _lr in $(rcorder -k chrootdir /etc/rc.d/*); do
 	    (
@@ -42,8 +42,8 @@ blacklistd_precmd()
 	done
 
 	#	If other sockets have been provided, change run_rc_command()'s
-	#	internal copy of $blacklistd_flags to force use of specific
-	#	blacklistd sockets.
+	#	internal copy of $blocklistd_flags to force use of specific
+	#	blocklistd sockets.
 	#
 	if [ -s $_sockfile ]; then
 		echo "/var/run/${_sockname}" >> $_sockfile
diff --git a/contrib/blocklist/include/Makefile b/contrib/blocklist/include/Makefile
index 6854907be25e..b7ce1eca278c 100644
--- a/contrib/blocklist/include/Makefile
+++ b/contrib/blocklist/include/Makefile
@@ -1,10 +1,10 @@
-#	$NetBSD: Makefile,v 1.1 2015/01/21 16:16:00 christos Exp $
+#	$NetBSD: Makefile,v 1.1.1.1 2020/06/15 01:52:53 christos Exp $
 
 # Doing a make includes builds /usr/include
 
 NOOBJ=		# defined
 
-INCS=	blacklist.h
+INCS=	blocklist.h
 INCSDIR=	/usr/include
 
 .include <bsd.prog.mk>
diff --git a/contrib/blocklist/include/bl.h b/contrib/blocklist/include/bl.h
index 8f366de912fe..c7ed517d7a6d 100644
--- a/contrib/blocklist/include/bl.h
+++ b/contrib/blocklist/include/bl.h
@@ -1,4 +1,4 @@
-/*	$NetBSD: bl.h,v 1.13 2016/03/11 17:16:40 christos Exp $	*/
+/*	$NetBSD: bl.h,v 1.2 2024/08/02 17:11:55 christos Exp $	*/
 
 /*-
  * Copyright (c) 2014 The NetBSD Foundation, Inc.
@@ -35,7 +35,7 @@
 #include <stdarg.h>
 #include <sys/param.h>
 #include <sys/socket.h>
-#include "blacklist.h"
+#include "blocklist.h"
 
 typedef enum {
 	BL_INVALID,
@@ -58,14 +58,15 @@ typedef struct {
 #define bi_cred bi_u._bi_cred
 
 #ifndef _PATH_BLSOCK
-#define _PATH_BLSOCK "/var/run/blacklistd.sock"
+#define _PATH_BLSOCK "/var/run/blocklistd.sock"
 #endif
 
 __BEGIN_DECLS
 
-typedef struct blacklist *bl_t;
+typedef struct blocklist *bl_t;
 
-bl_t bl_create(bool, const char *, void (*)(int, const char *, va_list));
+bl_t bl_create(bool, const char *,
+    void (*)(int, struct syslog_data *, const char *, va_list));
 void bl_destroy(bl_t);
 int bl_send(bl_t, bl_type_t, int, const struct sockaddr *, socklen_t,
     const char *);
diff --git a/contrib/blocklist/include/blacklist.h b/contrib/blocklist/include/blacklist.h
index 2f5c8ba09864..f97cf34c4bcb 100644
--- a/contrib/blocklist/include/blacklist.h
+++ b/contrib/blocklist/include/blacklist.h
@@ -1,4 +1,4 @@
-/*	$NetBSD: blacklist.h,v 1.3 2015/01/23 18:48:56 christos Exp $	*/
+/*	$NetBSD: blocklist.h,v 1.4 2025/02/11 17:42:17 christos Exp $	*/
 
 /*-
  * Copyright (c) 2014 The NetBSD Foundation, Inc.
@@ -32,16 +32,26 @@
 #define _BLACKLIST_H
 
 #include <sys/socket.h>
+#include <syslog.h>
 
-__BEGIN_DECLS
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+struct syslog_data;
 struct blacklist *blacklist_open(void);
+struct blacklist *blacklist_open2(
+    void (*)(int, struct syslog_data *, const char *, va_list));
 void blacklist_close(struct blacklist *);
 int blacklist(int, int, const char *);
 int blacklist_r(struct blacklist *, int, int, const char *);
 int blacklist_sa(int, int, const struct sockaddr *, socklen_t, const char *);
 int blacklist_sa_r(struct blacklist *, int, int,
     const struct sockaddr *, socklen_t, const char *);
-__END_DECLS
+
+#if defined(__cplusplus)
+}
+#endif
 
 /* action values for user applications */
 #define BLACKLIST_API_ENUM	1
diff --git a/contrib/blocklist/include/blocklist.h b/contrib/blocklist/include/blocklist.h
new file mode 100644
index 000000000000..f09e5139079b
--- /dev/null
+++ b/contrib/blocklist/include/blocklist.h
@@ -0,0 +1,65 @@
+/*	$NetBSD: blocklist.h,v 1.4 2025/02/11 17:42:17 christos Exp $	*/
+
+/*-
+ * Copyright (c) 2014 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#ifndef _BLOCKLIST_H
+#define _BLOCKLIST_H
+
+#include <sys/socket.h>
+#include <syslog.h>
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+struct syslog_data;
+struct blocklist *blocklist_open(void);
+struct blocklist *blocklist_open2(
+    void (*)(int, struct syslog_data *, const char *, va_list));
+void blocklist_close(struct blocklist *);
+int blocklist(int, int, const char *);
+int blocklist_r(struct blocklist *, int, int, const char *);
+int blocklist_sa(int, int, const struct sockaddr *, socklen_t, const char *);
+int blocklist_sa_r(struct blocklist *, int, int,
+    const struct sockaddr *, socklen_t, const char *);
+
+#if defined(__cplusplus)
+}
+#endif
+
+/* action values for user applications */
+#define BLOCKLIST_API_ENUM	1
+enum {
+        BLOCKLIST_AUTH_OK = 0,
+        BLOCKLIST_AUTH_FAIL,
+        BLOCKLIST_ABUSIVE_BEHAVIOR,
+        BLOCKLIST_BAD_USER
+};
+
+#endif /* _BLOCKLIST_H */
diff --git a/contrib/blocklist/include/old_bl.h b/contrib/blocklist/include/old_bl.h
new file mode 100644
index 000000000000..1ab64a4d9b69
--- /dev/null
+++ b/contrib/blocklist/include/old_bl.h
@@ -0,0 +1,80 @@
+/*	$NetBSD: bl.h,v 1.2 2024/08/02 17:11:55 christos Exp $	*/
+
+/*-
+ * Copyright (c) 2014 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#ifndef _OLD_BL_H
+#define _OLD_BL_H
+
+#include <stdbool.h>
+#include <stdarg.h>
+#include <sys/param.h>
+#include <sys/socket.h>
+#include "blacklist.h"
+
+typedef enum {
+	BL_INVALID,
+	BL_ADD,
+	BL_DELETE,
+	BL_ABUSE,
+	BL_BADUSER
+} bl_type_t;
+
+typedef struct {
+	bl_type_t bi_type;
+	int bi_fd;
+	uid_t bi_uid;
+	gid_t bi_gid;
+	socklen_t bi_slen;
+	struct sockaddr_storage bi_ss;
+	char bi_msg[1024];
+} bl_info_t;
+
+#define bi_cred bi_u._bi_cred
+
+/* We want the new name */
+#ifndef _PATH_BLSOCK
+#define _PATH_BLSOCK "/var/run/blocklistd.sock"
+#endif
+
+__BEGIN_DECLS
+
+typedef struct blacklist *bl_t;
+
+bl_t bl_create(bool, const char *,
+    void (*)(int, struct syslog_data *, const char *, va_list));
+void bl_destroy(bl_t);
+int bl_send(bl_t, bl_type_t, int, const struct sockaddr *, socklen_t,
+    const char *);
+int bl_getfd(bl_t);
+bl_info_t *bl_recv(bl_t);
+bool bl_isconnected(bl_t);
+
+__END_DECLS
+
+#endif /* _OLD_BL_H */
diff --git a/contrib/blocklist/lib/Makefile b/contrib/blocklist/lib/Makefile
index 4f1ab7717a99..147f311c4782 100644
--- a/contrib/blocklist/lib/Makefile
+++ b/contrib/blocklist/lib/Makefile
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.7 2019/03/08 20:40:05 christos Exp $
+# $NetBSD: Makefile,v 1.1.1.1 2020/06/15 01:52:53 christos Exp $
 
 .include <bsd.own.mk>
 
@@ -6,14 +6,14 @@ USE_SHLIBDIR=   yes
 
 CPPFLAGS+=-D_REENTRANT
 #LIBDPLIBS+=pthread ${NETBSDSRCDIR}/lib/libpthread
-LIB=blacklist
-SRCS=bl.c blacklist.c
-MAN=libblacklist.3
-MLINKS+=libblacklist.3 blacklist_open.3
-MLINKS+=libblacklist.3 blacklist_close.3
-MLINKS+=libblacklist.3 blacklist.3
-MLINKS+=libblacklist.3 blacklist_r.3
-MLINKS+=libblacklist.3 blacklist_sa.3
-MLINKS+=libblacklist.3 blacklist_sa_r.3
+LIB=blocklist
+SRCS=bl.c blocklist.c
+MAN=libblocklist.3
+MLINKS+=libblocklist.3 blocklist_open.3
+MLINKS+=libblocklist.3 blocklist_close.3
+MLINKS+=libblocklist.3 blocklist.3
+MLINKS+=libblocklist.3 blocklist_r.3
+MLINKS+=libblocklist.3 blocklist_sa.3
+MLINKS+=libblocklist.3 blocklist_sa_r.3
 
 .include <bsd.lib.mk>
diff --git a/contrib/blocklist/lib/bl.c b/contrib/blocklist/lib/bl.c
index 409317bc3fc0..80396ed12b28 100644
--- a/contrib/blocklist/lib/bl.c
+++ b/contrib/blocklist/lib/bl.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: bl.c,v 1.28 2016/07/29 17:13:09 christos Exp $	*/
+/*	$NetBSD: bl.c,v 1.9 2025/03/30 01:53:59 christos Exp $	*/
 
 /*-
  * Copyright (c) 2014 The NetBSD Foundation, Inc.
@@ -32,8 +32,10 @@
 #include "config.h"
 #endif
 
+#ifdef HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: bl.c,v 1.28 2016/07/29 17:13:09 christos Exp $");
+#endif
+__RCSID("$NetBSD: bl.c,v 1.9 2025/03/30 01:53:59 christos Exp $");
 
 #include <sys/param.h>
 #include <sys/types.h>
@@ -57,6 +59,10 @@ __RCSID("$NetBSD: bl.c,v 1.28 2016/07/29 17:13:09 christos Exp $");
 #include <pthread.h>
 #endif
 
+#if defined(SO_RECVUCRED)
+#include <ucred.h>
+#endif
+
 #include "bl.h"
 
 typedef struct {
@@ -68,7 +74,7 @@ typedef struct {
 	char bl_data[];
 } bl_message_t;
 
-struct blacklist {
+struct blocklist {
 #ifdef _REENTRANT
 	pthread_mutex_t b_mutex;
 # define BL_INIT(b)	pthread_mutex_init(&b->b_mutex, NULL)
@@ -82,7 +88,8 @@ struct blacklist {
 	int b_fd;
 	int b_connected;
 	struct sockaddr_un b_sun;
-	void (*b_fun)(int, const char *, va_list);
+	struct syslog_data b_syslog_data;
+	void (*b_fun)(int, struct syslog_data *, const char *, va_list);
 	bl_info_t b_info;
 };
 
@@ -115,14 +122,16 @@ bl_reset(bl_t b, bool locked)
 }
 
 static void
-bl_log(void (*fun)(int, const char *, va_list), int level,
-    const char *fmt, ...)
+bl_log(bl_t b, int level, const char *fmt, ...)
 {
 	va_list ap;
 	int serrno = errno;
 
+	if (b->b_fun == NULL)
+		return;
+
 	va_start(ap, fmt);
-	(*fun)(level, fmt, ap);
+	(*b->b_fun)(level, &b->b_syslog_data, fmt, ap);
 	va_end(ap);
 	errno = serrno;
 }
@@ -152,7 +161,7 @@ bl_init(bl_t b, bool srv)
 		b->b_fd = socket(PF_LOCAL,
 		    SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK|SOCK_NOSIGPIPE, 0);
 		if (b->b_fd == -1) {
-			bl_log(b->b_fun, LOG_ERR, "%s: socket failed (%s)",
+			bl_log(b, LOG_ERR, "%s: socket failed (%s)",
 			    __func__, strerror(errno));
 			BL_UNLOCK(b);
 			return -1;
@@ -186,7 +195,7 @@ bl_init(bl_t b, bool srv)
 	rv = connect(b->b_fd, (const void *)sun, (socklen_t)sizeof(*sun));
 	if (rv == 0) {
 		if (srv) {
-			bl_log(b->b_fun, LOG_ERR,
+			bl_log(b, LOG_ERR,
 			    "%s: another daemon is handling `%s'",
 			    __func__, sun->sun_path);
 			goto out;
@@ -199,7 +208,7 @@ bl_init(bl_t b, bool srv)
 			 * and only log once.
 			 */
 			if (b->b_connected != 1) {
-				bl_log(b->b_fun, LOG_DEBUG,
+				bl_log(b, LOG_DEBUG,
 				    "%s: connect failed for `%s' (%s)",
 				    __func__, sun->sun_path, strerror(errno));
 				b->b_connected = 1;
@@ -207,8 +216,7 @@ bl_init(bl_t b, bool srv)
 			BL_UNLOCK(b);
 			return -1;
 		}
-		bl_log(b->b_fun, LOG_DEBUG, "Connected to blacklist server",
-		    __func__);
+		bl_log(b, LOG_DEBUG, "Connected to blocklist server", __func__);
 	}
 
 	if (srv) {
@@ -219,8 +227,7 @@ bl_init(bl_t b, bool srv)
 		(void)umask(om);
 		errno = serrno;
 		if (rv == -1) {
-			bl_log(b->b_fun, LOG_ERR,
-			    "%s: bind failed for `%s' (%s)",
+			bl_log(b, LOG_ERR, "%s: bind failed for `%s' (%s)",
 			    __func__, sun->sun_path, strerror(errno));
 			goto out;
 		}
@@ -231,8 +238,8 @@ bl_init(bl_t b, bool srv)
 #if defined(LOCAL_CREDS)
 #define CRED_LEVEL	0
 #define	CRED_NAME	LOCAL_CREDS
-#define CRED_SC_UID	sc_euid
-#define CRED_SC_GID	sc_egid
+#define CRED_SC_UID(x)	(x)->sc_euid
+#define CRED_SC_GID(x)	(x)->sc_egid
 #define CRED_MESSAGE	SCM_CREDS
 #define CRED_SIZE	SOCKCREDSIZE(NGROUPS_MAX)
 #define CRED_TYPE	struct sockcred
@@ -240,12 +247,21 @@ bl_init(bl_t b, bool srv)
 #elif defined(SO_PASSCRED)
 #define CRED_LEVEL	SOL_SOCKET
 #define	CRED_NAME	SO_PASSCRED
-#define CRED_SC_UID	uid
-#define CRED_SC_GID	gid
+#define CRED_SC_UID(x)	(x)->uid
+#define CRED_SC_GID(x)	(x)->gid
 #define CRED_MESSAGE	SCM_CREDENTIALS
 #define CRED_SIZE	sizeof(struct ucred)
 #define CRED_TYPE	struct ucred
 #define GOT_CRED	2
+#elif defined(SO_RECVUCRED)
+#define CRED_LEVEL	SOL_SOCKET
+#define CRED_NAME	SO_RECVUCRED
+#define CRED_SC_UID(x)	ucred_geteuid(x)
+#define CRED_SC_GID(x)	ucred_getegid(x)
+#define CRED_MESSAGE	SCM_UCRED
+#define CRED_SIZE	ucred_size()
+#define CRED_TYPE	ucred_t
+#define GOT_CRED	2
 #else
 #define GOT_CRED	0
 /*
@@ -259,7 +275,7 @@ bl_init(bl_t b, bool srv)
 #ifdef CRED_LEVEL
 	if (setsockopt(b->b_fd, CRED_LEVEL, CRED_NAME,
 	    &one, (socklen_t)sizeof(one)) == -1) {
-		bl_log(b->b_fun, LOG_ERR, "%s: setsockopt %s "
+		bl_log(b, LOG_ERR, "%s: setsockopt %s "
 		    "failed (%s)", __func__, __STRING(CRED_NAME),
 		    strerror(errno));
 		goto out;
@@ -275,12 +291,15 @@ out:
 }
 
 bl_t
-bl_create(bool srv, const char *path, void (*fun)(int, const char *, va_list))
+bl_create(bool srv, const char *path,
+    void (*fun)(int, struct syslog_data *, const char *, va_list))
 {
+	static struct syslog_data sd = SYSLOG_DATA_INIT;
 	bl_t b = calloc(1, sizeof(*b));
 	if (b == NULL)
-		goto out;
-	b->b_fun = fun == NULL ? vsyslog : fun;
+		return NULL;
+	b->b_fun = fun;
+	b->b_syslog_data = sd;
 	b->b_fd = -1;
 	b->b_connected = -1;
 	BL_INIT(b);
@@ -295,11 +314,6 @@ bl_create(bool srv, const char *path, void (*fun)(int, const char *, va_list))
 
 	bl_init(b, srv);
 	return b;
-out:
-	free(b);
-	bl_log(fun, LOG_ERR, "%s: malloc failed (%s)", __func__,
-	    strerror(errno));
-	return NULL;
 }
 
 void
@@ -327,7 +341,7 @@ bl_getsock(bl_t b, struct sockaddr_storage *ss, const struct sockaddr *sa,
 		family = AF_INET6;
 		break;
 	default:
-		bl_log(b->b_fun, LOG_ERR, "%s: invalid socket len %u (%s)",
+		bl_log(b, LOG_ERR, "%s: invalid socket len %u (%s)",
 		    __func__, (unsigned)slen, ctx);
 		errno = EINVAL;
 		return -1;
@@ -336,7 +350,7 @@ bl_getsock(bl_t b, struct sockaddr_storage *ss, const struct sockaddr *sa,
 	memcpy(ss, sa, slen);
 
 	if (ss->ss_family != family) {
-		bl_log(b->b_fun, LOG_INFO,
+		bl_log(b, LOG_INFO,
 		    "%s: correcting socket family %d to %d (%s)",
 		    __func__, ss->ss_family, family, ctx);
 		ss->ss_family = family;
@@ -344,7 +358,7 @@ bl_getsock(bl_t b, struct sockaddr_storage *ss, const struct sockaddr *sa,
 
 #ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
 	if (ss->ss_len != slen) {
-		bl_log(b->b_fun, LOG_INFO,
+		bl_log(b, LOG_INFO,
 		    "%s: correcting socket len %u to %u (%s)",
 		    __func__, ss->ss_len, (unsigned)slen, ctx);
 		ss->ss_len = (uint8_t)slen;
@@ -424,10 +438,11 @@ bl_recv(bl_t b)
 	union {
 		char ctrl[CMSG_SPACE(sizeof(int)) + CMSG_SPACE(CRED_SIZE)];
 		uint32_t fd;
-		CRED_TYPE sc;
 	} ua;
 	struct cmsghdr *cmsg;
+#if GOT_CRED != 0
 	CRED_TYPE *sc;
+#endif
 	union {
 		bl_message_t bl;
 		char buf[512];
@@ -450,18 +465,18 @@ bl_recv(bl_t b)
 	msg.msg_flags = 0;
 
 	msg.msg_control = ua.ctrl;
-	msg.msg_controllen = sizeof(ua.ctrl) + 100;
+	msg.msg_controllen = sizeof(ua.ctrl);
 
         rlen = recvmsg(b->b_fd, &msg, 0);
         if (rlen == -1) {
-		bl_log(b->b_fun, LOG_ERR, "%s: recvmsg failed (%s)", __func__,
+		bl_log(b, LOG_ERR, "%s: recvmsg failed (%s)", __func__,
 		    strerror(errno));
 		return NULL;
         }
 
 	for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) {
 		if (cmsg->cmsg_level != SOL_SOCKET) {
-			bl_log(b->b_fun, LOG_ERR,
+			bl_log(b, LOG_ERR,
 			    "%s: unexpected cmsg_level %d",
 			    __func__, cmsg->cmsg_level);
 			continue;
@@ -469,10 +484,15 @@ bl_recv(bl_t b)
 		switch (cmsg->cmsg_type) {
 		case SCM_RIGHTS:
 			if (cmsg->cmsg_len != CMSG_LEN(sizeof(int))) {
-				bl_log(b->b_fun, LOG_ERR,
+				int *fd = (void *)CMSG_DATA(cmsg);
+				size_t len = cmsg->cmsg_len / sizeof(int);
+				bl_log(b, LOG_ERR,
 				    "%s: unexpected cmsg_len %d != %zu",
 				    __func__, cmsg->cmsg_len,
-				    CMSG_LEN(2 * sizeof(int)));
+				    CMSG_LEN(sizeof(int)));
+
+				for (size_t i = 0;  i < len; i++)
+					(void)close(fd[i]);
 				continue;
 			}
 			memcpy(&bi->bi_fd, CMSG_DATA(cmsg), sizeof(bi->bi_fd));
@@ -481,13 +501,13 @@ bl_recv(bl_t b)
 #ifdef CRED_MESSAGE
 		case CRED_MESSAGE:
 			sc = (void *)CMSG_DATA(cmsg);
-			bi->bi_uid = sc->CRED_SC_UID;
-			bi->bi_gid = sc->CRED_SC_GID;
+			bi->bi_uid = CRED_SC_UID(sc);
+			bi->bi_gid = CRED_SC_GID(sc);
 			got |= GOT_CRED;
 			break;
 #endif
 		default:
-			bl_log(b->b_fun, LOG_ERR,
+			bl_log(b, LOG_ERR,
 			    "%s: unexpected cmsg_type %d",
 			    __func__, cmsg->cmsg_type);
 			continue;
@@ -496,7 +516,7 @@ bl_recv(bl_t b)
 	}
 
 	if (got != (GOT_CRED|GOT_FD)) {
-		bl_log(b->b_fun, LOG_ERR, "message missing %s %s",
+		bl_log(b, LOG_ERR, "message missing %s %s",
 #if GOT_CRED != 0
 		    (got & GOT_CRED) == 0 ? "cred" :
 #endif
@@ -506,13 +526,13 @@ bl_recv(bl_t b)
 
 	rem = (size_t)rlen;
 	if (rem < sizeof(ub.bl)) {
-		bl_log(b->b_fun, LOG_ERR, "message too short %zd", rlen);
+		bl_log(b, LOG_ERR, "message too short %zd", rlen);
 		return NULL;
 	}
 	rem -= sizeof(ub.bl);
 
 	if (ub.bl.bl_version != BL_VERSION) {
-		bl_log(b->b_fun, LOG_ERR, "bad version %d", ub.bl.bl_version);
+		bl_log(b, LOG_ERR, "bad version %d", ub.bl.bl_version);
 		return NULL;
 	}
 
@@ -523,10 +543,12 @@ bl_recv(bl_t b)
 	bi->bi_uid = -1;
 	bi->bi_gid = -1;
 #endif
-	rem = MIN(sizeof(bi->bi_msg), rem);
 	if (rem == 0)
 		bi->bi_msg[0] = '\0';
-	else
-		strlcpy(bi->bi_msg, ub.bl.bl_data, rem);
+	else {
+		rem = MIN(sizeof(bi->bi_msg) - 1, rem);
+		memcpy(bi->bi_msg, ub.bl.bl_data, rem);
+		bi->bi_msg[rem] = '\0';
+	}
 	return bi;
 }
diff --git a/contrib/blocklist/lib/blacklist.c b/contrib/blocklist/lib/blacklist.c
index ba376c3daf0d..12e5f83e09af 100644
--- a/contrib/blocklist/lib/blacklist.c
+++ b/contrib/blocklist/lib/blacklist.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: blacklist.c,v 1.5 2015/01/22 16:19:53 christos Exp $	*/
+/*	$NetBSD: blocklist.c,v 1.4 2025/02/11 17:48:30 christos Exp $	*/
 
 /*-
  * Copyright (c) 2014 The NetBSD Foundation, Inc.
@@ -32,11 +32,13 @@
 #include "config.h"
 #endif
 
+#ifdef HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: blacklist.c,v 1.5 2015/01/22 16:19:53 christos Exp $");
+#endif
+__RCSID("$NetBSD: blocklist.c,v 1.4 2025/02/11 17:48:30 christos Exp $");
 
 #include <stdio.h>
-#include <bl.h>
+#include <old_bl.h>
 
 #include <stdarg.h>
 #include <errno.h>
@@ -98,7 +100,14 @@ blacklist_r(struct blacklist *bl, int action, int rfd, const char *msg)
 
 struct blacklist *
 blacklist_open(void) {
-	return bl_create(false, NULL, vsyslog);
+	return bl_create(false, NULL, vsyslog_r);
+}
+
+struct blacklist *
+blacklist_open2(
+    void (*logger)(int, struct syslog_data *, const char *, va_list))
+{
+	return bl_create(false, NULL, logger);
 }
 
 void
diff --git a/contrib/blocklist/lib/blocklist.c b/contrib/blocklist/lib/blocklist.c
new file mode 100644
index 000000000000..139fc4342626
--- /dev/null
+++ b/contrib/blocklist/lib/blocklist.c
@@ -0,0 +1,117 @@
+/*	$NetBSD: blocklist.c,v 1.4 2025/02/11 17:48:30 christos Exp $	*/
+
+/*-
+ * Copyright (c) 2014 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#ifdef HAVE_SYS_CDEFS_H
+#include <sys/cdefs.h>
+#endif
+__RCSID("$NetBSD: blocklist.c,v 1.4 2025/02/11 17:48:30 christos Exp $");
+
+#include <stdio.h>
+#include <bl.h>
+
+#include <stdarg.h>
+#include <errno.h>
+#include <string.h>
+#include <stdlib.h>
+#include <syslog.h>
+
+int
+blocklist_sa(int action, int rfd, const struct sockaddr *sa, socklen_t salen,
+    const char *msg)
+{
+	struct blocklist *bl;
+	int rv;
+	if ((bl = blocklist_open()) == NULL)
+		return -1;
+	rv = blocklist_sa_r(bl, action, rfd, sa, salen, msg);
+	blocklist_close(bl);
+	return rv;
+}
+
+int
+blocklist_sa_r(struct blocklist *bl, int action, int rfd,
+	const struct sockaddr *sa, socklen_t slen, const char *msg)
+{
+	bl_type_t internal_action;
+
+	/* internal values are not the same as user application values */
+	switch (action) {
+	case BLOCKLIST_AUTH_FAIL:
+		internal_action = BL_ADD;
+		break;
+	case BLOCKLIST_AUTH_OK:
+		internal_action = BL_DELETE;
+		break;
+	case BLOCKLIST_ABUSIVE_BEHAVIOR:
+		internal_action = BL_ABUSE;
+		break;
+	case BLOCKLIST_BAD_USER:
+		internal_action = BL_BADUSER;
+		break;
+	default:
+		internal_action = BL_INVALID;
+		break;
+	}
+	return bl_send(bl, internal_action, rfd, sa, slen, msg);
+}
+
+int
+blocklist(int action, int rfd, const char *msg)
+{
+	return blocklist_sa(action, rfd, NULL, 0, msg);
+}
+
+int
+blocklist_r(struct blocklist *bl, int action, int rfd, const char *msg)
+{
+	return blocklist_sa_r(bl, action, rfd, NULL, 0, msg);
+}
+
+struct blocklist *
+blocklist_open(void) {
+	return bl_create(false, NULL, vsyslog_r);
+}
+
+struct blocklist *
+blocklist_open2(
+    void (*logger)(int, struct syslog_data *, const char *, va_list))
+{
+	return bl_create(false, NULL, logger);
+}
+
+void
+blocklist_close(struct blocklist *bl)
+{
+	bl_destroy(bl);
+}
diff --git a/contrib/blocklist/lib/libblacklist.3 b/contrib/blocklist/lib/libblacklist.3
index 146915c8dc31..5bc093c38f79 100644
--- a/contrib/blocklist/lib/libblacklist.3
+++ b/contrib/blocklist/lib/libblacklist.3
@@ -1,4 +1,4 @@
-.\" $NetBSD: libblacklist.3,v 1.10 2020/03/30 15:47:15 christos Exp $
+.\" $NetBSD: libblocklist.3,v 1.7 2025/02/05 20:14:30 christos Exp $
 .\"
 .\" Copyright (c) 2015 The NetBSD Foundation, Inc.
 .\" All rights reserved.
@@ -27,11 +27,12 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd March 30, 2020
+.Dd February 5, 2025
 .Dt LIBBLACKLIST 3
 .Os
 .Sh NAME
 .Nm blacklist_open ,
+.Nm blacklist_open2 ,
 .Nm blacklist_close ,
 .Nm blacklist_r ,
 .Nm blacklist ,
@@ -44,6 +45,8 @@
 .In blacklist.h
 .Ft struct blacklist *
 .Fn blacklist_open "void"
+.Ft struct blacklist *
+.Fn blacklist_open2 "void (*logger)(int, struct syslog_data *, va_list)"
 .Ft void
 .Fn blacklist_close "struct blacklist *cookie"
 .Ft int
@@ -68,6 +71,19 @@ and returns a pointer to it, or
 .Dv NULL
 on failure.
 .Pp
+The function
+.Fn blacklist_open2
+is similar to
+.Fn blacklist_open
+but allows a
+.Fa logger
+to be specified.
+If the
+.Fa logger
+is
+.Dv NULL ,
+then no logging is performed.
+.Pp
 The
 .Fn blacklist_close
 function frees all memory and resources used.
@@ -89,17 +105,17 @@ argument.
 The
 .Ar action
 parameter can take these values:
-.Bl -tag -width ".Va BLACKLIST_ABUSIVE_BEHAVIOR"
-.It Va BLACKLIST_AUTH_FAIL
+.Bl -tag -width ".Dv BLACKLIST_ABUSIVE_BEHAVIOR"
+.It Dv BLACKLIST_AUTH_FAIL
 There was an unsuccessful authentication attempt.
-.It Va BLACKLIST_AUTH_OK
+.It Dv BLACKLIST_AUTH_OK
 A user successfully authenticated.
-.It Va BLACKLIST_ABUSIVE_BEHAVIOR
+.It Dv BLACKLIST_ABUSIVE_BEHAVIOR
 The sending daemon has detected abusive behavior
 from the remote system.
 The remote address should
 be blocked as soon as possible.
-.It Va BLACKLIST_BAD_USER
+.It Dv BLACKLIST_BAD_USER
 The sending daemon has determined the username
 presented for authentication is invalid.
 The
@@ -108,7 +124,7 @@ daemon compares the username to a configured list of forbidden
 usernames and
 blocks the address immediately if a forbidden username matches.
 (The
-.Ar BLACKLIST_BAD_USER
+.Dv BLACKLIST_BAD_USER
 support is not currently available.)
 .El
 .Pp
@@ -160,6 +176,11 @@ on success and
 on failure setting
 .Dv errno
 to an appropriate value.
+.Sh NOTES
+The
+.Lb libblacklist
+has been renamed to
+.Xr libblocklist 3 .
 .Sh SEE ALSO
 .Xr blacklistd.conf 5 ,
 .Xr blacklistd 8
diff --git a/contrib/blocklist/lib/libblocklist.3 b/contrib/blocklist/lib/libblocklist.3
new file mode 100644
index 000000000000..fd6eb93eb756
--- /dev/null
+++ b/contrib/blocklist/lib/libblocklist.3
@@ -0,0 +1,183 @@
+.\" $NetBSD: libblocklist.3,v 1.7 2025/02/05 20:14:30 christos Exp $
+.\"
+.\" Copyright (c) 2015 The NetBSD Foundation, Inc.
+.\" All rights reserved.
+.\"
+.\" This code is derived from software contributed to The NetBSD Foundation
+.\" by Christos Zoulas.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+.\" POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd February 5, 2025
+.Dt LIBBLOCKLIST 3
+.Os
+.Sh NAME
+.Nm blocklist_open ,
+.Nm blocklist_open2 ,
+.Nm blocklist_close ,
+.Nm blocklist_r ,
+.Nm blocklist ,
+.Nm blocklist_sa ,
+.Nm blocklist_sa_r
+.Nd Blocklistd notification library
+.Sh LIBRARY
+.Lb libblocklist
+.Sh SYNOPSIS
+.In blocklist.h
+.Ft struct blocklist *
+.Fn blocklist_open "void"
+.Ft struct blocklist *
+.Fn blocklist_open2 "void (*logger)(int, struct syslog_data *, va_list)"
+.Ft void
+.Fn blocklist_close "struct blocklist *cookie"
+.Ft int
+.Fn blocklist "int action" "int fd" "const char *msg"
+.Ft int
+.Fn blocklist_r "struct blocklist *cookie" "int action" "int fd" "const char *msg"
+.Ft int
+.Fn blocklist_sa "int action" "int fd" "const struct sockaddr *sa" "socklen_t salen" "const char *msg"
+.Ft int
+.Fn blocklist_sa_r "struct blocklist *cookie" "int action" "int fd" "const struct sockaddr *sa" "socklen_t salen" "const char *msg"
+.Sh DESCRIPTION
+These functions can be used by daemons to notify
+.Xr blocklistd 8
+about successful and failed remote connections so that blocklistd can
+block or release port access to prevent Denial of Service attacks.
+.Pp
+The function
+.Fn blocklist_open
+creates the necessary state to communicate with
+.Xr blocklistd 8
+and returns a pointer to it, or
+.Dv NULL
+on failure.
+.Pp
+The function
+.Fn blocklist_open2
+is similar to
+.Fn blocklist_open
+but allows a
+.Fa logger
+to be specified.
+If the
+.Fa logger
+is
+.Dv NULL ,
+then no logging is performed.
+.Pp
+The
+.Fn blocklist_close
+function frees all memory and resources used.
+.Pp
+The
+.Fn blocklist
+function sends a message to
+.Xr blocklistd 8 ,
+with an integer
+.Ar action
+argument specifying the type of notification,
+a file descriptor
+.Ar fd
+specifying the accepted file descriptor connected to the client,
+and an optional message in the
+.Ar msg
+argument.
+.Pp
+The
+.Ar action
+parameter can take these values:
+.Bl -tag -width ".Dv BLOCKLIST_ABUSIVE_BEHAVIOR"
+.It Dv BLOCKLIST_AUTH_FAIL
+There was an unsuccessful authentication attempt.
+.It Dv BLOCKLIST_AUTH_OK
+A user successfully authenticated.
+.It Dv BLOCKLIST_ABUSIVE_BEHAVIOR
+The sending daemon has detected abusive behavior
+from the remote system.
+The remote address should
+be blocked as soon as possible.
+.It Dv BLOCKLIST_BAD_USER
+The sending daemon has determined the username
+presented for authentication is invalid.
+The
+.Xr blocklistd 8
+daemon compares the username to a configured list of forbidden
+usernames and
+blocks the address immediately if a forbidden username matches.
+(The
+.Dv BLOCKLIST_BAD_USER
+support is not currently available.)
+.El
+.Pp
+The
+.Fn blocklist_r
+function is more efficient because it keeps the blocklist state around.
+.Pp
+The
+.Fn blocklist_sa
+and
+.Fn blocklist_sa_r
+functions can be used with unconnected sockets, where
+.Xr getpeername 2
+will not work, the server will pass the peer name in the message.
+.Pp
+In all cases the file descriptor passed in the
+.Fa fd
+argument must be pointing to a valid socket so that
+.Xr blocklistd 8
+can establish ownership of the local endpoint
+using
+.Xr getsockname 2 .
+.Pp
+By default,
+.Xr syslogd 8
+is used for message logging.
+The internal
+.Fn bl_create
+function can be used to create the required internal
+state and specify a custom logging function.
+.Sh RETURN VALUES
+The function
+.Fn blocklist_open
+returns a cookie on success and
+.Dv NULL
+on failure setting
+.Dv errno
+to an appropriate value.
+.Pp
+The functions
+.Fn blocklist ,
+.Fn blocklist_sa ,
+and
+.Fn blocklist_sa_r
+return
+.Dv 0
+on success and
+.Dv \-1
+on failure setting
+.Dv errno
+to an appropriate value.
+.Sh SEE ALSO
+.Xr blocklistd.conf 5 ,
+.Xr blocklistd 8
+.Sh AUTHORS
+.An Christos Zoulas
diff --git a/contrib/blocklist/lib/old_bl.c b/contrib/blocklist/lib/old_bl.c
new file mode 100644
index 000000000000..ffbbd3f620ac
--- /dev/null
+++ b/contrib/blocklist/lib/old_bl.c
@@ -0,0 +1,554 @@
+/*	$NetBSD: bl.c,v 1.9 2025/03/30 01:53:59 christos Exp $	*/
+
+/*-
+ * Copyright (c) 2014 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#ifdef HAVE_SYS_CDEFS_H
+#include <sys/cdefs.h>
+#endif
+__RCSID("$NetBSD: bl.c,v 1.9 2025/03/30 01:53:59 christos Exp $");
+
+#include <sys/param.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/stat.h>
+#include <sys/un.h>
+
+#include <stdio.h>
+#include <string.h>
+#include <syslog.h>
+#include <signal.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <stdint.h>
+#include <stdbool.h>
+#include <errno.h>
+#include <stdarg.h>
+#include <netinet/in.h>
+#ifdef _REENTRANT
+#include <pthread.h>
+#endif
+
+#if defined(SO_RECVUCRED)
+#include <ucred.h>
+#endif
+
+#include "old_bl.h"
+
+typedef struct {
+	uint32_t bl_len;
+	uint32_t bl_version;
+	uint32_t bl_type;
+	uint32_t bl_salen;
+	struct sockaddr_storage bl_ss;
+	char bl_data[];
+} bl_message_t;
+
+struct blacklist {
+#ifdef _REENTRANT
+	pthread_mutex_t b_mutex;
+# define BL_INIT(b)	pthread_mutex_init(&b->b_mutex, NULL)
+# define BL_LOCK(b)	pthread_mutex_lock(&b->b_mutex)
+# define BL_UNLOCK(b)	pthread_mutex_unlock(&b->b_mutex)
+#else
+# define BL_INIT(b)	do {} while(/*CONSTCOND*/0)
+# define BL_LOCK(b)	BL_INIT(b)
+# define BL_UNLOCK(b)	BL_INIT(b)
+#endif
+	int b_fd;
+	int b_connected;
+	struct sockaddr_un b_sun;
+	struct syslog_data b_syslog_data;
+	void (*b_fun)(int, struct syslog_data *, const char *, va_list);
+	bl_info_t b_info;
+};
+
+#define BL_VERSION	1
+
+bool
+bl_isconnected(bl_t b)
+{
+	return b->b_connected == 0;
+}
+
+int
+bl_getfd(bl_t b)
+{
+	return b->b_fd;
+}
+
+static void
+bl_reset(bl_t b, bool locked)
+{
+	int serrno = errno;
+	if (!locked)
+		BL_LOCK(b);
+	close(b->b_fd);
+	errno = serrno;
+	b->b_fd = -1;
+	b->b_connected = -1;
+	if (!locked)
+		BL_UNLOCK(b);
+}
+
+static void
+bl_log(bl_t b, int level, const char *fmt, ...)
+{
+	va_list ap;
+	int serrno = errno;
+
+	if (b->b_fun == NULL)
+		return;
+
+	va_start(ap, fmt);
+	(*b->b_fun)(level, &b->b_syslog_data, fmt, ap);
+	va_end(ap);
+	errno = serrno;
+}
+
+static int
+bl_init(bl_t b, bool srv)
+{
+	static int one = 1;
+	/* AF_UNIX address of local logger */
+	mode_t om;
+	int rv, serrno;
+	struct sockaddr_un *sun = &b->b_sun;
+
+#ifndef SOCK_NONBLOCK
+#define SOCK_NONBLOCK 0
+#endif
+#ifndef SOCK_CLOEXEC
+#define SOCK_CLOEXEC 0
+#endif
+#ifndef SOCK_NOSIGPIPE
+#define SOCK_NOSIGPIPE 0
+#endif
+
+	BL_LOCK(b);
+
+	if (b->b_fd == -1) {
+		b->b_fd = socket(PF_LOCAL,
+		    SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK|SOCK_NOSIGPIPE, 0);
+		if (b->b_fd == -1) {
+			bl_log(b, LOG_ERR, "%s: socket failed (%s)",
+			    __func__, strerror(errno));
+			BL_UNLOCK(b);
+			return -1;
+		}
+#if SOCK_CLOEXEC == 0
+		fcntl(b->b_fd, F_SETFD, FD_CLOEXEC);
+#endif
+#if SOCK_NONBLOCK == 0
+		fcntl(b->b_fd, F_SETFL, fcntl(b->b_fd, F_GETFL) | O_NONBLOCK);
+#endif
+#if SOCK_NOSIGPIPE == 0
+#ifdef SO_NOSIGPIPE
+		int o = 1;
+		setsockopt(b->b_fd, SOL_SOCKET, SO_NOSIGPIPE, &o, sizeof(o));
+#else
+		signal(SIGPIPE, SIG_IGN);
+#endif
+#endif
+	}
+
+	if (bl_isconnected(b)) {
+		BL_UNLOCK(b);
+		return 0;
+	}
+
+	/*
+	 * We try to connect anyway even when we are a server to verify
+	 * that no other server is listening to the socket. If we succeed
+	 * to connect and we are a server, someone else owns it.
+	 */
+	rv = connect(b->b_fd, (const void *)sun, (socklen_t)sizeof(*sun));
+	if (rv == 0) {
+		if (srv) {
+			bl_log(b, LOG_ERR,
+			    "%s: another daemon is handling `%s'",
+			    __func__, sun->sun_path);
+			goto out;
+		}
+	} else {
+		if (!srv) {
+			/*
+			 * If the daemon is not running, we just try a
+			 * connect, so leave the socket alone until it does
+			 * and only log once.
+			 */
+			if (b->b_connected != 1) {
+				bl_log(b, LOG_DEBUG,
+				    "%s: connect failed for `%s' (%s)",
+				    __func__, sun->sun_path, strerror(errno));
+				b->b_connected = 1;
+			}
+			BL_UNLOCK(b);
+			return -1;
+		}
+		bl_log(b, LOG_DEBUG, "Connected to blacklist server", __func__);
+	}
+
+	if (srv) {
+		(void)unlink(sun->sun_path);
+		om = umask(0);
+		rv = bind(b->b_fd, (const void *)sun, (socklen_t)sizeof(*sun));
+		serrno = errno;
+		(void)umask(om);
+		errno = serrno;
+		if (rv == -1) {
+			bl_log(b, LOG_ERR, "%s: bind failed for `%s' (%s)",
+			    __func__, sun->sun_path, strerror(errno));
+			goto out;
+		}
+	}
+
+	b->b_connected = 0;
+#define GOT_FD		1
+#if defined(LOCAL_CREDS)
+#define CRED_LEVEL	0
+#define	CRED_NAME	LOCAL_CREDS
+#define CRED_SC_UID(x)	(x)->sc_euid
+#define CRED_SC_GID(x)	(x)->sc_egid
+#define CRED_MESSAGE	SCM_CREDS
+#define CRED_SIZE	SOCKCREDSIZE(NGROUPS_MAX)
+#define CRED_TYPE	struct sockcred
+#define GOT_CRED	2
+#elif defined(SO_PASSCRED)
+#define CRED_LEVEL	SOL_SOCKET
+#define	CRED_NAME	SO_PASSCRED
+#define CRED_SC_UID(x)	(x)->uid
+#define CRED_SC_GID(x)	(x)->gid
+#define CRED_MESSAGE	SCM_CREDENTIALS
+#define CRED_SIZE	sizeof(struct ucred)
+#define CRED_TYPE	struct ucred
+#define GOT_CRED	2
+#elif defined(SO_RECVUCRED)
+#define CRED_LEVEL	SOL_SOCKET
+#define CRED_NAME	SO_RECVUCRED
+#define CRED_SC_UID(x)	ucred_geteuid(x)
+#define CRED_SC_GID(x)	ucred_getegid(x)
+#define CRED_MESSAGE	SCM_UCRED
+#define CRED_SIZE	ucred_size()
+#define CRED_TYPE	ucred_t
+#define GOT_CRED	2
+#else
+#define GOT_CRED	0
+/*
+ * getpeereid() and LOCAL_PEERCRED don't help here
+ * because we are not a stream socket!
+ */
+#define	CRED_SIZE	0
+#define CRED_TYPE	void * __unused
+#endif
+
+#ifdef CRED_LEVEL
+	if (setsockopt(b->b_fd, CRED_LEVEL, CRED_NAME,
+	    &one, (socklen_t)sizeof(one)) == -1) {
+		bl_log(b, LOG_ERR, "%s: setsockopt %s "
+		    "failed (%s)", __func__, __STRING(CRED_NAME),
+		    strerror(errno));
+		goto out;
+	}
+#endif
+
+	BL_UNLOCK(b);
+	return 0;
+out:
+	bl_reset(b, true);
+	BL_UNLOCK(b);
+	return -1;
+}
+
+bl_t
+bl_create(bool srv, const char *path,
+    void (*fun)(int, struct syslog_data *, const char *, va_list))
+{
+	static struct syslog_data sd = SYSLOG_DATA_INIT;
+	bl_t b = calloc(1, sizeof(*b));
+	if (b == NULL)
+		return NULL;
+	b->b_fun = fun;
+	b->b_syslog_data = sd;
+	b->b_fd = -1;
+	b->b_connected = -1;
+	BL_INIT(b);
+
+	memset(&b->b_sun, 0, sizeof(b->b_sun));
+	b->b_sun.sun_family = AF_LOCAL;
+#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
+	b->b_sun.sun_len = sizeof(b->b_sun);
+#endif
+	strlcpy(b->b_sun.sun_path,
+	    path ? path : _PATH_BLSOCK, sizeof(b->b_sun.sun_path));
+
+	bl_init(b, srv);
+	return b;
+}
+
+void
+bl_destroy(bl_t b)
+{
+	bl_reset(b, false);
+	free(b);
+}
+
+static int
+bl_getsock(bl_t b, struct sockaddr_storage *ss, const struct sockaddr *sa,
+    socklen_t slen, const char *ctx)
+{
+	uint8_t family;
+
+	memset(ss, 0, sizeof(*ss));
+
+	switch (slen) {
+	case 0:
+		return 0;
+	case sizeof(struct sockaddr_in):
+		family = AF_INET;
+		break;
+	case sizeof(struct sockaddr_in6):
+		family = AF_INET6;
+		break;
+	default:
+		bl_log(b, LOG_ERR, "%s: invalid socket len %u (%s)",
+		    __func__, (unsigned)slen, ctx);
+		errno = EINVAL;
+		return -1;
+	}
+
+	memcpy(ss, sa, slen);
+
+	if (ss->ss_family != family) {
+		bl_log(b, LOG_INFO,
+		    "%s: correcting socket family %d to %d (%s)",
+		    __func__, ss->ss_family, family, ctx);
+		ss->ss_family = family;
+	}
+
+#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
+	if (ss->ss_len != slen) {
+		bl_log(b, LOG_INFO,
+		    "%s: correcting socket len %u to %u (%s)",
+		    __func__, ss->ss_len, (unsigned)slen, ctx);
+		ss->ss_len = (uint8_t)slen;
+	}
+#endif
+	return 0;
+}
+
+int
+bl_send(bl_t b, bl_type_t e, int pfd, const struct sockaddr *sa,
+    socklen_t slen, const char *ctx)
+{
+	struct msghdr   msg;
+	struct iovec    iov;
+	union {
+		char ctrl[CMSG_SPACE(sizeof(int))];
+		uint32_t fd;
+	} ua;
+	struct cmsghdr *cmsg;
+	union {
+		bl_message_t bl;
+		char buf[512];
+	} ub;
+	size_t ctxlen, tried;
+#define NTRIES	5
+
+	ctxlen = strlen(ctx);
+	if (ctxlen > 128)
+		ctxlen = 128;
+
+	iov.iov_base = ub.buf;
+	iov.iov_len = sizeof(bl_message_t) + ctxlen;
+	ub.bl.bl_len = (uint32_t)iov.iov_len;
+	ub.bl.bl_version = BL_VERSION;
+	ub.bl.bl_type = (uint32_t)e;
+
+	if (bl_getsock(b, &ub.bl.bl_ss, sa, slen, ctx) == -1)
+		return -1;
+
+
+	ub.bl.bl_salen = slen;
+	memcpy(ub.bl.bl_data, ctx, ctxlen);
+
+	msg.msg_name = NULL;
+	msg.msg_namelen = 0;
+	msg.msg_iov = &iov;
+	msg.msg_iovlen = 1;
+	msg.msg_flags = 0;
+
+	msg.msg_control = ua.ctrl;
+	msg.msg_controllen = sizeof(ua.ctrl);
+
+	cmsg = CMSG_FIRSTHDR(&msg);
+	cmsg->cmsg_len = CMSG_LEN(sizeof(int));
+	cmsg->cmsg_level = SOL_SOCKET;
+	cmsg->cmsg_type = SCM_RIGHTS;
+
+	memcpy(CMSG_DATA(cmsg), &pfd, sizeof(pfd));
+
+	tried = 0;
+again:
+	if (bl_init(b, false) == -1)
+		return -1;
+
+	if ((sendmsg(b->b_fd, &msg, 0) == -1) && tried++ < NTRIES) {
+		bl_reset(b, false);
+		goto again;
+	}
+	return tried >= NTRIES ? -1 : 0;
+}
+
+bl_info_t *
+bl_recv(bl_t b)
+{
+        struct msghdr   msg;
+        struct iovec    iov;
+	union {
+		char ctrl[CMSG_SPACE(sizeof(int)) + CMSG_SPACE(CRED_SIZE)];
+		uint32_t fd;
+	} ua;
+	struct cmsghdr *cmsg;
+#if GOT_CRED != 0
+	CRED_TYPE *sc;
+#endif
+	union {
+		bl_message_t bl;
+		char buf[512];
+	} ub;
+	int got;
+	ssize_t rlen;
+	size_t rem;
+	bl_info_t *bi = &b->b_info;
+
+	got = 0;
+	memset(bi, 0, sizeof(*bi));
+
+	iov.iov_base = ub.buf;
+	iov.iov_len = sizeof(ub);
+
+	msg.msg_name = NULL;
+	msg.msg_namelen = 0;
+	msg.msg_iov = &iov;
+	msg.msg_iovlen = 1;
+	msg.msg_flags = 0;
+
+	msg.msg_control = ua.ctrl;
+	msg.msg_controllen = sizeof(ua.ctrl);
+
+        rlen = recvmsg(b->b_fd, &msg, 0);
+        if (rlen == -1) {
+		bl_log(b, LOG_ERR, "%s: recvmsg failed (%s)", __func__,
+		    strerror(errno));
+		return NULL;
+        }
+
+	for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) {
+		if (cmsg->cmsg_level != SOL_SOCKET) {
+			bl_log(b, LOG_ERR,
+			    "%s: unexpected cmsg_level %d",
+			    __func__, cmsg->cmsg_level);
+			continue;
+		}
+		switch (cmsg->cmsg_type) {
+		case SCM_RIGHTS:
+			if (cmsg->cmsg_len != CMSG_LEN(sizeof(int))) {
+				int *fd = (void *)CMSG_DATA(cmsg);
+				size_t len = cmsg->cmsg_len / sizeof(int);
+				bl_log(b, LOG_ERR,
+				    "%s: unexpected cmsg_len %d != %zu",
+				    __func__, cmsg->cmsg_len,
+				    CMSG_LEN(sizeof(int)));
+
+				for (size_t i = 0;  i < len; i++)
+					(void)close(fd[i]);
+				continue;
+			}
+			memcpy(&bi->bi_fd, CMSG_DATA(cmsg), sizeof(bi->bi_fd));
+			got |= GOT_FD;
+			break;
+#ifdef CRED_MESSAGE
+		case CRED_MESSAGE:
+			sc = (void *)CMSG_DATA(cmsg);
+			bi->bi_uid = CRED_SC_UID(sc);
+			bi->bi_gid = CRED_SC_GID(sc);
+			got |= GOT_CRED;
+			break;
+#endif
+		default:
+			bl_log(b, LOG_ERR,
+			    "%s: unexpected cmsg_type %d",
+			    __func__, cmsg->cmsg_type);
+			continue;
+		}
+
+	}
+
+	if (got != (GOT_CRED|GOT_FD)) {
+		bl_log(b, LOG_ERR, "message missing %s %s",
+#if GOT_CRED != 0
+		    (got & GOT_CRED) == 0 ? "cred" :
+#endif
+		    "", (got & GOT_FD) == 0 ? "fd" : "");
+		return NULL;
+	}
+
+	rem = (size_t)rlen;
+	if (rem < sizeof(ub.bl)) {
+		bl_log(b, LOG_ERR, "message too short %zd", rlen);
+		return NULL;
+	}
+	rem -= sizeof(ub.bl);
+
+	if (ub.bl.bl_version != BL_VERSION) {
+		bl_log(b, LOG_ERR, "bad version %d", ub.bl.bl_version);
+		return NULL;
+	}
+
+	bi->bi_type = ub.bl.bl_type;
+	bi->bi_slen = ub.bl.bl_salen;
+	bi->bi_ss = ub.bl.bl_ss;
+#ifndef CRED_MESSAGE
+	bi->bi_uid = -1;
+	bi->bi_gid = -1;
+#endif
+	if (rem == 0)
+		bi->bi_msg[0] = '\0';
+	else {
+		rem = MIN(sizeof(bi->bi_msg) - 1, rem);
+		memcpy(bi->bi_msg, ub.bl.bl_data, rem);
+		bi->bi_msg[rem] = '\0';
+	}
+	return bi;
+}
diff --git a/contrib/blocklist/lib/shlib_version b/contrib/blocklist/lib/shlib_version
index 97c9f92d6b8f..3d7c908e43d6 100644
--- a/contrib/blocklist/lib/shlib_version
+++ b/contrib/blocklist/lib/shlib_version
@@ -1,2 +1,2 @@
 major=0
-minor=0
+minor=1
diff --git a/contrib/blocklist/libexec/Makefile b/contrib/blocklist/libexec/Makefile
index 6537080bf465..619d962c23b2 100644
--- a/contrib/blocklist/libexec/Makefile
+++ b/contrib/blocklist/libexec/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.1 2015/01/22 17:49:41 christos Exp $
+# $NetBSD: Makefile,v 1.1.1.1 2020/06/15 01:52:53 christos Exp $
 
-SCRIPTS=        blacklistd-helper
+SCRIPTS=        blocklistd-helper
 SCRIPTSDIR=     /libexec
 
 .include <bsd.prog.mk>
diff --git a/contrib/blocklist/libexec/blacklistd-helper b/contrib/blocklist/libexec/blacklistd-helper
deleted file mode 100644
index f92eab8b29bd..000000000000
--- a/contrib/blocklist/libexec/blacklistd-helper
+++ /dev/null
@@ -1,134 +0,0 @@
-#!/bin/sh
-#echo "run $@" 1>&2
-#set -x
-# $1 command
-# $2 rulename
-# $3 protocol
-# $4 address
-# $5 mask
-# $6 port
-# $7 id
-
-pf=
-if [ -f "/etc/ipfw-blacklist.rc" ]; then
-	pf="ipfw"
-	. /etc/ipfw-blacklist.rc
-	ipfw_offset=${ipfw_offset:-2000}
-fi
-
-if [ -z "$pf" ]; then
-	for f in npf pf ipf; do
-		if [ -f "/etc/$f.conf" ]; then
-			pf="$f"
-			break
-		fi
-	done
-fi
-
-if [ -z "$pf" ]; then
-	echo "$0: Unsupported packet filter" 1>&2
-	exit 1
-fi
-
-if [ -n "$3" ]; then
-	proto="proto $3"
-fi
-
-if [ -n "$6" ]; then
-	port="port $6"
-fi
-
-addr="$4"
-mask="$5"
-case "$4" in
-::ffff:*.*.*.*)
-	if [ "$5" = 128 ]; then
-		mask=32
-		addr=${4#::ffff:}
-	fi;;
-esac
-
-case "$1" in
-add)
-	case "$pf" in
-	ipf)
-		/sbin/ipfstat -io | /sbin/ipf -I -f - >/dev/null 2>&1
-		echo block in quick $proto from $addr/$mask to \
-		    any port=$6 head port$6 | \
-		    /sbin/ipf -I -f - -s >/dev/null 2>&1 && echo OK
-		;;
-	ipfw)
-		# use $ipfw_offset+$port for rule number
-		rule=$(($ipfw_offset + $6))
-		tname="port$6"
-		/sbin/ipfw table $tname create type addr 2>/dev/null
-		/sbin/ipfw -q table $tname add "$addr/$mask"
-		# if rule number $rule does not already exist, create it
-		/sbin/ipfw show $rule >/dev/null 2>&1 || \
-			/sbin/ipfw add $rule drop $3 from \
-			table"("$tname")" to any dst-port $6 >/dev/null && \
-			echo OK
-		;;
-	npf)
-		/sbin/npfctl rule "$2" add block in final $proto from \
-		    "$addr/$mask" to any $port
-		;;
-	pf)
-		# if the filtering rule does not exist, create it
-		/sbin/pfctl -a "$2/$6" -sr 2>/dev/null | \
-		    grep -q "<port$6>" || \
-		    echo "block in quick $proto from <port$6> to any $port" | \
-		    /sbin/pfctl -a "$2/$6" -f -
-		# insert $ip/$mask into per-protocol/port anchored table
-		/sbin/pfctl -qa "$2/$6" -t "port$6" -T add "$addr/$mask" && \
-		    /sbin/pfctl -qk "$addr" && echo OK
-		;;
-	esac
-	;;
-rem)
-	case "$pf" in
-	ipf)
-		/sbin/ipfstat -io | /sbin/ipf -I -f - >/dev/null 2>&1
-		echo block in quick $proto from $addr/$mask to \
-		    any port=$6 head port$6 | \
-		    /sbin/ipf -I -r -f - -s >/dev/null 2>&1 && echo OK
-		;;
-	ipfw)
-		/sbin/ipfw table "port$6" delete "$addr/$mask" 2>/dev/null && \
-		    echo OK
-		;;
-	npf)
-		/sbin/npfctl rule "$2" rem-id "$7"
-		;;
-	pf)
-		/sbin/pfctl -qa "$2/$6" -t "port$6" -T delete "$addr/$mask" && \
-		    echo OK
-		;;
-	esac
-	;;
-flush)
-	case "$pf" in
-	ipf)
-		/sbin/ipf -Z -I -Fi -s > /dev/null && echo OK
-		;;
-	ipfw)
-		/sbin/ipfw table "port$6" flush 2>/dev/null && echo OK
-		;;
-	npf)
-		/sbin/npfctl rule "$2" flush
-		;;
-	pf)
-		# dynamically determine which anchors exist
-		for anchor in $(/sbin/pfctl -a "$2" -s Anchors); do
-			/sbin/pfctl -a $anchor -t "port${anchor##*/}" -T flush
-			/sbin/pfctl -a $anchor -F rules
-		done
-		echo OK
-		;;
-	esac
-	;;
-*)
-	echo "$0: Unknown command '$1'" 1>&2
-	exit 1
-	;;
-esac
diff --git a/contrib/blocklist/libexec/blocklistd-helper b/contrib/blocklist/libexec/blocklistd-helper
new file mode 100755
index 000000000000..14a192ee35ce
--- /dev/null
+++ b/contrib/blocklist/libexec/blocklistd-helper
@@ -0,0 +1,272 @@
+#!/bin/sh
+#echo "run $@" 1>&2
+#set -x
+# $1 command
+# $2 rulename
+# $3 protocol
+# $4 address
+# $5 mask
+# $6 port
+# $7 id
+
+pf=
+if [ -f "/etc/ipfw-blocklist.rc" ]; then
+	pf="ipfw"
+	. /etc/ipfw-blocklist.rc
+	ipfw_offset=${ipfw_offset:-2000}
+fi
+
+if [ -z "$pf" ]; then
+	for f in npf pf ipfilter ipfw; do
+		if [ -x /etc/rc.d/$f ]; then
+			if /etc/rc.d/$f status >/dev/null 2>&1; then
+				pf="$f"
+				break
+			fi
+		elif [ -f "/etc/$f.conf" ]; then
+			# xxx assume a config file means it can be enabled --
+			# and the first one wins!
+			pf="$f"
+			break
+		fi
+	done
+fi
+
+if [ -z "$pf" -a -x "/sbin/iptables" ]; then
+	pf="iptables"
+fi
+
+if [ -z "$pf" ]; then
+	echo "$0: Unsupported packet filter" 1>&2
+	exit 1
+fi
+
+flags=
+if [ -n "$3" ]; then
+	raw_proto="$3"
+	proto="proto $3"
+	if [ $3 = "tcp" ]; then
+		flags="flags S/SAFR"
+	fi
+fi
+
+if [ -n "$6" ]; then
+	raw_port="$6"
+	port="port $6"
+fi
+
+addr="$4"
+mask="$5"
+case "$4" in
+::ffff:*.*.*.*)
+	if [ "$5" = 128 ]; then
+		mask=32
+		addr=${4#::ffff:}
+	fi;;
+esac
+
+case "$1" in
+add)
+	case "$pf" in
+	ipfilter)
+		# N.B.:  If you reload /etc/ipf.conf then you need to stop and
+		# restart blocklistd (and make sure blocklistd_flags="-r").
+		# This should normally already be implemented in
+		# /etc/rc.d/ipfilter, but if then not add the following lines to
+		# the end of the ipfilter_reload() function:
+		#
+		#	if checkyesnox blocklistd; then
+		#		/etc/rc.d/blocklistd restart
+		#	fi
+		#
+		# XXX we assume the following rule is present in /etc/ipf.conf:
+		# (should we check? -- it probably cannot be added dynamically)
+		#
+		#	block in proto tcp/udp from any to any head blocklistd
+		#
+		# where "blocklistd" is the default rulename (i.e. "$2")
+		#
+		# This rule can come before any rule that logs connections,
+		# etc., and should be followed by final rules such as:
+		#
+		#	# log all as-yet unblocked incoming TCP connection
+		#	# attempts
+		#	log in proto tcp from any to any flags S/SAFR
+		#	# last "pass" match wins for all non-blocked packets
+		#	pass in all
+		#	pass out all
+		#
+		# I.e. a "pass" rule which will be the final match and override
+		# the "block".  This way the rules added by blocklistd will
+		# actually block packets, and prevent logging of them as
+		# connections, because they include the "quick" flag.
+		#
+		# N.b.:  $port is not included/used in rules -- abusers are cut
+		# off completely from all services!
+		#
+		# Note RST packets are not returned for blocked SYN packets of
+		# active attacks, so the port will not appear to be closed.
+		# This will probably give away the fact that a firewall has been
+		# triggered to block connections, but it prevents generating
+		# extra outbound traffic, and it may also slow down the attacker
+		# somewhat.
+		#
+		# Note also that we don't block all packets, just new attempts
+		# to open connections (see $flags above).  This allows us to do
+		# counterespionage against the attacker (or continue to make use
+		# of any other services that might be on the same subnet as the
+		# supposed attacker).  However it does not kill any active
+		# connections -- we rely on the reporting daemon to do its own
+		# protection and cleanup.
+		#
+		# N.B.:  The rule generated here must exactly match the
+		# corresponding rule generated for the "rem" command below!
+		#
+		echo block in log quick $proto \
+		    from $addr/$mask to any $flags group $2 | \
+		    /sbin/ipf -A -f - >/dev/null 2>&1 && echo OK
+		;;
+
+	ipfw)
+		# use $ipfw_offset+$port for rule number
+		rule=$(($ipfw_offset + $6))
+		tname="port$6"
+		/sbin/ipfw table $tname create type addr 2>/dev/null
+		/sbin/ipfw -q table $tname add "$addr/$mask"
+		# if rule number $rule does not already exist, create it
+		/sbin/ipfw show $rule >/dev/null 2>&1 || \
+			/sbin/ipfw add $rule drop $3 from \
+			table"("$tname")" to any dst-port $6 >/dev/null && \
+			echo OK
+		;;
+
+	iptables)
+		if ! /sbin/iptables --list "$2" >/dev/null 2>&1; then
+			/sbin/iptables --new-chain "$2"
+		fi
+		/sbin/iptables --append INPUT --proto "$raw_proto" \
+		    --dport "$raw_port" --jump "$2"
+		/sbin/iptables --append "$2" --proto "$raw_proto" \
+		    --source "$addr/$mask" --dport "$raw_port" --jump DROP
+		echo OK
+		;;
+
+	npf)
+		/sbin/npfctl rule "$2" add block in final $proto from \
+		    "$addr/$mask" to any $port
+		;;
+
+	pf)
+		# if the filtering rule does not exist, create it
+		/sbin/pfctl -a "$2/$6" -sr 2>/dev/null | \
+		    grep -q "<port$6>" || \
+		    echo "block in quick $proto from <port$6> to any $port" | \
+		    /sbin/pfctl -a "$2/$6" -f -
+		# insert $ip/$mask into per-protocol/port anchored table
+		/sbin/pfctl -qa "$2/$6" -t "port$6" -T add "$addr/$mask" && \
+		    /sbin/pfctl -qk "$addr" && echo OK
+		;;
+
+	esac
+	;;
+rem)
+	case "$pf" in
+	ipfilter)
+		# N.B.:  The rule generated here must exactly match the
+		# corresponding rule generated for the "add" command above!
+		#
+		echo block in log quick $proto \
+		    from $addr/$mask to any $flags group $2 | \
+		    /sbin/ipf -A -r -f - >/dev/null 2>&1 && echo OK
+		;;
+
+	ipfw)
+		/sbin/ipfw table "port$6" delete "$addr/$mask" 2>/dev/null && \
+		    echo OK
+		;;
+
+	iptables)
+		if /sbin/iptables --list "$2" >/dev/null 2>&1; then
+			/sbin/iptables --delete "$2" --proto "$raw_proto" \
+			    --source "$addr/$mask" --dport "$raw_port" \
+			    --jump DROP
+		fi
+		echo OK
+		;;
+
+	npf)
+		/sbin/npfctl rule "$2" rem-id "$7"
+		;;
+
+	pf)
+		/sbin/pfctl -qa "$2/$6" -t "port$6" -T delete "$addr/$mask" && \
+		    echo OK
+		;;
+
+	esac
+	;;
+flush)
+	case "$pf" in
+	ipfilter)
+		#
+		# N.B. WARNING:  This is obviously not reentrant!
+		#
+		# First we flush all the rules from the inactive set, then we
+		# reload the ones that do not belong to the group "$2", and
+		# finally we swap the active and inactive rule sets.
+		#
+		/sbin/ipf -I -F a
+		#
+		# "ipf -I -F a" also flushes active accounting rules!
+		#
+		# Note that accounting rule groups are unique to accounting
+		# rules and have nothing to do with filter rules, though of
+		# course theoretically one could use the same group name for
+		# them too.
+		#
+		# In theory anyone using any such accounting rules should have a
+		# wrapper /etc/rc.conf.d/blocklistd script (and corresponding
+		# /etc/rc.conf.d/ipfilter script) that will record and
+		# consolidate the values accumulated by such accounting rules
+		# before they are flushed, since otherwise their counts will be
+		# lost forever.
+		#
+		/usr/sbin/ipfstat -io | fgrep -v "group $2" | \
+		    /sbin/ipf -I -f - >/dev/null 2>&1
+		#
+		# This MUST be done last and separately as "-s" is executed
+		# _while_ the command arguments are being processed!
+		#
+		/sbin/ipf -s && echo OK
+		;;
+
+	ipfw)
+		/sbin/ipfw table "port$6" flush 2>/dev/null && echo OK
+		;;
+
+	iptables)
+		if /sbin/iptables --list "$2" >/dev/null 2>&1; then
+			/sbin/iptables --flush "$2"
+		fi
+		echo OK
+		;;
+
+	npf)
+		/sbin/npfctl rule "$2" flush
+		;;
+
+	pf)
+		# dynamically determine which anchors exist
+		for anchor in $(/sbin/pfctl -a "$2" -s Anchors 2> /dev/null); do
+			/sbin/pfctl -a "$anchor" -t "port${anchor##*/}" -T flush 2> /dev/null
+			/sbin/pfctl -a "$anchor" -F rules
+		done
+		echo OK
+		;;
+	esac
+	;;
+*)
+	echo "$0: Unknown command '$1'" 1>&2
+	exit 1
+	;;
+esac
diff --git a/contrib/blocklist/port/Makefile.am b/contrib/blocklist/port/Makefile.am
index 43bf6c94b420..0e6085f9580f 100644
--- a/contrib/blocklist/port/Makefile.am
+++ b/contrib/blocklist/port/Makefile.am
@@ -1,25 +1,39 @@
 #
 ACLOCAL_AMFLAGS = -I m4
-lib_LTLIBRARIES = libblacklist.la
-include_HEADERS = ../include/blacklist.h
+lib_LTLIBRARIES = libblocklist.la
+include_HEADERS = $(srcdir)/../include/blocklist.h
 
-bin_PROGRAMS = blacklistd blacklistctl srvtest cltest
+exampledir = $(datarootdir)/examples
+example_DATA = $(srcdir)/../etc/blocklistd.conf $(srcdir)/../etc/npf.conf $(srcdir)/../etc/ipf.conf
 
-VPATH = ../bin:../lib:../test:../include
+sbin_PROGRAMS = blocklistd blocklistctl
+noinst_PROGRAMS = srvtest cltest
+libexec_SCRIPTS = $(srcdir)/../libexec/blocklistd-helper
 
-AM_CPPFLAGS = -I../include  -DDOT="."
+man5_MANS = $(srcdir)/../bin/blocklistd.conf.5
+man8_MANS = $(srcdir)/../bin/blocklistd.8 $(srcdir)/../bin/blocklistctl.8
+
+VPATH = $(srcdir)/../port:$(srcdir)/../bin:$(srcdir)/../lib:$(srcdir)/../test:$(srcdir)/../include
+
+AM_CPPFLAGS = -I$(srcdir)/../include  -DDOT="."
+AM_CPPFLAGS += -D_PATH_BLCONF=\"$(sysconfdir)/blocklistd.conf\"
+AM_CPPFLAGS += -D_PATH_BLCONTROL=\"$(libexecdir)/blocklistd-helper\"
+AM_CPPFLAGS += -D_PATH_BLSOCK=\"$(runstatedir)/blocklistd.sock\"
+AM_CPPFLAGS += -D_PATH_BLSTATE=\"$(localstatedir)/db/blocklistd.db\"
+AM_CPPFLAGS += -std=c99 -D_POSIX_C_SOURCE=200809L -D__EXTENSIONS__
+AM_CPPFLAGS += -D__BSD_VISIBLE=1
 AM_CFLAGS = @WARNINGS@
 
-libblacklist_la_SOURCES = bl.c blacklist.c
-libblacklist_la_LDFLAGS = -no-undefined -version-info 0:0:0
-libblacklist_la_LIBADD = $(LTLIBOBJS)
+libblocklist_la_SOURCES = bl.c blocklist.c
+libblocklist_la_LDFLAGS = -no-undefined -version-info 0:0:0
+libblocklist_la_LIBADD = $(LTLIBOBJS)
 
 SRCS = internal.c support.c run.c conf.c state.c
-blacklistd_SOURCES = blacklistd.c ${SRCS}
-blacklistd_LDADD = libblacklist.la
-blacklistctl_SOURCES = blacklistctl.c ${SRCS}
-blacklistctl_LDADD = libblacklist.la
+blocklistd_SOURCES = blocklistd.c ${SRCS}
+blocklistd_LDADD = libblocklist.la
+blocklistctl_SOURCES = blocklistctl.c ${SRCS}
+blocklistctl_LDADD = libblocklist.la
 srvtest_SOURCES = srvtest.c ${SRCS}
-srvtest_LDADD = libblacklist.la
+srvtest_LDADD = libblocklist.la
 cltest_SOURCES = cltest.c ${SRCS}
-cltest_LDADD = libblacklist.la
+cltest_LDADD = libblocklist.la
diff --git a/contrib/blocklist/port/_strtoi.h b/contrib/blocklist/port/_strtoi.h
index 4b2b4e80f0d8..f50eefd67ff1 100644
--- a/contrib/blocklist/port/_strtoi.h
+++ b/contrib/blocklist/port/_strtoi.h
@@ -1,4 +1,4 @@
-/*	$NetBSD: _strtoi.h,v 1.1 2015/01/22 02:15:59 christos Exp $	*/
+/*	$NetBSD: _strtoi.h,v 1.1.1.1 2020/06/15 01:52:53 christos Exp $	*/
 
 /*-
  * Copyright (c) 1990, 1993
diff --git a/contrib/blocklist/port/configure.ac b/contrib/blocklist/port/configure.ac
index eef8065f060a..99ecf8732c93 100644
--- a/contrib/blocklist/port/configure.ac
+++ b/contrib/blocklist/port/configure.ac
@@ -1,5 +1,5 @@
 dnl Process this file with autoconf to produce a configure script.
-AC_INIT([blacklistd],[0.1],[christos@netbsd.com])
+AC_INIT([blocklistd],[0.1],[christos@netbsd.com])
 AM_INIT_AUTOMAKE([subdir-objects foreign])
 m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
 
@@ -7,9 +7,10 @@ AC_CONFIG_HEADERS([config.h])
 AC_CONFIG_MACRO_DIR([m4])
 
 AC_SUBST(WARNINGS)
+AC_SUBST(LINK_NTOA)
 
 dnl Checks for programs.
-AC_PROG_CC_STDC
+AC_PROG_CC
 AC_USE_SYSTEM_EXTENSIONS
 AM_PROG_CC_C_O
 AC_C_BIGENDIAN
@@ -18,18 +19,19 @@ AC_PROG_LN_S
 LT_INIT([disable-static pic-only])
 gl_VISIBILITY
 dnl Checks for headers
-AC_HEADER_STDC
 AC_HEADER_MAJOR
 AC_HEADER_SYS_WAIT
 AC_CHECK_HEADERS(stdint.h fcntl.h stdint.h inttypes.h unistd.h)
 AC_CHECK_HEADERS(sys/un.h sys/socket.h limits.h)
 AC_CHECK_HEADERS(arpa/inet.h getopt.h err.h)
 AC_CHECK_HEADERS(sys/types.h util.h sys/time.h time.h)
-AC_CHECK_HEADERS(netatalk/at.h net/if_dl.h db.h db_185.h)
+AC_CHECK_HEADERS(netatalk/at.h db.h db_185.h)
+AC_CHECK_HEADERS(sys/cdefs.h)
 AC_CHECK_LIB(rt, clock_gettime)
 AC_CHECK_LIB(db, __db185_open)
 AC_CHECK_LIB(util, pidfile)
 AC_CHECK_LIB(util, sockaddr_snprintf)
+AC_SEARCH_LIBS(__xnet_connect, socket)
 
 AH_BOTTOM([
 #ifndef __NetBSD__
@@ -82,7 +84,7 @@ dnl Checks for functions
 AC_CHECK_FUNCS(strerror)
 
 dnl Provide implementation of some required functions if necessary
-AC_REPLACE_FUNCS(strtoi sockaddr_snprintf popenve clock_gettime strlcpy strlcat getprogname fparseln fgetln pidfile)
+AC_REPLACE_FUNCS(strtoi sockaddr_snprintf popenve clock_gettime strlcpy strlcat getprogname fparseln fgetln pidfile vsyslog_r)
 
 dnl See if we are cross-compiling
 AM_CONDITIONAL(IS_CROSS_COMPILE, test "$cross_compiling" = yes)
diff --git a/contrib/blocklist/port/fgetln.c b/contrib/blocklist/port/fgetln.c
index a41a383a6653..006e19f5279f 100644
--- a/contrib/blocklist/port/fgetln.c
+++ b/contrib/blocklist/port/fgetln.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: fgetln.c,v 1.1 2015/01/22 03:48:07 christos Exp $	*/
+/*	$NetBSD: fgetln.c,v 1.1.1.1 2020/06/15 01:52:54 christos Exp $	*/
 
 /*-
  * Copyright (c) 1998 The NetBSD Foundation, Inc.
diff --git a/contrib/blocklist/port/fparseln.c b/contrib/blocklist/port/fparseln.c
index 5bfae54b9a9b..22850ea9e304 100644
--- a/contrib/blocklist/port/fparseln.c
+++ b/contrib/blocklist/port/fparseln.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: fparseln.c,v 1.1 2015/01/22 03:48:07 christos Exp $	*/
+/*	$NetBSD: fparseln.c,v 1.2 2025/02/11 17:48:30 christos Exp $	*/
 
 /*
  * Copyright (c) 1997 Christos Zoulas.  All rights reserved.
@@ -27,9 +27,11 @@
 #include "config.h"
 #endif
 
+#ifdef HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
+#endif
 #if defined(LIBC_SCCS) && !defined(lint)
-__RCSID("$NetBSD: fparseln.c,v 1.1 2015/01/22 03:48:07 christos Exp $");
+__RCSID("$NetBSD: fparseln.c,v 1.2 2025/02/11 17:48:30 christos Exp $");
 #endif /* LIBC_SCCS and not lint */
 
 #include <assert.h>
diff --git a/contrib/blocklist/port/pidfile.c b/contrib/blocklist/port/pidfile.c
index 4deb2349d20a..1dbbf510c4e3 100644
--- a/contrib/blocklist/port/pidfile.c
+++ b/contrib/blocklist/port/pidfile.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: pidfile.c,v 1.2 2016/04/05 12:28:57 christos Exp $	*/
+/*	$NetBSD: pidfile.c,v 1.2 2025/02/11 17:48:30 christos Exp $	*/
 
 /*-
  * Copyright (c) 1999 The NetBSD Foundation, Inc.
@@ -32,9 +32,11 @@
 #include "config.h"
 #endif
 
+#ifdef HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
+#endif
 #if defined(LIBC_SCCS) && !defined(lint)
-__RCSID("$NetBSD: pidfile.c,v 1.2 2016/04/05 12:28:57 christos Exp $");
+__RCSID("$NetBSD: pidfile.c,v 1.2 2025/02/11 17:48:30 christos Exp $");
 #endif
 
 #include <sys/param.h>
diff --git a/contrib/blocklist/port/popenve.c b/contrib/blocklist/port/popenve.c
index 20f6b5b86b68..bdff8cdc1de4 100644
--- a/contrib/blocklist/port/popenve.c
+++ b/contrib/blocklist/port/popenve.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: popenve.c,v 1.2 2015/01/22 03:10:50 christos Exp $	*/
+/*	$NetBSD: popenve.c,v 1.2 2025/02/11 17:48:30 christos Exp $	*/
 
 /*
  * Copyright (c) 1988, 1993
@@ -36,12 +36,14 @@
 #include "config.h"
 #endif
 
+#ifdef HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
+#endif
 #if defined(LIBC_SCCS) && !defined(lint)
 #if 0
 static char sccsid[] = "@(#)popen.c	8.3 (Berkeley) 5/3/95";
 #else
-__RCSID("$NetBSD: popenve.c,v 1.2 2015/01/22 03:10:50 christos Exp $");
+__RCSID("$NetBSD: popenve.c,v 1.2 2025/02/11 17:48:30 christos Exp $");
 #endif
 #endif /* LIBC_SCCS and not lint */
 
diff --git a/contrib/blocklist/port/port.h b/contrib/blocklist/port/port.h
index f82fb34b40f5..d1a9ac6bd6e5 100644
--- a/contrib/blocklist/port/port.h
+++ b/contrib/blocklist/port/port.h
@@ -1,6 +1,7 @@
 #ifndef _GNU_SOURCE
 #define _GNU_SOURCE
 #endif
+#include <sys/param.h>
 #include <stdio.h>
 #include <inttypes.h>
 #include <time.h>
@@ -15,6 +16,22 @@
 #define __dead __attribute__((__noreturn__))
 #endif
 
+#ifndef __BEGIN_DECLS
+#define __BEGIN_DECLS
+#endif
+
+#ifndef __END_DECLS
+#define __END_DECLS
+#endif
+
+#ifndef MIN
+#define MIN(a,b) ((a) < (b) ? (a) : (b))
+#endif
+
+#ifndef MAX
+#define MAX(a,b) ((a) > (b) ? (a) : (b))
+#endif
+
 #ifndef __RCSID
 #define __RCSID(a)
 #endif
@@ -27,6 +44,10 @@
 #define __arraycount(a) (sizeof(a) / sizeof(a[0]))
 #endif
 
+#ifndef __STRING
+#define __STRING(x)	#x
+#endif
+
 #ifndef HAVE_STRLCPY
 size_t strlcpy(char *, const char *, size_t);
 #endif
@@ -78,9 +99,10 @@ int clock_gettime(int, struct timespec *);
 #define CLOCK_REALTIME 0
 #endif
 
-#if !defined(__FreeBSD__)
-#define _PATH_BLCONF "conf"
-#define _PATH_BLCONTROL "control"
-#define _PATH_BLSOCK "blacklistd.sock"
-#define _PATH_BLSTATE "blacklistd.db"
+#ifndef HAVE_VSYSLOG_R
+#define	SYSLOG_DATA_INIT	{ 0 }
+struct syslog_data {
+        int dummy;
+};
+void vsyslog_r(int, struct syslog_data *, const char *, va_list);
 #endif
diff --git a/contrib/blocklist/port/sockaddr_snprintf.c b/contrib/blocklist/port/sockaddr_snprintf.c
index 558755b6294b..a37eded14a88 100644
--- a/contrib/blocklist/port/sockaddr_snprintf.c
+++ b/contrib/blocklist/port/sockaddr_snprintf.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: sockaddr_snprintf.c,v 1.11 2016/06/01 22:57:51 christos Exp $	*/
+/*	$NetBSD: sockaddr_snprintf.c,v 1.2 2025/02/11 17:48:30 christos Exp $	*/
 
 /*-
  * Copyright (c) 2004 The NetBSD Foundation, Inc.
@@ -32,9 +32,11 @@
 #include "config.h"
 #endif
 
+#ifdef HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
+#endif
 #if defined(LIBC_SCCS) && !defined(lint)
-__RCSID("$NetBSD: sockaddr_snprintf.c,v 1.11 2016/06/01 22:57:51 christos Exp $");
+__RCSID("$NetBSD: sockaddr_snprintf.c,v 1.2 2025/02/11 17:48:30 christos Exp $");
 #endif /* LIBC_SCCS and not lint */
 
 #include <sys/param.h>
diff --git a/contrib/blocklist/port/strlcat.c b/contrib/blocklist/port/strlcat.c
index d3c69b5fab78..8cabd654e6b0 100644
--- a/contrib/blocklist/port/strlcat.c
+++ b/contrib/blocklist/port/strlcat.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: strlcat.c,v 1.2 2015/01/22 03:48:07 christos Exp $	*/
+/*	$NetBSD: strlcat.c,v 1.2 2025/02/11 17:48:30 christos Exp $	*/
 /*	$OpenBSD: strlcat.c,v 1.10 2003/04/12 21:56:39 millert Exp $	*/
 
 /*
@@ -22,9 +22,12 @@
 #include "config.h"
 #endif
 
+#ifdef HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
+#endif
+
 #if defined(LIBC_SCCS) && !defined(lint)
-__RCSID("$NetBSD: strlcat.c,v 1.2 2015/01/22 03:48:07 christos Exp $");
+__RCSID("$NetBSD: strlcat.c,v 1.2 2025/02/11 17:48:30 christos Exp $");
 #endif /* LIBC_SCCS and not lint */
 
 #ifdef _LIBC
diff --git a/contrib/blocklist/port/strlcpy.c b/contrib/blocklist/port/strlcpy.c
index 6646e1ce9696..3de72a640c59 100644
--- a/contrib/blocklist/port/strlcpy.c
+++ b/contrib/blocklist/port/strlcpy.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: strlcpy.c,v 1.2 2015/01/22 03:48:07 christos Exp $	*/
+/*	$NetBSD: strlcpy.c,v 1.2 2025/02/11 17:48:30 christos Exp $	*/
 /*	$OpenBSD: strlcpy.c,v 1.7 2003/04/12 21:56:39 millert Exp $	*/
 
 /*
@@ -22,9 +22,12 @@
 #include "config.h"
 #endif
 
+#ifdef HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
+#endif
+
 #if defined(LIBC_SCCS) && !defined(lint)
-__RCSID("$NetBSD: strlcpy.c,v 1.2 2015/01/22 03:48:07 christos Exp $");
+__RCSID("$NetBSD: strlcpy.c,v 1.2 2025/02/11 17:48:30 christos Exp $");
 #endif /* LIBC_SCCS and not lint */
 
 #ifdef _LIBC
diff --git a/contrib/blocklist/port/strtoi.c b/contrib/blocklist/port/strtoi.c
index 5514f1a00a32..b0bed7058cc3 100644
--- a/contrib/blocklist/port/strtoi.c
+++ b/contrib/blocklist/port/strtoi.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: strtoi.c,v 1.3 2015/01/22 03:10:50 christos Exp $	*/
+/*	$NetBSD: strtoi.c,v 1.2 2025/02/11 17:48:31 christos Exp $	*/
 
 /*-
  * Copyright (c) 2005 The DragonFly Project.  All rights reserved.
@@ -33,8 +33,10 @@
 #include "config.h"
 #endif
 
+#ifdef HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: strtoi.c,v 1.3 2015/01/22 03:10:50 christos Exp $");
+#endif
+__RCSID("$NetBSD: strtoi.c,v 1.2 2025/02/11 17:48:31 christos Exp $");
 
 #if defined(_KERNEL)
 #include <sys/param.h>
diff --git a/contrib/blocklist/port/vsyslog_r.c b/contrib/blocklist/port/vsyslog_r.c
new file mode 100644
index 000000000000..848f31b04453
--- /dev/null
+++ b/contrib/blocklist/port/vsyslog_r.c
@@ -0,0 +1,13 @@
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <syslog.h>
+#include <stdarg.h>
+
+void
+vsyslog_r(int priority, struct syslog_data *sd __unused, const char *fmt, va_list ap)
+{
+	vsyslog(priority, fmt, ap);
+}
+
diff --git a/contrib/blocklist/test/Makefile b/contrib/blocklist/test/Makefile
index a451274def06..d127955acdb7 100644
--- a/contrib/blocklist/test/Makefile
+++ b/contrib/blocklist/test/Makefile
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.3 2015/05/30 22:40:38 christos Exp $
+# $NetBSD: Makefile,v 1.1.1.1 2020/06/15 01:52:54 christos Exp $
 
 MKMAN=no
 
diff --git a/contrib/blocklist/test/cltest.c b/contrib/blocklist/test/cltest.c
index 6671429fc3c4..dc77a522bad8 100644
--- a/contrib/blocklist/test/cltest.c
+++ b/contrib/blocklist/test/cltest.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: cltest.c,v 1.6 2015/01/22 05:44:28 christos Exp $	*/
+/*	$NetBSD: cltest.c,v 1.2 2025/02/11 17:48:31 christos Exp $	*/
 
 /*-
  * Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -32,8 +32,10 @@
 #include "config.h"
 #endif
 
+#ifdef HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: cltest.c,v 1.6 2015/01/22 05:44:28 christos Exp $");
+#endif
+__RCSID("$NetBSD: cltest.c,v 1.2 2025/02/11 17:48:31 christos Exp $");
 
 #include <sys/types.h> 
 #include <sys/socket.h>
diff --git a/contrib/blocklist/test/srvtest.c b/contrib/blocklist/test/srvtest.c
index 03a762ab81f2..4eb9468ed5fd 100644
--- a/contrib/blocklist/test/srvtest.c
+++ b/contrib/blocklist/test/srvtest.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: srvtest.c,v 1.10 2015/05/30 22:40:38 christos Exp $	*/
+/*	$NetBSD: srvtest.c,v 1.2 2025/02/11 17:43:16 christos Exp $	*/
 
 /*-
  * Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -32,8 +32,10 @@
 #include "config.h"
 #endif
 
+#ifdef HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: srvtest.c,v 1.10 2015/05/30 22:40:38 christos Exp $");
+#endif
+__RCSID("$NetBSD: srvtest.c,v 1.2 2025/02/11 17:43:16 christos Exp $");
 
 #include <sys/types.h> 
 #include <sys/socket.h>
@@ -48,7 +50,7 @@ __RCSID("$NetBSD: srvtest.c,v 1.10 2015/05/30 22:40:38 christos Exp $");
 #include <poll.h>
 #include <err.h>
 
-#include "blacklist.h"
+#include "blocklist.h"
 #ifdef BLDEBUG
 #include "bl.h"
 static void *b;
@@ -71,9 +73,9 @@ process_tcp(int afd)
 	buffer[sizeof(buffer) - 1] = '\0';
 	printf("%s: sending %d %s\n", getprogname(), afd, buffer);
 #ifdef BLDEBUG
-	blacklist_r(b, 1, afd, buffer);
+	blocklist_r(b, 1, afd, buffer);
 #else
-	blacklist(1, afd, buffer);
+	blocklist(1, afd, buffer);
 #endif
 	exit(0);
 }
@@ -95,7 +97,7 @@ process_udp(int afd)
 		err(1, "recvfrom");
 	buffer[sizeof(buffer) - 1] = '\0';
 	printf("%s: sending %d %s\n", getprogname(), afd, buffer);
-	blacklist_sa(1, afd, (void *)&ss, slen, buffer);
+	blocklist_sa(1, afd, (void *)&ss, slen, buffer);
 	exit(0);
 }
 static int
@@ -167,7 +169,11 @@ static __dead void
 usage(int c)
 {
 	warnx("Unknown option `%c'", (char)c);
-	fprintf(stderr, "Usage: %s [-u] [-p <num>]\n", getprogname());
+	fprintf(stderr, "Usage: %s [-u] [-p <num>]"
+#ifdef BLDEBUG
+	    " [-s <sockpath>]"
+#endif
+	    "\n", getprogname());
 	exit(EXIT_FAILURE);
 }
 
@@ -182,14 +188,16 @@ main(int argc, char *argv[])
 	struct pollfd pfd[NUMFD];
 	int type = SOCK_STREAM, c;
 	in_port_t port = 6161;
-
-	signal(SIGCHLD, SIG_IGN);
-
 #ifdef BLDEBUG
-	b = bl_create(false, "blsock", vsyslog);
+	char *sockpath = "blsock";
+	const char *optstr = "up:s:";
+#else
+	const char *optstr = "up:";
 #endif
 
-	while ((c = getopt(argc, argv, "up:")) != -1)
+	signal(SIGCHLD, SIG_IGN);
+
+	while ((c = getopt(argc, argv, optstr)) != -1)
 		switch (c) {
 		case 'u':
 			type = SOCK_DGRAM;
@@ -197,10 +205,20 @@ main(int argc, char *argv[])
 		case 'p':
 			port = (in_port_t)atoi(optarg);
 			break;
+#ifdef BLDEBUG
+		case 's':
+			sockpath = (char *)optarg;
+			break;
+#endif
 		default:
 			usage(c);
 		}
 
+#ifdef BLDEBUG
+	b = bl_create(false, sockpath, vsyslog_r);
+#endif
+
+
 	pfd[0].fd = cr(AF_INET, type, port);
 	pfd[0].events = POLLIN;
 #if NUMFD > 1
diff --git a/contrib/bsddialog/.gitignore b/contrib/bsddialog/.gitignore
index c8fc68ed8a0e..c9613d477f7f 100644
--- a/contrib/bsddialog/.gitignore
+++ b/contrib/bsddialog/.gitignore
@@ -21,6 +21,7 @@ examples_library/msgbox
 examples_library/pause
 examples_library/radiolist
 examples_library/rangebox
+examples_library/textbox
 examples_library/theme
 examples_library/timebox
 examples_library/yesno
diff --git a/contrib/bsddialog/CHANGELOG b/contrib/bsddialog/CHANGELOG
index a4cf4d01c077..7800098644d7 100644
--- a/contrib/bsddialog/CHANGELOG
+++ b/contrib/bsddialog/CHANGELOG
@@ -1,11 +1,57 @@
-2024-07-01 1.0.4
+2025-06-22 Version 1.0.5
+
+	Manual:
+	* fix: "User-friendly documentation for alternate screen"
+	  https://bugs.freebsd.org/285459.
+	  Improve bsddialog.1: --alternate-screen and --normal-screen.
+
+	NetBSD (tested on amd64) refactoring, no function changes:
+	* https://gitlab.com/alfix/bsddialog/-/merge_requests/4
+	  lib: include <stdarg.h> in lib_util.c.
+	* https://gitlab.com/alfix/bsddialog/-/merge_requests/5
+	  a call to curses' refresh() is performed, while a local
+	  variable is also called refresh.
+	* Makefiles: add install and uninstall targets (both GND and BSD)
+	  https://gitlab.com/alfix/bsddialog/-/merge_requests/3
+
+	MacOS (tested on amd64) refactoring, no function changes:
+	* https://gitlab.com/alfix/bsddialog/-/merge_requests/6
+	  utility: replace u_int with unsigned int.
+
+	Library:
+	* fix: useless refreshes, https://gitlab.com/alfix/bsddialog/-/issues/8:
+	  "It takes lot of time when running over a 115200 UART".
+	  Not fixed for bsddialog_gauge() because it has to be rewritten.
+	* change: bsddialog_backtitle() does not update the screen so the
+	  backtitle is not printed. To use if a dialog is built later.
+	  Rationale: see "115200 UART" problem above.
+	* add: bsddialog_backtitle_rf() to print a top title refreshing the
+	  screen like bsddialog_backtitle() was previously.
+	* change: forms, ENTER is also a navigation keys in forms fields.
+	  Request: https://bugs.freebsd.org/287592
+	  If conf.button.always_active is true the form is closes immediatly.
+
+	Library and implicitly utility:
+	* fix: textbox buttons returned values (was always OK).
+	  Thanks to https://reviews.freebsd.org/D48668.
+	* change: TAB is a navigation keys in forms. Previously it directly
+	  switched form-fields <-> buttons.
+	  Request: https://bugs.freebsd.org/287592
+
+	Utility:
+	* change: forms, ENTER is a also navigation keys in forms fields.
+	  Previously it directly closed the form except with --switch-buttons
+	  Request: https://bugs.freebsd.org/287592
+
+
+2024-07-01 Version 1.0.4
 
 	Utility internal refactoring (no functional change):
 	* change: rename an internal constant to avoid a future conflict
 	    because FreeBSD is changing headers files for _FORTIFY_SOURCE.
 	    Reported and fixed by Kyle Evans.
 
-2024-05-27 1.0.3
+2024-05-27 Version 1.0.3
 
 	Utility:
 	change: --form and --mixedform do not print field value to output fd if
diff --git a/contrib/bsddialog/LICENSE b/contrib/bsddialog/LICENSE
index 7b36a8dce42e..9ea4a4a62f4b 100644
--- a/contrib/bsddialog/LICENSE
+++ b/contrib/bsddialog/LICENSE
@@ -1,6 +1,6 @@
 BSD 2-Clause License
 
-Copyright (c) 2021-2024, Alfonso Sabato Siciliano
+Copyright (c) 2021-2025, Alfonso Sabato Siciliano
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are met:
diff --git a/contrib/bsddialog/Makefile b/contrib/bsddialog/Makefile
index a6af8813a48e..335b693470e6 100644
--- a/contrib/bsddialog/Makefile
+++ b/contrib/bsddialog/Makefile
@@ -4,7 +4,7 @@
 # Written in 2023 by Alfonso Sabato Siciliano
 
 OUTPUT = bsddialog
-export VERSION=1.0.4
+export VERSION=1.0.5
 .CURDIR ?= ${CURDIR}
 LIBPATH = ${.CURDIR}/lib
 LIBBSDDIALOG = ${LIBPATH}/libbsddialog.so
@@ -22,7 +22,15 @@ DEBUG ?=
 export ENABLEDEBUG=${DEBUG}
 ###################
 
-all : ${OUTPUT}
+all: ${OUTPUT}
+
+install: all
+	${MAKE} -C ${LIBPATH} install
+	${MAKE} -C ${UTILITYPATH} install
+
+uninstall:
+	${MAKE} -C ${UTILITYPATH} uninstall
+	${MAKE} -C ${LIBPATH} uninstall
 
 ${OUTPUT}: ${LIBBSDDIALOG}
 	${MAKE} -C ${UTILITYPATH} LIBPATH=${LIBPATH}
@@ -36,3 +44,4 @@ clean:
 	${MAKE} -C ${UTILITYPATH} clean
 	${RM} ${OUTPUT} *.core
 
+.PHONY: all install uninstall clean
diff --git a/contrib/bsddialog/README.md b/contrib/bsddialog/README.md
index 7b9b6cf8e84d..5a25109775fe 100644
--- a/contrib/bsddialog/README.md
+++ b/contrib/bsddialog/README.md
@@ -1,4 +1,4 @@
-# BSDDialog 1.0.4
+# BSDDialog 1.0.5
 
 This project provides **bsddialog** and **libbsddialog**, an utility
 and a library to build scripts and tools with TUI dialogs and widgets.
@@ -129,7 +129,6 @@ in the _Public Domain_ to build new projects:
  - implement global buttons handler.
  - doc: external tutorial, theming guide.
  - implement menutype.min\_on.
- - improve refresh at startup, avoid dialog refresh before drawing text.
  - add debug API: bsddialog\_debug(y,x,refresh,"fmt",...).
  - add mouse support.
  - use alarm(2) for bsddialog\_pause.
@@ -139,4 +138,4 @@ in the _Public Domain_ to build new projects:
  - fix --mixedform "" 0 0 0 Label 1 0 Init 1 12 0 0 2 (with 0 editable field).
  - add *text* customization to --hmsg *help-message*
  - check --passwordform *fieldlen* like --form and --mixedform.
-
+ - add manuals to Makefiles installe and uninstall targets.
diff --git a/contrib/bsddialog/examples_library/compile b/contrib/bsddialog/examples_library/compile
index 9025f35426d9..1a68313090f6 100755
--- a/contrib/bsddialog/examples_library/compile
+++ b/contrib/bsddialog/examples_library/compile
@@ -8,14 +8,16 @@
 # worldwide. This software is distributed without any warranty, see:
 #     <http://creativecommons.org/publicdomain/zero/1.0/>.
 
+set -x
+
 libpath=../lib
 examples="menu checklist radiolist mixedlist theme infobox yesno msgbox \
-	datebox form timebox rangebox pause calendar gauge mixedgauge"
+datebox form timebox rangebox pause calendar gauge mixedgauge textbox"
 
 rm -f $examples
 
 for e in $examples
 do
-	cc -g -Wall -Wextra -I$libpath ${e}.c -o $e -L$libpath -lbsddialog \
-	-Wl,-rpath=$libpath
+	cc -g -Wall -Wextra -I$libpath ${e}.c -o $e \
+	-Wl,-rpath=$libpath -L$libpath -lbsddialog
 done
diff --git a/contrib/bsddialog/examples_library/textbox.c b/contrib/bsddialog/examples_library/textbox.c
new file mode 100644
index 000000000000..2e76cbb97891
--- /dev/null
+++ b/contrib/bsddialog/examples_library/textbox.c
@@ -0,0 +1,38 @@
+/*-
+ * SPDX-License-Identifier: CC0-1.0
+ *
+ * Written in 2025 by Alfonso Sabato Siciliano.
+ * To the extent possible under law, the author has dedicated all copyright
+ * and related and neighboring rights to this software to the public domain
+ * worldwide. This software is distributed without any warranty, see:
+ *   <http://creativecommons.org/publicdomain/zero/1.0/>.
+ */
+
+#include <bsddialog.h>
+#include <stdio.h>
+
+int main()
+{
+	int output;
+	struct bsddialog_conf conf;
+
+	if (bsddialog_init() == BSDDIALOG_ERROR) {
+		printf("Error: %s\n", bsddialog_geterror());
+		return (1);
+	}
+	bsddialog_initconf(&conf);
+	conf.title = "textbox";
+	output = bsddialog_textbox(&conf, "./textbox.c", 20, 80);
+	bsddialog_end();
+
+	switch (output) {
+	case BSDDIALOG_ERROR:
+		printf("Error %s\n", bsddialog_geterror());
+		return (1);
+	case BSDDIALOG_OK:
+		printf("[Exit]\n");
+		break;
+	}
+
+	return (0);
+}
diff --git a/contrib/bsddialog/lib/GNUmakefile b/contrib/bsddialog/lib/GNUmakefile
index 7c7a9bc25ee4..2cb060381a46 100644
--- a/contrib/bsddialog/lib/GNUmakefile
+++ b/contrib/bsddialog/lib/GNUmakefile
@@ -9,6 +9,7 @@ HEADERS = bsddialog.h bsddialog_theme.h bsddialog_progressview.h
 SOURCES = barbox.c datebox.c formbox.c libbsddialog.c lib_util.c \
 	menubox.c messagebox.c textbox.c theme.c timebox.c
 OBJECTS = $(SOURCES:.c=.o)
+PREFIX = /usr/local
 
 ifneq ($(ENABLEDEBUG),)
 CFLAGS += -g
@@ -21,7 +22,21 @@ LIBFLAG = -shared
 RM = rm -f
 LN = ln -s -f
 
-all : $(LIBRARY)
+all: $(LIBRARY)
+
+install: all
+	${INSTALL} -m 0644 bsddialog.h ${DESTDIR}${PREFIX}/include/bsddialog.h
+	${INSTALL} -m 0644 bsddialog_progressview.h ${DESTDIR}${PREFIX}/include/bsddialog_progressview.h
+	${INSTALL} -m 0644 bsddialog_theme.h ${DESTDIR}${PREFIX}/include/bsddialog_theme.h
+	${INSTALL} -m 0755 ${LIBRARY_SO}.${VERSION} ${DESTDIR}${PREFIX}/lib/${LIBRARY_SO}.${VERSION}
+	${LN} ${LIBRARY_SO}.${VERSION} ${DESTDIR}${PREFIX}/lib/${LIBRARY_SO}
+
+uninstall:
+	${RM} ${DESTDIR}${PREFIX}/include/bsddialog.h
+	${RM} ${DESTDIR}${PREFIX}/include/bsddialog_progressview.h
+	${RM} ${DESTDIR}${PREFIX}/include/bsddialog_theme.h
+	${RM} ${DESTDIR}${PREFIX}/lib/${LIBRARY_SO}.${VERSION}
+	${RM} ${DESTDIR}${PREFIX}/lib/${LIBRARY_SO}
 
 $(LIBRARY): $(OBJECTS)
 	$(CC) $(LIBFLAG) $^ -o $(LIBRARY_SO).$(VERSION) $(LDFLAGS)
@@ -32,3 +47,5 @@ $(LIBRARY): $(OBJECTS)
 
 clean:
 	$(RM) $(LIBRARY_SO)* *.o *~
+
+.PHONY: all install uninstall ${LIBRARY} clean
diff --git a/contrib/bsddialog/lib/Makefile b/contrib/bsddialog/lib/Makefile
index 252b33f79848..c728541a9f7a 100644
--- a/contrib/bsddialog/lib/Makefile
+++ b/contrib/bsddialog/lib/Makefile
@@ -10,6 +10,7 @@ HEADERS = bsddialog.h bsddialog_theme.h bsddialog_progressview.h
 SOURCES = barbox.c datebox.c formbox.c libbsddialog.c lib_util.c \
 	menubox.c messagebox.c textbox.c theme.c timebox.c
 OBJECTS = ${SOURCES:.c=.o}
+PREFIX = /usr/local
 
 .if defined(DEBUG)
 CFLAGS += -g
@@ -23,7 +24,23 @@ LDFLAGS += -fstack-protector-strong -shared -Wl,-x -Wl,--fatal-warnings \
 LN = ln -s -f
 RM = rm -f
 
-all : ${LIBRARY}
+all: ${LIBRARY}
+
+install: all
+	${INSTALL} -m 0644 bsddialog.h ${DESTDIR}${PREFIX}/include/bsddialog.h
+	${INSTALL} -m 0644 bsddialog_progressview.h ${DESTDIR}${PREFIX}/include/bsddialog_progressview.h
+	${INSTALL} -m 0644 bsddialog_theme.h ${DESTDIR}${PREFIX}/include/bsddialog_theme.h
+	${INSTALL} -m 0644 ${LIBRARY_A} ${DESTDIR}${PREFIX}/lib/${LIBRARY_A}
+	${INSTALL} -m 0755 ${LIBRARY_SO}.${VERSION} ${DESTDIR}${PREFIX}/lib/${LIBRARY_SO}.${VERSION}
+	${LN} ${LIBRARY_SO}.${VERSION} ${DESTDIR}${PREFIX}/lib/${LIBRARY_SO}
+
+uninstall:
+	${RM} ${DESTDIR}${PREFIX}/include/bsddialog.h
+	${RM} ${DESTDIR}${PREFIX}/include/bsddialog_progressview.h
+	${RM} ${DESTDIR}${PREFIX}/include/bsddialog_theme.h
+	${RM} ${DESTDIR}${PREFIX}/lib/${LIBRARY_A}
+	${RM} ${DESTDIR}${PREFIX}/lib/${LIBRARY_SO}.${VERSION}
+	${RM} ${DESTDIR}${PREFIX}/lib/${LIBRARY_SO}
 
 ${LIBRARY}: ${LIBRARY_SO} ${LIBRARY_A}
 
@@ -42,3 +59,5 @@ ${LIBRARY_A}: ${OBJECTS}
 
 clean:
 	${RM} ${LIBRARY_SO}* *.o *~ *.gz ${LIBRARY_A}
+
+.PHONY: all install uninstall ${LIBRARY} clean
diff --git a/contrib/bsddialog/lib/barbox.c b/contrib/bsddialog/lib/barbox.c
index 4feea20c6441..51f81ecbca68 100644
--- a/contrib/bsddialog/lib/barbox.c
+++ b/contrib/bsddialog/lib/barbox.c
@@ -1,7 +1,7 @@
 /*-
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2021-2024 Alfonso Sabato Siciliano
+ * Copyright (c) 2021-2025 Alfonso Sabato Siciliano
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -371,7 +371,7 @@ bsddialog_progressview (struct bsddialog_conf *conf, const char *text, int rows,
 	unsigned int i, mainperc, totaltodo;
 	float readforsec;
 	const char **minilabels;
-	time_t tstart, told, tnew, refresh;
+	time_t tstart, told, tnew, trefresh;
 
 	if ((minilabels = calloc(nminibar, sizeof(char*))) == NULL)
 		RETURN_ERROR("Cannot allocate memory for minilabels");
@@ -385,7 +385,7 @@ bsddialog_progressview (struct bsddialog_conf *conf, const char *text, int rows,
 		minipercs[i] = minibar[i].status;
 	}
 
-	refresh = pvconf->refresh == 0 ? 0 : pvconf->refresh - 1;
+	trefresh = pvconf->refresh == 0 ? 0 : pvconf->refresh - 1;
 	retval = BSDDIALOG_OK;
 	i = 0;
 	update = true;
@@ -398,7 +398,7 @@ bsddialog_progressview (struct bsddialog_conf *conf, const char *text, int rows,
 			mainperc = (bsddialog_total_progview * 100) / totaltodo;
 
 		time(&tnew);
-		if (update || tnew > told + refresh) {
+		if (update || tnew > told + trefresh) {
 			retval = do_mixedgauge(conf, text, rows, cols, mainperc,
 			    nminibar, minilabels, minipercs, true);
 			if (retval == BSDDIALOG_ERROR)
@@ -440,17 +440,18 @@ bsddialog_progressview (struct bsddialog_conf *conf, const char *text, int rows,
 	return (retval);
 }
 
-static int rangebox_redraw(struct dialog *d, struct bar *b, int *bigchange)
+static int
+rangebox_redraw(struct dialog *d, bool redraw, struct bar *b, int *bigchange)
 {
-	if (d->built) {
+	if (redraw) {
 		hide_dialog(d);
 		refresh(); /* Important for decreasing screen */
 	}
 	if (dialog_size_position(d, HBOX, MIN_WBOX, NULL) != 0)
 		return (BSDDIALOG_ERROR);
-	if (draw_dialog(d) != 0)
+	if (draw_dialog(d) != 0) /* doupdate() in main loop */
 		return (BSDDIALOG_ERROR);
-	if (d->built)
+	if (redraw)
 		refresh(); /* Important to fix grey lines expanding screen */
 	TEXTPAD(d, HBOX + HBUTTONS);
 
@@ -490,7 +491,7 @@ bsddialog_rangebox(struct bsddialog_conf *conf, const char *text, int rows,
 		RETURN_ERROR("Cannot build WINDOW bar");
 	b.y = b.x = 1;
 	b.fmt = "%d";
-	if (rangebox_redraw(&d, &b, &bigchange) != 0)
+	if (rangebox_redraw(&d, false, &b, &bigchange) != 0)
 		return (BSDDIALOG_ERROR);
 
 	loop = true;
@@ -568,12 +569,12 @@ bsddialog_rangebox(struct bsddialog_conf *conf, const char *text, int rows,
 				break;
 			if (f1help_dialog(conf) != 0)
 				return (BSDDIALOG_ERROR);
-			if (rangebox_redraw(&d, &b, &bigchange) != 0)
+			if (rangebox_redraw(&d, true, &b, &bigchange) != 0)
 				return (BSDDIALOG_ERROR);
 			break;
 		case KEY_CTRL('l'):
 		case KEY_RESIZE:
-			if (rangebox_redraw(&d, &b, &bigchange) != 0)
+			if (rangebox_redraw(&d, true, &b, &bigchange) != 0)
 				return (BSDDIALOG_ERROR);
 			break;
 		default:
@@ -594,17 +595,17 @@ bsddialog_rangebox(struct bsddialog_conf *conf, const char *text, int rows,
 	return (retval);
 }
 
-static int pause_redraw(struct dialog *d, struct bar *b)
+static int pause_redraw(struct dialog *d, bool redraw, struct bar *b)
 {
-	if (d->built) {
+	if (redraw) {
 		hide_dialog(d);
 		refresh(); /* Important for decreasing screen */
 	}
 	if (dialog_size_position(d, HBOX, MIN_WBOX, NULL) != 0)
 		return (BSDDIALOG_ERROR);
-	if (draw_dialog(d) != 0)
+	if (draw_dialog(d) != 0) /* doupdate() in main loop */
 		return (BSDDIALOG_ERROR);
-	if (d->built)
+	if (redraw)
 		refresh(); /* Important to fix grey lines expanding screen */
 	TEXTPAD(d, HBOX + HBUTTONS);
 
@@ -633,7 +634,7 @@ bsddialog_pause(struct bsddialog_conf *conf, const char *text, int rows,
 		RETURN_ERROR("Cannot build WINDOW bar");
 	b.y = b.x = 1;
 	b.fmt = "%d";
-	if (pause_redraw(&d, &b) != 0)
+	if (pause_redraw(&d, false, &b) != 0)
 		return (BSDDIALOG_ERROR);
 
 	tout = *seconds;
@@ -687,12 +688,12 @@ bsddialog_pause(struct bsddialog_conf *conf, const char *text, int rows,
 				break;
 			if (f1help_dialog(conf) != 0)
 				return (BSDDIALOG_ERROR);
-			if (pause_redraw(&d, &b) != 0)
+			if (pause_redraw(&d, true, &b) != 0)
 				return (BSDDIALOG_ERROR);
 			break;
 		case KEY_CTRL('l'):
 		case KEY_RESIZE:
-			if (pause_redraw(&d, &b) != 0)
+			if (pause_redraw(&d, true, &b) != 0)
 				return (BSDDIALOG_ERROR);
 			break;
 		default:
diff --git a/contrib/bsddialog/lib/bsddialog.3 b/contrib/bsddialog/lib/bsddialog.3
index cbf1653a2aca..bbd756661a78 100644
--- a/contrib/bsddialog/lib/bsddialog.3
+++ b/contrib/bsddialog/lib/bsddialog.3
@@ -1,5 +1,5 @@
 .\"
-.\" Copyright (c) 2021-2024 Alfonso Sabato Siciliano
+.\" Copyright (c) 2021-2025 Alfonso Sabato Siciliano
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -22,11 +22,12 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd March 16, 2024
+.Dd June 22, 2025
 .Dt BSDDIALOG 3
 .Os
 .Sh NAME
 .Nm bsddialog_backtitle ,
+.Nm bsddialog_backtitle_rf ,
 .Nm bsddialog_calendar ,
 .Nm bsddialog_clear ,
 .Nm bsddialog_color ,
@@ -65,6 +66,8 @@
 .Ft int
 .Fn bsddialog_backtitle "struct bsddialog_conf *conf" "const char *backtitle"
 .Ft int
+.Fn bsddialog_backtitle_rf "struct bsddialog_conf *conf" "const char *backtitle"
+.Ft int
 .Fo bsddialog_calendar
 .Fa "struct bsddialog_conf *conf"
 .Fa "const char *text"
@@ -292,7 +295,7 @@ and before
 .Dv false
 otherwise.
 .Pp
-.Fn bsddialog_backtitle
+.Fn bsddialog_backtitle_rf
 prints
 .Fa backtitle
 on the top of the screen.
@@ -302,6 +305,11 @@ and
 .Fa conf.no_lines
 described later.
 .Pp
+.Fn bsddialog_backtitle
+is like
+.Fn bsddialog_backtitle_rf
+but it does not update the screen, using if a dialog is built later.
+.Pp
 .Fn bsddialog_error
 returns a string to describe the last error.
 The function should be called after a
@@ -902,7 +910,7 @@ provides a dialog for a
 the labels on buttons are
 .Dq Yes
 and
-.Dq No .
+.Dq &No .
 .Ss Keys
 .Bl -tag -width Ds
 .It Ctrl-l
diff --git a/contrib/bsddialog/lib/bsddialog.h b/contrib/bsddialog/lib/bsddialog.h
index fd0e2bc02580..fc59071c6fa0 100644
--- a/contrib/bsddialog/lib/bsddialog.h
+++ b/contrib/bsddialog/lib/bsddialog.h
@@ -1,7 +1,7 @@
 /*-
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2021-2024 Alfonso Sabato Siciliano
+ * Copyright (c) 2021-2025 Alfonso Sabato Siciliano
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -30,7 +30,7 @@
 
 #include <stdbool.h>
 
-#define LIBBSDDIALOG_VERSION     "1.0.4"
+#define LIBBSDDIALOG_VERSION     "1.0.5"
 
 /* Return values */
 #define BSDDIALOG_ERROR          -1
@@ -179,6 +179,7 @@ int bsddialog_init_notheme(void);
 bool bsddialog_inmode(void);
 int bsddialog_end(void);
 int bsddialog_backtitle(struct bsddialog_conf *conf, const char *backtitle);
+int bsddialog_backtitle_rf(struct bsddialog_conf *conf, const char *backtitle);
 int bsddialog_initconf(struct bsddialog_conf *conf);
 void bsddialog_clear(unsigned int y);
 void bsddialog_refresh(void);
diff --git a/contrib/bsddialog/lib/bsddialog_theme.h b/contrib/bsddialog/lib/bsddialog_theme.h
index 2071896b61f0..77938c65b6ce 100644
--- a/contrib/bsddialog/lib/bsddialog_theme.h
+++ b/contrib/bsddialog/lib/bsddialog_theme.h
@@ -1,7 +1,7 @@
 /*-
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2021-2023 Alfonso Sabato Siciliano
+ * Copyright (c) 2021-2025 Alfonso Sabato Siciliano
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
diff --git a/contrib/bsddialog/lib/datebox.c b/contrib/bsddialog/lib/datebox.c
index ee955471799e..66f36f5f4a99 100644
--- a/contrib/bsddialog/lib/datebox.c
+++ b/contrib/bsddialog/lib/datebox.c
@@ -1,7 +1,7 @@
 /*-
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2022-2024 Alfonso Sabato Siciliano
+ * Copyright (c) 2022-2025 Alfonso Sabato Siciliano
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -296,20 +296,20 @@ print_calendar(struct bsddialog_conf *conf, WINDOW *win, int yy, int mm, int dd,
 }
 
 static int
-calendar_redraw(struct dialog *d, WINDOW *yy_win, WINDOW *mm_win,
+calendar_draw(struct dialog *d, bool redraw, WINDOW *yy_win, WINDOW *mm_win,
     WINDOW *dd_win)
 {
 	int ycal, xcal;
 
-	if (d->built) {
+	if (redraw) {
 		hide_dialog(d);
 		refresh(); /* Important for decreasing screen */
 	}
 	if (dialog_size_position(d, MINHCAL, MINWCAL, NULL) != 0)
 		return (BSDDIALOG_ERROR);
-	if (draw_dialog(d) != 0)
+	if (draw_dialog(d) != 0) /* doupdate in main loop */
 		return (BSDDIALOG_ERROR);
-	if (d->built)
+	if (redraw)
 		refresh(); /* Important to fix grey lines expanding screen */
 	TEXTPAD(d, MINHCAL + HBUTTONS);
 
@@ -354,7 +354,7 @@ bsddialog_calendar(struct bsddialog_conf *conf, const char *text, int rows,
 	if ((dd_win = newwin(1, 1, 1, 1)) == NULL)
 		RETURN_ERROR("Cannot build WINDOW for dd");
 	wbkgd(dd_win, t.dialog.color);
-	if (calendar_redraw(&d, yy_win, mm_win, dd_win) != 0)
+	if (calendar_draw(&d, false, yy_win, mm_win, dd_win) != 0)
 		return (BSDDIALOG_ERROR);
 
 	sel = -1;
@@ -503,12 +503,12 @@ bsddialog_calendar(struct bsddialog_conf *conf, const char *text, int rows,
 				break;
 			if (f1help_dialog(conf) != 0)
 				return (BSDDIALOG_ERROR);
-			if (calendar_redraw(&d, yy_win, mm_win, dd_win) != 0)
+			if (calendar_draw(&d, true, yy_win, mm_win, dd_win) != 0)
 				return (BSDDIALOG_ERROR);
 			break;
 		case KEY_CTRL('l'):
 		case KEY_RESIZE:
-			if (calendar_redraw(&d, yy_win, mm_win, dd_win) != 0)
+			if (calendar_draw(&d, true, yy_win, mm_win, dd_win) != 0)
 				return (BSDDIALOG_ERROR);
 			break;
 		default:
@@ -533,11 +533,11 @@ bsddialog_calendar(struct bsddialog_conf *conf, const char *text, int rows,
 	return (retval);
 }
 
-static int datebox_redraw(struct dialog *d, struct dateitem *di)
+static int datebox_draw(struct dialog *d, bool redraw, struct dateitem *di)
 {
 	int y, x;
 
-	if (d->built) {
+	if (redraw) {
 		hide_dialog(d);
 		refresh(); /* Important for decreasing screen */
 	}
@@ -545,7 +545,7 @@ static int datebox_redraw(struct dialog *d, struct dateitem *di)
 		return (BSDDIALOG_ERROR);
 	if (draw_dialog(d) != 0)
 		return (BSDDIALOG_ERROR);
-	if (d->built)
+	if (redraw)
 		refresh(); /* Important to fix grey lines expanding screen */
 	TEXTPAD(d, 3 /*windows*/ + HBUTTONS);
 
@@ -624,7 +624,7 @@ bsddialog_datebox(struct bsddialog_conf *conf, const char *text, int rows,
 	set_buttons(&d, true, OK_LABEL, CANCEL_LABEL);
 	if (build_dateitem(conf->date.format, &yy, &mm, &dd, di) != 0)
 		return (BSDDIALOG_ERROR);
-	if (datebox_redraw(&d, di) != 0)
+	if (datebox_draw(&d, false, di) != 0)
 		return (BSDDIALOG_ERROR);
 
 	sel = -1;
@@ -716,12 +716,12 @@ bsddialog_datebox(struct bsddialog_conf *conf, const char *text, int rows,
 				break;
 			if (f1help_dialog(conf) != 0)
 				return (BSDDIALOG_ERROR);
-			if (datebox_redraw(&d, di) != 0)
+			if (datebox_draw(&d, true, di) != 0)
 				return (BSDDIALOG_ERROR);
 			break;
 		case KEY_CTRL('l'):
 		case KEY_RESIZE:
-			if (datebox_redraw(&d, di) != 0)
+			if (datebox_draw(&d, true, di) != 0)
 				return (BSDDIALOG_ERROR);
 			break;
 		default:
diff --git a/contrib/bsddialog/lib/formbox.c b/contrib/bsddialog/lib/formbox.c
index ca473356e350..a072461c43e1 100644
--- a/contrib/bsddialog/lib/formbox.c
+++ b/contrib/bsddialog/lib/formbox.c
@@ -1,7 +1,7 @@
 /*-
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2021-2024 Alfonso Sabato Siciliano
+ * Copyright (c) 2021-2025 Alfonso Sabato Siciliano
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -601,11 +601,11 @@ static int form_size_position(struct dialog *d, struct privateform *f)
 }
 
 static int
-form_redraw(struct dialog *d, struct privateform *f, bool focusinform)
+form_draw(struct dialog *d, bool redraw, struct privateform *f, bool focusinform)
 {
 	unsigned int i;
 
-	if (d->built) {
+	if (redraw) {
 		hide_dialog(d);
 		refresh(); /* Important for decreasing screen */
 	}
@@ -613,9 +613,9 @@ form_redraw(struct dialog *d, struct privateform *f, bool focusinform)
 	f->w = f->wmin;
 	if (form_size_position(d, f) != 0)
 		return (BSDDIALOG_ERROR);
-	if (draw_dialog(d) != 0)
+	if (draw_dialog(d) != 0) /* doupdate() in main loop */
 		return (BSDDIALOG_ERROR);
-	if (d->built)
+	if (redraw)
 		refresh(); /* Important to fix grey lines expanding screen */
 	TEXTPAD(d, 2 /* box borders */ + f->viewrows + HBUTTONS);
 
@@ -707,7 +707,7 @@ bsddialog_form(struct bsddialog_conf *conf, const char *text, int rows,
 	}
 
 	form.formheight = formheight;
-	if (form_redraw(&d, &form, focusinform) != 0)
+	if (form_draw(&d, false, &form, focusinform) != 0)
 		return (BSDDIALOG_ERROR);
 
 	changeitem = switchfocus = false;
@@ -719,10 +719,16 @@ bsddialog_form(struct bsddialog_conf *conf, const char *text, int rows,
 		switch(input) {
 		case KEY_ENTER:
 		case 10: /* Enter */
-			if (focusinform && conf->button.always_active == false)
-				break;
-			retval = BUTTONVALUE(d.bs);
-			loop = false;
+			if (focusinform && conf->button.always_active == false) {
+				next = nextitem(form.nitems, form.pritems, form.sel);
+				if (next > form.sel)
+					changeitem = true; /* needs next */
+				else
+					switchfocus = true;
+			} else {
+				retval = BUTTONVALUE(d.bs);
+				loop = false;
+			}
 			break;
 		case 27: /* Esc */
 			if (conf->key.enable_esc) {
@@ -732,7 +738,12 @@ bsddialog_form(struct bsddialog_conf *conf, const char *text, int rows,
 			break;
 		case '\t': /* TAB */
 			if (focusinform) {
-				switchfocus = true;
+				next = nextitem(form.nitems, form.pritems,
+				    form.sel);
+				if (next > form.sel)
+					changeitem = true;  /* needs next */
+				else
+					switchfocus = true;
 			} else {
 				if (d.bs.curr + 1 < (int)d.bs.nbuttons) {
 					d.bs.curr++;
@@ -839,12 +850,12 @@ bsddialog_form(struct bsddialog_conf *conf, const char *text, int rows,
 				retval = BSDDIALOG_ERROR;
 				loop = false;
 			}
-			if (form_redraw(&d, &form, focusinform) != 0)
+			if (form_draw(&d, true, &form, focusinform) != 0)
 				return (BSDDIALOG_ERROR);
 			break;
 		case KEY_CTRL('l'):
 		case KEY_RESIZE:
-			if (form_redraw(&d, &form, focusinform) != 0)
+			if (form_draw(&d, true, &form, focusinform) != 0)
 				return (BSDDIALOG_ERROR);
 			break;
 		default:
@@ -884,11 +895,20 @@ bsddialog_form(struct bsddialog_conf *conf, const char *text, int rows,
 			    conf->button.always_active || !focusinform,
 			    !focusinform);
 			wnoutrefresh(d.widget);
-			DRAWITEM_TRICK(&form, form.sel, focusinform);
+			if (focusinform == false)
+				DRAWITEM_TRICK(&form, form.sel, false);
+			else {
+				next = firstitem(form.nitems, form.pritems);
+				if (next == form.sel)
+					DRAWITEM_TRICK(&form, form.sel, true);
+				else
+					changeitem = true;
+			}
 			switchfocus = false;
 		}
 
 		if (changeitem) {
+			/* useless after if(switchfocus) */
 			DRAWITEM_TRICK(&form, form.sel, false);
 			form.sel = next;
 			item = &form.pritems[form.sel];
diff --git a/contrib/bsddialog/lib/lib_util.c b/contrib/bsddialog/lib/lib_util.c
index d673a1a74d72..f042a2832eb9 100644
--- a/contrib/bsddialog/lib/lib_util.c
+++ b/contrib/bsddialog/lib/lib_util.c
@@ -1,7 +1,7 @@
 /*-
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2021-2023 Alfonso Sabato Siciliano
+ * Copyright (c) 2021-2025 Alfonso Sabato Siciliano
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -25,6 +25,7 @@
  * SUCH DAMAGE.
  */
 
+#include <stdarg.h>
 #include <curses.h>
 #include <stdlib.h>
 #include <string.h>
diff --git a/contrib/bsddialog/lib/lib_util.h b/contrib/bsddialog/lib/lib_util.h
index 526f65b4bfaa..1adc34f3b80a 100644
--- a/contrib/bsddialog/lib/lib_util.h
+++ b/contrib/bsddialog/lib/lib_util.h
@@ -1,7 +1,7 @@
 /*-
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2021-2024 Alfonso Sabato Siciliano
+ * Copyright (c) 2021-2025 Alfonso Sabato Siciliano
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -62,7 +62,7 @@ extern bool hastermcolors;
 		RETURN_ERROR("*" #p " is NULL");                               \
 } while (0)
 #define CHECK_ARRAY(nitem, a) do {                                             \
-	if (nitem > 0 && a == NULL)                                             \
+	if (nitem > 0 && a == NULL)                                            \
 		RETURN_FMTERROR(#nitem " is %d but *" #a " is NULL", nitem);   \
 } while (0)
 /* widget utils */
diff --git a/contrib/bsddialog/lib/libbsddialog.c b/contrib/bsddialog/lib/libbsddialog.c
index 555d060ebcbd..cdb5e1e251dc 100644
--- a/contrib/bsddialog/lib/libbsddialog.c
+++ b/contrib/bsddialog/lib/libbsddialog.c
@@ -1,7 +1,7 @@
 /*-
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2021-2023 Alfonso Sabato Siciliano
+ * Copyright (c) 2021-2025 Alfonso Sabato Siciliano
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -114,11 +114,21 @@ int bsddialog_backtitle(struct bsddialog_conf *conf, const char *backtitle)
 			mvhline_set(1, 1, WACS_HLINE, SCREENCOLS - 2);
 	}
 
-	refresh();
+	wnoutrefresh(stdscr);
 
 	return (BSDDIALOG_OK);
 }
 
+int bsddialog_backtitle_rf(struct bsddialog_conf *conf, const char *backtitle)
+{
+	int rv;
+
+	rv = bsddialog_backtitle(conf, backtitle);
+	doupdate();
+
+	return (rv);
+}
+
 bool bsddialog_inmode(void)
 {
 	return (in_bsddialog_mode);
diff --git a/contrib/bsddialog/lib/menubox.c b/contrib/bsddialog/lib/menubox.c
index 896306b2881d..e6e2e7e3e63e 100644
--- a/contrib/bsddialog/lib/menubox.c
+++ b/contrib/bsddialog/lib/menubox.c
@@ -1,7 +1,7 @@
 /*-
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2021-2024 Alfonso Sabato Siciliano
+ * Copyright (c) 2021-2025 Alfonso Sabato Siciliano
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -391,7 +391,7 @@ drawitem(struct bsddialog_conf *conf, struct privatemenu *m, int y, bool focus)
 			attron(t.menu.bottomdesccolor);
 			addstr(pritem->bottomdesc);
 			attroff(t.menu.bottomdesccolor);
-			refresh();
+			wnoutrefresh(stdscr);
 		}
 	}
 }
@@ -454,18 +454,18 @@ static int menu_size_position(struct dialog *d, struct privatemenu *m)
 	return (0);
 }
 
-static int mixedlist_redraw(struct dialog *d, struct privatemenu *m)
+static int mixedlist_draw(struct dialog *d, bool redraw, struct privatemenu *m)
 {
-	if (d->built) {
+	if (redraw) {
 		hide_dialog(d);
 		refresh(); /* Important for decreasing screen */
 	}
 	m->menurows = m->apimenurows;
 	if (menu_size_position(d, m) != 0)
 		return (BSDDIALOG_ERROR);
-	if (draw_dialog(d) != 0)
+	if (draw_dialog(d) != 0) /* doupdate() in main loop */
 		return (BSDDIALOG_ERROR);
-	if (d->built)
+	if (redraw)
 		refresh(); /* Important to fix grey lines expanding screen */
 	TEXTPAD(d, 2/*bmenu*/ + m->menurows + HBUTTONS);
 
@@ -532,7 +532,7 @@ do_mixedlist(struct bsddialog_conf *conf, const char *text, int rows, int cols,
 		drawitem(d.conf, &m, m.sel, true);
 	m.ypad = 0;
 	m.apimenurows = menurows;
-	if (mixedlist_redraw(&d, &m) != 0)
+	if (mixedlist_draw(&d, false, &m) != 0)
 		return (BSDDIALOG_ERROR);
 
 	changeitem = false;
@@ -575,12 +575,12 @@ do_mixedlist(struct bsddialog_conf *conf, const char *text, int rows, int cols,
 				break;
 			if (f1help_dialog(conf) != 0)
 				return (BSDDIALOG_ERROR);
-			if (mixedlist_redraw(&d, &m) != 0)
+			if (mixedlist_draw(&d, true, &m) != 0)
 				return (BSDDIALOG_ERROR);
 			break;
 		case KEY_CTRL('l'):
 		case KEY_RESIZE:
-			if (mixedlist_redraw(&d, &m) != 0)
+			if (mixedlist_draw(&d, true, &m) != 0)
 				return (BSDDIALOG_ERROR);
 			break;
 		}
diff --git a/contrib/bsddialog/lib/messagebox.c b/contrib/bsddialog/lib/messagebox.c
index 5132b1b089b8..c3d4a20f5404 100644
--- a/contrib/bsddialog/lib/messagebox.c
+++ b/contrib/bsddialog/lib/messagebox.c
@@ -1,7 +1,7 @@
 /*-
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2021-2024 Alfonso Sabato Siciliano
+ * Copyright (c) 2021-2025 Alfonso Sabato Siciliano
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -69,19 +69,19 @@ static int message_size_position(struct dialog *d, int *htext)
 	return (0);
 }
 
-static int message_draw(struct dialog *d, struct scroll *s)
+static int message_draw(struct dialog *d, bool redraw, struct scroll *s)
 {
 	int unused;
 
-	if (d->built) {
+	if (redraw) { /* redraw: RESIZE or F1 */
 		hide_dialog(d);
 		refresh(); /* Important for decreasing screen */
 	}
 	if (message_size_position(d, &s->htext) != 0)
 		return (BSDDIALOG_ERROR);
-	if (draw_dialog(d) != 0)
+	if (draw_dialog(d) != 0) /* doupdate() in main loop */
 		return (BSDDIALOG_ERROR);
-	if (d->built)
+	if (redraw)
 		refresh(); /* Important to fix grey lines expanding screen */
 
 	s->printrows = d->h - BORDER - HBUTTONS - BORDER;
@@ -106,7 +106,7 @@ do_message(struct bsddialog_conf *conf, const char *text, int rows, int cols,
 		return (BSDDIALOG_ERROR);
 	set_buttons(&d, true, oklabel, cancellabel);
 	s.htext = -1;
-	if (message_draw(&d, &s) != 0)
+	if (message_draw(&d, false, &s) != 0)
 		return (BSDDIALOG_ERROR);
 
 	loop = true;
@@ -170,12 +170,12 @@ do_message(struct bsddialog_conf *conf, const char *text, int rows, int cols,
 				break;
 			if (f1help_dialog(d.conf) != 0)
 				return (BSDDIALOG_ERROR);
-			if (message_draw(&d, &s) != 0)
+			if (message_draw(&d, true, &s) != 0)
 				return (BSDDIALOG_ERROR);
 			break;
 		case KEY_CTRL('l'):
 		case KEY_RESIZE:
-			if (message_draw(&d, &s) != 0)
+			if (message_draw(&d, true, &s) != 0)
 				return (BSDDIALOG_ERROR);
 			break;
 		default:
diff --git a/contrib/bsddialog/lib/textbox.c b/contrib/bsddialog/lib/textbox.c
index ca3eb69fff52..1f730e0d925b 100644
--- a/contrib/bsddialog/lib/textbox.c
+++ b/contrib/bsddialog/lib/textbox.c
@@ -1,7 +1,7 @@
 /*-
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2021-2024 Alfonso Sabato Siciliano
+ * Copyright (c) 2021-2025 Alfonso Sabato Siciliano
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -101,17 +101,17 @@ static int textbox_size_position(struct dialog *d, struct scrolltext *st)
 	return (0);
 }
 
-static int textbox_draw(struct dialog *d, struct scrolltext *st)
+static int textbox_draw(struct dialog *d, bool redraw, struct scrolltext *st)
 {
-	if (d->built) {
+	if (redraw) {
 		hide_dialog(d);
 		refresh(); /* Important for decreasing screen */
 	}
 	if (textbox_size_position(d, st) != 0)
 		return (BSDDIALOG_ERROR);
-	if (draw_dialog(d) != 0)
+	if (draw_dialog(d) != 0) /* wrefresh() and prefresh() in main loop */
 		return (BSDDIALOG_ERROR);
-	if (d->built)
+	if (redraw)
 		refresh(); /* Important to fix grey lines expanding screen */
 
 	st->ys = d->y + 1;
@@ -175,7 +175,7 @@ bsddialog_textbox(struct bsddialog_conf *conf, const char *file, int rows,
 	fclose(fp);
 	set_tabsize(defaulttablen); /* reset because it is curses global */
 
-	if (textbox_draw(&d, &st) != 0)
+	if (textbox_draw(&d, false, &st) != 0)
 		return (BSDDIALOG_ERROR);
 
 	loop = true;
@@ -254,12 +254,12 @@ bsddialog_textbox(struct bsddialog_conf *conf, const char *file, int rows,
 				break;
 			if (f1help_dialog(conf) != 0)
 				return (BSDDIALOG_ERROR);
-			if (textbox_draw(&d, &st) != 0)
+			if (textbox_draw(&d, true, &st) != 0)
 				return (BSDDIALOG_ERROR);
 			break;
 		case KEY_CTRL('l'):
 		case KEY_RESIZE:
-			if (textbox_draw(&d, &st) != 0)
+			if (textbox_draw(&d, true, &st) != 0)
 				return (BSDDIALOG_ERROR);
 			break;
 		}
diff --git a/contrib/bsddialog/lib/theme.c b/contrib/bsddialog/lib/theme.c
index 04f85b2455fa..6c17d908324b 100644
--- a/contrib/bsddialog/lib/theme.c
+++ b/contrib/bsddialog/lib/theme.c
@@ -1,7 +1,7 @@
 /*-
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2021-2023 Alfonso Sabato Siciliano
+ * Copyright (c) 2021-2025 Alfonso Sabato Siciliano
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -217,7 +217,7 @@ int bsddialog_set_theme(struct bsddialog_theme *theme)
 {
 	CHECK_PTR(theme);
 	set_theme(&t, theme);
-	refresh();
+	wnoutrefresh(stdscr);
 
 	return (BSDDIALOG_OK);
 }
@@ -239,7 +239,7 @@ int bsddialog_set_default_theme(enum bsddialog_default_theme newtheme)
 		    "to use enum bsddialog_default_theme",
 		    newtheme);
 	}
-	refresh();
+	wnoutrefresh(stdscr);
 
 	return (BSDDIALOG_OK);
 }
diff --git a/contrib/bsddialog/lib/timebox.c b/contrib/bsddialog/lib/timebox.c
index 1421cd7d2b81..603d5fa5d7a3 100644
--- a/contrib/bsddialog/lib/timebox.c
+++ b/contrib/bsddialog/lib/timebox.c
@@ -1,7 +1,7 @@
 /*-
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2021-2024 Alfonso Sabato Siciliano
+ * Copyright (c) 2021-2025 Alfonso Sabato Siciliano
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -62,19 +62,19 @@ drawsquare(struct bsddialog_conf *conf, WINDOW *win, unsigned int value,
 	wnoutrefresh(win);
 }
 
-static int timebox_redraw(struct dialog *d, struct clock *c)
+static int timebox_draw(struct dialog *d, bool redraw, struct clock *c)
 {
 	int y, x;
 
-	if (d->built) {
+	if (redraw) {
 		hide_dialog(d);
 		refresh(); /* Important for decreasing screen */
 	}
 	if (dialog_size_position(d, HBOX, MINWTIME, NULL) != 0)
 		return (BSDDIALOG_ERROR);
-	if (draw_dialog(d) != 0)
+	if (draw_dialog(d) != 0) /* doupdate() in mail loop */
 		return (BSDDIALOG_ERROR);
-	if (d->built)
+	if (redraw)
 		refresh(); /* Important to fix grey lines expanding screen */
 	TEXTPAD(d, HBOX + HBUTTONS);
 
@@ -117,7 +117,7 @@ bsddialog_timebox(struct bsddialog_conf *conf, const char* text, int rows,
 		wbkgd(c[i].win, t.dialog.color);
 		c[i].value = MIN(c[i].value, c[i].max);
 	}
-	if (timebox_redraw(&d, c) != 0)
+	if (timebox_draw(&d, false, c) != 0)
 		return (BSDDIALOG_ERROR);
 
 	sel = -1;
@@ -210,12 +210,12 @@ bsddialog_timebox(struct bsddialog_conf *conf, const char* text, int rows,
 				break;
 			if (f1help_dialog(conf) != 0)
 				return (BSDDIALOG_ERROR);
-			if (timebox_redraw(&d, c) != 0)
+			if (timebox_draw(&d, true, c) != 0)
 				return (BSDDIALOG_ERROR);
 			break;
 		case KEY_CTRL('l'):
 		case KEY_RESIZE:
-			if (timebox_redraw(&d, c) != 0)
+			if (timebox_draw(&d, true, c) != 0)
 				return (BSDDIALOG_ERROR);
 			break;
 		default:
diff --git a/contrib/bsddialog/utility/GNUmakefile b/contrib/bsddialog/utility/GNUmakefile
index 518ec0d912d6..600efc7aacf6 100644
--- a/contrib/bsddialog/utility/GNUmakefile
+++ b/contrib/bsddialog/utility/GNUmakefile
@@ -6,6 +6,7 @@
 OUTPUT =  bsddialog
 SOURCES = bsddialog.c util_builders.c util_cli.c util_theme.c
 OBJECTS = $(SOURCES:.c=.o)
+PREFIX = /usr/local
 
 ifneq ($(ENABLEDEBUG),)
 CFLAGS += -g
@@ -20,7 +21,13 @@ endif
 
 RM = rm -f
 
-all : $(OUTPUT)
+all: $(OUTPUT)
+
+install: all
+	${INSTALL} -m 0755 ${OUTPUT} ${DESTDIR}${PREFIX}/bin/${OUTPUT}
+
+uninstall:
+	${RM} ${DESTDIR}${PREFIX}/bin/${OUTPUT}
 
 $(OUTPUT): $(OBJECTS)
 	$(CC) $^ -o $@ $(LDFLAGS)
@@ -31,3 +38,5 @@ $(OUTPUT): $(OBJECTS)
 
 clean:
 	$(RM) $(OUTPUT) *.o *~
+
+.PHONY: all install uninstall clean
diff --git a/contrib/bsddialog/utility/Makefile b/contrib/bsddialog/utility/Makefile
index ab51b46a25be..e6cd541fded4 100644
--- a/contrib/bsddialog/utility/Makefile
+++ b/contrib/bsddialog/utility/Makefile
@@ -6,6 +6,7 @@
 OUTPUT =  bsddialog
 SOURCES = bsddialog.c util_builders.c util_cli.c util_theme.c
 OBJECTS = ${SOURCES:.c=.o}
+PREFIX = /usr/local
 
 .if defined(DEBUG)
 CFLAGS += -g
@@ -21,7 +22,13 @@ LDFLAGS += -ltinfow -Wl,-rpath=${LIBPATH} -L${LIBPATH} -lbsddialog
 INSTALL = install
 RM = rm -f
 
-all : ${OUTPUT}
+all: ${OUTPUT}
+
+install: all
+	${INSTALL} -m 0755 ${OUTPUT} ${DESTDIR}${PREFIX}/bin/${OUTPUT}
+
+uninstall:
+	${RM} ${DESTDIR}${PREFIX}/bin/${OUTPUT}
 
 ${OUTPUT}: ${OBJECTS}
 	${CC} ${LDFLAGS} ${OBJECTS} -o ${.PREFIX}
@@ -31,3 +38,5 @@ ${OUTPUT}: ${OBJECTS}
 
 clean:
 	${RM} ${OUTPUT} *.o *~ *.core *.gz
+
+.PHONY: all install uninstall clean
diff --git a/contrib/bsddialog/utility/bsddialog.1 b/contrib/bsddialog/utility/bsddialog.1
index 4586ba16020c..0ec2a96952bd 100644
--- a/contrib/bsddialog/utility/bsddialog.1
+++ b/contrib/bsddialog/utility/bsddialog.1
@@ -1,5 +1,5 @@
 .\"
-.\" Copyright (c) 2021-2024 Alfonso Sabato Siciliano
+.\" Copyright (c) 2021-2025 Alfonso Sabato Siciliano
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -22,7 +22,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd May 25, 2024
+.Dd June 22, 2025
 .Dt BSDDIALOG 1
 .Os
 .Sh NAME
@@ -80,7 +80,14 @@ The following options can change the default behavior of the utility and are
 common to some dialog.
 .Bl -tag -width Ds
 .It Fl Fl alternate-screen
-If available set alternate screen mode, see
+Set alternate screen mode if the terminal and
+.Xr curses 3
+provide it.
+If enabled bsddialog draws to the alternate screen and restores the main screen
+after exit.
+See
+.Dq smcup
+in
 .Xr terminfo 5 .
 .It Fl Fl ascii-lines
 Ascii characters to draw lines.
@@ -291,7 +298,11 @@ Set an exit code value for the
 .Dq Ok
 button.
 .It Fl Fl normal-screen
-If available set normal screen mode, see
+Set normal screen mode.
+bsddialog does not restore the previous screen after exit.
+See
+.Dq rmcup
+in
 .Xr terminfo 5 .
 .It Fl Fl output-fd Ar fd
 Print input from user interface to the specified file descriptor.
@@ -737,7 +748,7 @@ Right1 generic button.
 .It 10
 Right2 generic button.
 .It 11
-Right2 generic button.
+Right3 generic button.
 .El
 .Sh EXAMPLES
 Backtitle, title and message:
diff --git a/contrib/bsddialog/utility/bsddialog.c b/contrib/bsddialog/utility/bsddialog.c
index 3ba21eadf7a3..bce1d0ab8452 100644
--- a/contrib/bsddialog/utility/bsddialog.c
+++ b/contrib/bsddialog/utility/bsddialog.c
@@ -1,7 +1,7 @@
 /*-
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2021-2024 Alfonso Sabato Siciliano
+ * Copyright (c) 2021-2025 Alfonso Sabato Siciliano
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
diff --git a/contrib/bsddialog/utility/util.h b/contrib/bsddialog/utility/util.h
index 2750c2ee6951..d1f7793c9755 100644
--- a/contrib/bsddialog/utility/util.h
+++ b/contrib/bsddialog/utility/util.h
@@ -1,7 +1,7 @@
 /*-
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2021-2023 Alfonso Sabato Siciliano
+ * Copyright (c) 2021-2025 Alfonso Sabato Siciliano
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
diff --git a/contrib/bsddialog/utility/util_builders.c b/contrib/bsddialog/utility/util_builders.c
index 2e69994a0ec0..0a968d4319f9 100644
--- a/contrib/bsddialog/utility/util_builders.c
+++ b/contrib/bsddialog/utility/util_builders.c
@@ -1,7 +1,7 @@
 /*-
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2021-2024 Alfonso Sabato Siciliano
+ * Copyright (c) 2021-2025 Alfonso Sabato Siciliano
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -82,7 +82,7 @@ int gauge_builder(BUILDER_ARGS)
 
 	perc = 0;
 	if (argc == 1) {
-		perc = (u_int)strtoul(argv[0], NULL, 10);
+		perc = (unsigned int)strtoul(argv[0], NULL, 10);
 		perc = perc > 100 ? 100 : perc;
 	} else if (argc > 1) {
 		error_args(opt->name, argc - 1, argv + 1);
@@ -106,7 +106,7 @@ int mixedgauge_builder(BUILDER_ARGS)
 		exit_error(true,
 		    "bad %s pair number [<minilabel> <miniperc>]", opt->name);
 
-	mainperc = (u_int)strtoul(argv[0], NULL, 10);
+	mainperc = (unsigned int)strtoul(argv[0], NULL, 10);
 	mainperc = mainperc > 100 ? 100 : mainperc;
 	argc--;
 	argv++;
@@ -138,7 +138,7 @@ int pause_builder(BUILDER_ARGS)
 	if (argc > 1)
 		error_args(opt->name, argc - 1, argv + 1);
 
-	secs = (u_int)strtoul(argv[0], NULL, 10);
+	secs = (unsigned int)strtoul(argv[0], NULL, 10);
 	output = bsddialog_pause(conf, text, rows, cols, &secs);
 
 	return (output);
@@ -189,9 +189,9 @@ static int date(BUILDER_ARGS)
 		error_args(opt->name, argc - 3, argv + 3);
 	} else if (argc == 3) {
 		/* lib checks/sets max and min */
-		dd = (u_int)strtoul(argv[0], NULL, 10);
-		mm = (u_int)strtoul(argv[1], NULL, 10);
-		yy = (u_int)strtoul(argv[2], NULL, 10);
+		dd = (unsigned int)strtoul(argv[0], NULL, 10);
+		mm = (unsigned int)strtoul(argv[1], NULL, 10);
+		yy = (unsigned int)strtoul(argv[2], NULL, 10);
 	}
 
 	if (strcmp(opt->name, "--datebox") == 0)
@@ -259,9 +259,9 @@ int timebox_builder(BUILDER_ARGS)
 	if (argc > 3) {
 		error_args("--timebox", argc - 3, argv + 3);
 	} else if (argc == 3) {
-		hh = (u_int)strtoul(argv[0], NULL, 10);
-		mm = (u_int)strtoul(argv[1], NULL, 10);
-		ss = (u_int)strtoul(argv[2], NULL, 10);
+		hh = (unsigned int)strtoul(argv[0], NULL, 10);
+		mm = (unsigned int)strtoul(argv[1], NULL, 10);
+		ss = (unsigned int)strtoul(argv[2], NULL, 10);
 	}
 
 	output = bsddialog_timebox(conf, text, rows, cols, &hh, &mm, &ss);
@@ -315,7 +315,7 @@ get_menu_items(int argc, char **argv, bool setprefix, bool setdepth,
 	for (i = 0; i < *nitems; i++) {
 		(*items)[i].prefix = setprefix ? argv[j++] : "";
 		(*items)[i].depth = setdepth ?
-		    (u_int)strtoul(argv[j++], NULL, 0) : 0;
+		    (unsigned int)strtoul(argv[j++], NULL, 0) : 0;
 		(*items)[i].name = setname ? argv[j++] : "";
 		(*items)[i].desc = setdesc ? argv[j++] : "";
 		if (setstatus) {
@@ -436,7 +436,7 @@ int checklist_builder(BUILDER_ARGS)
 
 	if (argc < 1)
 		exit_error(true, "--checklist missing <menurows>");
-	menurows = (u_int)strtoul(argv[0], NULL, 10);
+	menurows = (unsigned int)strtoul(argv[0], NULL, 10);
 
 	get_menu_items(argc-1, argv+1, opt->item_prefix, opt->item_depth, true,
 	    true, true, opt->item_bottomdesc, &nitems, &items, &focusitem, opt);
@@ -461,7 +461,7 @@ int menu_builder(BUILDER_ARGS)
 
 	if (argc < 1)
 		exit_error(true, "--menu missing <menurows>");
-	menurows = (u_int)strtoul(argv[0], NULL, 10);
+	menurows = (unsigned int)strtoul(argv[0], NULL, 10);
 
 	get_menu_items(argc-1, argv+1, opt->item_prefix, opt->item_depth, true,
 	    true, false, opt->item_bottomdesc, &nitems, &items, &focusitem,
@@ -487,7 +487,7 @@ int radiolist_builder(BUILDER_ARGS)
 
 	if (argc < 1)
 		exit_error(true, "--radiolist missing <menurows>");
-	menurows = (u_int)strtoul(argv[0], NULL, 10);
+	menurows = (unsigned int)strtoul(argv[0], NULL, 10);
 
 	get_menu_items(argc-1, argv+1, opt->item_prefix, opt->item_depth, true,
 	    true, true, opt->item_bottomdesc, &nitems, &items, &focusitem, opt);
@@ -512,7 +512,7 @@ int treeview_builder(BUILDER_ARGS)
 
 	if (argc < 1)
 		exit_error(true, "--treeview missing <menurows>");
-	menurows = (u_int)strtoul(argv[0], NULL, 10);
+	menurows = (unsigned int)strtoul(argv[0], NULL, 10);
 
 	get_menu_items(argc-1, argv+1, opt->item_prefix, true, true, true, true,
 	    opt->item_bottomdesc, &nitems, &items, &focusitem, opt);
@@ -595,7 +595,7 @@ int form_builder(BUILDER_ARGS)
 
 	if (argc < 1)
 		exit_error(true, "--form missing <formheight>");
-	formheight = (u_int)strtoul(argv[0], NULL, 10);
+	formheight = (unsigned int)strtoul(argv[0], NULL, 10);
 
 	argc--;
 	argv++;
@@ -609,11 +609,11 @@ int form_builder(BUILDER_ARGS)
 	j = 0;
 	for (i = 0; i < nitems; i++) {
 		items[i].label	= argv[j++];
-		items[i].ylabel = (u_int)strtoul(argv[j++], NULL, 10);
-		items[i].xlabel = (u_int)strtoul(argv[j++], NULL, 10);
+		items[i].ylabel = (unsigned int)strtoul(argv[j++], NULL, 10);
+		items[i].xlabel = (unsigned int)strtoul(argv[j++], NULL, 10);
 		items[i].init	= argv[j++];
-		items[i].yfield	= (u_int)strtoul(argv[j++], NULL, 10);
-		items[i].xfield	= (u_int)strtoul(argv[j++], NULL, 10);
+		items[i].yfield	= (unsigned int)strtoul(argv[j++], NULL, 10);
+		items[i].xfield	= (unsigned int)strtoul(argv[j++], NULL, 10);
 
 		fieldlen = (int)strtol(argv[j++], NULL, 10);
 		if (fieldlen == 0)
@@ -621,7 +621,7 @@ int form_builder(BUILDER_ARGS)
 		else
 			items[i].fieldlen = abs(fieldlen);
 
-		items[i].maxvaluelen = (u_int)strtoul(argv[j++], NULL, 10);
+		items[i].maxvaluelen = (unsigned int)strtoul(argv[j++], NULL, 10);
 		if (items[i].maxvaluelen == 0)
 			items[i].maxvaluelen = items[i].fieldlen;
 
@@ -678,7 +678,7 @@ int mixedform_builder(BUILDER_ARGS)
 
 	if (argc < 1)
 		exit_error(true, "--mixedform missing <formheight>");
-	formheight = (u_int)strtoul(argv[0], NULL, 10);
+	formheight = (unsigned int)strtoul(argv[0], NULL, 10);
 
 	argc--;
 	argv++;
@@ -692,21 +692,21 @@ int mixedform_builder(BUILDER_ARGS)
 	j = 0;
 	for (i = 0; i < nitems; i++) {
 		items[i].label	= argv[j++];
-		items[i].ylabel = (u_int)strtoul(argv[j++], NULL, 10);
-		items[i].xlabel = (u_int)strtoul(argv[j++], NULL, 10);
+		items[i].ylabel = (unsigned int)strtoul(argv[j++], NULL, 10);
+		items[i].xlabel = (unsigned int)strtoul(argv[j++], NULL, 10);
 		items[i].init	= argv[j++];
-		items[i].yfield	= (u_int)strtoul(argv[j++], NULL, 10);
-		items[i].xfield	= (u_int)strtoul(argv[j++], NULL, 10);
+		items[i].yfield	= (unsigned int)strtoul(argv[j++], NULL, 10);
+		items[i].xfield	= (unsigned int)strtoul(argv[j++], NULL, 10);
 		fieldlen        = (int)strtol(argv[j++], NULL, 10);
 		if (fieldlen == 0)
 			items[i].fieldlen = strcols(items[i].init);
 		else
 			items[i].fieldlen = abs(fieldlen);
-		items[i].maxvaluelen = (u_int)strtoul(argv[j++], NULL, 10);
+		items[i].maxvaluelen = (unsigned int)strtoul(argv[j++], NULL, 10);
 		if (items[i].maxvaluelen == 0)
 			items[i].maxvaluelen = items[i].fieldlen;
 
-		items[i].flags = (u_int)strtoul(argv[j++], NULL, 10);
+		items[i].flags = (unsigned int)strtoul(argv[j++], NULL, 10);
 		if (fieldlen <= 0)
 			items[i].flags |= BSDDIALOG_FIELDREADONLY;
 
@@ -765,7 +765,7 @@ int passwordform_builder(BUILDER_ARGS)
 
 	if (argc < 1)
 		exit_error(true, "--passwordform missing <formheight>");
-	formheight = (u_int)strtoul(argv[0], NULL, 10);
+	formheight = (unsigned int)strtoul(argv[0], NULL, 10);
 
 	argc--;
 	argv++;
@@ -780,11 +780,11 @@ int passwordform_builder(BUILDER_ARGS)
 	j = 0;
 	for (i = 0; i < nitems; i++) {
 		items[i].label	= argv[j++];
-		items[i].ylabel = (u_int)strtoul(argv[j++], NULL, 10);
-		items[i].xlabel = (u_int)strtoul(argv[j++], NULL, 10);
+		items[i].ylabel = (unsigned int)strtoul(argv[j++], NULL, 10);
+		items[i].xlabel = (unsigned int)strtoul(argv[j++], NULL, 10);
 		items[i].init	= argv[j++];
-		items[i].yfield	= (u_int)strtoul(argv[j++], NULL, 10);
-		items[i].xfield	= (u_int)strtoul(argv[j++], NULL, 10);
+		items[i].yfield	= (unsigned int)strtoul(argv[j++], NULL, 10);
+		items[i].xfield	= (unsigned int)strtoul(argv[j++], NULL, 10);
 
 		fieldlen = (int)strtol(argv[j++], NULL, 10);
 		items[i].fieldlen = abs(fieldlen);
diff --git a/contrib/bsddialog/utility/util_cli.c b/contrib/bsddialog/utility/util_cli.c
index a70de36a699e..01b6fc31f065 100644
--- a/contrib/bsddialog/utility/util_cli.c
+++ b/contrib/bsddialog/utility/util_cli.c
@@ -1,7 +1,7 @@
 /*-
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2021-2023 Alfonso Sabato Siciliano
+ * Copyright (c) 2021-2025 Alfonso Sabato Siciliano
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
diff --git a/contrib/bsddialog/utility/util_theme.c b/contrib/bsddialog/utility/util_theme.c
index a95cadacc1b0..cca79e83b97d 100644
--- a/contrib/bsddialog/utility/util_theme.c
+++ b/contrib/bsddialog/utility/util_theme.c
@@ -1,7 +1,7 @@
 /*-
  * SPDX-License-Identifier: BSD-2-Clause
  *
- * Copyright (c) 2022-2024 Alfonso Sabato Siciliano
+ * Copyright (c) 2022-2025 Alfonso Sabato Siciliano
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -279,7 +279,7 @@ void loadtheme(const char *file, bool compatibility)
 			break;
 		case BOOL:
 			boolvalue = (strstr(value, "true") != NULL) ?
-			    true :false;
+			    true : false;
 			*((bool*)p[i].value) = boolvalue;
 			break;
 		case COLOR:
diff --git a/contrib/expat/Changes b/contrib/expat/Changes
index 9d6c64b6a460..01e54b676416 100644
--- a/contrib/expat/Changes
+++ b/contrib/expat/Changes
@@ -15,12 +15,16 @@
 !!   ClusterFuzz findings with few-days-max response times in communication  !!
 !!   in order to (1) have a sound fix ready before the end of a 90 days      !!
 !!   grace period and (2) in a sustainable manner,                           !!
-!! - helping CPython Expat bindings with supporting Expat's billion laughs   !!
+!! - helping CPython Expat bindings with supporting Expat's amplification    !!
 !!   attack protection API (https://github.com/python/cpython/issues/90949): !!
+!!   - XML_SetAllocTrackerActivationThreshold                                !!
+!!   - XML_SetAllocTrackerMaximumAmplification                               !!
 !!   - XML_SetBillionLaughsAttackProtectionActivationThreshold               !!
 !!   - XML_SetBillionLaughsAttackProtectionMaximumAmplification              !!
 !! - helping Perl's XML::Parser Expat bindings with supporting Expat's       !!
 !!   security API (https://github.com/cpan-authors/XML-Parser/issues/102):   !!
+!!   - XML_SetAllocTrackerActivationThreshold                                !!
+!!   - XML_SetAllocTrackerMaximumAmplification                               !!
 !!   - XML_SetBillionLaughsAttackProtectionActivationThreshold               !!
 !!   - XML_SetBillionLaughsAttackProtectionMaximumAmplification              !!
 !!   - XML_SetReparseDeferralEnabled                                         !!
@@ -37,6 +41,133 @@
 !! THANK YOU!                        Sebastian Pipping -- Berlin, 2024-03-09 !!
 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 
+Release 2.7.3 Wed September 24 2025
+        Security fixes:
+     #1046 #1048  Fix alignment of internal allocations for some non-amd64
+                    architectures (e.g. sparc32); fixes up on the fix to
+                    CVE-2025-59375 from #1034 (of Expat 2.7.2 and related
+                    backports)
+           #1059  Fix a class of false positives where input should have been
+                    rejected with error XML_ERROR_ASYNC_ENTITY; regression from
+                    CVE-2024-8176 fix pull request #973 (of Expat 2.7.0 and
+                    related backports). Please check the added unit tests for
+                    example documents.
+
+        Other changes:
+           #1043  Prove and regression-proof absence of integer overflow
+                    from function expat_realloc
+           #1062  Remove "harmless" cast that truncated a size_t to unsigned
+           #1049  Autotools: Remove "ln -s" discovery
+           #1054  docs: Be consistent with use of floating point around
+                    XML_SetAllocTrackerMaximumAmplification
+           #1056  docs: Make it explicit that XML_GetCurrentColumnNumber
+                    starts at 0
+           #1057  docs: Better integrate the effect of the activation
+                    thresholds
+           #1058  docs: Fix an in-comment typo in expat.h
+           #1045  docs: Fix a typo in README.md
+           #1041  docs: Improve change log of release 2.7.2
+           #1053  xmlwf: Resolve use of functions XML_GetErrorLineNumber
+                    and XML_GetErrorColumnNumber
+           #1032  Windows: Normalize .bat files to CRLF line endings
+     #1060 #1061  Version info bumped from 12:0:11 (libexpat*.so.1.11.0)
+                    to 12:1:11 (libexpat*.so.1.11.1); see https://verbump.de/
+                    for what these numbers do
+
+        Infrastructure:
+     #1047 #1050  CI: Cleanup UndefinedBehaviorSanitizer fatality
+           #1044  CI|Linux: Stop aborting at first job failure
+           #1052  CI|FreeBSD: Upgrade to FreeBSD 15.0
+           #1039  CI|FreeBSD: Do not install CMake meta-package
+
+        Special thanks to:
+            Bénédikt Tran
+            Berkay Eren Ürün
+            Daniel Engberg
+            Hanno Böck
+            Matthew Fernandez
+            Rolf Eike Beer
+            Sam James
+            Tim Bray
+                 and
+            Clang/GCC UndefinedBehaviorSanitizer
+            OSS-Fuzz / ClusterFuzz
+            Z3 Theorem Prover
+
+Release 2.7.2 Tue September 16 2025
+        Security fixes:
+     #1018 #1034  CVE-2025-59375 -- Disallow use of disproportional amounts of
+                    dynamic memory from within an Expat parser (e.g. previously
+                    a ~250 KiB sized document was able to cause allocation of
+                    ~800 MiB from the heap, i.e. an "amplification" of factor
+                    ~3,300); once a threshold (that defaults to 64 MiB) is
+                    reached, a maximum amplification factor (that defaults to
+                    100.0) is enforced, and violating documents are rejected
+                    with an out-of-memory error.
+                    There are two new API functions to fine-tune this new
+                    behavior:
+                      - XML_SetAllocTrackerActivationThreshold
+                      - XML_SetAllocTrackerMaximumAmplification .
+                    If you ever need to increase these defaults for non-attack
+                    XML payload, please file a bug report with libexpat.
+                      There is also a new environment variable
+                    EXPAT_MALLOC_DEBUG=(0|1|2) to control the verbosity
+                    of allocations debugging at runtime, disabled by default.
+                      Known impact is (reliable and easy) denial of service:
+                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C
+                    (Base Score: 7.5, Temporal Score: 7.2)
+                    Please note that a layer of compression around XML can
+                    significantly reduce the minimum attack payload size.
+                      Distributors intending to backport (or cherry-pick) the
+                    fix need to copy 99% of the related pull request, not just
+                    the "lib: Implement tracking of dynamic memory allocations"
+                    commit, to not end up with a state that literally does both
+                    too much and too little at the same time. Appending ".diff"
+                    to the pull request URL could be of help.
+
+        Other changes:
+     #1008 #1017  Autotools|macOS: Sync CMake templates with CMake 3.31
+           #1007  CMake: Drop support for CMake <3.15
+           #1004  CMake: Fix off_t detection for -Werror
+           #1007  CMake|Windows: Fix -DEXPAT_MSVC_STATIC_CRT=ON
+           #1013  Windows: Drop support for Visual Studio <=16.0/2019
+           #1026  xmlwf: Mention supported environment variables in
+                    --help output
+           #1024  xmlwf: Fix (internal) help generator
+           #1034  docs: Promote the contract to call function
+                    XML_FreeContentModel when registering a custom
+                    element declaration handler (via a call to function
+                    XML_SetElementDeclHandler)
+           #1027  docs: Add missing <p>..</p> wrap
+            #994  docs: Drop AppVeyor badge
+           #1000  tests: Fix portable_strndup
+           #1036  Drop casts around malloc/free/realloc that C99 does not need
+           #1010  Replace empty for loops with while loops
+           #1011  Add const with internal XmlInitUnknownEncodingNS
+       #14 #1037  Drop an OpenVMS support leftover
+      #999 #1001  Address more clang-tidy warnings
+     #1030 #1038  Version info bumped from 11:2:10 (libexpat*.so.1.10.2)
+                    to 12:0:11 (libexpat*.so.1.11.0); see https://verbump.de/
+                    for what these numbers do
+
+        Infrastructure:
+           #1003  CI: Cover compilation on FreeBSD
+     #1009 #1035  CI: Upgrade Clang from 19 to 21
+           #1031  CI: Make calling Cppcheck without --suppress=objectIndex
+                    and --suppress=unknownMacro possible
+           #1013  CI|Windows: Get off of deprecated image "windows-2019"
+  #1008 #1017 ..
+     #1023 #1025  CI: Adapt to breaking changes in GitHub Actions
+
+        Special thanks to:
+            Alexander Bluhm
+            Neil Pang
+            Theo Buehler
+                 and
+            GNU Time
+            OSS-Fuzz / ClusterFuzz
+            Perl XML::Parser
+
 Release 2.7.1 Thu March 27 2025
         Bug fixes:
        #980 #989  Restore event pointer behavior from Expat 2.6.4
@@ -54,7 +185,7 @@ Release 2.7.1 Thu March 27 2025
        #983 #984  Fix printf format specifiers for 32bit Emscripten
             #992  docs: Promote OpenSSF Best Practices self-certification
             #978  tests/benchmark: Resolve mistaken double close
-            #986  Address compiler warnings
+            #986  Address Frama-C warnings
        #990 #993  Version info bumped from 11:1:10 (libexpat*.so.1.10.1)
                     to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/
                     for what these numbers do
diff --git a/contrib/expat/Makefile.am b/contrib/expat/Makefile.am
index c20531a8d6c6..d612d432becb 100644
--- a/contrib/expat/Makefile.am
+++ b/contrib/expat/Makefile.am
@@ -58,10 +58,8 @@ pkgconfig_DATA = expat.pc
 pkgconfigdir = $(libdir)/pkgconfig
 
 
-dist_cmake_DATA = \
-    cmake/autotools/expat.cmake
-
 nodist_cmake_DATA = \
+    cmake/autotools/expat.cmake \
     cmake/autotools/expat-config-version.cmake \
     cmake/autotools/expat-noconfig.cmake \
     cmake/expat-config.cmake
@@ -70,6 +68,9 @@ cmakedir = $(libdir)/cmake/expat-@PACKAGE_VERSION@
 
 
 _EXTRA_DIST_CMAKE = \
+    cmake/autotools/expat__linux.cmake.in \
+    cmake/autotools/expat__macos.cmake.in \
+    cmake/autotools/expat__windows.cmake.in \
     cmake/autotools/expat-noconfig__linux.cmake.in \
     cmake/autotools/expat-noconfig__macos.cmake.in \
     cmake/autotools/expat-noconfig__windows.cmake.in \
diff --git a/contrib/expat/Makefile.in b/contrib/expat/Makefile.in
index 069ec4047eea..b799591f2fc2 100644
--- a/contrib/expat/Makefile.in
+++ b/contrib/expat/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.5 from Makefile.am.
+# Makefile.in generated by automake 1.18.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2021 Free Software Foundation, Inc.
+# Copyright (C) 1994-2025 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -105,6 +105,8 @@ am__make_running_with_option = \
   test $$has_opt = yes
 am__make_dryrun = (target_option=n; $(am__make_running_with_option))
 am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+am__rm_f = rm -f $(am__rm_f_notfound)
+am__rm_rf = rm -rf $(am__rm_f_notfound)
 pkgdatadir = $(datadir)/@PACKAGE@
 pkgincludedir = $(includedir)/@PACKAGE@
 pkglibdir = $(libdir)/@PACKAGE@
@@ -145,12 +147,13 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(top_srcdir)/configure \
-	$(am__configure_deps) $(dist_cmake_DATA) $(am__DIST_COMMON)
+	$(am__configure_deps) $(am__DIST_COMMON)
 am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
  configure.lineno config.status.lineno
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = expat_config.h
 CONFIG_CLEAN_FILES = expat.pc cmake/expat-config.cmake \
+	cmake/autotools/expat.cmake \
 	cmake/autotools/expat-config-version.cmake \
 	cmake/autotools/expat-noconfig.cmake run.sh
 CONFIG_CLEAN_VPATH_FILES =
@@ -203,14 +206,12 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__uninstall_files_from_dir = { \
-  test -z "$$files" \
-    || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
-    || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
-         $(am__cd) "$$dir" && rm -f $$files; }; \
+  { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+  || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+       $(am__cd) "$$dir" && echo $$files | $(am__xargs_n) 40 $(am__rm_f); }; \
   }
-am__installdirs = "$(DESTDIR)$(cmakedir)" "$(DESTDIR)$(cmakedir)" \
-	"$(DESTDIR)$(pkgconfigdir)"
-DATA = $(dist_cmake_DATA) $(nodist_cmake_DATA) $(pkgconfig_DATA)
+am__installdirs = "$(DESTDIR)$(cmakedir)" "$(DESTDIR)$(pkgconfigdir)"
+DATA = $(nodist_cmake_DATA) $(pkgconfig_DATA)
 RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive	\
   distclean-recursive maintainer-clean-recursive
 am__recursive_targets = \
@@ -256,8 +257,8 @@ distdir = $(PACKAGE)-$(VERSION)
 top_distdir = $(distdir)
 am__remove_distdir = \
   if test -d "$(distdir)"; then \
-    find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \
-      && rm -rf "$(distdir)" \
+    find "$(distdir)" -type d ! -perm -700 -exec chmod u+rwx {} ';' \
+      ; rm -rf "$(distdir)" \
       || { sleep 5 && rm -rf "$(distdir)"; }; \
   else :; fi
 am__post_remove_distdir = $(am__remove_distdir)
@@ -288,14 +289,16 @@ am__relativize = \
   reldir="$$dir2"
 DIST_ARCHIVES = $(distdir).tar.gz $(distdir).tar.bz2 $(distdir).tar.lz \
 	$(distdir).tar.xz
-GZIP_ENV = --best
+GZIP_ENV = -9
 DIST_TARGETS = dist-lzip dist-xz dist-bzip2 dist-gzip
 # Exists only to be overridden by the user if desired.
 AM_DISTCHECK_DVI_TARGET = dvi
 distuninstallcheck_listfiles = find . -type f -print
 am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \
   | sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$'
-distcleancheck_listfiles = find . -type f -print
+distcleancheck_listfiles = \
+  find . \( -type f -a \! \
+            \( -name .nfs* -o -name .smb* -o -name .__afs* \) \) -print
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
 AM_CFLAGS = @AM_CFLAGS@
@@ -403,8 +406,10 @@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
 am__include = @am__include@
 am__leading_dot = @am__leading_dot@
 am__quote = @am__quote@
+am__rm_f_notfound = @am__rm_f_notfound@
 am__tar = @am__tar@
 am__untar = @am__untar@
+am__xargs_n = @am__xargs_n@
 bindir = @bindir@
 build = @build@
 build_alias = @build_alias@
@@ -458,16 +463,17 @@ LIBTOOLFLAGS = --verbose
 SUBDIRS = lib $(am__append_1) $(am__append_2) $(am__append_3)
 pkgconfig_DATA = expat.pc
 pkgconfigdir = $(libdir)/pkgconfig
-dist_cmake_DATA = \
-    cmake/autotools/expat.cmake
-
 nodist_cmake_DATA = \
+    cmake/autotools/expat.cmake \
     cmake/autotools/expat-config-version.cmake \
     cmake/autotools/expat-noconfig.cmake \
     cmake/expat-config.cmake
 
 cmakedir = $(libdir)/cmake/expat-@PACKAGE_VERSION@
 _EXTRA_DIST_CMAKE = \
+    cmake/autotools/expat__linux.cmake.in \
+    cmake/autotools/expat__macos.cmake.in \
+    cmake/autotools/expat__windows.cmake.in \
     cmake/autotools/expat-noconfig__linux.cmake.in \
     cmake/autotools/expat-noconfig__macos.cmake.in \
     cmake/autotools/expat-noconfig__windows.cmake.in \
@@ -552,12 +558,12 @@ expat_config.h: stamp-h1
 	@test -f $@ || $(MAKE) $(AM_MAKEFLAGS) stamp-h1
 
 stamp-h1: $(srcdir)/expat_config.h.in $(top_builddir)/config.status
-	@rm -f stamp-h1
-	cd $(top_builddir) && $(SHELL) ./config.status expat_config.h
+	$(AM_V_at)rm -f stamp-h1
+	$(AM_V_GEN)cd $(top_builddir) && $(SHELL) ./config.status expat_config.h
 $(srcdir)/expat_config.h.in: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) 
-	($(am__cd) $(top_srcdir) && $(AUTOHEADER))
-	rm -f stamp-h1
-	touch $@
+	$(AM_V_GEN)($(am__cd) $(top_srcdir) && $(AUTOHEADER))
+	$(AM_V_at)rm -f stamp-h1
+	$(AM_V_at)touch $@
 
 distclean-hdr:
 	-rm -f expat_config.h stamp-h1
@@ -565,6 +571,8 @@ expat.pc: $(top_builddir)/config.status $(srcdir)/expat.pc.in
 	cd $(top_builddir) && $(SHELL) ./config.status $@
 cmake/expat-config.cmake: $(top_builddir)/config.status $(top_srcdir)/cmake/expat-config.cmake.in
 	cd $(top_builddir) && $(SHELL) ./config.status $@
+cmake/autotools/expat.cmake: $(top_builddir)/config.status 
+	cd $(top_builddir) && $(SHELL) ./config.status $@
 cmake/autotools/expat-config-version.cmake: $(top_builddir)/config.status $(top_srcdir)/cmake/autotools/expat-config-version.cmake.in
 	cd $(top_builddir) && $(SHELL) ./config.status $@
 cmake/autotools/expat-noconfig.cmake: $(top_builddir)/config.status 
@@ -580,27 +588,6 @@ clean-libtool:
 
 distclean-libtool:
 	-rm -f libtool config.lt
-install-dist_cmakeDATA: $(dist_cmake_DATA)
-	@$(NORMAL_INSTALL)
-	@list='$(dist_cmake_DATA)'; test -n "$(cmakedir)" || list=; \
-	if test -n "$$list"; then \
-	  echo " $(MKDIR_P) '$(DESTDIR)$(cmakedir)'"; \
-	  $(MKDIR_P) "$(DESTDIR)$(cmakedir)" || exit 1; \
-	fi; \
-	for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  echo "$$d$$p"; \
-	done | $(am__base_list) | \
-	while read files; do \
-	  echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(cmakedir)'"; \
-	  $(INSTALL_DATA) $$files "$(DESTDIR)$(cmakedir)" || exit $$?; \
-	done
-
-uninstall-dist_cmakeDATA:
-	@$(NORMAL_UNINSTALL)
-	@list='$(dist_cmake_DATA)'; test -n "$(cmakedir)" || list=; \
-	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
-	dir='$(DESTDIR)$(cmakedir)'; $(am__uninstall_files_from_dir)
 install-nodist_cmakeDATA: $(nodist_cmake_DATA)
 	@$(NORMAL_INSTALL)
 	@list='$(nodist_cmake_DATA)'; test -n "$(cmakedir)" || list=; \
@@ -749,12 +736,13 @@ cscopelist-am: $(am__tagged_files)
 distclean-tags:
 	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
 	-rm -f cscope.out cscope.in.out cscope.po.out cscope.files
+
 distdir: $(BUILT_SOURCES)
 	$(MAKE) $(AM_MAKEFLAGS) distdir-am
 
 distdir-am: $(DISTFILES)
 	$(am__remove_distdir)
-	test -d "$(distdir)" || mkdir "$(distdir)"
+	$(AM_V_at)$(MKDIR_P) "$(distdir)"
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -822,6 +810,10 @@ dist-gzip: distdir
 dist-bzip2: distdir
 	tardir=$(distdir) && $(am__tar) | BZIP2=$${BZIP2--9} bzip2 -c >$(distdir).tar.bz2
 	$(am__post_remove_distdir)
+
+dist-bzip3: distdir
+	tardir=$(distdir) && $(am__tar) | bzip3 -c >$(distdir).tar.bz3
+	$(am__post_remove_distdir)
 dist-lzip: distdir
 	tardir=$(distdir) && $(am__tar) | lzip -c $${LZIP_OPT--9} >$(distdir).tar.lz
 	$(am__post_remove_distdir)
@@ -862,9 +854,11 @@ dist dist-all:
 distcheck: dist
 	case '$(DIST_ARCHIVES)' in \
 	*.tar.gz*) \
-	  eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).tar.gz | $(am__untar) ;;\
+	  eval GZIP= gzip -dc $(distdir).tar.gz | $(am__untar) ;;\
 	*.tar.bz2*) \
 	  bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\
+	*.tar.bz3*) \
+	  bzip3 -dc $(distdir).tar.bz3 | $(am__untar) ;;\
 	*.tar.lz*) \
 	  lzip -dc $(distdir).tar.lz | $(am__untar) ;;\
 	*.tar.xz*) \
@@ -872,7 +866,7 @@ distcheck: dist
 	*.tar.Z*) \
 	  uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
 	*.shar.gz*) \
-	  eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).shar.gz | unshar ;;\
+	  eval GZIP= gzip -dc $(distdir).shar.gz | unshar ;;\
 	*.zip*) \
 	  unzip $(distdir).zip ;;\
 	*.tar.zst*) \
@@ -948,7 +942,7 @@ check: check-recursive
 all-am: Makefile $(DATA) expat_config.h
 installdirs: installdirs-recursive
 installdirs-am:
-	for dir in "$(DESTDIR)$(cmakedir)" "$(DESTDIR)$(cmakedir)" "$(DESTDIR)$(pkgconfigdir)"; do \
+	for dir in "$(DESTDIR)$(cmakedir)" "$(DESTDIR)$(pkgconfigdir)"; do \
 	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
 	done
 install: install-recursive
@@ -975,8 +969,8 @@ mostlyclean-generic:
 clean-generic:
 
 distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+	-$(am__rm_f) $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || $(am__rm_f) $(CONFIG_CLEAN_VPATH_FILES)
 
 maintainer-clean-generic:
 	@echo "This command is intended for maintainers to use"
@@ -1003,8 +997,7 @@ info: info-recursive
 
 info-am:
 
-install-data-am: install-dist_cmakeDATA install-nodist_cmakeDATA \
-	install-pkgconfigDATA
+install-data-am: install-nodist_cmakeDATA install-pkgconfigDATA
 
 install-dvi: install-dvi-recursive
 
@@ -1050,29 +1043,27 @@ ps: ps-recursive
 
 ps-am:
 
-uninstall-am: uninstall-dist_cmakeDATA uninstall-nodist_cmakeDATA \
-	uninstall-pkgconfigDATA
+uninstall-am: uninstall-nodist_cmakeDATA uninstall-pkgconfigDATA
 
 .MAKE: $(am__recursive_targets) all install-am install-strip
 
 .PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am \
 	am--refresh check check-am clean clean-cscope clean-generic \
 	clean-libtool cscope cscopelist-am ctags ctags-am dist \
-	dist-all dist-bzip2 dist-gzip dist-lzip dist-shar dist-tarZ \
-	dist-xz dist-zip dist-zstd distcheck distclean \
+	dist-all dist-bzip2 dist-bzip3 dist-gzip dist-lzip dist-shar \
+	dist-tarZ dist-xz dist-zip dist-zstd distcheck distclean \
 	distclean-generic distclean-hdr distclean-libtool \
 	distclean-tags distcleancheck distdir distuninstallcheck dvi \
 	dvi-am html html-am info info-am install install-am \
-	install-data install-data-am install-dist_cmakeDATA \
-	install-dvi install-dvi-am install-exec install-exec-am \
-	install-html install-html-am install-info install-info-am \
-	install-man install-nodist_cmakeDATA install-pdf \
-	install-pdf-am install-pkgconfigDATA install-ps install-ps-am \
-	install-strip installcheck installcheck-am installdirs \
-	installdirs-am maintainer-clean maintainer-clean-generic \
-	mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \
-	ps ps-am tags tags-am uninstall uninstall-am \
-	uninstall-dist_cmakeDATA uninstall-nodist_cmakeDATA \
+	install-data install-data-am install-dvi install-dvi-am \
+	install-exec install-exec-am install-html install-html-am \
+	install-info install-info-am install-man \
+	install-nodist_cmakeDATA install-pdf install-pdf-am \
+	install-pkgconfigDATA install-ps install-ps-am install-strip \
+	installcheck installcheck-am installdirs installdirs-am \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+	tags tags-am uninstall uninstall-am uninstall-nodist_cmakeDATA \
 	uninstall-pkgconfigDATA
 
 .PRECIOUS: Makefile
@@ -1149,3 +1140,10 @@ qa:
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
 .NOEXPORT:
+
+# Tell GNU make to disable its built-in pattern rules.
+%:: %,v
+%:: RCS/%,v
+%:: RCS/%
+%:: s.%
+%:: SCCS/s.%
diff --git a/contrib/expat/README.md b/contrib/expat/README.md
index 77c6bf27d307..c2f288ca1242 100644
--- a/contrib/expat/README.md
+++ b/contrib/expat/README.md
@@ -1,5 +1,4 @@
 [![Run Linux CI tasks](https://github.com/libexpat/libexpat/actions/workflows/linux.yml/badge.svg)](https://github.com/libexpat/libexpat/actions/workflows/linux.yml)
-[![AppVeyor Build Status](https://ci.appveyor.com/api/projects/status/github/libexpat/libexpat?svg=true)](https://ci.appveyor.com/project/libexpat/libexpat)
 [![Packaging status](https://repology.org/badge/tiny-repos/expat.svg)](https://repology.org/metapackage/expat/versions)
 [![Downloads SourceForge](https://img.shields.io/sourceforge/dt/expat?label=Downloads%20SourceForge)](https://sourceforge.net/projects/expat/files/)
 [![Downloads GitHub](https://img.shields.io/github/downloads/libexpat/libexpat/total?label=Downloads%20GitHub)](https://github.com/libexpat/libexpat/releases)
@@ -12,7 +11,7 @@
 > at the top of the `Changes` file.
 
 
-# Expat, Release 2.7.1
+# Expat, Release 2.7.3
 
 This is Expat, a C99 library for parsing
 [XML 1.0 Fourth Edition](https://www.w3.org/TR/2006/REC-xml-20060816/), started by
@@ -27,7 +26,8 @@ Expat supports the following C99 compilers:
 
 - GNU GCC >=4.5 (for use from C) or GNU GCC >=4.8.1 (for use from C++)
 - LLVM Clang >=3.5
-- Microsoft Visual Studio >=16.0/2019 (rolling `${today} minus 5 years`)
+- Microsoft Visual Studio >=17.0/2022
+  (the oldest version supported by the [official GitHub Actions Windows images](https://github.com/actions/runner-images))
 
 Windows users can use the
 [`expat-win32bin-*.*.*.{exe,zip}` download](https://github.com/libexpat/libexpat/releases),
@@ -120,7 +120,7 @@ project(hello VERSION 1.0.0)
 FetchContent_Declare(
     expat
     GIT_REPOSITORY https://github.com/libexpat/libexpat/
-    GIT_TAG        000000000_GIT_COMMIT_SHA1_HERE_000000000  # i.e. Git tag R_0_Y_Z
+    GIT_TAG        000000000_GIT_COMMIT_SHA1_HERE_000000000  # i.e. Git tag R_X_Y_Z
     SOURCE_SUBDIR  expat/
 )
 
diff --git a/contrib/expat/configure.ac b/contrib/expat/configure.ac
index 0c88b8867019..072fea41ee8c 100644
--- a/contrib/expat/configure.ac
+++ b/contrib/expat/configure.ac
@@ -24,6 +24,7 @@ dnl   Copyright (c) 2019      Kishore Kunche <kishore.kunche@intel.com>
 dnl   Copyright (c) 2020      Jeffrey Walton <noloader@gmail.com>
 dnl   Copyright (c) 2024      Ferenc Géczi <ferenc.gm@gmail.com>
 dnl   Copyright (c) 2024      Dag-Erling Smørgrav <des@des.dev>
+dnl   Copyright (c) 2025      Matthew Fernandez <matthew.fernandez@gmail.com>
 dnl   Licensed under the MIT license:
 dnl
 dnl   Permission is  hereby granted,  free of charge,  to any  person obtaining
@@ -84,9 +85,9 @@ dnl
 dnl If the API changes incompatibly set LIBAGE back to 0
 dnl
 
-LIBCURRENT=11  # sync
-LIBREVISION=2  # with
-LIBAGE=10      # CMakeLists.txt!
+LIBCURRENT=12  # sync
+LIBREVISION=1  # with
+LIBAGE=11      # CMakeLists.txt!
 
 AC_CONFIG_HEADERS([expat_config.h])
 AH_TOP([#ifndef EXPAT_CONFIG_H
@@ -95,7 +96,6 @@ AH_BOTTOM([#endif // ndef EXPAT_CONFIG_H])
 
 AM_PROG_AR
 AC_PROG_INSTALL
-AC_PROG_LN_S
 AC_PROG_MAKE_SET
 
 LT_PREREQ([2.4])
@@ -440,12 +440,22 @@ AC_MSG_RESULT([${CMAKE_SHARED_LIBRARY_PREFIX}])
 AC_SUBST([CMAKE_SHARED_LIBRARY_PREFIX])
 
 AS_CASE("${host_os}",
-  [darwin*], [CMAKE_NOCONFIG_SOURCE=cmake/autotools/expat-noconfig__macos.cmake.in],
-  [mingw*|cygwin*], [CMAKE_NOCONFIG_SOURCE=cmake/autotools/expat-noconfig__windows.cmake.in],
-  [CMAKE_NOCONFIG_SOURCE=cmake/autotools/expat-noconfig__linux.cmake.in])
+  [darwin*], [
+    CMAKE_SOURCE=cmake/autotools/expat__macos.cmake.in
+    CMAKE_NOCONFIG_SOURCE=cmake/autotools/expat-noconfig__macos.cmake.in
+  ],
+  [mingw*|cygwin*], [
+    CMAKE_SOURCE=cmake/autotools/expat__windows.cmake.in
+    CMAKE_NOCONFIG_SOURCE=cmake/autotools/expat-noconfig__windows.cmake.in
+  ],
+  [
+    CMAKE_SOURCE=cmake/autotools/expat__linux.cmake.in
+    CMAKE_NOCONFIG_SOURCE=cmake/autotools/expat-noconfig__linux.cmake.in
+  ])
 AC_CONFIG_FILES([Makefile]
   [expat.pc]
   [cmake/expat-config.cmake]
+  [cmake/autotools/expat.cmake:${CMAKE_SOURCE}]
   [cmake/autotools/expat-config-version.cmake]
   [cmake/autotools/expat-noconfig.cmake:${CMAKE_NOCONFIG_SOURCE}]
   [doc/Makefile]
diff --git a/contrib/expat/doc/Makefile.in b/contrib/expat/doc/Makefile.in
index 72deb0565d94..13be5107f89b 100644
--- a/contrib/expat/doc/Makefile.in
+++ b/contrib/expat/doc/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.5 from Makefile.am.
+# Makefile.in generated by automake 1.18.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2021 Free Software Foundation, Inc.
+# Copyright (C) 1994-2025 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -102,6 +102,8 @@ am__make_running_with_option = \
   test $$has_opt = yes
 am__make_dryrun = (target_option=n; $(am__make_running_with_option))
 am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+am__rm_f = rm -f $(am__rm_f_notfound)
+am__rm_rf = rm -rf $(am__rm_f_notfound)
 pkgdatadir = $(datadir)/@PACKAGE@
 pkgincludedir = $(includedir)/@PACKAGE@
 pkglibdir = $(libdir)/@PACKAGE@
@@ -184,10 +186,9 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__uninstall_files_from_dir = { \
-  test -z "$$files" \
-    || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
-    || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
-         $(am__cd) "$$dir" && rm -f $$files; }; \
+  { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+  || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+       $(am__cd) "$$dir" && echo $$files | $(am__xargs_n) 40 $(am__rm_f); }; \
   }
 man1dir = $(mandir)/man1
 am__installdirs = "$(DESTDIR)$(man1dir)"
@@ -303,8 +304,10 @@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
 am__include = @am__include@
 am__leading_dot = @am__leading_dot@
 am__quote = @am__quote@
+am__rm_f_notfound = @am__rm_f_notfound@
 am__tar = @am__tar@
 am__untar = @am__untar@
+am__xargs_n = @am__xargs_n@
 bindir = @bindir@
 build = @build@
 build_alias = @build_alias@
@@ -442,6 +445,7 @@ ctags CTAGS:
 cscope cscopelist:
 
 @WITH_DISTRIBUTABLE_MANPAGE_TRUE@dist-hook:
+
 distdir: $(BUILT_SOURCES)
 	$(MAKE) $(AM_MAKEFLAGS) distdir-am
 
@@ -507,11 +511,11 @@ install-strip:
 mostlyclean-generic:
 
 clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+	-$(am__rm_f) $(CLEANFILES)
 
 distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+	-$(am__rm_f) $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || $(am__rm_f) $(CONFIG_CLEAN_VPATH_FILES)
 
 maintainer-clean-generic:
 	@echo "This command is intended for maintainers to use"
@@ -616,3 +620,10 @@ uninstall-man: uninstall-man1
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
 .NOEXPORT:
+
+# Tell GNU make to disable its built-in pattern rules.
+%:: %,v
+%:: RCS/%,v
+%:: RCS/%
+%:: s.%
+%:: SCCS/s.%
diff --git a/contrib/expat/doc/reference.html b/contrib/expat/doc/reference.html
index 2b3bd39580a9..d2dded499435 100644
--- a/contrib/expat/doc/reference.html
+++ b/contrib/expat/doc/reference.html
@@ -52,7 +52,7 @@
   <div>
     <h1>
       The Expat XML Parser
-      <small>Release 2.7.1</small>
+      <small>Release 2.7.3</small>
     </h1>
   </div>
 <div class="content">
@@ -157,6 +157,8 @@ interface.</p>
       <ul>
         <li><a href="#XML_SetBillionLaughsAttackProtectionMaximumAmplification">XML_SetBillionLaughsAttackProtectionMaximumAmplification</a></li>
         <li><a href="#XML_SetBillionLaughsAttackProtectionActivationThreshold">XML_SetBillionLaughsAttackProtectionActivationThreshold</a></li>
+        <li><a href="#XML_SetAllocTrackerMaximumAmplification">XML_SetAllocTrackerMaximumAmplification</a></li>
+        <li><a href="#XML_SetAllocTrackerActivationThreshold">XML_SetAllocTrackerActivationThreshold</a></li>
         <li><a href="#XML_SetReparseDeferralEnabled">XML_SetReparseDeferralEnabled</a></li>
       </ul>
     </li>
@@ -319,7 +321,7 @@ directions in the next section. Otherwise if you have Microsoft's
 Developer Studio installed,
 you can use CMake to generate a <code>.sln</code> file, e.g.
 <code>
-cmake -G"Visual Studio 16 2019" -DCMAKE_BUILD_TYPE=RelWithDebInfo .
+cmake -G"Visual Studio 17 2022" -DCMAKE_BUILD_TYPE=RelWithDebInfo .
 </code>, and build Expat using <code>msbuild /m expat.sln</code> after.</p>
 
 <p>Alternatively, you may download the Win32 binary package that
@@ -1905,7 +1907,7 @@ struct XML_cp {
 <p>Sets a handler for element declarations in a DTD. The handler gets
 called with the name of the element in the declaration and a pointer
 to a structure that contains the element model. It's the user code's 
-responsibility to free model when finished with it. See <code>
+responsibility to free model when finished with via a call to <code>
 <a href="#XML_FreeContentModel">XML_FreeContentModel</a></code>.
 There is no need to free the model from the handler, it can be kept
 around and freed at a later stage.</p>
@@ -2135,8 +2137,8 @@ XML_Size XMLCALL
 XML_GetCurrentColumnNumber(XML_Parser p);
 </pre>
 <div class="fcndef">
-Return the offset, from the beginning of the current line, of
-the position.
+Return the <em>offset</em>, from the beginning of the current line, of
+the position.  The first column is reported as <code>0</code>.
 </div>
 
 <h4 id="XML_GetCurrentByteCount">XML_GetCurrentByteCount</h4>
@@ -2198,13 +2200,16 @@ XML_SetBillionLaughsAttackProtectionMaximumAmplification(XML_Parser p,
     returns <code>XML_TRUE</code> upon success and <code>XML_FALSE</code> upon error.
   </p>
 
-  The amplification factor is calculated as ..
-  <pre>
-    amplification := (direct + indirect) / direct
-  </pre>
-  .. while parsing, whereas
-  <code>direct</code> is the number of bytes read from the primary document in parsing and
-  <code>indirect</code> is the number of bytes added by expanding entities and reading of external DTD files, combined.
+  <p>
+    Once the <a href="#XML_SetBillionLaughsAttackProtectionActivationThreshold">threshold for activation</a> is reached,
+    the amplification factor is calculated as ..
+  </p>
+  <pre>amplification := (direct + indirect) / direct</pre>
+  <p>
+    .. while parsing, whereas
+    <code>direct</code> is the number of bytes read from the primary document in parsing and
+    <code>indirect</code> is the number of bytes added by expanding entities and reading of external DTD files, combined.
+  </p>
 
   <p>For a call to <code>XML_SetBillionLaughsAttackProtectionMaximumAmplification</code> to succeed:</p>
   <ul>
@@ -2267,6 +2272,123 @@ XML_SetBillionLaughsAttackProtectionActivationThreshold(XML_Parser p,
   </p>
 </div>
 
+<h4 id="XML_SetAllocTrackerMaximumAmplification">XML_SetAllocTrackerMaximumAmplification</h4>
+<pre class="fcndec">
+/* Added in Expat 2.7.2. */
+XML_Bool
+XML_SetAllocTrackerMaximumAmplification(XML_Parser p,
+                                        float maximumAmplificationFactor);
+</pre>
+<div class="fcndef">
+  <p>
+    Sets the maximum tolerated amplification factor
+    between direct input and bytes of dynamic memory allocated
+    (default: <code>100.0</code>)
+    of parser <code>p</code> to <code>maximumAmplificationFactor</code>, and
+    returns <code>XML_TRUE</code> upon success and <code>XML_FALSE</code> upon error.
+  </p>
+
+  <p>
+    <strong>Note:</strong>
+    There are three types of allocations that intentionally bypass tracking and limiting:
+  </p>
+  <ul>
+    <li>
+      application calls to functions
+      <code><a href="#XML_MemMalloc">XML_MemMalloc</a></code>
+      and
+      <code><a href="#XML_MemRealloc">XML_MemRealloc</a></code>
+      &mdash;
+      <em>healthy</em> use of these two functions continues to be a responsibility
+      of the application using Expat
+      &mdash;,
+    </li>
+    <li>
+      the main character buffer used by functions
+      <code><a href="#XML_GetBuffer">XML_GetBuffer</a></code>
+      and
+      <code><a href="#XML_ParseBuffer">XML_ParseBuffer</a></code>
+      (and thus also by plain
+      <code><a href="#XML_Parse">XML_Parse</a></code>), and
+    </li>
+    <li>
+      the <a href="#XML_SetElementDeclHandler">content model memory</a>
+      (that is passed to the
+      <a href="#XML_SetElementDeclHandler">element declaration handler</a>
+      and freed by a call to
+      <code><a href="#XML_FreeContentModel">XML_FreeContentModel</a></code>).
+    </li>
+  </ul>
+
+  <p>
+    Once the <a href="#XML_SetAllocTrackerActivationThreshold">threshold for activation</a> is reached,
+    the amplification factor is calculated as ..
+  </p>
+  <pre>amplification := allocated / direct</pre>
+  <p>
+    .. while parsing, whereas
+    <code>direct</code> is the number of bytes read from the primary document in parsing and
+    <code>allocated</code> is the number of bytes of dynamic memory allocated in the parser hierarchy.
+  </p>
+
+  <p>For a call to <code>XML_SetAllocTrackerMaximumAmplification</code> to succeed:</p>
+  <ul>
+    <li>parser <code>p</code> must be a non-<code>NULL</code> root parser (without any parent parsers) and</li>
+    <li><code>maximumAmplificationFactor</code> must be non-<code>NaN</code> and greater than or equal to <code>1.0</code>.</li>
+  </ul>
+
+  <p>
+    <strong>Note:</strong>
+    If you ever need to increase this value for non-attack payload,
+    please <a href="https://github.com/libexpat/libexpat/issues">file a bug report</a>.
+  </p>
+
+  <p>
+    <strong>Note:</strong>
+    Amplifications factors greater than <code>100.0</code> can been observed near the start of parsing
+    even with benign files in practice.
+
+    So if you do reduce the maximum allowed amplification,
+    please make sure that the activation threshold is still big enough
+    to not end up with undesired false positives (i.e. benign files being rejected).
+  </p>
+</div>
+
+<h4 id="XML_SetAllocTrackerActivationThreshold">XML_SetAllocTrackerActivationThreshold</h4>
+<pre class="fcndec">
+/* Added in Expat 2.7.2. */
+XML_Bool
+XML_SetAllocTrackerActivationThreshold(XML_Parser p,
+                                       unsigned long long activationThresholdBytes);
+</pre>
+<div class="fcndef">
+  <p>
+    Sets number of allocated bytes of dynamic memory
+    needed to activate protection against disproportionate use of RAM
+    (default: <code>64 MiB</code>)
+    of parser <code>p</code> to <code>activationThresholdBytes</code>, and
+    returns <code>XML_TRUE</code> upon success and <code>XML_FALSE</code> upon error.
+  </p>
+
+  <p>
+    <strong>Note:</strong>
+    For types of allocations that intentionally bypass tracking and limiting, please see
+    <code><a href="#XML_SetAllocTrackerMaximumAmplification">XML_SetAllocTrackerMaximumAmplification</a></code>
+    above.
+  </p>
+
+  <p>For a call to <code>XML_SetAllocTrackerActivationThreshold</code> to succeed:</p>
+  <ul>
+    <li>parser <code>p</code> must be a non-<code>NULL</code> root parser (without any parent parsers).</li>
+  </ul>
+
+  <p>
+    <strong>Note:</strong>
+    If you ever need to increase this value for non-attack payload,
+    please <a href="https://github.com/libexpat/libexpat/issues">file a bug report</a>.
+  </p>
+</div>
+
 <h4 id="XML_SetReparseDeferralEnabled">XML_SetReparseDeferralEnabled</h4>
 <pre class="fcndec">
 /* Added in Expat 2.6.0. */
diff --git a/contrib/expat/doc/xmlwf.1 b/contrib/expat/doc/xmlwf.1
index 76aa7e30d074..aa2e9c218007 100644
--- a/contrib/expat/doc/xmlwf.1
+++ b/contrib/expat/doc/xmlwf.1
@@ -5,7 +5,7 @@
 \\$2 \(la\\$1\(ra\\$3
 ..
 .if \n(.g .mso www.tmac
-.TH XMLWF 1 "March 27, 2025" "" ""
+.TH XMLWF 1 "September 24, 2025" "" ""
 .SH NAME
 xmlwf \- Determines if an XML document is well-formed
 .SH SYNOPSIS
@@ -88,7 +88,11 @@ supports both.
 .TP 
 \*(T<\fB\-a\fR\*(T> \fIfactor\fR
 Sets the maximum tolerated amplification factor
-for protection against billion laughs attacks (default: 100.0).
+for protection against amplification attacks
+like the billion laughs attack
+(default: 100.0
+for the sum of direct and indirect output and also
+for allocations of dynamic memory).
 The amplification factor is calculated as ..
 
 .nf
@@ -97,12 +101,22 @@ The amplification factor is calculated as ..
           
 .fi
 
-\&.. while parsing, whereas
+\&.. with regard to use of entities and ..
+
+.nf
+
+            amplification := allocated / direct
+          
+.fi
+
+\&.. with regard to dynamic memory while parsing.
 <direct> is the number of bytes read
-from the primary document in parsing and
+from the primary document in parsing,
 <indirect> is the number of bytes
 added by expanding entities and reading of external DTD files,
-combined.
+combined, and
+<allocated> is the total number of bytes of dynamic memory
+allocated (and not freed) per hierarchy of parsers.
 
 \fINOTE\fR:
 If you ever need to increase this value for non-attack payload,
@@ -110,8 +124,10 @@ please file a bug report.
 .TP 
 \*(T<\fB\-b\fR\*(T> \fIbytes\fR
 Sets the number of output bytes (including amplification)
-needed to activate protection against billion laughs attacks
-(default: 8 MiB).
+needed to activate protection against amplification attacks
+like billion laughs
+(default: 8 MiB for the sum of direct and indirect output,
+and 64 MiB for allocations of dynamic memory).
 This can be thought of as an "activation threshold".
 
 \fINOTE\fR:
diff --git a/contrib/expat/doc/xmlwf.xml b/contrib/expat/doc/xmlwf.xml
index 17e9cf51c191..01316bb16627 100644
--- a/contrib/expat/doc/xmlwf.xml
+++ b/contrib/expat/doc/xmlwf.xml
@@ -21,7 +21,7 @@
           "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
   <!ENTITY dhfirstname "<firstname>Scott</firstname>">
   <!ENTITY dhsurname   "<surname>Bronson</surname>">
-  <!ENTITY dhdate      "<date>March 27, 2025</date>">
+  <!ENTITY dhdate      "<date>September 24, 2025</date>">
   <!-- Please adjust this^^ date whenever cutting a new release. -->
   <!ENTITY dhsection   "<manvolnum>1</manvolnum>">
   <!ENTITY dhemail     "<email>bronson@rinspin.com</email>">
@@ -158,19 +158,31 @@ supports both.
         <listitem>
           <para>
             Sets the maximum tolerated amplification factor
-            for protection against billion laughs attacks (default: 100.0).
+            for protection against amplification attacks
+            like the billion laughs attack
+            (default: 100.0
+            for the sum of direct and indirect output and also
+            for allocations of dynamic memory).
             The amplification factor is calculated as ..
           </para>
           <literallayout>
             amplification := (direct + indirect) / direct
           </literallayout>
           <para>
-            .. while parsing, whereas
+            .. with regard to use of entities and ..
+          </para>
+          <literallayout>
+            amplification := allocated / direct
+          </literallayout>
+          <para>
+            .. with regard to dynamic memory while parsing.
             &lt;direct&gt; is the number of bytes read
-              from the primary document in parsing and
+              from the primary document in parsing,
             &lt;indirect&gt; is the number of bytes
               added by expanding entities and reading of external DTD files,
-              combined.
+              combined, and
+            &lt;allocated&gt; is the total number of bytes of dynamic memory
+              allocated (and not freed) per hierarchy of parsers.
           </para>
           <para>
             <emphasis>NOTE</emphasis>:
@@ -185,8 +197,10 @@ supports both.
         <listitem>
           <para>
             Sets the number of output bytes (including amplification)
-            needed to activate protection against billion laughs attacks
-            (default: 8 MiB).
+            needed to activate protection against amplification attacks
+            like billion laughs
+            (default: 8 MiB for the sum of direct and indirect output,
+            and 64 MiB for allocations of dynamic memory).
             This can be thought of as an &quot;activation threshold&quot;.
           </para>
           <para>
diff --git a/contrib/expat/examples/Makefile.in b/contrib/expat/examples/Makefile.in
index 044c9089c565..0e55052ce6e4 100644
--- a/contrib/expat/examples/Makefile.in
+++ b/contrib/expat/examples/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.5 from Makefile.am.
+# Makefile.in generated by automake 1.18.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2021 Free Software Foundation, Inc.
+# Copyright (C) 1994-2025 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -101,6 +101,8 @@ am__make_running_with_option = \
   test $$has_opt = yes
 am__make_dryrun = (target_option=n; $(am__make_running_with_option))
 am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+am__rm_f = rm -f $(am__rm_f_notfound)
+am__rm_rf = rm -rf $(am__rm_f_notfound)
 pkgdatadir = $(datadir)/@PACKAGE@
 pkgincludedir = $(includedir)/@PACKAGE@
 pkglibdir = $(libdir)/@PACKAGE@
@@ -330,8 +332,10 @@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
 am__include = @am__include@
 am__leading_dot = @am__leading_dot@
 am__quote = @am__quote@
+am__rm_f_notfound = @am__rm_f_notfound@
 am__tar = @am__tar@
 am__untar = @am__untar@
+am__xargs_n = @am__xargs_n@
 bindir = @bindir@
 build = @build@
 build_alias = @build_alias@
@@ -414,13 +418,8 @@ $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
 $(am__aclocal_m4_deps):
 
 clean-noinstPROGRAMS:
-	@list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \
-	echo " rm -f" $$list; \
-	rm -f $$list || exit $$?; \
-	test -n "$(EXEEXT)" || exit 0; \
-	list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
-	echo " rm -f" $$list; \
-	rm -f $$list
+	$(am__rm_f) $(noinst_PROGRAMS)
+	test -z "$(EXEEXT)" || $(am__rm_f) $(noinst_PROGRAMS:$(EXEEXT)=)
 
 element_declarations$(EXEEXT): $(element_declarations_OBJECTS) $(element_declarations_DEPENDENCIES) $(EXTRA_element_declarations_DEPENDENCIES) 
 	@rm -f element_declarations$(EXEEXT)
@@ -446,7 +445,7 @@ distclean-compile:
 
 $(am__depfiles_remade):
 	@$(MKDIR_P) $(@D)
-	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+	@: >>$@
 
 am--depfiles: $(am__depfiles_remade)
 
@@ -528,6 +527,7 @@ cscopelist-am: $(am__tagged_files)
 
 distclean-tags:
 	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
 distdir: $(BUILT_SOURCES)
 	$(MAKE) $(AM_MAKEFLAGS) distdir-am
 
@@ -589,8 +589,8 @@ mostlyclean-generic:
 clean-generic:
 
 distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+	-$(am__rm_f) $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || $(am__rm_f) $(CONFIG_CLEAN_VPATH_FILES)
 
 maintainer-clean-generic:
 	@echo "This command is intended for maintainers to use"
@@ -601,7 +601,7 @@ clean-am: clean-generic clean-libtool clean-noinstPROGRAMS \
 	mostlyclean-am
 
 distclean: distclean-am
-		-rm -f ./$(DEPDIR)/element_declarations.Po
+	-rm -f ./$(DEPDIR)/element_declarations.Po
 	-rm -f ./$(DEPDIR)/elements.Po
 	-rm -f ./$(DEPDIR)/outline.Po
 	-rm -f Makefile
@@ -649,7 +649,7 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-		-rm -f ./$(DEPDIR)/element_declarations.Po
+	-rm -f ./$(DEPDIR)/element_declarations.Po
 	-rm -f ./$(DEPDIR)/elements.Po
 	-rm -f ./$(DEPDIR)/outline.Po
 	-rm -f Makefile
@@ -692,3 +692,10 @@ uninstall-am:
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
 .NOEXPORT:
+
+# Tell GNU make to disable its built-in pattern rules.
+%:: %,v
+%:: RCS/%,v
+%:: RCS/%
+%:: s.%
+%:: SCCS/s.%
diff --git a/contrib/expat/expat_config.h.in b/contrib/expat/expat_config.h.in
index 67ef89c7171a..543db8252448 100644
--- a/contrib/expat/expat_config.h.in
+++ b/contrib/expat/expat_config.h.in
@@ -24,7 +24,7 @@
 /* Define to 1 if you have the <fcntl.h> header file. */
 #undef HAVE_FCNTL_H
 
-/* Define to 1 if you have the `getpagesize' function. */
+/* Define to 1 if you have the 'getpagesize' function. */
 #undef HAVE_GETPAGESIZE
 
 /* Define to 1 if you have the `getrandom' function. */
@@ -33,10 +33,10 @@
 /* Define to 1 if you have the <inttypes.h> header file. */
 #undef HAVE_INTTYPES_H
 
-/* Define to 1 if you have the `bsd' library (-lbsd). */
+/* Define to 1 if you have the 'bsd' library (-lbsd). */
 #undef HAVE_LIBBSD
 
-/* Define to 1 if you have a working `mmap' system call. */
+/* Define to 1 if you have a working 'mmap' system call. */
 #undef HAVE_MMAP
 
 /* Define to 1 if you have the <stdint.h> header file. */
@@ -93,7 +93,7 @@
 /* Define to the version of this package. */
 #undef PACKAGE_VERSION
 
-/* Define to 1 if all of the C90 standard headers exist (not just the ones
+/* Define to 1 if all of the C89 standard headers exist (not just the ones
    required in a freestanding environment). This macro is provided for
    backward compatibility; new code need not use it. */
 #undef STDC_HEADERS
@@ -133,10 +133,10 @@
 /* Define to make XML Namespaces functionality available. */
 #undef XML_NS
 
-/* Define to empty if `const' does not conform to ANSI C. */
+/* Define to empty if 'const' does not conform to ANSI C. */
 #undef const
 
-/* Define to `long int' if <sys/types.h> does not define. */
+/* Define to 'long int' if <sys/types.h> does not define. */
 #undef off_t
 
 #endif // ndef EXPAT_CONFIG_H
diff --git a/contrib/expat/fuzz/xml_lpm_fuzzer.cpp b/contrib/expat/fuzz/xml_lpm_fuzzer.cpp
index f52ea7b21e40..719629a6b547 100644
--- a/contrib/expat/fuzz/xml_lpm_fuzzer.cpp
+++ b/contrib/expat/fuzz/xml_lpm_fuzzer.cpp
@@ -354,8 +354,10 @@ ExternalEntityRefHandler(XML_Parser parser, const XML_Char *context,
   if (g_external_entity) {
     XML_Parser ext_parser
         = XML_ExternalEntityParserCreate(parser, context, g_encoding);
-    rc = Parse(ext_parser, g_external_entity, g_external_entity_size, 1);
-    XML_ParserFree(ext_parser);
+    if (ext_parser != NULL) {
+      rc = Parse(ext_parser, g_external_entity, g_external_entity_size, 1);
+      XML_ParserFree(ext_parser);
+    }
   }
 
   return rc;
diff --git a/contrib/expat/fuzz/xml_parse_fuzzer.c b/contrib/expat/fuzz/xml_parse_fuzzer.c
index 6a1affe2b1f6..29ab33ff79d9 100644
--- a/contrib/expat/fuzz/xml_parse_fuzzer.c
+++ b/contrib/expat/fuzz/xml_parse_fuzzer.c
@@ -15,6 +15,7 @@
  */
 
 #include <assert.h>
+#include <limits.h> // for INT_MAX
 #include <stdint.h>
 
 #include "expat.h"
@@ -65,8 +66,9 @@ ParseOneInput(XML_Parser p, const uint8_t *data, size_t size) {
   XML_SetUserData(p, p);
   XML_SetElementHandler(p, start, end);
   XML_SetCharacterDataHandler(p, may_stop_character_handler);
-  XML_Parse(p, (const XML_Char *)data, size, 0);
-  if (XML_Parse(p, (const XML_Char *)data, size, 1) == XML_STATUS_ERROR) {
+  assert(size <= INT_MAX);
+  XML_Parse(p, (const XML_Char *)data, (int)size, 0);
+  if (XML_Parse(p, (const XML_Char *)data, (int)size, 1) == XML_STATUS_ERROR) {
     XML_ErrorString(XML_GetErrorCode(p));
   }
   XML_GetCurrentLineNumber(p);
@@ -89,15 +91,17 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
 
   XML_Parser externalEntityParser
       = XML_ExternalEntityParserCreate(parentParser, "e1", NULL);
-  assert(externalEntityParser);
-  ParseOneInput(externalEntityParser, data, size);
-  XML_ParserFree(externalEntityParser);
+  if (externalEntityParser != NULL) {
+    ParseOneInput(externalEntityParser, data, size);
+    XML_ParserFree(externalEntityParser);
+  }
 
   XML_Parser externalDtdParser
       = XML_ExternalEntityParserCreate(parentParser, NULL, NULL);
-  assert(externalDtdParser);
-  ParseOneInput(externalDtdParser, data, size);
-  XML_ParserFree(externalDtdParser);
+  if (externalDtdParser != NULL) {
+    ParseOneInput(externalDtdParser, data, size);
+    XML_ParserFree(externalDtdParser);
+  }
 
   // finally frees this parser which served as parent
   XML_ParserFree(parentParser);
diff --git a/contrib/expat/fuzz/xml_parsebuffer_fuzzer.c b/contrib/expat/fuzz/xml_parsebuffer_fuzzer.c
index cfc4af202851..38b9981b0b50 100644
--- a/contrib/expat/fuzz/xml_parsebuffer_fuzzer.c
+++ b/contrib/expat/fuzz/xml_parsebuffer_fuzzer.c
@@ -15,6 +15,7 @@
  */
 
 #include <assert.h>
+#include <limits.h> // for INT_MAX
 #include <stdint.h>
 #include <string.h>
 
@@ -66,16 +67,17 @@ ParseOneInput(XML_Parser p, const uint8_t *data, size_t size) {
   XML_SetUserData(p, p);
   XML_SetElementHandler(p, start, end);
   XML_SetCharacterDataHandler(p, may_stop_character_handler);
-  void *buf = XML_GetBuffer(p, size);
+  assert(size <= INT_MAX);
+  void *buf = XML_GetBuffer(p, (int)size);
   assert(buf);
   memcpy(buf, data, size);
-  XML_ParseBuffer(p, size, 0);
-  buf = XML_GetBuffer(p, size);
+  XML_ParseBuffer(p, (int)size, 0);
+  buf = XML_GetBuffer(p, (int)size);
   if (buf == NULL) {
     return;
   }
   memcpy(buf, data, size);
-  if (XML_ParseBuffer(p, size, 1) == XML_STATUS_ERROR) {
+  if (XML_ParseBuffer(p, (int)size, 1) == XML_STATUS_ERROR) {
     XML_ErrorString(XML_GetErrorCode(p));
   }
   XML_GetCurrentLineNumber(p);
@@ -101,15 +103,17 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
 
   XML_Parser externalEntityParser
       = XML_ExternalEntityParserCreate(parentParser, "e1", NULL);
-  assert(externalEntityParser);
-  ParseOneInput(externalEntityParser, data, size);
-  XML_ParserFree(externalEntityParser);
+  if (externalEntityParser != NULL) {
+    ParseOneInput(externalEntityParser, data, size);
+    XML_ParserFree(externalEntityParser);
+  }
 
   XML_Parser externalDtdParser
       = XML_ExternalEntityParserCreate(parentParser, NULL, NULL);
-  assert(externalDtdParser);
-  ParseOneInput(externalDtdParser, data, size);
-  XML_ParserFree(externalDtdParser);
+  if (externalDtdParser != NULL) {
+    ParseOneInput(externalDtdParser, data, size);
+    XML_ParserFree(externalDtdParser);
+  }
 
   // finally frees this parser which served as parent
   XML_ParserFree(parentParser);
diff --git a/contrib/expat/lib/Makefile.in b/contrib/expat/lib/Makefile.in
index 1a97e85fc41f..d85f80dbdbba 100644
--- a/contrib/expat/lib/Makefile.in
+++ b/contrib/expat/lib/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.5 from Makefile.am.
+# Makefile.in generated by automake 1.18.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2021 Free Software Foundation, Inc.
+# Copyright (C) 1994-2025 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -104,6 +104,8 @@ am__make_running_with_option = \
   test $$has_opt = yes
 am__make_dryrun = (target_option=n; $(am__make_running_with_option))
 am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+am__rm_f = rm -f $(am__rm_f_notfound)
+am__rm_rf = rm -rf $(am__rm_f_notfound)
 pkgdatadir = $(datadir)/@PACKAGE@
 pkgincludedir = $(includedir)/@PACKAGE@
 pkglibdir = $(libdir)/@PACKAGE@
@@ -168,10 +170,9 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__uninstall_files_from_dir = { \
-  test -z "$$files" \
-    || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
-    || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
-         $(am__cd) "$$dir" && rm -f $$files; }; \
+  { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+  || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+       $(am__cd) "$$dir" && echo $$files | $(am__xargs_n) 40 $(am__rm_f); }; \
   }
 am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(docdir)" \
 	"$(DESTDIR)$(includedir)"
@@ -368,8 +369,10 @@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
 am__include = @am__include@
 am__leading_dot = @am__leading_dot@
 am__quote = @am__quote@
+am__rm_f_notfound = @am__rm_f_notfound@
 am__tar = @am__tar@
 am__untar = @am__untar@
+am__xargs_n = @am__xargs_n@
 bindir = @bindir@
 build = @build@
 build_alias = @build_alias@
@@ -513,26 +516,22 @@ uninstall-libLTLIBRARIES:
 	done
 
 clean-libLTLIBRARIES:
-	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
+	-$(am__rm_f) $(lib_LTLIBRARIES)
 	@list='$(lib_LTLIBRARIES)'; \
 	locs=`for p in $$list; do echo $$p; done | \
 	      sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
 	      sort -u`; \
-	test -z "$$locs" || { \
-	  echo rm -f $${locs}; \
-	  rm -f $${locs}; \
-	}
+	echo rm -f $${locs}; \
+	$(am__rm_f) $${locs}
 
 clean-noinstLTLIBRARIES:
-	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	-$(am__rm_f) $(noinst_LTLIBRARIES)
 	@list='$(noinst_LTLIBRARIES)'; \
 	locs=`for p in $$list; do echo $$p; done | \
 	      sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
 	      sort -u`; \
-	test -z "$$locs" || { \
-	  echo rm -f $${locs}; \
-	  rm -f $${locs}; \
-	}
+	echo rm -f $${locs}; \
+	$(am__rm_f) $${locs}
 
 libexpat.la: $(libexpat_la_OBJECTS) $(libexpat_la_DEPENDENCIES) $(EXTRA_libexpat_la_DEPENDENCIES) 
 	$(AM_V_CCLD)$(libexpat_la_LINK) -rpath $(libdir) $(libexpat_la_OBJECTS) $(libexpat_la_LIBADD) $(LIBS)
@@ -555,7 +554,7 @@ distclean-compile:
 
 $(am__depfiles_remade):
 	@$(MKDIR_P) $(@D)
-	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+	@: >>$@
 
 am--depfiles: $(am__depfiles_remade)
 
@@ -700,6 +699,7 @@ cscopelist-am: $(am__tagged_files)
 
 distclean-tags:
 	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
 distdir: $(BUILT_SOURCES)
 	$(MAKE) $(AM_MAKEFLAGS) distdir-am
 
@@ -764,8 +764,8 @@ mostlyclean-generic:
 clean-generic:
 
 distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+	-$(am__rm_f) $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || $(am__rm_f) $(CONFIG_CLEAN_VPATH_FILES)
 
 maintainer-clean-generic:
 	@echo "This command is intended for maintainers to use"
@@ -776,7 +776,7 @@ clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \
 	clean-noinstLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
-		-rm -f ./$(DEPDIR)/libtestpat_la-xmlparse.Plo
+	-rm -f ./$(DEPDIR)/libtestpat_la-xmlparse.Plo
 	-rm -f ./$(DEPDIR)/libtestpat_la-xmlrole.Plo
 	-rm -f ./$(DEPDIR)/libtestpat_la-xmltok.Plo
 	-rm -f ./$(DEPDIR)/xmlparse.Plo
@@ -828,7 +828,7 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-		-rm -f ./$(DEPDIR)/libtestpat_la-xmlparse.Plo
+	-rm -f ./$(DEPDIR)/libtestpat_la-xmlparse.Plo
 	-rm -f ./$(DEPDIR)/libtestpat_la-xmlrole.Plo
 	-rm -f ./$(DEPDIR)/libtestpat_la-xmltok.Plo
 	-rm -f ./$(DEPDIR)/xmlparse.Plo
@@ -885,3 +885,10 @@ uninstall-local:
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
 .NOEXPORT:
+
+# Tell GNU make to disable its built-in pattern rules.
+%:: %,v
+%:: RCS/%,v
+%:: RCS/%
+%:: s.%
+%:: SCCS/s.%
diff --git a/contrib/expat/lib/expat.h b/contrib/expat/lib/expat.h
index 610e1ddc0e94..290dfeb0f6dd 100644
--- a/contrib/expat/lib/expat.h
+++ b/contrib/expat/lib/expat.h
@@ -19,6 +19,7 @@
    Copyright (c) 2023      Hanno Böck <hanno@gentoo.org>
    Copyright (c) 2023      Sony Corporation / Snild Dolkow <snild@sony.com>
    Copyright (c) 2024      Taichi Haradaguchi <20001722@ymail.ne.jp>
+   Copyright (c) 2025      Matthew Fernandez <matthew.fernandez@gmail.com>
    Licensed under the MIT license:
 
    Permission is  hereby granted,  free of charge,  to any  person obtaining
@@ -42,21 +43,21 @@
 */
 
 #ifndef Expat_INCLUDED
-#define Expat_INCLUDED 1
+#  define Expat_INCLUDED 1
 
-#include <stdlib.h>
-#include "expat_external.h"
+#  include <stdlib.h>
+#  include "expat_external.h"
 
-#ifdef __cplusplus
+#  ifdef __cplusplus
 extern "C" {
-#endif
+#  endif
 
 struct XML_ParserStruct;
 typedef struct XML_ParserStruct *XML_Parser;
 
 typedef unsigned char XML_Bool;
-#define XML_TRUE ((XML_Bool)1)
-#define XML_FALSE ((XML_Bool)0)
+#  define XML_TRUE ((XML_Bool)1)
+#  define XML_FALSE ((XML_Bool)0)
 
 /* The XML_Status enum gives the possible return values for several
    API functions.  The preprocessor #defines are included so this
@@ -73,11 +74,11 @@ typedef unsigned char XML_Bool;
 */
 enum XML_Status {
   XML_STATUS_ERROR = 0,
-#define XML_STATUS_ERROR XML_STATUS_ERROR
+#  define XML_STATUS_ERROR XML_STATUS_ERROR
   XML_STATUS_OK = 1,
-#define XML_STATUS_OK XML_STATUS_OK
+#  define XML_STATUS_OK XML_STATUS_OK
   XML_STATUS_SUSPENDED = 2
-#define XML_STATUS_SUSPENDED XML_STATUS_SUSPENDED
+#  define XML_STATUS_SUSPENDED XML_STATUS_SUSPENDED
 };
 
 enum XML_Error {
@@ -276,7 +277,7 @@ XML_ParserCreate_MM(const XML_Char *encoding,
 
 /* Prepare a parser object to be reused.  This is particularly
    valuable when memory allocation overhead is disproportionately high,
-   such as when a large number of small documnents need to be parsed.
+   such as when a large number of small documents need to be parsed.
    All handlers are cleared from the parser, except for the
    unknownEncodingHandler. The parser's external state is re-initialized
    except for the values of ns and ns_triplets.
@@ -680,7 +681,7 @@ XMLPARSEAPI(void)
 XML_SetUserData(XML_Parser parser, void *userData);
 
 /* Returns the last value set by XML_SetUserData or NULL. */
-#define XML_GetUserData(parser) (*(void **)(parser))
+#  define XML_GetUserData(parser) (*(void **)(parser))
 
 /* This is equivalent to supplying an encoding argument to
    XML_ParserCreate. On success XML_SetEncoding returns non-zero,
@@ -752,7 +753,7 @@ XML_GetSpecifiedAttributeCount(XML_Parser parser);
 XMLPARSEAPI(int)
 XML_GetIdAttributeIndex(XML_Parser parser);
 
-#ifdef XML_ATTR_INFO
+#  ifdef XML_ATTR_INFO
 /* Source file byte offsets for the start and end of attribute names and values.
    The value indices are exclusive of surrounding quotes; thus in a UTF-8 source
    file an attribute value of "blah" will yield:
@@ -773,7 +774,7 @@ typedef struct {
 */
 XMLPARSEAPI(const XML_AttrInfo *)
 XML_GetAttributeInfo(XML_Parser parser);
-#endif
+#  endif
 
 /* Parses some input. Returns XML_STATUS_ERROR if a fatal error is
    detected.  The last call to XML_Parse must have isFinal true; len
@@ -970,9 +971,9 @@ XMLPARSEAPI(const char *)
 XML_GetInputContext(XML_Parser parser, int *offset, int *size);
 
 /* For backwards compatibility with previous versions. */
-#define XML_GetErrorLineNumber XML_GetCurrentLineNumber
-#define XML_GetErrorColumnNumber XML_GetCurrentColumnNumber
-#define XML_GetErrorByteIndex XML_GetCurrentByteIndex
+#  define XML_GetErrorLineNumber XML_GetCurrentLineNumber
+#  define XML_GetErrorColumnNumber XML_GetCurrentColumnNumber
+#  define XML_GetErrorByteIndex XML_GetCurrentByteIndex
 
 /* Frees the content model passed to the element declaration handler */
 XMLPARSEAPI(void)
@@ -1032,7 +1033,10 @@ enum XML_FeatureEnum {
   XML_FEATURE_BILLION_LAUGHS_ATTACK_PROTECTION_MAXIMUM_AMPLIFICATION_DEFAULT,
   XML_FEATURE_BILLION_LAUGHS_ATTACK_PROTECTION_ACTIVATION_THRESHOLD_DEFAULT,
   /* Added in Expat 2.6.0. */
-  XML_FEATURE_GE
+  XML_FEATURE_GE,
+  /* Added in Expat 2.7.2. */
+  XML_FEATURE_ALLOC_TRACKER_MAXIMUM_AMPLIFICATION_DEFAULT,
+  XML_FEATURE_ALLOC_TRACKER_ACTIVATION_THRESHOLD_DEFAULT,
   /* Additional features must be added to the end of this enum. */
 };
 
@@ -1045,7 +1049,7 @@ typedef struct {
 XMLPARSEAPI(const XML_Feature *)
 XML_GetFeatureList(void);
 
-#if defined(XML_DTD) || (defined(XML_GE) && XML_GE == 1)
+#  if defined(XML_DTD) || (defined(XML_GE) && XML_GE == 1)
 /* Added in Expat 2.4.0 for XML_DTD defined and
  * added in Expat 2.6.0 for XML_GE == 1. */
 XMLPARSEAPI(XML_Bool)
@@ -1057,7 +1061,17 @@ XML_SetBillionLaughsAttackProtectionMaximumAmplification(
 XMLPARSEAPI(XML_Bool)
 XML_SetBillionLaughsAttackProtectionActivationThreshold(
     XML_Parser parser, unsigned long long activationThresholdBytes);
-#endif
+
+/* Added in Expat 2.7.2. */
+XMLPARSEAPI(XML_Bool)
+XML_SetAllocTrackerMaximumAmplification(XML_Parser parser,
+                                        float maximumAmplificationFactor);
+
+/* Added in Expat 2.7.2. */
+XMLPARSEAPI(XML_Bool)
+XML_SetAllocTrackerActivationThreshold(
+    XML_Parser parser, unsigned long long activationThresholdBytes);
+#  endif
 
 /* Added in Expat 2.6.0. */
 XMLPARSEAPI(XML_Bool)
@@ -1066,12 +1080,12 @@ XML_SetReparseDeferralEnabled(XML_Parser parser, XML_Bool enabled);
 /* Expat follows the semantic versioning convention.
    See https://semver.org
 */
-#define XML_MAJOR_VERSION 2
-#define XML_MINOR_VERSION 7
-#define XML_MICRO_VERSION 1
+#  define XML_MAJOR_VERSION 2
+#  define XML_MINOR_VERSION 7
+#  define XML_MICRO_VERSION 3
 
-#ifdef __cplusplus
+#  ifdef __cplusplus
 }
-#endif
+#  endif
 
 #endif /* not Expat_INCLUDED */
diff --git a/contrib/expat/lib/expat_external.h b/contrib/expat/lib/expat_external.h
index 8829f7709104..96f955eefb6b 100644
--- a/contrib/expat/lib/expat_external.h
+++ b/contrib/expat/lib/expat_external.h
@@ -38,7 +38,7 @@
 */
 
 #ifndef Expat_External_INCLUDED
-#define Expat_External_INCLUDED 1
+#  define Expat_External_INCLUDED 1
 
 /* External API definitions */
 
@@ -64,12 +64,12 @@
    compiled with the cdecl calling convention as the default since
    system headers may assume the cdecl convention.
 */
-#ifndef XMLCALL
-#  if defined(_MSC_VER)
-#    define XMLCALL __cdecl
-#  elif defined(__GNUC__) && defined(__i386) && ! defined(__INTEL_COMPILER)
-#    define XMLCALL __attribute__((cdecl))
-#  else
+#  ifndef XMLCALL
+#    if defined(_MSC_VER)
+#      define XMLCALL __cdecl
+#    elif defined(__GNUC__) && defined(__i386) && ! defined(__INTEL_COMPILER)
+#      define XMLCALL __attribute__((cdecl))
+#    else
 /* For any platform which uses this definition and supports more than
    one calling convention, we need to extend this definition to
    declare the convention used on that platform, if it's possible to
@@ -80,86 +80,87 @@
    pre-processor and how to specify the same calling convention as the
    platform's malloc() implementation.
 */
-#    define XMLCALL
-#  endif
-#endif /* not defined XMLCALL */
+#      define XMLCALL
+#    endif
+#  endif /* not defined XMLCALL */
 
-#if ! defined(XML_STATIC) && ! defined(XMLIMPORT)
-#  ifndef XML_BUILDING_EXPAT
+#  if ! defined(XML_STATIC) && ! defined(XMLIMPORT)
+#    ifndef XML_BUILDING_EXPAT
 /* using Expat from an application */
 
-#    if defined(_MSC_EXTENSIONS) && ! defined(__BEOS__) && ! defined(__CYGWIN__)
-#      define XMLIMPORT __declspec(dllimport)
+#      if defined(_MSC_EXTENSIONS) && ! defined(__BEOS__)                      \
+          && ! defined(__CYGWIN__)
+#        define XMLIMPORT __declspec(dllimport)
+#      endif
+
 #    endif
+#  endif /* not defined XML_STATIC */
 
+#  ifndef XML_ENABLE_VISIBILITY
+#    define XML_ENABLE_VISIBILITY 0
 #  endif
-#endif /* not defined XML_STATIC */
-
-#ifndef XML_ENABLE_VISIBILITY
-#  define XML_ENABLE_VISIBILITY 0
-#endif
 
-#if ! defined(XMLIMPORT) && XML_ENABLE_VISIBILITY
-#  define XMLIMPORT __attribute__((visibility("default")))
-#endif
+#  if ! defined(XMLIMPORT) && XML_ENABLE_VISIBILITY
+#    define XMLIMPORT __attribute__((visibility("default")))
+#  endif
 
 /* If we didn't define it above, define it away: */
-#ifndef XMLIMPORT
-#  define XMLIMPORT
-#endif
-
-#if defined(__GNUC__)                                                          \
-    && (__GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 96))
-#  define XML_ATTR_MALLOC __attribute__((__malloc__))
-#else
-#  define XML_ATTR_MALLOC
-#endif
-
-#if defined(__GNUC__)                                                          \
-    && ((__GNUC__ > 4) || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3))
-#  define XML_ATTR_ALLOC_SIZE(x) __attribute__((__alloc_size__(x)))
-#else
-#  define XML_ATTR_ALLOC_SIZE(x)
-#endif
-
-#define XMLPARSEAPI(type) XMLIMPORT type XMLCALL
-
-#ifdef __cplusplus
-extern "C" {
-#endif
+#  ifndef XMLIMPORT
+#    define XMLIMPORT
+#  endif
+
+#  if defined(__GNUC__)                                                        \
+      && (__GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 96))
+#    define XML_ATTR_MALLOC __attribute__((__malloc__))
+#  else
+#    define XML_ATTR_MALLOC
+#  endif
 
-#ifdef XML_UNICODE_WCHAR_T
-#  ifndef XML_UNICODE
-#    define XML_UNICODE
+#  if defined(__GNUC__)                                                        \
+      && ((__GNUC__ > 4) || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3))
+#    define XML_ATTR_ALLOC_SIZE(x) __attribute__((__alloc_size__(x)))
+#  else
+#    define XML_ATTR_ALLOC_SIZE(x)
 #  endif
-#  if defined(__SIZEOF_WCHAR_T__) && (__SIZEOF_WCHAR_T__ != 2)
-#    error "sizeof(wchar_t) != 2; Need -fshort-wchar for both Expat and libc"
+
+#  define XMLPARSEAPI(type) XMLIMPORT type XMLCALL
+
+#  ifdef __cplusplus
+extern "C" {
 #  endif
-#endif
 
-#ifdef XML_UNICODE /* Information is UTF-16 encoded. */
 #  ifdef XML_UNICODE_WCHAR_T
+#    ifndef XML_UNICODE
+#      define XML_UNICODE
+#    endif
+#    if defined(__SIZEOF_WCHAR_T__) && (__SIZEOF_WCHAR_T__ != 2)
+#      error "sizeof(wchar_t) != 2; Need -fshort-wchar for both Expat and libc"
+#    endif
+#  endif
+
+#  ifdef XML_UNICODE /* Information is UTF-16 encoded. */
+#    ifdef XML_UNICODE_WCHAR_T
 typedef wchar_t XML_Char;
 typedef wchar_t XML_LChar;
-#  else
+#    else
 typedef unsigned short XML_Char;
 typedef char XML_LChar;
-#  endif /* XML_UNICODE_WCHAR_T */
-#else    /* Information is UTF-8 encoded. */
+#    endif /* XML_UNICODE_WCHAR_T */
+#  else    /* Information is UTF-8 encoded. */
 typedef char XML_Char;
 typedef char XML_LChar;
-#endif   /* XML_UNICODE */
+#  endif   /* XML_UNICODE */
 
-#ifdef XML_LARGE_SIZE /* Use large integers for file/stream positions. */
+#  ifdef XML_LARGE_SIZE /* Use large integers for file/stream positions. */
 typedef long long XML_Index;
 typedef unsigned long long XML_Size;
-#else
+#  else
 typedef long XML_Index;
 typedef unsigned long XML_Size;
-#endif /* XML_LARGE_SIZE */
+#  endif /* XML_LARGE_SIZE */
 
-#ifdef __cplusplus
+#  ifdef __cplusplus
 }
-#endif
+#  endif
 
 #endif /* not Expat_External_INCLUDED */
diff --git a/contrib/expat/lib/internal.h b/contrib/expat/lib/internal.h
index 6bde6ae6b31d..8f5edf48ef7c 100644
--- a/contrib/expat/lib/internal.h
+++ b/contrib/expat/lib/internal.h
@@ -108,6 +108,7 @@
 #endif
 
 #include <limits.h> // ULONG_MAX
+#include <stddef.h> // size_t
 
 #if defined(_WIN32)                                                            \
     && (! defined(__USE_MINGW_ANSI_STDIO)                                      \
@@ -148,6 +149,16 @@
   100.0f
 #define EXPAT_BILLION_LAUGHS_ATTACK_PROTECTION_ACTIVATION_THRESHOLD_DEFAULT    \
   8388608 // 8 MiB, 2^23
+
+#define EXPAT_ALLOC_TRACKER_MAXIMUM_AMPLIFICATION_DEFAULT 100.0f
+#define EXPAT_ALLOC_TRACKER_ACTIVATION_THRESHOLD_DEFAULT                       \
+  67108864 // 64 MiB, 2^26
+
+// NOTE: If function expat_alloc was user facing, EXPAT_MALLOC_ALIGNMENT would
+//       have to take sizeof(long double) into account
+#define EXPAT_MALLOC_ALIGNMENT sizeof(long long) // largest parser (sub)member
+#define EXPAT_MALLOC_PADDING ((EXPAT_MALLOC_ALIGNMENT) - sizeof(size_t))
+
 /* NOTE END */
 
 #include "expat.h" // so we can use type XML_Parser below
@@ -171,6 +182,9 @@ extern
 #endif
     XML_Bool g_reparseDeferralEnabledDefault; // written ONLY in runtests.c
 #if defined(XML_TESTING)
+void *expat_malloc(XML_Parser parser, size_t size, int sourceLine);
+void expat_free(XML_Parser parser, void *ptr, int sourceLine);
+void *expat_realloc(XML_Parser parser, void *ptr, size_t size, int sourceLine);
 extern unsigned int g_bytesScanned; // used for testing only
 #endif
 
diff --git a/contrib/expat/lib/xmlparse.c b/contrib/expat/lib/xmlparse.c
index 38a2d9657b6a..a187a3a18f19 100644
--- a/contrib/expat/lib/xmlparse.c
+++ b/contrib/expat/lib/xmlparse.c
@@ -1,4 +1,4 @@
-/* d19ae032c224863c1527ba44d228cc34b99192c3a4c5a27af1f4e054d45ee031 (2.7.1+)
+/* 28bcd8b1ba7eb595d82822908257fd9c3589b4243e3c922d0369f35bfcd7b506 (2.7.3+)
                             __  __            _
                          ___\ \/ /_ __   __ _| |_
                         / _ \\  /| '_ \ / _` | __|
@@ -41,6 +41,7 @@
    Copyright (c) 2023-2024 Sony Corporation / Snild Dolkow <snild@sony.com>
    Copyright (c) 2024-2025 Berkay Eren Ürün <berkay.ueruen@siemens.com>
    Copyright (c) 2024      Hanno Böck <hanno@gentoo.org>
+   Copyright (c) 2025      Matthew Fernandez <matthew.fernandez@gmail.com>
    Licensed under the MIT license:
 
    Permission is  hereby granted,  free of charge,  to any  person obtaining
@@ -97,7 +98,7 @@
 #include <stddef.h>
 #include <string.h> /* memset(), memcpy() */
 #include <assert.h>
-#include <limits.h> /* UINT_MAX */
+#include <limits.h> /* INT_MAX, UINT_MAX */
 #include <stdio.h>  /* fprintf */
 #include <stdlib.h> /* getenv, rand_s */
 #include <stdint.h> /* uintptr_t */
@@ -234,7 +235,7 @@ typedef struct {
   unsigned char power;
   size_t size;
   size_t used;
-  const XML_Memory_Handling_Suite *mem;
+  XML_Parser parser;
 } HASH_TABLE;
 
 static size_t keylen(KEY s);
@@ -357,7 +358,7 @@ typedef struct {
   const XML_Char *end;
   XML_Char *ptr;
   XML_Char *start;
-  const XML_Memory_Handling_Suite *mem;
+  XML_Parser parser;
 } STRING_POOL;
 
 /* The XML_Char before the name is used to determine whether
@@ -452,6 +453,14 @@ typedef struct accounting {
   unsigned long long activationThresholdBytes;
 } ACCOUNTING;
 
+typedef struct MALLOC_TRACKER {
+  XmlBigCount bytesAllocated;
+  XmlBigCount peakBytesAllocated; // updated live only for debug level >=2
+  unsigned long debugLevel;
+  float maximumAmplificationFactor; // >=1.0
+  XmlBigCount activationThresholdBytes;
+} MALLOC_TRACKER;
+
 typedef struct entity_stats {
   unsigned int countEverOpened;
   unsigned int currentDepth;
@@ -555,27 +564,24 @@ static XML_Bool setContext(XML_Parser parser, const XML_Char *context);
 
 static void FASTCALL normalizePublicId(XML_Char *s);
 
-static DTD *dtdCreate(const XML_Memory_Handling_Suite *ms);
+static DTD *dtdCreate(XML_Parser parser);
 /* do not call if m_parentParser != NULL */
-static void dtdReset(DTD *p, const XML_Memory_Handling_Suite *ms);
-static void dtdDestroy(DTD *p, XML_Bool isDocEntity,
-                       const XML_Memory_Handling_Suite *ms);
+static void dtdReset(DTD *p, XML_Parser parser);
+static void dtdDestroy(DTD *p, XML_Bool isDocEntity, XML_Parser parser);
 static int dtdCopy(XML_Parser oldParser, DTD *newDtd, const DTD *oldDtd,
-                   const XML_Memory_Handling_Suite *ms);
+                   XML_Parser parser);
 static int copyEntityTable(XML_Parser oldParser, HASH_TABLE *newTable,
                            STRING_POOL *newPool, const HASH_TABLE *oldTable);
 static NAMED *lookup(XML_Parser parser, HASH_TABLE *table, KEY name,
                      size_t createSize);
-static void FASTCALL hashTableInit(HASH_TABLE *table,
-                                   const XML_Memory_Handling_Suite *ms);
+static void FASTCALL hashTableInit(HASH_TABLE *table, XML_Parser parser);
 static void FASTCALL hashTableClear(HASH_TABLE *table);
 static void FASTCALL hashTableDestroy(HASH_TABLE *table);
 static void FASTCALL hashTableIterInit(HASH_TABLE_ITER *iter,
                                        const HASH_TABLE *table);
 static NAMED *FASTCALL hashTableIterNext(HASH_TABLE_ITER *iter);
 
-static void FASTCALL poolInit(STRING_POOL *pool,
-                              const XML_Memory_Handling_Suite *ms);
+static void FASTCALL poolInit(STRING_POOL *pool, XML_Parser parser);
 static void FASTCALL poolClear(STRING_POOL *pool);
 static void FASTCALL poolDestroy(STRING_POOL *pool);
 static XML_Char *poolAppend(STRING_POOL *pool, const ENCODING *enc,
@@ -595,15 +601,15 @@ static XML_Content *build_model(XML_Parser parser);
 static ELEMENT_TYPE *getElementType(XML_Parser parser, const ENCODING *enc,
                                     const char *ptr, const char *end);
 
-static XML_Char *copyString(const XML_Char *s,
-                            const XML_Memory_Handling_Suite *memsuite);
+static XML_Char *copyString(const XML_Char *s, XML_Parser parser);
 
 static unsigned long generate_hash_secret_salt(XML_Parser parser);
 static XML_Bool startParsing(XML_Parser parser);
 
 static XML_Parser parserCreate(const XML_Char *encodingName,
                                const XML_Memory_Handling_Suite *memsuite,
-                               const XML_Char *nameSep, DTD *dtd);
+                               const XML_Char *nameSep, DTD *dtd,
+                               XML_Parser parentParser);
 
 static void parserInit(XML_Parser parser, const XML_Char *encodingName);
 
@@ -627,10 +633,10 @@ static void entityTrackingOnOpen(XML_Parser parser, ENTITY *entity,
                                  int sourceLine);
 static void entityTrackingOnClose(XML_Parser parser, ENTITY *entity,
                                   int sourceLine);
+#endif /* XML_GE == 1 */
 
 static XML_Parser getRootParserOf(XML_Parser parser,
                                   unsigned int *outLevelDiff);
-#endif /* XML_GE == 1 */
 
 static unsigned long getDebugLevel(const char *variableName,
                                    unsigned long defaultDebugLevel);
@@ -773,14 +779,238 @@ struct XML_ParserStruct {
   unsigned long m_hash_secret_salt;
 #if XML_GE == 1
   ACCOUNTING m_accounting;
+  MALLOC_TRACKER m_alloc_tracker;
   ENTITY_STATS m_entity_stats;
 #endif
   XML_Bool m_reenter;
 };
 
-#define MALLOC(parser, s) (parser->m_mem.malloc_fcn((s)))
-#define REALLOC(parser, p, s) (parser->m_mem.realloc_fcn((p), (s)))
-#define FREE(parser, p) (parser->m_mem.free_fcn((p)))
+#if XML_GE == 1
+#  define MALLOC(parser, s) (expat_malloc((parser), (s), __LINE__))
+#  define REALLOC(parser, p, s) (expat_realloc((parser), (p), (s), __LINE__))
+#  define FREE(parser, p) (expat_free((parser), (p), __LINE__))
+#else
+#  define MALLOC(parser, s) (parser->m_mem.malloc_fcn((s)))
+#  define REALLOC(parser, p, s) (parser->m_mem.realloc_fcn((p), (s)))
+#  define FREE(parser, p) (parser->m_mem.free_fcn((p)))
+#endif
+
+#if XML_GE == 1
+static void
+expat_heap_stat(XML_Parser rootParser, char operator, XmlBigCount absDiff,
+                XmlBigCount newTotal, XmlBigCount peakTotal, int sourceLine) {
+  // NOTE: This can be +infinity or -nan
+  const float amplification
+      = (float)newTotal / (float)rootParser->m_accounting.countBytesDirect;
+  fprintf(
+      stderr,
+      "expat: Allocations(%p): Direct " EXPAT_FMT_ULL("10") ", allocated %c" EXPAT_FMT_ULL(
+          "10") " to " EXPAT_FMT_ULL("10") " (" EXPAT_FMT_ULL("10") " peak), amplification %8.2f (xmlparse.c:%d)\n",
+      (void *)rootParser, rootParser->m_accounting.countBytesDirect, operator,
+      absDiff, newTotal, peakTotal, (double)amplification, sourceLine);
+}
+
+static bool
+expat_heap_increase_tolerable(XML_Parser rootParser, XmlBigCount increase,
+                              int sourceLine) {
+  assert(rootParser != NULL);
+  assert(increase > 0);
+
+  XmlBigCount newTotal = 0;
+  bool tolerable = true;
+
+  // Detect integer overflow
+  if ((XmlBigCount)-1 - rootParser->m_alloc_tracker.bytesAllocated < increase) {
+    tolerable = false;
+  } else {
+    newTotal = rootParser->m_alloc_tracker.bytesAllocated + increase;
+
+    if (newTotal >= rootParser->m_alloc_tracker.activationThresholdBytes) {
+      assert(newTotal > 0);
+      // NOTE: This can be +infinity when dividing by zero but not -nan
+      const float amplification
+          = (float)newTotal / (float)rootParser->m_accounting.countBytesDirect;
+      if (amplification
+          > rootParser->m_alloc_tracker.maximumAmplificationFactor) {
+        tolerable = false;
+      }
+    }
+  }
+
+  if (! tolerable && (rootParser->m_alloc_tracker.debugLevel >= 1)) {
+    expat_heap_stat(rootParser, '+', increase, newTotal, newTotal, sourceLine);
+  }
+
+  return tolerable;
+}
+
+#  if defined(XML_TESTING)
+void *
+#  else
+static void *
+#  endif
+expat_malloc(XML_Parser parser, size_t size, int sourceLine) {
+  // Detect integer overflow
+  if (SIZE_MAX - size < sizeof(size_t) + EXPAT_MALLOC_PADDING) {
+    return NULL;
+  }
+
+  const XML_Parser rootParser = getRootParserOf(parser, NULL);
+  assert(rootParser->m_parentParser == NULL);
+
+  const size_t bytesToAllocate = sizeof(size_t) + EXPAT_MALLOC_PADDING + size;
+
+  if ((XmlBigCount)-1 - rootParser->m_alloc_tracker.bytesAllocated
+      < bytesToAllocate) {
+    return NULL; // i.e. signal integer overflow as out-of-memory
+  }
+
+  if (! expat_heap_increase_tolerable(rootParser, bytesToAllocate,
+                                      sourceLine)) {
+    return NULL; // i.e. signal violation as out-of-memory
+  }
+
+  // Actually allocate
+  void *const mallocedPtr = parser->m_mem.malloc_fcn(bytesToAllocate);
+
+  if (mallocedPtr == NULL) {
+    return NULL;
+  }
+
+  // Update in-block recorded size
+  *(size_t *)mallocedPtr = size;
+
+  // Update accounting
+  rootParser->m_alloc_tracker.bytesAllocated += bytesToAllocate;
+
+  // Report as needed
+  if (rootParser->m_alloc_tracker.debugLevel >= 2) {
+    if (rootParser->m_alloc_tracker.bytesAllocated
+        > rootParser->m_alloc_tracker.peakBytesAllocated) {
+      rootParser->m_alloc_tracker.peakBytesAllocated
+          = rootParser->m_alloc_tracker.bytesAllocated;
+    }
+    expat_heap_stat(rootParser, '+', bytesToAllocate,
+                    rootParser->m_alloc_tracker.bytesAllocated,
+                    rootParser->m_alloc_tracker.peakBytesAllocated, sourceLine);
+  }
+
+  return (char *)mallocedPtr + sizeof(size_t) + EXPAT_MALLOC_PADDING;
+}
+
+#  if defined(XML_TESTING)
+void
+#  else
+static void
+#  endif
+expat_free(XML_Parser parser, void *ptr, int sourceLine) {
+  assert(parser != NULL);
+
+  if (ptr == NULL) {
+    return;
+  }
+
+  const XML_Parser rootParser = getRootParserOf(parser, NULL);
+  assert(rootParser->m_parentParser == NULL);
+
+  // Extract size (to the eyes of malloc_fcn/realloc_fcn) and
+  // the original pointer returned by malloc/realloc
+  void *const mallocedPtr = (char *)ptr - EXPAT_MALLOC_PADDING - sizeof(size_t);
+  const size_t bytesAllocated
+      = sizeof(size_t) + EXPAT_MALLOC_PADDING + *(size_t *)mallocedPtr;
+
+  // Update accounting
+  assert(rootParser->m_alloc_tracker.bytesAllocated >= bytesAllocated);
+  rootParser->m_alloc_tracker.bytesAllocated -= bytesAllocated;
+
+  // Report as needed
+  if (rootParser->m_alloc_tracker.debugLevel >= 2) {
+    expat_heap_stat(rootParser, '-', bytesAllocated,
+                    rootParser->m_alloc_tracker.bytesAllocated,
+                    rootParser->m_alloc_tracker.peakBytesAllocated, sourceLine);
+  }
+
+  // NOTE: This may be freeing rootParser, so freeing has to come last
+  parser->m_mem.free_fcn(mallocedPtr);
+}
+
+#  if defined(XML_TESTING)
+void *
+#  else
+static void *
+#  endif
+expat_realloc(XML_Parser parser, void *ptr, size_t size, int sourceLine) {
+  assert(parser != NULL);
+
+  if (ptr == NULL) {
+    return expat_malloc(parser, size, sourceLine);
+  }
+
+  if (size == 0) {
+    expat_free(parser, ptr, sourceLine);
+    return NULL;
+  }
+
+  const XML_Parser rootParser = getRootParserOf(parser, NULL);
+  assert(rootParser->m_parentParser == NULL);
+
+  // Extract original size (to the eyes of the caller) and the original
+  // pointer returned by malloc/realloc
+  void *mallocedPtr = (char *)ptr - EXPAT_MALLOC_PADDING - sizeof(size_t);
+  const size_t prevSize = *(size_t *)mallocedPtr;
+
+  // Classify upcoming change
+  const bool isIncrease = (size > prevSize);
+  const size_t absDiff
+      = (size > prevSize) ? (size - prevSize) : (prevSize - size);
+
+  // Ask for permission from accounting
+  if (isIncrease) {
+    if (! expat_heap_increase_tolerable(rootParser, absDiff, sourceLine)) {
+      return NULL; // i.e. signal violation as out-of-memory
+    }
+  }
+
+  // NOTE: Integer overflow detection has already been done for us
+  //       by expat_heap_increase_tolerable(..) above
+  assert(SIZE_MAX - sizeof(size_t) - EXPAT_MALLOC_PADDING >= size);
+
+  // Actually allocate
+  mallocedPtr = parser->m_mem.realloc_fcn(
+      mallocedPtr, sizeof(size_t) + EXPAT_MALLOC_PADDING + size);
+
+  if (mallocedPtr == NULL) {
+    return NULL;
+  }
+
+  // Update accounting
+  if (isIncrease) {
+    assert((XmlBigCount)-1 - rootParser->m_alloc_tracker.bytesAllocated
+           >= absDiff);
+    rootParser->m_alloc_tracker.bytesAllocated += absDiff;
+  } else { // i.e. decrease
+    assert(rootParser->m_alloc_tracker.bytesAllocated >= absDiff);
+    rootParser->m_alloc_tracker.bytesAllocated -= absDiff;
+  }
+
+  // Report as needed
+  if (rootParser->m_alloc_tracker.debugLevel >= 2) {
+    if (rootParser->m_alloc_tracker.bytesAllocated
+        > rootParser->m_alloc_tracker.peakBytesAllocated) {
+      rootParser->m_alloc_tracker.peakBytesAllocated
+          = rootParser->m_alloc_tracker.bytesAllocated;
+    }
+    expat_heap_stat(rootParser, isIncrease ? '+' : '-', absDiff,
+                    rootParser->m_alloc_tracker.bytesAllocated,
+                    rootParser->m_alloc_tracker.peakBytesAllocated, sourceLine);
+  }
+
+  // Update in-block recorded size
+  *(size_t *)mallocedPtr = size;
+
+  return (char *)mallocedPtr + sizeof(size_t) + EXPAT_MALLOC_PADDING;
+}
+#endif // XML_GE == 1
 
 XML_Parser XMLCALL
 XML_ParserCreate(const XML_Char *encodingName) {
@@ -821,11 +1051,14 @@ writeRandomBytes_getrandom_nonblock(void *target, size_t count) {
     void *const currentTarget = (void *)((char *)target + bytesWrittenTotal);
     const size_t bytesToWrite = count - bytesWrittenTotal;
 
+    assert(bytesToWrite <= INT_MAX);
+
     const int bytesWrittenMore =
 #    if defined(HAVE_GETRANDOM)
-        getrandom(currentTarget, bytesToWrite, getrandomFlags);
+        (int)getrandom(currentTarget, bytesToWrite, getrandomFlags);
 #    else
-        syscall(SYS_getrandom, currentTarget, bytesToWrite, getrandomFlags);
+        (int)syscall(SYS_getrandom, currentTarget, bytesToWrite,
+                     getrandomFlags);
 #    endif
 
     if (bytesWrittenMore > 0) {
@@ -1012,9 +1245,10 @@ generate_hash_secret_salt(XML_Parser parser) {
 
 static unsigned long
 get_hash_secret_salt(XML_Parser parser) {
-  if (parser->m_parentParser != NULL)
-    return get_hash_secret_salt(parser->m_parentParser);
-  return parser->m_hash_secret_salt;
+  const XML_Parser rootParser = getRootParserOf(parser, NULL);
+  assert(! rootParser->m_parentParser);
+
+  return rootParser->m_hash_secret_salt;
 }
 
 static enum XML_Error
@@ -1100,19 +1334,43 @@ XML_Parser XMLCALL
 XML_ParserCreate_MM(const XML_Char *encodingName,
                     const XML_Memory_Handling_Suite *memsuite,
                     const XML_Char *nameSep) {
-  return parserCreate(encodingName, memsuite, nameSep, NULL);
+  return parserCreate(encodingName, memsuite, nameSep, NULL, NULL);
 }
 
 static XML_Parser
 parserCreate(const XML_Char *encodingName,
              const XML_Memory_Handling_Suite *memsuite, const XML_Char *nameSep,
-             DTD *dtd) {
-  XML_Parser parser;
+             DTD *dtd, XML_Parser parentParser) {
+  XML_Parser parser = NULL;
+
+#if XML_GE == 1
+  const size_t increase
+      = sizeof(size_t) + EXPAT_MALLOC_PADDING + sizeof(struct XML_ParserStruct);
+
+  if (parentParser != NULL) {
+    const XML_Parser rootParser = getRootParserOf(parentParser, NULL);
+    if (! expat_heap_increase_tolerable(rootParser, increase, __LINE__)) {
+      return NULL;
+    }
+  }
+#else
+  UNUSED_P(parentParser);
+#endif
 
   if (memsuite) {
     XML_Memory_Handling_Suite *mtemp;
+#if XML_GE == 1
+    void *const sizeAndParser
+        = memsuite->malloc_fcn(sizeof(size_t) + EXPAT_MALLOC_PADDING
+                               + sizeof(struct XML_ParserStruct));
+    if (sizeAndParser != NULL) {
+      *(size_t *)sizeAndParser = sizeof(struct XML_ParserStruct);
+      parser = (XML_Parser)((char *)sizeAndParser + sizeof(size_t)
+                            + EXPAT_MALLOC_PADDING);
+#else
     parser = memsuite->malloc_fcn(sizeof(struct XML_ParserStruct));
     if (parser != NULL) {
+#endif
       mtemp = (XML_Memory_Handling_Suite *)&(parser->m_mem);
       mtemp->malloc_fcn = memsuite->malloc_fcn;
       mtemp->realloc_fcn = memsuite->realloc_fcn;
@@ -1120,39 +1378,86 @@ parserCreate(const XML_Char *encodingName,
     }
   } else {
     XML_Memory_Handling_Suite *mtemp;
-    parser = (XML_Parser)malloc(sizeof(struct XML_ParserStruct));
+#if XML_GE == 1
+    void *const sizeAndParser = malloc(sizeof(size_t) + EXPAT_MALLOC_PADDING
+                                       + sizeof(struct XML_ParserStruct));
+    if (sizeAndParser != NULL) {
+      *(size_t *)sizeAndParser = sizeof(struct XML_ParserStruct);
+      parser = (XML_Parser)((char *)sizeAndParser + sizeof(size_t)
+                            + EXPAT_MALLOC_PADDING);
+#else
+    parser = malloc(sizeof(struct XML_ParserStruct));
     if (parser != NULL) {
+#endif
       mtemp = (XML_Memory_Handling_Suite *)&(parser->m_mem);
       mtemp->malloc_fcn = malloc;
       mtemp->realloc_fcn = realloc;
       mtemp->free_fcn = free;
     }
-  }
+  } // cppcheck-suppress[memleak symbolName=sizeAndParser] // Cppcheck >=2.18.0
 
   if (! parser)
     return parser;
 
+#if XML_GE == 1
+  // Initialize .m_alloc_tracker
+  memset(&parser->m_alloc_tracker, 0, sizeof(MALLOC_TRACKER));
+  if (parentParser == NULL) {
+    parser->m_alloc_tracker.debugLevel
+        = getDebugLevel("EXPAT_MALLOC_DEBUG", 0u);
+    parser->m_alloc_tracker.maximumAmplificationFactor
+        = EXPAT_ALLOC_TRACKER_MAXIMUM_AMPLIFICATION_DEFAULT;
+    parser->m_alloc_tracker.activationThresholdBytes
+        = EXPAT_ALLOC_TRACKER_ACTIVATION_THRESHOLD_DEFAULT;
+
+    // NOTE: This initialization needs to come this early because these fields
+    //       are read by allocation tracking code
+    parser->m_parentParser = NULL;
+    parser->m_accounting.countBytesDirect = 0;
+  } else {
+    parser->m_parentParser = parentParser;
+  }
+
+  // Record XML_ParserStruct allocation we did a few lines up before
+  const XML_Parser rootParser = getRootParserOf(parser, NULL);
+  assert(rootParser->m_parentParser == NULL);
+  assert(SIZE_MAX - rootParser->m_alloc_tracker.bytesAllocated >= increase);
+  rootParser->m_alloc_tracker.bytesAllocated += increase;
+
+  // Report on allocation
+  if (rootParser->m_alloc_tracker.debugLevel >= 2) {
+    if (rootParser->m_alloc_tracker.bytesAllocated
+        > rootParser->m_alloc_tracker.peakBytesAllocated) {
+      rootParser->m_alloc_tracker.peakBytesAllocated
+          = rootParser->m_alloc_tracker.bytesAllocated;
+    }
+
+    expat_heap_stat(rootParser, '+', increase,
+                    rootParser->m_alloc_tracker.bytesAllocated,
+                    rootParser->m_alloc_tracker.peakBytesAllocated, __LINE__);
+  }
+#else
+  parser->m_parentParser = NULL;
+#endif // XML_GE == 1
+
   parser->m_buffer = NULL;
   parser->m_bufferLim = NULL;
 
   parser->m_attsSize = INIT_ATTS_SIZE;
-  parser->m_atts
-      = (ATTRIBUTE *)MALLOC(parser, parser->m_attsSize * sizeof(ATTRIBUTE));
+  parser->m_atts = MALLOC(parser, parser->m_attsSize * sizeof(ATTRIBUTE));
   if (parser->m_atts == NULL) {
     FREE(parser, parser);
     return NULL;
   }
 #ifdef XML_ATTR_INFO
-  parser->m_attInfo = (XML_AttrInfo *)MALLOC(
-      parser, parser->m_attsSize * sizeof(XML_AttrInfo));
+  parser->m_attInfo = MALLOC(parser, parser->m_attsSize * sizeof(XML_AttrInfo));
   if (parser->m_attInfo == NULL) {
     FREE(parser, parser->m_atts);
     FREE(parser, parser);
     return NULL;
   }
 #endif
-  parser->m_dataBuf
-      = (XML_Char *)MALLOC(parser, INIT_DATA_BUF_SIZE * sizeof(XML_Char));
+  parser->m_dataBuf = MALLOC(parser, INIT_DATA_BUF_SIZE * sizeof(XML_Char));
   if (parser->m_dataBuf == NULL) {
     FREE(parser, parser->m_atts);
 #ifdef XML_ATTR_INFO
@@ -1166,7 +1471,7 @@ parserCreate(const XML_Char *encodingName,
   if (dtd)
     parser->m_dtd = dtd;
   else {
-    parser->m_dtd = dtdCreate(&parser->m_mem);
+    parser->m_dtd = dtdCreate(parser);
     if (parser->m_dtd == NULL) {
       FREE(parser, parser->m_dataBuf);
       FREE(parser, parser->m_atts);
@@ -1200,8 +1505,8 @@ parserCreate(const XML_Char *encodingName,
 
   parser->m_protocolEncodingName = NULL;
 
-  poolInit(&parser->m_tempPool, &(parser->m_mem));
-  poolInit(&parser->m_temp2Pool, &(parser->m_mem));
+  poolInit(&parser->m_tempPool, parser);
+  poolInit(&parser->m_temp2Pool, parser);
   parserInit(parser, encodingName);
 
   if (encodingName && ! parser->m_protocolEncodingName) {
@@ -1233,7 +1538,7 @@ parserInit(XML_Parser parser, const XML_Char *encodingName) {
   parser->m_processor = prologInitProcessor;
   XmlPrologStateInit(&parser->m_prologState);
   if (encodingName != NULL) {
-    parser->m_protocolEncodingName = copyString(encodingName, &(parser->m_mem));
+    parser->m_protocolEncodingName = copyString(encodingName, parser);
   }
   parser->m_curBase = NULL;
   XmlInitEncoding(&parser->m_initEncoding, &parser->m_encoding, 0);
@@ -1295,7 +1600,6 @@ parserInit(XML_Parser parser, const XML_Char *encodingName) {
   parser->m_unknownEncodingMem = NULL;
   parser->m_unknownEncodingRelease = NULL;
   parser->m_unknownEncodingData = NULL;
-  parser->m_parentParser = NULL;
   parser->m_parsingStatus.parsing = XML_INITIALIZED;
   // Reentry can only be triggered inside m_processor calls
   parser->m_reenter = XML_FALSE;
@@ -1385,7 +1689,7 @@ XML_ParserReset(XML_Parser parser, const XML_Char *encodingName) {
   FREE(parser, (void *)parser->m_protocolEncodingName);
   parser->m_protocolEncodingName = NULL;
   parserInit(parser, encodingName);
-  dtdReset(parser->m_dtd, &parser->m_mem);
+  dtdReset(parser->m_dtd, parser);
   return XML_TRUE;
 }
 
@@ -1421,7 +1725,7 @@ XML_SetEncoding(XML_Parser parser, const XML_Char *encodingName) {
     parser->m_protocolEncodingName = NULL;
   else {
     /* Copy the new encoding name into allocated memory */
-    parser->m_protocolEncodingName = copyString(encodingName, &(parser->m_mem));
+    parser->m_protocolEncodingName = copyString(encodingName, parser);
     if (! parser->m_protocolEncodingName)
       return XML_STATUS_ERROR;
   }
@@ -1530,9 +1834,10 @@ XML_ExternalEntityParserCreate(XML_Parser oldParser, const XML_Char *context,
   */
   if (parser->m_ns) {
     XML_Char tmp[2] = {parser->m_namespaceSeparator, 0};
-    parser = parserCreate(encodingName, &parser->m_mem, tmp, newDtd);
+    parser = parserCreate(encodingName, &parser->m_mem, tmp, newDtd, oldParser);
   } else {
-    parser = parserCreate(encodingName, &parser->m_mem, NULL, newDtd);
+    parser
+        = parserCreate(encodingName, &parser->m_mem, NULL, newDtd, oldParser);
   }
 
   if (! parser)
@@ -1576,7 +1881,7 @@ XML_ExternalEntityParserCreate(XML_Parser oldParser, const XML_Char *context,
   parser->m_prologState.inEntityValue = oldInEntityValue;
   if (context) {
 #endif /* XML_DTD */
-    if (! dtdCopy(oldParser, parser->m_dtd, oldDtd, &parser->m_mem)
+    if (! dtdCopy(oldParser, parser->m_dtd, oldDtd, parser)
         || ! setContext(parser, context)) {
       XML_ParserFree(parser);
       return NULL;
@@ -1688,14 +1993,16 @@ XML_ParserFree(XML_Parser parser) {
 #else
   if (parser->m_dtd)
 #endif /* XML_DTD */
-    dtdDestroy(parser->m_dtd, (XML_Bool)! parser->m_parentParser,
-               &parser->m_mem);
-  FREE(parser, (void *)parser->m_atts);
+    dtdDestroy(parser->m_dtd, (XML_Bool)! parser->m_parentParser, parser);
+  FREE(parser, parser->m_atts);
 #ifdef XML_ATTR_INFO
-  FREE(parser, (void *)parser->m_attInfo);
+  FREE(parser, parser->m_attInfo);
 #endif
   FREE(parser, parser->m_groupConnector);
-  FREE(parser, parser->m_buffer);
+  // NOTE: We are avoiding FREE(..) here because parser->m_buffer
+  //       is not being allocated with MALLOC(..) but with plain
+  //       .malloc_fcn(..).
+  parser->m_mem.free_fcn(parser->m_buffer);
   FREE(parser, parser->m_dataBuf);
   FREE(parser, parser->m_nsAtts);
   FREE(parser, parser->m_unknownEncodingMem);
@@ -2014,12 +2321,14 @@ int XMLCALL
 XML_SetHashSalt(XML_Parser parser, unsigned long hash_salt) {
   if (parser == NULL)
     return 0;
-  if (parser->m_parentParser)
-    return XML_SetHashSalt(parser->m_parentParser, hash_salt);
+
+  const XML_Parser rootParser = getRootParserOf(parser, NULL);
+  assert(! rootParser->m_parentParser);
+
   /* block after XML_Parse()/XML_ParseBuffer() has been called */
-  if (parserBusy(parser))
+  if (parserBusy(rootParser))
     return 0;
-  parser->m_hash_secret_salt = hash_salt;
+  rootParser->m_hash_secret_salt = hash_salt;
   return 1;
 }
 
@@ -2287,7 +2596,9 @@ XML_GetBuffer(XML_Parser parser, int len) {
         parser->m_errorCode = XML_ERROR_NO_MEMORY;
         return NULL;
       }
-      newBuf = (char *)MALLOC(parser, bufferSize);
+      // NOTE: We are avoiding MALLOC(..) here to leave limiting
+      //       the input size to the application using Expat.
+      newBuf = parser->m_mem.malloc_fcn(bufferSize);
       if (newBuf == 0) {
         parser->m_errorCode = XML_ERROR_NO_MEMORY;
         return NULL;
@@ -2298,7 +2609,10 @@ XML_GetBuffer(XML_Parser parser, int len) {
         memcpy(newBuf, &parser->m_bufferPtr[-keep],
                EXPAT_SAFE_PTR_DIFF(parser->m_bufferEnd, parser->m_bufferPtr)
                    + keep);
-        FREE(parser, parser->m_buffer);
+        // NOTE: We are avoiding FREE(..) here because parser->m_buffer
+        //       is not being allocated with MALLOC(..) but with plain
+        //       .malloc_fcn(..).
+        parser->m_mem.free_fcn(parser->m_buffer);
         parser->m_buffer = newBuf;
         parser->m_bufferEnd
             = parser->m_buffer
@@ -2314,7 +2628,10 @@ XML_GetBuffer(XML_Parser parser, int len) {
       if (parser->m_bufferPtr) {
         memcpy(newBuf, parser->m_bufferPtr,
                EXPAT_SAFE_PTR_DIFF(parser->m_bufferEnd, parser->m_bufferPtr));
-        FREE(parser, parser->m_buffer);
+        // NOTE: We are avoiding FREE(..) here because parser->m_buffer
+        //       is not being allocated with MALLOC(..) but with plain
+        //       .malloc_fcn(..).
+        parser->m_mem.free_fcn(parser->m_buffer);
         parser->m_bufferEnd
             = newBuf
               + EXPAT_SAFE_PTR_DIFF(parser->m_bufferEnd, parser->m_bufferPtr);
@@ -2492,28 +2809,43 @@ XML_GetCurrentColumnNumber(XML_Parser parser) {
 
 void XMLCALL
 XML_FreeContentModel(XML_Parser parser, XML_Content *model) {
-  if (parser != NULL)
-    FREE(parser, model);
+  if (parser == NULL)
+    return;
+
+  // NOTE: We are avoiding FREE(..) here because the content model
+  //       has been created using plain .malloc_fcn(..) rather than MALLOC(..).
+  parser->m_mem.free_fcn(model);
 }
 
 void *XMLCALL
 XML_MemMalloc(XML_Parser parser, size_t size) {
   if (parser == NULL)
     return NULL;
-  return MALLOC(parser, size);
+
+  // NOTE: We are avoiding MALLOC(..) here to not include
+  //       user allocations with allocation tracking and limiting.
+  return parser->m_mem.malloc_fcn(size);
 }
 
 void *XMLCALL
 XML_MemRealloc(XML_Parser parser, void *ptr, size_t size) {
   if (parser == NULL)
     return NULL;
-  return REALLOC(parser, ptr, size);
+
+  // NOTE: We are avoiding REALLOC(..) here to not include
+  //       user allocations with allocation tracking and limiting.
+  return parser->m_mem.realloc_fcn(ptr, size);
 }
 
 void XMLCALL
 XML_MemFree(XML_Parser parser, void *ptr) {
-  if (parser != NULL)
-    FREE(parser, ptr);
+  if (parser == NULL)
+    return;
+
+  // NOTE: We are avoiding FREE(..) here because XML_MemMalloc and
+  //       XML_MemRealloc are not using MALLOC(..) and REALLOC(..)
+  //       but plain .malloc_fcn(..) and .realloc_fcn(..), internally.
+  parser->m_mem.free_fcn(ptr);
 }
 
 void XMLCALL
@@ -2713,6 +3045,13 @@ XML_GetFeatureList(void) {
        EXPAT_BILLION_LAUGHS_ATTACK_PROTECTION_ACTIVATION_THRESHOLD_DEFAULT},
       /* Added in Expat 2.6.0. */
       {XML_FEATURE_GE, XML_L("XML_GE"), 0},
+      /* Added in Expat 2.7.2. */
+      {XML_FEATURE_ALLOC_TRACKER_MAXIMUM_AMPLIFICATION_DEFAULT,
+       XML_L("XML_AT_MAX_AMP"),
+       (long int)EXPAT_ALLOC_TRACKER_MAXIMUM_AMPLIFICATION_DEFAULT},
+      {XML_FEATURE_ALLOC_TRACKER_ACTIVATION_THRESHOLD_DEFAULT,
+       XML_L("XML_AT_ACT_THRES"),
+       (long int)EXPAT_ALLOC_TRACKER_ACTIVATION_THRESHOLD_DEFAULT},
 #endif
       {XML_FEATURE_END, NULL, 0}};
 
@@ -2741,6 +3080,29 @@ XML_SetBillionLaughsAttackProtectionActivationThreshold(
   parser->m_accounting.activationThresholdBytes = activationThresholdBytes;
   return XML_TRUE;
 }
+
+XML_Bool XMLCALL
+XML_SetAllocTrackerMaximumAmplification(XML_Parser parser,
+                                        float maximumAmplificationFactor) {
+  if ((parser == NULL) || (parser->m_parentParser != NULL)
+      || isnan(maximumAmplificationFactor)
+      || (maximumAmplificationFactor < 1.0f)) {
+    return XML_FALSE;
+  }
+  parser->m_alloc_tracker.maximumAmplificationFactor
+      = maximumAmplificationFactor;
+  return XML_TRUE;
+}
+
+XML_Bool XMLCALL
+XML_SetAllocTrackerActivationThreshold(
+    XML_Parser parser, unsigned long long activationThresholdBytes) {
+  if ((parser == NULL) || (parser->m_parentParser != NULL)) {
+    return XML_FALSE;
+  }
+  parser->m_alloc_tracker.activationThresholdBytes = activationThresholdBytes;
+  return XML_TRUE;
+}
 #endif /* XML_GE == 1 */
 
 XML_Bool XMLCALL
@@ -2761,8 +3123,8 @@ static XML_Bool
 storeRawNames(XML_Parser parser) {
   TAG *tag = parser->m_tagStack;
   while (tag) {
-    int bufSize;
-    int nameLen = sizeof(XML_Char) * (tag->name.strLen + 1);
+    size_t bufSize;
+    size_t nameLen = sizeof(XML_Char) * (tag->name.strLen + 1);
     size_t rawNameLen;
     char *rawNameBuf = tag->buf + nameLen;
     /* Stop if already stored.  Since m_tagStack is a stack, we can stop
@@ -2779,9 +3141,9 @@ storeRawNames(XML_Parser parser) {
     /* Detect and prevent integer overflow. */
     if (rawNameLen > (size_t)INT_MAX - nameLen)
       return XML_FALSE;
-    bufSize = nameLen + (int)rawNameLen;
-    if (bufSize > tag->bufEnd - tag->buf) {
-      char *temp = (char *)REALLOC(parser, tag->buf, bufSize);
+    bufSize = nameLen + rawNameLen;
+    if (bufSize > (size_t)(tag->bufEnd - tag->buf)) {
+      char *temp = REALLOC(parser, tag->buf, bufSize);
       if (temp == NULL)
         return XML_FALSE;
       /* if tag->name.str points to tag->buf (only when namespace
@@ -3107,10 +3469,10 @@ doContent(XML_Parser parser, int startTagLevel, const ENCODING *enc,
         tag = parser->m_freeTagList;
         parser->m_freeTagList = parser->m_freeTagList->parent;
       } else {
-        tag = (TAG *)MALLOC(parser, sizeof(TAG));
+        tag = MALLOC(parser, sizeof(TAG));
         if (! tag)
           return XML_ERROR_NO_MEMORY;
-        tag->buf = (char *)MALLOC(parser, INIT_TAG_BUF_SIZE);
+        tag->buf = MALLOC(parser, INIT_TAG_BUF_SIZE);
         if (! tag->buf) {
           FREE(parser, tag);
           return XML_ERROR_NO_MEMORY;
@@ -3143,7 +3505,7 @@ doContent(XML_Parser parser, int startTagLevel, const ENCODING *enc,
           }
           bufSize = (int)(tag->bufEnd - tag->buf) << 1;
           {
-            char *temp = (char *)REALLOC(parser, tag->buf, bufSize);
+            char *temp = REALLOC(parser, tag->buf, bufSize);
             if (temp == NULL)
               return XML_ERROR_NO_MEMORY;
             tag->buf = temp;
@@ -3522,8 +3884,8 @@ storeAtts(XML_Parser parser, const ENCODING *enc, const char *attStr,
     }
 #endif
 
-    temp = (ATTRIBUTE *)REALLOC(parser, (void *)parser->m_atts,
-                                parser->m_attsSize * sizeof(ATTRIBUTE));
+    temp = REALLOC(parser, parser->m_atts,
+                   parser->m_attsSize * sizeof(ATTRIBUTE));
     if (temp == NULL) {
       parser->m_attsSize = oldAttsSize;
       return XML_ERROR_NO_MEMORY;
@@ -3541,8 +3903,8 @@ storeAtts(XML_Parser parser, const ENCODING *enc, const char *attStr,
     }
 #  endif
 
-    temp2 = (XML_AttrInfo *)REALLOC(parser, (void *)parser->m_attInfo,
-                                    parser->m_attsSize * sizeof(XML_AttrInfo));
+    temp2 = REALLOC(parser, parser->m_attInfo,
+                    parser->m_attsSize * sizeof(XML_AttrInfo));
     if (temp2 == NULL) {
       parser->m_attsSize = oldAttsSize;
       return XML_ERROR_NO_MEMORY;
@@ -3677,7 +4039,7 @@ storeAtts(XML_Parser parser, const ENCODING *enc, const char *attStr,
      and clear flags that say whether attributes were specified */
   i = 0;
   if (nPrefixes) {
-    int j; /* hash table index */
+    unsigned int j; /* hash table index */
     unsigned long version = parser->m_nsAttsVersion;
 
     /* Detect and prevent invalid shift */
@@ -3718,8 +4080,7 @@ storeAtts(XML_Parser parser, const ENCODING *enc, const char *attStr,
       }
 #endif
 
-      temp = (NS_ATT *)REALLOC(parser, parser->m_nsAtts,
-                               nsAttsSize * sizeof(NS_ATT));
+      temp = REALLOC(parser, parser->m_nsAtts, nsAttsSize * sizeof(NS_ATT));
       if (! temp) {
         /* Restore actual size of memory in m_nsAtts */
         parser->m_nsAttsPower = oldNsAttsPower;
@@ -3772,7 +4133,7 @@ storeAtts(XML_Parser parser, const ENCODING *enc, const char *attStr,
         if (! b)
           return XML_ERROR_UNBOUND_PREFIX;
 
-        for (j = 0; j < b->uriLen; j++) {
+        for (j = 0; j < (unsigned int)b->uriLen; j++) {
           const XML_Char c = b->uri[j];
           if (! poolAppendChar(&parser->m_tempPool, c))
             return XML_ERROR_NO_MEMORY;
@@ -3866,7 +4227,7 @@ storeAtts(XML_Parser parser, const ENCODING *enc, const char *attStr,
     return XML_ERROR_NONE;
   prefixLen = 0;
   if (parser->m_ns_triplets && binding->prefix->name) {
-    for (; binding->prefix->name[prefixLen++];)
+    while (binding->prefix->name[prefixLen++])
       ; /* prefixLen includes null terminator */
   }
   tagNamePtr->localPart = localPart;
@@ -3900,7 +4261,7 @@ storeAtts(XML_Parser parser, const ENCODING *enc, const char *attStr,
     }
 #endif
 
-    uri = (XML_Char *)MALLOC(parser, (n + EXPAND_SPARE) * sizeof(XML_Char));
+    uri = MALLOC(parser, (n + EXPAND_SPARE) * sizeof(XML_Char));
     if (! uri)
       return XML_ERROR_NO_MEMORY;
     binding->uriAlloc = n + EXPAND_SPARE;
@@ -4146,8 +4507,8 @@ addBinding(XML_Parser parser, PREFIX *prefix, const ATTRIBUTE_ID *attId,
       }
 #endif
 
-      XML_Char *temp = (XML_Char *)REALLOC(
-          parser, b->uri, sizeof(XML_Char) * (len + EXPAND_SPARE));
+      XML_Char *temp
+          = REALLOC(parser, b->uri, sizeof(XML_Char) * (len + EXPAND_SPARE));
       if (temp == NULL)
         return XML_ERROR_NO_MEMORY;
       b->uri = temp;
@@ -4155,7 +4516,7 @@ addBinding(XML_Parser parser, PREFIX *prefix, const ATTRIBUTE_ID *attId,
     }
     parser->m_freeBindingList = b->nextTagBinding;
   } else {
-    b = (BINDING *)MALLOC(parser, sizeof(BINDING));
+    b = MALLOC(parser, sizeof(BINDING));
     if (! b)
       return XML_ERROR_NO_MEMORY;
 
@@ -4173,8 +4534,7 @@ addBinding(XML_Parser parser, PREFIX *prefix, const ATTRIBUTE_ID *attId,
     }
 #endif
 
-    b->uri
-        = (XML_Char *)MALLOC(parser, sizeof(XML_Char) * (len + EXPAND_SPARE));
+    b->uri = MALLOC(parser, sizeof(XML_Char) * (len + EXPAND_SPARE));
     if (! b->uri) {
       FREE(parser, b);
       return XML_ERROR_NO_MEMORY;
@@ -5545,7 +5905,7 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end,
               return XML_ERROR_NO_MEMORY;
             }
 
-            char *const new_connector = (char *)REALLOC(
+            char *const new_connector = REALLOC(
                 parser, parser->m_groupConnector, parser->m_groupSize *= 2);
             if (new_connector == NULL) {
               parser->m_groupSize /= 2;
@@ -5565,15 +5925,14 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end,
             }
 #endif
 
-            int *const new_scaff_index = (int *)REALLOC(
+            int *const new_scaff_index = REALLOC(
                 parser, dtd->scaffIndex, parser->m_groupSize * sizeof(int));
             if (new_scaff_index == NULL)
               return XML_ERROR_NO_MEMORY;
             dtd->scaffIndex = new_scaff_index;
           }
         } else {
-          parser->m_groupConnector
-              = (char *)MALLOC(parser, parser->m_groupSize = 32);
+          parser->m_groupConnector = MALLOC(parser, parser->m_groupSize = 32);
           if (! parser->m_groupConnector) {
             parser->m_groupSize = 0;
             return XML_ERROR_NO_MEMORY;
@@ -5730,8 +6089,11 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end,
     case XML_ROLE_CONTENT_EMPTY:
       if (dtd->in_eldecl) {
         if (parser->m_elementDeclHandler) {
-          XML_Content *content
-              = (XML_Content *)MALLOC(parser, sizeof(XML_Content));
+          // NOTE: We are avoiding MALLOC(..) here to so that
+          //       applications that are not using XML_FreeContentModel but
+          //       plain free(..) or .free_fcn() to free the content model's
+          //       memory are safe.
+          XML_Content *content = parser->m_mem.malloc_fcn(sizeof(XML_Content));
           if (! content)
             return XML_ERROR_NO_MEMORY;
           content->quant = XML_CQUANT_NONE;
@@ -5787,7 +6149,7 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end,
         name = el->name;
         dtd->scaffold[myindex].name = name;
         nameLen = 0;
-        for (; name[nameLen++];)
+        while (name[nameLen++])
           ;
 
         /* Detect and prevent integer overflow */
@@ -6008,8 +6370,7 @@ processEntity(XML_Parser parser, ENTITY *entity, XML_Bool betweenDecl,
     openEntity = *freeEntityList;
     *freeEntityList = openEntity->next;
   } else {
-    openEntity
-        = (OPEN_INTERNAL_ENTITY *)MALLOC(parser, sizeof(OPEN_INTERNAL_ENTITY));
+    openEntity = MALLOC(parser, sizeof(OPEN_INTERNAL_ENTITY));
     if (! openEntity)
       return XML_ERROR_NO_MEMORY;
   }
@@ -6087,6 +6448,10 @@ internalEntityProcessor(XML_Parser parser, const char *s, const char *end,
     // process its possible inner entities (which are added to the
     // m_openInternalEntities during doProlog or doContent calls above)
     entity->hasMore = XML_FALSE;
+    if (! entity->is_param
+        && (openEntity->startTagLevel != parser->m_tagLevel)) {
+      return XML_ERROR_ASYNC_ENTITY;
+    }
     triggerReenter(parser);
     return result;
   } // End of entity processing, "if" block will return here
@@ -6277,7 +6642,7 @@ appendAttributeValue(XML_Parser parser, const ENCODING *enc, XML_Bool isCdata,
     case XML_TOK_ENTITY_REF: {
       const XML_Char *name;
       ENTITY *entity;
-      char checkEntityDecl;
+      bool checkEntityDecl;
       XML_Char ch = (XML_Char)XmlPredefinedEntityName(
           enc, ptr + enc->minBytesPerChar, next - enc->minBytesPerChar);
       if (ch) {
@@ -6804,8 +7169,8 @@ defineAttribute(ELEMENT_TYPE *type, ATTRIBUTE_ID *attId, XML_Bool isCdata,
   if (type->nDefaultAtts == type->allocDefaultAtts) {
     if (type->allocDefaultAtts == 0) {
       type->allocDefaultAtts = 8;
-      type->defaultAtts = (DEFAULT_ATTRIBUTE *)MALLOC(
-          parser, type->allocDefaultAtts * sizeof(DEFAULT_ATTRIBUTE));
+      type->defaultAtts
+          = MALLOC(parser, type->allocDefaultAtts * sizeof(DEFAULT_ATTRIBUTE));
       if (! type->defaultAtts) {
         type->allocDefaultAtts = 0;
         return 0;
@@ -6830,8 +7195,8 @@ defineAttribute(ELEMENT_TYPE *type, ATTRIBUTE_ID *attId, XML_Bool isCdata,
       }
 #endif
 
-      temp = (DEFAULT_ATTRIBUTE *)REALLOC(parser, type->defaultAtts,
-                                          (count * sizeof(DEFAULT_ATTRIBUTE)));
+      temp = REALLOC(parser, type->defaultAtts,
+                     (count * sizeof(DEFAULT_ATTRIBUTE)));
       if (temp == NULL)
         return 0;
       type->allocDefaultAtts = count;
@@ -7122,19 +7487,19 @@ normalizePublicId(XML_Char *publicId) {
 }
 
 static DTD *
-dtdCreate(const XML_Memory_Handling_Suite *ms) {
-  DTD *p = ms->malloc_fcn(sizeof(DTD));
+dtdCreate(XML_Parser parser) {
+  DTD *p = MALLOC(parser, sizeof(DTD));
   if (p == NULL)
     return p;
-  poolInit(&(p->pool), ms);
-  poolInit(&(p->entityValuePool), ms);
-  hashTableInit(&(p->generalEntities), ms);
-  hashTableInit(&(p->elementTypes), ms);
-  hashTableInit(&(p->attributeIds), ms);
-  hashTableInit(&(p->prefixes), ms);
+  poolInit(&(p->pool), parser);
+  poolInit(&(p->entityValuePool), parser);
+  hashTableInit(&(p->generalEntities), parser);
+  hashTableInit(&(p->elementTypes), parser);
+  hashTableInit(&(p->attributeIds), parser);
+  hashTableInit(&(p->prefixes), parser);
 #ifdef XML_DTD
   p->paramEntityRead = XML_FALSE;
-  hashTableInit(&(p->paramEntities), ms);
+  hashTableInit(&(p->paramEntities), parser);
 #endif /* XML_DTD */
   p->defaultPrefix.name = NULL;
   p->defaultPrefix.binding = NULL;
@@ -7154,7 +7519,7 @@ dtdCreate(const XML_Memory_Handling_Suite *ms) {
 }
 
 static void
-dtdReset(DTD *p, const XML_Memory_Handling_Suite *ms) {
+dtdReset(DTD *p, XML_Parser parser) {
   HASH_TABLE_ITER iter;
   hashTableIterInit(&iter, &(p->elementTypes));
   for (;;) {
@@ -7162,7 +7527,7 @@ dtdReset(DTD *p, const XML_Memory_Handling_Suite *ms) {
     if (! e)
       break;
     if (e->allocDefaultAtts != 0)
-      ms->free_fcn(e->defaultAtts);
+      FREE(parser, e->defaultAtts);
   }
   hashTableClear(&(p->generalEntities));
 #ifdef XML_DTD
@@ -7179,9 +7544,9 @@ dtdReset(DTD *p, const XML_Memory_Handling_Suite *ms) {
 
   p->in_eldecl = XML_FALSE;
 
-  ms->free_fcn(p->scaffIndex);
+  FREE(parser, p->scaffIndex);
   p->scaffIndex = NULL;
-  ms->free_fcn(p->scaffold);
+  FREE(parser, p->scaffold);
   p->scaffold = NULL;
 
   p->scaffLevel = 0;
@@ -7195,7 +7560,7 @@ dtdReset(DTD *p, const XML_Memory_Handling_Suite *ms) {
 }
 
 static void
-dtdDestroy(DTD *p, XML_Bool isDocEntity, const XML_Memory_Handling_Suite *ms) {
+dtdDestroy(DTD *p, XML_Bool isDocEntity, XML_Parser parser) {
   HASH_TABLE_ITER iter;
   hashTableIterInit(&iter, &(p->elementTypes));
   for (;;) {
@@ -7203,7 +7568,7 @@ dtdDestroy(DTD *p, XML_Bool isDocEntity, const XML_Memory_Handling_Suite *ms) {
     if (! e)
       break;
     if (e->allocDefaultAtts != 0)
-      ms->free_fcn(e->defaultAtts);
+      FREE(parser, e->defaultAtts);
   }
   hashTableDestroy(&(p->generalEntities));
 #ifdef XML_DTD
@@ -7215,10 +7580,10 @@ dtdDestroy(DTD *p, XML_Bool isDocEntity, const XML_Memory_Handling_Suite *ms) {
   poolDestroy(&(p->pool));
   poolDestroy(&(p->entityValuePool));
   if (isDocEntity) {
-    ms->free_fcn(p->scaffIndex);
-    ms->free_fcn(p->scaffold);
+    FREE(parser, p->scaffIndex);
+    FREE(parser, p->scaffold);
   }
-  ms->free_fcn(p);
+  FREE(parser, p);
 }
 
 /* Do a deep copy of the DTD. Return 0 for out of memory, non-zero otherwise.
@@ -7226,7 +7591,7 @@ dtdDestroy(DTD *p, XML_Bool isDocEntity, const XML_Memory_Handling_Suite *ms) {
 */
 static int
 dtdCopy(XML_Parser oldParser, DTD *newDtd, const DTD *oldDtd,
-        const XML_Memory_Handling_Suite *ms) {
+        XML_Parser parser) {
   HASH_TABLE_ITER iter;
 
   /* Copy the prefix table. */
@@ -7307,7 +7672,7 @@ dtdCopy(XML_Parser oldParser, DTD *newDtd, const DTD *oldDtd,
       }
 #endif
       newE->defaultAtts
-          = ms->malloc_fcn(oldE->nDefaultAtts * sizeof(DEFAULT_ATTRIBUTE));
+          = MALLOC(parser, oldE->nDefaultAtts * sizeof(DEFAULT_ATTRIBUTE));
       if (! newE->defaultAtts) {
         return 0;
       }
@@ -7469,7 +7834,7 @@ lookup(XML_Parser parser, HASH_TABLE *table, KEY name, size_t createSize) {
     /* table->size is a power of 2 */
     table->size = (size_t)1 << INIT_POWER;
     tsize = table->size * sizeof(NAMED *);
-    table->v = table->mem->malloc_fcn(tsize);
+    table->v = MALLOC(table->parser, tsize);
     if (! table->v) {
       table->size = 0;
       return NULL;
@@ -7509,7 +7874,7 @@ lookup(XML_Parser parser, HASH_TABLE *table, KEY name, size_t createSize) {
       }
 
       size_t tsize = newSize * sizeof(NAMED *);
-      NAMED **newV = table->mem->malloc_fcn(tsize);
+      NAMED **newV = MALLOC(table->parser, tsize);
       if (! newV)
         return NULL;
       memset(newV, 0, tsize);
@@ -7525,7 +7890,7 @@ lookup(XML_Parser parser, HASH_TABLE *table, KEY name, size_t createSize) {
           }
           newV[j] = table->v[i];
         }
-      table->mem->free_fcn(table->v);
+      FREE(table->parser, table->v);
       table->v = newV;
       table->power = newPower;
       table->size = newSize;
@@ -7538,7 +7903,7 @@ lookup(XML_Parser parser, HASH_TABLE *table, KEY name, size_t createSize) {
       }
     }
   }
-  table->v[i] = table->mem->malloc_fcn(createSize);
+  table->v[i] = MALLOC(table->parser, createSize);
   if (! table->v[i])
     return NULL;
   memset(table->v[i], 0, createSize);
@@ -7551,7 +7916,7 @@ static void FASTCALL
 hashTableClear(HASH_TABLE *table) {
   size_t i;
   for (i = 0; i < table->size; i++) {
-    table->mem->free_fcn(table->v[i]);
+    FREE(table->parser, table->v[i]);
     table->v[i] = NULL;
   }
   table->used = 0;
@@ -7561,17 +7926,17 @@ static void FASTCALL
 hashTableDestroy(HASH_TABLE *table) {
   size_t i;
   for (i = 0; i < table->size; i++)
-    table->mem->free_fcn(table->v[i]);
-  table->mem->free_fcn(table->v);
+    FREE(table->parser, table->v[i]);
+  FREE(table->parser, table->v);
 }
 
 static void FASTCALL
-hashTableInit(HASH_TABLE *p, const XML_Memory_Handling_Suite *ms) {
+hashTableInit(HASH_TABLE *p, XML_Parser parser) {
   p->power = 0;
   p->size = 0;
   p->used = 0;
   p->v = NULL;
-  p->mem = ms;
+  p->parser = parser;
 }
 
 static void FASTCALL
@@ -7591,13 +7956,13 @@ hashTableIterNext(HASH_TABLE_ITER *iter) {
 }
 
 static void FASTCALL
-poolInit(STRING_POOL *pool, const XML_Memory_Handling_Suite *ms) {
+poolInit(STRING_POOL *pool, XML_Parser parser) {
   pool->blocks = NULL;
   pool->freeBlocks = NULL;
   pool->start = NULL;
   pool->ptr = NULL;
   pool->end = NULL;
-  pool->mem = ms;
+  pool->parser = parser;
 }
 
 static void FASTCALL
@@ -7624,13 +7989,13 @@ poolDestroy(STRING_POOL *pool) {
   BLOCK *p = pool->blocks;
   while (p) {
     BLOCK *tem = p->next;
-    pool->mem->free_fcn(p);
+    FREE(pool->parser, p);
     p = tem;
   }
   p = pool->freeBlocks;
   while (p) {
     BLOCK *tem = p->next;
-    pool->mem->free_fcn(p);
+    FREE(pool->parser, p);
     p = tem;
   }
 }
@@ -7785,8 +8150,7 @@ poolGrow(STRING_POOL *pool) {
     if (bytesToAllocate == 0)
       return XML_FALSE;
 
-    temp = (BLOCK *)pool->mem->realloc_fcn(pool->blocks,
-                                           (unsigned)bytesToAllocate);
+    temp = REALLOC(pool->parser, pool->blocks, bytesToAllocate);
     if (temp == NULL)
       return XML_FALSE;
     pool->blocks = temp;
@@ -7826,7 +8190,7 @@ poolGrow(STRING_POOL *pool) {
     if (bytesToAllocate == 0)
       return XML_FALSE;
 
-    tem = pool->mem->malloc_fcn(bytesToAllocate);
+    tem = MALLOC(pool->parser, bytesToAllocate);
     if (! tem)
       return XML_FALSE;
     tem->size = blockSize;
@@ -7857,12 +8221,17 @@ nextScaffoldPart(XML_Parser parser) {
       return -1;
     }
 #endif
-    dtd->scaffIndex = (int *)MALLOC(parser, parser->m_groupSize * sizeof(int));
+    dtd->scaffIndex = MALLOC(parser, parser->m_groupSize * sizeof(int));
     if (! dtd->scaffIndex)
       return -1;
     dtd->scaffIndex[0] = 0;
   }
 
+  // Will casting to int be safe further down?
+  if (dtd->scaffCount > INT_MAX) {
+    return -1;
+  }
+
   if (dtd->scaffCount >= dtd->scaffSize) {
     CONTENT_SCAFFOLD *temp;
     if (dtd->scaffold) {
@@ -7880,21 +8249,20 @@ nextScaffoldPart(XML_Parser parser) {
       }
 #endif
 
-      temp = (CONTENT_SCAFFOLD *)REALLOC(
-          parser, dtd->scaffold, dtd->scaffSize * 2 * sizeof(CONTENT_SCAFFOLD));
+      temp = REALLOC(parser, dtd->scaffold,
+                     dtd->scaffSize * 2 * sizeof(CONTENT_SCAFFOLD));
       if (temp == NULL)
         return -1;
       dtd->scaffSize *= 2;
     } else {
-      temp = (CONTENT_SCAFFOLD *)MALLOC(parser, INIT_SCAFFOLD_ELEMENTS
-                                                    * sizeof(CONTENT_SCAFFOLD));
+      temp = MALLOC(parser, INIT_SCAFFOLD_ELEMENTS * sizeof(CONTENT_SCAFFOLD));
       if (temp == NULL)
         return -1;
       dtd->scaffSize = INIT_SCAFFOLD_ELEMENTS;
     }
     dtd->scaffold = temp;
   }
-  next = dtd->scaffCount++;
+  next = (int)dtd->scaffCount++;
   me = &dtd->scaffold[next];
   if (dtd->scaffLevel) {
     CONTENT_SCAFFOLD *parent
@@ -7941,7 +8309,10 @@ build_model(XML_Parser parser) {
   const size_t allocsize = (dtd->scaffCount * sizeof(XML_Content)
                             + (dtd->contentStringLen * sizeof(XML_Char)));
 
-  ret = (XML_Content *)MALLOC(parser, allocsize);
+  // NOTE: We are avoiding MALLOC(..) here to so that
+  //       applications that are not using XML_FreeContentModel but plain
+  //       free(..) or .free_fcn() to free the content model's memory are safe.
+  ret = parser->m_mem.malloc_fcn(allocsize);
   if (! ret)
     return NULL;
 
@@ -8062,7 +8433,7 @@ getElementType(XML_Parser parser, const ENCODING *enc, const char *ptr,
 }
 
 static XML_Char *
-copyString(const XML_Char *s, const XML_Memory_Handling_Suite *memsuite) {
+copyString(const XML_Char *s, XML_Parser parser) {
   size_t charsRequired = 0;
   XML_Char *result;
 
@@ -8074,7 +8445,7 @@ copyString(const XML_Char *s, const XML_Memory_Handling_Suite *memsuite) {
   charsRequired++;
 
   /* Now allocate space for the copy */
-  result = memsuite->malloc_fcn(charsRequired * sizeof(XML_Char));
+  result = MALLOC(parser, charsRequired * sizeof(XML_Char));
   if (result == NULL)
     return NULL;
   /* Copy the original into place */
@@ -8093,10 +8464,10 @@ accountingGetCurrentAmplification(XML_Parser rootParser) {
         + rootParser->m_accounting.countBytesIndirect;
   const float amplificationFactor
       = rootParser->m_accounting.countBytesDirect
-            ? (countBytesOutput
+            ? ((float)countBytesOutput
                / (float)(rootParser->m_accounting.countBytesDirect))
-            : ((lenOfShortestInclude
-                + rootParser->m_accounting.countBytesIndirect)
+            : ((float)(lenOfShortestInclude
+                       + rootParser->m_accounting.countBytesIndirect)
                / (float)lenOfShortestInclude);
   assert(! rootParser->m_parentParser);
   return amplificationFactor;
@@ -8280,6 +8651,8 @@ entityTrackingOnClose(XML_Parser originParser, ENTITY *entity, int sourceLine) {
   rootParser->m_entity_stats.currentDepth--;
 }
 
+#endif /* XML_GE == 1 */
+
 static XML_Parser
 getRootParserOf(XML_Parser parser, unsigned int *outLevelDiff) {
   XML_Parser rootParser = parser;
@@ -8295,6 +8668,8 @@ getRootParserOf(XML_Parser parser, unsigned int *outLevelDiff) {
   return rootParser;
 }
 
+#if XML_GE == 1
+
 const char *
 unsignedCharToPrintable(unsigned char c) {
   switch (c) {
diff --git a/contrib/expat/lib/xmlrole.h b/contrib/expat/lib/xmlrole.h
index a7904274c91d..9d0d4ff11b7f 100644
--- a/contrib/expat/lib/xmlrole.h
+++ b/contrib/expat/lib/xmlrole.h
@@ -10,7 +10,7 @@
    Copyright (c) 2000      Clark Cooper <coopercc@users.sourceforge.net>
    Copyright (c) 2002      Karl Waclawek <karl@waclawek.net>
    Copyright (c) 2002      Fred L. Drake, Jr. <fdrake@users.sourceforge.net>
-   Copyright (c) 2017-2024 Sebastian Pipping <sebastian@pipping.org>
+   Copyright (c) 2017-2025 Sebastian Pipping <sebastian@pipping.org>
    Licensed under the MIT license:
 
    Permission is  hereby granted,  free of charge,  to any  person obtaining
@@ -34,19 +34,13 @@
 */
 
 #ifndef XmlRole_INCLUDED
-#define XmlRole_INCLUDED 1
+#  define XmlRole_INCLUDED 1
 
-#ifdef __VMS
-/*      0        1         2         3      0        1         2         3
-        1234567890123456789012345678901     1234567890123456789012345678901 */
-#  define XmlPrologStateInitExternalEntity XmlPrologStateInitExternalEnt
-#endif
+#  include "xmltok.h"
 
-#include "xmltok.h"
-
-#ifdef __cplusplus
+#  ifdef __cplusplus
 extern "C" {
-#endif
+#  endif
 
 enum {
   XML_ROLE_ERROR = -1,
@@ -107,11 +101,11 @@ enum {
   XML_ROLE_CONTENT_ELEMENT_PLUS,
   XML_ROLE_PI,
   XML_ROLE_COMMENT,
-#ifdef XML_DTD
+#  ifdef XML_DTD
   XML_ROLE_TEXT_DECL,
   XML_ROLE_IGNORE_SECT,
   XML_ROLE_INNER_PARAM_ENTITY_REF,
-#endif /* XML_DTD */
+#  endif /* XML_DTD */
   XML_ROLE_PARAM_ENTITY_REF
 };
 
@@ -120,23 +114,23 @@ typedef struct prolog_state {
                         const char *end, const ENCODING *enc);
   unsigned level;
   int role_none;
-#ifdef XML_DTD
+#  ifdef XML_DTD
   unsigned includeLevel;
   int documentEntity;
   int inEntityValue;
-#endif /* XML_DTD */
+#  endif /* XML_DTD */
 } PROLOG_STATE;
 
 void XmlPrologStateInit(PROLOG_STATE *state);
-#ifdef XML_DTD
+#  ifdef XML_DTD
 void XmlPrologStateInitExternalEntity(PROLOG_STATE *state);
-#endif /* XML_DTD */
+#  endif /* XML_DTD */
 
-#define XmlTokenRole(state, tok, ptr, end, enc)                                \
-  (((state)->handler)(state, tok, ptr, end, enc))
+#  define XmlTokenRole(state, tok, ptr, end, enc)                              \
+    (((state)->handler)(state, tok, ptr, end, enc))
 
-#ifdef __cplusplus
+#  ifdef __cplusplus
 }
-#endif
+#  endif
 
 #endif /* not XmlRole_INCLUDED */
diff --git a/contrib/expat/lib/xmltok.c b/contrib/expat/lib/xmltok.c
index 29a66d72ceea..95d5e84b67f1 100644
--- a/contrib/expat/lib/xmltok.c
+++ b/contrib/expat/lib/xmltok.c
@@ -1398,7 +1398,7 @@ unknown_toUtf16(const ENCODING *enc, const char **fromP, const char *fromLim,
 }
 
 ENCODING *
-XmlInitUnknownEncoding(void *mem, int *table, CONVERTER convert,
+XmlInitUnknownEncoding(void *mem, const int *table, CONVERTER convert,
                        void *userData) {
   int i;
   struct unknown_encoding *e = (struct unknown_encoding *)mem;
@@ -1661,7 +1661,7 @@ initScan(const ENCODING *const *encodingTable, const INIT_ENCODING *enc,
 #  undef ns
 
 ENCODING *
-XmlInitUnknownEncodingNS(void *mem, int *table, CONVERTER convert,
+XmlInitUnknownEncodingNS(void *mem, const int *table, CONVERTER convert,
                          void *userData) {
   ENCODING *enc = XmlInitUnknownEncoding(mem, table, convert, userData);
   if (enc)
diff --git a/contrib/expat/lib/xmltok.h b/contrib/expat/lib/xmltok.h
index c51fce1ec151..79a9fb76871f 100644
--- a/contrib/expat/lib/xmltok.h
+++ b/contrib/expat/lib/xmltok.h
@@ -35,113 +35,113 @@
 */
 
 #ifndef XmlTok_INCLUDED
-#define XmlTok_INCLUDED 1
+#  define XmlTok_INCLUDED 1
 
-#ifdef __cplusplus
+#  ifdef __cplusplus
 extern "C" {
-#endif
+#  endif
 
 /* The following token may be returned by XmlContentTok */
-#define XML_TOK_TRAILING_RSQB                                                  \
-  -5 /* ] or ]] at the end of the scan; might be                               \
-        start of illegal ]]> sequence */
+#  define XML_TOK_TRAILING_RSQB                                                \
+    -5 /* ] or ]] at the end of the scan; might be                             \
+          start of illegal ]]> sequence */
 /* The following tokens may be returned by both XmlPrologTok and
    XmlContentTok.
 */
-#define XML_TOK_NONE -4 /* The string to be scanned is empty */
-#define XML_TOK_TRAILING_CR                                                    \
-  -3                            /* A CR at the end of the scan;                \
-                                   might be part of CRLF sequence */
-#define XML_TOK_PARTIAL_CHAR -2 /* only part of a multibyte sequence */
-#define XML_TOK_PARTIAL -1      /* only part of a token */
-#define XML_TOK_INVALID 0
+#  define XML_TOK_NONE -4 /* The string to be scanned is empty */
+#  define XML_TOK_TRAILING_CR                                                  \
+    -3                            /* A CR at the end of the scan;              \
+                                     might be part of CRLF sequence */
+#  define XML_TOK_PARTIAL_CHAR -2 /* only part of a multibyte sequence */
+#  define XML_TOK_PARTIAL -1      /* only part of a token */
+#  define XML_TOK_INVALID 0
 
 /* The following tokens are returned by XmlContentTok; some are also
    returned by XmlAttributeValueTok, XmlEntityTok, XmlCdataSectionTok.
 */
-#define XML_TOK_START_TAG_WITH_ATTS 1
-#define XML_TOK_START_TAG_NO_ATTS 2
-#define XML_TOK_EMPTY_ELEMENT_WITH_ATTS 3 /* empty element tag <e/> */
-#define XML_TOK_EMPTY_ELEMENT_NO_ATTS 4
-#define XML_TOK_END_TAG 5
-#define XML_TOK_DATA_CHARS 6
-#define XML_TOK_DATA_NEWLINE 7
-#define XML_TOK_CDATA_SECT_OPEN 8
-#define XML_TOK_ENTITY_REF 9
-#define XML_TOK_CHAR_REF 10 /* numeric character reference */
+#  define XML_TOK_START_TAG_WITH_ATTS 1
+#  define XML_TOK_START_TAG_NO_ATTS 2
+#  define XML_TOK_EMPTY_ELEMENT_WITH_ATTS 3 /* empty element tag <e/> */
+#  define XML_TOK_EMPTY_ELEMENT_NO_ATTS 4
+#  define XML_TOK_END_TAG 5
+#  define XML_TOK_DATA_CHARS 6
+#  define XML_TOK_DATA_NEWLINE 7
+#  define XML_TOK_CDATA_SECT_OPEN 8
+#  define XML_TOK_ENTITY_REF 9
+#  define XML_TOK_CHAR_REF 10 /* numeric character reference */
 
 /* The following tokens may be returned by both XmlPrologTok and
    XmlContentTok.
 */
-#define XML_TOK_PI 11       /* processing instruction */
-#define XML_TOK_XML_DECL 12 /* XML decl or text decl */
-#define XML_TOK_COMMENT 13
-#define XML_TOK_BOM 14 /* Byte order mark */
+#  define XML_TOK_PI 11       /* processing instruction */
+#  define XML_TOK_XML_DECL 12 /* XML decl or text decl */
+#  define XML_TOK_COMMENT 13
+#  define XML_TOK_BOM 14 /* Byte order mark */
 
 /* The following tokens are returned only by XmlPrologTok */
-#define XML_TOK_PROLOG_S 15
-#define XML_TOK_DECL_OPEN 16  /* <!foo */
-#define XML_TOK_DECL_CLOSE 17 /* > */
-#define XML_TOK_NAME 18
-#define XML_TOK_NMTOKEN 19
-#define XML_TOK_POUND_NAME 20 /* #name */
-#define XML_TOK_OR 21         /* | */
-#define XML_TOK_PERCENT 22
-#define XML_TOK_OPEN_PAREN 23
-#define XML_TOK_CLOSE_PAREN 24
-#define XML_TOK_OPEN_BRACKET 25
-#define XML_TOK_CLOSE_BRACKET 26
-#define XML_TOK_LITERAL 27
-#define XML_TOK_PARAM_ENTITY_REF 28
-#define XML_TOK_INSTANCE_START 29
+#  define XML_TOK_PROLOG_S 15
+#  define XML_TOK_DECL_OPEN 16  /* <!foo */
+#  define XML_TOK_DECL_CLOSE 17 /* > */
+#  define XML_TOK_NAME 18
+#  define XML_TOK_NMTOKEN 19
+#  define XML_TOK_POUND_NAME 20 /* #name */
+#  define XML_TOK_OR 21         /* | */
+#  define XML_TOK_PERCENT 22
+#  define XML_TOK_OPEN_PAREN 23
+#  define XML_TOK_CLOSE_PAREN 24
+#  define XML_TOK_OPEN_BRACKET 25
+#  define XML_TOK_CLOSE_BRACKET 26
+#  define XML_TOK_LITERAL 27
+#  define XML_TOK_PARAM_ENTITY_REF 28
+#  define XML_TOK_INSTANCE_START 29
 
 /* The following occur only in element type declarations */
-#define XML_TOK_NAME_QUESTION 30        /* name? */
-#define XML_TOK_NAME_ASTERISK 31        /* name* */
-#define XML_TOK_NAME_PLUS 32            /* name+ */
-#define XML_TOK_COND_SECT_OPEN 33       /* <![ */
-#define XML_TOK_COND_SECT_CLOSE 34      /* ]]> */
-#define XML_TOK_CLOSE_PAREN_QUESTION 35 /* )? */
-#define XML_TOK_CLOSE_PAREN_ASTERISK 36 /* )* */
-#define XML_TOK_CLOSE_PAREN_PLUS 37     /* )+ */
-#define XML_TOK_COMMA 38
+#  define XML_TOK_NAME_QUESTION 30        /* name? */
+#  define XML_TOK_NAME_ASTERISK 31        /* name* */
+#  define XML_TOK_NAME_PLUS 32            /* name+ */
+#  define XML_TOK_COND_SECT_OPEN 33       /* <![ */
+#  define XML_TOK_COND_SECT_CLOSE 34      /* ]]> */
+#  define XML_TOK_CLOSE_PAREN_QUESTION 35 /* )? */
+#  define XML_TOK_CLOSE_PAREN_ASTERISK 36 /* )* */
+#  define XML_TOK_CLOSE_PAREN_PLUS 37     /* )+ */
+#  define XML_TOK_COMMA 38
 
 /* The following token is returned only by XmlAttributeValueTok */
-#define XML_TOK_ATTRIBUTE_VALUE_S 39
+#  define XML_TOK_ATTRIBUTE_VALUE_S 39
 
 /* The following token is returned only by XmlCdataSectionTok */
-#define XML_TOK_CDATA_SECT_CLOSE 40
+#  define XML_TOK_CDATA_SECT_CLOSE 40
 
 /* With namespace processing this is returned by XmlPrologTok for a
    name with a colon.
 */
-#define XML_TOK_PREFIXED_NAME 41
+#  define XML_TOK_PREFIXED_NAME 41
 
-#ifdef XML_DTD
-#  define XML_TOK_IGNORE_SECT 42
-#endif /* XML_DTD */
+#  ifdef XML_DTD
+#    define XML_TOK_IGNORE_SECT 42
+#  endif /* XML_DTD */
 
-#ifdef XML_DTD
-#  define XML_N_STATES 4
-#else /* not XML_DTD */
-#  define XML_N_STATES 3
-#endif /* not XML_DTD */
+#  ifdef XML_DTD
+#    define XML_N_STATES 4
+#  else /* not XML_DTD */
+#    define XML_N_STATES 3
+#  endif /* not XML_DTD */
 
-#define XML_PROLOG_STATE 0
-#define XML_CONTENT_STATE 1
-#define XML_CDATA_SECTION_STATE 2
-#ifdef XML_DTD
-#  define XML_IGNORE_SECTION_STATE 3
-#endif /* XML_DTD */
+#  define XML_PROLOG_STATE 0
+#  define XML_CONTENT_STATE 1
+#  define XML_CDATA_SECTION_STATE 2
+#  ifdef XML_DTD
+#    define XML_IGNORE_SECTION_STATE 3
+#  endif /* XML_DTD */
 
-#define XML_N_LITERAL_TYPES 2
-#define XML_ATTRIBUTE_VALUE_LITERAL 0
-#define XML_ENTITY_VALUE_LITERAL 1
+#  define XML_N_LITERAL_TYPES 2
+#  define XML_ATTRIBUTE_VALUE_LITERAL 0
+#  define XML_ENTITY_VALUE_LITERAL 1
 
 /* The size of the buffer passed to XmlUtf8Encode must be at least this. */
-#define XML_UTF8_ENCODE_MAX 4
+#  define XML_UTF8_ENCODE_MAX 4
 /* The size of the buffer passed to XmlUtf16Encode must be at least this. */
-#define XML_UTF16_ENCODE_MAX 2
+#  define XML_UTF16_ENCODE_MAX 2
 
 typedef struct position {
   /* first line and first column are 0 not 1 */
@@ -220,63 +220,63 @@ struct encoding {
    the prolog outside literals, comments and processing instructions.
 */
 
-#define XmlTok(enc, state, ptr, end, nextTokPtr)                               \
-  (((enc)->scanners[state])(enc, ptr, end, nextTokPtr))
+#  define XmlTok(enc, state, ptr, end, nextTokPtr)                             \
+    (((enc)->scanners[state])(enc, ptr, end, nextTokPtr))
 
-#define XmlPrologTok(enc, ptr, end, nextTokPtr)                                \
-  XmlTok(enc, XML_PROLOG_STATE, ptr, end, nextTokPtr)
+#  define XmlPrologTok(enc, ptr, end, nextTokPtr)                              \
+    XmlTok(enc, XML_PROLOG_STATE, ptr, end, nextTokPtr)
 
-#define XmlContentTok(enc, ptr, end, nextTokPtr)                               \
-  XmlTok(enc, XML_CONTENT_STATE, ptr, end, nextTokPtr)
+#  define XmlContentTok(enc, ptr, end, nextTokPtr)                             \
+    XmlTok(enc, XML_CONTENT_STATE, ptr, end, nextTokPtr)
 
-#define XmlCdataSectionTok(enc, ptr, end, nextTokPtr)                          \
-  XmlTok(enc, XML_CDATA_SECTION_STATE, ptr, end, nextTokPtr)
+#  define XmlCdataSectionTok(enc, ptr, end, nextTokPtr)                        \
+    XmlTok(enc, XML_CDATA_SECTION_STATE, ptr, end, nextTokPtr)
 
-#ifdef XML_DTD
+#  ifdef XML_DTD
 
-#  define XmlIgnoreSectionTok(enc, ptr, end, nextTokPtr)                       \
-    XmlTok(enc, XML_IGNORE_SECTION_STATE, ptr, end, nextTokPtr)
+#    define XmlIgnoreSectionTok(enc, ptr, end, nextTokPtr)                     \
+      XmlTok(enc, XML_IGNORE_SECTION_STATE, ptr, end, nextTokPtr)
 
-#endif /* XML_DTD */
+#  endif /* XML_DTD */
 
 /* This is used for performing a 2nd-level tokenization on the content
    of a literal that has already been returned by XmlTok.
 */
-#define XmlLiteralTok(enc, literalType, ptr, end, nextTokPtr)                  \
-  (((enc)->literalScanners[literalType])(enc, ptr, end, nextTokPtr))
+#  define XmlLiteralTok(enc, literalType, ptr, end, nextTokPtr)                \
+    (((enc)->literalScanners[literalType])(enc, ptr, end, nextTokPtr))
 
-#define XmlAttributeValueTok(enc, ptr, end, nextTokPtr)                        \
-  XmlLiteralTok(enc, XML_ATTRIBUTE_VALUE_LITERAL, ptr, end, nextTokPtr)
+#  define XmlAttributeValueTok(enc, ptr, end, nextTokPtr)                      \
+    XmlLiteralTok(enc, XML_ATTRIBUTE_VALUE_LITERAL, ptr, end, nextTokPtr)
 
-#define XmlEntityValueTok(enc, ptr, end, nextTokPtr)                           \
-  XmlLiteralTok(enc, XML_ENTITY_VALUE_LITERAL, ptr, end, nextTokPtr)
+#  define XmlEntityValueTok(enc, ptr, end, nextTokPtr)                         \
+    XmlLiteralTok(enc, XML_ENTITY_VALUE_LITERAL, ptr, end, nextTokPtr)
 
-#define XmlNameMatchesAscii(enc, ptr1, end1, ptr2)                             \
-  (((enc)->nameMatchesAscii)(enc, ptr1, end1, ptr2))
+#  define XmlNameMatchesAscii(enc, ptr1, end1, ptr2)                           \
+    (((enc)->nameMatchesAscii)(enc, ptr1, end1, ptr2))
 
-#define XmlNameLength(enc, ptr) (((enc)->nameLength)(enc, ptr))
+#  define XmlNameLength(enc, ptr) (((enc)->nameLength)(enc, ptr))
 
-#define XmlSkipS(enc, ptr) (((enc)->skipS)(enc, ptr))
+#  define XmlSkipS(enc, ptr) (((enc)->skipS)(enc, ptr))
 
-#define XmlGetAttributes(enc, ptr, attsMax, atts)                              \
-  (((enc)->getAtts)(enc, ptr, attsMax, atts))
+#  define XmlGetAttributes(enc, ptr, attsMax, atts)                            \
+    (((enc)->getAtts)(enc, ptr, attsMax, atts))
 
-#define XmlCharRefNumber(enc, ptr) (((enc)->charRefNumber)(enc, ptr))
+#  define XmlCharRefNumber(enc, ptr) (((enc)->charRefNumber)(enc, ptr))
 
-#define XmlPredefinedEntityName(enc, ptr, end)                                 \
-  (((enc)->predefinedEntityName)(enc, ptr, end))
+#  define XmlPredefinedEntityName(enc, ptr, end)                               \
+    (((enc)->predefinedEntityName)(enc, ptr, end))
 
-#define XmlUpdatePosition(enc, ptr, end, pos)                                  \
-  (((enc)->updatePosition)(enc, ptr, end, pos))
+#  define XmlUpdatePosition(enc, ptr, end, pos)                                \
+    (((enc)->updatePosition)(enc, ptr, end, pos))
 
-#define XmlIsPublicId(enc, ptr, end, badPtr)                                   \
-  (((enc)->isPublicId)(enc, ptr, end, badPtr))
+#  define XmlIsPublicId(enc, ptr, end, badPtr)                                 \
+    (((enc)->isPublicId)(enc, ptr, end, badPtr))
 
-#define XmlUtf8Convert(enc, fromP, fromLim, toP, toLim)                        \
-  (((enc)->utf8Convert)(enc, fromP, fromLim, toP, toLim))
+#  define XmlUtf8Convert(enc, fromP, fromLim, toP, toLim)                      \
+    (((enc)->utf8Convert)(enc, fromP, fromLim, toP, toLim))
 
-#define XmlUtf16Convert(enc, fromP, fromLim, toP, toLim)                       \
-  (((enc)->utf16Convert)(enc, fromP, fromLim, toP, toLim))
+#  define XmlUtf16Convert(enc, fromP, fromLim, toP, toLim)                     \
+    (((enc)->utf16Convert)(enc, fromP, fromLim, toP, toLim))
 
 typedef struct {
   ENCODING initEnc;
@@ -299,7 +299,7 @@ int XmlSizeOfUnknownEncoding(void);
 
 typedef int(XMLCALL *CONVERTER)(void *userData, const char *p);
 
-ENCODING *XmlInitUnknownEncoding(void *mem, int *table, CONVERTER convert,
+ENCODING *XmlInitUnknownEncoding(void *mem, const int *table, CONVERTER convert,
                                  void *userData);
 
 int XmlParseXmlDeclNS(int isGeneralTextEntity, const ENCODING *enc,
@@ -312,10 +312,10 @@ int XmlInitEncodingNS(INIT_ENCODING *p, const ENCODING **encPtr,
                       const char *name);
 const ENCODING *XmlGetUtf8InternalEncodingNS(void);
 const ENCODING *XmlGetUtf16InternalEncodingNS(void);
-ENCODING *XmlInitUnknownEncodingNS(void *mem, int *table, CONVERTER convert,
-                                   void *userData);
-#ifdef __cplusplus
+ENCODING *XmlInitUnknownEncodingNS(void *mem, const int *table,
+                                   CONVERTER convert, void *userData);
+#  ifdef __cplusplus
 }
-#endif
+#  endif
 
 #endif /* not XmlTok_INCLUDED */
diff --git a/contrib/expat/tests/Makefile.in b/contrib/expat/tests/Makefile.in
index eb00a068cbd2..830560e2daba 100644
--- a/contrib/expat/tests/Makefile.in
+++ b/contrib/expat/tests/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.5 from Makefile.am.
+# Makefile.in generated by automake 1.18.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2021 Free Software Foundation, Inc.
+# Copyright (C) 1994-2025 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -102,6 +102,8 @@ am__make_running_with_option = \
   test $$has_opt = yes
 am__make_dryrun = (target_option=n; $(am__make_running_with_option))
 am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+am__rm_f = rm -f $(am__rm_f_notfound)
+am__rm_rf = rm -rf $(am__rm_f_notfound)
 pkgdatadir = $(datadir)/@PACKAGE@
 pkgincludedir = $(includedir)/@PACKAGE@
 pkglibdir = $(libdir)/@PACKAGE@
@@ -324,10 +326,9 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__uninstall_files_from_dir = { \
-  test -z "$$files" \
-    || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
-    || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
-         $(am__cd) "$$dir" && rm -f $$files; }; \
+  { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+  || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+       $(am__cd) "$$dir" && echo $$files | $(am__xargs_n) 40 $(am__rm_f); }; \
   }
 am__recheck_rx = ^[ 	]*:recheck:[ 	]*
 am__global_test_result_rx = ^[ 	]*:global-test-result:[ 	]*
@@ -415,12 +416,13 @@ am__sh_e_setup = case $$- in *e*) set +e;; esac
 # Default flags passed to test drivers.
 am__common_driver_flags = \
   --color-tests "$$am__color_tests" \
+  $$am__collect_skipped_logs \
   --enable-hard-errors "$$am__enable_hard_errors" \
   --expect-failure "$$am__expect_failure"
 # To be inserted before the command running the test.  Creates the
 # directory for the log if needed.  Stores in $dir the directory
 # containing $f, in $tst the test, in $log the log.  Executes the
-# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and
+# developer-defined test setup AM_TESTS_ENVIRONMENT (if any), and
 # passes TESTS_ENVIRONMENT.  Set up options for the wrapper that
 # will run the test scripts (or their associated LOG_COMPILER, if
 # thy have one).
@@ -439,6 +441,11 @@ if test -f "./$$f"; then dir=./;			\
 elif test -f "$$f"; then dir=;				\
 else dir="$(srcdir)/"; fi;				\
 tst=$$dir$$f; log='$@'; 				\
+if test -n '$(IGNORE_SKIPPED_LOGS)'; then		\
+  am__collect_skipped_logs='--collect-skipped-logs no';	\
+else							\
+  am__collect_skipped_logs='';				\
+fi;							\
 if test -n '$(DISABLE_HARD_ERRORS)'; then		\
   am__enable_hard_errors=no; 				\
 else							\
@@ -620,8 +627,10 @@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
 am__include = @am__include@
 am__leading_dot = @am__leading_dot@
 am__quote = @am__quote@
+am__rm_f_notfound = @am__rm_f_notfound@
 am__tar = @am__tar@
 am__untar = @am__untar@
+am__xargs_n = @am__xargs_n@
 bindir = @bindir@
 build = @build@
 build_alias = @build_alias@
@@ -757,13 +766,8 @@ $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
 $(am__aclocal_m4_deps):
 
 clean-checkPROGRAMS:
-	@list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \
-	echo " rm -f" $$list; \
-	rm -f $$list || exit $$?; \
-	test -n "$(EXEEXT)" || exit 0; \
-	list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
-	echo " rm -f" $$list; \
-	rm -f $$list
+	$(am__rm_f) $(check_PROGRAMS)
+	test -z "$(EXEEXT)" || $(am__rm_f) $(check_PROGRAMS:$(EXEEXT)=)
 
 runtests$(EXEEXT): $(runtests_OBJECTS) $(runtests_DEPENDENCIES) $(EXTRA_runtests_DEPENDENCIES) 
 	@rm -f runtests$(EXEEXT)
@@ -810,7 +814,7 @@ distclean-compile:
 
 $(am__depfiles_remade):
 	@$(MKDIR_P) $(@D)
-	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+	@: >>$@
 
 am--depfiles: $(am__depfiles_remade)
 
@@ -974,7 +978,6 @@ distclean-tags:
 am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck)
 am--force-recheck:
 	@:
-
 $(TEST_SUITE_LOG): $(TEST_LOGS)
 	@$(am__set_TESTS_bases); \
 	am__f_ok () { test -f "$$1" && test -r "$$1"; }; \
@@ -1050,10 +1053,37 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	  result_count $$1 "XPASS:" $$xpass "$$red"; \
 	  result_count $$1 "ERROR:" $$error "$$mgn"; \
 	}; \
+	output_system_information () \
+	{ \
+          echo;                                     \
+	  { uname -a | $(AWK) '{                    \
+  printf "System information (uname -a):";          \
+  for (i = 1; i < NF; ++i)                          \
+    {                                               \
+      if (i != 2)                                   \
+        printf " %s", $$i;                          \
+    }                                               \
+  printf "\n";                                      \
+}'; } 2>&1;                                         \
+	  if test -r /etc/os-release; then          \
+	    echo "Distribution information (/etc/os-release):"; \
+	    sed 8q /etc/os-release;                 \
+	  elif test -r /etc/issue; then             \
+	    echo "Distribution information (/etc/issue):";      \
+	    cat /etc/issue;                         \
+	  fi;                                       \
+	}; \
+	please_report () \
+	{ \
+echo "Some test(s) failed.  Please report this to $(PACKAGE_BUGREPORT),";    \
+echo "together with the test-suite.log file (gzipped) and your system";      \
+echo "information.  Thanks.";                                                \
+	}; \
 	{								\
 	  echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" |	\
 	    $(am__rst_title);						\
 	  create_testsuite_report --no-color;				\
+	  output_system_information;                                    \
 	  echo;								\
 	  echo ".. contents:: :depth: 2";				\
 	  echo;								\
@@ -1073,26 +1103,25 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	create_testsuite_report --maybe-color;				\
 	echo "$$col$$br$$std";						\
 	if $$success; then :; else					\
-	  echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}";		\
+	  echo "$${col}See $(subdir)/$(TEST_SUITE_LOG) for debugging.$${std}";\
 	  if test -n "$(PACKAGE_BUGREPORT)"; then			\
-	    echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}";	\
+	    please_report | sed -e "s/^/$${col}/" -e s/'$$'/"$${std}"/; \
 	  fi;								\
 	  echo "$$col$$br$$std";					\
 	fi;								\
 	$$success || exit 1
 
 check-TESTS: $(check_PROGRAMS)
-	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
-	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
-	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
+	@$(am__rm_f) $(RECHECK_LOGS)
+	@$(am__rm_f) $(RECHECK_LOGS:.log=.trs)
+	@$(am__rm_f) $(TEST_SUITE_LOG)
 	@set +e; $(am__set_TESTS_bases); \
 	log_list=`for i in $$bases; do echo $$i.log; done`; \
-	trs_list=`for i in $$bases; do echo $$i.trs; done`; \
-	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
+	log_list=`echo $$log_list`; \
 	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
 	exit $$?;
 recheck: all $(check_PROGRAMS)
-	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
+	@$(am__rm_f) $(TEST_SUITE_LOG)
 	@set +e; $(am__set_TESTS_bases); \
 	bases=`for i in $$bases; do echo $$i; done \
 	         | $(am__list_recheck_tests)` || exit 1; \
@@ -1130,6 +1159,7 @@ runtests_cxx.log: runtests_cxx$(EXEEXT)
 @am__EXEEXT_TRUE@	--log-file $$b.log --trs-file $$b.trs \
 @am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
 @am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
+
 distdir: $(BUILT_SOURCES)
 	$(MAKE) $(AM_MAKEFLAGS) distdir-am
 
@@ -1215,15 +1245,15 @@ install-strip:
 	    "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
 	fi
 mostlyclean-generic:
-	-test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS)
-	-test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs)
-	-test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
+	-$(am__rm_f) $(TEST_LOGS)
+	-$(am__rm_f) $(TEST_LOGS:.log=.trs)
+	-$(am__rm_f) $(TEST_SUITE_LOG)
 
 clean-generic:
 
 distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+	-$(am__rm_f) $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || $(am__rm_f) $(CONFIG_CLEAN_VPATH_FILES)
 
 maintainer-clean-generic:
 	@echo "This command is intended for maintainers to use"
@@ -1234,7 +1264,7 @@ clean-am: clean-checkPROGRAMS clean-generic clean-libtool \
 	mostlyclean-am
 
 distclean: distclean-recursive
-		-rm -f ./$(DEPDIR)/acc_tests.Po
+	-rm -f ./$(DEPDIR)/acc_tests.Po
 	-rm -f ./$(DEPDIR)/acc_tests_cxx.Po
 	-rm -f ./$(DEPDIR)/alloc_tests.Po
 	-rm -f ./$(DEPDIR)/alloc_tests_cxx.Po
@@ -1307,7 +1337,7 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-recursive
-		-rm -f ./$(DEPDIR)/acc_tests.Po
+	-rm -f ./$(DEPDIR)/acc_tests.Po
 	-rm -f ./$(DEPDIR)/acc_tests_cxx.Po
 	-rm -f ./$(DEPDIR)/alloc_tests.Po
 	-rm -f ./$(DEPDIR)/alloc_tests_cxx.Po
@@ -1376,3 +1406,10 @@ uninstall-am:
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
 .NOEXPORT:
+
+# Tell GNU make to disable its built-in pattern rules.
+%:: %,v
+%:: RCS/%,v
+%:: RCS/%
+%:: s.%
+%:: SCCS/s.%
diff --git a/contrib/expat/tests/alloc_tests.c b/contrib/expat/tests/alloc_tests.c
index 12ea3b2a81d2..5ae6c6a72025 100644
--- a/contrib/expat/tests/alloc_tests.c
+++ b/contrib/expat/tests/alloc_tests.c
@@ -10,7 +10,7 @@
    Copyright (c) 2003      Greg Stein <gstein@users.sourceforge.net>
    Copyright (c) 2005-2007 Steven Solie <steven@solie.ca>
    Copyright (c) 2005-2012 Karl Waclawek <karl@waclawek.net>
-   Copyright (c) 2016-2023 Sebastian Pipping <sebastian@pipping.org>
+   Copyright (c) 2016-2025 Sebastian Pipping <sebastian@pipping.org>
    Copyright (c) 2017-2022 Rhodri James <rhodri@wildebeest.org.uk>
    Copyright (c) 2017      Joe Orton <jorton@redhat.com>
    Copyright (c) 2017      José Gutiérrez de la Concha <jose@zeroc.com>
@@ -46,10 +46,16 @@
 #  undef NDEBUG /* because test suite relies on assert(...) at the moment */
 #endif
 
+#include <math.h> /* NAN, INFINITY */
+#include <stdbool.h>
+#include <stdint.h> /* for SIZE_MAX */
 #include <string.h>
 #include <assert.h>
 
+#include "expat_config.h"
+
 #include "expat.h"
+#include "internal.h"
 #include "common.h"
 #include "minicheck.h"
 #include "dummy.h"
@@ -323,7 +329,7 @@ START_TEST(test_alloc_run_external_parser) {
     XML_SetParamEntityParsing(g_parser, XML_PARAM_ENTITY_PARSING_ALWAYS);
     XML_SetUserData(g_parser, foo_text);
     XML_SetExternalEntityRefHandler(g_parser, external_entity_null_loader);
-    g_allocation_count = i;
+    g_allocation_count = (int)i;
     if (_XML_Parse_SINGLE_BYTES(g_parser, text, (int)strlen(text), XML_TRUE)
         != XML_STATUS_ERROR)
       break;
@@ -434,7 +440,7 @@ START_TEST(test_alloc_internal_entity) {
   const unsigned int max_alloc_count = 20;
 
   for (i = 0; i < max_alloc_count; i++) {
-    g_allocation_count = i;
+    g_allocation_count = (int)i;
     XML_SetUnknownEncodingHandler(g_parser, unknown_released_encoding_handler,
                                   NULL);
     if (_XML_Parse_SINGLE_BYTES(g_parser, text, (int)strlen(text), XML_TRUE)
@@ -2085,6 +2091,226 @@ START_TEST(test_alloc_reset_after_external_entity_parser_create_fail) {
 }
 END_TEST
 
+#if XML_GE == 1
+static size_t
+sizeRecordedFor(void *ptr) {
+  return *(size_t *)((char *)ptr - EXPAT_MALLOC_PADDING - sizeof(size_t));
+}
+#endif // XML_GE == 1
+
+START_TEST(test_alloc_tracker_size_recorded) {
+  XML_Memory_Handling_Suite memsuite = {malloc, realloc, free};
+
+  bool values[] = {true, false};
+  for (size_t i = 0; i < sizeof(values) / sizeof(values[0]); i++) {
+    const bool useMemSuite = values[i];
+    set_subtest("useMemSuite=%d", (int)useMemSuite);
+    XML_Parser parser = useMemSuite
+                            ? XML_ParserCreate_MM(NULL, &memsuite, XCS("|"))
+                            : XML_ParserCreate(NULL);
+
+#if XML_GE == 1
+    void *ptr = expat_malloc(parser, 10, -1);
+
+    assert_true(ptr != NULL);
+    assert_true(sizeRecordedFor(ptr) == 10);
+
+    assert_true(expat_realloc(parser, ptr, SIZE_MAX / 2, -1) == NULL);
+
+    assert_true(sizeRecordedFor(ptr) == 10); // i.e. unchanged
+
+    ptr = expat_realloc(parser, ptr, 20, -1);
+
+    assert_true(ptr != NULL);
+    assert_true(sizeRecordedFor(ptr) == 20);
+
+    expat_free(parser, ptr, -1);
+#endif
+
+    XML_ParserFree(parser);
+  }
+}
+END_TEST
+
+START_TEST(test_alloc_tracker_pointer_alignment) {
+  XML_Parser parser = XML_ParserCreate(NULL);
+#if XML_GE == 1
+  assert_true(sizeof(long long) >= sizeof(size_t)); // self-test
+  long long *const ptr
+      = (long long *)expat_malloc(parser, 4 * sizeof(long long), -1);
+  ptr[0] = 0LL;
+  ptr[1] = 1LL;
+  ptr[2] = 2LL;
+  ptr[3] = 3LL;
+  expat_free(parser, ptr, -1);
+#endif
+  XML_ParserFree(parser);
+}
+END_TEST
+
+START_TEST(test_alloc_tracker_maximum_amplification) {
+  if (g_reparseDeferralEnabledDefault == XML_TRUE) {
+    return;
+  }
+
+  XML_Parser parser = XML_ParserCreate(NULL);
+
+  // Get .m_accounting.countBytesDirect from 0 to 3
+  const char *const chunk = "<e>";
+  assert_true(_XML_Parse_SINGLE_BYTES(parser, chunk, (int)strlen(chunk),
+                                      /*isFinal=*/XML_FALSE)
+              == XML_STATUS_OK);
+
+#if XML_GE == 1
+  // Stop activation threshold from interfering
+  assert_true(XML_SetAllocTrackerActivationThreshold(parser, 0) == XML_TRUE);
+
+  // Exceed maximum amplification: should be rejected.
+  assert_true(expat_malloc(parser, 1000, -1) == NULL);
+
+  // Increase maximum amplification, and try the same amount once more: should
+  // work.
+  assert_true(XML_SetAllocTrackerMaximumAmplification(parser, 3000.0f)
+              == XML_TRUE);
+
+  void *const ptr = expat_malloc(parser, 1000, -1);
+  assert_true(ptr != NULL);
+  expat_free(parser, ptr, -1);
+#endif
+
+  XML_ParserFree(parser);
+}
+END_TEST
+
+START_TEST(test_alloc_tracker_threshold) {
+  XML_Parser parser = XML_ParserCreate(NULL);
+
+#if XML_GE == 1
+  // Exceed maximum amplification *before* (default) threshold: should work.
+  void *const ptr = expat_malloc(parser, 1000, -1);
+  assert_true(ptr != NULL);
+  expat_free(parser, ptr, -1);
+
+  // Exceed maximum amplification *after* threshold: should be rejected.
+  assert_true(XML_SetAllocTrackerActivationThreshold(parser, 999) == XML_TRUE);
+  assert_true(expat_malloc(parser, 1000, -1) == NULL);
+#endif
+
+  XML_ParserFree(parser);
+}
+END_TEST
+
+START_TEST(test_alloc_tracker_getbuffer_unlimited) {
+  XML_Parser parser = XML_ParserCreate(NULL);
+
+#if XML_GE == 1
+  // Artificially lower threshold
+  assert_true(XML_SetAllocTrackerActivationThreshold(parser, 0) == XML_TRUE);
+
+  // Self-test: Prove that threshold is as rejecting as expected
+  assert_true(expat_malloc(parser, 1000, -1) == NULL);
+#endif
+  // XML_GetBuffer should be allowed to pass, though
+  assert_true(XML_GetBuffer(parser, 1000) != NULL);
+
+  XML_ParserFree(parser);
+}
+END_TEST
+
+START_TEST(test_alloc_tracker_api) {
+  XML_Parser parserWithoutParent = XML_ParserCreate(NULL);
+  XML_Parser parserWithParent = XML_ExternalEntityParserCreate(
+      parserWithoutParent, XCS("entity123"), NULL);
+  if (parserWithoutParent == NULL)
+    fail("parserWithoutParent is NULL");
+  if (parserWithParent == NULL)
+    fail("parserWithParent is NULL");
+
+#if XML_GE == 1
+  // XML_SetAllocTrackerMaximumAmplification, error cases
+  if (XML_SetAllocTrackerMaximumAmplification(NULL, 123.0f) == XML_TRUE)
+    fail("Call with NULL parser is NOT supposed to succeed");
+  if (XML_SetAllocTrackerMaximumAmplification(parserWithParent, 123.0f)
+      == XML_TRUE)
+    fail("Call with non-root parser is NOT supposed to succeed");
+  if (XML_SetAllocTrackerMaximumAmplification(parserWithoutParent, NAN)
+      == XML_TRUE)
+    fail("Call with NaN limit is NOT supposed to succeed");
+  if (XML_SetAllocTrackerMaximumAmplification(parserWithoutParent, -1.0f)
+      == XML_TRUE)
+    fail("Call with negative limit is NOT supposed to succeed");
+  if (XML_SetAllocTrackerMaximumAmplification(parserWithoutParent, 0.9f)
+      == XML_TRUE)
+    fail("Call with positive limit <1.0 is NOT supposed to succeed");
+
+  // XML_SetAllocTrackerMaximumAmplification, success cases
+  if (XML_SetAllocTrackerMaximumAmplification(parserWithoutParent, 1.0f)
+      == XML_FALSE)
+    fail("Call with positive limit >=1.0 is supposed to succeed");
+  if (XML_SetAllocTrackerMaximumAmplification(parserWithoutParent, 123456.789f)
+      == XML_FALSE)
+    fail("Call with positive limit >=1.0 is supposed to succeed");
+  if (XML_SetAllocTrackerMaximumAmplification(parserWithoutParent, INFINITY)
+      == XML_FALSE)
+    fail("Call with positive limit >=1.0 is supposed to succeed");
+
+  // XML_SetAllocTrackerActivationThreshold, error cases
+  if (XML_SetAllocTrackerActivationThreshold(NULL, 123) == XML_TRUE)
+    fail("Call with NULL parser is NOT supposed to succeed");
+  if (XML_SetAllocTrackerActivationThreshold(parserWithParent, 123) == XML_TRUE)
+    fail("Call with non-root parser is NOT supposed to succeed");
+
+  // XML_SetAllocTrackerActivationThreshold, success cases
+  if (XML_SetAllocTrackerActivationThreshold(parserWithoutParent, 123)
+      == XML_FALSE)
+    fail("Call with non-NULL parentless parser is supposed to succeed");
+#endif // XML_GE == 1
+
+  XML_ParserFree(parserWithParent);
+  XML_ParserFree(parserWithoutParent);
+}
+END_TEST
+
+START_TEST(test_mem_api_cycle) {
+  XML_Parser parser = XML_ParserCreate(NULL);
+
+  void *ptr = XML_MemMalloc(parser, 10);
+
+  assert_true(ptr != NULL);
+  memset(ptr, 'x', 10); // assert writability, with ASan in mind
+
+  ptr = XML_MemRealloc(parser, ptr, 20);
+
+  assert_true(ptr != NULL);
+  memset(ptr, 'y', 20); // assert writability, with ASan in mind
+
+  XML_MemFree(parser, ptr);
+
+  XML_ParserFree(parser);
+}
+END_TEST
+
+START_TEST(test_mem_api_unlimited) {
+  XML_Parser parser = XML_ParserCreate(NULL);
+
+#if XML_GE == 1
+  assert_true(XML_SetAllocTrackerActivationThreshold(parser, 0) == XML_TRUE);
+#endif
+
+  void *ptr = XML_MemMalloc(parser, 1000);
+
+  assert_true(ptr != NULL);
+
+  ptr = XML_MemRealloc(parser, ptr, 2000);
+
+  assert_true(ptr != NULL);
+
+  XML_MemFree(parser, ptr);
+
+  XML_ParserFree(parser);
+}
+END_TEST
+
 void
 make_alloc_test_case(Suite *s) {
   TCase *tc_alloc = tcase_create("allocation tests");
@@ -2151,4 +2377,14 @@ make_alloc_test_case(Suite *s) {
 
   tcase_add_test__ifdef_xml_dtd(
       tc_alloc, test_alloc_reset_after_external_entity_parser_create_fail);
+
+  tcase_add_test__if_xml_ge(tc_alloc, test_alloc_tracker_size_recorded);
+  tcase_add_test__if_xml_ge(tc_alloc, test_alloc_tracker_pointer_alignment);
+  tcase_add_test__if_xml_ge(tc_alloc, test_alloc_tracker_maximum_amplification);
+  tcase_add_test__if_xml_ge(tc_alloc, test_alloc_tracker_threshold);
+  tcase_add_test__if_xml_ge(tc_alloc, test_alloc_tracker_getbuffer_unlimited);
+  tcase_add_test__if_xml_ge(tc_alloc, test_alloc_tracker_api);
+
+  tcase_add_test(tc_alloc, test_mem_api_cycle);
+  tcase_add_test__if_xml_ge(tc_alloc, test_mem_api_unlimited);
 }
diff --git a/contrib/expat/tests/basic_tests.c b/contrib/expat/tests/basic_tests.c
index e813df8b6fd2..0231e0949ee9 100644
--- a/contrib/expat/tests/basic_tests.c
+++ b/contrib/expat/tests/basic_tests.c
@@ -412,13 +412,13 @@ START_TEST(test_utf16_le_epilog_newline) {
 
   if (first_chunk_bytes >= sizeof(text) - 1)
     fail("bad value of first_chunk_bytes");
-  if (_XML_Parse_SINGLE_BYTES(g_parser, text, first_chunk_bytes, XML_FALSE)
+  if (_XML_Parse_SINGLE_BYTES(g_parser, text, (int)first_chunk_bytes, XML_FALSE)
       == XML_STATUS_ERROR)
     xml_failure(g_parser);
   else {
     enum XML_Status rc;
     rc = _XML_Parse_SINGLE_BYTES(g_parser, text + first_chunk_bytes,
-                                 sizeof(text) - first_chunk_bytes - 1,
+                                 (int)(sizeof(text) - first_chunk_bytes - 1),
                                  XML_TRUE);
     if (rc == XML_STATUS_ERROR)
       xml_failure(g_parser);
@@ -3123,6 +3123,10 @@ START_TEST(test_buffer_can_grow_to_max) {
   for (int i = 0; i < num_prefixes; ++i) {
     set_subtest("\"%s\"", prefixes[i]);
     XML_Parser parser = XML_ParserCreate(NULL);
+#if XML_GE == 1
+    assert_true(XML_SetAllocTrackerActivationThreshold(parser, (size_t)-1)
+                == XML_TRUE); // i.e. deactivate
+#endif
     const int prefix_len = (int)strlen(prefixes[i]);
     const enum XML_Status s
         = _XML_Parse_SINGLE_BYTES(parser, prefixes[i], prefix_len, XML_FALSE);
diff --git a/contrib/expat/tests/benchmark/Makefile.in b/contrib/expat/tests/benchmark/Makefile.in
index d0e6d0769db0..e72e901a39af 100644
--- a/contrib/expat/tests/benchmark/Makefile.in
+++ b/contrib/expat/tests/benchmark/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.5 from Makefile.am.
+# Makefile.in generated by automake 1.18.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2021 Free Software Foundation, Inc.
+# Copyright (C) 1994-2025 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -101,6 +101,8 @@ am__make_running_with_option = \
   test $$has_opt = yes
 am__make_dryrun = (target_option=n; $(am__make_running_with_option))
 am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+am__rm_f = rm -f $(am__rm_f_notfound)
+am__rm_rf = rm -rf $(am__rm_f_notfound)
 pkgdatadir = $(datadir)/@PACKAGE@
 pkgincludedir = $(includedir)/@PACKAGE@
 pkglibdir = $(libdir)/@PACKAGE@
@@ -320,8 +322,10 @@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
 am__include = @am__include@
 am__leading_dot = @am__leading_dot@
 am__quote = @am__quote@
+am__rm_f_notfound = @am__rm_f_notfound@
 am__tar = @am__tar@
 am__untar = @am__untar@
+am__xargs_n = @am__xargs_n@
 bindir = @bindir@
 build = @build@
 build_alias = @build_alias@
@@ -403,13 +407,8 @@ $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
 $(am__aclocal_m4_deps):
 
 clean-noinstPROGRAMS:
-	@list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \
-	echo " rm -f" $$list; \
-	rm -f $$list || exit $$?; \
-	test -n "$(EXEEXT)" || exit 0; \
-	list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
-	echo " rm -f" $$list; \
-	rm -f $$list
+	$(am__rm_f) $(noinst_PROGRAMS)
+	test -z "$(EXEEXT)" || $(am__rm_f) $(noinst_PROGRAMS:$(EXEEXT)=)
 
 benchmark$(EXEEXT): $(benchmark_OBJECTS) $(benchmark_DEPENDENCIES) $(EXTRA_benchmark_DEPENDENCIES) 
 	@rm -f benchmark$(EXEEXT)
@@ -425,7 +424,7 @@ distclean-compile:
 
 $(am__depfiles_remade):
 	@$(MKDIR_P) $(@D)
-	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+	@: >>$@
 
 am--depfiles: $(am__depfiles_remade)
 
@@ -507,6 +506,7 @@ cscopelist-am: $(am__tagged_files)
 
 distclean-tags:
 	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
 distdir: $(BUILT_SOURCES)
 	$(MAKE) $(AM_MAKEFLAGS) distdir-am
 
@@ -568,8 +568,8 @@ mostlyclean-generic:
 clean-generic:
 
 distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+	-$(am__rm_f) $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || $(am__rm_f) $(CONFIG_CLEAN_VPATH_FILES)
 
 maintainer-clean-generic:
 	@echo "This command is intended for maintainers to use"
@@ -580,7 +580,7 @@ clean-am: clean-generic clean-libtool clean-noinstPROGRAMS \
 	mostlyclean-am
 
 distclean: distclean-am
-		-rm -f ./$(DEPDIR)/benchmark.Po
+	-rm -f ./$(DEPDIR)/benchmark.Po
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -626,7 +626,7 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-		-rm -f ./$(DEPDIR)/benchmark.Po
+	-rm -f ./$(DEPDIR)/benchmark.Po
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
@@ -667,3 +667,10 @@ uninstall-am:
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
 .NOEXPORT:
+
+# Tell GNU make to disable its built-in pattern rules.
+%:: %,v
+%:: RCS/%,v
+%:: RCS/%
+%:: s.%
+%:: SCCS/s.%
diff --git a/contrib/expat/tests/common.c b/contrib/expat/tests/common.c
index b158385f56a8..b2537d0deee1 100644
--- a/contrib/expat/tests/common.c
+++ b/contrib/expat/tests/common.c
@@ -303,7 +303,14 @@ duff_reallocator(void *ptr, size_t size) {
   return realloc(ptr, size);
 }
 
-// Portable remake of strndup(3) for C99; does not care about space efficiency
+// Portable remake of strnlen(3) for C99
+static size_t
+portable_strnlen(const char *s, size_t maxlen) {
+  const char *const end = (const char *)memchr(s, '\0', maxlen);
+  return (end == NULL) ? maxlen : (size_t)(end - s);
+}
+
+// Portable remake of strndup(3) for C99
 char *
 portable_strndup(const char *s, size_t n) {
   if ((s == NULL) || (n == SIZE_MAX)) {
@@ -311,6 +318,8 @@ portable_strndup(const char *s, size_t n) {
     return NULL;
   }
 
+  n = portable_strnlen(s, n);
+
   char *const buffer = (char *)malloc(n + 1);
   if (buffer == NULL) {
     errno = ENOMEM;
diff --git a/contrib/expat/tests/handlers.c b/contrib/expat/tests/handlers.c
index ac459507580b..5bca2b1f551e 100644
--- a/contrib/expat/tests/handlers.c
+++ b/contrib/expat/tests/handlers.c
@@ -10,7 +10,7 @@
    Copyright (c) 2003      Greg Stein <gstein@users.sourceforge.net>
    Copyright (c) 2005-2007 Steven Solie <steven@solie.ca>
    Copyright (c) 2005-2012 Karl Waclawek <karl@waclawek.net>
-   Copyright (c) 2016-2024 Sebastian Pipping <sebastian@pipping.org>
+   Copyright (c) 2016-2025 Sebastian Pipping <sebastian@pipping.org>
    Copyright (c) 2017-2022 Rhodri James <rhodri@wildebeest.org.uk>
    Copyright (c) 2017      Joe Orton <jorton@redhat.com>
    Copyright (c) 2017      José Gutiérrez de la Concha <jose@zeroc.com>
@@ -89,15 +89,15 @@ start_element_event_handler2(void *userData, const XML_Char *name,
                              const XML_Char **attr) {
   StructData *storage = (StructData *)userData;
   UNUSED_P(attr);
-  StructData_AddItem(storage, name, XML_GetCurrentColumnNumber(g_parser),
-                     XML_GetCurrentLineNumber(g_parser), STRUCT_START_TAG);
+  StructData_AddItem(storage, name, (int)XML_GetCurrentColumnNumber(g_parser),
+                     (int)XML_GetCurrentLineNumber(g_parser), STRUCT_START_TAG);
 }
 
 void XMLCALL
 end_element_event_handler2(void *userData, const XML_Char *name) {
   StructData *storage = (StructData *)userData;
-  StructData_AddItem(storage, name, XML_GetCurrentColumnNumber(g_parser),
-                     XML_GetCurrentLineNumber(g_parser), STRUCT_END_TAG);
+  StructData_AddItem(storage, name, (int)XML_GetCurrentColumnNumber(g_parser),
+                     (int)XML_GetCurrentLineNumber(g_parser), STRUCT_END_TAG);
 }
 
 void XMLCALL
@@ -132,7 +132,7 @@ counting_start_element_handler(void *userData, const XML_Char *name,
     fail("ID not present");
     return;
   }
-  if (id != -1 && xcstrcmp(atts[id], info->id_name)) {
+  if (id != -1 && xcstrcmp(atts[id], info->id_name) != 0) {
     fail("ID does not have the correct name");
     return;
   }
@@ -147,7 +147,7 @@ counting_start_element_handler(void *userData, const XML_Char *name,
       fail("Attribute not recognised");
       return;
     }
-    if (xcstrcmp(atts[1], attr->value)) {
+    if (xcstrcmp(atts[1], attr->value) != 0) {
       fail("Attribute has wrong value");
       return;
     }
@@ -1110,7 +1110,7 @@ external_entity_devaluer(XML_Parser parser, const XML_Char *context,
   UNUSED_P(publicId);
   if (systemId == NULL || ! xcstrcmp(systemId, XCS("bar")))
     return XML_STATUS_OK;
-  if (xcstrcmp(systemId, XCS("foo")))
+  if (xcstrcmp(systemId, XCS("foo")) != 0)
     fail("Unexpected system ID");
   ext_parser = XML_ExternalEntityParserCreate(parser, context, NULL);
   if (ext_parser == NULL)
@@ -1276,7 +1276,7 @@ external_entity_duff_loader(XML_Parser parser, const XML_Char *context,
   UNUSED_P(publicId);
   /* Try a few different allocation levels */
   for (i = 0; i < max_alloc_count; i++) {
-    g_allocation_count = i;
+    g_allocation_count = (int)i;
     new_parser = XML_ExternalEntityParserCreate(parser, context, NULL);
     if (new_parser != NULL) {
       XML_ParserFree(new_parser);
@@ -1552,15 +1552,16 @@ verify_attlist_decl_handler(void *userData, const XML_Char *element_name,
                             const XML_Char *default_value, int is_required) {
   AttTest *at = (AttTest *)userData;
 
-  if (xcstrcmp(element_name, at->element_name))
+  if (xcstrcmp(element_name, at->element_name) != 0)
     fail("Unexpected element name in attribute declaration");
-  if (xcstrcmp(attr_name, at->attr_name))
+  if (xcstrcmp(attr_name, at->attr_name) != 0)
     fail("Unexpected attribute name in attribute declaration");
-  if (xcstrcmp(attr_type, at->attr_type))
+  if (xcstrcmp(attr_type, at->attr_type) != 0)
     fail("Unexpected attribute type in attribute declaration");
   if ((default_value == NULL && at->default_value != NULL)
       || (default_value != NULL && at->default_value == NULL)
-      || (default_value != NULL && xcstrcmp(default_value, at->default_value)))
+      || (default_value != NULL
+          && xcstrcmp(default_value, at->default_value) != 0))
     fail("Unexpected default value in attribute declaration");
   if (is_required != at->is_required)
     fail("Requirement mismatch in attribute declaration");
@@ -1751,7 +1752,7 @@ param_entity_match_handler(void *userData, const XML_Char *entityName,
      * going to overflow an int.
      */
     if (value_length != (int)xcstrlen(entity_value_to_match)
-        || xcstrncmp(value, entity_value_to_match, value_length)) {
+        || xcstrncmp(value, entity_value_to_match, value_length) != 0) {
       entity_match_flag = ENTITY_MATCH_FAIL;
     } else {
       entity_match_flag = ENTITY_MATCH_SUCCESS;
diff --git a/contrib/expat/tests/minicheck.h b/contrib/expat/tests/minicheck.h
index 29ae4cb2420d..140eaaa5c105 100644
--- a/contrib/expat/tests/minicheck.h
+++ b/contrib/expat/tests/minicheck.h
@@ -134,8 +134,7 @@ void _check_set_test_info(char const *function, char const *filename,
 __attribute__((noreturn))
 #    endif
 #  endif
-void
-_fail(const char *file, int line, const char *msg);
+void _fail(const char *file, int line, const char *msg);
 Suite *suite_create(const char *name);
 TCase *tcase_create(const char *name);
 void suite_add_tcase(Suite *suite, TCase *tc);
diff --git a/contrib/expat/tests/misc_tests.c b/contrib/expat/tests/misc_tests.c
index fb95014b142f..2a8054546a12 100644
--- a/contrib/expat/tests/misc_tests.c
+++ b/contrib/expat/tests/misc_tests.c
@@ -70,7 +70,7 @@ START_TEST(test_misc_alloc_create_parser) {
 
   /* Something this simple shouldn't need more than 10 allocations */
   for (i = 0; i < max_alloc_count; i++) {
-    g_allocation_count = i;
+    g_allocation_count = (int)i;
     g_parser = XML_ParserCreate_MM(NULL, &memsuite, NULL);
     if (g_parser != NULL)
       break;
@@ -90,7 +90,7 @@ START_TEST(test_misc_alloc_create_parser_with_encoding) {
 
   /* Try several levels of allocation */
   for (i = 0; i < max_alloc_count; i++) {
-    g_allocation_count = i;
+    g_allocation_count = (int)i;
     g_parser = XML_ParserCreate_MM(XCS("us-ascii"), &memsuite, NULL);
     if (g_parser != NULL)
       break;
@@ -211,7 +211,8 @@ START_TEST(test_misc_version) {
   if (! versions_equal(&read_version, &parsed_version))
     fail("Version mismatch");
 
-  if (xcstrcmp(version_text, XCS("expat_2.7.1"))) /* needs bump on releases */
+  if (xcstrcmp(version_text, XCS("expat_2.7.3"))
+      != 0) /* needs bump on releases */
     fail("XML_*_VERSION in expat.h out of sync?\n");
 }
 END_TEST
@@ -678,6 +679,98 @@ START_TEST(test_misc_expected_event_ptr_issue_980) {
 }
 END_TEST
 
+START_TEST(test_misc_sync_entity_tolerated) {
+  const char *const doc = "<!DOCTYPE t0 [\n"
+                          "   <!ENTITY a '<t1></t1>'>\n"
+                          "   <!ENTITY b '<t2>two</t2>'>\n"
+                          "   <!ENTITY c '<t3>three<t4>four</t4>three</t3>'>\n"
+                          "   <!ENTITY d '<t5>&b;</t5>'>\n"
+                          "]>\n"
+                          "<t0>&a;&b;&c;&d;</t0>\n";
+  XML_Parser parser = XML_ParserCreate(NULL);
+
+  assert_true(_XML_Parse_SINGLE_BYTES(parser, doc, (int)strlen(doc),
+                                      /*isFinal=*/XML_TRUE)
+              == XML_STATUS_OK);
+
+  XML_ParserFree(parser);
+}
+END_TEST
+
+START_TEST(test_misc_async_entity_rejected) {
+  struct test_case {
+    const char *doc;
+    enum XML_Status expectedStatusNoGE;
+    enum XML_Error expectedErrorNoGE;
+    XML_Size expectedErrorLine;
+    XML_Size expectedErrorColumn;
+  };
+  const struct test_case cases[] = {
+      // Opened by one entity, closed by another
+      {"<!DOCTYPE t0 [\n"
+       "   <!ENTITY open '<t1>'>\n"
+       "   <!ENTITY close '</t1>'>\n"
+       "]>\n"
+       "<t0>&open;&close;</t0>\n",
+       XML_STATUS_OK, XML_ERROR_NONE, 5, 4},
+      // Opened by tag, closed by entity (non-root case)
+      {"<!DOCTYPE t0 [\n"
+       "  <!ENTITY g0 ''>\n"
+       "  <!ENTITY g1 '&g0;</t1>'>\n"
+       "]>\n"
+       "<t0><t1>&g1;</t0>\n",
+       XML_STATUS_ERROR, XML_ERROR_TAG_MISMATCH, 5, 8},
+      // Opened by tag, closed by entity (root case)
+      {"<!DOCTYPE t0 [\n"
+       "  <!ENTITY g0 ''>\n"
+       "  <!ENTITY g1 '&g0;</t0>'>\n"
+       "]>\n"
+       "<t0>&g1;\n",
+       XML_STATUS_ERROR, XML_ERROR_NO_ELEMENTS, 5, 4},
+      // Opened by entity, closed by tag <-- regression from 2.7.0
+      {"<!DOCTYPE t0 [\n"
+       "  <!ENTITY g0 ''>\n"
+       "  <!ENTITY g1 '<t1>&g0;'>\n"
+       "]>\n"
+       "<t0>&g1;</t1></t0>\n",
+       XML_STATUS_ERROR, XML_ERROR_TAG_MISMATCH, 5, 4},
+      // Opened by tag, closed by entity; then the other way around
+      {"<!DOCTYPE t0 [\n"
+       "  <!ENTITY open '<t1>'>\n"
+       "  <!ENTITY close '</t1>'>\n"
+       "]>\n"
+       "<t0><t1>&close;&open;</t1></t0>\n",
+       XML_STATUS_OK, XML_ERROR_NONE, 5, 8},
+  };
+
+  for (size_t i = 0; i < sizeof(cases) / sizeof(cases[0]); i++) {
+    const struct test_case testCase = cases[i];
+    set_subtest("cases[%d]", (int)i);
+
+    const char *const doc = testCase.doc;
+#if XML_GE == 1
+    const enum XML_Status expectedStatus = XML_STATUS_ERROR;
+    const enum XML_Error expectedError = XML_ERROR_ASYNC_ENTITY;
+#else
+    const enum XML_Status expectedStatus = testCase.expectedStatusNoGE;
+    const enum XML_Error expectedError = testCase.expectedErrorNoGE;
+#endif
+
+    XML_Parser parser = XML_ParserCreate(NULL);
+    assert_true(_XML_Parse_SINGLE_BYTES(parser, doc, (int)strlen(doc),
+                                        /*isFinal=*/XML_TRUE)
+                == expectedStatus);
+    assert_true(XML_GetErrorCode(parser) == expectedError);
+#if XML_GE == 1
+    assert_true(XML_GetCurrentLineNumber(parser) == testCase.expectedErrorLine);
+    assert_true(XML_GetCurrentColumnNumber(parser)
+                == testCase.expectedErrorColumn);
+#endif
+    XML_ParserFree(parser);
+  }
+}
+END_TEST
+
 void
 make_miscellaneous_test_case(Suite *s) {
   TCase *tc_misc = tcase_create("miscellaneous tests");
@@ -706,4 +799,6 @@ make_miscellaneous_test_case(Suite *s) {
   tcase_add_test(tc_misc, test_misc_stopparser_rejects_unstarted_parser);
   tcase_add_test__if_xml_ge(tc_misc, test_renter_loop_finite_content);
   tcase_add_test(tc_misc, test_misc_expected_event_ptr_issue_980);
+  tcase_add_test(tc_misc, test_misc_sync_entity_tolerated);
+  tcase_add_test(tc_misc, test_misc_async_entity_rejected);
 }
diff --git a/contrib/expat/tests/nsalloc_tests.c b/contrib/expat/tests/nsalloc_tests.c
index ec88586af1d4..60fa87f83461 100644
--- a/contrib/expat/tests/nsalloc_tests.c
+++ b/contrib/expat/tests/nsalloc_tests.c
@@ -10,7 +10,7 @@
    Copyright (c) 2003      Greg Stein <gstein@users.sourceforge.net>
    Copyright (c) 2005-2007 Steven Solie <steven@solie.ca>
    Copyright (c) 2005-2012 Karl Waclawek <karl@waclawek.net>
-   Copyright (c) 2016-2023 Sebastian Pipping <sebastian@pipping.org>
+   Copyright (c) 2016-2025 Sebastian Pipping <sebastian@pipping.org>
    Copyright (c) 2017-2022 Rhodri James <rhodri@wildebeest.org.uk>
    Copyright (c) 2017      Joe Orton <jorton@redhat.com>
    Copyright (c) 2017      José Gutiérrez de la Concha <jose@zeroc.com>
@@ -83,7 +83,7 @@ START_TEST(test_nsalloc_xmlns) {
   const unsigned int max_alloc_count = 30;
 
   for (i = 0; i < max_alloc_count; i++) {
-    g_allocation_count = i;
+    g_allocation_count = (int)i;
     /* Exercise more code paths with a default handler */
     XML_SetDefaultHandler(g_parser, dummy_default_handler);
     if (_XML_Parse_SINGLE_BYTES(g_parser, text, (int)strlen(text), XML_TRUE)
@@ -454,10 +454,15 @@ START_TEST(test_nsalloc_realloc_attributes) {
     nsalloc_teardown();
     nsalloc_setup();
   }
+#if XML_GE == 1
+  assert_true(
+      i == 0); // because expat_realloc relies on expat_malloc to some extent
+#else
   if (i == 0)
     fail("Parsing worked despite failing reallocations");
   else if (i == max_realloc_count)
     fail("Parsing failed at max reallocation count");
+#endif
 }
 END_TEST
 
@@ -523,7 +528,7 @@ START_TEST(test_nsalloc_realloc_binding_uri) {
   /* Now repeat with a longer URI and a duff reallocator */
   for (i = 0; i < max_realloc_count; i++) {
     XML_ParserReset(g_parser, NULL);
-    g_reallocation_count = i;
+    g_reallocation_count = (int)i;
     if (_XML_Parse_SINGLE_BYTES(g_parser, second, (int)strlen(second), XML_TRUE)
         != XML_STATUS_ERROR)
       break;
diff --git a/contrib/expat/xmlwf/Makefile.in b/contrib/expat/xmlwf/Makefile.in
index 480fd3e04103..07f2423aea10 100644
--- a/contrib/expat/xmlwf/Makefile.in
+++ b/contrib/expat/xmlwf/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.5 from Makefile.am.
+# Makefile.in generated by automake 1.18.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2021 Free Software Foundation, Inc.
+# Copyright (C) 1994-2025 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -100,6 +100,8 @@ am__make_running_with_option = \
   test $$has_opt = yes
 am__make_dryrun = (target_option=n; $(am__make_running_with_option))
 am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+am__rm_f = rm -f $(am__rm_f_notfound)
+am__rm_rf = rm -rf $(am__rm_f_notfound)
 pkgdatadir = $(datadir)/@PACKAGE@
 pkgincludedir = $(includedir)/@PACKAGE@
 pkglibdir = $(libdir)/@PACKAGE@
@@ -328,8 +330,10 @@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
 am__include = @am__include@
 am__leading_dot = @am__leading_dot@
 am__quote = @am__quote@
+am__rm_f_notfound = @am__rm_f_notfound@
 am__tar = @am__tar@
 am__untar = @am__untar@
+am__xargs_n = @am__xargs_n@
 bindir = @bindir@
 build = @build@
 build_alias = @build_alias@
@@ -464,16 +468,11 @@ uninstall-binPROGRAMS:
 	`; \
 	test -n "$$list" || exit 0; \
 	echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \
-	cd "$(DESTDIR)$(bindir)" && rm -f $$files
+	cd "$(DESTDIR)$(bindir)" && $(am__rm_f) $$files
 
 clean-binPROGRAMS:
-	@list='$(bin_PROGRAMS)'; test -n "$$list" || exit 0; \
-	echo " rm -f" $$list; \
-	rm -f $$list || exit $$?; \
-	test -n "$(EXEEXT)" || exit 0; \
-	list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
-	echo " rm -f" $$list; \
-	rm -f $$list
+	$(am__rm_f) $(bin_PROGRAMS)
+	test -z "$(EXEEXT)" || $(am__rm_f) $(bin_PROGRAMS:$(EXEEXT)=)
 
 xmlwf$(EXEEXT): $(xmlwf_OBJECTS) $(xmlwf_DEPENDENCIES) $(EXTRA_xmlwf_DEPENDENCIES) 
 	@rm -f xmlwf$(EXEEXT)
@@ -492,7 +491,7 @@ distclean-compile:
 
 $(am__depfiles_remade):
 	@$(MKDIR_P) $(@D)
-	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+	@: >>$@
 
 am--depfiles: $(am__depfiles_remade)
 
@@ -630,6 +629,7 @@ cscopelist-am: $(am__tagged_files)
 
 distclean-tags:
 	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
 distdir: $(BUILT_SOURCES)
 	$(MAKE) $(AM_MAKEFLAGS) distdir-am
 
@@ -694,8 +694,8 @@ mostlyclean-generic:
 clean-generic:
 
 distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+	-$(am__rm_f) $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || $(am__rm_f) $(CONFIG_CLEAN_VPATH_FILES)
 
 maintainer-clean-generic:
 	@echo "This command is intended for maintainers to use"
@@ -705,7 +705,7 @@ clean: clean-am
 clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am
 
 distclean: distclean-am
-		-rm -f ./$(DEPDIR)/xmlwf-@FILEMAP@.Po
+	-rm -f ./$(DEPDIR)/xmlwf-@FILEMAP@.Po
 	-rm -f ./$(DEPDIR)/xmlwf-codepage.Po
 	-rm -f ./$(DEPDIR)/xmlwf-xmlfile.Po
 	-rm -f ./$(DEPDIR)/xmlwf-xmlwf.Po
@@ -754,7 +754,7 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-		-rm -f ./$(DEPDIR)/xmlwf-@FILEMAP@.Po
+	-rm -f ./$(DEPDIR)/xmlwf-@FILEMAP@.Po
 	-rm -f ./$(DEPDIR)/xmlwf-codepage.Po
 	-rm -f ./$(DEPDIR)/xmlwf-xmlfile.Po
 	-rm -f ./$(DEPDIR)/xmlwf-xmlwf.Po
@@ -798,3 +798,10 @@ uninstall-am: uninstall-binPROGRAMS
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
 .NOEXPORT:
+
+# Tell GNU make to disable its built-in pattern rules.
+%:: %,v
+%:: RCS/%,v
+%:: RCS/%
+%:: s.%
+%:: SCCS/s.%
diff --git a/contrib/expat/xmlwf/unixfilemap.c b/contrib/expat/xmlwf/unixfilemap.c
index d0ce9cc60a8a..d2e0b174680b 100644
--- a/contrib/expat/xmlwf/unixfilemap.c
+++ b/contrib/expat/xmlwf/unixfilemap.c
@@ -10,7 +10,7 @@
    Copyright (c) 2000      Clark Cooper <coopercc@users.sourceforge.net>
    Copyright (c) 2001-2002 Fred L. Drake, Jr. <fdrake@users.sourceforge.net>
    Copyright (c) 2006      Karl Waclawek <karl@waclawek.net>
-   Copyright (c) 2016-2017 Sebastian Pipping <sebastian@pipping.org>
+   Copyright (c) 2016-2025 Sebastian Pipping <sebastian@pipping.org>
    Copyright (c) 2017      Rhodri James <rhodri@wildebeest.org.uk>
    Licensed under the MIT license:
 
@@ -41,6 +41,7 @@
 #include <errno.h>
 #include <string.h>
 #include <stdio.h>
+#include <stdlib.h> // NULL
 #include <unistd.h>
 
 #ifndef MAP_FILE
@@ -93,8 +94,7 @@ filemap(const tchar *name,
     close(fd);
     return 1;
   }
-  p = (void *)mmap((void *)0, (size_t)nbytes, PROT_READ, MAP_FILE | MAP_PRIVATE,
-                   fd, (off_t)0);
+  p = mmap(NULL, nbytes, PROT_READ, MAP_FILE | MAP_PRIVATE, fd, (off_t)0);
   if (p == (void *)-1) {
     tperror(name);
     close(fd);
diff --git a/contrib/expat/xmlwf/xmlfile.c b/contrib/expat/xmlwf/xmlfile.c
index 9c4f7f8dbadd..ce0b61217ed7 100644
--- a/contrib/expat/xmlwf/xmlfile.c
+++ b/contrib/expat/xmlwf/xmlfile.c
@@ -11,7 +11,7 @@
    Copyright (c) 2002-2003 Fred L. Drake, Jr. <fdrake@users.sourceforge.net>
    Copyright (c) 2004-2006 Karl Waclawek <karl@waclawek.net>
    Copyright (c) 2005-2007 Steven Solie <steven@solie.ca>
-   Copyright (c) 2016-2023 Sebastian Pipping <sebastian@pipping.org>
+   Copyright (c) 2016-2025 Sebastian Pipping <sebastian@pipping.org>
    Copyright (c) 2017      Rhodri James <rhodri@wildebeest.org.uk>
    Copyright (c) 2019      David Loffredo <loffredo@steptools.com>
    Copyright (c) 2021      Donghee Na <donghee.na@python.org>
@@ -56,12 +56,19 @@
 #include "xmltchar.h"
 #include "filemap.h"
 
+/* Function "read": */
 #if defined(_MSC_VER)
 #  include <io.h>
-#endif
-
-#ifdef HAVE_UNISTD_H
+/* https://msdn.microsoft.com/en-us/library/wyssk1bs(v=vs.100).aspx */
+#  define EXPAT_read _read
+#  define EXPAT_read_count_t int
+#  define EXPAT_read_req_t unsigned int
+#else /* POSIX */
 #  include <unistd.h>
+/* https://pubs.opengroup.org/onlinepubs/009695399/functions/read.html */
+#  define EXPAT_read read
+#  define EXPAT_read_count_t ssize_t
+#  define EXPAT_read_req_t size_t
 #endif
 
 #ifndef O_BINARY
@@ -89,8 +96,8 @@ reportError(XML_Parser parser, const XML_Char *filename) {
     ftprintf(stdout,
              T("%s") T(":%") T(XML_FMT_INT_MOD) T("u") T(":%")
                  T(XML_FMT_INT_MOD) T("u") T(": %s\n"),
-             filename, XML_GetErrorLineNumber(parser),
-             XML_GetErrorColumnNumber(parser), message);
+             filename, XML_GetCurrentLineNumber(parser),
+             XML_GetCurrentColumnNumber(parser), message);
   else
     ftprintf(stderr, T("%s: (unknown message %u)\n"), filename,
              (unsigned int)code);
@@ -192,7 +199,7 @@ processStream(const XML_Char *filename, XML_Parser parser) {
     }
   }
   for (;;) {
-    int nread;
+    EXPAT_read_count_t nread;
     char *buf = (char *)XML_GetBuffer(parser, g_read_size_bytes);
     if (! buf) {
       if (filename != NULL)
@@ -201,14 +208,14 @@ processStream(const XML_Char *filename, XML_Parser parser) {
                filename != NULL ? filename : T("xmlwf"));
       return 0;
     }
-    nread = read(fd, buf, g_read_size_bytes);
+    nread = EXPAT_read(fd, buf, (EXPAT_read_req_t)g_read_size_bytes);
     if (nread < 0) {
       tperror(filename != NULL ? filename : T("STDIN"));
       if (filename != NULL)
         close(fd);
       return 0;
     }
-    if (XML_ParseBuffer(parser, nread, nread == 0) == XML_STATUS_ERROR) {
+    if (XML_ParseBuffer(parser, (int)nread, nread == 0) == XML_STATUS_ERROR) {
       reportError(parser, filename != NULL ? filename : T("STDIN"));
       if (filename != NULL)
         close(fd);
diff --git a/contrib/expat/xmlwf/xmlwf.c b/contrib/expat/xmlwf/xmlwf.c
index 7c0a8cd4d6a4..534f32170590 100644
--- a/contrib/expat/xmlwf/xmlwf.c
+++ b/contrib/expat/xmlwf/xmlwf.c
@@ -11,7 +11,7 @@
    Copyright (c) 2001-2003 Fred L. Drake, Jr. <fdrake@users.sourceforge.net>
    Copyright (c) 2004-2009 Karl Waclawek <karl@waclawek.net>
    Copyright (c) 2005-2007 Steven Solie <steven@solie.ca>
-   Copyright (c) 2016-2023 Sebastian Pipping <sebastian@pipping.org>
+   Copyright (c) 2016-2025 Sebastian Pipping <sebastian@pipping.org>
    Copyright (c) 2017      Rhodri James <rhodri@wildebeest.org.uk>
    Copyright (c) 2019      David Loffredo <loffredo@steptools.com>
    Copyright (c) 2020      Joe Orton <jorton@redhat.com>
@@ -305,7 +305,7 @@ static XML_Char *
 xcsdup(const XML_Char *s) {
   XML_Char *result;
   int count = 0;
-  int numBytes;
+  size_t numBytes;
 
   /* Get the length of the string, including terminator */
   while (s[count++] != 0) {
@@ -913,11 +913,11 @@ usage(const XML_Char *prog, int rc) {
       T("  -t             write no XML output for [t]iming of plain parsing\n")
       T("  -N             enable adding doctype and [n]otation declarations\n")
       T("\n")
-      T("billion laughs attack protection:\n")
+      T("amplification attack protection (e.g. billion laughs):\n")
       T("  NOTE: If you ever need to increase these values for non-attack payload, please file a bug report.\n")
       T("\n")
       T("  -a FACTOR      set maximum tolerated [a]mplification factor (default: 100.0)\n")
-      T("  -b BYTES       set number of output [b]ytes needed to activate (default: 8 MiB)\n")
+      T("  -b BYTES       set number of output [b]ytes needed to activate (default: 8 MiB/64 MiB)\n")
       T("\n")
       T("reparse deferral:\n")
       T("  -q             disable reparse deferral, and allow [q]uadratic parse runtime with large tokens\n")
@@ -926,6 +926,16 @@ usage(const XML_Char *prog, int rc) {
       T("  -h, --help     show this [h]elp message and exit\n")
       T("  -v, --version  show program's [v]ersion number and exit\n")
       T("\n")
+      T("environment variables:\n")
+      T("  EXPAT_ACCOUNTING_DEBUG=(0|1|2|3)\n")
+      T("                 Control verbosity of accounting debugging (default: 0)\n")
+      T("  EXPAT_ENTITY_DEBUG=(0|1)\n")
+      T("                 Control verbosity of entity debugging (default: 0)\n")
+      T("  EXPAT_ENTROPY_DEBUG=(0|1)\n")
+      T("                 Control verbosity of entropy debugging (default: 0)\n")
+      T("  EXPAT_MALLOC_DEBUG=(0|1|2)\n")
+      T("                 Control verbosity of allocation tracker (default: 0)\n")
+      T("\n")
       T("exit status:\n")
       T("  0              the input files are well-formed and the output (if requested) was written successfully\n")
       T("  1              could not allocate data structures, signals a serious problem with execution environment\n")
@@ -1171,12 +1181,15 @@ tmain(int argc, XML_Char **argv) {
 #if XML_GE == 1
       XML_SetBillionLaughsAttackProtectionMaximumAmplification(
           parser, attackMaximumAmplification);
+      XML_SetAllocTrackerMaximumAmplification(parser,
+                                              attackMaximumAmplification);
 #endif
     }
     if (attackThresholdGiven) {
 #if XML_GE == 1
       XML_SetBillionLaughsAttackProtectionActivationThreshold(
           parser, attackThresholdBytes);
+      XML_SetAllocTrackerActivationThreshold(parser, attackThresholdBytes);
 #else
       (void)attackThresholdBytes; // silence -Wunused-but-set-variable
 #endif
diff --git a/contrib/expat/xmlwf/xmlwf_helpgen.py b/contrib/expat/xmlwf/xmlwf_helpgen.py
index 3d32f5d148b7..71f7baa43396 100755
--- a/contrib/expat/xmlwf/xmlwf_helpgen.py
+++ b/contrib/expat/xmlwf/xmlwf_helpgen.py
@@ -6,7 +6,7 @@
 #                      \___/_/\_\ .__/ \__,_|\__|
 #                               |_| XML parser
 #
-# Copyright (c) 2019-2023 Sebastian Pipping <sebastian@pipping.org>
+# Copyright (c) 2019-2025 Sebastian Pipping <sebastian@pipping.org>
 # Copyright (c) 2021      Tim Bray <tbray@textuality.com>
 # Licensed under the MIT license:
 #
@@ -32,6 +32,16 @@
 import argparse
 
 epilog = """
+environment variables:
+  EXPAT_ACCOUNTING_DEBUG=(0|1|2|3)
+                 Control verbosity of accounting debugging (default: 0)
+  EXPAT_ENTITY_DEBUG=(0|1)
+                 Control verbosity of entity debugging (default: 0)
+  EXPAT_ENTROPY_DEBUG=(0|1)
+                 Control verbosity of entropy debugging (default: 0)
+  EXPAT_MALLOC_DEBUG=(0|1|2)
+                 Control verbosity of allocation tracker (default: 0)
+
 exit status:
   0              the input files are well-formed and the output (if requested) was written successfully
   1              could not allocate data structures, signals a serious problem with execution environment
@@ -74,16 +84,16 @@ output_mode.add_argument('-m', action='store_true', help='write [m]eta XML, not
 output_mode.add_argument('-t', action='store_true', help='write no XML output for [t]iming of plain parsing')
 output_related.add_argument('-N', action='store_true', help='enable adding doctype and [n]otation declarations')
 
-billion_laughs = parser.add_argument_group('billion laughs attack protection',
+billion_laughs = parser.add_argument_group('amplification attack protection (e.g. billion laughs)',
                                            description='NOTE: '
                                                        'If you ever need to increase these values '
                                                        'for non-attack payload, please file a bug report.')
 billion_laughs.add_argument('-a', metavar='FACTOR',
                             help='set maximum tolerated [a]mplification factor (default: 100.0)')
-billion_laughs.add_argument('-b', metavar='BYTES', help='set number of output [b]ytes needed to activate (default: 8 MiB)')
+billion_laughs.add_argument('-b', metavar='BYTES', help='set number of output [b]ytes needed to activate (default: 8 MiB/64 MiB)')
 
 reparse_deferral = parser.add_argument_group('reparse deferral')
-reparse_deferral.add_argument('-q', metavar='FACTOR',
+reparse_deferral.add_argument('-q', action='store_true',
                             help='disable reparse deferral, and allow [q]uadratic parse runtime with large tokens')
 
 parser.add_argument('files', metavar='FILE', nargs='*', help='file to process (default: STDIN)')
diff --git a/contrib/jemalloc/INSTALL.md b/contrib/jemalloc/INSTALL.md
index 9701364041c8..90da718d2b6a 100644
--- a/contrib/jemalloc/INSTALL.md
+++ b/contrib/jemalloc/INSTALL.md
@@ -1,4 +1,3 @@
-<<<<<<< HEAD
 Building and installing a packaged release of jemalloc can be as simple as
 typing the following while in the root directory of the source tree:
 
@@ -423,427 +422,3 @@ can be used to view the html manual.  The roff manual page can be formatted
 prior to installation via the following command:
 
     nroff -man -t doc/jemalloc.3
-||||||| dec341af7695
-=======
-Building and installing a packaged release of jemalloc can be as simple as
-typing the following while in the root directory of the source tree:
-
-    ./configure
-    make
-    make install
-
-If building from unpackaged developer sources, the simplest command sequence
-that might work is:
-
-    ./autogen.sh
-    make dist
-    make
-    make install
-
-Note that documentation is not built by the default target because doing so
-would create a dependency on xsltproc in packaged releases, hence the
-requirement to either run 'make dist' or avoid installing docs via the various
-install_* targets documented below.
-
-
-## Advanced configuration
-
-The 'configure' script supports numerous options that allow control of which
-functionality is enabled, where jemalloc is installed, etc.  Optionally, pass
-any of the following arguments (not a definitive list) to 'configure':
-
-* `--help`
-
-    Print a definitive list of options.
-
-* `--prefix=<install-root-dir>`
-
-    Set the base directory in which to install.  For example:
-
-        ./configure --prefix=/usr/local
-
-    will cause files to be installed into /usr/local/include, /usr/local/lib,
-    and /usr/local/man.
-
-* `--with-version=(<major>.<minor>.<bugfix>-<nrev>-g<gid>|VERSION)`
-
-    The VERSION file is mandatory for successful configuration, and the
-    following steps are taken to assure its presence:
-    1) If --with-version=<major>.<minor>.<bugfix>-<nrev>-g<gid> is specified,
-       generate VERSION using the specified value.
-    2) If --with-version is not specified in either form and the source
-       directory is inside a git repository, try to generate VERSION via 'git
-       describe' invocations that pattern-match release tags.
-    3) If VERSION is missing, generate it with a bogus version:
-       0.0.0-0-g0000000000000000000000000000000000000000
-
-    Note that --with-version=VERSION bypasses (1) and (2), which simplifies
-    VERSION configuration when embedding a jemalloc release into another
-    project's git repository.
-
-* `--with-rpath=<colon-separated-rpath>`
-
-    Embed one or more library paths, so that libjemalloc can find the libraries
-    it is linked to.  This works only on ELF-based systems.
-
-* `--with-mangling=<map>`
-
-    Mangle public symbols specified in <map> which is a comma-separated list of
-    name:mangled pairs.
-
-    For example, to use ld's --wrap option as an alternative method for
-    overriding libc's malloc implementation, specify something like:
-
-      --with-mangling=malloc:__wrap_malloc,free:__wrap_free[...]
-
-    Note that mangling happens prior to application of the prefix specified by
-    --with-jemalloc-prefix, and mangled symbols are then ignored when applying
-    the prefix.
-
-* `--with-jemalloc-prefix=<prefix>`
-
-    Prefix all public APIs with <prefix>.  For example, if <prefix> is
-    "prefix_", API changes like the following occur:
-
-      malloc()         --> prefix_malloc()
-      malloc_conf      --> prefix_malloc_conf
-      /etc/malloc.conf --> /etc/prefix_malloc.conf
-      MALLOC_CONF      --> PREFIX_MALLOC_CONF
-
-    This makes it possible to use jemalloc at the same time as the system
-    allocator, or even to use multiple copies of jemalloc simultaneously.
-
-    By default, the prefix is "", except on OS X, where it is "je_".  On OS X,
-    jemalloc overlays the default malloc zone, but makes no attempt to actually
-    replace the "malloc", "calloc", etc. symbols.
-
-* `--without-export`
-
-    Don't export public APIs.  This can be useful when building jemalloc as a
-    static library, or to avoid exporting public APIs when using the zone
-    allocator on OSX.
-
-* `--with-private-namespace=<prefix>`
-
-    Prefix all library-private APIs with <prefix>je_.  For shared libraries,
-    symbol visibility mechanisms prevent these symbols from being exported, but
-    for static libraries, naming collisions are a real possibility.  By
-    default, <prefix> is empty, which results in a symbol prefix of je_ .
-
-* `--with-install-suffix=<suffix>`
-
-    Append <suffix> to the base name of all installed files, such that multiple
-    versions of jemalloc can coexist in the same installation directory.  For
-    example, libjemalloc.so.0 becomes libjemalloc<suffix>.so.0.
-
-* `--with-malloc-conf=<malloc_conf>`
-
-    Embed `<malloc_conf>` as a run-time options string that is processed prior to
-    the malloc_conf global variable, the /etc/malloc.conf symlink, and the
-    MALLOC_CONF environment variable.  For example, to change the default decay
-    time to 30 seconds:
-
-      --with-malloc-conf=decay_ms:30000
-
-* `--enable-debug`
-
-    Enable assertions and validation code.  This incurs a substantial
-    performance hit, but is very useful during application development.
-
-* `--disable-stats`
-
-    Disable statistics gathering functionality.  See the "opt.stats_print"
-    option documentation for usage details.
-
-* `--enable-prof`
-
-    Enable heap profiling and leak detection functionality.  See the "opt.prof"
-    option documentation for usage details.  When enabled, there are several
-    approaches to backtracing, and the configure script chooses the first one
-    in the following list that appears to function correctly:
-
-    + libunwind      (requires --enable-prof-libunwind)
-    + libgcc         (unless --disable-prof-libgcc)
-    + gcc intrinsics (unless --disable-prof-gcc)
-
-* `--enable-prof-libunwind`
-
-    Use the libunwind library (http://www.nongnu.org/libunwind/) for stack
-    backtracing.
-
-* `--disable-prof-libgcc`
-
-    Disable the use of libgcc's backtracing functionality.
-
-* `--disable-prof-gcc`
-
-    Disable the use of gcc intrinsics for backtracing.
-
-* `--with-static-libunwind=<libunwind.a>`
-
-    Statically link against the specified libunwind.a rather than dynamically
-    linking with -lunwind.
-
-* `--disable-fill`
-
-    Disable support for junk/zero filling of memory.  See the "opt.junk" and
-    "opt.zero" option documentation for usage details.
-
-* `--disable-zone-allocator`
-
-    Disable zone allocator for Darwin.  This means jemalloc won't be hooked as
-    the default allocator on OSX/iOS.
-
-* `--enable-utrace`
-
-    Enable utrace(2)-based allocation tracing.  This feature is not broadly
-    portable (FreeBSD has it, but Linux and OS X do not).
-
-* `--enable-xmalloc`
-
-    Enable support for optional immediate termination due to out-of-memory
-    errors, as is commonly implemented by "xmalloc" wrapper function for malloc.
-    See the "opt.xmalloc" option documentation for usage details.
-
-* `--enable-lazy-lock`
-
-    Enable code that wraps pthread_create() to detect when an application
-    switches from single-threaded to multi-threaded mode, so that it can avoid
-    mutex locking/unlocking operations while in single-threaded mode.  In
-    practice, this feature usually has little impact on performance unless
-    thread-specific caching is disabled.
-
-* `--disable-cache-oblivious`
-
-    Disable cache-oblivious large allocation alignment for large allocation
-    requests with no alignment constraints.  If this feature is disabled, all
-    large allocations are page-aligned as an implementation artifact, which can
-    severely harm CPU cache utilization.  However, the cache-oblivious layout
-    comes at the cost of one extra page per large allocation, which in the
-    most extreme case increases physical memory usage for the 16 KiB size class
-    to 20 KiB.
-
-* `--disable-syscall`
-
-    Disable use of syscall(2) rather than {open,read,write,close}(2).  This is
-    intended as a workaround for systems that place security limitations on
-    syscall(2).
-
-* `--disable-cxx`
-
-    Disable C++ integration.  This will cause new and delete operator
-    implementations to be omitted.
-
-* `--with-xslroot=<path>`
-
-    Specify where to find DocBook XSL stylesheets when building the
-    documentation.
-
-* `--with-lg-page=<lg-page>`
-
-    Specify the base 2 log of the allocator page size, which must in turn be at
-    least as large as the system page size.  By default the configure script
-    determines the host's page size and sets the allocator page size equal to
-    the system page size, so this option need not be specified unless the
-    system page size may change between configuration and execution, e.g. when
-    cross compiling.
-
-* `--with-lg-hugepage=<lg-hugepage>`
-
-    Specify the base 2 log of the system huge page size.  This option is useful
-    when cross compiling, or when overriding the default for systems that do
-    not explicitly support huge pages.
-
-* `--with-lg-quantum=<lg-quantum>`
-
-    Specify the base 2 log of the minimum allocation alignment.  jemalloc needs
-    to know the minimum alignment that meets the following C standard
-    requirement (quoted from the April 12, 2011 draft of the C11 standard):
-
-    >  The pointer returned if the allocation succeeds is suitably aligned so
-      that it may be assigned to a pointer to any type of object with a
-      fundamental alignment requirement and then used to access such an object
-      or an array of such objects in the space allocated [...]
-
-    This setting is architecture-specific, and although jemalloc includes known
-    safe values for the most commonly used modern architectures, there is a
-    wrinkle related to GNU libc (glibc) that may impact your choice of
-    <lg-quantum>.  On most modern architectures, this mandates 16-byte
-    alignment (<lg-quantum>=4), but the glibc developers chose not to meet this
-    requirement for performance reasons.  An old discussion can be found at
-    <https://sourceware.org/bugzilla/show_bug.cgi?id=206> .  Unlike glibc,
-    jemalloc does follow the C standard by default (caveat: jemalloc
-    technically cheats for size classes smaller than the quantum), but the fact
-    that Linux systems already work around this allocator noncompliance means
-    that it is generally safe in practice to let jemalloc's minimum alignment
-    follow glibc's lead.  If you specify `--with-lg-quantum=3` during
-    configuration, jemalloc will provide additional size classes that are not
-    16-byte-aligned (24, 40, and 56).
-
-* `--with-lg-vaddr=<lg-vaddr>`
-
-    Specify the number of significant virtual address bits.  By default, the
-    configure script attempts to detect virtual address size on those platforms
-    where it knows how, and picks a default otherwise.  This option may be
-    useful when cross-compiling.
-
-* `--disable-initial-exec-tls`
-
-    Disable the initial-exec TLS model for jemalloc's internal thread-local
-    storage (on those platforms that support explicit settings).  This can allow
-    jemalloc to be dynamically loaded after program startup (e.g. using dlopen).
-    Note that in this case, there will be two malloc implementations operating
-    in the same process, which will almost certainly result in confusing runtime
-    crashes if pointers leak from one implementation to the other.
-
-* `--disable-libdl`
-
-    Disable the usage of libdl, namely dlsym(3) which is required by the lazy
-    lock option.  This can allow building static binaries.
-
-The following environment variables (not a definitive list) impact configure's
-behavior:
-
-* `CFLAGS="?"`
-* `CXXFLAGS="?"`
-
-    Pass these flags to the C/C++ compiler.  Any flags set by the configure
-    script are prepended, which means explicitly set flags generally take
-    precedence.  Take care when specifying flags such as -Werror, because
-    configure tests may be affected in undesirable ways.
-
-* `EXTRA_CFLAGS="?"`
-* `EXTRA_CXXFLAGS="?"`
-
-    Append these flags to CFLAGS/CXXFLAGS, without passing them to the
-    compiler(s) during configuration.  This makes it possible to add flags such
-    as -Werror, while allowing the configure script to determine what other
-    flags are appropriate for the specified configuration.
-
-* `CPPFLAGS="?"`
-
-    Pass these flags to the C preprocessor.  Note that CFLAGS is not passed to
-    'cpp' when 'configure' is looking for include files, so you must use
-    CPPFLAGS instead if you need to help 'configure' find header files.
-
-* `LD_LIBRARY_PATH="?"`
-
-    'ld' uses this colon-separated list to find libraries.
-
-* `LDFLAGS="?"`
-
-    Pass these flags when linking.
-
-* `PATH="?"`
-
-    'configure' uses this to find programs.
-
-In some cases it may be necessary to work around configuration results that do
-not match reality.  For example, Linux 4.5 added support for the MADV_FREE flag
-to madvise(2), which can cause problems if building on a host with MADV_FREE
-support and deploying to a target without.  To work around this, use a cache
-file to override the relevant configuration variable defined in configure.ac,
-e.g.:
-
-    echo "je_cv_madv_free=no" > config.cache && ./configure -C
-
-
-## Advanced compilation
-
-To build only parts of jemalloc, use the following targets:
-
-    build_lib_shared
-    build_lib_static
-    build_lib
-    build_doc_html
-    build_doc_man
-    build_doc
-
-To install only parts of jemalloc, use the following targets:
-
-    install_bin
-    install_include
-    install_lib_shared
-    install_lib_static
-    install_lib_pc
-    install_lib
-    install_doc_html
-    install_doc_man
-    install_doc
-
-To clean up build results to varying degrees, use the following make targets:
-
-    clean
-    distclean
-    relclean
-
-
-## Advanced installation
-
-Optionally, define make variables when invoking make, including (not
-exclusively):
-
-* `INCLUDEDIR="?"`
-
-    Use this as the installation prefix for header files.
-
-* `LIBDIR="?"`
-
-    Use this as the installation prefix for libraries.
-
-* `MANDIR="?"`
-
-    Use this as the installation prefix for man pages.
-
-* `DESTDIR="?"`
-
-    Prepend DESTDIR to INCLUDEDIR, LIBDIR, DATADIR, and MANDIR.  This is useful
-    when installing to a different path than was specified via --prefix.
-
-* `CC="?"`
-
-    Use this to invoke the C compiler.
-
-* `CFLAGS="?"`
-
-    Pass these flags to the compiler.
-
-* `CPPFLAGS="?"`
-
-    Pass these flags to the C preprocessor.
-
-* `LDFLAGS="?"`
-
-    Pass these flags when linking.
-
-* `PATH="?"`
-
-    Use this to search for programs used during configuration and building.
-
-
-## Development
-
-If you intend to make non-trivial changes to jemalloc, use the 'autogen.sh'
-script rather than 'configure'.  This re-generates 'configure', enables
-configuration dependency rules, and enables re-generation of automatically
-generated source files.
-
-The build system supports using an object directory separate from the source
-tree.  For example, you can create an 'obj' directory, and from within that
-directory, issue configuration and build commands:
-
-    autoconf
-    mkdir obj
-    cd obj
-    ../configure --enable-autogen
-    make
-
-
-## Documentation
-
-The manual page is generated in both html and roff formats.  Any web browser
-can be used to view the html manual.  The roff manual page can be formatted
-prior to installation via the following command:
-
-    nroff -man -t doc/jemalloc.3
->>>>>>> main
diff --git a/contrib/jemalloc/Makefile.in b/contrib/jemalloc/Makefile.in
index 121297702bcc..1193cd859c49 100644
--- a/contrib/jemalloc/Makefile.in
+++ b/contrib/jemalloc/Makefile.in
@@ -1,4 +1,3 @@
-<<<<<<< HEAD
 # Clear out all vpaths, then set just one (default vpath) for the main build
 # directory.
 vpath
@@ -761,629 +760,3 @@ $(objroot)config.stamp : $(cfgoutputs_in) $(cfghdrs_in) $(srcroot)configure
 $(cfgoutputs_out) $(cfghdrs_out) : $(objroot)config.stamp
 	@true
 endif
-||||||| dec341af7695
-=======
-# Clear out all vpaths, then set just one (default vpath) for the main build
-# directory.
-vpath
-vpath % .
-
-# Clear the default suffixes, so that built-in rules are not used.
-.SUFFIXES :
-
-SHELL := /bin/sh
-
-CC := @CC@
-CXX := @CXX@
-
-# Configuration parameters.
-DESTDIR =
-BINDIR := $(DESTDIR)@BINDIR@
-INCLUDEDIR := $(DESTDIR)@INCLUDEDIR@
-LIBDIR := $(DESTDIR)@LIBDIR@
-DATADIR := $(DESTDIR)@DATADIR@
-MANDIR := $(DESTDIR)@MANDIR@
-srcroot := @srcroot@
-objroot := @objroot@
-abs_srcroot := @abs_srcroot@
-abs_objroot := @abs_objroot@
-
-# Build parameters.
-CPPFLAGS := @CPPFLAGS@ -I$(objroot)include -I$(srcroot)include
-CONFIGURE_CFLAGS := @CONFIGURE_CFLAGS@
-SPECIFIED_CFLAGS := @SPECIFIED_CFLAGS@
-EXTRA_CFLAGS := @EXTRA_CFLAGS@
-CFLAGS := $(strip $(CONFIGURE_CFLAGS) $(SPECIFIED_CFLAGS) $(EXTRA_CFLAGS))
-CONFIGURE_CXXFLAGS := @CONFIGURE_CXXFLAGS@
-SPECIFIED_CXXFLAGS := @SPECIFIED_CXXFLAGS@
-EXTRA_CXXFLAGS := @EXTRA_CXXFLAGS@
-CXXFLAGS := $(strip $(CONFIGURE_CXXFLAGS) $(SPECIFIED_CXXFLAGS) $(EXTRA_CXXFLAGS))
-LDFLAGS := @LDFLAGS@
-EXTRA_LDFLAGS := @EXTRA_LDFLAGS@
-LIBS := @LIBS@
-RPATH_EXTRA := @RPATH_EXTRA@
-SO := @so@
-IMPORTLIB := @importlib@
-O := @o@
-A := @a@
-EXE := @exe@
-LIBPREFIX := @libprefix@
-REV := @rev@
-install_suffix := @install_suffix@
-ABI := @abi@
-XSLTPROC := @XSLTPROC@
-XSLROOT := @XSLROOT@
-AUTOCONF := @AUTOCONF@
-_RPATH = @RPATH@
-RPATH = $(if $(1),$(call _RPATH,$(1)))
-cfghdrs_in := $(addprefix $(srcroot),@cfghdrs_in@)
-cfghdrs_out := @cfghdrs_out@
-cfgoutputs_in := $(addprefix $(srcroot),@cfgoutputs_in@)
-cfgoutputs_out := @cfgoutputs_out@
-enable_autogen := @enable_autogen@
-enable_doc := @enable_doc@
-enable_shared := @enable_shared@
-enable_static := @enable_static@
-enable_prof := @enable_prof@
-enable_zone_allocator := @enable_zone_allocator@
-enable_experimental_smallocx := @enable_experimental_smallocx@
-MALLOC_CONF := @JEMALLOC_CPREFIX@MALLOC_CONF
-link_whole_archive := @link_whole_archive@
-DSO_LDFLAGS = @DSO_LDFLAGS@
-SOREV = @SOREV@
-PIC_CFLAGS = @PIC_CFLAGS@
-CTARGET = @CTARGET@
-LDTARGET = @LDTARGET@
-TEST_LD_MODE = @TEST_LD_MODE@
-MKLIB = @MKLIB@
-AR = @AR@
-ARFLAGS = @ARFLAGS@
-DUMP_SYMS = @DUMP_SYMS@
-AWK := @AWK@
-CC_MM = @CC_MM@
-LM := @LM@
-INSTALL = @INSTALL@
-
-ifeq (macho, $(ABI))
-TEST_LIBRARY_PATH := DYLD_FALLBACK_LIBRARY_PATH="$(objroot)lib"
-else
-ifeq (pecoff, $(ABI))
-TEST_LIBRARY_PATH := PATH="$(PATH):$(objroot)lib"
-else
-TEST_LIBRARY_PATH :=
-endif
-endif
-
-LIBJEMALLOC := $(LIBPREFIX)jemalloc$(install_suffix)
-
-# Lists of files.
-BINS := $(objroot)bin/jemalloc-config $(objroot)bin/jemalloc.sh $(objroot)bin/jeprof
-C_HDRS := $(objroot)include/jemalloc/jemalloc$(install_suffix).h
-C_SRCS := $(srcroot)src/jemalloc.c \
-	$(srcroot)src/arena.c \
-	$(srcroot)src/background_thread.c \
-	$(srcroot)src/base.c \
-	$(srcroot)src/bin.c \
-	$(srcroot)src/bitmap.c \
-	$(srcroot)src/ckh.c \
-	$(srcroot)src/ctl.c \
-	$(srcroot)src/div.c \
-	$(srcroot)src/extent.c \
-	$(srcroot)src/extent_dss.c \
-	$(srcroot)src/extent_mmap.c \
-	$(srcroot)src/hash.c \
-	$(srcroot)src/hook.c \
-	$(srcroot)src/large.c \
-	$(srcroot)src/log.c \
-	$(srcroot)src/malloc_io.c \
-	$(srcroot)src/mutex.c \
-	$(srcroot)src/mutex_pool.c \
-	$(srcroot)src/nstime.c \
-	$(srcroot)src/pages.c \
-	$(srcroot)src/prng.c \
-	$(srcroot)src/prof.c \
-	$(srcroot)src/rtree.c \
-	$(srcroot)src/safety_check.c \
-	$(srcroot)src/stats.c \
-	$(srcroot)src/sc.c \
-	$(srcroot)src/sz.c \
-	$(srcroot)src/tcache.c \
-	$(srcroot)src/test_hooks.c \
-	$(srcroot)src/ticker.c \
-	$(srcroot)src/tsd.c \
-	$(srcroot)src/witness.c
-ifeq ($(enable_zone_allocator), 1)
-C_SRCS += $(srcroot)src/zone.c
-endif
-ifeq ($(IMPORTLIB),$(SO))
-STATIC_LIBS := $(objroot)lib/$(LIBJEMALLOC).$(A)
-endif
-ifdef PIC_CFLAGS
-STATIC_LIBS += $(objroot)lib/$(LIBJEMALLOC)_pic.$(A)
-else
-STATIC_LIBS += $(objroot)lib/$(LIBJEMALLOC)_s.$(A)
-endif
-DSOS := $(objroot)lib/$(LIBJEMALLOC).$(SOREV)
-ifneq ($(SOREV),$(SO))
-DSOS += $(objroot)lib/$(LIBJEMALLOC).$(SO)
-endif
-ifeq (1, $(link_whole_archive))
-LJEMALLOC := -Wl,--whole-archive -L$(objroot)lib -l$(LIBJEMALLOC) -Wl,--no-whole-archive
-else
-LJEMALLOC := $(objroot)lib/$(LIBJEMALLOC).$(IMPORTLIB)
-endif
-PC := $(objroot)jemalloc.pc
-MAN3 := $(objroot)doc/jemalloc$(install_suffix).3
-DOCS_XML := $(objroot)doc/jemalloc$(install_suffix).xml
-DOCS_HTML := $(DOCS_XML:$(objroot)%.xml=$(objroot)%.html)
-DOCS_MAN3 := $(DOCS_XML:$(objroot)%.xml=$(objroot)%.3)
-DOCS := $(DOCS_HTML) $(DOCS_MAN3)
-C_TESTLIB_SRCS := $(srcroot)test/src/btalloc.c $(srcroot)test/src/btalloc_0.c \
-	$(srcroot)test/src/btalloc_1.c $(srcroot)test/src/math.c \
-	$(srcroot)test/src/mtx.c $(srcroot)test/src/mq.c \
-	$(srcroot)test/src/SFMT.c $(srcroot)test/src/test.c \
-	$(srcroot)test/src/thd.c $(srcroot)test/src/timer.c
-ifeq (1, $(link_whole_archive))
-C_UTIL_INTEGRATION_SRCS :=
-C_UTIL_CPP_SRCS :=
-else
-C_UTIL_INTEGRATION_SRCS := $(srcroot)src/nstime.c $(srcroot)src/malloc_io.c
-C_UTIL_CPP_SRCS := $(srcroot)src/nstime.c $(srcroot)src/malloc_io.c
-endif
-TESTS_UNIT := \
-	$(srcroot)test/unit/a0.c \
-	$(srcroot)test/unit/arena_reset.c \
-	$(srcroot)test/unit/atomic.c \
-	$(srcroot)test/unit/background_thread.c \
-	$(srcroot)test/unit/background_thread_enable.c \
-	$(srcroot)test/unit/base.c \
-	$(srcroot)test/unit/bitmap.c \
-	$(srcroot)test/unit/bit_util.c \
-	$(srcroot)test/unit/binshard.c \
-	$(srcroot)test/unit/ckh.c \
-	$(srcroot)test/unit/decay.c \
-	$(srcroot)test/unit/div.c \
-	$(srcroot)test/unit/emitter.c \
-	$(srcroot)test/unit/extent_quantize.c \
-	$(srcroot)test/unit/extent_util.c \
-	$(srcroot)test/unit/fork.c \
-	$(srcroot)test/unit/hash.c \
-	$(srcroot)test/unit/hook.c \
-	$(srcroot)test/unit/huge.c \
-	$(srcroot)test/unit/junk.c \
-	$(srcroot)test/unit/junk_alloc.c \
-	$(srcroot)test/unit/junk_free.c \
-	$(srcroot)test/unit/log.c \
-	$(srcroot)test/unit/mallctl.c \
-	$(srcroot)test/unit/malloc_io.c \
-	$(srcroot)test/unit/math.c \
-	$(srcroot)test/unit/mq.c \
-	$(srcroot)test/unit/mtx.c \
-	$(srcroot)test/unit/pack.c \
-	$(srcroot)test/unit/pages.c \
-	$(srcroot)test/unit/ph.c \
-	$(srcroot)test/unit/prng.c \
-	$(srcroot)test/unit/prof_accum.c \
-	$(srcroot)test/unit/prof_active.c \
-	$(srcroot)test/unit/prof_gdump.c \
-	$(srcroot)test/unit/prof_idump.c \
-	$(srcroot)test/unit/prof_log.c \
-	$(srcroot)test/unit/prof_reset.c \
-	$(srcroot)test/unit/prof_tctx.c \
-	$(srcroot)test/unit/prof_thread_name.c \
-	$(srcroot)test/unit/ql.c \
-	$(srcroot)test/unit/qr.c \
-	$(srcroot)test/unit/rb.c \
-	$(srcroot)test/unit/retained.c \
-	$(srcroot)test/unit/rtree.c \
-	$(srcroot)test/unit/safety_check.c \
-	$(srcroot)test/unit/seq.c \
-	$(srcroot)test/unit/SFMT.c \
-	$(srcroot)test/unit/sc.c \
-	$(srcroot)test/unit/size_classes.c \
-	$(srcroot)test/unit/slab.c \
-	$(srcroot)test/unit/smoothstep.c \
-	$(srcroot)test/unit/spin.c \
-	$(srcroot)test/unit/stats.c \
-	$(srcroot)test/unit/stats_print.c \
-	$(srcroot)test/unit/test_hooks.c \
-	$(srcroot)test/unit/ticker.c \
-	$(srcroot)test/unit/nstime.c \
-	$(srcroot)test/unit/tsd.c \
-	$(srcroot)test/unit/witness.c \
-	$(srcroot)test/unit/zero.c
-ifeq (@enable_prof@, 1)
-TESTS_UNIT += \
-	$(srcroot)test/unit/arena_reset_prof.c
-endif
-TESTS_INTEGRATION := $(srcroot)test/integration/aligned_alloc.c \
-	$(srcroot)test/integration/allocated.c \
-	$(srcroot)test/integration/extent.c \
-	$(srcroot)test/integration/malloc.c \
-	$(srcroot)test/integration/mallocx.c \
-	$(srcroot)test/integration/MALLOCX_ARENA.c \
-	$(srcroot)test/integration/overflow.c \
-	$(srcroot)test/integration/posix_memalign.c \
-	$(srcroot)test/integration/rallocx.c \
-	$(srcroot)test/integration/sdallocx.c \
-	$(srcroot)test/integration/slab_sizes.c \
-	$(srcroot)test/integration/thread_arena.c \
-	$(srcroot)test/integration/thread_tcache_enabled.c \
-	$(srcroot)test/integration/xallocx.c
-ifeq (@enable_experimental_smallocx@, 1)
-TESTS_INTEGRATION += \
-  $(srcroot)test/integration/smallocx.c
-endif
-ifeq (@enable_cxx@, 1)
-CPP_SRCS := $(srcroot)src/jemalloc_cpp.cpp
-TESTS_INTEGRATION_CPP := $(srcroot)test/integration/cpp/basic.cpp
-else
-CPP_SRCS :=
-TESTS_INTEGRATION_CPP :=
-endif
-TESTS_STRESS := $(srcroot)test/stress/microbench.c \
-	$(srcroot)test/stress/hookbench.c
-
-
-TESTS := $(TESTS_UNIT) $(TESTS_INTEGRATION) $(TESTS_INTEGRATION_CPP) $(TESTS_STRESS)
-
-PRIVATE_NAMESPACE_HDRS := $(objroot)include/jemalloc/internal/private_namespace.h $(objroot)include/jemalloc/internal/private_namespace_jet.h
-PRIVATE_NAMESPACE_GEN_HDRS := $(PRIVATE_NAMESPACE_HDRS:%.h=%.gen.h)
-C_SYM_OBJS := $(C_SRCS:$(srcroot)%.c=$(objroot)%.sym.$(O))
-C_SYMS := $(C_SRCS:$(srcroot)%.c=$(objroot)%.sym)
-C_OBJS := $(C_SRCS:$(srcroot)%.c=$(objroot)%.$(O))
-CPP_OBJS := $(CPP_SRCS:$(srcroot)%.cpp=$(objroot)%.$(O))
-C_PIC_OBJS := $(C_SRCS:$(srcroot)%.c=$(objroot)%.pic.$(O))
-CPP_PIC_OBJS := $(CPP_SRCS:$(srcroot)%.cpp=$(objroot)%.pic.$(O))
-C_JET_SYM_OBJS := $(C_SRCS:$(srcroot)%.c=$(objroot)%.jet.sym.$(O))
-C_JET_SYMS := $(C_SRCS:$(srcroot)%.c=$(objroot)%.jet.sym)
-C_JET_OBJS := $(C_SRCS:$(srcroot)%.c=$(objroot)%.jet.$(O))
-C_TESTLIB_UNIT_OBJS := $(C_TESTLIB_SRCS:$(srcroot)%.c=$(objroot)%.unit.$(O))
-C_TESTLIB_INTEGRATION_OBJS := $(C_TESTLIB_SRCS:$(srcroot)%.c=$(objroot)%.integration.$(O))
-C_UTIL_INTEGRATION_OBJS := $(C_UTIL_INTEGRATION_SRCS:$(srcroot)%.c=$(objroot)%.integration.$(O))
-C_TESTLIB_STRESS_OBJS := $(C_TESTLIB_SRCS:$(srcroot)%.c=$(objroot)%.stress.$(O))
-C_TESTLIB_OBJS := $(C_TESTLIB_UNIT_OBJS) $(C_TESTLIB_INTEGRATION_OBJS) $(C_UTIL_INTEGRATION_OBJS) $(C_TESTLIB_STRESS_OBJS)
-
-TESTS_UNIT_OBJS := $(TESTS_UNIT:$(srcroot)%.c=$(objroot)%.$(O))
-TESTS_INTEGRATION_OBJS := $(TESTS_INTEGRATION:$(srcroot)%.c=$(objroot)%.$(O))
-TESTS_INTEGRATION_CPP_OBJS := $(TESTS_INTEGRATION_CPP:$(srcroot)%.cpp=$(objroot)%.$(O))
-TESTS_STRESS_OBJS := $(TESTS_STRESS:$(srcroot)%.c=$(objroot)%.$(O))
-TESTS_OBJS := $(TESTS_UNIT_OBJS) $(TESTS_INTEGRATION_OBJS) $(TESTS_STRESS_OBJS)
-TESTS_CPP_OBJS := $(TESTS_INTEGRATION_CPP_OBJS)
-
-.PHONY: all dist build_doc_html build_doc_man build_doc
-.PHONY: install_bin install_include install_lib
-.PHONY: install_doc_html install_doc_man install_doc install
-.PHONY: tests check clean distclean relclean
-
-.SECONDARY : $(PRIVATE_NAMESPACE_GEN_HDRS) $(TESTS_OBJS) $(TESTS_CPP_OBJS)
-
-# Default target.
-all: build_lib
-
-dist: build_doc
-
-$(objroot)doc/%.html : $(objroot)doc/%.xml $(srcroot)doc/stylesheet.xsl $(objroot)doc/html.xsl
-ifneq ($(XSLROOT),)
-	$(XSLTPROC) -o $@ $(objroot)doc/html.xsl $<
-else
-ifeq ($(wildcard $(DOCS_HTML)),)
-	@echo "<p>Missing xsltproc.  Doc not built.</p>" > $@
-endif
-	@echo "Missing xsltproc.  "$@" not (re)built."
-endif
-
-$(objroot)doc/%.3 : $(objroot)doc/%.xml $(srcroot)doc/stylesheet.xsl $(objroot)doc/manpages.xsl
-ifneq ($(XSLROOT),)
-	$(XSLTPROC) -o $@ $(objroot)doc/manpages.xsl $<
-else
-ifeq ($(wildcard $(DOCS_MAN3)),)
-	@echo "Missing xsltproc.  Doc not built." > $@
-endif
-	@echo "Missing xsltproc.  "$@" not (re)built."
-endif
-
-build_doc_html: $(DOCS_HTML)
-build_doc_man: $(DOCS_MAN3)
-build_doc: $(DOCS)
-
-#
-# Include generated dependency files.
-#
-ifdef CC_MM
--include $(C_SYM_OBJS:%.$(O)=%.d)
--include $(C_OBJS:%.$(O)=%.d)
--include $(CPP_OBJS:%.$(O)=%.d)
--include $(C_PIC_OBJS:%.$(O)=%.d)
--include $(CPP_PIC_OBJS:%.$(O)=%.d)
--include $(C_JET_SYM_OBJS:%.$(O)=%.d)
--include $(C_JET_OBJS:%.$(O)=%.d)
--include $(C_TESTLIB_OBJS:%.$(O)=%.d)
--include $(TESTS_OBJS:%.$(O)=%.d)
--include $(TESTS_CPP_OBJS:%.$(O)=%.d)
-endif
-
-$(C_SYM_OBJS): $(objroot)src/%.sym.$(O): $(srcroot)src/%.c
-$(C_SYM_OBJS): CPPFLAGS += -DJEMALLOC_NO_PRIVATE_NAMESPACE
-$(C_SYMS): $(objroot)src/%.sym: $(objroot)src/%.sym.$(O)
-$(C_OBJS): $(objroot)src/%.$(O): $(srcroot)src/%.c
-$(CPP_OBJS): $(objroot)src/%.$(O): $(srcroot)src/%.cpp
-$(C_PIC_OBJS): $(objroot)src/%.pic.$(O): $(srcroot)src/%.c
-$(C_PIC_OBJS): CFLAGS += $(PIC_CFLAGS)
-$(CPP_PIC_OBJS): $(objroot)src/%.pic.$(O): $(srcroot)src/%.cpp
-$(CPP_PIC_OBJS): CXXFLAGS += $(PIC_CFLAGS)
-$(C_JET_SYM_OBJS): $(objroot)src/%.jet.sym.$(O): $(srcroot)src/%.c
-$(C_JET_SYM_OBJS): CPPFLAGS += -DJEMALLOC_JET -DJEMALLOC_NO_PRIVATE_NAMESPACE
-$(C_JET_SYMS): $(objroot)src/%.jet.sym: $(objroot)src/%.jet.sym.$(O)
-$(C_JET_OBJS): $(objroot)src/%.jet.$(O): $(srcroot)src/%.c
-$(C_JET_OBJS): CPPFLAGS += -DJEMALLOC_JET
-$(C_TESTLIB_UNIT_OBJS): $(objroot)test/src/%.unit.$(O): $(srcroot)test/src/%.c
-$(C_TESTLIB_UNIT_OBJS): CPPFLAGS += -DJEMALLOC_UNIT_TEST
-$(C_TESTLIB_INTEGRATION_OBJS): $(objroot)test/src/%.integration.$(O): $(srcroot)test/src/%.c
-$(C_TESTLIB_INTEGRATION_OBJS): CPPFLAGS += -DJEMALLOC_INTEGRATION_TEST
-$(C_UTIL_INTEGRATION_OBJS): $(objroot)src/%.integration.$(O): $(srcroot)src/%.c
-$(C_TESTLIB_STRESS_OBJS): $(objroot)test/src/%.stress.$(O): $(srcroot)test/src/%.c
-$(C_TESTLIB_STRESS_OBJS): CPPFLAGS += -DJEMALLOC_STRESS_TEST -DJEMALLOC_STRESS_TESTLIB
-$(C_TESTLIB_OBJS): CPPFLAGS += -I$(srcroot)test/include -I$(objroot)test/include
-$(TESTS_UNIT_OBJS): CPPFLAGS += -DJEMALLOC_UNIT_TEST
-$(TESTS_INTEGRATION_OBJS): CPPFLAGS += -DJEMALLOC_INTEGRATION_TEST
-$(TESTS_INTEGRATION_CPP_OBJS): CPPFLAGS += -DJEMALLOC_INTEGRATION_CPP_TEST
-$(TESTS_STRESS_OBJS): CPPFLAGS += -DJEMALLOC_STRESS_TEST
-$(TESTS_OBJS): $(objroot)test/%.$(O): $(srcroot)test/%.c
-$(TESTS_CPP_OBJS): $(objroot)test/%.$(O): $(srcroot)test/%.cpp
-$(TESTS_OBJS): CPPFLAGS += -I$(srcroot)test/include -I$(objroot)test/include
-$(TESTS_CPP_OBJS): CPPFLAGS += -I$(srcroot)test/include -I$(objroot)test/include
-ifneq ($(IMPORTLIB),$(SO))
-$(CPP_OBJS) $(C_SYM_OBJS) $(C_OBJS) $(C_JET_SYM_OBJS) $(C_JET_OBJS): CPPFLAGS += -DDLLEXPORT
-endif
-
-# Dependencies.
-ifndef CC_MM
-HEADER_DIRS = $(srcroot)include/jemalloc/internal \
-	$(objroot)include/jemalloc $(objroot)include/jemalloc/internal
-HEADERS = $(filter-out $(PRIVATE_NAMESPACE_HDRS),$(wildcard $(foreach dir,$(HEADER_DIRS),$(dir)/*.h)))
-$(C_SYM_OBJS) $(C_OBJS) $(CPP_OBJS) $(C_PIC_OBJS) $(CPP_PIC_OBJS) $(C_JET_SYM_OBJS) $(C_JET_OBJS) $(C_TESTLIB_OBJS) $(TESTS_OBJS) $(TESTS_CPP_OBJS): $(HEADERS)
-$(TESTS_OBJS) $(TESTS_CPP_OBJS): $(objroot)test/include/test/jemalloc_test.h
-endif
-
-$(C_OBJS) $(CPP_OBJS) $(C_PIC_OBJS) $(CPP_PIC_OBJS) $(C_TESTLIB_INTEGRATION_OBJS) $(C_UTIL_INTEGRATION_OBJS) $(TESTS_INTEGRATION_OBJS) $(TESTS_INTEGRATION_CPP_OBJS): $(objroot)include/jemalloc/internal/private_namespace.h
-$(C_JET_OBJS) $(C_TESTLIB_UNIT_OBJS) $(C_TESTLIB_STRESS_OBJS) $(TESTS_UNIT_OBJS) $(TESTS_STRESS_OBJS): $(objroot)include/jemalloc/internal/private_namespace_jet.h
-
-$(C_SYM_OBJS) $(C_OBJS) $(C_PIC_OBJS) $(C_JET_SYM_OBJS) $(C_JET_OBJS) $(C_TESTLIB_OBJS) $(TESTS_OBJS): %.$(O):
-	@mkdir -p $(@D)
-	$(CC) $(CFLAGS) -c $(CPPFLAGS) $(CTARGET) $<
-ifdef CC_MM
-	@$(CC) -MM $(CPPFLAGS) -MT $@ -o $(@:%.$(O)=%.d) $<
-endif
-
-$(C_SYMS): %.sym:
-	@mkdir -p $(@D)
-	$(DUMP_SYMS) $< | $(AWK) -f $(objroot)include/jemalloc/internal/private_symbols.awk > $@
-
-$(C_JET_SYMS): %.sym:
-	@mkdir -p $(@D)
-	$(DUMP_SYMS) $< | $(AWK) -f $(objroot)include/jemalloc/internal/private_symbols_jet.awk > $@
-
-$(objroot)include/jemalloc/internal/private_namespace.gen.h: $(C_SYMS)
-	$(SHELL) $(srcroot)include/jemalloc/internal/private_namespace.sh $^ > $@
-
-$(objroot)include/jemalloc/internal/private_namespace_jet.gen.h: $(C_JET_SYMS)
-	$(SHELL) $(srcroot)include/jemalloc/internal/private_namespace.sh $^ > $@
-
-%.h: %.gen.h
-	@if ! `cmp -s $< $@` ; then echo "cp $< $<"; cp $< $@ ; fi
-
-$(CPP_OBJS) $(CPP_PIC_OBJS) $(TESTS_CPP_OBJS): %.$(O):
-	@mkdir -p $(@D)
-	$(CXX) $(CXXFLAGS) -c $(CPPFLAGS) $(CTARGET) $<
-ifdef CC_MM
-	@$(CXX) -MM $(CPPFLAGS) -MT $@ -o $(@:%.$(O)=%.d) $<
-endif
-
-ifneq ($(SOREV),$(SO))
-%.$(SO) : %.$(SOREV)
-	@mkdir -p $(@D)
-	ln -sf $(<F) $@
-endif
-
-$(objroot)lib/$(LIBJEMALLOC).$(SOREV) : $(if $(PIC_CFLAGS),$(C_PIC_OBJS),$(C_OBJS)) $(if $(PIC_CFLAGS),$(CPP_PIC_OBJS),$(CPP_OBJS))
-	@mkdir -p $(@D)
-	$(CC) $(DSO_LDFLAGS) $(call RPATH,$(RPATH_EXTRA)) $(LDTARGET) $+ $(LDFLAGS) $(LIBS) $(EXTRA_LDFLAGS)
-
-$(objroot)lib/$(LIBJEMALLOC)_pic.$(A) : $(C_PIC_OBJS) $(CPP_PIC_OBJS)
-$(objroot)lib/$(LIBJEMALLOC).$(A) : $(C_OBJS) $(CPP_OBJS)
-$(objroot)lib/$(LIBJEMALLOC)_s.$(A) : $(C_OBJS) $(CPP_OBJS)
-
-$(STATIC_LIBS):
-	@mkdir -p $(@D)
-	$(AR) $(ARFLAGS)@AROUT@ $+
-
-$(objroot)test/unit/%$(EXE): $(objroot)test/unit/%.$(O) $(C_JET_OBJS) $(C_TESTLIB_UNIT_OBJS)
-	@mkdir -p $(@D)
-	$(CC) $(LDTARGET) $(filter %.$(O),$^) $(call RPATH,$(objroot)lib) $(LDFLAGS) $(filter-out -lm,$(LIBS)) $(LM) $(EXTRA_LDFLAGS)
-
-$(objroot)test/integration/%$(EXE): $(objroot)test/integration/%.$(O) $(C_TESTLIB_INTEGRATION_OBJS) $(C_UTIL_INTEGRATION_OBJS) $(objroot)lib/$(LIBJEMALLOC).$(IMPORTLIB)
-	@mkdir -p $(@D)
-	$(CC) $(TEST_LD_MODE) $(LDTARGET) $(filter %.$(O),$^) $(call RPATH,$(objroot)lib) $(LJEMALLOC) $(LDFLAGS) $(filter-out -lm,$(filter -lrt -pthread -lstdc++,$(LIBS))) $(LM) $(EXTRA_LDFLAGS)
-
-$(objroot)test/integration/cpp/%$(EXE): $(objroot)test/integration/cpp/%.$(O) $(C_TESTLIB_INTEGRATION_OBJS) $(C_UTIL_INTEGRATION_OBJS) $(objroot)lib/$(LIBJEMALLOC).$(IMPORTLIB)
-	@mkdir -p $(@D)
-	$(CXX) $(LDTARGET) $(filter %.$(O),$^) $(call RPATH,$(objroot)lib) $(objroot)lib/$(LIBJEMALLOC).$(IMPORTLIB) $(LDFLAGS) $(filter-out -lm,$(LIBS)) -lm $(EXTRA_LDFLAGS)
-
-$(objroot)test/stress/%$(EXE): $(objroot)test/stress/%.$(O) $(C_JET_OBJS) $(C_TESTLIB_STRESS_OBJS) $(objroot)lib/$(LIBJEMALLOC).$(IMPORTLIB)
-	@mkdir -p $(@D)
-	$(CC) $(TEST_LD_MODE) $(LDTARGET) $(filter %.$(O),$^) $(call RPATH,$(objroot)lib) $(objroot)lib/$(LIBJEMALLOC).$(IMPORTLIB) $(LDFLAGS) $(filter-out -lm,$(LIBS)) $(LM) $(EXTRA_LDFLAGS)
-
-build_lib_shared: $(DSOS)
-build_lib_static: $(STATIC_LIBS)
-ifeq ($(enable_shared), 1)
-build_lib: build_lib_shared
-endif
-ifeq ($(enable_static), 1)
-build_lib: build_lib_static
-endif
-
-install_bin:
-	$(INSTALL) -d $(BINDIR)
-	@for b in $(BINS); do \
-	echo "$(INSTALL) -m 755 $$b $(BINDIR)"; \
-	$(INSTALL) -m 755 $$b $(BINDIR); \
-done
-
-install_include:
-	$(INSTALL) -d $(INCLUDEDIR)/jemalloc
-	@for h in $(C_HDRS); do \
-	echo "$(INSTALL) -m 644 $$h $(INCLUDEDIR)/jemalloc"; \
-	$(INSTALL) -m 644 $$h $(INCLUDEDIR)/jemalloc; \
-done
-
-install_lib_shared: $(DSOS)
-	$(INSTALL) -d $(LIBDIR)
-	$(INSTALL) -m 755 $(objroot)lib/$(LIBJEMALLOC).$(SOREV) $(LIBDIR)
-ifneq ($(SOREV),$(SO))
-	ln -sf $(LIBJEMALLOC).$(SOREV) $(LIBDIR)/$(LIBJEMALLOC).$(SO)
-endif
-
-install_lib_static: $(STATIC_LIBS)
-	$(INSTALL) -d $(LIBDIR)
-	@for l in $(STATIC_LIBS); do \
-	echo "$(INSTALL) -m 755 $$l $(LIBDIR)"; \
-	$(INSTALL) -m 755 $$l $(LIBDIR); \
-done
-
-install_lib_pc: $(PC)
-	$(INSTALL) -d $(LIBDIR)/pkgconfig
-	@for l in $(PC); do \
-	echo "$(INSTALL) -m 644 $$l $(LIBDIR)/pkgconfig"; \
-	$(INSTALL) -m 644 $$l $(LIBDIR)/pkgconfig; \
-done
-
-ifeq ($(enable_shared), 1)
-install_lib: install_lib_shared
-endif
-ifeq ($(enable_static), 1)
-install_lib: install_lib_static
-endif
-install_lib: install_lib_pc
-
-install_doc_html:
-	$(INSTALL) -d $(DATADIR)/doc/jemalloc$(install_suffix)
-	@for d in $(DOCS_HTML); do \
-	echo "$(INSTALL) -m 644 $$d $(DATADIR)/doc/jemalloc$(install_suffix)"; \
-	$(INSTALL) -m 644 $$d $(DATADIR)/doc/jemalloc$(install_suffix); \
-done
-
-install_doc_man:
-	$(INSTALL) -d $(MANDIR)/man3
-	@for d in $(DOCS_MAN3); do \
-	echo "$(INSTALL) -m 644 $$d $(MANDIR)/man3"; \
-	$(INSTALL) -m 644 $$d $(MANDIR)/man3; \
-done
-
-install_doc: build_doc install_doc_html install_doc_man
-
-install: install_bin install_include install_lib
-
-ifeq ($(enable_doc), 1)
-install: install_doc
-endif
-
-tests_unit: $(TESTS_UNIT:$(srcroot)%.c=$(objroot)%$(EXE))
-tests_integration: $(TESTS_INTEGRATION:$(srcroot)%.c=$(objroot)%$(EXE)) $(TESTS_INTEGRATION_CPP:$(srcroot)%.cpp=$(objroot)%$(EXE))
-tests_stress: $(TESTS_STRESS:$(srcroot)%.c=$(objroot)%$(EXE))
-tests: tests_unit tests_integration tests_stress
-
-check_unit_dir:
-	@mkdir -p $(objroot)test/unit
-check_integration_dir:
-	@mkdir -p $(objroot)test/integration
-stress_dir:
-	@mkdir -p $(objroot)test/stress
-check_dir: check_unit_dir check_integration_dir
-
-check_unit: tests_unit check_unit_dir
-	$(SHELL) $(objroot)test/test.sh $(TESTS_UNIT:$(srcroot)%.c=$(objroot)%)
-check_integration_prof: tests_integration check_integration_dir
-ifeq ($(enable_prof), 1)
-	$(MALLOC_CONF)="prof:true" $(SHELL) $(objroot)test/test.sh $(TESTS_INTEGRATION:$(srcroot)%.c=$(objroot)%) $(TESTS_INTEGRATION_CPP:$(srcroot)%.cpp=$(objroot)%)
-	$(MALLOC_CONF)="prof:true,prof_active:false" $(SHELL) $(objroot)test/test.sh $(TESTS_INTEGRATION:$(srcroot)%.c=$(objroot)%) $(TESTS_INTEGRATION_CPP:$(srcroot)%.cpp=$(objroot)%)
-endif
-check_integration_decay: tests_integration check_integration_dir
-	$(MALLOC_CONF)="dirty_decay_ms:-1,muzzy_decay_ms:-1" $(SHELL) $(objroot)test/test.sh $(TESTS_INTEGRATION:$(srcroot)%.c=$(objroot)%) $(TESTS_INTEGRATION_CPP:$(srcroot)%.cpp=$(objroot)%)
-	$(MALLOC_CONF)="dirty_decay_ms:0,muzzy_decay_ms:0" $(SHELL) $(objroot)test/test.sh $(TESTS_INTEGRATION:$(srcroot)%.c=$(objroot)%) $(TESTS_INTEGRATION_CPP:$(srcroot)%.cpp=$(objroot)%)
-check_integration: tests_integration check_integration_dir
-	$(SHELL) $(objroot)test/test.sh $(TESTS_INTEGRATION:$(srcroot)%.c=$(objroot)%) $(TESTS_INTEGRATION_CPP:$(srcroot)%.cpp=$(objroot)%)
-stress: tests_stress stress_dir
-	$(SHELL) $(objroot)test/test.sh $(TESTS_STRESS:$(srcroot)%.c=$(objroot)%)
-check: check_unit check_integration check_integration_decay check_integration_prof
-
-clean:
-	rm -f $(PRIVATE_NAMESPACE_HDRS)
-	rm -f $(PRIVATE_NAMESPACE_GEN_HDRS)
-	rm -f $(C_SYM_OBJS)
-	rm -f $(C_SYMS)
-	rm -f $(C_OBJS)
-	rm -f $(CPP_OBJS)
-	rm -f $(C_PIC_OBJS)
-	rm -f $(CPP_PIC_OBJS)
-	rm -f $(C_JET_SYM_OBJS)
-	rm -f $(C_JET_SYMS)
-	rm -f $(C_JET_OBJS)
-	rm -f $(C_TESTLIB_OBJS)
-	rm -f $(C_SYM_OBJS:%.$(O)=%.d)
-	rm -f $(C_OBJS:%.$(O)=%.d)
-	rm -f $(CPP_OBJS:%.$(O)=%.d)
-	rm -f $(C_PIC_OBJS:%.$(O)=%.d)
-	rm -f $(CPP_PIC_OBJS:%.$(O)=%.d)
-	rm -f $(C_JET_SYM_OBJS:%.$(O)=%.d)
-	rm -f $(C_JET_OBJS:%.$(O)=%.d)
-	rm -f $(C_TESTLIB_OBJS:%.$(O)=%.d)
-	rm -f $(TESTS_OBJS:%.$(O)=%$(EXE))
-	rm -f $(TESTS_OBJS)
-	rm -f $(TESTS_OBJS:%.$(O)=%.d)
-	rm -f $(TESTS_OBJS:%.$(O)=%.out)
-	rm -f $(TESTS_CPP_OBJS:%.$(O)=%$(EXE))
-	rm -f $(TESTS_CPP_OBJS)
-	rm -f $(TESTS_CPP_OBJS:%.$(O)=%.d)
-	rm -f $(TESTS_CPP_OBJS:%.$(O)=%.out)
-	rm -f $(DSOS) $(STATIC_LIBS)
-
-distclean: clean
-	rm -f $(objroot)bin/jemalloc-config
-	rm -f $(objroot)bin/jemalloc.sh
-	rm -f $(objroot)bin/jeprof
-	rm -f $(objroot)config.log
-	rm -f $(objroot)config.status
-	rm -f $(objroot)config.stamp
-	rm -f $(cfghdrs_out)
-	rm -f $(cfgoutputs_out)
-
-relclean: distclean
-	rm -f $(objroot)configure
-	rm -f $(objroot)VERSION
-	rm -f $(DOCS_HTML)
-	rm -f $(DOCS_MAN3)
-
-#===============================================================================
-# Re-configuration rules.
-
-ifeq ($(enable_autogen), 1)
-$(srcroot)configure : $(srcroot)configure.ac
-	cd ./$(srcroot) && $(AUTOCONF)
-
-$(objroot)config.status : $(srcroot)configure
-	./$(objroot)config.status --recheck
-
-$(srcroot)config.stamp.in : $(srcroot)configure.ac
-	echo stamp > $(srcroot)config.stamp.in
-
-$(objroot)config.stamp : $(cfgoutputs_in) $(cfghdrs_in) $(srcroot)configure
-	./$(objroot)config.status
-	@touch $@
-
-# There must be some action in order for make to re-read Makefile when it is
-# out of date.
-$(cfgoutputs_out) $(cfghdrs_out) : $(objroot)config.stamp
-	@true
-endif
->>>>>>> main
diff --git a/contrib/jemalloc/TUNING.md b/contrib/jemalloc/TUNING.md
index 500541dd52d0..e96399d7c9b8 100644
--- a/contrib/jemalloc/TUNING.md
+++ b/contrib/jemalloc/TUNING.md
@@ -1,4 +1,3 @@
-<<<<<<< HEAD
 This document summarizes the common approaches for performance fine tuning with
 jemalloc (as of 5.3.0).  The default configuration of jemalloc tends to work
 reasonably well in practice, and most applications should not have to tune any
@@ -128,135 +127,3 @@ improve application performance with jemalloc.
     access / allocation patterns.  Threads with heavy workloads often benefit
     from explicit binding, e.g. binding very active threads to dedicated arenas
     may reduce contention at the allocator level.
-||||||| dec341af7695
-=======
-This document summarizes the common approaches for performance fine tuning with
-jemalloc (as of 5.1.0).  The default configuration of jemalloc tends to work
-reasonably well in practice, and most applications should not have to tune any
-options. However, in order to cover a wide range of applications and avoid
-pathological cases, the default setting is sometimes kept conservative and
-suboptimal, even for many common workloads.  When jemalloc is properly tuned for
-a specific application / workload, it is common to improve system level metrics
-by a few percent, or make favorable trade-offs.
-
-
-## Notable runtime options for performance tuning
-
-Runtime options can be set via
-[malloc_conf](http://jemalloc.net/jemalloc.3.html#tuning).
-
-* [background_thread](http://jemalloc.net/jemalloc.3.html#background_thread)
-
-    Enabling jemalloc background threads generally improves the tail latency for
-    application threads, since unused memory purging is shifted to the dedicated
-    background threads.  In addition, unintended purging delay caused by
-    application inactivity is avoided with background threads.
-
-    Suggested: `background_thread:true` when jemalloc managed threads can be
-    allowed.
-
-* [metadata_thp](http://jemalloc.net/jemalloc.3.html#opt.metadata_thp)
-
-    Allowing jemalloc to utilize transparent huge pages for its internal
-    metadata usually reduces TLB misses significantly, especially for programs
-    with large memory footprint and frequent allocation / deallocation
-    activities.  Metadata memory usage may increase due to the use of huge
-    pages.
-
-    Suggested for allocation intensive programs: `metadata_thp:auto` or
-    `metadata_thp:always`, which is expected to improve CPU utilization at a
-    small memory cost.
-
-* [dirty_decay_ms](http://jemalloc.net/jemalloc.3.html#opt.dirty_decay_ms) and
-  [muzzy_decay_ms](http://jemalloc.net/jemalloc.3.html#opt.muzzy_decay_ms)
-
-    Decay time determines how fast jemalloc returns unused pages back to the
-    operating system, and therefore provides a fairly straightforward trade-off
-    between CPU and memory usage.  Shorter decay time purges unused pages faster
-    to reduces memory usage (usually at the cost of more CPU cycles spent on
-    purging), and vice versa.
-
-    Suggested: tune the values based on the desired trade-offs.
-
-* [narenas](http://jemalloc.net/jemalloc.3.html#opt.narenas)
-
-    By default jemalloc uses multiple arenas to reduce internal lock contention.
-    However high arena count may also increase overall memory fragmentation,
-    since arenas manage memory independently.  When high degree of parallelism
-    is not expected at the allocator level, lower number of arenas often
-    improves memory usage.
-
-    Suggested: if low parallelism is expected, try lower arena count while
-    monitoring CPU and memory usage.
-
-* [percpu_arena](http://jemalloc.net/jemalloc.3.html#opt.percpu_arena)
-
-    Enable dynamic thread to arena association based on running CPU.  This has
-    the potential to improve locality, e.g. when thread to CPU affinity is
-    present.
-    
-    Suggested: try `percpu_arena:percpu` or `percpu_arena:phycpu` if
-    thread migration between processors is expected to be infrequent.
-
-Examples:
-
-* High resource consumption application, prioritizing CPU utilization:
-
-    `background_thread:true,metadata_thp:auto` combined with relaxed decay time
-    (increased `dirty_decay_ms` and / or `muzzy_decay_ms`,
-    e.g. `dirty_decay_ms:30000,muzzy_decay_ms:30000`).
-
-* High resource consumption application, prioritizing memory usage:
-
-    `background_thread:true` combined with shorter decay time (decreased
-    `dirty_decay_ms` and / or `muzzy_decay_ms`,
-    e.g. `dirty_decay_ms:5000,muzzy_decay_ms:5000`), and lower arena count
-    (e.g. number of CPUs).
-
-* Low resource consumption application:
-
-    `narenas:1,lg_tcache_max:13` combined with shorter decay time (decreased
-    `dirty_decay_ms` and / or `muzzy_decay_ms`,e.g.
-    `dirty_decay_ms:1000,muzzy_decay_ms:0`).
-
-* Extremely conservative -- minimize memory usage at all costs, only suitable when
-allocation activity is very rare:
-
-    `narenas:1,tcache:false,dirty_decay_ms:0,muzzy_decay_ms:0`
-
-Note that it is recommended to combine the options with `abort_conf:true` which
-aborts immediately on illegal options.
-
-## Beyond runtime options
-
-In addition to the runtime options, there are a number of programmatic ways to
-improve application performance with jemalloc.
-
-* [Explicit arenas](http://jemalloc.net/jemalloc.3.html#arenas.create)
-
-    Manually created arenas can help performance in various ways, e.g. by
-    managing locality and contention for specific usages.  For example,
-    applications can explicitly allocate frequently accessed objects from a
-    dedicated arena with
-    [mallocx()](http://jemalloc.net/jemalloc.3.html#MALLOCX_ARENA) to improve
-    locality.  In addition, explicit arenas often benefit from individually
-    tuned options, e.g. relaxed [decay
-    time](http://jemalloc.net/jemalloc.3.html#arena.i.dirty_decay_ms) if
-    frequent reuse is expected.
-
-* [Extent hooks](http://jemalloc.net/jemalloc.3.html#arena.i.extent_hooks)
-
-    Extent hooks allow customization for managing underlying memory.  One use
-    case for performance purpose is to utilize huge pages -- for example,
-    [HHVM](https://github.com/facebook/hhvm/blob/master/hphp/util/alloc.cpp)
-    uses explicit arenas with customized extent hooks to manage 1GB huge pages
-    for frequently accessed data, which reduces TLB misses significantly.
-
-* [Explicit thread-to-arena
-  binding](http://jemalloc.net/jemalloc.3.html#thread.arena)
-
-    It is common for some threads in an application to have different memory
-    access / allocation patterns.  Threads with heavy workloads often benefit
-    from explicit binding, e.g. binding very active threads to dedicated arenas
-    may reduce contention at the allocator level.
->>>>>>> main
diff --git a/contrib/jemalloc/bin/jeprof.in b/contrib/jemalloc/bin/jeprof.in
index dc2c3ea877b8..dbf6252b921e 100644
--- a/contrib/jemalloc/bin/jeprof.in
+++ b/contrib/jemalloc/bin/jeprof.in
@@ -1,4 +1,3 @@
-<<<<<<< HEAD
 #! /usr/bin/env perl
 
 # Copyright (c) 1998-2007, Google Inc.
@@ -5722,5631 +5721,3 @@ sub RunUnitTests {
   }
   exit ($error_count);
 }
-||||||| dec341af7695
-=======
-#! /usr/bin/env perl
-
-# Copyright (c) 1998-2007, Google Inc.
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#
-#     * Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-# copyright notice, this list of conditions and the following disclaimer
-# in the documentation and/or other materials provided with the
-# distribution.
-#     * Neither the name of Google Inc. nor the names of its
-# contributors may be used to endorse or promote products derived from
-# this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-# ---
-# Program for printing the profile generated by common/profiler.cc,
-# or by the heap profiler (common/debugallocation.cc)
-#
-# The profile contains a sequence of entries of the form:
-#       <count> <stack trace>
-# This program parses the profile, and generates user-readable
-# output.
-#
-# Examples:
-#
-# % tools/jeprof "program" "profile"
-#   Enters "interactive" mode
-#
-# % tools/jeprof --text "program" "profile"
-#   Generates one line per procedure
-#
-# % tools/jeprof --gv "program" "profile"
-#   Generates annotated call-graph and displays via "gv"
-#
-# % tools/jeprof --gv --focus=Mutex "program" "profile"
-#   Restrict to code paths that involve an entry that matches "Mutex"
-#
-# % tools/jeprof --gv --focus=Mutex --ignore=string "program" "profile"
-#   Restrict to code paths that involve an entry that matches "Mutex"
-#   and does not match "string"
-#
-# % tools/jeprof --list=IBF_CheckDocid "program" "profile"
-#   Generates disassembly listing of all routines with at least one
-#   sample that match the --list=<regexp> pattern.  The listing is
-#   annotated with the flat and cumulative sample counts at each line.
-#
-# % tools/jeprof --disasm=IBF_CheckDocid "program" "profile"
-#   Generates disassembly listing of all routines with at least one
-#   sample that match the --disasm=<regexp> pattern.  The listing is
-#   annotated with the flat and cumulative sample counts at each PC value.
-#
-# TODO: Use color to indicate files?
-
-use strict;
-use warnings;
-use Getopt::Long;
-use Cwd;
-
-my $JEPROF_VERSION = "@jemalloc_version@";
-my $PPROF_VERSION = "2.0";
-
-# These are the object tools we use which can come from a
-# user-specified location using --tools, from the JEPROF_TOOLS
-# environment variable, or from the environment.
-my %obj_tool_map = (
-  "objdump" => "objdump",
-  "nm" => "nm",
-  "addr2line" => "addr2line",
-  "c++filt" => "c++filt",
-  ## ConfigureObjTools may add architecture-specific entries:
-  #"nm_pdb" => "nm-pdb",       # for reading windows (PDB-format) executables
-  #"addr2line_pdb" => "addr2line-pdb",                                # ditto
-  #"otool" => "otool",         # equivalent of objdump on OS X
-);
-# NOTE: these are lists, so you can put in commandline flags if you want.
-my @DOT = ("dot");          # leave non-absolute, since it may be in /usr/local
-my @GV = ("gv");
-my @EVINCE = ("evince");    # could also be xpdf or perhaps acroread
-my @KCACHEGRIND = ("kcachegrind");
-my @PS2PDF = ("ps2pdf");
-# These are used for dynamic profiles
-my @URL_FETCHER = ("curl", "-s", "--fail");
-
-# These are the web pages that servers need to support for dynamic profiles
-my $HEAP_PAGE = "/pprof/heap";
-my $PROFILE_PAGE = "/pprof/profile";   # must support cgi-param "?seconds=#"
-my $PMUPROFILE_PAGE = "/pprof/pmuprofile(?:\\?.*)?"; # must support cgi-param
-                                                # ?seconds=#&event=x&period=n
-my $GROWTH_PAGE = "/pprof/growth";
-my $CONTENTION_PAGE = "/pprof/contention";
-my $WALL_PAGE = "/pprof/wall(?:\\?.*)?";  # accepts options like namefilter
-my $FILTEREDPROFILE_PAGE = "/pprof/filteredprofile(?:\\?.*)?";
-my $CENSUSPROFILE_PAGE = "/pprof/censusprofile(?:\\?.*)?"; # must support cgi-param
-                                                       # "?seconds=#",
-                                                       # "?tags_regexp=#" and
-                                                       # "?type=#".
-my $SYMBOL_PAGE = "/pprof/symbol";     # must support symbol lookup via POST
-my $PROGRAM_NAME_PAGE = "/pprof/cmdline";
-
-# These are the web pages that can be named on the command line.
-# All the alternatives must begin with /.
-my $PROFILES = "($HEAP_PAGE|$PROFILE_PAGE|$PMUPROFILE_PAGE|" .
-               "$GROWTH_PAGE|$CONTENTION_PAGE|$WALL_PAGE|" .
-               "$FILTEREDPROFILE_PAGE|$CENSUSPROFILE_PAGE)";
-
-# default binary name
-my $UNKNOWN_BINARY = "(unknown)";
-
-# There is a pervasive dependency on the length (in hex characters,
-# i.e., nibbles) of an address, distinguishing between 32-bit and
-# 64-bit profiles.  To err on the safe size, default to 64-bit here:
-my $address_length = 16;
-
-my $dev_null = "/dev/null";
-if (! -e $dev_null && $^O =~ /MSWin/) {    # $^O is the OS perl was built for
-  $dev_null = "nul";
-}
-
-# A list of paths to search for shared object files
-my @prefix_list = ();
-
-# Special routine name that should not have any symbols.
-# Used as separator to parse "addr2line -i" output.
-my $sep_symbol = '_fini';
-my $sep_address = undef;
-
-##### Argument parsing #####
-
-sub usage_string {
-  return <<EOF;
-Usage:
-jeprof [options] <program> <profiles>
-   <profiles> is a space separated list of profile names.
-jeprof [options] <symbolized-profiles>
-   <symbolized-profiles> is a list of profile files where each file contains
-   the necessary symbol mappings  as well as profile data (likely generated
-   with --raw).
-jeprof [options] <profile>
-   <profile> is a remote form.  Symbols are obtained from host:port$SYMBOL_PAGE
-
-   Each name can be:
-   /path/to/profile        - a path to a profile file
-   host:port[/<service>]   - a location of a service to get profile from
-
-   The /<service> can be $HEAP_PAGE, $PROFILE_PAGE, /pprof/pmuprofile,
-                         $GROWTH_PAGE, $CONTENTION_PAGE, /pprof/wall,
-                         $CENSUSPROFILE_PAGE, or /pprof/filteredprofile.
-   For instance:
-     jeprof http://myserver.com:80$HEAP_PAGE
-   If /<service> is omitted, the service defaults to $PROFILE_PAGE (cpu profiling).
-jeprof --symbols <program>
-   Maps addresses to symbol names.  In this mode, stdin should be a
-   list of library mappings, in the same format as is found in the heap-
-   and cpu-profile files (this loosely matches that of /proc/self/maps
-   on linux), followed by a list of hex addresses to map, one per line.
-
-   For more help with querying remote servers, including how to add the
-   necessary server-side support code, see this filename (or one like it):
-
-   /usr/doc/gperftools-$PPROF_VERSION/pprof_remote_servers.html
-
-Options:
-   --cum               Sort by cumulative data
-   --base=<base>       Subtract <base> from <profile> before display
-   --interactive       Run in interactive mode (interactive "help" gives help) [default]
-   --seconds=<n>       Length of time for dynamic profiles [default=30 secs]
-   --add_lib=<file>    Read additional symbols and line info from the given library
-   --lib_prefix=<dir>  Comma separated list of library path prefixes
-
-Reporting Granularity:
-   --addresses         Report at address level
-   --lines             Report at source line level
-   --functions         Report at function level [default]
-   --files             Report at source file level
-
-Output type:
-   --text              Generate text report
-   --callgrind         Generate callgrind format to stdout
-   --gv                Generate Postscript and display
-   --evince            Generate PDF and display
-   --web               Generate SVG and display
-   --list=<regexp>     Generate source listing of matching routines
-   --disasm=<regexp>   Generate disassembly of matching routines
-   --symbols           Print demangled symbol names found at given addresses
-   --dot               Generate DOT file to stdout
-   --ps                Generate Postcript to stdout
-   --pdf               Generate PDF to stdout
-   --svg               Generate SVG to stdout
-   --gif               Generate GIF to stdout
-   --raw               Generate symbolized jeprof data (useful with remote fetch)
-
-Heap-Profile Options:
-   --inuse_space       Display in-use (mega)bytes [default]
-   --inuse_objects     Display in-use objects
-   --alloc_space       Display allocated (mega)bytes
-   --alloc_objects     Display allocated objects
-   --show_bytes        Display space in bytes
-   --drop_negative     Ignore negative differences
-
-Contention-profile options:
-   --total_delay       Display total delay at each region [default]
-   --contentions       Display number of delays at each region
-   --mean_delay        Display mean delay at each region
-
-Call-graph Options:
-   --nodecount=<n>     Show at most so many nodes [default=80]
-   --nodefraction=<f>  Hide nodes below <f>*total [default=.005]
-   --edgefraction=<f>  Hide edges below <f>*total [default=.001]
-   --maxdegree=<n>     Max incoming/outgoing edges per node [default=8]
-   --focus=<regexp>    Focus on backtraces with nodes matching <regexp>
-   --thread=<n>        Show profile for thread <n>
-   --ignore=<regexp>   Ignore backtraces with nodes matching <regexp>
-   --scale=<n>         Set GV scaling [default=0]
-   --heapcheck         Make nodes with non-0 object counts
-                       (i.e. direct leak generators) more visible
-   --retain=<regexp>   Retain only nodes that match <regexp>
-   --exclude=<regexp>  Exclude all nodes that match <regexp>
-
-Miscellaneous:
-   --tools=<prefix or binary:fullpath>[,...]   \$PATH for object tool pathnames
-   --test              Run unit tests
-   --help              This message
-   --version           Version information
-
-Environment Variables:
-   JEPROF_TMPDIR        Profiles directory. Defaults to \$HOME/jeprof
-   JEPROF_TOOLS         Prefix for object tools pathnames
-
-Examples:
-
-jeprof /bin/ls ls.prof
-                       Enters "interactive" mode
-jeprof --text /bin/ls ls.prof
-                       Outputs one line per procedure
-jeprof --web /bin/ls ls.prof
-                       Displays annotated call-graph in web browser
-jeprof --gv /bin/ls ls.prof
-                       Displays annotated call-graph via 'gv'
-jeprof --gv --focus=Mutex /bin/ls ls.prof
-                       Restricts to code paths including a .*Mutex.* entry
-jeprof --gv --focus=Mutex --ignore=string /bin/ls ls.prof
-                       Code paths including Mutex but not string
-jeprof --list=getdir /bin/ls ls.prof
-                       (Per-line) annotated source listing for getdir()
-jeprof --disasm=getdir /bin/ls ls.prof
-                       (Per-PC) annotated disassembly for getdir()
-
-jeprof http://localhost:1234/
-                       Enters "interactive" mode
-jeprof --text localhost:1234
-                       Outputs one line per procedure for localhost:1234
-jeprof --raw localhost:1234 > ./local.raw
-jeprof --text ./local.raw
-                       Fetches a remote profile for later analysis and then
-                       analyzes it in text mode.
-EOF
-}
-
-sub version_string {
-  return <<EOF
-jeprof (part of jemalloc $JEPROF_VERSION)
-based on pprof (part of gperftools $PPROF_VERSION)
-
-Copyright 1998-2007 Google Inc.
-
-This is BSD licensed software; see the source for copying conditions
-and license information.
-There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
-PARTICULAR PURPOSE.
-EOF
-}
-
-sub usage {
-  my $msg = shift;
-  print STDERR "$msg\n\n";
-  print STDERR usage_string();
-  print STDERR "\nFATAL ERROR: $msg\n";    # just as a reminder
-  exit(1);
-}
-
-sub Init() {
-  # Setup tmp-file name and handler to clean it up.
-  # We do this in the very beginning so that we can use
-  # error() and cleanup() function anytime here after.
-  $main::tmpfile_sym = "/tmp/jeprof$$.sym";
-  $main::tmpfile_ps = "/tmp/jeprof$$";
-  $main::next_tmpfile = 0;
-  $SIG{'INT'} = \&sighandler;
-
-  # Cache from filename/linenumber to source code
-  $main::source_cache = ();
-
-  $main::opt_help = 0;
-  $main::opt_version = 0;
-
-  $main::opt_cum = 0;
-  $main::opt_base = '';
-  $main::opt_addresses = 0;
-  $main::opt_lines = 0;
-  $main::opt_functions = 0;
-  $main::opt_files = 0;
-  $main::opt_lib_prefix = "";
-
-  $main::opt_text = 0;
-  $main::opt_callgrind = 0;
-  $main::opt_list = "";
-  $main::opt_disasm = "";
-  $main::opt_symbols = 0;
-  $main::opt_gv = 0;
-  $main::opt_evince = 0;
-  $main::opt_web = 0;
-  $main::opt_dot = 0;
-  $main::opt_ps = 0;
-  $main::opt_pdf = 0;
-  $main::opt_gif = 0;
-  $main::opt_svg = 0;
-  $main::opt_raw = 0;
-
-  $main::opt_nodecount = 80;
-  $main::opt_nodefraction = 0.005;
-  $main::opt_edgefraction = 0.001;
-  $main::opt_maxdegree = 8;
-  $main::opt_focus = '';
-  $main::opt_thread = undef;
-  $main::opt_ignore = '';
-  $main::opt_scale = 0;
-  $main::opt_heapcheck = 0;
-  $main::opt_retain = '';
-  $main::opt_exclude = '';
-  $main::opt_seconds = 30;
-  $main::opt_lib = "";
-
-  $main::opt_inuse_space   = 0;
-  $main::opt_inuse_objects = 0;
-  $main::opt_alloc_space   = 0;
-  $main::opt_alloc_objects = 0;
-  $main::opt_show_bytes    = 0;
-  $main::opt_drop_negative = 0;
-  $main::opt_interactive   = 0;
-
-  $main::opt_total_delay = 0;
-  $main::opt_contentions = 0;
-  $main::opt_mean_delay = 0;
-
-  $main::opt_tools   = "";
-  $main::opt_debug   = 0;
-  $main::opt_test    = 0;
-
-  # These are undocumented flags used only by unittests.
-  $main::opt_test_stride = 0;
-
-  # Are we using $SYMBOL_PAGE?
-  $main::use_symbol_page = 0;
-
-  # Files returned by TempName.
-  %main::tempnames = ();
-
-  # Type of profile we are dealing with
-  # Supported types:
-  #     cpu
-  #     heap
-  #     growth
-  #     contention
-  $main::profile_type = '';     # Empty type means "unknown"
-
-  GetOptions("help!"          => \$main::opt_help,
-             "version!"       => \$main::opt_version,
-             "cum!"           => \$main::opt_cum,
-             "base=s"         => \$main::opt_base,
-             "seconds=i"      => \$main::opt_seconds,
-             "add_lib=s"      => \$main::opt_lib,
-             "lib_prefix=s"   => \$main::opt_lib_prefix,
-             "functions!"     => \$main::opt_functions,
-             "lines!"         => \$main::opt_lines,
-             "addresses!"     => \$main::opt_addresses,
-             "files!"         => \$main::opt_files,
-             "text!"          => \$main::opt_text,
-             "callgrind!"     => \$main::opt_callgrind,
-             "list=s"         => \$main::opt_list,
-             "disasm=s"       => \$main::opt_disasm,
-             "symbols!"       => \$main::opt_symbols,
-             "gv!"            => \$main::opt_gv,
-             "evince!"        => \$main::opt_evince,
-             "web!"           => \$main::opt_web,
-             "dot!"           => \$main::opt_dot,
-             "ps!"            => \$main::opt_ps,
-             "pdf!"           => \$main::opt_pdf,
-             "svg!"           => \$main::opt_svg,
-             "gif!"           => \$main::opt_gif,
-             "raw!"           => \$main::opt_raw,
-             "interactive!"   => \$main::opt_interactive,
-             "nodecount=i"    => \$main::opt_nodecount,
-             "nodefraction=f" => \$main::opt_nodefraction,
-             "edgefraction=f" => \$main::opt_edgefraction,
-             "maxdegree=i"    => \$main::opt_maxdegree,
-             "focus=s"        => \$main::opt_focus,
-             "thread=s"       => \$main::opt_thread,
-             "ignore=s"       => \$main::opt_ignore,
-             "scale=i"        => \$main::opt_scale,
-             "heapcheck"      => \$main::opt_heapcheck,
-             "retain=s"       => \$main::opt_retain,
-             "exclude=s"      => \$main::opt_exclude,
-             "inuse_space!"   => \$main::opt_inuse_space,
-             "inuse_objects!" => \$main::opt_inuse_objects,
-             "alloc_space!"   => \$main::opt_alloc_space,
-             "alloc_objects!" => \$main::opt_alloc_objects,
-             "show_bytes!"    => \$main::opt_show_bytes,
-             "drop_negative!" => \$main::opt_drop_negative,
-             "total_delay!"   => \$main::opt_total_delay,
-             "contentions!"   => \$main::opt_contentions,
-             "mean_delay!"    => \$main::opt_mean_delay,
-             "tools=s"        => \$main::opt_tools,
-             "test!"          => \$main::opt_test,
-             "debug!"         => \$main::opt_debug,
-             # Undocumented flags used only by unittests:
-             "test_stride=i"  => \$main::opt_test_stride,
-      ) || usage("Invalid option(s)");
-
-  # Deal with the standard --help and --version
-  if ($main::opt_help) {
-    print usage_string();
-    exit(0);
-  }
-
-  if ($main::opt_version) {
-    print version_string();
-    exit(0);
-  }
-
-  # Disassembly/listing/symbols mode requires address-level info
-  if ($main::opt_disasm || $main::opt_list || $main::opt_symbols) {
-    $main::opt_functions = 0;
-    $main::opt_lines = 0;
-    $main::opt_addresses = 1;
-    $main::opt_files = 0;
-  }
-
-  # Check heap-profiling flags
-  if ($main::opt_inuse_space +
-      $main::opt_inuse_objects +
-      $main::opt_alloc_space +
-      $main::opt_alloc_objects > 1) {
-    usage("Specify at most on of --inuse/--alloc options");
-  }
-
-  # Check output granularities
-  my $grains =
-      $main::opt_functions +
-      $main::opt_lines +
-      $main::opt_addresses +
-      $main::opt_files +
-      0;
-  if ($grains > 1) {
-    usage("Only specify one output granularity option");
-  }
-  if ($grains == 0) {
-    $main::opt_functions = 1;
-  }
-
-  # Check output modes
-  my $modes =
-      $main::opt_text +
-      $main::opt_callgrind +
-      ($main::opt_list eq '' ? 0 : 1) +
-      ($main::opt_disasm eq '' ? 0 : 1) +
-      ($main::opt_symbols == 0 ? 0 : 1) +
-      $main::opt_gv +
-      $main::opt_evince +
-      $main::opt_web +
-      $main::opt_dot +
-      $main::opt_ps +
-      $main::opt_pdf +
-      $main::opt_svg +
-      $main::opt_gif +
-      $main::opt_raw +
-      $main::opt_interactive +
-      0;
-  if ($modes > 1) {
-    usage("Only specify one output mode");
-  }
-  if ($modes == 0) {
-    if (-t STDOUT) {  # If STDOUT is a tty, activate interactive mode
-      $main::opt_interactive = 1;
-    } else {
-      $main::opt_text = 1;
-    }
-  }
-
-  if ($main::opt_test) {
-    RunUnitTests();
-    # Should not return
-    exit(1);
-  }
-
-  # Binary name and profile arguments list
-  $main::prog = "";
-  @main::pfile_args = ();
-
-  # Remote profiling without a binary (using $SYMBOL_PAGE instead)
-  if (@ARGV > 0) {
-    if (IsProfileURL($ARGV[0])) {
-      $main::use_symbol_page = 1;
-    } elsif (IsSymbolizedProfileFile($ARGV[0])) {
-      $main::use_symbolized_profile = 1;
-      $main::prog = $UNKNOWN_BINARY;  # will be set later from the profile file
-    }
-  }
-
-  if ($main::use_symbol_page || $main::use_symbolized_profile) {
-    # We don't need a binary!
-    my %disabled = ('--lines' => $main::opt_lines,
-                    '--disasm' => $main::opt_disasm);
-    for my $option (keys %disabled) {
-      usage("$option cannot be used without a binary") if $disabled{$option};
-    }
-    # Set $main::prog later...
-    scalar(@ARGV) || usage("Did not specify profile file");
-  } elsif ($main::opt_symbols) {
-    # --symbols needs a binary-name (to run nm on, etc) but not profiles
-    $main::prog = shift(@ARGV) || usage("Did not specify program");
-  } else {
-    $main::prog = shift(@ARGV) || usage("Did not specify program");
-    scalar(@ARGV) || usage("Did not specify profile file");
-  }
-
-  # Parse profile file/location arguments
-  foreach my $farg (@ARGV) {
-    if ($farg =~ m/(.*)\@([0-9]+)(|\/.*)$/ ) {
-      my $machine = $1;
-      my $num_machines = $2;
-      my $path = $3;
-      for (my $i = 0; $i < $num_machines; $i++) {
-        unshift(@main::pfile_args, "$i.$machine$path");
-      }
-    } else {
-      unshift(@main::pfile_args, $farg);
-    }
-  }
-
-  if ($main::use_symbol_page) {
-    unless (IsProfileURL($main::pfile_args[0])) {
-      error("The first profile should be a remote form to use $SYMBOL_PAGE\n");
-    }
-    CheckSymbolPage();
-    $main::prog = FetchProgramName();
-  } elsif (!$main::use_symbolized_profile) {  # may not need objtools!
-    ConfigureObjTools($main::prog)
-  }
-
-  # Break the opt_lib_prefix into the prefix_list array
-  @prefix_list = split (',', $main::opt_lib_prefix);
-
-  # Remove trailing / from the prefixes, in the list to prevent
-  # searching things like /my/path//lib/mylib.so
-  foreach (@prefix_list) {
-    s|/+$||;
-  }
-}
-
-sub FilterAndPrint {
-  my ($profile, $symbols, $libs, $thread) = @_;
-
-  # Get total data in profile
-  my $total = TotalProfile($profile);
-
-  # Remove uniniteresting stack items
-  $profile = RemoveUninterestingFrames($symbols, $profile);
-
-  # Focus?
-  if ($main::opt_focus ne '') {
-    $profile = FocusProfile($symbols, $profile, $main::opt_focus);
-  }
-
-  # Ignore?
-  if ($main::opt_ignore ne '') {
-    $profile = IgnoreProfile($symbols, $profile, $main::opt_ignore);
-  }
-
-  my $calls = ExtractCalls($symbols, $profile);
-
-  # Reduce profiles to required output granularity, and also clean
-  # each stack trace so a given entry exists at most once.
-  my $reduced = ReduceProfile($symbols, $profile);
-
-  # Get derived profiles
-  my $flat = FlatProfile($reduced);
-  my $cumulative = CumulativeProfile($reduced);
-
-  # Print
-  if (!$main::opt_interactive) {
-    if ($main::opt_disasm) {
-      PrintDisassembly($libs, $flat, $cumulative, $main::opt_disasm);
-    } elsif ($main::opt_list) {
-      PrintListing($total, $libs, $flat, $cumulative, $main::opt_list, 0);
-    } elsif ($main::opt_text) {
-      # Make sure the output is empty when have nothing to report
-      # (only matters when --heapcheck is given but we must be
-      # compatible with old branches that did not pass --heapcheck always):
-      if ($total != 0) {
-        printf("Total%s: %s %s\n",
-               (defined($thread) ? " (t$thread)" : ""),
-               Unparse($total), Units());
-      }
-      PrintText($symbols, $flat, $cumulative, -1);
-    } elsif ($main::opt_raw) {
-      PrintSymbolizedProfile($symbols, $profile, $main::prog);
-    } elsif ($main::opt_callgrind) {
-      PrintCallgrind($calls);
-    } else {
-      if (PrintDot($main::prog, $symbols, $profile, $flat, $cumulative, $total)) {
-        if ($main::opt_gv) {
-          RunGV(TempName($main::next_tmpfile, "ps"), "");
-        } elsif ($main::opt_evince) {
-          RunEvince(TempName($main::next_tmpfile, "pdf"), "");
-        } elsif ($main::opt_web) {
-          my $tmp = TempName($main::next_tmpfile, "svg");
-          RunWeb($tmp);
-          # The command we run might hand the file name off
-          # to an already running browser instance and then exit.
-          # Normally, we'd remove $tmp on exit (right now),
-          # but fork a child to remove $tmp a little later, so that the
-          # browser has time to load it first.
-          delete $main::tempnames{$tmp};
-          if (fork() == 0) {
-            sleep 5;
-            unlink($tmp);
-            exit(0);
-          }
-        }
-      } else {
-        cleanup();
-        exit(1);
-      }
-    }
-  } else {
-    InteractiveMode($profile, $symbols, $libs, $total);
-  }
-}
-
-sub Main() {
-  Init();
-  $main::collected_profile = undef;
-  @main::profile_files = ();
-  $main::op_time = time();
-
-  # Printing symbols is special and requires a lot less info that most.
-  if ($main::opt_symbols) {
-    PrintSymbols(*STDIN);   # Get /proc/maps and symbols output from stdin
-    return;
-  }
-
-  # Fetch all profile data
-  FetchDynamicProfiles();
-
-  # this will hold symbols that we read from the profile files
-  my $symbol_map = {};
-
-  # Read one profile, pick the last item on the list
-  my $data = ReadProfile($main::prog, pop(@main::profile_files));
-  my $profile = $data->{profile};
-  my $pcs = $data->{pcs};
-  my $libs = $data->{libs};   # Info about main program and shared libraries
-  $symbol_map = MergeSymbols($symbol_map, $data->{symbols});
-
-  # Add additional profiles, if available.
-  if (scalar(@main::profile_files) > 0) {
-    foreach my $pname (@main::profile_files) {
-      my $data2 = ReadProfile($main::prog, $pname);
-      $profile = AddProfile($profile, $data2->{profile});
-      $pcs = AddPcs($pcs, $data2->{pcs});
-      $symbol_map = MergeSymbols($symbol_map, $data2->{symbols});
-    }
-  }
-
-  # Subtract base from profile, if specified
-  if ($main::opt_base ne '') {
-    my $base = ReadProfile($main::prog, $main::opt_base);
-    $profile = SubtractProfile($profile, $base->{profile});
-    $pcs = AddPcs($pcs, $base->{pcs});
-    $symbol_map = MergeSymbols($symbol_map, $base->{symbols});
-  }
-
-  # Collect symbols
-  my $symbols;
-  if ($main::use_symbolized_profile) {
-    $symbols = FetchSymbols($pcs, $symbol_map);
-  } elsif ($main::use_symbol_page) {
-    $symbols = FetchSymbols($pcs);
-  } else {
-    # TODO(csilvers): $libs uses the /proc/self/maps data from profile1,
-    # which may differ from the data from subsequent profiles, especially
-    # if they were run on different machines.  Use appropriate libs for
-    # each pc somehow.
-    $symbols = ExtractSymbols($libs, $pcs);
-  }
-
-  if (!defined($main::opt_thread)) {
-    FilterAndPrint($profile, $symbols, $libs);
-  }
-  if (defined($data->{threads})) {
-    foreach my $thread (sort { $a <=> $b } keys(%{$data->{threads}})) {
-      if (defined($main::opt_thread) &&
-          ($main::opt_thread eq '*' || $main::opt_thread == $thread)) {
-        my $thread_profile = $data->{threads}{$thread};
-        FilterAndPrint($thread_profile, $symbols, $libs, $thread);
-      }
-    }
-  }
-
-  cleanup();
-  exit(0);
-}
-
-##### Entry Point #####
-
-Main();
-
-# Temporary code to detect if we're running on a Goobuntu system.
-# These systems don't have the right stuff installed for the special
-# Readline libraries to work, so as a temporary workaround, we default
-# to using the normal stdio code, rather than the fancier readline-based
-# code
-sub ReadlineMightFail {
-  if (-e '/lib/libtermcap.so.2') {
-    return 0;  # libtermcap exists, so readline should be okay
-  } else {
-    return 1;
-  }
-}
-
-sub RunGV {
-  my $fname = shift;
-  my $bg = shift;       # "" or " &" if we should run in background
-  if (!system(ShellEscape(@GV, "--version") . " >$dev_null 2>&1")) {
-    # Options using double dash are supported by this gv version.
-    # Also, turn on noantialias to better handle bug in gv for
-    # postscript files with large dimensions.
-    # TODO: Maybe we should not pass the --noantialias flag
-    # if the gv version is known to work properly without the flag.
-    system(ShellEscape(@GV, "--scale=$main::opt_scale", "--noantialias", $fname)
-           . $bg);
-  } else {
-    # Old gv version - only supports options that use single dash.
-    print STDERR ShellEscape(@GV, "-scale", $main::opt_scale) . "\n";
-    system(ShellEscape(@GV, "-scale", "$main::opt_scale", $fname) . $bg);
-  }
-}
-
-sub RunEvince {
-  my $fname = shift;
-  my $bg = shift;       # "" or " &" if we should run in background
-  system(ShellEscape(@EVINCE, $fname) . $bg);
-}
-
-sub RunWeb {
-  my $fname = shift;
-  print STDERR "Loading web page file:///$fname\n";
-
-  if (`uname` =~ /Darwin/) {
-    # OS X: open will use standard preference for SVG files.
-    system("/usr/bin/open", $fname);
-    return;
-  }
-
-  # Some kind of Unix; try generic symlinks, then specific browsers.
-  # (Stop once we find one.)
-  # Works best if the browser is already running.
-  my @alt = (
-    "/etc/alternatives/gnome-www-browser",
-    "/etc/alternatives/x-www-browser",
-    "google-chrome",
-    "firefox",
-  );
-  foreach my $b (@alt) {
-    if (system($b, $fname) == 0) {
-      return;
-    }
-  }
-
-  print STDERR "Could not load web browser.\n";
-}
-
-sub RunKcachegrind {
-  my $fname = shift;
-  my $bg = shift;       # "" or " &" if we should run in background
-  print STDERR "Starting '@KCACHEGRIND " . $fname . $bg . "'\n";
-  system(ShellEscape(@KCACHEGRIND, $fname) . $bg);
-}
-
-
-##### Interactive helper routines #####
-
-sub InteractiveMode {
-  $| = 1;  # Make output unbuffered for interactive mode
-  my ($orig_profile, $symbols, $libs, $total) = @_;
-
-  print STDERR "Welcome to jeprof!  For help, type 'help'.\n";
-
-  # Use ReadLine if it's installed and input comes from a console.
-  if ( -t STDIN &&
-       !ReadlineMightFail() &&
-       defined(eval {require Term::ReadLine}) ) {
-    my $term = new Term::ReadLine 'jeprof';
-    while ( defined ($_ = $term->readline('(jeprof) '))) {
-      $term->addhistory($_) if /\S/;
-      if (!InteractiveCommand($orig_profile, $symbols, $libs, $total, $_)) {
-        last;    # exit when we get an interactive command to quit
-      }
-    }
-  } else {       # don't have readline
-    while (1) {
-      print STDERR "(jeprof) ";
-      $_ = <STDIN>;
-      last if ! defined $_ ;
-      s/\r//g;         # turn windows-looking lines into unix-looking lines
-
-      # Save some flags that might be reset by InteractiveCommand()
-      my $save_opt_lines = $main::opt_lines;
-
-      if (!InteractiveCommand($orig_profile, $symbols, $libs, $total, $_)) {
-        last;    # exit when we get an interactive command to quit
-      }
-
-      # Restore flags
-      $main::opt_lines = $save_opt_lines;
-    }
-  }
-}
-
-# Takes two args: orig profile, and command to run.
-# Returns 1 if we should keep going, or 0 if we were asked to quit
-sub InteractiveCommand {
-  my($orig_profile, $symbols, $libs, $total, $command) = @_;
-  $_ = $command;                # just to make future m//'s easier
-  if (!defined($_)) {
-    print STDERR "\n";
-    return 0;
-  }
-  if (m/^\s*quit/) {
-    return 0;
-  }
-  if (m/^\s*help/) {
-    InteractiveHelpMessage();
-    return 1;
-  }
-  # Clear all the mode options -- mode is controlled by "$command"
-  $main::opt_text = 0;
-  $main::opt_callgrind = 0;
-  $main::opt_disasm = 0;
-  $main::opt_list = 0;
-  $main::opt_gv = 0;
-  $main::opt_evince = 0;
-  $main::opt_cum = 0;
-
-  if (m/^\s*(text|top)(\d*)\s*(.*)/) {
-    $main::opt_text = 1;
-
-    my $line_limit = ($2 ne "") ? int($2) : 10;
-
-    my $routine;
-    my $ignore;
-    ($routine, $ignore) = ParseInteractiveArgs($3);
-
-    my $profile = ProcessProfile($total, $orig_profile, $symbols, "", $ignore);
-    my $reduced = ReduceProfile($symbols, $profile);
-
-    # Get derived profiles
-    my $flat = FlatProfile($reduced);
-    my $cumulative = CumulativeProfile($reduced);
-
-    PrintText($symbols, $flat, $cumulative, $line_limit);
-    return 1;
-  }
-  if (m/^\s*callgrind\s*([^ \n]*)/) {
-    $main::opt_callgrind = 1;
-
-    # Get derived profiles
-    my $calls = ExtractCalls($symbols, $orig_profile);
-    my $filename = $1;
-    if ( $1 eq '' ) {
-      $filename = TempName($main::next_tmpfile, "callgrind");
-    }
-    PrintCallgrind($calls, $filename);
-    if ( $1 eq '' ) {
-      RunKcachegrind($filename, " & ");
-      $main::next_tmpfile++;
-    }
-
-    return 1;
-  }
-  if (m/^\s*(web)?list\s*(.+)/) {
-    my $html = (defined($1) && ($1 eq "web"));
-    $main::opt_list = 1;
-
-    my $routine;
-    my $ignore;
-    ($routine, $ignore) = ParseInteractiveArgs($2);
-
-    my $profile = ProcessProfile($total, $orig_profile, $symbols, "", $ignore);
-    my $reduced = ReduceProfile($symbols, $profile);
-
-    # Get derived profiles
-    my $flat = FlatProfile($reduced);
-    my $cumulative = CumulativeProfile($reduced);
-
-    PrintListing($total, $libs, $flat, $cumulative, $routine, $html);
-    return 1;
-  }
-  if (m/^\s*disasm\s*(.+)/) {
-    $main::opt_disasm = 1;
-
-    my $routine;
-    my $ignore;
-    ($routine, $ignore) = ParseInteractiveArgs($1);
-
-    # Process current profile to account for various settings
-    my $profile = ProcessProfile($total, $orig_profile, $symbols, "", $ignore);
-    my $reduced = ReduceProfile($symbols, $profile);
-
-    # Get derived profiles
-    my $flat = FlatProfile($reduced);
-    my $cumulative = CumulativeProfile($reduced);
-
-    PrintDisassembly($libs, $flat, $cumulative, $routine);
-    return 1;
-  }
-  if (m/^\s*(gv|web|evince)\s*(.*)/) {
-    $main::opt_gv = 0;
-    $main::opt_evince = 0;
-    $main::opt_web = 0;
-    if ($1 eq "gv") {
-      $main::opt_gv = 1;
-    } elsif ($1 eq "evince") {
-      $main::opt_evince = 1;
-    } elsif ($1 eq "web") {
-      $main::opt_web = 1;
-    }
-
-    my $focus;
-    my $ignore;
-    ($focus, $ignore) = ParseInteractiveArgs($2);
-
-    # Process current profile to account for various settings
-    my $profile = ProcessProfile($total, $orig_profile, $symbols,
-                                 $focus, $ignore);
-    my $reduced = ReduceProfile($symbols, $profile);
-
-    # Get derived profiles
-    my $flat = FlatProfile($reduced);
-    my $cumulative = CumulativeProfile($reduced);
-
-    if (PrintDot($main::prog, $symbols, $profile, $flat, $cumulative, $total)) {
-      if ($main::opt_gv) {
-        RunGV(TempName($main::next_tmpfile, "ps"), " &");
-      } elsif ($main::opt_evince) {
-        RunEvince(TempName($main::next_tmpfile, "pdf"), " &");
-      } elsif ($main::opt_web) {
-        RunWeb(TempName($main::next_tmpfile, "svg"));
-      }
-      $main::next_tmpfile++;
-    }
-    return 1;
-  }
-  if (m/^\s*$/) {
-    return 1;
-  }
-  print STDERR "Unknown command: try 'help'.\n";
-  return 1;
-}
-
-
-sub ProcessProfile {
-  my $total_count = shift;
-  my $orig_profile = shift;
-  my $symbols = shift;
-  my $focus = shift;
-  my $ignore = shift;
-
-  # Process current profile to account for various settings
-  my $profile = $orig_profile;
-  printf("Total: %s %s\n", Unparse($total_count), Units());
-  if ($focus ne '') {
-    $profile = FocusProfile($symbols, $profile, $focus);
-    my $focus_count = TotalProfile($profile);
-    printf("After focusing on '%s': %s %s of %s (%0.1f%%)\n",
-           $focus,
-           Unparse($focus_count), Units(),
-           Unparse($total_count), ($focus_count*100.0) / $total_count);
-  }
-  if ($ignore ne '') {
-    $profile = IgnoreProfile($symbols, $profile, $ignore);
-    my $ignore_count = TotalProfile($profile);
-    printf("After ignoring '%s': %s %s of %s (%0.1f%%)\n",
-           $ignore,
-           Unparse($ignore_count), Units(),
-           Unparse($total_count),
-           ($ignore_count*100.0) / $total_count);
-  }
-
-  return $profile;
-}
-
-sub InteractiveHelpMessage {
-  print STDERR <<ENDOFHELP;
-Interactive jeprof mode
-
-Commands:
-  gv
-  gv [focus] [-ignore1] [-ignore2]
-      Show graphical hierarchical display of current profile.  Without
-      any arguments, shows all samples in the profile.  With the optional
-      "focus" argument, restricts the samples shown to just those where
-      the "focus" regular expression matches a routine name on the stack
-      trace.
-
-  web
-  web [focus] [-ignore1] [-ignore2]
-      Like GV, but displays profile in your web browser instead of using
-      Ghostview. Works best if your web browser is already running.
-      To change the browser that gets used:
-      On Linux, set the /etc/alternatives/gnome-www-browser symlink.
-      On OS X, change the Finder association for SVG files.
-
-  list [routine_regexp] [-ignore1] [-ignore2]
-      Show source listing of routines whose names match "routine_regexp"
-
-  weblist [routine_regexp] [-ignore1] [-ignore2]
-     Displays a source listing of routines whose names match "routine_regexp"
-     in a web browser.  You can click on source lines to view the
-     corresponding disassembly.
-
-  top [--cum] [-ignore1] [-ignore2]
-  top20 [--cum] [-ignore1] [-ignore2]
-  top37 [--cum] [-ignore1] [-ignore2]
-      Show top lines ordered by flat profile count, or cumulative count
-      if --cum is specified.  If a number is present after 'top', the
-      top K routines will be shown (defaults to showing the top 10)
-
-  disasm [routine_regexp] [-ignore1] [-ignore2]
-      Show disassembly of routines whose names match "routine_regexp",
-      annotated with sample counts.
-
-  callgrind
-  callgrind [filename]
-      Generates callgrind file. If no filename is given, kcachegrind is called.
-
-  help - This listing
-  quit or ^D - End jeprof
-
-For commands that accept optional -ignore tags, samples where any routine in
-the stack trace matches the regular expression in any of the -ignore
-parameters will be ignored.
-
-Further pprof details are available at this location (or one similar):
-
- /usr/doc/gperftools-$PPROF_VERSION/cpu_profiler.html
- /usr/doc/gperftools-$PPROF_VERSION/heap_profiler.html
-
-ENDOFHELP
-}
-sub ParseInteractiveArgs {
-  my $args = shift;
-  my $focus = "";
-  my $ignore = "";
-  my @x = split(/ +/, $args);
-  foreach $a (@x) {
-    if ($a =~ m/^(--|-)lines$/) {
-      $main::opt_lines = 1;
-    } elsif ($a =~ m/^(--|-)cum$/) {
-      $main::opt_cum = 1;
-    } elsif ($a =~ m/^-(.*)/) {
-      $ignore .= (($ignore ne "") ? "|" : "" ) . $1;
-    } else {
-      $focus .= (($focus ne "") ? "|" : "" ) . $a;
-    }
-  }
-  if ($ignore ne "") {
-    print STDERR "Ignoring samples in call stacks that match '$ignore'\n";
-  }
-  return ($focus, $ignore);
-}
-
-##### Output code #####
-
-sub TempName {
-  my $fnum = shift;
-  my $ext = shift;
-  my $file = "$main::tmpfile_ps.$fnum.$ext";
-  $main::tempnames{$file} = 1;
-  return $file;
-}
-
-# Print profile data in packed binary format (64-bit) to standard out
-sub PrintProfileData {
-  my $profile = shift;
-
-  # print header (64-bit style)
-  # (zero) (header-size) (version) (sample-period) (zero)
-  print pack('L*', 0, 0, 3, 0, 0, 0, 1, 0, 0, 0);
-
-  foreach my $k (keys(%{$profile})) {
-    my $count = $profile->{$k};
-    my @addrs = split(/\n/, $k);
-    if ($#addrs >= 0) {
-      my $depth = $#addrs + 1;
-      # int(foo / 2**32) is the only reliable way to get rid of bottom
-      # 32 bits on both 32- and 64-bit systems.
-      print pack('L*', $count & 0xFFFFFFFF, int($count / 2**32));
-      print pack('L*', $depth & 0xFFFFFFFF, int($depth / 2**32));
-
-      foreach my $full_addr (@addrs) {
-        my $addr = $full_addr;
-        $addr =~ s/0x0*//;  # strip off leading 0x, zeroes
-        if (length($addr) > 16) {
-          print STDERR "Invalid address in profile: $full_addr\n";
-          next;
-        }
-        my $low_addr = substr($addr, -8);       # get last 8 hex chars
-        my $high_addr = substr($addr, -16, 8);  # get up to 8 more hex chars
-        print pack('L*', hex('0x' . $low_addr), hex('0x' . $high_addr));
-      }
-    }
-  }
-}
-
-# Print symbols and profile data
-sub PrintSymbolizedProfile {
-  my $symbols = shift;
-  my $profile = shift;
-  my $prog = shift;
-
-  $SYMBOL_PAGE =~ m,[^/]+$,;    # matches everything after the last slash
-  my $symbol_marker = $&;
-
-  print '--- ', $symbol_marker, "\n";
-  if (defined($prog)) {
-    print 'binary=', $prog, "\n";
-  }
-  while (my ($pc, $name) = each(%{$symbols})) {
-    my $sep = ' ';
-    print '0x', $pc;
-    # We have a list of function names, which include the inlined
-    # calls.  They are separated (and terminated) by --, which is
-    # illegal in function names.
-    for (my $j = 2; $j <= $#{$name}; $j += 3) {
-      print $sep, $name->[$j];
-      $sep = '--';
-    }
-    print "\n";
-  }
-  print '---', "\n";
-
-  my $profile_marker;
-  if ($main::profile_type eq 'heap') {
-    $HEAP_PAGE =~ m,[^/]+$,;    # matches everything after the last slash
-    $profile_marker = $&;
-  } elsif ($main::profile_type eq 'growth') {
-    $GROWTH_PAGE =~ m,[^/]+$,;    # matches everything after the last slash
-    $profile_marker = $&;
-  } elsif ($main::profile_type eq 'contention') {
-    $CONTENTION_PAGE =~ m,[^/]+$,;    # matches everything after the last slash
-    $profile_marker = $&;
-  } else { # elsif ($main::profile_type eq 'cpu')
-    $PROFILE_PAGE =~ m,[^/]+$,;    # matches everything after the last slash
-    $profile_marker = $&;
-  }
-
-  print '--- ', $profile_marker, "\n";
-  if (defined($main::collected_profile)) {
-    # if used with remote fetch, simply dump the collected profile to output.
-    open(SRC, "<$main::collected_profile");
-    while (<SRC>) {
-      print $_;
-    }
-    close(SRC);
-  } else {
-    # --raw/http: For everything to work correctly for non-remote profiles, we
-    # would need to extend PrintProfileData() to handle all possible profile
-    # types, re-enable the code that is currently disabled in ReadCPUProfile()
-    # and FixCallerAddresses(), and remove the remote profile dumping code in
-    # the block above.
-    die "--raw/http: jeprof can only dump remote profiles for --raw\n";
-    # dump a cpu-format profile to standard out
-    PrintProfileData($profile);
-  }
-}
-
-# Print text output
-sub PrintText {
-  my $symbols = shift;
-  my $flat = shift;
-  my $cumulative = shift;
-  my $line_limit = shift;
-
-  my $total = TotalProfile($flat);
-
-  # Which profile to sort by?
-  my $s = $main::opt_cum ? $cumulative : $flat;
-
-  my $running_sum = 0;
-  my $lines = 0;
-  foreach my $k (sort { GetEntry($s, $b) <=> GetEntry($s, $a) || $a cmp $b }
-                 keys(%{$cumulative})) {
-    my $f = GetEntry($flat, $k);
-    my $c = GetEntry($cumulative, $k);
-    $running_sum += $f;
-
-    my $sym = $k;
-    if (exists($symbols->{$k})) {
-      $sym = $symbols->{$k}->[0] . " " . $symbols->{$k}->[1];
-      if ($main::opt_addresses) {
-        $sym = $k . " " . $sym;
-      }
-    }
-
-    if ($f != 0 || $c != 0) {
-      printf("%8s %6s %6s %8s %6s %s\n",
-             Unparse($f),
-             Percent($f, $total),
-             Percent($running_sum, $total),
-             Unparse($c),
-             Percent($c, $total),
-             $sym);
-    }
-    $lines++;
-    last if ($line_limit >= 0 && $lines >= $line_limit);
-  }
-}
-
-# Callgrind format has a compression for repeated function and file
-# names.  You show the name the first time, and just use its number
-# subsequently.  This can cut down the file to about a third or a
-# quarter of its uncompressed size.  $key and $val are the key/value
-# pair that would normally be printed by callgrind; $map is a map from
-# value to number.
-sub CompressedCGName {
-  my($key, $val, $map) = @_;
-  my $idx = $map->{$val};
-  # For very short keys, providing an index hurts rather than helps.
-  if (length($val) <= 3) {
-    return "$key=$val\n";
-  } elsif (defined($idx)) {
-    return "$key=($idx)\n";
-  } else {
-    # scalar(keys $map) gives the number of items in the map.
-    $idx = scalar(keys(%{$map})) + 1;
-    $map->{$val} = $idx;
-    return "$key=($idx) $val\n";
-  }
-}
-
-# Print the call graph in a way that's suiteable for callgrind.
-sub PrintCallgrind {
-  my $calls = shift;
-  my $filename;
-  my %filename_to_index_map;
-  my %fnname_to_index_map;
-
-  if ($main::opt_interactive) {
-    $filename = shift;
-    print STDERR "Writing callgrind file to '$filename'.\n"
-  } else {
-    $filename = "&STDOUT";
-  }
-  open(CG, ">$filename");
-  printf CG ("events: Hits\n\n");
-  foreach my $call ( map { $_->[0] }
-                     sort { $a->[1] cmp $b ->[1] ||
-                            $a->[2] <=> $b->[2] }
-                     map { /([^:]+):(\d+):([^ ]+)( -> ([^:]+):(\d+):(.+))?/;
-                           [$_, $1, $2] }
-                     keys %$calls ) {
-    my $count = int($calls->{$call});
-    $call =~ /([^:]+):(\d+):([^ ]+)( -> ([^:]+):(\d+):(.+))?/;
-    my ( $caller_file, $caller_line, $caller_function,
-         $callee_file, $callee_line, $callee_function ) =
-       ( $1, $2, $3, $5, $6, $7 );
-
-    # TODO(csilvers): for better compression, collect all the
-    # caller/callee_files and functions first, before printing
-    # anything, and only compress those referenced more than once.
-    printf CG CompressedCGName("fl", $caller_file, \%filename_to_index_map);
-    printf CG CompressedCGName("fn", $caller_function, \%fnname_to_index_map);
-    if (defined $6) {
-      printf CG CompressedCGName("cfl", $callee_file, \%filename_to_index_map);
-      printf CG CompressedCGName("cfn", $callee_function, \%fnname_to_index_map);
-      printf CG ("calls=$count $callee_line\n");
-    }
-    printf CG ("$caller_line $count\n\n");
-  }
-}
-
-# Print disassembly for all all routines that match $main::opt_disasm
-sub PrintDisassembly {
-  my $libs = shift;
-  my $flat = shift;
-  my $cumulative = shift;
-  my $disasm_opts = shift;
-
-  my $total = TotalProfile($flat);
-
-  foreach my $lib (@{$libs}) {
-    my $symbol_table = GetProcedureBoundaries($lib->[0], $disasm_opts);
-    my $offset = AddressSub($lib->[1], $lib->[3]);
-    foreach my $routine (sort ByName keys(%{$symbol_table})) {
-      my $start_addr = $symbol_table->{$routine}->[0];
-      my $end_addr = $symbol_table->{$routine}->[1];
-      # See if there are any samples in this routine
-      my $length = hex(AddressSub($end_addr, $start_addr));
-      my $addr = AddressAdd($start_addr, $offset);
-      for (my $i = 0; $i < $length; $i++) {
-        if (defined($cumulative->{$addr})) {
-          PrintDisassembledFunction($lib->[0], $offset,
-                                    $routine, $flat, $cumulative,
-                                    $start_addr, $end_addr, $total);
-          last;
-        }
-        $addr = AddressInc($addr);
-      }
-    }
-  }
-}
-
-# Return reference to array of tuples of the form:
-#       [start_address, filename, linenumber, instruction, limit_address]
-# E.g.,
-#       ["0x806c43d", "/foo/bar.cc", 131, "ret", "0x806c440"]
-sub Disassemble {
-  my $prog = shift;
-  my $offset = shift;
-  my $start_addr = shift;
-  my $end_addr = shift;
-
-  my $objdump = $obj_tool_map{"objdump"};
-  my $cmd = ShellEscape($objdump, "-C", "-d", "-l", "--no-show-raw-insn",
-                        "--start-address=0x$start_addr",
-                        "--stop-address=0x$end_addr", $prog);
-  open(OBJDUMP, "$cmd |") || error("$cmd: $!\n");
-  my @result = ();
-  my $filename = "";
-  my $linenumber = -1;
-  my $last = ["", "", "", ""];
-  while (<OBJDUMP>) {
-    s/\r//g;         # turn windows-looking lines into unix-looking lines
-    chop;
-    if (m|\s*([^:\s]+):(\d+)\s*$|) {
-      # Location line of the form:
-      #   <filename>:<linenumber>
-      $filename = $1;
-      $linenumber = $2;
-    } elsif (m/^ +([0-9a-f]+):\s*(.*)/) {
-      # Disassembly line -- zero-extend address to full length
-      my $addr = HexExtend($1);
-      my $k = AddressAdd($addr, $offset);
-      $last->[4] = $k;   # Store ending address for previous instruction
-      $last = [$k, $filename, $linenumber, $2, $end_addr];
-      push(@result, $last);
-    }
-  }
-  close(OBJDUMP);
-  return @result;
-}
-
-# The input file should contain lines of the form /proc/maps-like
-# output (same format as expected from the profiles) or that looks
-# like hex addresses (like "0xDEADBEEF").  We will parse all
-# /proc/maps output, and for all the hex addresses, we will output
-# "short" symbol names, one per line, in the same order as the input.
-sub PrintSymbols {
-  my $maps_and_symbols_file = shift;
-
-  # ParseLibraries expects pcs to be in a set.  Fine by us...
-  my @pclist = ();   # pcs in sorted order
-  my $pcs = {};
-  my $map = "";
-  foreach my $line (<$maps_and_symbols_file>) {
-    $line =~ s/\r//g;    # turn windows-looking lines into unix-looking lines
-    if ($line =~ /\b(0x[0-9a-f]+)\b/i) {
-      push(@pclist, HexExtend($1));
-      $pcs->{$pclist[-1]} = 1;
-    } else {
-      $map .= $line;
-    }
-  }
-
-  my $libs = ParseLibraries($main::prog, $map, $pcs);
-  my $symbols = ExtractSymbols($libs, $pcs);
-
-  foreach my $pc (@pclist) {
-    # ->[0] is the shortname, ->[2] is the full name
-    print(($symbols->{$pc}->[0] || "??") . "\n");
-  }
-}
-
-
-# For sorting functions by name
-sub ByName {
-  return ShortFunctionName($a) cmp ShortFunctionName($b);
-}
-
-# Print source-listing for all all routines that match $list_opts
-sub PrintListing {
-  my $total = shift;
-  my $libs = shift;
-  my $flat = shift;
-  my $cumulative = shift;
-  my $list_opts = shift;
-  my $html = shift;
-
-  my $output = \*STDOUT;
-  my $fname = "";
-
-  if ($html) {
-    # Arrange to write the output to a temporary file
-    $fname = TempName($main::next_tmpfile, "html");
-    $main::next_tmpfile++;
-    if (!open(TEMP, ">$fname")) {
-      print STDERR "$fname: $!\n";
-      return;
-    }
-    $output = \*TEMP;
-    print $output HtmlListingHeader();
-    printf $output ("<div class=\"legend\">%s<br>Total: %s %s</div>\n",
-                    $main::prog, Unparse($total), Units());
-  }
-
-  my $listed = 0;
-  foreach my $lib (@{$libs}) {
-    my $symbol_table = GetProcedureBoundaries($lib->[0], $list_opts);
-    my $offset = AddressSub($lib->[1], $lib->[3]);
-    foreach my $routine (sort ByName keys(%{$symbol_table})) {
-      # Print if there are any samples in this routine
-      my $start_addr = $symbol_table->{$routine}->[0];
-      my $end_addr = $symbol_table->{$routine}->[1];
-      my $length = hex(AddressSub($end_addr, $start_addr));
-      my $addr = AddressAdd($start_addr, $offset);
-      for (my $i = 0; $i < $length; $i++) {
-        if (defined($cumulative->{$addr})) {
-          $listed += PrintSource(
-            $lib->[0], $offset,
-            $routine, $flat, $cumulative,
-            $start_addr, $end_addr,
-            $html,
-            $output);
-          last;
-        }
-        $addr = AddressInc($addr);
-      }
-    }
-  }
-
-  if ($html) {
-    if ($listed > 0) {
-      print $output HtmlListingFooter();
-      close($output);
-      RunWeb($fname);
-    } else {
-      close($output);
-      unlink($fname);
-    }
-  }
-}
-
-sub HtmlListingHeader {
-  return <<'EOF';
-<DOCTYPE html>
-<html>
-<head>
-<title>Pprof listing</title>
-<style type="text/css">
-body {
-  font-family: sans-serif;
-}
-h1 {
-  font-size: 1.5em;
-  margin-bottom: 4px;
-}
-.legend {
-  font-size: 1.25em;
-}
-.line {
-  color: #aaaaaa;
-}
-.nop {
-  color: #aaaaaa;
-}
-.unimportant {
-  color: #cccccc;
-}
-.disasmloc {
-  color: #000000;
-}
-.deadsrc {
-  cursor: pointer;
-}
-.deadsrc:hover {
-  background-color: #eeeeee;
-}
-.livesrc {
-  color: #0000ff;
-  cursor: pointer;
-}
-.livesrc:hover {
-  background-color: #eeeeee;
-}
-.asm {
-  color: #008800;
-  display: none;
-}
-</style>
-<script type="text/javascript">
-function jeprof_toggle_asm(e) {
-  var target;
-  if (!e) e = window.event;
-  if (e.target) target = e.target;
-  else if (e.srcElement) target = e.srcElement;
-
-  if (target) {
-    var asm = target.nextSibling;
-    if (asm && asm.className == "asm") {
-      asm.style.display = (asm.style.display == "block" ? "" : "block");
-      e.preventDefault();
-      return false;
-    }
-  }
-}
-</script>
-</head>
-<body>
-EOF
-}
-
-sub HtmlListingFooter {
-  return <<'EOF';
-</body>
-</html>
-EOF
-}
-
-sub HtmlEscape {
-  my $text = shift;
-  $text =~ s/&/&amp;/g;
-  $text =~ s/</&lt;/g;
-  $text =~ s/>/&gt;/g;
-  return $text;
-}
-
-# Returns the indentation of the line, if it has any non-whitespace
-# characters.  Otherwise, returns -1.
-sub Indentation {
-  my $line = shift;
-  if (m/^(\s*)\S/) {
-    return length($1);
-  } else {
-    return -1;
-  }
-}
-
-# If the symbol table contains inlining info, Disassemble() may tag an
-# instruction with a location inside an inlined function.  But for
-# source listings, we prefer to use the location in the function we
-# are listing.  So use MapToSymbols() to fetch full location
-# information for each instruction and then pick out the first
-# location from a location list (location list contains callers before
-# callees in case of inlining).
-#
-# After this routine has run, each entry in $instructions contains:
-#   [0] start address
-#   [1] filename for function we are listing
-#   [2] line number for function we are listing
-#   [3] disassembly
-#   [4] limit address
-#   [5] most specific filename (may be different from [1] due to inlining)
-#   [6] most specific line number (may be different from [2] due to inlining)
-sub GetTopLevelLineNumbers {
-  my ($lib, $offset, $instructions) = @_;
-  my $pcs = [];
-  for (my $i = 0; $i <= $#{$instructions}; $i++) {
-    push(@{$pcs}, $instructions->[$i]->[0]);
-  }
-  my $symbols = {};
-  MapToSymbols($lib, $offset, $pcs, $symbols);
-  for (my $i = 0; $i <= $#{$instructions}; $i++) {
-    my $e = $instructions->[$i];
-    push(@{$e}, $e->[1]);
-    push(@{$e}, $e->[2]);
-    my $addr = $e->[0];
-    my $sym = $symbols->{$addr};
-    if (defined($sym)) {
-      if ($#{$sym} >= 2 && $sym->[1] =~ m/^(.*):(\d+)$/) {
-        $e->[1] = $1;  # File name
-        $e->[2] = $2;  # Line number
-      }
-    }
-  }
-}
-
-# Print source-listing for one routine
-sub PrintSource {
-  my $prog = shift;
-  my $offset = shift;
-  my $routine = shift;
-  my $flat = shift;
-  my $cumulative = shift;
-  my $start_addr = shift;
-  my $end_addr = shift;
-  my $html = shift;
-  my $output = shift;
-
-  # Disassemble all instructions (just to get line numbers)
-  my @instructions = Disassemble($prog, $offset, $start_addr, $end_addr);
-  GetTopLevelLineNumbers($prog, $offset, \@instructions);
-
-  # Hack 1: assume that the first source file encountered in the
-  # disassembly contains the routine
-  my $filename = undef;
-  for (my $i = 0; $i <= $#instructions; $i++) {
-    if ($instructions[$i]->[2] >= 0) {
-      $filename = $instructions[$i]->[1];
-      last;
-    }
-  }
-  if (!defined($filename)) {
-    print STDERR "no filename found in $routine\n";
-    return 0;
-  }
-
-  # Hack 2: assume that the largest line number from $filename is the
-  # end of the procedure.  This is typically safe since if P1 contains
-  # an inlined call to P2, then P2 usually occurs earlier in the
-  # source file.  If this does not work, we might have to compute a
-  # density profile or just print all regions we find.
-  my $lastline = 0;
-  for (my $i = 0; $i <= $#instructions; $i++) {
-    my $f = $instructions[$i]->[1];
-    my $l = $instructions[$i]->[2];
-    if (($f eq $filename) && ($l > $lastline)) {
-      $lastline = $l;
-    }
-  }
-
-  # Hack 3: assume the first source location from "filename" is the start of
-  # the source code.
-  my $firstline = 1;
-  for (my $i = 0; $i <= $#instructions; $i++) {
-    if ($instructions[$i]->[1] eq $filename) {
-      $firstline = $instructions[$i]->[2];
-      last;
-    }
-  }
-
-  # Hack 4: Extend last line forward until its indentation is less than
-  # the indentation we saw on $firstline
-  my $oldlastline = $lastline;
-  {
-    if (!open(FILE, "<$filename")) {
-      print STDERR "$filename: $!\n";
-      return 0;
-    }
-    my $l = 0;
-    my $first_indentation = -1;
-    while (<FILE>) {
-      s/\r//g;         # turn windows-looking lines into unix-looking lines
-      $l++;
-      my $indent = Indentation($_);
-      if ($l >= $firstline) {
-        if ($first_indentation < 0 && $indent >= 0) {
-          $first_indentation = $indent;
-          last if ($first_indentation == 0);
-        }
-      }
-      if ($l >= $lastline && $indent >= 0) {
-        if ($indent >= $first_indentation) {
-          $lastline = $l+1;
-        } else {
-          last;
-        }
-      }
-    }
-    close(FILE);
-  }
-
-  # Assign all samples to the range $firstline,$lastline,
-  # Hack 4: If an instruction does not occur in the range, its samples
-  # are moved to the next instruction that occurs in the range.
-  my $samples1 = {};        # Map from line number to flat count
-  my $samples2 = {};        # Map from line number to cumulative count
-  my $running1 = 0;         # Unassigned flat counts
-  my $running2 = 0;         # Unassigned cumulative counts
-  my $total1 = 0;           # Total flat counts
-  my $total2 = 0;           # Total cumulative counts
-  my %disasm = ();          # Map from line number to disassembly
-  my $running_disasm = "";  # Unassigned disassembly
-  my $skip_marker = "---\n";
-  if ($html) {
-    $skip_marker = "";
-    for (my $l = $firstline; $l <= $lastline; $l++) {
-      $disasm{$l} = "";
-    }
-  }
-  my $last_dis_filename = '';
-  my $last_dis_linenum = -1;
-  my $last_touched_line = -1;  # To detect gaps in disassembly for a line
-  foreach my $e (@instructions) {
-    # Add up counts for all address that fall inside this instruction
-    my $c1 = 0;
-    my $c2 = 0;
-    for (my $a = $e->[0]; $a lt $e->[4]; $a = AddressInc($a)) {
-      $c1 += GetEntry($flat, $a);
-      $c2 += GetEntry($cumulative, $a);
-    }
-
-    if ($html) {
-      my $dis = sprintf("      %6s %6s \t\t%8s: %s ",
-                        HtmlPrintNumber($c1),
-                        HtmlPrintNumber($c2),
-                        UnparseAddress($offset, $e->[0]),
-                        CleanDisassembly($e->[3]));
-
-      # Append the most specific source line associated with this instruction
-      if (length($dis) < 80) { $dis .= (' ' x (80 - length($dis))) };
-      $dis = HtmlEscape($dis);
-      my $f = $e->[5];
-      my $l = $e->[6];
-      if ($f ne $last_dis_filename) {
-        $dis .= sprintf("<span class=disasmloc>%s:%d</span>",
-                        HtmlEscape(CleanFileName($f)), $l);
-      } elsif ($l ne $last_dis_linenum) {
-        # De-emphasize the unchanged file name portion
-        $dis .= sprintf("<span class=unimportant>%s</span>" .
-                        "<span class=disasmloc>:%d</span>",
-                        HtmlEscape(CleanFileName($f)), $l);
-      } else {
-        # De-emphasize the entire location
-        $dis .= sprintf("<span class=unimportant>%s:%d</span>",
-                        HtmlEscape(CleanFileName($f)), $l);
-      }
-      $last_dis_filename = $f;
-      $last_dis_linenum = $l;
-      $running_disasm .= $dis;
-      $running_disasm .= "\n";
-    }
-
-    $running1 += $c1;
-    $running2 += $c2;
-    $total1 += $c1;
-    $total2 += $c2;
-    my $file = $e->[1];
-    my $line = $e->[2];
-    if (($file eq $filename) &&
-        ($line >= $firstline) &&
-        ($line <= $lastline)) {
-      # Assign all accumulated samples to this line
-      AddEntry($samples1, $line, $running1);
-      AddEntry($samples2, $line, $running2);
-      $running1 = 0;
-      $running2 = 0;
-      if ($html) {
-        if ($line != $last_touched_line && $disasm{$line} ne '') {
-          $disasm{$line} .= "\n";
-        }
-        $disasm{$line} .= $running_disasm;
-        $running_disasm = '';
-        $last_touched_line = $line;
-      }
-    }
-  }
-
-  # Assign any leftover samples to $lastline
-  AddEntry($samples1, $lastline, $running1);
-  AddEntry($samples2, $lastline, $running2);
-  if ($html) {
-    if ($lastline != $last_touched_line && $disasm{$lastline} ne '') {
-      $disasm{$lastline} .= "\n";
-    }
-    $disasm{$lastline} .= $running_disasm;
-  }
-
-  if ($html) {
-    printf $output (
-      "<h1>%s</h1>%s\n<pre onClick=\"jeprof_toggle_asm()\">\n" .
-      "Total:%6s %6s (flat / cumulative %s)\n",
-      HtmlEscape(ShortFunctionName($routine)),
-      HtmlEscape(CleanFileName($filename)),
-      Unparse($total1),
-      Unparse($total2),
-      Units());
-  } else {
-    printf $output (
-      "ROUTINE ====================== %s in %s\n" .
-      "%6s %6s Total %s (flat / cumulative)\n",
-      ShortFunctionName($routine),
-      CleanFileName($filename),
-      Unparse($total1),
-      Unparse($total2),
-      Units());
-  }
-  if (!open(FILE, "<$filename")) {
-    print STDERR "$filename: $!\n";
-    return 0;
-  }
-  my $l = 0;
-  while (<FILE>) {
-    s/\r//g;         # turn windows-looking lines into unix-looking lines
-    $l++;
-    if ($l >= $firstline - 5 &&
-        (($l <= $oldlastline + 5) || ($l <= $lastline))) {
-      chop;
-      my $text = $_;
-      if ($l == $firstline) { print $output $skip_marker; }
-      my $n1 = GetEntry($samples1, $l);
-      my $n2 = GetEntry($samples2, $l);
-      if ($html) {
-        # Emit a span that has one of the following classes:
-        #    livesrc -- has samples
-        #    deadsrc -- has disassembly, but with no samples
-        #    nop     -- has no matching disasembly
-        # Also emit an optional span containing disassembly.
-        my $dis = $disasm{$l};
-        my $asm = "";
-        if (defined($dis) && $dis ne '') {
-          $asm = "<span class=\"asm\">" . $dis . "</span>";
-        }
-        my $source_class = (($n1 + $n2 > 0)
-                            ? "livesrc"
-                            : (($asm ne "") ? "deadsrc" : "nop"));
-        printf $output (
-          "<span class=\"line\">%5d</span> " .
-          "<span class=\"%s\">%6s %6s %s</span>%s\n",
-          $l, $source_class,
-          HtmlPrintNumber($n1),
-          HtmlPrintNumber($n2),
-          HtmlEscape($text),
-          $asm);
-      } else {
-        printf $output(
-          "%6s %6s %4d: %s\n",
-          UnparseAlt($n1),
-          UnparseAlt($n2),
-          $l,
-          $text);
-      }
-      if ($l == $lastline)  { print $output $skip_marker; }
-    };
-  }
-  close(FILE);
-  if ($html) {
-    print $output "</pre>\n";
-  }
-  return 1;
-}
-
-# Return the source line for the specified file/linenumber.
-# Returns undef if not found.
-sub SourceLine {
-  my $file = shift;
-  my $line = shift;
-
-  # Look in cache
-  if (!defined($main::source_cache{$file})) {
-    if (100 < scalar keys(%main::source_cache)) {
-      # Clear the cache when it gets too big
-      $main::source_cache = ();
-    }
-
-    # Read all lines from the file
-    if (!open(FILE, "<$file")) {
-      print STDERR "$file: $!\n";
-      $main::source_cache{$file} = [];  # Cache the negative result
-      return undef;
-    }
-    my $lines = [];
-    push(@{$lines}, "");        # So we can use 1-based line numbers as indices
-    while (<FILE>) {
-      push(@{$lines}, $_);
-    }
-    close(FILE);
-
-    # Save the lines in the cache
-    $main::source_cache{$file} = $lines;
-  }
-
-  my $lines = $main::source_cache{$file};
-  if (($line < 0) || ($line > $#{$lines})) {
-    return undef;
-  } else {
-    return $lines->[$line];
-  }
-}
-
-# Print disassembly for one routine with interspersed source if available
-sub PrintDisassembledFunction {
-  my $prog = shift;
-  my $offset = shift;
-  my $routine = shift;
-  my $flat = shift;
-  my $cumulative = shift;
-  my $start_addr = shift;
-  my $end_addr = shift;
-  my $total = shift;
-
-  # Disassemble all instructions
-  my @instructions = Disassemble($prog, $offset, $start_addr, $end_addr);
-
-  # Make array of counts per instruction
-  my @flat_count = ();
-  my @cum_count = ();
-  my $flat_total = 0;
-  my $cum_total = 0;
-  foreach my $e (@instructions) {
-    # Add up counts for all address that fall inside this instruction
-    my $c1 = 0;
-    my $c2 = 0;
-    for (my $a = $e->[0]; $a lt $e->[4]; $a = AddressInc($a)) {
-      $c1 += GetEntry($flat, $a);
-      $c2 += GetEntry($cumulative, $a);
-    }
-    push(@flat_count, $c1);
-    push(@cum_count, $c2);
-    $flat_total += $c1;
-    $cum_total += $c2;
-  }
-
-  # Print header with total counts
-  printf("ROUTINE ====================== %s\n" .
-         "%6s %6s %s (flat, cumulative) %.1f%% of total\n",
-         ShortFunctionName($routine),
-         Unparse($flat_total),
-         Unparse($cum_total),
-         Units(),
-         ($cum_total * 100.0) / $total);
-
-  # Process instructions in order
-  my $current_file = "";
-  for (my $i = 0; $i <= $#instructions; ) {
-    my $e = $instructions[$i];
-
-    # Print the new file name whenever we switch files
-    if ($e->[1] ne $current_file) {
-      $current_file = $e->[1];
-      my $fname = $current_file;
-      $fname =~ s|^\./||;   # Trim leading "./"
-
-      # Shorten long file names
-      if (length($fname) >= 58) {
-        $fname = "..." . substr($fname, -55);
-      }
-      printf("-------------------- %s\n", $fname);
-    }
-
-    # TODO: Compute range of lines to print together to deal with
-    # small reorderings.
-    my $first_line = $e->[2];
-    my $last_line = $first_line;
-    my %flat_sum = ();
-    my %cum_sum = ();
-    for (my $l = $first_line; $l <= $last_line; $l++) {
-      $flat_sum{$l} = 0;
-      $cum_sum{$l} = 0;
-    }
-
-    # Find run of instructions for this range of source lines
-    my $first_inst = $i;
-    while (($i <= $#instructions) &&
-           ($instructions[$i]->[2] >= $first_line) &&
-           ($instructions[$i]->[2] <= $last_line)) {
-      $e = $instructions[$i];
-      $flat_sum{$e->[2]} += $flat_count[$i];
-      $cum_sum{$e->[2]} += $cum_count[$i];
-      $i++;
-    }
-    my $last_inst = $i - 1;
-
-    # Print source lines
-    for (my $l = $first_line; $l <= $last_line; $l++) {
-      my $line = SourceLine($current_file, $l);
-      if (!defined($line)) {
-        $line = "?\n";
-        next;
-      } else {
-        $line =~ s/^\s+//;
-      }
-      printf("%6s %6s %5d: %s",
-             UnparseAlt($flat_sum{$l}),
-             UnparseAlt($cum_sum{$l}),
-             $l,
-             $line);
-    }
-
-    # Print disassembly
-    for (my $x = $first_inst; $x <= $last_inst; $x++) {
-      my $e = $instructions[$x];
-      printf("%6s %6s    %8s: %6s\n",
-             UnparseAlt($flat_count[$x]),
-             UnparseAlt($cum_count[$x]),
-             UnparseAddress($offset, $e->[0]),
-             CleanDisassembly($e->[3]));
-    }
-  }
-}
-
-# Print DOT graph
-sub PrintDot {
-  my $prog = shift;
-  my $symbols = shift;
-  my $raw = shift;
-  my $flat = shift;
-  my $cumulative = shift;
-  my $overall_total = shift;
-
-  # Get total
-  my $local_total = TotalProfile($flat);
-  my $nodelimit = int($main::opt_nodefraction * $local_total);
-  my $edgelimit = int($main::opt_edgefraction * $local_total);
-  my $nodecount = $main::opt_nodecount;
-
-  # Find nodes to include
-  my @list = (sort { abs(GetEntry($cumulative, $b)) <=>
-                     abs(GetEntry($cumulative, $a))
-                     || $a cmp $b }
-              keys(%{$cumulative}));
-  my $last = $nodecount - 1;
-  if ($last > $#list) {
-    $last = $#list;
-  }
-  while (($last >= 0) &&
-         (abs(GetEntry($cumulative, $list[$last])) <= $nodelimit)) {
-    $last--;
-  }
-  if ($last < 0) {
-    print STDERR "No nodes to print\n";
-    return 0;
-  }
-
-  if ($nodelimit > 0 || $edgelimit > 0) {
-    printf STDERR ("Dropping nodes with <= %s %s; edges with <= %s abs(%s)\n",
-                   Unparse($nodelimit), Units(),
-                   Unparse($edgelimit), Units());
-  }
-
-  # Open DOT output file
-  my $output;
-  my $escaped_dot = ShellEscape(@DOT);
-  my $escaped_ps2pdf = ShellEscape(@PS2PDF);
-  if ($main::opt_gv) {
-    my $escaped_outfile = ShellEscape(TempName($main::next_tmpfile, "ps"));
-    $output = "| $escaped_dot -Tps2 >$escaped_outfile";
-  } elsif ($main::opt_evince) {
-    my $escaped_outfile = ShellEscape(TempName($main::next_tmpfile, "pdf"));
-    $output = "| $escaped_dot -Tps2 | $escaped_ps2pdf - $escaped_outfile";
-  } elsif ($main::opt_ps) {
-    $output = "| $escaped_dot -Tps2";
-  } elsif ($main::opt_pdf) {
-    $output = "| $escaped_dot -Tps2 | $escaped_ps2pdf - -";
-  } elsif ($main::opt_web || $main::opt_svg) {
-    # We need to post-process the SVG, so write to a temporary file always.
-    my $escaped_outfile = ShellEscape(TempName($main::next_tmpfile, "svg"));
-    $output = "| $escaped_dot -Tsvg >$escaped_outfile";
-  } elsif ($main::opt_gif) {
-    $output = "| $escaped_dot -Tgif";
-  } else {
-    $output = ">&STDOUT";
-  }
-  open(DOT, $output) || error("$output: $!\n");
-
-  # Title
-  printf DOT ("digraph \"%s; %s %s\" {\n",
-              $prog,
-              Unparse($overall_total),
-              Units());
-  if ($main::opt_pdf) {
-    # The output is more printable if we set the page size for dot.
-    printf DOT ("size=\"8,11\"\n");
-  }
-  printf DOT ("node [width=0.375,height=0.25];\n");
-
-  # Print legend
-  printf DOT ("Legend [shape=box,fontsize=24,shape=plaintext," .
-              "label=\"%s\\l%s\\l%s\\l%s\\l%s\\l\"];\n",
-              $prog,
-              sprintf("Total %s: %s", Units(), Unparse($overall_total)),
-              sprintf("Focusing on: %s", Unparse($local_total)),
-              sprintf("Dropped nodes with <= %s abs(%s)",
-                      Unparse($nodelimit), Units()),
-              sprintf("Dropped edges with <= %s %s",
-                      Unparse($edgelimit), Units())
-              );
-
-  # Print nodes
-  my %node = ();
-  my $nextnode = 1;
-  foreach my $a (@list[0..$last]) {
-    # Pick font size
-    my $f = GetEntry($flat, $a);
-    my $c = GetEntry($cumulative, $a);
-
-    my $fs = 8;
-    if ($local_total > 0) {
-      $fs = 8 + (50.0 * sqrt(abs($f * 1.0 / $local_total)));
-    }
-
-    $node{$a} = $nextnode++;
-    my $sym = $a;
-    $sym =~ s/\s+/\\n/g;
-    $sym =~ s/::/\\n/g;
-
-    # Extra cumulative info to print for non-leaves
-    my $extra = "";
-    if ($f != $c) {
-      $extra = sprintf("\\rof %s (%s)",
-                       Unparse($c),
-                       Percent($c, $local_total));
-    }
-    my $style = "";
-    if ($main::opt_heapcheck) {
-      if ($f > 0) {
-        # make leak-causing nodes more visible (add a background)
-        $style = ",style=filled,fillcolor=gray"
-      } elsif ($f < 0) {
-        # make anti-leak-causing nodes (which almost never occur)
-        # stand out as well (triple border)
-        $style = ",peripheries=3"
-      }
-    }
-
-    printf DOT ("N%d [label=\"%s\\n%s (%s)%s\\r" .
-                "\",shape=box,fontsize=%.1f%s];\n",
-                $node{$a},
-                $sym,
-                Unparse($f),
-                Percent($f, $local_total),
-                $extra,
-                $fs,
-                $style,
-               );
-  }
-
-  # Get edges and counts per edge
-  my %edge = ();
-  my $n;
-  my $fullname_to_shortname_map = {};
-  FillFullnameToShortnameMap($symbols, $fullname_to_shortname_map);
-  foreach my $k (keys(%{$raw})) {
-    # TODO: omit low %age edges
-    $n = $raw->{$k};
-    my @translated = TranslateStack($symbols, $fullname_to_shortname_map, $k);
-    for (my $i = 1; $i <= $#translated; $i++) {
-      my $src = $translated[$i];
-      my $dst = $translated[$i-1];
-      #next if ($src eq $dst);  # Avoid self-edges?
-      if (exists($node{$src}) && exists($node{$dst})) {
-        my $edge_label = "$src\001$dst";
-        if (!exists($edge{$edge_label})) {
-          $edge{$edge_label} = 0;
-        }
-        $edge{$edge_label} += $n;
-      }
-    }
-  }
-
-  # Print edges (process in order of decreasing counts)
-  my %indegree = ();   # Number of incoming edges added per node so far
-  my %outdegree = ();  # Number of outgoing edges added per node so far
-  foreach my $e (sort { $edge{$b} <=> $edge{$a} } keys(%edge)) {
-    my @x = split(/\001/, $e);
-    $n = $edge{$e};
-
-    # Initialize degree of kept incoming and outgoing edges if necessary
-    my $src = $x[0];
-    my $dst = $x[1];
-    if (!exists($outdegree{$src})) { $outdegree{$src} = 0; }
-    if (!exists($indegree{$dst})) { $indegree{$dst} = 0; }
-
-    my $keep;
-    if ($indegree{$dst} == 0) {
-      # Keep edge if needed for reachability
-      $keep = 1;
-    } elsif (abs($n) <= $edgelimit) {
-      # Drop if we are below --edgefraction
-      $keep = 0;
-    } elsif ($outdegree{$src} >= $main::opt_maxdegree ||
-             $indegree{$dst} >= $main::opt_maxdegree) {
-      # Keep limited number of in/out edges per node
-      $keep = 0;
-    } else {
-      $keep = 1;
-    }
-
-    if ($keep) {
-      $outdegree{$src}++;
-      $indegree{$dst}++;
-
-      # Compute line width based on edge count
-      my $fraction = abs($local_total ? (3 * ($n / $local_total)) : 0);
-      if ($fraction > 1) { $fraction = 1; }
-      my $w = $fraction * 2;
-      if ($w < 1 && ($main::opt_web || $main::opt_svg)) {
-        # SVG output treats line widths < 1 poorly.
-        $w = 1;
-      }
-
-      # Dot sometimes segfaults if given edge weights that are too large, so
-      # we cap the weights at a large value
-      my $edgeweight = abs($n) ** 0.7;
-      if ($edgeweight > 100000) { $edgeweight = 100000; }
-      $edgeweight = int($edgeweight);
-
-      my $style = sprintf("setlinewidth(%f)", $w);
-      if ($x[1] =~ m/\(inline\)/) {
-        $style .= ",dashed";
-      }
-
-      # Use a slightly squashed function of the edge count as the weight
-      printf DOT ("N%s -> N%s [label=%s, weight=%d, style=\"%s\"];\n",
-                  $node{$x[0]},
-                  $node{$x[1]},
-                  Unparse($n),
-                  $edgeweight,
-                  $style);
-    }
-  }
-
-  print DOT ("}\n");
-  close(DOT);
-
-  if ($main::opt_web || $main::opt_svg) {
-    # Rewrite SVG to be more usable inside web browser.
-    RewriteSvg(TempName($main::next_tmpfile, "svg"));
-  }
-
-  return 1;
-}
-
-sub RewriteSvg {
-  my $svgfile = shift;
-
-  open(SVG, $svgfile) || die "open temp svg: $!";
-  my @svg = <SVG>;
-  close(SVG);
-  unlink $svgfile;
-  my $svg = join('', @svg);
-
-  # Dot's SVG output is
-  #
-  #    <svg width="___" height="___"
-  #     viewBox="___" xmlns=...>
-  #    <g id="graph0" transform="...">
-  #    ...
-  #    </g>
-  #    </svg>
-  #
-  # Change it to
-  #
-  #    <svg width="100%" height="100%"
-  #     xmlns=...>
-  #    $svg_javascript
-  #    <g id="viewport" transform="translate(0,0)">
-  #    <g id="graph0" transform="...">
-  #    ...
-  #    </g>
-  #    </g>
-  #    </svg>
-
-  # Fix width, height; drop viewBox.
-  $svg =~ s/(?s)<svg width="[^"]+" height="[^"]+"(.*?)viewBox="[^"]+"/<svg width="100%" height="100%"$1/;
-
-  # Insert script, viewport <g> above first <g>
-  my $svg_javascript = SvgJavascript();
-  my $viewport = "<g id=\"viewport\" transform=\"translate(0,0)\">\n";
-  $svg =~ s/<g id="graph\d"/$svg_javascript$viewport$&/;
-
-  # Insert final </g> above </svg>.
-  $svg =~ s/(.*)(<\/svg>)/$1<\/g>$2/;
-  $svg =~ s/<g id="graph\d"(.*?)/<g id="viewport"$1/;
-
-  if ($main::opt_svg) {
-    # --svg: write to standard output.
-    print $svg;
-  } else {
-    # Write back to temporary file.
-    open(SVG, ">$svgfile") || die "open $svgfile: $!";
-    print SVG $svg;
-    close(SVG);
-  }
-}
-
-sub SvgJavascript {
-  return <<'EOF';
-<script type="text/ecmascript"><![CDATA[
-// SVGPan
-// http://www.cyberz.org/blog/2009/12/08/svgpan-a-javascript-svg-panzoomdrag-library/
-// Local modification: if(true || ...) below to force panning, never moving.
-
-/**
- *  SVGPan library 1.2
- * ====================
- *
- * Given an unique existing element with id "viewport", including the
- * the library into any SVG adds the following capabilities:
- *
- *  - Mouse panning
- *  - Mouse zooming (using the wheel)
- *  - Object dargging
- *
- * Known issues:
- *
- *  - Zooming (while panning) on Safari has still some issues
- *
- * Releases:
- *
- * 1.2, Sat Mar 20 08:42:50 GMT 2010, Zeng Xiaohui
- *	Fixed a bug with browser mouse handler interaction
- *
- * 1.1, Wed Feb  3 17:39:33 GMT 2010, Zeng Xiaohui
- *	Updated the zoom code to support the mouse wheel on Safari/Chrome
- *
- * 1.0, Andrea Leofreddi
- *	First release
- *
- * This code is licensed under the following BSD license:
- *
- * Copyright 2009-2010 Andrea Leofreddi <a.leofreddi@itcharm.com>. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without modification, are
- * permitted provided that the following conditions are met:
- *
- *    1. Redistributions of source code must retain the above copyright notice, this list of
- *       conditions and the following disclaimer.
- *
- *    2. Redistributions in binary form must reproduce the above copyright notice, this list
- *       of conditions and the following disclaimer in the documentation and/or other materials
- *       provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY Andrea Leofreddi ``AS IS'' AND ANY EXPRESS OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
- * FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL Andrea Leofreddi OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- * The views and conclusions contained in the software and documentation are those of the
- * authors and should not be interpreted as representing official policies, either expressed
- * or implied, of Andrea Leofreddi.
- */
-
-var root = document.documentElement;
-
-var state = 'none', stateTarget, stateOrigin, stateTf;
-
-setupHandlers(root);
-
-/**
- * Register handlers
- */
-function setupHandlers(root){
-	setAttributes(root, {
-		"onmouseup" : "add(evt)",
-		"onmousedown" : "handleMouseDown(evt)",
-		"onmousemove" : "handleMouseMove(evt)",
-		"onmouseup" : "handleMouseUp(evt)",
-		//"onmouseout" : "handleMouseUp(evt)", // Decomment this to stop the pan functionality when dragging out of the SVG element
-	});
-
-	if(navigator.userAgent.toLowerCase().indexOf('webkit') >= 0)
-		window.addEventListener('mousewheel', handleMouseWheel, false); // Chrome/Safari
-	else
-		window.addEventListener('DOMMouseScroll', handleMouseWheel, false); // Others
-
-	var g = svgDoc.getElementById("svg");
-	g.width = "100%";
-	g.height = "100%";
-}
-
-/**
- * Instance an SVGPoint object with given event coordinates.
- */
-function getEventPoint(evt) {
-	var p = root.createSVGPoint();
-
-	p.x = evt.clientX;
-	p.y = evt.clientY;
-
-	return p;
-}
-
-/**
- * Sets the current transform matrix of an element.
- */
-function setCTM(element, matrix) {
-	var s = "matrix(" + matrix.a + "," + matrix.b + "," + matrix.c + "," + matrix.d + "," + matrix.e + "," + matrix.f + ")";
-
-	element.setAttribute("transform", s);
-}
-
-/**
- * Dumps a matrix to a string (useful for debug).
- */
-function dumpMatrix(matrix) {
-	var s = "[ " + matrix.a + ", " + matrix.c + ", " + matrix.e + "\n  " + matrix.b + ", " + matrix.d + ", " + matrix.f + "\n  0, 0, 1 ]";
-
-	return s;
-}
-
-/**
- * Sets attributes of an element.
- */
-function setAttributes(element, attributes){
-	for (i in attributes)
-		element.setAttributeNS(null, i, attributes[i]);
-}
-
-/**
- * Handle mouse move event.
- */
-function handleMouseWheel(evt) {
-	if(evt.preventDefault)
-		evt.preventDefault();
-
-	evt.returnValue = false;
-
-	var svgDoc = evt.target.ownerDocument;
-
-	var delta;
-
-	if(evt.wheelDelta)
-		delta = evt.wheelDelta / 3600; // Chrome/Safari
-	else
-		delta = evt.detail / -90; // Mozilla
-
-	var z = 1 + delta; // Zoom factor: 0.9/1.1
-
-	var g = svgDoc.getElementById("viewport");
-
-	var p = getEventPoint(evt);
-
-	p = p.matrixTransform(g.getCTM().inverse());
-
-	// Compute new scale matrix in current mouse position
-	var k = root.createSVGMatrix().translate(p.x, p.y).scale(z).translate(-p.x, -p.y);
-
-        setCTM(g, g.getCTM().multiply(k));
-
-	stateTf = stateTf.multiply(k.inverse());
-}
-
-/**
- * Handle mouse move event.
- */
-function handleMouseMove(evt) {
-	if(evt.preventDefault)
-		evt.preventDefault();
-
-	evt.returnValue = false;
-
-	var svgDoc = evt.target.ownerDocument;
-
-	var g = svgDoc.getElementById("viewport");
-
-	if(state == 'pan') {
-		// Pan mode
-		var p = getEventPoint(evt).matrixTransform(stateTf);
-
-		setCTM(g, stateTf.inverse().translate(p.x - stateOrigin.x, p.y - stateOrigin.y));
-	} else if(state == 'move') {
-		// Move mode
-		var p = getEventPoint(evt).matrixTransform(g.getCTM().inverse());
-
-		setCTM(stateTarget, root.createSVGMatrix().translate(p.x - stateOrigin.x, p.y - stateOrigin.y).multiply(g.getCTM().inverse()).multiply(stateTarget.getCTM()));
-
-		stateOrigin = p;
-	}
-}
-
-/**
- * Handle click event.
- */
-function handleMouseDown(evt) {
-	if(evt.preventDefault)
-		evt.preventDefault();
-
-	evt.returnValue = false;
-
-	var svgDoc = evt.target.ownerDocument;
-
-	var g = svgDoc.getElementById("viewport");
-
-	if(true || evt.target.tagName == "svg") {
-		// Pan mode
-		state = 'pan';
-
-		stateTf = g.getCTM().inverse();
-
-		stateOrigin = getEventPoint(evt).matrixTransform(stateTf);
-	} else {
-		// Move mode
-		state = 'move';
-
-		stateTarget = evt.target;
-
-		stateTf = g.getCTM().inverse();
-
-		stateOrigin = getEventPoint(evt).matrixTransform(stateTf);
-	}
-}
-
-/**
- * Handle mouse button release event.
- */
-function handleMouseUp(evt) {
-	if(evt.preventDefault)
-		evt.preventDefault();
-
-	evt.returnValue = false;
-
-	var svgDoc = evt.target.ownerDocument;
-
-	if(state == 'pan' || state == 'move') {
-		// Quit pan mode
-		state = '';
-	}
-}
-
-]]></script>
-EOF
-}
-
-# Provides a map from fullname to shortname for cases where the
-# shortname is ambiguous.  The symlist has both the fullname and
-# shortname for all symbols, which is usually fine, but sometimes --
-# such as overloaded functions -- two different fullnames can map to
-# the same shortname.  In that case, we use the address of the
-# function to disambiguate the two.  This function fills in a map that
-# maps fullnames to modified shortnames in such cases.  If a fullname
-# is not present in the map, the 'normal' shortname provided by the
-# symlist is the appropriate one to use.
-sub FillFullnameToShortnameMap {
-  my $symbols = shift;
-  my $fullname_to_shortname_map = shift;
-  my $shortnames_seen_once = {};
-  my $shortnames_seen_more_than_once = {};
-
-  foreach my $symlist (values(%{$symbols})) {
-    # TODO(csilvers): deal with inlined symbols too.
-    my $shortname = $symlist->[0];
-    my $fullname = $symlist->[2];
-    if ($fullname !~ /<[0-9a-fA-F]+>$/) {  # fullname doesn't end in an address
-      next;       # the only collisions we care about are when addresses differ
-    }
-    if (defined($shortnames_seen_once->{$shortname}) &&
-        $shortnames_seen_once->{$shortname} ne $fullname) {
-      $shortnames_seen_more_than_once->{$shortname} = 1;
-    } else {
-      $shortnames_seen_once->{$shortname} = $fullname;
-    }
-  }
-
-  foreach my $symlist (values(%{$symbols})) {
-    my $shortname = $symlist->[0];
-    my $fullname = $symlist->[2];
-    # TODO(csilvers): take in a list of addresses we care about, and only
-    # store in the map if $symlist->[1] is in that list.  Saves space.
-    next if defined($fullname_to_shortname_map->{$fullname});
-    if (defined($shortnames_seen_more_than_once->{$shortname})) {
-      if ($fullname =~ /<0*([^>]*)>$/) {   # fullname has address at end of it
-        $fullname_to_shortname_map->{$fullname} = "$shortname\@$1";
-      }
-    }
-  }
-}
-
-# Return a small number that identifies the argument.
-# Multiple calls with the same argument will return the same number.
-# Calls with different arguments will return different numbers.
-sub ShortIdFor {
-  my $key = shift;
-  my $id = $main::uniqueid{$key};
-  if (!defined($id)) {
-    $id = keys(%main::uniqueid) + 1;
-    $main::uniqueid{$key} = $id;
-  }
-  return $id;
-}
-
-# Translate a stack of addresses into a stack of symbols
-sub TranslateStack {
-  my $symbols = shift;
-  my $fullname_to_shortname_map = shift;
-  my $k = shift;
-
-  my @addrs = split(/\n/, $k);
-  my @result = ();
-  for (my $i = 0; $i <= $#addrs; $i++) {
-    my $a = $addrs[$i];
-
-    # Skip large addresses since they sometimes show up as fake entries on RH9
-    if (length($a) > 8 && $a gt "7fffffffffffffff") {
-      next;
-    }
-
-    if ($main::opt_disasm || $main::opt_list) {
-      # We want just the address for the key
-      push(@result, $a);
-      next;
-    }
-
-    my $symlist = $symbols->{$a};
-    if (!defined($symlist)) {
-      $symlist = [$a, "", $a];
-    }
-
-    # We can have a sequence of symbols for a particular entry
-    # (more than one symbol in the case of inlining).  Callers
-    # come before callees in symlist, so walk backwards since
-    # the translated stack should contain callees before callers.
-    for (my $j = $#{$symlist}; $j >= 2; $j -= 3) {
-      my $func = $symlist->[$j-2];
-      my $fileline = $symlist->[$j-1];
-      my $fullfunc = $symlist->[$j];
-      if (defined($fullname_to_shortname_map->{$fullfunc})) {
-        $func = $fullname_to_shortname_map->{$fullfunc};
-      }
-      if ($j > 2) {
-        $func = "$func (inline)";
-      }
-
-      # Do not merge nodes corresponding to Callback::Run since that
-      # causes confusing cycles in dot display.  Instead, we synthesize
-      # a unique name for this frame per caller.
-      if ($func =~ m/Callback.*::Run$/) {
-        my $caller = ($i > 0) ? $addrs[$i-1] : 0;
-        $func = "Run#" . ShortIdFor($caller);
-      }
-
-      if ($main::opt_addresses) {
-        push(@result, "$a $func $fileline");
-      } elsif ($main::opt_lines) {
-        if ($func eq '??' && $fileline eq '??:0') {
-          push(@result, "$a");
-        } else {
-          push(@result, "$func $fileline");
-        }
-      } elsif ($main::opt_functions) {
-        if ($func eq '??') {
-          push(@result, "$a");
-        } else {
-          push(@result, $func);
-        }
-      } elsif ($main::opt_files) {
-        if ($fileline eq '??:0' || $fileline eq '') {
-          push(@result, "$a");
-        } else {
-          my $f = $fileline;
-          $f =~ s/:\d+$//;
-          push(@result, $f);
-        }
-      } else {
-        push(@result, $a);
-        last;  # Do not print inlined info
-      }
-    }
-  }
-
-  # print join(",", @addrs), " => ", join(",", @result), "\n";
-  return @result;
-}
-
-# Generate percent string for a number and a total
-sub Percent {
-  my $num = shift;
-  my $tot = shift;
-  if ($tot != 0) {
-    return sprintf("%.1f%%", $num * 100.0 / $tot);
-  } else {
-    return ($num == 0) ? "nan" : (($num > 0) ? "+inf" : "-inf");
-  }
-}
-
-# Generate pretty-printed form of number
-sub Unparse {
-  my $num = shift;
-  if ($main::profile_type eq 'heap' || $main::profile_type eq 'growth') {
-    if ($main::opt_inuse_objects || $main::opt_alloc_objects) {
-      return sprintf("%d", $num);
-    } else {
-      if ($main::opt_show_bytes) {
-        return sprintf("%d", $num);
-      } else {
-        return sprintf("%.1f", $num / 1048576.0);
-      }
-    }
-  } elsif ($main::profile_type eq 'contention' && !$main::opt_contentions) {
-    return sprintf("%.3f", $num / 1e9); # Convert nanoseconds to seconds
-  } else {
-    return sprintf("%d", $num);
-  }
-}
-
-# Alternate pretty-printed form: 0 maps to "."
-sub UnparseAlt {
-  my $num = shift;
-  if ($num == 0) {
-    return ".";
-  } else {
-    return Unparse($num);
-  }
-}
-
-# Alternate pretty-printed form: 0 maps to ""
-sub HtmlPrintNumber {
-  my $num = shift;
-  if ($num == 0) {
-    return "";
-  } else {
-    return Unparse($num);
-  }
-}
-
-# Return output units
-sub Units {
-  if ($main::profile_type eq 'heap' || $main::profile_type eq 'growth') {
-    if ($main::opt_inuse_objects || $main::opt_alloc_objects) {
-      return "objects";
-    } else {
-      if ($main::opt_show_bytes) {
-        return "B";
-      } else {
-        return "MB";
-      }
-    }
-  } elsif ($main::profile_type eq 'contention' && !$main::opt_contentions) {
-    return "seconds";
-  } else {
-    return "samples";
-  }
-}
-
-##### Profile manipulation code #####
-
-# Generate flattened profile:
-# If count is charged to stack [a,b,c,d], in generated profile,
-# it will be charged to [a]
-sub FlatProfile {
-  my $profile = shift;
-  my $result = {};
-  foreach my $k (keys(%{$profile})) {
-    my $count = $profile->{$k};
-    my @addrs = split(/\n/, $k);
-    if ($#addrs >= 0) {
-      AddEntry($result, $addrs[0], $count);
-    }
-  }
-  return $result;
-}
-
-# Generate cumulative profile:
-# If count is charged to stack [a,b,c,d], in generated profile,
-# it will be charged to [a], [b], [c], [d]
-sub CumulativeProfile {
-  my $profile = shift;
-  my $result = {};
-  foreach my $k (keys(%{$profile})) {
-    my $count = $profile->{$k};
-    my @addrs = split(/\n/, $k);
-    foreach my $a (@addrs) {
-      AddEntry($result, $a, $count);
-    }
-  }
-  return $result;
-}
-
-# If the second-youngest PC on the stack is always the same, returns
-# that pc.  Otherwise, returns undef.
-sub IsSecondPcAlwaysTheSame {
-  my $profile = shift;
-
-  my $second_pc = undef;
-  foreach my $k (keys(%{$profile})) {
-    my @addrs = split(/\n/, $k);
-    if ($#addrs < 1) {
-      return undef;
-    }
-    if (not defined $second_pc) {
-      $second_pc = $addrs[1];
-    } else {
-      if ($second_pc ne $addrs[1]) {
-        return undef;
-      }
-    }
-  }
-  return $second_pc;
-}
-
-sub ExtractSymbolLocation {
-  my $symbols = shift;
-  my $address = shift;
-  # 'addr2line' outputs "??:0" for unknown locations; we do the
-  # same to be consistent.
-  my $location = "??:0:unknown";
-  if (exists $symbols->{$address}) {
-    my $file = $symbols->{$address}->[1];
-    if ($file eq "?") {
-      $file = "??:0"
-    }
-    $location = $file . ":" . $symbols->{$address}->[0];
-  }
-  return $location;
-}
-
-# Extracts a graph of calls.
-sub ExtractCalls {
-  my $symbols = shift;
-  my $profile = shift;
-
-  my $calls = {};
-  while( my ($stack_trace, $count) = each %$profile ) {
-    my @address = split(/\n/, $stack_trace);
-    my $destination = ExtractSymbolLocation($symbols, $address[0]);
-    AddEntry($calls, $destination, $count);
-    for (my $i = 1; $i <= $#address; $i++) {
-      my $source = ExtractSymbolLocation($symbols, $address[$i]);
-      my $call = "$source -> $destination";
-      AddEntry($calls, $call, $count);
-      $destination = $source;
-    }
-  }
-
-  return $calls;
-}
-
-sub FilterFrames {
-  my $symbols = shift;
-  my $profile = shift;
-
-  if ($main::opt_retain eq '' && $main::opt_exclude eq '') {
-    return $profile;
-  }
-
-  my $result = {};
-  foreach my $k (keys(%{$profile})) {
-    my $count = $profile->{$k};
-    my @addrs = split(/\n/, $k);
-    my @path = ();
-    foreach my $a (@addrs) {
-      my $sym;
-      if (exists($symbols->{$a})) {
-        $sym = $symbols->{$a}->[0];
-      } else {
-        $sym = $a;
-      }
-      if ($main::opt_retain ne '' && $sym !~ m/$main::opt_retain/) {
-        next;
-      }
-      if ($main::opt_exclude ne '' && $sym =~ m/$main::opt_exclude/) {
-        next;
-      }
-      push(@path, $a);
-    }
-    if (scalar(@path) > 0) {
-      my $reduced_path = join("\n", @path);
-      AddEntry($result, $reduced_path, $count);
-    }
-  }
-
-  return $result;
-}
-
-sub RemoveUninterestingFrames {
-  my $symbols = shift;
-  my $profile = shift;
-
-  # List of function names to skip
-  my %skip = ();
-  my $skip_regexp = 'NOMATCH';
-  if ($main::profile_type eq 'heap' || $main::profile_type eq 'growth') {
-    foreach my $name ('@JEMALLOC_PREFIX@calloc',
-                      'cfree',
-                      '@JEMALLOC_PREFIX@malloc',
-                      'newImpl',
-                      'void* newImpl',
-                      '@JEMALLOC_PREFIX@free',
-                      '@JEMALLOC_PREFIX@memalign',
-                      '@JEMALLOC_PREFIX@posix_memalign',
-                      '@JEMALLOC_PREFIX@aligned_alloc',
-                      'pvalloc',
-                      '@JEMALLOC_PREFIX@valloc',
-                      '@JEMALLOC_PREFIX@realloc',
-                      '@JEMALLOC_PREFIX@mallocx',
-                      '@JEMALLOC_PREFIX@rallocx',
-                      '@JEMALLOC_PREFIX@xallocx',
-                      '@JEMALLOC_PREFIX@dallocx',
-                      '@JEMALLOC_PREFIX@sdallocx',
-                      '@JEMALLOC_PREFIX@sdallocx_noflags',
-                      'tc_calloc',
-                      'tc_cfree',
-                      'tc_malloc',
-                      'tc_free',
-                      'tc_memalign',
-                      'tc_posix_memalign',
-                      'tc_pvalloc',
-                      'tc_valloc',
-                      'tc_realloc',
-                      'tc_new',
-                      'tc_delete',
-                      'tc_newarray',
-                      'tc_deletearray',
-                      'tc_new_nothrow',
-                      'tc_newarray_nothrow',
-                      'do_malloc',
-                      '::do_malloc',   # new name -- got moved to an unnamed ns
-                      '::do_malloc_or_cpp_alloc',
-                      'DoSampledAllocation',
-                      'simple_alloc::allocate',
-                      '__malloc_alloc_template::allocate',
-                      '__builtin_delete',
-                      '__builtin_new',
-                      '__builtin_vec_delete',
-                      '__builtin_vec_new',
-                      'operator new',
-                      'operator new[]',
-                      # The entry to our memory-allocation routines on OS X
-                      'malloc_zone_malloc',
-                      'malloc_zone_calloc',
-                      'malloc_zone_valloc',
-                      'malloc_zone_realloc',
-                      'malloc_zone_memalign',
-                      'malloc_zone_free',
-                      # These mark the beginning/end of our custom sections
-                      '__start_google_malloc',
-                      '__stop_google_malloc',
-                      '__start_malloc_hook',
-                      '__stop_malloc_hook') {
-      $skip{$name} = 1;
-      $skip{"_" . $name} = 1;   # Mach (OS X) adds a _ prefix to everything
-    }
-    # TODO: Remove TCMalloc once everything has been
-    # moved into the tcmalloc:: namespace and we have flushed
-    # old code out of the system.
-    $skip_regexp = "TCMalloc|^tcmalloc::";
-  } elsif ($main::profile_type eq 'contention') {
-    foreach my $vname ('base::RecordLockProfileData',
-                       'base::SubmitMutexProfileData',
-                       'base::SubmitSpinLockProfileData',
-                       'Mutex::Unlock',
-                       'Mutex::UnlockSlow',
-                       'Mutex::ReaderUnlock',
-                       'MutexLock::~MutexLock',
-                       'SpinLock::Unlock',
-                       'SpinLock::SlowUnlock',
-                       'SpinLockHolder::~SpinLockHolder') {
-      $skip{$vname} = 1;
-    }
-  } elsif ($main::profile_type eq 'cpu') {
-    # Drop signal handlers used for CPU profile collection
-    # TODO(dpeng): this should not be necessary; it's taken
-    # care of by the general 2nd-pc mechanism below.
-    foreach my $name ('ProfileData::Add',           # historical
-                      'ProfileData::prof_handler',  # historical
-                      'CpuProfiler::prof_handler',
-                      '__FRAME_END__',
-                      '__pthread_sighandler',
-                      '__restore') {
-      $skip{$name} = 1;
-    }
-  } else {
-    # Nothing skipped for unknown types
-  }
-
-  if ($main::profile_type eq 'cpu') {
-    # If all the second-youngest program counters are the same,
-    # this STRONGLY suggests that it is an artifact of measurement,
-    # i.e., stack frames pushed by the CPU profiler signal handler.
-    # Hence, we delete them.
-    # (The topmost PC is read from the signal structure, not from
-    # the stack, so it does not get involved.)
-    while (my $second_pc = IsSecondPcAlwaysTheSame($profile)) {
-      my $result = {};
-      my $func = '';
-      if (exists($symbols->{$second_pc})) {
-        $second_pc = $symbols->{$second_pc}->[0];
-      }
-      print STDERR "Removing $second_pc from all stack traces.\n";
-      foreach my $k (keys(%{$profile})) {
-        my $count = $profile->{$k};
-        my @addrs = split(/\n/, $k);
-        splice @addrs, 1, 1;
-        my $reduced_path = join("\n", @addrs);
-        AddEntry($result, $reduced_path, $count);
-      }
-      $profile = $result;
-    }
-  }
-
-  my $result = {};
-  foreach my $k (keys(%{$profile})) {
-    my $count = $profile->{$k};
-    my @addrs = split(/\n/, $k);
-    my @path = ();
-    foreach my $a (@addrs) {
-      if (exists($symbols->{$a})) {
-        my $func = $symbols->{$a}->[0];
-        if ($skip{$func} || ($func =~ m/$skip_regexp/)) {
-          # Throw away the portion of the backtrace seen so far, under the
-          # assumption that previous frames were for functions internal to the
-          # allocator.
-          @path = ();
-          next;
-        }
-      }
-      push(@path, $a);
-    }
-    my $reduced_path = join("\n", @path);
-    AddEntry($result, $reduced_path, $count);
-  }
-
-  $result = FilterFrames($symbols, $result);
-
-  return $result;
-}
-
-# Reduce profile to granularity given by user
-sub ReduceProfile {
-  my $symbols = shift;
-  my $profile = shift;
-  my $result = {};
-  my $fullname_to_shortname_map = {};
-  FillFullnameToShortnameMap($symbols, $fullname_to_shortname_map);
-  foreach my $k (keys(%{$profile})) {
-    my $count = $profile->{$k};
-    my @translated = TranslateStack($symbols, $fullname_to_shortname_map, $k);
-    my @path = ();
-    my %seen = ();
-    $seen{''} = 1;      # So that empty keys are skipped
-    foreach my $e (@translated) {
-      # To avoid double-counting due to recursion, skip a stack-trace
-      # entry if it has already been seen
-      if (!$seen{$e}) {
-        $seen{$e} = 1;
-        push(@path, $e);
-      }
-    }
-    my $reduced_path = join("\n", @path);
-    AddEntry($result, $reduced_path, $count);
-  }
-  return $result;
-}
-
-# Does the specified symbol array match the regexp?
-sub SymbolMatches {
-  my $sym = shift;
-  my $re = shift;
-  if (defined($sym)) {
-    for (my $i = 0; $i < $#{$sym}; $i += 3) {
-      if ($sym->[$i] =~ m/$re/ || $sym->[$i+1] =~ m/$re/) {
-        return 1;
-      }
-    }
-  }
-  return 0;
-}
-
-# Focus only on paths involving specified regexps
-sub FocusProfile {
-  my $symbols = shift;
-  my $profile = shift;
-  my $focus = shift;
-  my $result = {};
-  foreach my $k (keys(%{$profile})) {
-    my $count = $profile->{$k};
-    my @addrs = split(/\n/, $k);
-    foreach my $a (@addrs) {
-      # Reply if it matches either the address/shortname/fileline
-      if (($a =~ m/$focus/) || SymbolMatches($symbols->{$a}, $focus)) {
-        AddEntry($result, $k, $count);
-        last;
-      }
-    }
-  }
-  return $result;
-}
-
-# Focus only on paths not involving specified regexps
-sub IgnoreProfile {
-  my $symbols = shift;
-  my $profile = shift;
-  my $ignore = shift;
-  my $result = {};
-  foreach my $k (keys(%{$profile})) {
-    my $count = $profile->{$k};
-    my @addrs = split(/\n/, $k);
-    my $matched = 0;
-    foreach my $a (@addrs) {
-      # Reply if it matches either the address/shortname/fileline
-      if (($a =~ m/$ignore/) || SymbolMatches($symbols->{$a}, $ignore)) {
-        $matched = 1;
-        last;
-      }
-    }
-    if (!$matched) {
-      AddEntry($result, $k, $count);
-    }
-  }
-  return $result;
-}
-
-# Get total count in profile
-sub TotalProfile {
-  my $profile = shift;
-  my $result = 0;
-  foreach my $k (keys(%{$profile})) {
-    $result += $profile->{$k};
-  }
-  return $result;
-}
-
-# Add A to B
-sub AddProfile {
-  my $A = shift;
-  my $B = shift;
-
-  my $R = {};
-  # add all keys in A
-  foreach my $k (keys(%{$A})) {
-    my $v = $A->{$k};
-    AddEntry($R, $k, $v);
-  }
-  # add all keys in B
-  foreach my $k (keys(%{$B})) {
-    my $v = $B->{$k};
-    AddEntry($R, $k, $v);
-  }
-  return $R;
-}
-
-# Merges symbol maps
-sub MergeSymbols {
-  my $A = shift;
-  my $B = shift;
-
-  my $R = {};
-  foreach my $k (keys(%{$A})) {
-    $R->{$k} = $A->{$k};
-  }
-  if (defined($B)) {
-    foreach my $k (keys(%{$B})) {
-      $R->{$k} = $B->{$k};
-    }
-  }
-  return $R;
-}
-
-
-# Add A to B
-sub AddPcs {
-  my $A = shift;
-  my $B = shift;
-
-  my $R = {};
-  # add all keys in A
-  foreach my $k (keys(%{$A})) {
-    $R->{$k} = 1
-  }
-  # add all keys in B
-  foreach my $k (keys(%{$B})) {
-    $R->{$k} = 1
-  }
-  return $R;
-}
-
-# Subtract B from A
-sub SubtractProfile {
-  my $A = shift;
-  my $B = shift;
-
-  my $R = {};
-  foreach my $k (keys(%{$A})) {
-    my $v = $A->{$k} - GetEntry($B, $k);
-    if ($v < 0 && $main::opt_drop_negative) {
-      $v = 0;
-    }
-    AddEntry($R, $k, $v);
-  }
-  if (!$main::opt_drop_negative) {
-    # Take care of when subtracted profile has more entries
-    foreach my $k (keys(%{$B})) {
-      if (!exists($A->{$k})) {
-        AddEntry($R, $k, 0 - $B->{$k});
-      }
-    }
-  }
-  return $R;
-}
-
-# Get entry from profile; zero if not present
-sub GetEntry {
-  my $profile = shift;
-  my $k = shift;
-  if (exists($profile->{$k})) {
-    return $profile->{$k};
-  } else {
-    return 0;
-  }
-}
-
-# Add entry to specified profile
-sub AddEntry {
-  my $profile = shift;
-  my $k = shift;
-  my $n = shift;
-  if (!exists($profile->{$k})) {
-    $profile->{$k} = 0;
-  }
-  $profile->{$k} += $n;
-}
-
-# Add a stack of entries to specified profile, and add them to the $pcs
-# list.
-sub AddEntries {
-  my $profile = shift;
-  my $pcs = shift;
-  my $stack = shift;
-  my $count = shift;
-  my @k = ();
-
-  foreach my $e (split(/\s+/, $stack)) {
-    my $pc = HexExtend($e);
-    $pcs->{$pc} = 1;
-    push @k, $pc;
-  }
-  AddEntry($profile, (join "\n", @k), $count);
-}
-
-##### Code to profile a server dynamically #####
-
-sub CheckSymbolPage {
-  my $url = SymbolPageURL();
-  my $command = ShellEscape(@URL_FETCHER, $url);
-  open(SYMBOL, "$command |") or error($command);
-  my $line = <SYMBOL>;
-  $line =~ s/\r//g;         # turn windows-looking lines into unix-looking lines
-  close(SYMBOL);
-  unless (defined($line)) {
-    error("$url doesn't exist\n");
-  }
-
-  if ($line =~ /^num_symbols:\s+(\d+)$/) {
-    if ($1 == 0) {
-      error("Stripped binary. No symbols available.\n");
-    }
-  } else {
-    error("Failed to get the number of symbols from $url\n");
-  }
-}
-
-sub IsProfileURL {
-  my $profile_name = shift;
-  if (-f $profile_name) {
-    printf STDERR "Using local file $profile_name.\n";
-    return 0;
-  }
-  return 1;
-}
-
-sub ParseProfileURL {
-  my $profile_name = shift;
-
-  if (!defined($profile_name) || $profile_name eq "") {
-    return ();
-  }
-
-  # Split profile URL - matches all non-empty strings, so no test.
-  $profile_name =~ m,^(https?://)?([^/]+)(.*?)(/|$PROFILES)?$,;
-
-  my $proto = $1 || "http://";
-  my $hostport = $2;
-  my $prefix = $3;
-  my $profile = $4 || "/";
-
-  my $host = $hostport;
-  $host =~ s/:.*//;
-
-  my $baseurl = "$proto$hostport$prefix";
-  return ($host, $baseurl, $profile);
-}
-
-# We fetch symbols from the first profile argument.
-sub SymbolPageURL {
-  my ($host, $baseURL, $path) = ParseProfileURL($main::pfile_args[0]);
-  return "$baseURL$SYMBOL_PAGE";
-}
-
-sub FetchProgramName() {
-  my ($host, $baseURL, $path) = ParseProfileURL($main::pfile_args[0]);
-  my $url = "$baseURL$PROGRAM_NAME_PAGE";
-  my $command_line = ShellEscape(@URL_FETCHER, $url);
-  open(CMDLINE, "$command_line |") or error($command_line);
-  my $cmdline = <CMDLINE>;
-  $cmdline =~ s/\r//g;   # turn windows-looking lines into unix-looking lines
-  close(CMDLINE);
-  error("Failed to get program name from $url\n") unless defined($cmdline);
-  $cmdline =~ s/\x00.+//;  # Remove argv[1] and latters.
-  $cmdline =~ s!\n!!g;  # Remove LFs.
-  return $cmdline;
-}
-
-# Gee, curl's -L (--location) option isn't reliable at least
-# with its 7.12.3 version.  Curl will forget to post data if
-# there is a redirection.  This function is a workaround for
-# curl.  Redirection happens on borg hosts.
-sub ResolveRedirectionForCurl {
-  my $url = shift;
-  my $command_line = ShellEscape(@URL_FETCHER, "--head", $url);
-  open(CMDLINE, "$command_line |") or error($command_line);
-  while (<CMDLINE>) {
-    s/\r//g;         # turn windows-looking lines into unix-looking lines
-    if (/^Location: (.*)/) {
-      $url = $1;
-    }
-  }
-  close(CMDLINE);
-  return $url;
-}
-
-# Add a timeout flat to URL_FETCHER.  Returns a new list.
-sub AddFetchTimeout {
-  my $timeout = shift;
-  my @fetcher = @_;
-  if (defined($timeout)) {
-    if (join(" ", @fetcher) =~ m/\bcurl -s/) {
-      push(@fetcher, "--max-time", sprintf("%d", $timeout));
-    } elsif (join(" ", @fetcher) =~ m/\brpcget\b/) {
-      push(@fetcher, sprintf("--deadline=%d", $timeout));
-    }
-  }
-  return @fetcher;
-}
-
-# Reads a symbol map from the file handle name given as $1, returning
-# the resulting symbol map.  Also processes variables relating to symbols.
-# Currently, the only variable processed is 'binary=<value>' which updates
-# $main::prog to have the correct program name.
-sub ReadSymbols {
-  my $in = shift;
-  my $map = {};
-  while (<$in>) {
-    s/\r//g;         # turn windows-looking lines into unix-looking lines
-    # Removes all the leading zeroes from the symbols, see comment below.
-    if (m/^0x0*([0-9a-f]+)\s+(.+)/) {
-      $map->{$1} = $2;
-    } elsif (m/^---/) {
-      last;
-    } elsif (m/^([a-z][^=]*)=(.*)$/ ) {
-      my ($variable, $value) = ($1, $2);
-      for ($variable, $value) {
-        s/^\s+//;
-        s/\s+$//;
-      }
-      if ($variable eq "binary") {
-        if ($main::prog ne $UNKNOWN_BINARY && $main::prog ne $value) {
-          printf STDERR ("Warning: Mismatched binary name '%s', using '%s'.\n",
-                         $main::prog, $value);
-        }
-        $main::prog = $value;
-      } else {
-        printf STDERR ("Ignoring unknown variable in symbols list: " .
-            "'%s' = '%s'\n", $variable, $value);
-      }
-    }
-  }
-  return $map;
-}
-
-sub URLEncode {
-  my $str = shift;
-  $str =~ s/([^A-Za-z0-9\-_.!~*'()])/ sprintf "%%%02x", ord $1 /eg;
-  return $str;
-}
-
-sub AppendSymbolFilterParams {
-  my $url = shift;
-  my @params = ();
-  if ($main::opt_retain ne '') {
-    push(@params, sprintf("retain=%s", URLEncode($main::opt_retain)));
-  }
-  if ($main::opt_exclude ne '') {
-    push(@params, sprintf("exclude=%s", URLEncode($main::opt_exclude)));
-  }
-  if (scalar @params > 0) {
-    $url = sprintf("%s?%s", $url, join("&", @params));
-  }
-  return $url;
-}
-
-# Fetches and processes symbols to prepare them for use in the profile output
-# code.  If the optional 'symbol_map' arg is not given, fetches symbols from
-# $SYMBOL_PAGE for all PC values found in profile.  Otherwise, the raw symbols
-# are assumed to have already been fetched into 'symbol_map' and are simply
-# extracted and processed.
-sub FetchSymbols {
-  my $pcset = shift;
-  my $symbol_map = shift;
-
-  my %seen = ();
-  my @pcs = grep { !$seen{$_}++ } keys(%$pcset);  # uniq
-
-  if (!defined($symbol_map)) {
-    my $post_data = join("+", sort((map {"0x" . "$_"} @pcs)));
-
-    open(POSTFILE, ">$main::tmpfile_sym");
-    print POSTFILE $post_data;
-    close(POSTFILE);
-
-    my $url = SymbolPageURL();
-
-    my $command_line;
-    if (join(" ", @URL_FETCHER) =~ m/\bcurl -s/) {
-      $url = ResolveRedirectionForCurl($url);
-      $url = AppendSymbolFilterParams($url);
-      $command_line = ShellEscape(@URL_FETCHER, "-d", "\@$main::tmpfile_sym",
-                                  $url);
-    } else {
-      $url = AppendSymbolFilterParams($url);
-      $command_line = (ShellEscape(@URL_FETCHER, "--post", $url)
-                       . " < " . ShellEscape($main::tmpfile_sym));
-    }
-    # We use c++filt in case $SYMBOL_PAGE gives us mangled symbols.
-    my $escaped_cppfilt = ShellEscape($obj_tool_map{"c++filt"});
-    open(SYMBOL, "$command_line | $escaped_cppfilt |") or error($command_line);
-    $symbol_map = ReadSymbols(*SYMBOL{IO});
-    close(SYMBOL);
-  }
-
-  my $symbols = {};
-  foreach my $pc (@pcs) {
-    my $fullname;
-    # For 64 bits binaries, symbols are extracted with 8 leading zeroes.
-    # Then /symbol reads the long symbols in as uint64, and outputs
-    # the result with a "0x%08llx" format which get rid of the zeroes.
-    # By removing all the leading zeroes in both $pc and the symbols from
-    # /symbol, the symbols match and are retrievable from the map.
-    my $shortpc = $pc;
-    $shortpc =~ s/^0*//;
-    # Each line may have a list of names, which includes the function
-    # and also other functions it has inlined.  They are separated (in
-    # PrintSymbolizedProfile), by --, which is illegal in function names.
-    my $fullnames;
-    if (defined($symbol_map->{$shortpc})) {
-      $fullnames = $symbol_map->{$shortpc};
-    } else {
-      $fullnames = "0x" . $pc;  # Just use addresses
-    }
-    my $sym = [];
-    $symbols->{$pc} = $sym;
-    foreach my $fullname (split("--", $fullnames)) {
-      my $name = ShortFunctionName($fullname);
-      push(@{$sym}, $name, "?", $fullname);
-    }
-  }
-  return $symbols;
-}
-
-sub BaseName {
-  my $file_name = shift;
-  $file_name =~ s!^.*/!!;  # Remove directory name
-  return $file_name;
-}
-
-sub MakeProfileBaseName {
-  my ($binary_name, $profile_name) = @_;
-  my ($host, $baseURL, $path) = ParseProfileURL($profile_name);
-  my $binary_shortname = BaseName($binary_name);
-  return sprintf("%s.%s.%s",
-                 $binary_shortname, $main::op_time, $host);
-}
-
-sub FetchDynamicProfile {
-  my $binary_name = shift;
-  my $profile_name = shift;
-  my $fetch_name_only = shift;
-  my $encourage_patience = shift;
-
-  if (!IsProfileURL($profile_name)) {
-    return $profile_name;
-  } else {
-    my ($host, $baseURL, $path) = ParseProfileURL($profile_name);
-    if ($path eq "" || $path eq "/") {
-      # Missing type specifier defaults to cpu-profile
-      $path = $PROFILE_PAGE;
-    }
-
-    my $profile_file = MakeProfileBaseName($binary_name, $profile_name);
-
-    my $url = "$baseURL$path";
-    my $fetch_timeout = undef;
-    if ($path =~ m/$PROFILE_PAGE|$PMUPROFILE_PAGE/) {
-      if ($path =~ m/[?]/) {
-        $url .= "&";
-      } else {
-        $url .= "?";
-      }
-      $url .= sprintf("seconds=%d", $main::opt_seconds);
-      $fetch_timeout = $main::opt_seconds * 1.01 + 60;
-      # Set $profile_type for consumption by PrintSymbolizedProfile.
-      $main::profile_type = 'cpu';
-    } else {
-      # For non-CPU profiles, we add a type-extension to
-      # the target profile file name.
-      my $suffix = $path;
-      $suffix =~ s,/,.,g;
-      $profile_file .= $suffix;
-      # Set $profile_type for consumption by PrintSymbolizedProfile.
-      if ($path =~ m/$HEAP_PAGE/) {
-        $main::profile_type = 'heap';
-      } elsif ($path =~ m/$GROWTH_PAGE/) {
-        $main::profile_type = 'growth';
-      } elsif ($path =~ m/$CONTENTION_PAGE/) {
-        $main::profile_type = 'contention';
-      }
-    }
-
-    my $profile_dir = $ENV{"JEPROF_TMPDIR"} || ($ENV{HOME} . "/jeprof");
-    if (! -d $profile_dir) {
-      mkdir($profile_dir)
-          || die("Unable to create profile directory $profile_dir: $!\n");
-    }
-    my $tmp_profile = "$profile_dir/.tmp.$profile_file";
-    my $real_profile = "$profile_dir/$profile_file";
-
-    if ($fetch_name_only > 0) {
-      return $real_profile;
-    }
-
-    my @fetcher = AddFetchTimeout($fetch_timeout, @URL_FETCHER);
-    my $cmd = ShellEscape(@fetcher, $url) . " > " . ShellEscape($tmp_profile);
-    if ($path =~ m/$PROFILE_PAGE|$PMUPROFILE_PAGE|$CENSUSPROFILE_PAGE/){
-      print STDERR "Gathering CPU profile from $url for $main::opt_seconds seconds to\n  ${real_profile}\n";
-      if ($encourage_patience) {
-        print STDERR "Be patient...\n";
-      }
-    } else {
-      print STDERR "Fetching $path profile from $url to\n  ${real_profile}\n";
-    }
-
-    (system($cmd) == 0) || error("Failed to get profile: $cmd: $!\n");
-    (system("mv", $tmp_profile, $real_profile) == 0) || error("Unable to rename profile\n");
-    print STDERR "Wrote profile to $real_profile\n";
-    $main::collected_profile = $real_profile;
-    return $main::collected_profile;
-  }
-}
-
-# Collect profiles in parallel
-sub FetchDynamicProfiles {
-  my $items = scalar(@main::pfile_args);
-  my $levels = log($items) / log(2);
-
-  if ($items == 1) {
-    $main::profile_files[0] = FetchDynamicProfile($main::prog, $main::pfile_args[0], 0, 1);
-  } else {
-    # math rounding issues
-    if ((2 ** $levels) < $items) {
-     $levels++;
-    }
-    my $count = scalar(@main::pfile_args);
-    for (my $i = 0; $i < $count; $i++) {
-      $main::profile_files[$i] = FetchDynamicProfile($main::prog, $main::pfile_args[$i], 1, 0);
-    }
-    print STDERR "Fetching $count profiles, Be patient...\n";
-    FetchDynamicProfilesRecurse($levels, 0, 0);
-    $main::collected_profile = join(" \\\n    ", @main::profile_files);
-  }
-}
-
-# Recursively fork a process to get enough processes
-# collecting profiles
-sub FetchDynamicProfilesRecurse {
-  my $maxlevel = shift;
-  my $level = shift;
-  my $position = shift;
-
-  if (my $pid = fork()) {
-    $position = 0 | ($position << 1);
-    TryCollectProfile($maxlevel, $level, $position);
-    wait;
-  } else {
-    $position = 1 | ($position << 1);
-    TryCollectProfile($maxlevel, $level, $position);
-    cleanup();
-    exit(0);
-  }
-}
-
-# Collect a single profile
-sub TryCollectProfile {
-  my $maxlevel = shift;
-  my $level = shift;
-  my $position = shift;
-
-  if ($level >= ($maxlevel - 1)) {
-    if ($position < scalar(@main::pfile_args)) {
-      FetchDynamicProfile($main::prog, $main::pfile_args[$position], 0, 0);
-    }
-  } else {
-    FetchDynamicProfilesRecurse($maxlevel, $level+1, $position);
-  }
-}
-
-##### Parsing code #####
-
-# Provide a small streaming-read module to handle very large
-# cpu-profile files.  Stream in chunks along a sliding window.
-# Provides an interface to get one 'slot', correctly handling
-# endian-ness differences.  A slot is one 32-bit or 64-bit word
-# (depending on the input profile).  We tell endianness and bit-size
-# for the profile by looking at the first 8 bytes: in cpu profiles,
-# the second slot is always 3 (we'll accept anything that's not 0).
-BEGIN {
-  package CpuProfileStream;
-
-  sub new {
-    my ($class, $file, $fname) = @_;
-    my $self = { file        => $file,
-                 base        => 0,
-                 stride      => 512 * 1024,   # must be a multiple of bitsize/8
-                 slots       => [],
-                 unpack_code => "",           # N for big-endian, V for little
-                 perl_is_64bit => 1,          # matters if profile is 64-bit
-    };
-    bless $self, $class;
-    # Let unittests adjust the stride
-    if ($main::opt_test_stride > 0) {
-      $self->{stride} = $main::opt_test_stride;
-    }
-    # Read the first two slots to figure out bitsize and endianness.
-    my $slots = $self->{slots};
-    my $str;
-    read($self->{file}, $str, 8);
-    # Set the global $address_length based on what we see here.
-    # 8 is 32-bit (8 hexadecimal chars); 16 is 64-bit (16 hexadecimal chars).
-    $address_length = ($str eq (chr(0)x8)) ? 16 : 8;
-    if ($address_length == 8) {
-      if (substr($str, 6, 2) eq chr(0)x2) {
-        $self->{unpack_code} = 'V';  # Little-endian.
-      } elsif (substr($str, 4, 2) eq chr(0)x2) {
-        $self->{unpack_code} = 'N';  # Big-endian
-      } else {
-        ::error("$fname: header size >= 2**16\n");
-      }
-      @$slots = unpack($self->{unpack_code} . "*", $str);
-    } else {
-      # If we're a 64-bit profile, check if we're a 64-bit-capable
-      # perl.  Otherwise, each slot will be represented as a float
-      # instead of an int64, losing precision and making all the
-      # 64-bit addresses wrong.  We won't complain yet, but will
-      # later if we ever see a value that doesn't fit in 32 bits.
-      my $has_q = 0;
-      eval { $has_q = pack("Q", "1") ? 1 : 1; };
-      if (!$has_q) {
-        $self->{perl_is_64bit} = 0;
-      }
-      read($self->{file}, $str, 8);
-      if (substr($str, 4, 4) eq chr(0)x4) {
-        # We'd love to use 'Q', but it's a) not universal, b) not endian-proof.
-        $self->{unpack_code} = 'V';  # Little-endian.
-      } elsif (substr($str, 0, 4) eq chr(0)x4) {
-        $self->{unpack_code} = 'N';  # Big-endian
-      } else {
-        ::error("$fname: header size >= 2**32\n");
-      }
-      my @pair = unpack($self->{unpack_code} . "*", $str);
-      # Since we know one of the pair is 0, it's fine to just add them.
-      @$slots = (0, $pair[0] + $pair[1]);
-    }
-    return $self;
-  }
-
-  # Load more data when we access slots->get(X) which is not yet in memory.
-  sub overflow {
-    my ($self) = @_;
-    my $slots = $self->{slots};
-    $self->{base} += $#$slots + 1;   # skip over data we're replacing
-    my $str;
-    read($self->{file}, $str, $self->{stride});
-    if ($address_length == 8) {      # the 32-bit case
-      # This is the easy case: unpack provides 32-bit unpacking primitives.
-      @$slots = unpack($self->{unpack_code} . "*", $str);
-    } else {
-      # We need to unpack 32 bits at a time and combine.
-      my @b32_values = unpack($self->{unpack_code} . "*", $str);
-      my @b64_values = ();
-      for (my $i = 0; $i < $#b32_values; $i += 2) {
-        # TODO(csilvers): if this is a 32-bit perl, the math below
-        #    could end up in a too-large int, which perl will promote
-        #    to a double, losing necessary precision.  Deal with that.
-        #    Right now, we just die.
-        my ($lo, $hi) = ($b32_values[$i], $b32_values[$i+1]);
-        if ($self->{unpack_code} eq 'N') {    # big-endian
-          ($lo, $hi) = ($hi, $lo);
-        }
-        my $value = $lo + $hi * (2**32);
-        if (!$self->{perl_is_64bit} &&   # check value is exactly represented
-            (($value % (2**32)) != $lo || int($value / (2**32)) != $hi)) {
-          ::error("Need a 64-bit perl to process this 64-bit profile.\n");
-        }
-        push(@b64_values, $value);
-      }
-      @$slots = @b64_values;
-    }
-  }
-
-  # Access the i-th long in the file (logically), or -1 at EOF.
-  sub get {
-    my ($self, $idx) = @_;
-    my $slots = $self->{slots};
-    while ($#$slots >= 0) {
-      if ($idx < $self->{base}) {
-        # The only time we expect a reference to $slots[$i - something]
-        # after referencing $slots[$i] is reading the very first header.
-        # Since $stride > |header|, that shouldn't cause any lookback
-        # errors.  And everything after the header is sequential.
-        print STDERR "Unexpected look-back reading CPU profile";
-        return -1;   # shrug, don't know what better to return
-      } elsif ($idx > $self->{base} + $#$slots) {
-        $self->overflow();
-      } else {
-        return $slots->[$idx - $self->{base}];
-      }
-    }
-    # If we get here, $slots is [], which means we've reached EOF
-    return -1;  # unique since slots is supposed to hold unsigned numbers
-  }
-}
-
-# Reads the top, 'header' section of a profile, and returns the last
-# line of the header, commonly called a 'header line'.  The header
-# section of a profile consists of zero or more 'command' lines that
-# are instructions to jeprof, which jeprof executes when reading the
-# header.  All 'command' lines start with a %.  After the command
-# lines is the 'header line', which is a profile-specific line that
-# indicates what type of profile it is, and perhaps other global
-# information about the profile.  For instance, here's a header line
-# for a heap profile:
-#   heap profile:     53:    38236 [  5525:  1284029] @ heapprofile
-# For historical reasons, the CPU profile does not contain a text-
-# readable header line.  If the profile looks like a CPU profile,
-# this function returns "".  If no header line could be found, this
-# function returns undef.
-#
-# The following commands are recognized:
-#   %warn -- emit the rest of this line to stderr, prefixed by 'WARNING:'
-#
-# The input file should be in binmode.
-sub ReadProfileHeader {
-  local *PROFILE = shift;
-  my $firstchar = "";
-  my $line = "";
-  read(PROFILE, $firstchar, 1);
-  seek(PROFILE, -1, 1);                    # unread the firstchar
-  if ($firstchar !~ /[[:print:]]/) {       # is not a text character
-    return "";
-  }
-  while (defined($line = <PROFILE>)) {
-    $line =~ s/\r//g;   # turn windows-looking lines into unix-looking lines
-    if ($line =~ /^%warn\s+(.*)/) {        # 'warn' command
-      # Note this matches both '%warn blah\n' and '%warn\n'.
-      print STDERR "WARNING: $1\n";        # print the rest of the line
-    } elsif ($line =~ /^%/) {
-      print STDERR "Ignoring unknown command from profile header: $line";
-    } else {
-      # End of commands, must be the header line.
-      return $line;
-    }
-  }
-  return undef;     # got to EOF without seeing a header line
-}
-
-sub IsSymbolizedProfileFile {
-  my $file_name = shift;
-  if (!(-e $file_name) || !(-r $file_name)) {
-    return 0;
-  }
-  # Check if the file contains a symbol-section marker.
-  open(TFILE, "<$file_name");
-  binmode TFILE;
-  my $firstline = ReadProfileHeader(*TFILE);
-  close(TFILE);
-  if (!$firstline) {
-    return 0;
-  }
-  $SYMBOL_PAGE =~ m,[^/]+$,;    # matches everything after the last slash
-  my $symbol_marker = $&;
-  return $firstline =~ /^--- *$symbol_marker/;
-}
-
-# Parse profile generated by common/profiler.cc and return a reference
-# to a map:
-#      $result->{version}     Version number of profile file
-#      $result->{period}      Sampling period (in microseconds)
-#      $result->{profile}     Profile object
-#      $result->{threads}     Map of thread IDs to profile objects
-#      $result->{map}         Memory map info from profile
-#      $result->{pcs}         Hash of all PC values seen, key is hex address
-sub ReadProfile {
-  my $prog = shift;
-  my $fname = shift;
-  my $result;            # return value
-
-  $CONTENTION_PAGE =~ m,[^/]+$,;    # matches everything after the last slash
-  my $contention_marker = $&;
-  $GROWTH_PAGE  =~ m,[^/]+$,;    # matches everything after the last slash
-  my $growth_marker = $&;
-  $SYMBOL_PAGE =~ m,[^/]+$,;    # matches everything after the last slash
-  my $symbol_marker = $&;
-  $PROFILE_PAGE =~ m,[^/]+$,;    # matches everything after the last slash
-  my $profile_marker = $&;
-  $HEAP_PAGE =~ m,[^/]+$,;    # matches everything after the last slash
-  my $heap_marker = $&;
-
-  # Look at first line to see if it is a heap or a CPU profile.
-  # CPU profile may start with no header at all, and just binary data
-  # (starting with \0\0\0\0) -- in that case, don't try to read the
-  # whole firstline, since it may be gigabytes(!) of data.
-  open(PROFILE, "<$fname") || error("$fname: $!\n");
-  binmode PROFILE;      # New perls do UTF-8 processing
-  my $header = ReadProfileHeader(*PROFILE);
-  if (!defined($header)) {   # means "at EOF"
-    error("Profile is empty.\n");
-  }
-
-  my $symbols;
-  if ($header =~ m/^--- *$symbol_marker/o) {
-    # Verify that the user asked for a symbolized profile
-    if (!$main::use_symbolized_profile) {
-      # we have both a binary and symbolized profiles, abort
-      error("FATAL ERROR: Symbolized profile\n   $fname\ncannot be used with " .
-            "a binary arg. Try again without passing\n   $prog\n");
-    }
-    # Read the symbol section of the symbolized profile file.
-    $symbols = ReadSymbols(*PROFILE{IO});
-    # Read the next line to get the header for the remaining profile.
-    $header = ReadProfileHeader(*PROFILE) || "";
-  }
-
-  if ($header =~ m/^--- *($heap_marker|$growth_marker)/o) {
-    # Skip "--- ..." line for profile types that have their own headers.
-    $header = ReadProfileHeader(*PROFILE) || "";
-  }
-
-  $main::profile_type = '';
-
-  if ($header =~ m/^heap profile:.*$growth_marker/o) {
-    $main::profile_type = 'growth';
-    $result =  ReadHeapProfile($prog, *PROFILE, $header);
-  } elsif ($header =~ m/^heap profile:/) {
-    $main::profile_type = 'heap';
-    $result =  ReadHeapProfile($prog, *PROFILE, $header);
-  } elsif ($header =~ m/^heap/) {
-    $main::profile_type = 'heap';
-    $result = ReadThreadedHeapProfile($prog, $fname, $header);
-  } elsif ($header =~ m/^--- *$contention_marker/o) {
-    $main::profile_type = 'contention';
-    $result = ReadSynchProfile($prog, *PROFILE);
-  } elsif ($header =~ m/^--- *Stacks:/) {
-    print STDERR
-      "Old format contention profile: mistakenly reports " .
-      "condition variable signals as lock contentions.\n";
-    $main::profile_type = 'contention';
-    $result = ReadSynchProfile($prog, *PROFILE);
-  } elsif ($header =~ m/^--- *$profile_marker/) {
-    # the binary cpu profile data starts immediately after this line
-    $main::profile_type = 'cpu';
-    $result = ReadCPUProfile($prog, $fname, *PROFILE);
-  } else {
-    if (defined($symbols)) {
-      # a symbolized profile contains a format we don't recognize, bail out
-      error("$fname: Cannot recognize profile section after symbols.\n");
-    }
-    # no ascii header present -- must be a CPU profile
-    $main::profile_type = 'cpu';
-    $result = ReadCPUProfile($prog, $fname, *PROFILE);
-  }
-
-  close(PROFILE);
-
-  # if we got symbols along with the profile, return those as well
-  if (defined($symbols)) {
-    $result->{symbols} = $symbols;
-  }
-
-  return $result;
-}
-
-# Subtract one from caller pc so we map back to call instr.
-# However, don't do this if we're reading a symbolized profile
-# file, in which case the subtract-one was done when the file
-# was written.
-#
-# We apply the same logic to all readers, though ReadCPUProfile uses an
-# independent implementation.
-sub FixCallerAddresses {
-  my $stack = shift;
-  # --raw/http: Always subtract one from pc's, because PrintSymbolizedProfile()
-  # dumps unadjusted profiles.
-  {
-    $stack =~ /(\s)/;
-    my $delimiter = $1;
-    my @addrs = split(' ', $stack);
-    my @fixedaddrs;
-    $#fixedaddrs = $#addrs;
-    if ($#addrs >= 0) {
-      $fixedaddrs[0] = $addrs[0];
-    }
-    for (my $i = 1; $i <= $#addrs; $i++) {
-      $fixedaddrs[$i] = AddressSub($addrs[$i], "0x1");
-    }
-    return join $delimiter, @fixedaddrs;
-  }
-}
-
-# CPU profile reader
-sub ReadCPUProfile {
-  my $prog = shift;
-  my $fname = shift;       # just used for logging
-  local *PROFILE = shift;
-  my $version;
-  my $period;
-  my $i;
-  my $profile = {};
-  my $pcs = {};
-
-  # Parse string into array of slots.
-  my $slots = CpuProfileStream->new(*PROFILE, $fname);
-
-  # Read header.  The current header version is a 5-element structure
-  # containing:
-  #   0: header count (always 0)
-  #   1: header "words" (after this one: 3)
-  #   2: format version (0)
-  #   3: sampling period (usec)
-  #   4: unused padding (always 0)
-  if ($slots->get(0) != 0 ) {
-    error("$fname: not a profile file, or old format profile file\n");
-  }
-  $i = 2 + $slots->get(1);
-  $version = $slots->get(2);
-  $period = $slots->get(3);
-  # Do some sanity checking on these header values.
-  if ($version > (2**32) || $period > (2**32) || $i > (2**32) || $i < 5) {
-    error("$fname: not a profile file, or corrupted profile file\n");
-  }
-
-  # Parse profile
-  while ($slots->get($i) != -1) {
-    my $n = $slots->get($i++);
-    my $d = $slots->get($i++);
-    if ($d > (2**16)) {  # TODO(csilvers): what's a reasonable max-stack-depth?
-      my $addr = sprintf("0%o", $i * ($address_length == 8 ? 4 : 8));
-      print STDERR "At index $i (address $addr):\n";
-      error("$fname: stack trace depth >= 2**32\n");
-    }
-    if ($slots->get($i) == 0) {
-      # End of profile data marker
-      $i += $d;
-      last;
-    }
-
-    # Make key out of the stack entries
-    my @k = ();
-    for (my $j = 0; $j < $d; $j++) {
-      my $pc = $slots->get($i+$j);
-      # Subtract one from caller pc so we map back to call instr.
-      $pc--;
-      $pc = sprintf("%0*x", $address_length, $pc);
-      $pcs->{$pc} = 1;
-      push @k, $pc;
-    }
-
-    AddEntry($profile, (join "\n", @k), $n);
-    $i += $d;
-  }
-
-  # Parse map
-  my $map = '';
-  seek(PROFILE, $i * 4, 0);
-  read(PROFILE, $map, (stat PROFILE)[7]);
-
-  my $r = {};
-  $r->{version} = $version;
-  $r->{period} = $period;
-  $r->{profile} = $profile;
-  $r->{libs} = ParseLibraries($prog, $map, $pcs);
-  $r->{pcs} = $pcs;
-
-  return $r;
-}
-
-sub HeapProfileIndex {
-  my $index = 1;
-  if ($main::opt_inuse_space) {
-    $index = 1;
-  } elsif ($main::opt_inuse_objects) {
-    $index = 0;
-  } elsif ($main::opt_alloc_space) {
-    $index = 3;
-  } elsif ($main::opt_alloc_objects) {
-    $index = 2;
-  }
-  return $index;
-}
-
-sub ReadMappedLibraries {
-  my $fh = shift;
-  my $map = "";
-  # Read the /proc/self/maps data
-  while (<$fh>) {
-    s/\r//g;         # turn windows-looking lines into unix-looking lines
-    $map .= $_;
-  }
-  return $map;
-}
-
-sub ReadMemoryMap {
-  my $fh = shift;
-  my $map = "";
-  # Read /proc/self/maps data as formatted by DumpAddressMap()
-  my $buildvar = "";
-  while (<PROFILE>) {
-    s/\r//g;         # turn windows-looking lines into unix-looking lines
-    # Parse "build=<dir>" specification if supplied
-    if (m/^\s*build=(.*)\n/) {
-      $buildvar = $1;
-    }
-
-    # Expand "$build" variable if available
-    $_ =~ s/\$build\b/$buildvar/g;
-
-    $map .= $_;
-  }
-  return $map;
-}
-
-sub AdjustSamples {
-  my ($sample_adjustment, $sampling_algorithm, $n1, $s1, $n2, $s2) = @_;
-  if ($sample_adjustment) {
-    if ($sampling_algorithm == 2) {
-      # Remote-heap version 2
-      # The sampling frequency is the rate of a Poisson process.
-      # This means that the probability of sampling an allocation of
-      # size X with sampling rate Y is 1 - exp(-X/Y)
-      if ($n1 != 0) {
-        my $ratio = (($s1*1.0)/$n1)/($sample_adjustment);
-        my $scale_factor = 1/(1 - exp(-$ratio));
-        $n1 *= $scale_factor;
-        $s1 *= $scale_factor;
-      }
-      if ($n2 != 0) {
-        my $ratio = (($s2*1.0)/$n2)/($sample_adjustment);
-        my $scale_factor = 1/(1 - exp(-$ratio));
-        $n2 *= $scale_factor;
-        $s2 *= $scale_factor;
-      }
-    } else {
-      # Remote-heap version 1
-      my $ratio;
-      $ratio = (($s1*1.0)/$n1)/($sample_adjustment);
-      if ($ratio < 1) {
-        $n1 /= $ratio;
-        $s1 /= $ratio;
-      }
-      $ratio = (($s2*1.0)/$n2)/($sample_adjustment);
-      if ($ratio < 1) {
-        $n2 /= $ratio;
-        $s2 /= $ratio;
-      }
-    }
-  }
-  return ($n1, $s1, $n2, $s2);
-}
-
-sub ReadHeapProfile {
-  my $prog = shift;
-  local *PROFILE = shift;
-  my $header = shift;
-
-  my $index = HeapProfileIndex();
-
-  # Find the type of this profile.  The header line looks like:
-  #    heap profile:   1246:  8800744 [  1246:  8800744] @ <heap-url>/266053
-  # There are two pairs <count: size>, the first inuse objects/space, and the
-  # second allocated objects/space.  This is followed optionally by a profile
-  # type, and if that is present, optionally by a sampling frequency.
-  # For remote heap profiles (v1):
-  # The interpretation of the sampling frequency is that the profiler, for
-  # each sample, calculates a uniformly distributed random integer less than
-  # the given value, and records the next sample after that many bytes have
-  # been allocated.  Therefore, the expected sample interval is half of the
-  # given frequency.  By default, if not specified, the expected sample
-  # interval is 128KB.  Only remote-heap-page profiles are adjusted for
-  # sample size.
-  # For remote heap profiles (v2):
-  # The sampling frequency is the rate of a Poisson process. This means that
-  # the probability of sampling an allocation of size X with sampling rate Y
-  # is 1 - exp(-X/Y)
-  # For version 2, a typical header line might look like this:
-  # heap profile:   1922: 127792360 [  1922: 127792360] @ <heap-url>_v2/524288
-  # the trailing number (524288) is the sampling rate. (Version 1 showed
-  # double the 'rate' here)
-  my $sampling_algorithm = 0;
-  my $sample_adjustment = 0;
-  chomp($header);
-  my $type = "unknown";
-  if ($header =~ m"^heap profile:\s*(\d+):\s+(\d+)\s+\[\s*(\d+):\s+(\d+)\](\s*@\s*([^/]*)(/(\d+))?)?") {
-    if (defined($6) && ($6 ne '')) {
-      $type = $6;
-      my $sample_period = $8;
-      # $type is "heapprofile" for profiles generated by the
-      # heap-profiler, and either "heap" or "heap_v2" for profiles
-      # generated by sampling directly within tcmalloc.  It can also
-      # be "growth" for heap-growth profiles.  The first is typically
-      # found for profiles generated locally, and the others for
-      # remote profiles.
-      if (($type eq "heapprofile") || ($type !~ /heap/) ) {
-        # No need to adjust for the sampling rate with heap-profiler-derived data
-        $sampling_algorithm = 0;
-      } elsif ($type =~ /_v2/) {
-        $sampling_algorithm = 2;     # version 2 sampling
-        if (defined($sample_period) && ($sample_period ne '')) {
-          $sample_adjustment = int($sample_period);
-        }
-      } else {
-        $sampling_algorithm = 1;     # version 1 sampling
-        if (defined($sample_period) && ($sample_period ne '')) {
-          $sample_adjustment = int($sample_period)/2;
-        }
-      }
-    } else {
-      # We detect whether or not this is a remote-heap profile by checking
-      # that the total-allocated stats ($n2,$s2) are exactly the
-      # same as the in-use stats ($n1,$s1).  It is remotely conceivable
-      # that a non-remote-heap profile may pass this check, but it is hard
-      # to imagine how that could happen.
-      # In this case it's so old it's guaranteed to be remote-heap version 1.
-      my ($n1, $s1, $n2, $s2) = ($1, $2, $3, $4);
-      if (($n1 == $n2) && ($s1 == $s2)) {
-        # This is likely to be a remote-heap based sample profile
-        $sampling_algorithm = 1;
-      }
-    }
-  }
-
-  if ($sampling_algorithm > 0) {
-    # For remote-heap generated profiles, adjust the counts and sizes to
-    # account for the sample rate (we sample once every 128KB by default).
-    if ($sample_adjustment == 0) {
-      # Turn on profile adjustment.
-      $sample_adjustment = 128*1024;
-      print STDERR "Adjusting heap profiles for 1-in-128KB sampling rate\n";
-    } else {
-      printf STDERR ("Adjusting heap profiles for 1-in-%d sampling rate\n",
-                     $sample_adjustment);
-    }
-    if ($sampling_algorithm > 1) {
-      # We don't bother printing anything for the original version (version 1)
-      printf STDERR "Heap version $sampling_algorithm\n";
-    }
-  }
-
-  my $profile = {};
-  my $pcs = {};
-  my $map = "";
-
-  while (<PROFILE>) {
-    s/\r//g;         # turn windows-looking lines into unix-looking lines
-    if (/^MAPPED_LIBRARIES:/) {
-      $map .= ReadMappedLibraries(*PROFILE);
-      last;
-    }
-
-    if (/^--- Memory map:/) {
-      $map .= ReadMemoryMap(*PROFILE);
-      last;
-    }
-
-    # Read entry of the form:
-    #  <count1>: <bytes1> [<count2>: <bytes2>] @ a1 a2 a3 ... an
-    s/^\s*//;
-    s/\s*$//;
-    if (m/^\s*(\d+):\s+(\d+)\s+\[\s*(\d+):\s+(\d+)\]\s+@\s+(.*)$/) {
-      my $stack = $5;
-      my ($n1, $s1, $n2, $s2) = ($1, $2, $3, $4);
-      my @counts = AdjustSamples($sample_adjustment, $sampling_algorithm,
-                                 $n1, $s1, $n2, $s2);
-      AddEntries($profile, $pcs, FixCallerAddresses($stack), $counts[$index]);
-    }
-  }
-
-  my $r = {};
-  $r->{version} = "heap";
-  $r->{period} = 1;
-  $r->{profile} = $profile;
-  $r->{libs} = ParseLibraries($prog, $map, $pcs);
-  $r->{pcs} = $pcs;
-  return $r;
-}
-
-sub ReadThreadedHeapProfile {
-  my ($prog, $fname, $header) = @_;
-
-  my $index = HeapProfileIndex();
-  my $sampling_algorithm = 0;
-  my $sample_adjustment = 0;
-  chomp($header);
-  my $type = "unknown";
-  # Assuming a very specific type of header for now.
-  if ($header =~ m"^heap_v2/(\d+)") {
-    $type = "_v2";
-    $sampling_algorithm = 2;
-    $sample_adjustment = int($1);
-  }
-  if ($type ne "_v2" || !defined($sample_adjustment)) {
-    die "Threaded heap profiles require v2 sampling with a sample rate\n";
-  }
-
-  my $profile = {};
-  my $thread_profiles = {};
-  my $pcs = {};
-  my $map = "";
-  my $stack = "";
-
-  while (<PROFILE>) {
-    s/\r//g;
-    if (/^MAPPED_LIBRARIES:/) {
-      $map .= ReadMappedLibraries(*PROFILE);
-      last;
-    }
-
-    if (/^--- Memory map:/) {
-      $map .= ReadMemoryMap(*PROFILE);
-      last;
-    }
-
-    # Read entry of the form:
-    # @ a1 a2 ... an
-    #   t*: <count1>: <bytes1> [<count2>: <bytes2>]
-    #   t1: <count1>: <bytes1> [<count2>: <bytes2>]
-    #     ...
-    #   tn: <count1>: <bytes1> [<count2>: <bytes2>]
-    s/^\s*//;
-    s/\s*$//;
-    if (m/^@\s+(.*)$/) {
-      $stack = $1;
-    } elsif (m/^\s*(t(\*|\d+)):\s+(\d+):\s+(\d+)\s+\[\s*(\d+):\s+(\d+)\]$/) {
-      if ($stack eq "") {
-        # Still in the header, so this is just a per-thread summary.
-        next;
-      }
-      my $thread = $2;
-      my ($n1, $s1, $n2, $s2) = ($3, $4, $5, $6);
-      my @counts = AdjustSamples($sample_adjustment, $sampling_algorithm,
-                                 $n1, $s1, $n2, $s2);
-      if ($thread eq "*") {
-        AddEntries($profile, $pcs, FixCallerAddresses($stack), $counts[$index]);
-      } else {
-        if (!exists($thread_profiles->{$thread})) {
-          $thread_profiles->{$thread} = {};
-        }
-        AddEntries($thread_profiles->{$thread}, $pcs,
-                   FixCallerAddresses($stack), $counts[$index]);
-      }
-    }
-  }
-
-  my $r = {};
-  $r->{version} = "heap";
-  $r->{period} = 1;
-  $r->{profile} = $profile;
-  $r->{threads} = $thread_profiles;
-  $r->{libs} = ParseLibraries($prog, $map, $pcs);
-  $r->{pcs} = $pcs;
-  return $r;
-}
-
-sub ReadSynchProfile {
-  my $prog = shift;
-  local *PROFILE = shift;
-  my $header = shift;
-
-  my $map = '';
-  my $profile = {};
-  my $pcs = {};
-  my $sampling_period = 1;
-  my $cyclespernanosec = 2.8;   # Default assumption for old binaries
-  my $seen_clockrate = 0;
-  my $line;
-
-  my $index = 0;
-  if ($main::opt_total_delay) {
-    $index = 0;
-  } elsif ($main::opt_contentions) {
-    $index = 1;
-  } elsif ($main::opt_mean_delay) {
-    $index = 2;
-  }
-
-  while ( $line = <PROFILE> ) {
-    $line =~ s/\r//g;      # turn windows-looking lines into unix-looking lines
-    if ( $line =~ /^\s*(\d+)\s+(\d+) \@\s*(.*?)\s*$/ ) {
-      my ($cycles, $count, $stack) = ($1, $2, $3);
-
-      # Convert cycles to nanoseconds
-      $cycles /= $cyclespernanosec;
-
-      # Adjust for sampling done by application
-      $cycles *= $sampling_period;
-      $count *= $sampling_period;
-
-      my @values = ($cycles, $count, $cycles / $count);
-      AddEntries($profile, $pcs, FixCallerAddresses($stack), $values[$index]);
-
-    } elsif ( $line =~ /^(slow release).*thread \d+  \@\s*(.*?)\s*$/ ||
-              $line =~ /^\s*(\d+) \@\s*(.*?)\s*$/ ) {
-      my ($cycles, $stack) = ($1, $2);
-      if ($cycles !~ /^\d+$/) {
-        next;
-      }
-
-      # Convert cycles to nanoseconds
-      $cycles /= $cyclespernanosec;
-
-      # Adjust for sampling done by application
-      $cycles *= $sampling_period;
-
-      AddEntries($profile, $pcs, FixCallerAddresses($stack), $cycles);
-
-    } elsif ( $line =~ m/^([a-z][^=]*)=(.*)$/ ) {
-      my ($variable, $value) = ($1,$2);
-      for ($variable, $value) {
-        s/^\s+//;
-        s/\s+$//;
-      }
-      if ($variable eq "cycles/second") {
-        $cyclespernanosec = $value / 1e9;
-        $seen_clockrate = 1;
-      } elsif ($variable eq "sampling period") {
-        $sampling_period = $value;
-      } elsif ($variable eq "ms since reset") {
-        # Currently nothing is done with this value in jeprof
-        # So we just silently ignore it for now
-      } elsif ($variable eq "discarded samples") {
-        # Currently nothing is done with this value in jeprof
-        # So we just silently ignore it for now
-      } else {
-        printf STDERR ("Ignoring unnknown variable in /contention output: " .
-                       "'%s' = '%s'\n",$variable,$value);
-      }
-    } else {
-      # Memory map entry
-      $map .= $line;
-    }
-  }
-
-  if (!$seen_clockrate) {
-    printf STDERR ("No cycles/second entry in profile; Guessing %.1f GHz\n",
-                   $cyclespernanosec);
-  }
-
-  my $r = {};
-  $r->{version} = 0;
-  $r->{period} = $sampling_period;
-  $r->{profile} = $profile;
-  $r->{libs} = ParseLibraries($prog, $map, $pcs);
-  $r->{pcs} = $pcs;
-  return $r;
-}
-
-# Given a hex value in the form "0x1abcd" or "1abcd", return either
-# "0001abcd" or "000000000001abcd", depending on the current (global)
-# address length.
-sub HexExtend {
-  my $addr = shift;
-
-  $addr =~ s/^(0x)?0*//;
-  my $zeros_needed = $address_length - length($addr);
-  if ($zeros_needed < 0) {
-    printf STDERR "Warning: address $addr is longer than address length $address_length\n";
-    return $addr;
-  }
-  return ("0" x $zeros_needed) . $addr;
-}
-
-##### Symbol extraction #####
-
-# Aggressively search the lib_prefix values for the given library
-# If all else fails, just return the name of the library unmodified.
-# If the lib_prefix is "/my/path,/other/path" and $file is "/lib/dir/mylib.so"
-# it will search the following locations in this order, until it finds a file:
-#   /my/path/lib/dir/mylib.so
-#   /other/path/lib/dir/mylib.so
-#   /my/path/dir/mylib.so
-#   /other/path/dir/mylib.so
-#   /my/path/mylib.so
-#   /other/path/mylib.so
-#   /lib/dir/mylib.so              (returned as last resort)
-sub FindLibrary {
-  my $file = shift;
-  my $suffix = $file;
-
-  # Search for the library as described above
-  do {
-    foreach my $prefix (@prefix_list) {
-      my $fullpath = $prefix . $suffix;
-      if (-e $fullpath) {
-        return $fullpath;
-      }
-    }
-  } while ($suffix =~ s|^/[^/]+/|/|);
-  return $file;
-}
-
-# Return path to library with debugging symbols.
-# For libc libraries, the copy in /usr/lib/debug contains debugging symbols
-sub DebuggingLibrary {
-  my $file = shift;
-  if ($file =~ m|^/|) {
-      if (-f "/usr/lib/debug$file") {
-        return "/usr/lib/debug$file";
-      } elsif (-f "/usr/lib/debug$file.debug") {
-        return "/usr/lib/debug$file.debug";
-      }
-  }
-  return undef;
-}
-
-# Parse text section header of a library using objdump
-sub ParseTextSectionHeaderFromObjdump {
-  my $lib = shift;
-
-  my $size = undef;
-  my $vma;
-  my $file_offset;
-  # Get objdump output from the library file to figure out how to
-  # map between mapped addresses and addresses in the library.
-  my $cmd = ShellEscape($obj_tool_map{"objdump"}, "-h", $lib);
-  open(OBJDUMP, "$cmd |") || error("$cmd: $!\n");
-  while (<OBJDUMP>) {
-    s/\r//g;         # turn windows-looking lines into unix-looking lines
-    # Idx Name          Size      VMA       LMA       File off  Algn
-    #  10 .text         00104b2c  420156f0  420156f0  000156f0  2**4
-    # For 64-bit objects, VMA and LMA will be 16 hex digits, size and file
-    # offset may still be 8.  But AddressSub below will still handle that.
-    my @x = split;
-    if (($#x >= 6) && ($x[1] eq '.text')) {
-      $size = $x[2];
-      $vma = $x[3];
-      $file_offset = $x[5];
-      last;
-    }
-  }
-  close(OBJDUMP);
-
-  if (!defined($size)) {
-    return undef;
-  }
-
-  my $r = {};
-  $r->{size} = $size;
-  $r->{vma} = $vma;
-  $r->{file_offset} = $file_offset;
-
-  return $r;
-}
-
-# Parse text section header of a library using otool (on OS X)
-sub ParseTextSectionHeaderFromOtool {
-  my $lib = shift;
-
-  my $size = undef;
-  my $vma = undef;
-  my $file_offset = undef;
-  # Get otool output from the library file to figure out how to
-  # map between mapped addresses and addresses in the library.
-  my $command = ShellEscape($obj_tool_map{"otool"}, "-l", $lib);
-  open(OTOOL, "$command |") || error("$command: $!\n");
-  my $cmd = "";
-  my $sectname = "";
-  my $segname = "";
-  foreach my $line (<OTOOL>) {
-    $line =~ s/\r//g;      # turn windows-looking lines into unix-looking lines
-    # Load command <#>
-    #       cmd LC_SEGMENT
-    # [...]
-    # Section
-    #   sectname __text
-    #    segname __TEXT
-    #       addr 0x000009f8
-    #       size 0x00018b9e
-    #     offset 2552
-    #      align 2^2 (4)
-    # We will need to strip off the leading 0x from the hex addresses,
-    # and convert the offset into hex.
-    if ($line =~ /Load command/) {
-      $cmd = "";
-      $sectname = "";
-      $segname = "";
-    } elsif ($line =~ /Section/) {
-      $sectname = "";
-      $segname = "";
-    } elsif ($line =~ /cmd (\w+)/) {
-      $cmd = $1;
-    } elsif ($line =~ /sectname (\w+)/) {
-      $sectname = $1;
-    } elsif ($line =~ /segname (\w+)/) {
-      $segname = $1;
-    } elsif (!(($cmd eq "LC_SEGMENT" || $cmd eq "LC_SEGMENT_64") &&
-               $sectname eq "__text" &&
-               $segname eq "__TEXT")) {
-      next;
-    } elsif ($line =~ /\baddr 0x([0-9a-fA-F]+)/) {
-      $vma = $1;
-    } elsif ($line =~ /\bsize 0x([0-9a-fA-F]+)/) {
-      $size = $1;
-    } elsif ($line =~ /\boffset ([0-9]+)/) {
-      $file_offset = sprintf("%016x", $1);
-    }
-    if (defined($vma) && defined($size) && defined($file_offset)) {
-      last;
-    }
-  }
-  close(OTOOL);
-
-  if (!defined($vma) || !defined($size) || !defined($file_offset)) {
-     return undef;
-  }
-
-  my $r = {};
-  $r->{size} = $size;
-  $r->{vma} = $vma;
-  $r->{file_offset} = $file_offset;
-
-  return $r;
-}
-
-sub ParseTextSectionHeader {
-  # obj_tool_map("otool") is only defined if we're in a Mach-O environment
-  if (defined($obj_tool_map{"otool"})) {
-    my $r = ParseTextSectionHeaderFromOtool(@_);
-    if (defined($r)){
-      return $r;
-    }
-  }
-  # If otool doesn't work, or we don't have it, fall back to objdump
-  return ParseTextSectionHeaderFromObjdump(@_);
-}
-
-# Split /proc/pid/maps dump into a list of libraries
-sub ParseLibraries {
-  return if $main::use_symbol_page;  # We don't need libraries info.
-  my $prog = Cwd::abs_path(shift);
-  my $map = shift;
-  my $pcs = shift;
-
-  my $result = [];
-  my $h = "[a-f0-9]+";
-  my $zero_offset = HexExtend("0");
-
-  my $buildvar = "";
-  foreach my $l (split("\n", $map)) {
-    if ($l =~ m/^\s*build=(.*)$/) {
-      $buildvar = $1;
-    }
-
-    my $start;
-    my $finish;
-    my $offset;
-    my $lib;
-    if ($l =~ /^($h)-($h)\s+..x.\s+($h)\s+\S+:\S+\s+\d+\s+(\S+\.(so|dll|dylib|bundle)((\.\d+)+\w*(\.\d+){0,3})?)$/i) {
-      # Full line from /proc/self/maps.  Example:
-      #   40000000-40015000 r-xp 00000000 03:01 12845071   /lib/ld-2.3.2.so
-      $start = HexExtend($1);
-      $finish = HexExtend($2);
-      $offset = HexExtend($3);
-      $lib = $4;
-      $lib =~ s|\\|/|g;     # turn windows-style paths into unix-style paths
-    } elsif ($l =~ /^\s*($h)-($h):\s*(\S+\.so(\.\d+)*)/) {
-      # Cooked line from DumpAddressMap.  Example:
-      #   40000000-40015000: /lib/ld-2.3.2.so
-      $start = HexExtend($1);
-      $finish = HexExtend($2);
-      $offset = $zero_offset;
-      $lib = $3;
-    } elsif (($l =~ /^($h)-($h)\s+..x.\s+($h)\s+\S+:\S+\s+\d+\s+(\S+)$/i) && ($4 eq $prog)) {
-      # PIEs and address space randomization do not play well with our
-      # default assumption that main executable is at lowest
-      # addresses. So we're detecting main executable in
-      # /proc/self/maps as well.
-      $start = HexExtend($1);
-      $finish = HexExtend($2);
-      $offset = HexExtend($3);
-      $lib = $4;
-      $lib =~ s|\\|/|g;     # turn windows-style paths into unix-style paths
-    }
-    # FreeBSD 10.0 virtual memory map /proc/curproc/map as defined in
-    # function procfs_doprocmap (sys/fs/procfs/procfs_map.c)
-    #
-    # Example:
-    # 0x800600000 0x80061a000 26 0 0xfffff800035a0000 r-x 75 33 0x1004 COW NC vnode /libexec/ld-elf.s
-    # o.1 NCH -1
-    elsif ($l =~ /^(0x$h)\s(0x$h)\s\d+\s\d+\s0x$h\sr-x\s\d+\s\d+\s0x\d+\s(COW|NCO)\s(NC|NNC)\svnode\s(\S+\.so(\.\d+)*)/) {
-      $start = HexExtend($1);
-      $finish = HexExtend($2);
-      $offset = $zero_offset;
-      $lib = FindLibrary($5);
-
-    } else {
-      next;
-    }
-
-    # Expand "$build" variable if available
-    $lib =~ s/\$build\b/$buildvar/g;
-
-    $lib = FindLibrary($lib);
-
-    # Check for pre-relocated libraries, which use pre-relocated symbol tables
-    # and thus require adjusting the offset that we'll use to translate
-    # VM addresses into symbol table addresses.
-    # Only do this if we're not going to fetch the symbol table from a
-    # debugging copy of the library.
-    if (!DebuggingLibrary($lib)) {
-      my $text = ParseTextSectionHeader($lib);
-      if (defined($text)) {
-         my $vma_offset = AddressSub($text->{vma}, $text->{file_offset});
-         $offset = AddressAdd($offset, $vma_offset);
-      }
-    }
-
-    if($main::opt_debug) { printf STDERR "$start:$finish ($offset) $lib\n"; }
-    push(@{$result}, [$lib, $start, $finish, $offset]);
-  }
-
-  # Append special entry for additional library (not relocated)
-  if ($main::opt_lib ne "") {
-    my $text = ParseTextSectionHeader($main::opt_lib);
-    if (defined($text)) {
-       my $start = $text->{vma};
-       my $finish = AddressAdd($start, $text->{size});
-
-       push(@{$result}, [$main::opt_lib, $start, $finish, $start]);
-    }
-  }
-
-  # Append special entry for the main program.  This covers
-  # 0..max_pc_value_seen, so that we assume pc values not found in one
-  # of the library ranges will be treated as coming from the main
-  # program binary.
-  my $min_pc = HexExtend("0");
-  my $max_pc = $min_pc;          # find the maximal PC value in any sample
-  foreach my $pc (keys(%{$pcs})) {
-    if (HexExtend($pc) gt $max_pc) { $max_pc = HexExtend($pc); }
-  }
-  push(@{$result}, [$prog, $min_pc, $max_pc, $zero_offset]);
-
-  return $result;
-}
-
-# Add two hex addresses of length $address_length.
-# Run jeprof --test for unit test if this is changed.
-sub AddressAdd {
-  my $addr1 = shift;
-  my $addr2 = shift;
-  my $sum;
-
-  if ($address_length == 8) {
-    # Perl doesn't cope with wraparound arithmetic, so do it explicitly:
-    $sum = (hex($addr1)+hex($addr2)) % (0x10000000 * 16);
-    return sprintf("%08x", $sum);
-
-  } else {
-    # Do the addition in 7-nibble chunks to trivialize carry handling.
-
-    if ($main::opt_debug and $main::opt_test) {
-      print STDERR "AddressAdd $addr1 + $addr2 = ";
-    }
-
-    my $a1 = substr($addr1,-7);
-    $addr1 = substr($addr1,0,-7);
-    my $a2 = substr($addr2,-7);
-    $addr2 = substr($addr2,0,-7);
-    $sum = hex($a1) + hex($a2);
-    my $c = 0;
-    if ($sum > 0xfffffff) {
-      $c = 1;
-      $sum -= 0x10000000;
-    }
-    my $r = sprintf("%07x", $sum);
-
-    $a1 = substr($addr1,-7);
-    $addr1 = substr($addr1,0,-7);
-    $a2 = substr($addr2,-7);
-    $addr2 = substr($addr2,0,-7);
-    $sum = hex($a1) + hex($a2) + $c;
-    $c = 0;
-    if ($sum > 0xfffffff) {
-      $c = 1;
-      $sum -= 0x10000000;
-    }
-    $r = sprintf("%07x", $sum) . $r;
-
-    $sum = hex($addr1) + hex($addr2) + $c;
-    if ($sum > 0xff) { $sum -= 0x100; }
-    $r = sprintf("%02x", $sum) . $r;
-
-    if ($main::opt_debug and $main::opt_test) { print STDERR "$r\n"; }
-
-    return $r;
-  }
-}
-
-
-# Subtract two hex addresses of length $address_length.
-# Run jeprof --test for unit test if this is changed.
-sub AddressSub {
-  my $addr1 = shift;
-  my $addr2 = shift;
-  my $diff;
-
-  if ($address_length == 8) {
-    # Perl doesn't cope with wraparound arithmetic, so do it explicitly:
-    $diff = (hex($addr1)-hex($addr2)) % (0x10000000 * 16);
-    return sprintf("%08x", $diff);
-
-  } else {
-    # Do the addition in 7-nibble chunks to trivialize borrow handling.
-    # if ($main::opt_debug) { print STDERR "AddressSub $addr1 - $addr2 = "; }
-
-    my $a1 = hex(substr($addr1,-7));
-    $addr1 = substr($addr1,0,-7);
-    my $a2 = hex(substr($addr2,-7));
-    $addr2 = substr($addr2,0,-7);
-    my $b = 0;
-    if ($a2 > $a1) {
-      $b = 1;
-      $a1 += 0x10000000;
-    }
-    $diff = $a1 - $a2;
-    my $r = sprintf("%07x", $diff);
-
-    $a1 = hex(substr($addr1,-7));
-    $addr1 = substr($addr1,0,-7);
-    $a2 = hex(substr($addr2,-7)) + $b;
-    $addr2 = substr($addr2,0,-7);
-    $b = 0;
-    if ($a2 > $a1) {
-      $b = 1;
-      $a1 += 0x10000000;
-    }
-    $diff = $a1 - $a2;
-    $r = sprintf("%07x", $diff) . $r;
-
-    $a1 = hex($addr1);
-    $a2 = hex($addr2) + $b;
-    if ($a2 > $a1) { $a1 += 0x100; }
-    $diff = $a1 - $a2;
-    $r = sprintf("%02x", $diff) . $r;
-
-    # if ($main::opt_debug) { print STDERR "$r\n"; }
-
-    return $r;
-  }
-}
-
-# Increment a hex addresses of length $address_length.
-# Run jeprof --test for unit test if this is changed.
-sub AddressInc {
-  my $addr = shift;
-  my $sum;
-
-  if ($address_length == 8) {
-    # Perl doesn't cope with wraparound arithmetic, so do it explicitly:
-    $sum = (hex($addr)+1) % (0x10000000 * 16);
-    return sprintf("%08x", $sum);
-
-  } else {
-    # Do the addition in 7-nibble chunks to trivialize carry handling.
-    # We are always doing this to step through the addresses in a function,
-    # and will almost never overflow the first chunk, so we check for this
-    # case and exit early.
-
-    # if ($main::opt_debug) { print STDERR "AddressInc $addr1 = "; }
-
-    my $a1 = substr($addr,-7);
-    $addr = substr($addr,0,-7);
-    $sum = hex($a1) + 1;
-    my $r = sprintf("%07x", $sum);
-    if ($sum <= 0xfffffff) {
-      $r = $addr . $r;
-      # if ($main::opt_debug) { print STDERR "$r\n"; }
-      return HexExtend($r);
-    } else {
-      $r = "0000000";
-    }
-
-    $a1 = substr($addr,-7);
-    $addr = substr($addr,0,-7);
-    $sum = hex($a1) + 1;
-    $r = sprintf("%07x", $sum) . $r;
-    if ($sum <= 0xfffffff) {
-      $r = $addr . $r;
-      # if ($main::opt_debug) { print STDERR "$r\n"; }
-      return HexExtend($r);
-    } else {
-      $r = "00000000000000";
-    }
-
-    $sum = hex($addr) + 1;
-    if ($sum > 0xff) { $sum -= 0x100; }
-    $r = sprintf("%02x", $sum) . $r;
-
-    # if ($main::opt_debug) { print STDERR "$r\n"; }
-    return $r;
-  }
-}
-
-# Extract symbols for all PC values found in profile
-sub ExtractSymbols {
-  my $libs = shift;
-  my $pcset = shift;
-
-  my $symbols = {};
-
-  # Map each PC value to the containing library.  To make this faster,
-  # we sort libraries by their starting pc value (highest first), and
-  # advance through the libraries as we advance the pc.  Sometimes the
-  # addresses of libraries may overlap with the addresses of the main
-  # binary, so to make sure the libraries 'win', we iterate over the
-  # libraries in reverse order (which assumes the binary doesn't start
-  # in the middle of a library, which seems a fair assumption).
-  my @pcs = (sort { $a cmp $b } keys(%{$pcset}));  # pcset is 0-extended strings
-  foreach my $lib (sort {$b->[1] cmp $a->[1]} @{$libs}) {
-    my $libname = $lib->[0];
-    my $start = $lib->[1];
-    my $finish = $lib->[2];
-    my $offset = $lib->[3];
-
-    # Use debug library if it exists
-    my $debug_libname = DebuggingLibrary($libname);
-    if ($debug_libname) {
-        $libname = $debug_libname;
-    }
-
-    # Get list of pcs that belong in this library.
-    my $contained = [];
-    my ($start_pc_index, $finish_pc_index);
-    # Find smallest finish_pc_index such that $finish < $pc[$finish_pc_index].
-    for ($finish_pc_index = $#pcs + 1; $finish_pc_index > 0;
-         $finish_pc_index--) {
-      last if $pcs[$finish_pc_index - 1] le $finish;
-    }
-    # Find smallest start_pc_index such that $start <= $pc[$start_pc_index].
-    for ($start_pc_index = $finish_pc_index; $start_pc_index > 0;
-         $start_pc_index--) {
-      last if $pcs[$start_pc_index - 1] lt $start;
-    }
-    # This keeps PC values higher than $pc[$finish_pc_index] in @pcs,
-    # in case there are overlaps in libraries and the main binary.
-    @{$contained} = splice(@pcs, $start_pc_index,
-                           $finish_pc_index - $start_pc_index);
-    # Map to symbols
-    MapToSymbols($libname, AddressSub($start, $offset), $contained, $symbols);
-  }
-
-  return $symbols;
-}
-
-# Map list of PC values to symbols for a given image
-sub MapToSymbols {
-  my $image = shift;
-  my $offset = shift;
-  my $pclist = shift;
-  my $symbols = shift;
-
-  my $debug = 0;
-
-  # Ignore empty binaries
-  if ($#{$pclist} < 0) { return; }
-
-  # Figure out the addr2line command to use
-  my $addr2line = $obj_tool_map{"addr2line"};
-  my $cmd = ShellEscape($addr2line, "-f", "-C", "-e", $image);
-  if (exists $obj_tool_map{"addr2line_pdb"}) {
-    $addr2line = $obj_tool_map{"addr2line_pdb"};
-    $cmd = ShellEscape($addr2line, "--demangle", "-f", "-C", "-e", $image);
-  }
-
-  # If "addr2line" isn't installed on the system at all, just use
-  # nm to get what info we can (function names, but not line numbers).
-  if (system(ShellEscape($addr2line, "--help") . " >$dev_null 2>&1") != 0) {
-    MapSymbolsWithNM($image, $offset, $pclist, $symbols);
-    return;
-  }
-
-  # "addr2line -i" can produce a variable number of lines per input
-  # address, with no separator that allows us to tell when data for
-  # the next address starts.  So we find the address for a special
-  # symbol (_fini) and interleave this address between all real
-  # addresses passed to addr2line.  The name of this special symbol
-  # can then be used as a separator.
-  $sep_address = undef;  # May be filled in by MapSymbolsWithNM()
-  my $nm_symbols = {};
-  MapSymbolsWithNM($image, $offset, $pclist, $nm_symbols);
-  if (defined($sep_address)) {
-    # Only add " -i" to addr2line if the binary supports it.
-    # addr2line --help returns 0, but not if it sees an unknown flag first.
-    if (system("$cmd -i --help >$dev_null 2>&1") == 0) {
-      $cmd .= " -i";
-    } else {
-      $sep_address = undef;   # no need for sep_address if we don't support -i
-    }
-  }
-
-  # Make file with all PC values with intervening 'sep_address' so
-  # that we can reliably detect the end of inlined function list
-  open(ADDRESSES, ">$main::tmpfile_sym") || error("$main::tmpfile_sym: $!\n");
-  if ($debug) { print("---- $image ---\n"); }
-  for (my $i = 0; $i <= $#{$pclist}; $i++) {
-    # addr2line always reads hex addresses, and does not need '0x' prefix.
-    if ($debug) { printf STDERR ("%s\n", $pclist->[$i]); }
-    printf ADDRESSES ("%s\n", AddressSub($pclist->[$i], $offset));
-    if (defined($sep_address)) {
-      printf ADDRESSES ("%s\n", $sep_address);
-    }
-  }
-  close(ADDRESSES);
-  if ($debug) {
-    print("----\n");
-    system("cat", $main::tmpfile_sym);
-    print("----\n");
-    system("$cmd < " . ShellEscape($main::tmpfile_sym));
-    print("----\n");
-  }
-
-  open(SYMBOLS, "$cmd <" . ShellEscape($main::tmpfile_sym) . " |")
-      || error("$cmd: $!\n");
-  my $count = 0;   # Index in pclist
-  while (<SYMBOLS>) {
-    # Read fullfunction and filelineinfo from next pair of lines
-    s/\r?\n$//g;
-    my $fullfunction = $_;
-    $_ = <SYMBOLS>;
-    s/\r?\n$//g;
-    my $filelinenum = $_;
-
-    if (defined($sep_address) && $fullfunction eq $sep_symbol) {
-      # Terminating marker for data for this address
-      $count++;
-      next;
-    }
-
-    $filelinenum =~ s|\\|/|g; # turn windows-style paths into unix-style paths
-
-    my $pcstr = $pclist->[$count];
-    my $function = ShortFunctionName($fullfunction);
-    my $nms = $nm_symbols->{$pcstr};
-    if (defined($nms)) {
-      if ($fullfunction eq '??') {
-        # nm found a symbol for us.
-        $function = $nms->[0];
-        $fullfunction = $nms->[2];
-      } else {
-	# MapSymbolsWithNM tags each routine with its starting address,
-	# useful in case the image has multiple occurrences of this
-	# routine.  (It uses a syntax that resembles template paramters,
-	# that are automatically stripped out by ShortFunctionName().)
-	# addr2line does not provide the same information.  So we check
-	# if nm disambiguated our symbol, and if so take the annotated
-	# (nm) version of the routine-name.  TODO(csilvers): this won't
-	# catch overloaded, inlined symbols, which nm doesn't see.
-	# Better would be to do a check similar to nm's, in this fn.
-	if ($nms->[2] =~ m/^\Q$function\E/) {  # sanity check it's the right fn
-	  $function = $nms->[0];
-	  $fullfunction = $nms->[2];
-	}
-      }
-    }
-
-    # Prepend to accumulated symbols for pcstr
-    # (so that caller comes before callee)
-    my $sym = $symbols->{$pcstr};
-    if (!defined($sym)) {
-      $sym = [];
-      $symbols->{$pcstr} = $sym;
-    }
-    unshift(@{$sym}, $function, $filelinenum, $fullfunction);
-    if ($debug) { printf STDERR ("%s => [%s]\n", $pcstr, join(" ", @{$sym})); }
-    if (!defined($sep_address)) {
-      # Inlining is off, so this entry ends immediately
-      $count++;
-    }
-  }
-  close(SYMBOLS);
-}
-
-# Use nm to map the list of referenced PCs to symbols.  Return true iff we
-# are able to read procedure information via nm.
-sub MapSymbolsWithNM {
-  my $image = shift;
-  my $offset = shift;
-  my $pclist = shift;
-  my $symbols = shift;
-
-  # Get nm output sorted by increasing address
-  my $symbol_table = GetProcedureBoundaries($image, ".");
-  if (!%{$symbol_table}) {
-    return 0;
-  }
-  # Start addresses are already the right length (8 or 16 hex digits).
-  my @names = sort { $symbol_table->{$a}->[0] cmp $symbol_table->{$b}->[0] }
-    keys(%{$symbol_table});
-
-  if ($#names < 0) {
-    # No symbols: just use addresses
-    foreach my $pc (@{$pclist}) {
-      my $pcstr = "0x" . $pc;
-      $symbols->{$pc} = [$pcstr, "?", $pcstr];
-    }
-    return 0;
-  }
-
-  # Sort addresses so we can do a join against nm output
-  my $index = 0;
-  my $fullname = $names[0];
-  my $name = ShortFunctionName($fullname);
-  foreach my $pc (sort { $a cmp $b } @{$pclist}) {
-    # Adjust for mapped offset
-    my $mpc = AddressSub($pc, $offset);
-    while (($index < $#names) && ($mpc ge $symbol_table->{$fullname}->[1])){
-      $index++;
-      $fullname = $names[$index];
-      $name = ShortFunctionName($fullname);
-    }
-    if ($mpc lt $symbol_table->{$fullname}->[1]) {
-      $symbols->{$pc} = [$name, "?", $fullname];
-    } else {
-      my $pcstr = "0x" . $pc;
-      $symbols->{$pc} = [$pcstr, "?", $pcstr];
-    }
-  }
-  return 1;
-}
-
-sub ShortFunctionName {
-  my $function = shift;
-  while ($function =~ s/\([^()]*\)(\s*const)?//g) { }   # Argument types
-  while ($function =~ s/<[^<>]*>//g)  { }    # Remove template arguments
-  $function =~ s/^.*\s+(\w+::)/$1/;          # Remove leading type
-  return $function;
-}
-
-# Trim overly long symbols found in disassembler output
-sub CleanDisassembly {
-  my $d = shift;
-  while ($d =~ s/\([^()%]*\)(\s*const)?//g) { } # Argument types, not (%rax)
-  while ($d =~ s/(\w+)<[^<>]*>/$1/g)  { }       # Remove template arguments
-  return $d;
-}
-
-# Clean file name for display
-sub CleanFileName {
-  my ($f) = @_;
-  $f =~ s|^/proc/self/cwd/||;
-  $f =~ s|^\./||;
-  return $f;
-}
-
-# Make address relative to section and clean up for display
-sub UnparseAddress {
-  my ($offset, $address) = @_;
-  $address = AddressSub($address, $offset);
-  $address =~ s/^0x//;
-  $address =~ s/^0*//;
-  return $address;
-}
-
-##### Miscellaneous #####
-
-# Find the right versions of the above object tools to use.  The
-# argument is the program file being analyzed, and should be an ELF
-# 32-bit or ELF 64-bit executable file.  The location of the tools
-# is determined by considering the following options in this order:
-#   1) --tools option, if set
-#   2) JEPROF_TOOLS environment variable, if set
-#   3) the environment
-sub ConfigureObjTools {
-  my $prog_file = shift;
-
-  # Check for the existence of $prog_file because /usr/bin/file does not
-  # predictably return error status in prod.
-  (-e $prog_file)  || error("$prog_file does not exist.\n");
-
-  my $file_type = undef;
-  if (-e "/usr/bin/file") {
-    # Follow symlinks (at least for systems where "file" supports that).
-    my $escaped_prog_file = ShellEscape($prog_file);
-    $file_type = `/usr/bin/file -L $escaped_prog_file 2>$dev_null ||
-                  /usr/bin/file $escaped_prog_file`;
-  } elsif ($^O == "MSWin32") {
-    $file_type = "MS Windows";
-  } else {
-    print STDERR "WARNING: Can't determine the file type of $prog_file";
-  }
-
-  if ($file_type =~ /64-bit/) {
-    # Change $address_length to 16 if the program file is ELF 64-bit.
-    # We can't detect this from many (most?) heap or lock contention
-    # profiles, since the actual addresses referenced are generally in low
-    # memory even for 64-bit programs.
-    $address_length = 16;
-  }
-
-  if ($file_type =~ /MS Windows/) {
-    # For windows, we provide a version of nm and addr2line as part of
-    # the opensource release, which is capable of parsing
-    # Windows-style PDB executables.  It should live in the path, or
-    # in the same directory as jeprof.
-    $obj_tool_map{"nm_pdb"} = "nm-pdb";
-    $obj_tool_map{"addr2line_pdb"} = "addr2line-pdb";
-  }
-
-  if ($file_type =~ /Mach-O/) {
-    # OS X uses otool to examine Mach-O files, rather than objdump.
-    $obj_tool_map{"otool"} = "otool";
-    $obj_tool_map{"addr2line"} = "false";  # no addr2line
-    $obj_tool_map{"objdump"} = "false";  # no objdump
-  }
-
-  # Go fill in %obj_tool_map with the pathnames to use:
-  foreach my $tool (keys %obj_tool_map) {
-    $obj_tool_map{$tool} = ConfigureTool($obj_tool_map{$tool});
-  }
-}
-
-# Returns the path of a caller-specified object tool.  If --tools or
-# JEPROF_TOOLS are specified, then returns the full path to the tool
-# with that prefix.  Otherwise, returns the path unmodified (which
-# means we will look for it on PATH).
-sub ConfigureTool {
-  my $tool = shift;
-  my $path;
-
-  # --tools (or $JEPROF_TOOLS) is a comma separated list, where each
-  # item is either a) a pathname prefix, or b) a map of the form
-  # <tool>:<path>.  First we look for an entry of type (b) for our
-  # tool.  If one is found, we use it.  Otherwise, we consider all the
-  # pathname prefixes in turn, until one yields an existing file.  If
-  # none does, we use a default path.
-  my $tools = $main::opt_tools || $ENV{"JEPROF_TOOLS"} || "";
-  if ($tools =~ m/(,|^)\Q$tool\E:([^,]*)/) {
-    $path = $2;
-    # TODO(csilvers): sanity-check that $path exists?  Hard if it's relative.
-  } elsif ($tools ne '') {
-    foreach my $prefix (split(',', $tools)) {
-      next if ($prefix =~ /:/);    # ignore "tool:fullpath" entries in the list
-      if (-x $prefix . $tool) {
-        $path = $prefix . $tool;
-        last;
-      }
-    }
-    if (!$path) {
-      error("No '$tool' found with prefix specified by " .
-            "--tools (or \$JEPROF_TOOLS) '$tools'\n");
-    }
-  } else {
-    # ... otherwise use the version that exists in the same directory as
-    # jeprof.  If there's nothing there, use $PATH.
-    $0 =~ m,[^/]*$,;     # this is everything after the last slash
-    my $dirname = $`;    # this is everything up to and including the last slash
-    if (-x "$dirname$tool") {
-      $path = "$dirname$tool";
-    } else {
-      $path = $tool;
-    }
-  }
-  if ($main::opt_debug) { print STDERR "Using '$path' for '$tool'.\n"; }
-  return $path;
-}
-
-sub ShellEscape {
-  my @escaped_words = ();
-  foreach my $word (@_) {
-    my $escaped_word = $word;
-    if ($word =~ m![^a-zA-Z0-9/.,_=-]!) {  # check for anything not in whitelist
-      $escaped_word =~ s/'/'\\''/;
-      $escaped_word = "'$escaped_word'";
-    }
-    push(@escaped_words, $escaped_word);
-  }
-  return join(" ", @escaped_words);
-}
-
-sub cleanup {
-  unlink($main::tmpfile_sym);
-  unlink(keys %main::tempnames);
-
-  # We leave any collected profiles in $HOME/jeprof in case the user wants
-  # to look at them later.  We print a message informing them of this.
-  if ((scalar(@main::profile_files) > 0) &&
-      defined($main::collected_profile)) {
-    if (scalar(@main::profile_files) == 1) {
-      print STDERR "Dynamically gathered profile is in $main::collected_profile\n";
-    }
-    print STDERR "If you want to investigate this profile further, you can do:\n";
-    print STDERR "\n";
-    print STDERR "  jeprof \\\n";
-    print STDERR "    $main::prog \\\n";
-    print STDERR "    $main::collected_profile\n";
-    print STDERR "\n";
-  }
-}
-
-sub sighandler {
-  cleanup();
-  exit(1);
-}
-
-sub error {
-  my $msg = shift;
-  print STDERR $msg;
-  cleanup();
-  exit(1);
-}
-
-
-# Run $nm_command and get all the resulting procedure boundaries whose
-# names match "$regexp" and returns them in a hashtable mapping from
-# procedure name to a two-element vector of [start address, end address]
-sub GetProcedureBoundariesViaNm {
-  my $escaped_nm_command = shift;    # shell-escaped
-  my $regexp = shift;
-
-  my $symbol_table = {};
-  open(NM, "$escaped_nm_command |") || error("$escaped_nm_command: $!\n");
-  my $last_start = "0";
-  my $routine = "";
-  while (<NM>) {
-    s/\r//g;         # turn windows-looking lines into unix-looking lines
-    if (m/^\s*([0-9a-f]+) (.) (..*)/) {
-      my $start_val = $1;
-      my $type = $2;
-      my $this_routine = $3;
-
-      # It's possible for two symbols to share the same address, if
-      # one is a zero-length variable (like __start_google_malloc) or
-      # one symbol is a weak alias to another (like __libc_malloc).
-      # In such cases, we want to ignore all values except for the
-      # actual symbol, which in nm-speak has type "T".  The logic
-      # below does this, though it's a bit tricky: what happens when
-      # we have a series of lines with the same address, is the first
-      # one gets queued up to be processed.  However, it won't
-      # *actually* be processed until later, when we read a line with
-      # a different address.  That means that as long as we're reading
-      # lines with the same address, we have a chance to replace that
-      # item in the queue, which we do whenever we see a 'T' entry --
-      # that is, a line with type 'T'.  If we never see a 'T' entry,
-      # we'll just go ahead and process the first entry (which never
-      # got touched in the queue), and ignore the others.
-      if ($start_val eq $last_start && $type =~ /t/i) {
-        # We are the 'T' symbol at this address, replace previous symbol.
-        $routine = $this_routine;
-        next;
-      } elsif ($start_val eq $last_start) {
-        # We're not the 'T' symbol at this address, so ignore us.
-        next;
-      }
-
-      if ($this_routine eq $sep_symbol) {
-        $sep_address = HexExtend($start_val);
-      }
-
-      # Tag this routine with the starting address in case the image
-      # has multiple occurrences of this routine.  We use a syntax
-      # that resembles template parameters that are automatically
-      # stripped out by ShortFunctionName()
-      $this_routine .= "<$start_val>";
-
-      if (defined($routine) && $routine =~ m/$regexp/) {
-        $symbol_table->{$routine} = [HexExtend($last_start),
-                                     HexExtend($start_val)];
-      }
-      $last_start = $start_val;
-      $routine = $this_routine;
-    } elsif (m/^Loaded image name: (.+)/) {
-      # The win32 nm workalike emits information about the binary it is using.
-      if ($main::opt_debug) { print STDERR "Using Image $1\n"; }
-    } elsif (m/^PDB file name: (.+)/) {
-      # The win32 nm workalike emits information about the pdb it is using.
-      if ($main::opt_debug) { print STDERR "Using PDB $1\n"; }
-    }
-  }
-  close(NM);
-  # Handle the last line in the nm output.  Unfortunately, we don't know
-  # how big this last symbol is, because we don't know how big the file
-  # is.  For now, we just give it a size of 0.
-  # TODO(csilvers): do better here.
-  if (defined($routine) && $routine =~ m/$regexp/) {
-    $symbol_table->{$routine} = [HexExtend($last_start),
-                                 HexExtend($last_start)];
-  }
-  return $symbol_table;
-}
-
-# Gets the procedure boundaries for all routines in "$image" whose names
-# match "$regexp" and returns them in a hashtable mapping from procedure
-# name to a two-element vector of [start address, end address].
-# Will return an empty map if nm is not installed or not working properly.
-sub GetProcedureBoundaries {
-  my $image = shift;
-  my $regexp = shift;
-
-  # If $image doesn't start with /, then put ./ in front of it.  This works
-  # around an obnoxious bug in our probing of nm -f behavior.
-  # "nm -f $image" is supposed to fail on GNU nm, but if:
-  #
-  # a. $image starts with [BbSsPp] (for example, bin/foo/bar), AND
-  # b. you have a.out in your current directory (a not uncommon occurence)
-  #
-  # then "nm -f $image" succeeds because -f only looks at the first letter of
-  # the argument, which looks valid because it's [BbSsPp], and then since
-  # there's no image provided, it looks for a.out and finds it.
-  #
-  # This regex makes sure that $image starts with . or /, forcing the -f
-  # parsing to fail since . and / are not valid formats.
-  $image =~ s#^[^/]#./$&#;
-
-  # For libc libraries, the copy in /usr/lib/debug contains debugging symbols
-  my $debugging = DebuggingLibrary($image);
-  if ($debugging) {
-    $image = $debugging;
-  }
-
-  my $nm = $obj_tool_map{"nm"};
-  my $cppfilt = $obj_tool_map{"c++filt"};
-
-  # nm can fail for two reasons: 1) $image isn't a debug library; 2) nm
-  # binary doesn't support --demangle.  In addition, for OS X we need
-  # to use the -f flag to get 'flat' nm output (otherwise we don't sort
-  # properly and get incorrect results).  Unfortunately, GNU nm uses -f
-  # in an incompatible way.  So first we test whether our nm supports
-  # --demangle and -f.
-  my $demangle_flag = "";
-  my $cppfilt_flag = "";
-  my $to_devnull = ">$dev_null 2>&1";
-  if (system(ShellEscape($nm, "--demangle", $image) . $to_devnull) == 0) {
-    # In this mode, we do "nm --demangle <foo>"
-    $demangle_flag = "--demangle";
-    $cppfilt_flag = "";
-  } elsif (system(ShellEscape($cppfilt, $image) . $to_devnull) == 0) {
-    # In this mode, we do "nm <foo> | c++filt"
-    $cppfilt_flag = " | " . ShellEscape($cppfilt);
-  };
-  my $flatten_flag = "";
-  if (system(ShellEscape($nm, "-f", $image) . $to_devnull) == 0) {
-    $flatten_flag = "-f";
-  }
-
-  # Finally, in the case $imagie isn't a debug library, we try again with
-  # -D to at least get *exported* symbols.  If we can't use --demangle,
-  # we use c++filt instead, if it exists on this system.
-  my @nm_commands = (ShellEscape($nm, "-n", $flatten_flag, $demangle_flag,
-                                 $image) . " 2>$dev_null $cppfilt_flag",
-                     ShellEscape($nm, "-D", "-n", $flatten_flag, $demangle_flag,
-                                 $image) . " 2>$dev_null $cppfilt_flag",
-                     # 6nm is for Go binaries
-                     ShellEscape("6nm", "$image") . " 2>$dev_null | sort",
-                     );
-
-  # If the executable is an MS Windows PDB-format executable, we'll
-  # have set up obj_tool_map("nm_pdb").  In this case, we actually
-  # want to use both unix nm and windows-specific nm_pdb, since
-  # PDB-format executables can apparently include dwarf .o files.
-  if (exists $obj_tool_map{"nm_pdb"}) {
-    push(@nm_commands,
-         ShellEscape($obj_tool_map{"nm_pdb"}, "--demangle", $image)
-         . " 2>$dev_null");
-  }
-
-  foreach my $nm_command (@nm_commands) {
-    my $symbol_table = GetProcedureBoundariesViaNm($nm_command, $regexp);
-    return $symbol_table if (%{$symbol_table});
-  }
-  my $symbol_table = {};
-  return $symbol_table;
-}
-
-
-# The test vectors for AddressAdd/Sub/Inc are 8-16-nibble hex strings.
-# To make them more readable, we add underscores at interesting places.
-# This routine removes the underscores, producing the canonical representation
-# used by jeprof to represent addresses, particularly in the tested routines.
-sub CanonicalHex {
-  my $arg = shift;
-  return join '', (split '_',$arg);
-}
-
-
-# Unit test for AddressAdd:
-sub AddressAddUnitTest {
-  my $test_data_8 = shift;
-  my $test_data_16 = shift;
-  my $error_count = 0;
-  my $fail_count = 0;
-  my $pass_count = 0;
-  # print STDERR "AddressAddUnitTest: ", 1+$#{$test_data_8}, " tests\n";
-
-  # First a few 8-nibble addresses.  Note that this implementation uses
-  # plain old arithmetic, so a quick sanity check along with verifying what
-  # happens to overflow (we want it to wrap):
-  $address_length = 8;
-  foreach my $row (@{$test_data_8}) {
-    if ($main::opt_debug and $main::opt_test) { print STDERR "@{$row}\n"; }
-    my $sum = AddressAdd ($row->[0], $row->[1]);
-    if ($sum ne $row->[2]) {
-      printf STDERR "ERROR: %s != %s + %s = %s\n", $sum,
-             $row->[0], $row->[1], $row->[2];
-      ++$fail_count;
-    } else {
-      ++$pass_count;
-    }
-  }
-  printf STDERR "AddressAdd 32-bit tests: %d passes, %d failures\n",
-         $pass_count, $fail_count;
-  $error_count = $fail_count;
-  $fail_count = 0;
-  $pass_count = 0;
-
-  # Now 16-nibble addresses.
-  $address_length = 16;
-  foreach my $row (@{$test_data_16}) {
-    if ($main::opt_debug and $main::opt_test) { print STDERR "@{$row}\n"; }
-    my $sum = AddressAdd (CanonicalHex($row->[0]), CanonicalHex($row->[1]));
-    my $expected = join '', (split '_',$row->[2]);
-    if ($sum ne CanonicalHex($row->[2])) {
-      printf STDERR "ERROR: %s != %s + %s = %s\n", $sum,
-             $row->[0], $row->[1], $row->[2];
-      ++$fail_count;
-    } else {
-      ++$pass_count;
-    }
-  }
-  printf STDERR "AddressAdd 64-bit tests: %d passes, %d failures\n",
-         $pass_count, $fail_count;
-  $error_count += $fail_count;
-
-  return $error_count;
-}
-
-
-# Unit test for AddressSub:
-sub AddressSubUnitTest {
-  my $test_data_8 = shift;
-  my $test_data_16 = shift;
-  my $error_count = 0;
-  my $fail_count = 0;
-  my $pass_count = 0;
-  # print STDERR "AddressSubUnitTest: ", 1+$#{$test_data_8}, " tests\n";
-
-  # First a few 8-nibble addresses.  Note that this implementation uses
-  # plain old arithmetic, so a quick sanity check along with verifying what
-  # happens to overflow (we want it to wrap):
-  $address_length = 8;
-  foreach my $row (@{$test_data_8}) {
-    if ($main::opt_debug and $main::opt_test) { print STDERR "@{$row}\n"; }
-    my $sum = AddressSub ($row->[0], $row->[1]);
-    if ($sum ne $row->[3]) {
-      printf STDERR "ERROR: %s != %s - %s = %s\n", $sum,
-             $row->[0], $row->[1], $row->[3];
-      ++$fail_count;
-    } else {
-      ++$pass_count;
-    }
-  }
-  printf STDERR "AddressSub 32-bit tests: %d passes, %d failures\n",
-         $pass_count, $fail_count;
-  $error_count = $fail_count;
-  $fail_count = 0;
-  $pass_count = 0;
-
-  # Now 16-nibble addresses.
-  $address_length = 16;
-  foreach my $row (@{$test_data_16}) {
-    if ($main::opt_debug and $main::opt_test) { print STDERR "@{$row}\n"; }
-    my $sum = AddressSub (CanonicalHex($row->[0]), CanonicalHex($row->[1]));
-    if ($sum ne CanonicalHex($row->[3])) {
-      printf STDERR "ERROR: %s != %s - %s = %s\n", $sum,
-             $row->[0], $row->[1], $row->[3];
-      ++$fail_count;
-    } else {
-      ++$pass_count;
-    }
-  }
-  printf STDERR "AddressSub 64-bit tests: %d passes, %d failures\n",
-         $pass_count, $fail_count;
-  $error_count += $fail_count;
-
-  return $error_count;
-}
-
-
-# Unit test for AddressInc:
-sub AddressIncUnitTest {
-  my $test_data_8 = shift;
-  my $test_data_16 = shift;
-  my $error_count = 0;
-  my $fail_count = 0;
-  my $pass_count = 0;
-  # print STDERR "AddressIncUnitTest: ", 1+$#{$test_data_8}, " tests\n";
-
-  # First a few 8-nibble addresses.  Note that this implementation uses
-  # plain old arithmetic, so a quick sanity check along with verifying what
-  # happens to overflow (we want it to wrap):
-  $address_length = 8;
-  foreach my $row (@{$test_data_8}) {
-    if ($main::opt_debug and $main::opt_test) { print STDERR "@{$row}\n"; }
-    my $sum = AddressInc ($row->[0]);
-    if ($sum ne $row->[4]) {
-      printf STDERR "ERROR: %s != %s + 1 = %s\n", $sum,
-             $row->[0], $row->[4];
-      ++$fail_count;
-    } else {
-      ++$pass_count;
-    }
-  }
-  printf STDERR "AddressInc 32-bit tests: %d passes, %d failures\n",
-         $pass_count, $fail_count;
-  $error_count = $fail_count;
-  $fail_count = 0;
-  $pass_count = 0;
-
-  # Now 16-nibble addresses.
-  $address_length = 16;
-  foreach my $row (@{$test_data_16}) {
-    if ($main::opt_debug and $main::opt_test) { print STDERR "@{$row}\n"; }
-    my $sum = AddressInc (CanonicalHex($row->[0]));
-    if ($sum ne CanonicalHex($row->[4])) {
-      printf STDERR "ERROR: %s != %s + 1 = %s\n", $sum,
-             $row->[0], $row->[4];
-      ++$fail_count;
-    } else {
-      ++$pass_count;
-    }
-  }
-  printf STDERR "AddressInc 64-bit tests: %d passes, %d failures\n",
-         $pass_count, $fail_count;
-  $error_count += $fail_count;
-
-  return $error_count;
-}
-
-
-# Driver for unit tests.
-# Currently just the address add/subtract/increment routines for 64-bit.
-sub RunUnitTests {
-  my $error_count = 0;
-
-  # This is a list of tuples [a, b, a+b, a-b, a+1]
-  my $unit_test_data_8 = [
-    [qw(aaaaaaaa 50505050 fafafafa 5a5a5a5a aaaaaaab)],
-    [qw(50505050 aaaaaaaa fafafafa a5a5a5a6 50505051)],
-    [qw(ffffffff aaaaaaaa aaaaaaa9 55555555 00000000)],
-    [qw(00000001 ffffffff 00000000 00000002 00000002)],
-    [qw(00000001 fffffff0 fffffff1 00000011 00000002)],
-  ];
-  my $unit_test_data_16 = [
-    # The implementation handles data in 7-nibble chunks, so those are the
-    # interesting boundaries.
-    [qw(aaaaaaaa 50505050
-        00_000000f_afafafa 00_0000005_a5a5a5a 00_000000a_aaaaaab)],
-    [qw(50505050 aaaaaaaa
-        00_000000f_afafafa ff_ffffffa_5a5a5a6 00_0000005_0505051)],
-    [qw(ffffffff aaaaaaaa
-        00_000001a_aaaaaa9 00_0000005_5555555 00_0000010_0000000)],
-    [qw(00000001 ffffffff
-        00_0000010_0000000 ff_ffffff0_0000002 00_0000000_0000002)],
-    [qw(00000001 fffffff0
-        00_000000f_ffffff1 ff_ffffff0_0000011 00_0000000_0000002)],
-
-    [qw(00_a00000a_aaaaaaa 50505050
-        00_a00000f_afafafa 00_a000005_a5a5a5a 00_a00000a_aaaaaab)],
-    [qw(0f_fff0005_0505050 aaaaaaaa
-        0f_fff000f_afafafa 0f_ffefffa_5a5a5a6 0f_fff0005_0505051)],
-    [qw(00_000000f_fffffff 01_800000a_aaaaaaa
-        01_800001a_aaaaaa9 fe_8000005_5555555 00_0000010_0000000)],
-    [qw(00_0000000_0000001 ff_fffffff_fffffff
-        00_0000000_0000000 00_0000000_0000002 00_0000000_0000002)],
-    [qw(00_0000000_0000001 ff_fffffff_ffffff0
-        ff_fffffff_ffffff1 00_0000000_0000011 00_0000000_0000002)],
-  ];
-
-  $error_count += AddressAddUnitTest($unit_test_data_8, $unit_test_data_16);
-  $error_count += AddressSubUnitTest($unit_test_data_8, $unit_test_data_16);
-  $error_count += AddressIncUnitTest($unit_test_data_8, $unit_test_data_16);
-  if ($error_count > 0) {
-    print STDERR $error_count, " errors: FAILED\n";
-  } else {
-    print STDERR "PASS\n";
-  }
-  exit ($error_count);
-}
->>>>>>> main
diff --git a/contrib/jemalloc/build-aux/config.guess b/contrib/jemalloc/build-aux/config.guess
index e8241c60f184..f7727026b706 100755
--- a/contrib/jemalloc/build-aux/config.guess
+++ b/contrib/jemalloc/build-aux/config.guess
@@ -1,4 +1,3 @@
-<<<<<<< HEAD
 #! /bin/sh
 # Attempt to guess a canonical system name.
 #   Copyright 1992-2021 Free Software Foundation, Inc.
@@ -1700,1468 +1699,3 @@ exit 1
 # time-stamp-format: "%:y-%02m-%02d"
 # time-stamp-end: "'"
 # End:
-||||||| dec341af7695
-=======
-#! /bin/sh
-# Attempt to guess a canonical system name.
-#   Copyright 1992-2016 Free Software Foundation, Inc.
-
-timestamp='2016-10-02'
-
-# This file is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, see <http://www.gnu.org/licenses/>.
-#
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that
-# program.  This Exception is an additional permission under section 7
-# of the GNU General Public License, version 3 ("GPLv3").
-#
-# Originally written by Per Bothner; maintained since 2000 by Ben Elliston.
-#
-# You can get the latest version of this script from:
-# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess
-#
-# Please send patches to <config-patches@gnu.org>.
-
-
-me=`echo "$0" | sed -e 's,.*/,,'`
-
-usage="\
-Usage: $0 [OPTION]
-
-Output the configuration name of the system \`$me' is run on.
-
-Operation modes:
-  -h, --help         print this help, then exit
-  -t, --time-stamp   print date of last modification, then exit
-  -v, --version      print version number, then exit
-
-Report bugs and patches to <config-patches@gnu.org>."
-
-version="\
-GNU config.guess ($timestamp)
-
-Originally written by Per Bothner.
-Copyright 1992-2016 Free Software Foundation, Inc.
-
-This is free software; see the source for copying conditions.  There is NO
-warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
-
-help="
-Try \`$me --help' for more information."
-
-# Parse command line
-while test $# -gt 0 ; do
-  case $1 in
-    --time-stamp | --time* | -t )
-       echo "$timestamp" ; exit ;;
-    --version | -v )
-       echo "$version" ; exit ;;
-    --help | --h* | -h )
-       echo "$usage"; exit ;;
-    -- )     # Stop option processing
-       shift; break ;;
-    - )	# Use stdin as input.
-       break ;;
-    -* )
-       echo "$me: invalid option $1$help" >&2
-       exit 1 ;;
-    * )
-       break ;;
-  esac
-done
-
-if test $# != 0; then
-  echo "$me: too many arguments$help" >&2
-  exit 1
-fi
-
-trap 'exit 1' 1 2 15
-
-# CC_FOR_BUILD -- compiler used by this script. Note that the use of a
-# compiler to aid in system detection is discouraged as it requires
-# temporary files to be created and, as you can see below, it is a
-# headache to deal with in a portable fashion.
-
-# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
-# use `HOST_CC' if defined, but it is deprecated.
-
-# Portable tmp directory creation inspired by the Autoconf team.
-
-set_cc_for_build='
-trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
-trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
-: ${TMPDIR=/tmp} ;
- { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
- { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
- { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } ||
- { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
-dummy=$tmp/dummy ;
-tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ;
-case $CC_FOR_BUILD,$HOST_CC,$CC in
- ,,)    echo "int x;" > $dummy.c ;
-	for c in cc gcc c89 c99 ; do
-	  if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then
-	     CC_FOR_BUILD="$c"; break ;
-	  fi ;
-	done ;
-	if test x"$CC_FOR_BUILD" = x ; then
-	  CC_FOR_BUILD=no_compiler_found ;
-	fi
-	;;
- ,,*)   CC_FOR_BUILD=$CC ;;
- ,*,*)  CC_FOR_BUILD=$HOST_CC ;;
-esac ; set_cc_for_build= ;'
-
-# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
-# (ghazi@noc.rutgers.edu 1994-08-24)
-if (test -f /.attbin/uname) >/dev/null 2>&1 ; then
-	PATH=$PATH:/.attbin ; export PATH
-fi
-
-UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
-UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
-UNAME_SYSTEM=`(uname -s) 2>/dev/null`  || UNAME_SYSTEM=unknown
-UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
-
-case "${UNAME_SYSTEM}" in
-Linux|GNU|GNU/*)
-	# If the system lacks a compiler, then just pick glibc.
-	# We could probably try harder.
-	LIBC=gnu
-
-	eval $set_cc_for_build
-	cat <<-EOF > $dummy.c
-	#include <features.h>
-	#if defined(__UCLIBC__)
-	LIBC=uclibc
-	#elif defined(__dietlibc__)
-	LIBC=dietlibc
-	#else
-	LIBC=gnu
-	#endif
-	EOF
-	eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC' | sed 's, ,,g'`
-	;;
-esac
-
-# Note: order is significant - the case branches are not exclusive.
-
-case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
-    *:NetBSD:*:*)
-	# NetBSD (nbsd) targets should (where applicable) match one or
-	# more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*,
-	# *-*-netbsdecoff* and *-*-netbsd*.  For targets that recently
-	# switched to ELF, *-*-netbsd* would select the old
-	# object file format.  This provides both forward
-	# compatibility and a consistent mechanism for selecting the
-	# object file format.
-	#
-	# Note: NetBSD doesn't particularly care about the vendor
-	# portion of the name.  We always set it to "unknown".
-	sysctl="sysctl -n hw.machine_arch"
-	UNAME_MACHINE_ARCH=`(uname -p 2>/dev/null || \
-	    /sbin/$sysctl 2>/dev/null || \
-	    /usr/sbin/$sysctl 2>/dev/null || \
-	    echo unknown)`
-	case "${UNAME_MACHINE_ARCH}" in
-	    armeb) machine=armeb-unknown ;;
-	    arm*) machine=arm-unknown ;;
-	    sh3el) machine=shl-unknown ;;
-	    sh3eb) machine=sh-unknown ;;
-	    sh5el) machine=sh5le-unknown ;;
-	    earmv*)
-		arch=`echo ${UNAME_MACHINE_ARCH} | sed -e 's,^e\(armv[0-9]\).*$,\1,'`
-		endian=`echo ${UNAME_MACHINE_ARCH} | sed -ne 's,^.*\(eb\)$,\1,p'`
-		machine=${arch}${endian}-unknown
-		;;
-	    *) machine=${UNAME_MACHINE_ARCH}-unknown ;;
-	esac
-	# The Operating System including object format, if it has switched
-	# to ELF recently (or will in the future) and ABI.
-	case "${UNAME_MACHINE_ARCH}" in
-	    earm*)
-		os=netbsdelf
-		;;
-	    arm*|i386|m68k|ns32k|sh3*|sparc|vax)
-		eval $set_cc_for_build
-		if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
-			| grep -q __ELF__
-		then
-		    # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
-		    # Return netbsd for either.  FIX?
-		    os=netbsd
-		else
-		    os=netbsdelf
-		fi
-		;;
-	    *)
-		os=netbsd
-		;;
-	esac
-	# Determine ABI tags.
-	case "${UNAME_MACHINE_ARCH}" in
-	    earm*)
-		expr='s/^earmv[0-9]/-eabi/;s/eb$//'
-		abi=`echo ${UNAME_MACHINE_ARCH} | sed -e "$expr"`
-		;;
-	esac
-	# The OS release
-	# Debian GNU/NetBSD machines have a different userland, and
-	# thus, need a distinct triplet. However, they do not need
-	# kernel version information, so it can be replaced with a
-	# suitable tag, in the style of linux-gnu.
-	case "${UNAME_VERSION}" in
-	    Debian*)
-		release='-gnu'
-		;;
-	    *)
-		release=`echo ${UNAME_RELEASE} | sed -e 's/[-_].*//' | cut -d. -f1,2`
-		;;
-	esac
-	# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
-	# contains redundant information, the shorter form:
-	# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
-	echo "${machine}-${os}${release}${abi}"
-	exit ;;
-    *:Bitrig:*:*)
-	UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'`
-	echo ${UNAME_MACHINE_ARCH}-unknown-bitrig${UNAME_RELEASE}
-	exit ;;
-    *:OpenBSD:*:*)
-	UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
-	echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
-	exit ;;
-    *:LibertyBSD:*:*)
-	UNAME_MACHINE_ARCH=`arch | sed 's/^.*BSD\.//'`
-	echo ${UNAME_MACHINE_ARCH}-unknown-libertybsd${UNAME_RELEASE}
-	exit ;;
-    *:ekkoBSD:*:*)
-	echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
-	exit ;;
-    *:SolidBSD:*:*)
-	echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE}
-	exit ;;
-    macppc:MirBSD:*:*)
-	echo powerpc-unknown-mirbsd${UNAME_RELEASE}
-	exit ;;
-    *:MirBSD:*:*)
-	echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
-	exit ;;
-    *:Sortix:*:*)
-	echo ${UNAME_MACHINE}-unknown-sortix
-	exit ;;
-    alpha:OSF1:*:*)
-	case $UNAME_RELEASE in
-	*4.0)
-		UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
-		;;
-	*5.*)
-		UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
-		;;
-	esac
-	# According to Compaq, /usr/sbin/psrinfo has been available on
-	# OSF/1 and Tru64 systems produced since 1995.  I hope that
-	# covers most systems running today.  This code pipes the CPU
-	# types through head -n 1, so we only detect the type of CPU 0.
-	ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^  The alpha \(.*\) processor.*$/\1/p' | head -n 1`
-	case "$ALPHA_CPU_TYPE" in
-	    "EV4 (21064)")
-		UNAME_MACHINE=alpha ;;
-	    "EV4.5 (21064)")
-		UNAME_MACHINE=alpha ;;
-	    "LCA4 (21066/21068)")
-		UNAME_MACHINE=alpha ;;
-	    "EV5 (21164)")
-		UNAME_MACHINE=alphaev5 ;;
-	    "EV5.6 (21164A)")
-		UNAME_MACHINE=alphaev56 ;;
-	    "EV5.6 (21164PC)")
-		UNAME_MACHINE=alphapca56 ;;
-	    "EV5.7 (21164PC)")
-		UNAME_MACHINE=alphapca57 ;;
-	    "EV6 (21264)")
-		UNAME_MACHINE=alphaev6 ;;
-	    "EV6.7 (21264A)")
-		UNAME_MACHINE=alphaev67 ;;
-	    "EV6.8CB (21264C)")
-		UNAME_MACHINE=alphaev68 ;;
-	    "EV6.8AL (21264B)")
-		UNAME_MACHINE=alphaev68 ;;
-	    "EV6.8CX (21264D)")
-		UNAME_MACHINE=alphaev68 ;;
-	    "EV6.9A (21264/EV69A)")
-		UNAME_MACHINE=alphaev69 ;;
-	    "EV7 (21364)")
-		UNAME_MACHINE=alphaev7 ;;
-	    "EV7.9 (21364A)")
-		UNAME_MACHINE=alphaev79 ;;
-	esac
-	# A Pn.n version is a patched version.
-	# A Vn.n version is a released version.
-	# A Tn.n version is a released field test version.
-	# A Xn.n version is an unreleased experimental baselevel.
-	# 1.2 uses "1.2" for uname -r.
-	echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`
-	# Reset EXIT trap before exiting to avoid spurious non-zero exit code.
-	exitcode=$?
-	trap '' 0
-	exit $exitcode ;;
-    Alpha\ *:Windows_NT*:*)
-	# How do we know it's Interix rather than the generic POSIX subsystem?
-	# Should we change UNAME_MACHINE based on the output of uname instead
-	# of the specific Alpha model?
-	echo alpha-pc-interix
-	exit ;;
-    21064:Windows_NT:50:3)
-	echo alpha-dec-winnt3.5
-	exit ;;
-    Amiga*:UNIX_System_V:4.0:*)
-	echo m68k-unknown-sysv4
-	exit ;;
-    *:[Aa]miga[Oo][Ss]:*:*)
-	echo ${UNAME_MACHINE}-unknown-amigaos
-	exit ;;
-    *:[Mm]orph[Oo][Ss]:*:*)
-	echo ${UNAME_MACHINE}-unknown-morphos
-	exit ;;
-    *:OS/390:*:*)
-	echo i370-ibm-openedition
-	exit ;;
-    *:z/VM:*:*)
-	echo s390-ibm-zvmoe
-	exit ;;
-    *:OS400:*:*)
-	echo powerpc-ibm-os400
-	exit ;;
-    arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
-	echo arm-acorn-riscix${UNAME_RELEASE}
-	exit ;;
-    arm*:riscos:*:*|arm*:RISCOS:*:*)
-	echo arm-unknown-riscos
-	exit ;;
-    SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
-	echo hppa1.1-hitachi-hiuxmpp
-	exit ;;
-    Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
-	# akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
-	if test "`(/bin/universe) 2>/dev/null`" = att ; then
-		echo pyramid-pyramid-sysv3
-	else
-		echo pyramid-pyramid-bsd
-	fi
-	exit ;;
-    NILE*:*:*:dcosx)
-	echo pyramid-pyramid-svr4
-	exit ;;
-    DRS?6000:unix:4.0:6*)
-	echo sparc-icl-nx6
-	exit ;;
-    DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*)
-	case `/usr/bin/uname -p` in
-	    sparc) echo sparc-icl-nx7; exit ;;
-	esac ;;
-    s390x:SunOS:*:*)
-	echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
-	exit ;;
-    sun4H:SunOS:5.*:*)
-	echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
-	exit ;;
-    sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
-	echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
-	exit ;;
-    i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*)
-	echo i386-pc-auroraux${UNAME_RELEASE}
-	exit ;;
-    i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*)
-	eval $set_cc_for_build
-	SUN_ARCH=i386
-	# If there is a compiler, see if it is configured for 64-bit objects.
-	# Note that the Sun cc does not turn __LP64__ into 1 like gcc does.
-	# This test works for both compilers.
-	if [ "$CC_FOR_BUILD" != no_compiler_found ]; then
-	    if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \
-		(CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
-		grep IS_64BIT_ARCH >/dev/null
-	    then
-		SUN_ARCH=x86_64
-	    fi
-	fi
-	echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
-	exit ;;
-    sun4*:SunOS:6*:*)
-	# According to config.sub, this is the proper way to canonicalize
-	# SunOS6.  Hard to guess exactly what SunOS6 will be like, but
-	# it's likely to be more like Solaris than SunOS4.
-	echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
-	exit ;;
-    sun4*:SunOS:*:*)
-	case "`/usr/bin/arch -k`" in
-	    Series*|S4*)
-		UNAME_RELEASE=`uname -v`
-		;;
-	esac
-	# Japanese Language versions have a version number like `4.1.3-JL'.
-	echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
-	exit ;;
-    sun3*:SunOS:*:*)
-	echo m68k-sun-sunos${UNAME_RELEASE}
-	exit ;;
-    sun*:*:4.2BSD:*)
-	UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
-	test "x${UNAME_RELEASE}" = x && UNAME_RELEASE=3
-	case "`/bin/arch`" in
-	    sun3)
-		echo m68k-sun-sunos${UNAME_RELEASE}
-		;;
-	    sun4)
-		echo sparc-sun-sunos${UNAME_RELEASE}
-		;;
-	esac
-	exit ;;
-    aushp:SunOS:*:*)
-	echo sparc-auspex-sunos${UNAME_RELEASE}
-	exit ;;
-    # The situation for MiNT is a little confusing.  The machine name
-    # can be virtually everything (everything which is not
-    # "atarist" or "atariste" at least should have a processor
-    # > m68000).  The system name ranges from "MiNT" over "FreeMiNT"
-    # to the lowercase version "mint" (or "freemint").  Finally
-    # the system name "TOS" denotes a system which is actually not
-    # MiNT.  But MiNT is downward compatible to TOS, so this should
-    # be no problem.
-    atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
-	echo m68k-atari-mint${UNAME_RELEASE}
-	exit ;;
-    atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
-	echo m68k-atari-mint${UNAME_RELEASE}
-	exit ;;
-    *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
-	echo m68k-atari-mint${UNAME_RELEASE}
-	exit ;;
-    milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
-	echo m68k-milan-mint${UNAME_RELEASE}
-	exit ;;
-    hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
-	echo m68k-hades-mint${UNAME_RELEASE}
-	exit ;;
-    *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
-	echo m68k-unknown-mint${UNAME_RELEASE}
-	exit ;;
-    m68k:machten:*:*)
-	echo m68k-apple-machten${UNAME_RELEASE}
-	exit ;;
-    powerpc:machten:*:*)
-	echo powerpc-apple-machten${UNAME_RELEASE}
-	exit ;;
-    RISC*:Mach:*:*)
-	echo mips-dec-mach_bsd4.3
-	exit ;;
-    RISC*:ULTRIX:*:*)
-	echo mips-dec-ultrix${UNAME_RELEASE}
-	exit ;;
-    VAX*:ULTRIX*:*:*)
-	echo vax-dec-ultrix${UNAME_RELEASE}
-	exit ;;
-    2020:CLIX:*:* | 2430:CLIX:*:*)
-	echo clipper-intergraph-clix${UNAME_RELEASE}
-	exit ;;
-    mips:*:*:UMIPS | mips:*:*:RISCos)
-	eval $set_cc_for_build
-	sed 's/^	//' << EOF >$dummy.c
-#ifdef __cplusplus
-#include <stdio.h>  /* for printf() prototype */
-	int main (int argc, char *argv[]) {
-#else
-	int main (argc, argv) int argc; char *argv[]; {
-#endif
-	#if defined (host_mips) && defined (MIPSEB)
-	#if defined (SYSTYPE_SYSV)
-	  printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0);
-	#endif
-	#if defined (SYSTYPE_SVR4)
-	  printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0);
-	#endif
-	#if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD)
-	  printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0);
-	#endif
-	#endif
-	  exit (-1);
-	}
-EOF
-	$CC_FOR_BUILD -o $dummy $dummy.c &&
-	  dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` &&
-	  SYSTEM_NAME=`$dummy $dummyarg` &&
-	    { echo "$SYSTEM_NAME"; exit; }
-	echo mips-mips-riscos${UNAME_RELEASE}
-	exit ;;
-    Motorola:PowerMAX_OS:*:*)
-	echo powerpc-motorola-powermax
-	exit ;;
-    Motorola:*:4.3:PL8-*)
-	echo powerpc-harris-powermax
-	exit ;;
-    Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
-	echo powerpc-harris-powermax
-	exit ;;
-    Night_Hawk:Power_UNIX:*:*)
-	echo powerpc-harris-powerunix
-	exit ;;
-    m88k:CX/UX:7*:*)
-	echo m88k-harris-cxux7
-	exit ;;
-    m88k:*:4*:R4*)
-	echo m88k-motorola-sysv4
-	exit ;;
-    m88k:*:3*:R3*)
-	echo m88k-motorola-sysv3
-	exit ;;
-    AViiON:dgux:*:*)
-	# DG/UX returns AViiON for all architectures
-	UNAME_PROCESSOR=`/usr/bin/uname -p`
-	if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
-	then
-	    if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
-	       [ ${TARGET_BINARY_INTERFACE}x = x ]
-	    then
-		echo m88k-dg-dgux${UNAME_RELEASE}
-	    else
-		echo m88k-dg-dguxbcs${UNAME_RELEASE}
-	    fi
-	else
-	    echo i586-dg-dgux${UNAME_RELEASE}
-	fi
-	exit ;;
-    M88*:DolphinOS:*:*)	# DolphinOS (SVR3)
-	echo m88k-dolphin-sysv3
-	exit ;;
-    M88*:*:R3*:*)
-	# Delta 88k system running SVR3
-	echo m88k-motorola-sysv3
-	exit ;;
-    XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
-	echo m88k-tektronix-sysv3
-	exit ;;
-    Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
-	echo m68k-tektronix-bsd
-	exit ;;
-    *:IRIX*:*:*)
-	echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
-	exit ;;
-    ????????:AIX?:[12].1:2)   # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
-	echo romp-ibm-aix     # uname -m gives an 8 hex-code CPU id
-	exit ;;               # Note that: echo "'`uname -s`'" gives 'AIX '
-    i*86:AIX:*:*)
-	echo i386-ibm-aix
-	exit ;;
-    ia64:AIX:*:*)
-	if [ -x /usr/bin/oslevel ] ; then
-		IBM_REV=`/usr/bin/oslevel`
-	else
-		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
-	fi
-	echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
-	exit ;;
-    *:AIX:2:3)
-	if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
-		eval $set_cc_for_build
-		sed 's/^		//' << EOF >$dummy.c
-		#include <sys/systemcfg.h>
-
-		main()
-			{
-			if (!__power_pc())
-				exit(1);
-			puts("powerpc-ibm-aix3.2.5");
-			exit(0);
-			}
-EOF
-		if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy`
-		then
-			echo "$SYSTEM_NAME"
-		else
-			echo rs6000-ibm-aix3.2.5
-		fi
-	elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
-		echo rs6000-ibm-aix3.2.4
-	else
-		echo rs6000-ibm-aix3.2
-	fi
-	exit ;;
-    *:AIX:*:[4567])
-	IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
-	if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
-		IBM_ARCH=rs6000
-	else
-		IBM_ARCH=powerpc
-	fi
-	if [ -x /usr/bin/lslpp ] ; then
-		IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc |
-			   awk -F: '{ print $3 }' | sed s/[0-9]*$/0/`
-	else
-		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
-	fi
-	echo ${IBM_ARCH}-ibm-aix${IBM_REV}
-	exit ;;
-    *:AIX:*:*)
-	echo rs6000-ibm-aix
-	exit ;;
-    ibmrt:4.4BSD:*|romp-ibm:BSD:*)
-	echo romp-ibm-bsd4.4
-	exit ;;
-    ibmrt:*BSD:*|romp-ibm:BSD:*)            # covers RT/PC BSD and
-	echo romp-ibm-bsd${UNAME_RELEASE}   # 4.3 with uname added to
-	exit ;;                             # report: romp-ibm BSD 4.3
-    *:BOSX:*:*)
-	echo rs6000-bull-bosx
-	exit ;;
-    DPX/2?00:B.O.S.:*:*)
-	echo m68k-bull-sysv3
-	exit ;;
-    9000/[34]??:4.3bsd:1.*:*)
-	echo m68k-hp-bsd
-	exit ;;
-    hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
-	echo m68k-hp-bsd4.4
-	exit ;;
-    9000/[34678]??:HP-UX:*:*)
-	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
-	case "${UNAME_MACHINE}" in
-	    9000/31? )            HP_ARCH=m68000 ;;
-	    9000/[34]?? )         HP_ARCH=m68k ;;
-	    9000/[678][0-9][0-9])
-		if [ -x /usr/bin/getconf ]; then
-		    sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
-		    sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
-		    case "${sc_cpu_version}" in
-		      523) HP_ARCH=hppa1.0 ;; # CPU_PA_RISC1_0
-		      528) HP_ARCH=hppa1.1 ;; # CPU_PA_RISC1_1
-		      532)                      # CPU_PA_RISC2_0
-			case "${sc_kernel_bits}" in
-			  32) HP_ARCH=hppa2.0n ;;
-			  64) HP_ARCH=hppa2.0w ;;
-			  '') HP_ARCH=hppa2.0 ;;   # HP-UX 10.20
-			esac ;;
-		    esac
-		fi
-		if [ "${HP_ARCH}" = "" ]; then
-		    eval $set_cc_for_build
-		    sed 's/^		//' << EOF >$dummy.c
-
-		#define _HPUX_SOURCE
-		#include <stdlib.h>
-		#include <unistd.h>
-
-		int main ()
-		{
-		#if defined(_SC_KERNEL_BITS)
-		    long bits = sysconf(_SC_KERNEL_BITS);
-		#endif
-		    long cpu  = sysconf (_SC_CPU_VERSION);
-
-		    switch (cpu)
-			{
-			case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
-			case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
-			case CPU_PA_RISC2_0:
-		#if defined(_SC_KERNEL_BITS)
-			    switch (bits)
-				{
-				case 64: puts ("hppa2.0w"); break;
-				case 32: puts ("hppa2.0n"); break;
-				default: puts ("hppa2.0"); break;
-				} break;
-		#else  /* !defined(_SC_KERNEL_BITS) */
-			    puts ("hppa2.0"); break;
-		#endif
-			default: puts ("hppa1.0"); break;
-			}
-		    exit (0);
-		}
-EOF
-		    (CCOPTS="" $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
-		    test -z "$HP_ARCH" && HP_ARCH=hppa
-		fi ;;
-	esac
-	if [ ${HP_ARCH} = hppa2.0w ]
-	then
-	    eval $set_cc_for_build
-
-	    # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating
-	    # 32-bit code.  hppa64-hp-hpux* has the same kernel and a compiler
-	    # generating 64-bit code.  GNU and HP use different nomenclature:
-	    #
-	    # $ CC_FOR_BUILD=cc ./config.guess
-	    # => hppa2.0w-hp-hpux11.23
-	    # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
-	    # => hppa64-hp-hpux11.23
-
-	    if echo __LP64__ | (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) |
-		grep -q __LP64__
-	    then
-		HP_ARCH=hppa2.0w
-	    else
-		HP_ARCH=hppa64
-	    fi
-	fi
-	echo ${HP_ARCH}-hp-hpux${HPUX_REV}
-	exit ;;
-    ia64:HP-UX:*:*)
-	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
-	echo ia64-hp-hpux${HPUX_REV}
-	exit ;;
-    3050*:HI-UX:*:*)
-	eval $set_cc_for_build
-	sed 's/^	//' << EOF >$dummy.c
-	#include <unistd.h>
-	int
-	main ()
-	{
-	  long cpu = sysconf (_SC_CPU_VERSION);
-	  /* The order matters, because CPU_IS_HP_MC68K erroneously returns
-	     true for CPU_PA_RISC1_0.  CPU_IS_PA_RISC returns correct
-	     results, however.  */
-	  if (CPU_IS_PA_RISC (cpu))
-	    {
-	      switch (cpu)
-		{
-		  case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break;
-		  case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break;
-		  case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break;
-		  default: puts ("hppa-hitachi-hiuxwe2"); break;
-		}
-	    }
-	  else if (CPU_IS_HP_MC68K (cpu))
-	    puts ("m68k-hitachi-hiuxwe2");
-	  else puts ("unknown-hitachi-hiuxwe2");
-	  exit (0);
-	}
-EOF
-	$CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` &&
-		{ echo "$SYSTEM_NAME"; exit; }
-	echo unknown-hitachi-hiuxwe2
-	exit ;;
-    9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
-	echo hppa1.1-hp-bsd
-	exit ;;
-    9000/8??:4.3bsd:*:*)
-	echo hppa1.0-hp-bsd
-	exit ;;
-    *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
-	echo hppa1.0-hp-mpeix
-	exit ;;
-    hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
-	echo hppa1.1-hp-osf
-	exit ;;
-    hp8??:OSF1:*:*)
-	echo hppa1.0-hp-osf
-	exit ;;
-    i*86:OSF1:*:*)
-	if [ -x /usr/sbin/sysversion ] ; then
-	    echo ${UNAME_MACHINE}-unknown-osf1mk
-	else
-	    echo ${UNAME_MACHINE}-unknown-osf1
-	fi
-	exit ;;
-    parisc*:Lites*:*:*)
-	echo hppa1.1-hp-lites
-	exit ;;
-    C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
-	echo c1-convex-bsd
-	exit ;;
-    C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
-	if getsysinfo -f scalar_acc
-	then echo c32-convex-bsd
-	else echo c2-convex-bsd
-	fi
-	exit ;;
-    C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
-	echo c34-convex-bsd
-	exit ;;
-    C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
-	echo c38-convex-bsd
-	exit ;;
-    C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
-	echo c4-convex-bsd
-	exit ;;
-    CRAY*Y-MP:*:*:*)
-	echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
-	exit ;;
-    CRAY*[A-Z]90:*:*:*)
-	echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
-	| sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
-	      -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
-	      -e 's/\.[^.]*$/.X/'
-	exit ;;
-    CRAY*TS:*:*:*)
-	echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
-	exit ;;
-    CRAY*T3E:*:*:*)
-	echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
-	exit ;;
-    CRAY*SV1:*:*:*)
-	echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
-	exit ;;
-    *:UNICOS/mp:*:*)
-	echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
-	exit ;;
-    F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
-	FUJITSU_PROC=`uname -m | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`
-	FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'`
-	FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
-	echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
-	exit ;;
-    5000:UNIX_System_V:4.*:*)
-	FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'`
-	FUJITSU_REL=`echo ${UNAME_RELEASE} | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/ /_/'`
-	echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
-	exit ;;
-    i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
-	echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
-	exit ;;
-    sparc*:BSD/OS:*:*)
-	echo sparc-unknown-bsdi${UNAME_RELEASE}
-	exit ;;
-    *:BSD/OS:*:*)
-	echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
-	exit ;;
-    *:FreeBSD:*:*)
-	UNAME_PROCESSOR=`/usr/bin/uname -p`
-	case ${UNAME_PROCESSOR} in
-	    amd64)
-		echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
-	    *)
-		echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
-	esac
-	exit ;;
-    i*:CYGWIN*:*)
-	echo ${UNAME_MACHINE}-pc-cygwin
-	exit ;;
-    *:MINGW64*:*)
-	echo ${UNAME_MACHINE}-pc-mingw64
-	exit ;;
-    *:MINGW*:*)
-	echo ${UNAME_MACHINE}-pc-mingw32
-	exit ;;
-    *:MSYS*:*)
-	echo ${UNAME_MACHINE}-pc-msys
-	exit ;;
-    i*:windows32*:*)
-	# uname -m includes "-pc" on this system.
-	echo ${UNAME_MACHINE}-mingw32
-	exit ;;
-    i*:PW*:*)
-	echo ${UNAME_MACHINE}-pc-pw32
-	exit ;;
-    *:Interix*:*)
-	case ${UNAME_MACHINE} in
-	    x86)
-		echo i586-pc-interix${UNAME_RELEASE}
-		exit ;;
-	    authenticamd | genuineintel | EM64T)
-		echo x86_64-unknown-interix${UNAME_RELEASE}
-		exit ;;
-	    IA64)
-		echo ia64-unknown-interix${UNAME_RELEASE}
-		exit ;;
-	esac ;;
-    [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
-	echo i${UNAME_MACHINE}-pc-mks
-	exit ;;
-    8664:Windows_NT:*)
-	echo x86_64-pc-mks
-	exit ;;
-    i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
-	# How do we know it's Interix rather than the generic POSIX subsystem?
-	# It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
-	# UNAME_MACHINE based on the output of uname instead of i386?
-	echo i586-pc-interix
-	exit ;;
-    i*:UWIN*:*)
-	echo ${UNAME_MACHINE}-pc-uwin
-	exit ;;
-    amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*)
-	echo x86_64-unknown-cygwin
-	exit ;;
-    p*:CYGWIN*:*)
-	echo powerpcle-unknown-cygwin
-	exit ;;
-    prep*:SunOS:5.*:*)
-	echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
-	exit ;;
-    *:GNU:*:*)
-	# the GNU system
-	echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-${LIBC}`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
-	exit ;;
-    *:GNU/*:*:*)
-	# other systems with GNU libc and userland
-	echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC}
-	exit ;;
-    i*86:Minix:*:*)
-	echo ${UNAME_MACHINE}-pc-minix
-	exit ;;
-    aarch64:Linux:*:*)
-	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
-	exit ;;
-    aarch64_be:Linux:*:*)
-	UNAME_MACHINE=aarch64_be
-	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
-	exit ;;
-    alpha:Linux:*:*)
-	case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
-	  EV5)   UNAME_MACHINE=alphaev5 ;;
-	  EV56)  UNAME_MACHINE=alphaev56 ;;
-	  PCA56) UNAME_MACHINE=alphapca56 ;;
-	  PCA57) UNAME_MACHINE=alphapca56 ;;
-	  EV6)   UNAME_MACHINE=alphaev6 ;;
-	  EV67)  UNAME_MACHINE=alphaev67 ;;
-	  EV68*) UNAME_MACHINE=alphaev68 ;;
-	esac
-	objdump --private-headers /bin/sh | grep -q ld.so.1
-	if test "$?" = 0 ; then LIBC=gnulibc1 ; fi
-	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
-	exit ;;
-    arc:Linux:*:* | arceb:Linux:*:*)
-	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
-	exit ;;
-    arm*:Linux:*:*)
-	eval $set_cc_for_build
-	if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \
-	    | grep -q __ARM_EABI__
-	then
-	    echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
-	else
-	    if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \
-		| grep -q __ARM_PCS_VFP
-	    then
-		echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabi
-	    else
-		echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabihf
-	    fi
-	fi
-	exit ;;
-    avr32*:Linux:*:*)
-	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
-	exit ;;
-    cris:Linux:*:*)
-	echo ${UNAME_MACHINE}-axis-linux-${LIBC}
-	exit ;;
-    crisv32:Linux:*:*)
-	echo ${UNAME_MACHINE}-axis-linux-${LIBC}
-	exit ;;
-    e2k:Linux:*:*)
-	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
-	exit ;;
-    frv:Linux:*:*)
-	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
-	exit ;;
-    hexagon:Linux:*:*)
-	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
-	exit ;;
-    i*86:Linux:*:*)
-	echo ${UNAME_MACHINE}-pc-linux-${LIBC}
-	exit ;;
-    ia64:Linux:*:*)
-	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
-	exit ;;
-    k1om:Linux:*:*)
-	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
-	exit ;;
-    m32r*:Linux:*:*)
-	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
-	exit ;;
-    m68*:Linux:*:*)
-	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
-	exit ;;
-    mips:Linux:*:* | mips64:Linux:*:*)
-	eval $set_cc_for_build
-	sed 's/^	//' << EOF >$dummy.c
-	#undef CPU
-	#undef ${UNAME_MACHINE}
-	#undef ${UNAME_MACHINE}el
-	#if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
-	CPU=${UNAME_MACHINE}el
-	#else
-	#if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
-	CPU=${UNAME_MACHINE}
-	#else
-	CPU=
-	#endif
-	#endif
-EOF
-	eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'`
-	test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; }
-	;;
-    mips64el:Linux:*:*)
-	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
-	exit ;;
-    openrisc*:Linux:*:*)
-	echo or1k-unknown-linux-${LIBC}
-	exit ;;
-    or32:Linux:*:* | or1k*:Linux:*:*)
-	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
-	exit ;;
-    padre:Linux:*:*)
-	echo sparc-unknown-linux-${LIBC}
-	exit ;;
-    parisc64:Linux:*:* | hppa64:Linux:*:*)
-	echo hppa64-unknown-linux-${LIBC}
-	exit ;;
-    parisc:Linux:*:* | hppa:Linux:*:*)
-	# Look for CPU level
-	case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
-	  PA7*) echo hppa1.1-unknown-linux-${LIBC} ;;
-	  PA8*) echo hppa2.0-unknown-linux-${LIBC} ;;
-	  *)    echo hppa-unknown-linux-${LIBC} ;;
-	esac
-	exit ;;
-    ppc64:Linux:*:*)
-	echo powerpc64-unknown-linux-${LIBC}
-	exit ;;
-    ppc:Linux:*:*)
-	echo powerpc-unknown-linux-${LIBC}
-	exit ;;
-    ppc64le:Linux:*:*)
-	echo powerpc64le-unknown-linux-${LIBC}
-	exit ;;
-    ppcle:Linux:*:*)
-	echo powerpcle-unknown-linux-${LIBC}
-	exit ;;
-    riscv32:Linux:*:* | riscv64:Linux:*:*)
-	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
-	exit ;;
-    s390:Linux:*:* | s390x:Linux:*:*)
-	echo ${UNAME_MACHINE}-ibm-linux-${LIBC}
-	exit ;;
-    sh64*:Linux:*:*)
-	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
-	exit ;;
-    sh*:Linux:*:*)
-	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
-	exit ;;
-    sparc:Linux:*:* | sparc64:Linux:*:*)
-	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
-	exit ;;
-    tile*:Linux:*:*)
-	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
-	exit ;;
-    vax:Linux:*:*)
-	echo ${UNAME_MACHINE}-dec-linux-${LIBC}
-	exit ;;
-    x86_64:Linux:*:*)
-	echo ${UNAME_MACHINE}-pc-linux-${LIBC}
-	exit ;;
-    xtensa*:Linux:*:*)
-	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
-	exit ;;
-    i*86:DYNIX/ptx:4*:*)
-	# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
-	# earlier versions are messed up and put the nodename in both
-	# sysname and nodename.
-	echo i386-sequent-sysv4
-	exit ;;
-    i*86:UNIX_SV:4.2MP:2.*)
-	# Unixware is an offshoot of SVR4, but it has its own version
-	# number series starting with 2...
-	# I am not positive that other SVR4 systems won't match this,
-	# I just have to hope.  -- rms.
-	# Use sysv4.2uw... so that sysv4* matches it.
-	echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
-	exit ;;
-    i*86:OS/2:*:*)
-	# If we were able to find `uname', then EMX Unix compatibility
-	# is probably installed.
-	echo ${UNAME_MACHINE}-pc-os2-emx
-	exit ;;
-    i*86:XTS-300:*:STOP)
-	echo ${UNAME_MACHINE}-unknown-stop
-	exit ;;
-    i*86:atheos:*:*)
-	echo ${UNAME_MACHINE}-unknown-atheos
-	exit ;;
-    i*86:syllable:*:*)
-	echo ${UNAME_MACHINE}-pc-syllable
-	exit ;;
-    i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*)
-	echo i386-unknown-lynxos${UNAME_RELEASE}
-	exit ;;
-    i*86:*DOS:*:*)
-	echo ${UNAME_MACHINE}-pc-msdosdjgpp
-	exit ;;
-    i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
-	UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
-	if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
-		echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL}
-	else
-		echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
-	fi
-	exit ;;
-    i*86:*:5:[678]*)
-	# UnixWare 7.x, OpenUNIX and OpenServer 6.
-	case `/bin/uname -X | grep "^Machine"` in
-	    *486*)	     UNAME_MACHINE=i486 ;;
-	    *Pentium)	     UNAME_MACHINE=i586 ;;
-	    *Pent*|*Celeron) UNAME_MACHINE=i686 ;;
-	esac
-	echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
-	exit ;;
-    i*86:*:3.2:*)
-	if test -f /usr/options/cb.name; then
-		UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
-		echo ${UNAME_MACHINE}-pc-isc$UNAME_REL
-	elif /bin/uname -X 2>/dev/null >/dev/null ; then
-		UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')`
-		(/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486
-		(/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \
-			&& UNAME_MACHINE=i586
-		(/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \
-			&& UNAME_MACHINE=i686
-		(/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \
-			&& UNAME_MACHINE=i686
-		echo ${UNAME_MACHINE}-pc-sco$UNAME_REL
-	else
-		echo ${UNAME_MACHINE}-pc-sysv32
-	fi
-	exit ;;
-    pc:*:*:*)
-	# Left here for compatibility:
-	# uname -m prints for DJGPP always 'pc', but it prints nothing about
-	# the processor, so we play safe by assuming i586.
-	# Note: whatever this is, it MUST be the same as what config.sub
-	# prints for the "djgpp" host, or else GDB configure will decide that
-	# this is a cross-build.
-	echo i586-pc-msdosdjgpp
-	exit ;;
-    Intel:Mach:3*:*)
-	echo i386-pc-mach3
-	exit ;;
-    paragon:*:*:*)
-	echo i860-intel-osf1
-	exit ;;
-    i860:*:4.*:*) # i860-SVR4
-	if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
-	  echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
-	else # Add other i860-SVR4 vendors below as they are discovered.
-	  echo i860-unknown-sysv${UNAME_RELEASE}  # Unknown i860-SVR4
-	fi
-	exit ;;
-    mini*:CTIX:SYS*5:*)
-	# "miniframe"
-	echo m68010-convergent-sysv
-	exit ;;
-    mc68k:UNIX:SYSTEM5:3.51m)
-	echo m68k-convergent-sysv
-	exit ;;
-    M680?0:D-NIX:5.3:*)
-	echo m68k-diab-dnix
-	exit ;;
-    M68*:*:R3V[5678]*:*)
-	test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;;
-    3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0)
-	OS_REL=''
-	test -r /etc/.relid \
-	&& OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
-	/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
-	  && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
-	/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
-	  && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
-    3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
-	/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
-	  && { echo i486-ncr-sysv4; exit; } ;;
-    NCR*:*:4.2:* | MPRAS*:*:4.2:*)
-	OS_REL='.3'
-	test -r /etc/.relid \
-	    && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
-	/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
-	    && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
-	/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
-	    && { echo i586-ncr-sysv4.3${OS_REL}; exit; }
-	/bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \
-	    && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
-    m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
-	echo m68k-unknown-lynxos${UNAME_RELEASE}
-	exit ;;
-    mc68030:UNIX_System_V:4.*:*)
-	echo m68k-atari-sysv4
-	exit ;;
-    TSUNAMI:LynxOS:2.*:*)
-	echo sparc-unknown-lynxos${UNAME_RELEASE}
-	exit ;;
-    rs6000:LynxOS:2.*:*)
-	echo rs6000-unknown-lynxos${UNAME_RELEASE}
-	exit ;;
-    PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*)
-	echo powerpc-unknown-lynxos${UNAME_RELEASE}
-	exit ;;
-    SM[BE]S:UNIX_SV:*:*)
-	echo mips-dde-sysv${UNAME_RELEASE}
-	exit ;;
-    RM*:ReliantUNIX-*:*:*)
-	echo mips-sni-sysv4
-	exit ;;
-    RM*:SINIX-*:*:*)
-	echo mips-sni-sysv4
-	exit ;;
-    *:SINIX-*:*:*)
-	if uname -p 2>/dev/null >/dev/null ; then
-		UNAME_MACHINE=`(uname -p) 2>/dev/null`
-		echo ${UNAME_MACHINE}-sni-sysv4
-	else
-		echo ns32k-sni-sysv
-	fi
-	exit ;;
-    PENTIUM:*:4.0*:*)	# Unisys `ClearPath HMP IX 4000' SVR4/MP effort
-			# says <Richard.M.Bartel@ccMail.Census.GOV>
-	echo i586-unisys-sysv4
-	exit ;;
-    *:UNIX_System_V:4*:FTX*)
-	# From Gerald Hewes <hewes@openmarket.com>.
-	# How about differentiating between stratus architectures? -djm
-	echo hppa1.1-stratus-sysv4
-	exit ;;
-    *:*:*:FTX*)
-	# From seanf@swdc.stratus.com.
-	echo i860-stratus-sysv4
-	exit ;;
-    i*86:VOS:*:*)
-	# From Paul.Green@stratus.com.
-	echo ${UNAME_MACHINE}-stratus-vos
-	exit ;;
-    *:VOS:*:*)
-	# From Paul.Green@stratus.com.
-	echo hppa1.1-stratus-vos
-	exit ;;
-    mc68*:A/UX:*:*)
-	echo m68k-apple-aux${UNAME_RELEASE}
-	exit ;;
-    news*:NEWS-OS:6*:*)
-	echo mips-sony-newsos6
-	exit ;;
-    R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
-	if [ -d /usr/nec ]; then
-		echo mips-nec-sysv${UNAME_RELEASE}
-	else
-		echo mips-unknown-sysv${UNAME_RELEASE}
-	fi
-	exit ;;
-    BeBox:BeOS:*:*)	# BeOS running on hardware made by Be, PPC only.
-	echo powerpc-be-beos
-	exit ;;
-    BeMac:BeOS:*:*)	# BeOS running on Mac or Mac clone, PPC only.
-	echo powerpc-apple-beos
-	exit ;;
-    BePC:BeOS:*:*)	# BeOS running on Intel PC compatible.
-	echo i586-pc-beos
-	exit ;;
-    BePC:Haiku:*:*)	# Haiku running on Intel PC compatible.
-	echo i586-pc-haiku
-	exit ;;
-    x86_64:Haiku:*:*)
-	echo x86_64-unknown-haiku
-	exit ;;
-    SX-4:SUPER-UX:*:*)
-	echo sx4-nec-superux${UNAME_RELEASE}
-	exit ;;
-    SX-5:SUPER-UX:*:*)
-	echo sx5-nec-superux${UNAME_RELEASE}
-	exit ;;
-    SX-6:SUPER-UX:*:*)
-	echo sx6-nec-superux${UNAME_RELEASE}
-	exit ;;
-    SX-7:SUPER-UX:*:*)
-	echo sx7-nec-superux${UNAME_RELEASE}
-	exit ;;
-    SX-8:SUPER-UX:*:*)
-	echo sx8-nec-superux${UNAME_RELEASE}
-	exit ;;
-    SX-8R:SUPER-UX:*:*)
-	echo sx8r-nec-superux${UNAME_RELEASE}
-	exit ;;
-    SX-ACE:SUPER-UX:*:*)
-	echo sxace-nec-superux${UNAME_RELEASE}
-	exit ;;
-    Power*:Rhapsody:*:*)
-	echo powerpc-apple-rhapsody${UNAME_RELEASE}
-	exit ;;
-    *:Rhapsody:*:*)
-	echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
-	exit ;;
-    *:Darwin:*:*)
-	UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
-	eval $set_cc_for_build
-	if test "$UNAME_PROCESSOR" = unknown ; then
-	    UNAME_PROCESSOR=powerpc
-	fi
-	if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then
-	    if [ "$CC_FOR_BUILD" != no_compiler_found ]; then
-		if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \
-		    (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
-		    grep IS_64BIT_ARCH >/dev/null
-		then
-		    case $UNAME_PROCESSOR in
-			i386) UNAME_PROCESSOR=x86_64 ;;
-			powerpc) UNAME_PROCESSOR=powerpc64 ;;
-		    esac
-		fi
-	    fi
-	elif test "$UNAME_PROCESSOR" = i386 ; then
-	    # Avoid executing cc on OS X 10.9, as it ships with a stub
-	    # that puts up a graphical alert prompting to install
-	    # developer tools.  Any system running Mac OS X 10.7 or
-	    # later (Darwin 11 and later) is required to have a 64-bit
-	    # processor. This is not true of the ARM version of Darwin
-	    # that Apple uses in portable devices.
-	    UNAME_PROCESSOR=x86_64
-	fi
-	echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
-	exit ;;
-    *:procnto*:*:* | *:QNX:[0123456789]*:*)
-	UNAME_PROCESSOR=`uname -p`
-	if test "$UNAME_PROCESSOR" = x86; then
-		UNAME_PROCESSOR=i386
-		UNAME_MACHINE=pc
-	fi
-	echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE}
-	exit ;;
-    *:QNX:*:4*)
-	echo i386-pc-qnx
-	exit ;;
-    NEO-?:NONSTOP_KERNEL:*:*)
-	echo neo-tandem-nsk${UNAME_RELEASE}
-	exit ;;
-    NSE-*:NONSTOP_KERNEL:*:*)
-	echo nse-tandem-nsk${UNAME_RELEASE}
-	exit ;;
-    NSR-?:NONSTOP_KERNEL:*:*)
-	echo nsr-tandem-nsk${UNAME_RELEASE}
-	exit ;;
-    *:NonStop-UX:*:*)
-	echo mips-compaq-nonstopux
-	exit ;;
-    BS2000:POSIX*:*:*)
-	echo bs2000-siemens-sysv
-	exit ;;
-    DS/*:UNIX_System_V:*:*)
-	echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
-	exit ;;
-    *:Plan9:*:*)
-	# "uname -m" is not consistent, so use $cputype instead. 386
-	# is converted to i386 for consistency with other x86
-	# operating systems.
-	if test "$cputype" = 386; then
-	    UNAME_MACHINE=i386
-	else
-	    UNAME_MACHINE="$cputype"
-	fi
-	echo ${UNAME_MACHINE}-unknown-plan9
-	exit ;;
-    *:TOPS-10:*:*)
-	echo pdp10-unknown-tops10
-	exit ;;
-    *:TENEX:*:*)
-	echo pdp10-unknown-tenex
-	exit ;;
-    KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
-	echo pdp10-dec-tops20
-	exit ;;
-    XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
-	echo pdp10-xkl-tops20
-	exit ;;
-    *:TOPS-20:*:*)
-	echo pdp10-unknown-tops20
-	exit ;;
-    *:ITS:*:*)
-	echo pdp10-unknown-its
-	exit ;;
-    SEI:*:*:SEIUX)
-	echo mips-sei-seiux${UNAME_RELEASE}
-	exit ;;
-    *:DragonFly:*:*)
-	echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
-	exit ;;
-    *:*VMS:*:*)
-	UNAME_MACHINE=`(uname -p) 2>/dev/null`
-	case "${UNAME_MACHINE}" in
-	    A*) echo alpha-dec-vms ; exit ;;
-	    I*) echo ia64-dec-vms ; exit ;;
-	    V*) echo vax-dec-vms ; exit ;;
-	esac ;;
-    *:XENIX:*:SysV)
-	echo i386-pc-xenix
-	exit ;;
-    i*86:skyos:*:*)
-	echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE} | sed -e 's/ .*$//'`
-	exit ;;
-    i*86:rdos:*:*)
-	echo ${UNAME_MACHINE}-pc-rdos
-	exit ;;
-    i*86:AROS:*:*)
-	echo ${UNAME_MACHINE}-pc-aros
-	exit ;;
-    x86_64:VMkernel:*:*)
-	echo ${UNAME_MACHINE}-unknown-esx
-	exit ;;
-    amd64:Isilon\ OneFS:*:*)
-	echo x86_64-unknown-onefs
-	exit ;;
-esac
-
-cat >&2 <<EOF
-$0: unable to guess system type
-
-This script (version $timestamp), has failed to recognize the
-operating system you are using. If your script is old, overwrite
-config.guess and config.sub with the latest versions from:
-
-  http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess
-and
-  http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub
-
-If $0 has already been updated, send the following data and any
-information you think might be pertinent to config-patches@gnu.org to
-provide the necessary information to handle your system.
-
-config.guess timestamp = $timestamp
-
-uname -m = `(uname -m) 2>/dev/null || echo unknown`
-uname -r = `(uname -r) 2>/dev/null || echo unknown`
-uname -s = `(uname -s) 2>/dev/null || echo unknown`
-uname -v = `(uname -v) 2>/dev/null || echo unknown`
-
-/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`
-/bin/uname -X     = `(/bin/uname -X) 2>/dev/null`
-
-hostinfo               = `(hostinfo) 2>/dev/null`
-/bin/universe          = `(/bin/universe) 2>/dev/null`
-/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null`
-/bin/arch              = `(/bin/arch) 2>/dev/null`
-/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null`
-/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
-
-UNAME_MACHINE = ${UNAME_MACHINE}
-UNAME_RELEASE = ${UNAME_RELEASE}
-UNAME_SYSTEM  = ${UNAME_SYSTEM}
-UNAME_VERSION = ${UNAME_VERSION}
-EOF
-
-exit 1
-
-# Local variables:
-# eval: (add-hook 'write-file-hooks 'time-stamp)
-# time-stamp-start: "timestamp='"
-# time-stamp-format: "%:y-%02m-%02d"
-# time-stamp-end: "'"
-# End:
->>>>>>> main
diff --git a/contrib/jemalloc/build-aux/config.sub b/contrib/jemalloc/build-aux/config.sub
index 099dab005a9a..b0f8492348d7 100755
--- a/contrib/jemalloc/build-aux/config.sub
+++ b/contrib/jemalloc/build-aux/config.sub
@@ -1,4 +1,3 @@
-<<<<<<< HEAD
 #! /bin/sh
 # Configuration validation subroutine script.
 #   Copyright 1992-2021 Free Software Foundation, Inc.
@@ -1854,1831 +1853,3 @@ exit
 # time-stamp-format: "%:y-%02m-%02d"
 # time-stamp-end: "'"
 # End:
-||||||| dec341af7695
-=======
-#! /bin/sh
-# Configuration validation subroutine script.
-#   Copyright 1992-2016 Free Software Foundation, Inc.
-
-timestamp='2016-11-04'
-
-# This file is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, see <http://www.gnu.org/licenses/>.
-#
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that
-# program.  This Exception is an additional permission under section 7
-# of the GNU General Public License, version 3 ("GPLv3").
-
-
-# Please send patches to <config-patches@gnu.org>.
-#
-# Configuration subroutine to validate and canonicalize a configuration type.
-# Supply the specified configuration type as an argument.
-# If it is invalid, we print an error message on stderr and exit with code 1.
-# Otherwise, we print the canonical config type on stdout and succeed.
-
-# You can get the latest version of this script from:
-# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub
-
-# This file is supposed to be the same for all GNU packages
-# and recognize all the CPU types, system types and aliases
-# that are meaningful with *any* GNU software.
-# Each package is responsible for reporting which valid configurations
-# it does not support.  The user should be able to distinguish
-# a failure to support a valid configuration from a meaningless
-# configuration.
-
-# The goal of this file is to map all the various variations of a given
-# machine specification into a single specification in the form:
-#	CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
-# or in some cases, the newer four-part form:
-#	CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
-# It is wrong to echo any other type of specification.
-
-me=`echo "$0" | sed -e 's,.*/,,'`
-
-usage="\
-Usage: $0 [OPTION] CPU-MFR-OPSYS or ALIAS
-
-Canonicalize a configuration name.
-
-Operation modes:
-  -h, --help         print this help, then exit
-  -t, --time-stamp   print date of last modification, then exit
-  -v, --version      print version number, then exit
-
-Report bugs and patches to <config-patches@gnu.org>."
-
-version="\
-GNU config.sub ($timestamp)
-
-Copyright 1992-2016 Free Software Foundation, Inc.
-
-This is free software; see the source for copying conditions.  There is NO
-warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
-
-help="
-Try \`$me --help' for more information."
-
-# Parse command line
-while test $# -gt 0 ; do
-  case $1 in
-    --time-stamp | --time* | -t )
-       echo "$timestamp" ; exit ;;
-    --version | -v )
-       echo "$version" ; exit ;;
-    --help | --h* | -h )
-       echo "$usage"; exit ;;
-    -- )     # Stop option processing
-       shift; break ;;
-    - )	# Use stdin as input.
-       break ;;
-    -* )
-       echo "$me: invalid option $1$help"
-       exit 1 ;;
-
-    *local*)
-       # First pass through any local machine types.
-       echo $1
-       exit ;;
-
-    * )
-       break ;;
-  esac
-done
-
-case $# in
- 0) echo "$me: missing argument$help" >&2
-    exit 1;;
- 1) ;;
- *) echo "$me: too many arguments$help" >&2
-    exit 1;;
-esac
-
-# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
-# Here we must recognize all the valid KERNEL-OS combinations.
-maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
-case $maybe_os in
-  nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \
-  linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \
-  knetbsd*-gnu* | netbsd*-gnu* | netbsd*-eabi* | \
-  kopensolaris*-gnu* | cloudabi*-eabi* | \
-  storm-chaos* | os2-emx* | rtmk-nova*)
-    os=-$maybe_os
-    basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
-    ;;
-  android-linux)
-    os=-linux-android
-    basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown
-    ;;
-  *)
-    basic_machine=`echo $1 | sed 's/-[^-]*$//'`
-    if [ $basic_machine != $1 ]
-    then os=`echo $1 | sed 's/.*-/-/'`
-    else os=; fi
-    ;;
-esac
-
-### Let's recognize common machines as not being operating systems so
-### that things like config.sub decstation-3100 work.  We also
-### recognize some manufacturers as not being operating systems, so we
-### can provide default operating systems below.
-case $os in
-	-sun*os*)
-		# Prevent following clause from handling this invalid input.
-		;;
-	-dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \
-	-att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \
-	-unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \
-	-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
-	-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
-	-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
-	-apple | -axis | -knuth | -cray | -microblaze*)
-		os=
-		basic_machine=$1
-		;;
-	-bluegene*)
-		os=-cnk
-		;;
-	-sim | -cisco | -oki | -wec | -winbond)
-		os=
-		basic_machine=$1
-		;;
-	-scout)
-		;;
-	-wrs)
-		os=-vxworks
-		basic_machine=$1
-		;;
-	-chorusos*)
-		os=-chorusos
-		basic_machine=$1
-		;;
-	-chorusrdb)
-		os=-chorusrdb
-		basic_machine=$1
-		;;
-	-hiux*)
-		os=-hiuxwe2
-		;;
-	-sco6)
-		os=-sco5v6
-		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
-		;;
-	-sco5)
-		os=-sco3.2v5
-		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
-		;;
-	-sco4)
-		os=-sco3.2v4
-		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
-		;;
-	-sco3.2.[4-9]*)
-		os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
-		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
-		;;
-	-sco3.2v[4-9]*)
-		# Don't forget version if it is 3.2v4 or newer.
-		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
-		;;
-	-sco5v6*)
-		# Don't forget version if it is 3.2v4 or newer.
-		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
-		;;
-	-sco*)
-		os=-sco3.2v2
-		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
-		;;
-	-udk*)
-		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
-		;;
-	-isc)
-		os=-isc2.2
-		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
-		;;
-	-clix*)
-		basic_machine=clipper-intergraph
-		;;
-	-isc*)
-		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
-		;;
-	-lynx*178)
-		os=-lynxos178
-		;;
-	-lynx*5)
-		os=-lynxos5
-		;;
-	-lynx*)
-		os=-lynxos
-		;;
-	-ptx*)
-		basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'`
-		;;
-	-windowsnt*)
-		os=`echo $os | sed -e 's/windowsnt/winnt/'`
-		;;
-	-psos*)
-		os=-psos
-		;;
-	-mint | -mint[0-9]*)
-		basic_machine=m68k-atari
-		os=-mint
-		;;
-esac
-
-# Decode aliases for certain CPU-COMPANY combinations.
-case $basic_machine in
-	# Recognize the basic CPU types without company name.
-	# Some are omitted here because they have special meanings below.
-	1750a | 580 \
-	| a29k \
-	| aarch64 | aarch64_be \
-	| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
-	| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
-	| am33_2.0 \
-	| arc | arceb \
-	| arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \
-	| avr | avr32 \
-	| ba \
-	| be32 | be64 \
-	| bfin \
-	| c4x | c8051 | clipper \
-	| d10v | d30v | dlx | dsp16xx \
-	| e2k | epiphany \
-	| fido | fr30 | frv | ft32 \
-	| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
-	| hexagon \
-	| i370 | i860 | i960 | ia64 \
-	| ip2k | iq2000 \
-	| k1om \
-	| le32 | le64 \
-	| lm32 \
-	| m32c | m32r | m32rle | m68000 | m68k | m88k \
-	| maxq | mb | microblaze | microblazeel | mcore | mep | metag \
-	| mips | mipsbe | mipseb | mipsel | mipsle \
-	| mips16 \
-	| mips64 | mips64el \
-	| mips64octeon | mips64octeonel \
-	| mips64orion | mips64orionel \
-	| mips64r5900 | mips64r5900el \
-	| mips64vr | mips64vrel \
-	| mips64vr4100 | mips64vr4100el \
-	| mips64vr4300 | mips64vr4300el \
-	| mips64vr5000 | mips64vr5000el \
-	| mips64vr5900 | mips64vr5900el \
-	| mipsisa32 | mipsisa32el \
-	| mipsisa32r2 | mipsisa32r2el \
-	| mipsisa32r6 | mipsisa32r6el \
-	| mipsisa64 | mipsisa64el \
-	| mipsisa64r2 | mipsisa64r2el \
-	| mipsisa64r6 | mipsisa64r6el \
-	| mipsisa64sb1 | mipsisa64sb1el \
-	| mipsisa64sr71k | mipsisa64sr71kel \
-	| mipsr5900 | mipsr5900el \
-	| mipstx39 | mipstx39el \
-	| mn10200 | mn10300 \
-	| moxie \
-	| mt \
-	| msp430 \
-	| nds32 | nds32le | nds32be \
-	| nios | nios2 | nios2eb | nios2el \
-	| ns16k | ns32k \
-	| open8 | or1k | or1knd | or32 \
-	| pdp10 | pdp11 | pj | pjl \
-	| powerpc | powerpc64 | powerpc64le | powerpcle \
-	| pru \
-	| pyramid \
-	| riscv32 | riscv64 \
-	| rl78 | rx \
-	| score \
-	| sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[234]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
-	| sh64 | sh64le \
-	| sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
-	| sparcv8 | sparcv9 | sparcv9b | sparcv9v \
-	| spu \
-	| tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \
-	| ubicom32 \
-	| v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \
-	| visium \
-	| we32k \
-	| x86 | xc16x | xstormy16 | xtensa \
-	| z8k | z80)
-		basic_machine=$basic_machine-unknown
-		;;
-	c54x)
-		basic_machine=tic54x-unknown
-		;;
-	c55x)
-		basic_machine=tic55x-unknown
-		;;
-	c6x)
-		basic_machine=tic6x-unknown
-		;;
-	leon|leon[3-9])
-		basic_machine=sparc-$basic_machine
-		;;
-	m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | nvptx | picochip)
-		basic_machine=$basic_machine-unknown
-		os=-none
-		;;
-	m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k)
-		;;
-	ms1)
-		basic_machine=mt-unknown
-		;;
-
-	strongarm | thumb | xscale)
-		basic_machine=arm-unknown
-		;;
-	xgate)
-		basic_machine=$basic_machine-unknown
-		os=-none
-		;;
-	xscaleeb)
-		basic_machine=armeb-unknown
-		;;
-
-	xscaleel)
-		basic_machine=armel-unknown
-		;;
-
-	# We use `pc' rather than `unknown'
-	# because (1) that's what they normally are, and
-	# (2) the word "unknown" tends to confuse beginning users.
-	i*86 | x86_64)
-	  basic_machine=$basic_machine-pc
-	  ;;
-	# Object if more than one company name word.
-	*-*-*)
-		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
-		exit 1
-		;;
-	# Recognize the basic CPU types with company name.
-	580-* \
-	| a29k-* \
-	| aarch64-* | aarch64_be-* \
-	| alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
-	| alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
-	| alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \
-	| arm-*  | armbe-* | armle-* | armeb-* | armv*-* \
-	| avr-* | avr32-* \
-	| ba-* \
-	| be32-* | be64-* \
-	| bfin-* | bs2000-* \
-	| c[123]* | c30-* | [cjt]90-* | c4x-* \
-	| c8051-* | clipper-* | craynv-* | cydra-* \
-	| d10v-* | d30v-* | dlx-* \
-	| e2k-* | elxsi-* \
-	| f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
-	| h8300-* | h8500-* \
-	| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
-	| hexagon-* \
-	| i*86-* | i860-* | i960-* | ia64-* \
-	| ip2k-* | iq2000-* \
-	| k1om-* \
-	| le32-* | le64-* \
-	| lm32-* \
-	| m32c-* | m32r-* | m32rle-* \
-	| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
-	| m88110-* | m88k-* | maxq-* | mcore-* | metag-* \
-	| microblaze-* | microblazeel-* \
-	| mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
-	| mips16-* \
-	| mips64-* | mips64el-* \
-	| mips64octeon-* | mips64octeonel-* \
-	| mips64orion-* | mips64orionel-* \
-	| mips64r5900-* | mips64r5900el-* \
-	| mips64vr-* | mips64vrel-* \
-	| mips64vr4100-* | mips64vr4100el-* \
-	| mips64vr4300-* | mips64vr4300el-* \
-	| mips64vr5000-* | mips64vr5000el-* \
-	| mips64vr5900-* | mips64vr5900el-* \
-	| mipsisa32-* | mipsisa32el-* \
-	| mipsisa32r2-* | mipsisa32r2el-* \
-	| mipsisa32r6-* | mipsisa32r6el-* \
-	| mipsisa64-* | mipsisa64el-* \
-	| mipsisa64r2-* | mipsisa64r2el-* \
-	| mipsisa64r6-* | mipsisa64r6el-* \
-	| mipsisa64sb1-* | mipsisa64sb1el-* \
-	| mipsisa64sr71k-* | mipsisa64sr71kel-* \
-	| mipsr5900-* | mipsr5900el-* \
-	| mipstx39-* | mipstx39el-* \
-	| mmix-* \
-	| mt-* \
-	| msp430-* \
-	| nds32-* | nds32le-* | nds32be-* \
-	| nios-* | nios2-* | nios2eb-* | nios2el-* \
-	| none-* | np1-* | ns16k-* | ns32k-* \
-	| open8-* \
-	| or1k*-* \
-	| orion-* \
-	| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
-	| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \
-	| pru-* \
-	| pyramid-* \
-	| riscv32-* | riscv64-* \
-	| rl78-* | romp-* | rs6000-* | rx-* \
-	| sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
-	| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
-	| sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
-	| sparclite-* \
-	| sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx*-* \
-	| tahoe-* \
-	| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
-	| tile*-* \
-	| tron-* \
-	| ubicom32-* \
-	| v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \
-	| vax-* \
-	| visium-* \
-	| we32k-* \
-	| x86-* | x86_64-* | xc16x-* | xps100-* \
-	| xstormy16-* | xtensa*-* \
-	| ymp-* \
-	| z8k-* | z80-*)
-		;;
-	# Recognize the basic CPU types without company name, with glob match.
-	xtensa*)
-		basic_machine=$basic_machine-unknown
-		;;
-	# Recognize the various machine names and aliases which stand
-	# for a CPU type and a company and sometimes even an OS.
-	386bsd)
-		basic_machine=i386-unknown
-		os=-bsd
-		;;
-	3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
-		basic_machine=m68000-att
-		;;
-	3b*)
-		basic_machine=we32k-att
-		;;
-	a29khif)
-		basic_machine=a29k-amd
-		os=-udi
-		;;
-	abacus)
-		basic_machine=abacus-unknown
-		;;
-	adobe68k)
-		basic_machine=m68010-adobe
-		os=-scout
-		;;
-	alliant | fx80)
-		basic_machine=fx80-alliant
-		;;
-	altos | altos3068)
-		basic_machine=m68k-altos
-		;;
-	am29k)
-		basic_machine=a29k-none
-		os=-bsd
-		;;
-	amd64)
-		basic_machine=x86_64-pc
-		;;
-	amd64-*)
-		basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'`
-		;;
-	amdahl)
-		basic_machine=580-amdahl
-		os=-sysv
-		;;
-	amiga | amiga-*)
-		basic_machine=m68k-unknown
-		;;
-	amigaos | amigados)
-		basic_machine=m68k-unknown
-		os=-amigaos
-		;;
-	amigaunix | amix)
-		basic_machine=m68k-unknown
-		os=-sysv4
-		;;
-	apollo68)
-		basic_machine=m68k-apollo
-		os=-sysv
-		;;
-	apollo68bsd)
-		basic_machine=m68k-apollo
-		os=-bsd
-		;;
-	aros)
-		basic_machine=i386-pc
-		os=-aros
-		;;
-	asmjs)
-		basic_machine=asmjs-unknown
-		;;
-	aux)
-		basic_machine=m68k-apple
-		os=-aux
-		;;
-	balance)
-		basic_machine=ns32k-sequent
-		os=-dynix
-		;;
-	blackfin)
-		basic_machine=bfin-unknown
-		os=-linux
-		;;
-	blackfin-*)
-		basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'`
-		os=-linux
-		;;
-	bluegene*)
-		basic_machine=powerpc-ibm
-		os=-cnk
-		;;
-	c54x-*)
-		basic_machine=tic54x-`echo $basic_machine | sed 's/^[^-]*-//'`
-		;;
-	c55x-*)
-		basic_machine=tic55x-`echo $basic_machine | sed 's/^[^-]*-//'`
-		;;
-	c6x-*)
-		basic_machine=tic6x-`echo $basic_machine | sed 's/^[^-]*-//'`
-		;;
-	c90)
-		basic_machine=c90-cray
-		os=-unicos
-		;;
-	cegcc)
-		basic_machine=arm-unknown
-		os=-cegcc
-		;;
-	convex-c1)
-		basic_machine=c1-convex
-		os=-bsd
-		;;
-	convex-c2)
-		basic_machine=c2-convex
-		os=-bsd
-		;;
-	convex-c32)
-		basic_machine=c32-convex
-		os=-bsd
-		;;
-	convex-c34)
-		basic_machine=c34-convex
-		os=-bsd
-		;;
-	convex-c38)
-		basic_machine=c38-convex
-		os=-bsd
-		;;
-	cray | j90)
-		basic_machine=j90-cray
-		os=-unicos
-		;;
-	craynv)
-		basic_machine=craynv-cray
-		os=-unicosmp
-		;;
-	cr16 | cr16-*)
-		basic_machine=cr16-unknown
-		os=-elf
-		;;
-	crds | unos)
-		basic_machine=m68k-crds
-		;;
-	crisv32 | crisv32-* | etraxfs*)
-		basic_machine=crisv32-axis
-		;;
-	cris | cris-* | etrax*)
-		basic_machine=cris-axis
-		;;
-	crx)
-		basic_machine=crx-unknown
-		os=-elf
-		;;
-	da30 | da30-*)
-		basic_machine=m68k-da30
-		;;
-	decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn)
-		basic_machine=mips-dec
-		;;
-	decsystem10* | dec10*)
-		basic_machine=pdp10-dec
-		os=-tops10
-		;;
-	decsystem20* | dec20*)
-		basic_machine=pdp10-dec
-		os=-tops20
-		;;
-	delta | 3300 | motorola-3300 | motorola-delta \
-	      | 3300-motorola | delta-motorola)
-		basic_machine=m68k-motorola
-		;;
-	delta88)
-		basic_machine=m88k-motorola
-		os=-sysv3
-		;;
-	dicos)
-		basic_machine=i686-pc
-		os=-dicos
-		;;
-	djgpp)
-		basic_machine=i586-pc
-		os=-msdosdjgpp
-		;;
-	dpx20 | dpx20-*)
-		basic_machine=rs6000-bull
-		os=-bosx
-		;;
-	dpx2* | dpx2*-bull)
-		basic_machine=m68k-bull
-		os=-sysv3
-		;;
-	e500v[12])
-		basic_machine=powerpc-unknown
-		os=$os"spe"
-		;;
-	e500v[12]-*)
-		basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
-		os=$os"spe"
-		;;
-	ebmon29k)
-		basic_machine=a29k-amd
-		os=-ebmon
-		;;
-	elxsi)
-		basic_machine=elxsi-elxsi
-		os=-bsd
-		;;
-	encore | umax | mmax)
-		basic_machine=ns32k-encore
-		;;
-	es1800 | OSE68k | ose68k | ose | OSE)
-		basic_machine=m68k-ericsson
-		os=-ose
-		;;
-	fx2800)
-		basic_machine=i860-alliant
-		;;
-	genix)
-		basic_machine=ns32k-ns
-		;;
-	gmicro)
-		basic_machine=tron-gmicro
-		os=-sysv
-		;;
-	go32)
-		basic_machine=i386-pc
-		os=-go32
-		;;
-	h3050r* | hiux*)
-		basic_machine=hppa1.1-hitachi
-		os=-hiuxwe2
-		;;
-	h8300hms)
-		basic_machine=h8300-hitachi
-		os=-hms
-		;;
-	h8300xray)
-		basic_machine=h8300-hitachi
-		os=-xray
-		;;
-	h8500hms)
-		basic_machine=h8500-hitachi
-		os=-hms
-		;;
-	harris)
-		basic_machine=m88k-harris
-		os=-sysv3
-		;;
-	hp300-*)
-		basic_machine=m68k-hp
-		;;
-	hp300bsd)
-		basic_machine=m68k-hp
-		os=-bsd
-		;;
-	hp300hpux)
-		basic_machine=m68k-hp
-		os=-hpux
-		;;
-	hp3k9[0-9][0-9] | hp9[0-9][0-9])
-		basic_machine=hppa1.0-hp
-		;;
-	hp9k2[0-9][0-9] | hp9k31[0-9])
-		basic_machine=m68000-hp
-		;;
-	hp9k3[2-9][0-9])
-		basic_machine=m68k-hp
-		;;
-	hp9k6[0-9][0-9] | hp6[0-9][0-9])
-		basic_machine=hppa1.0-hp
-		;;
-	hp9k7[0-79][0-9] | hp7[0-79][0-9])
-		basic_machine=hppa1.1-hp
-		;;
-	hp9k78[0-9] | hp78[0-9])
-		# FIXME: really hppa2.0-hp
-		basic_machine=hppa1.1-hp
-		;;
-	hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
-		# FIXME: really hppa2.0-hp
-		basic_machine=hppa1.1-hp
-		;;
-	hp9k8[0-9][13679] | hp8[0-9][13679])
-		basic_machine=hppa1.1-hp
-		;;
-	hp9k8[0-9][0-9] | hp8[0-9][0-9])
-		basic_machine=hppa1.0-hp
-		;;
-	hppa-next)
-		os=-nextstep3
-		;;
-	hppaosf)
-		basic_machine=hppa1.1-hp
-		os=-osf
-		;;
-	hppro)
-		basic_machine=hppa1.1-hp
-		os=-proelf
-		;;
-	i370-ibm* | ibm*)
-		basic_machine=i370-ibm
-		;;
-	i*86v32)
-		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
-		os=-sysv32
-		;;
-	i*86v4*)
-		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
-		os=-sysv4
-		;;
-	i*86v)
-		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
-		os=-sysv
-		;;
-	i*86sol2)
-		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
-		os=-solaris2
-		;;
-	i386mach)
-		basic_machine=i386-mach
-		os=-mach
-		;;
-	i386-vsta | vsta)
-		basic_machine=i386-unknown
-		os=-vsta
-		;;
-	iris | iris4d)
-		basic_machine=mips-sgi
-		case $os in
-		    -irix*)
-			;;
-		    *)
-			os=-irix4
-			;;
-		esac
-		;;
-	isi68 | isi)
-		basic_machine=m68k-isi
-		os=-sysv
-		;;
-	leon-*|leon[3-9]-*)
-		basic_machine=sparc-`echo $basic_machine | sed 's/-.*//'`
-		;;
-	m68knommu)
-		basic_machine=m68k-unknown
-		os=-linux
-		;;
-	m68knommu-*)
-		basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'`
-		os=-linux
-		;;
-	m88k-omron*)
-		basic_machine=m88k-omron
-		;;
-	magnum | m3230)
-		basic_machine=mips-mips
-		os=-sysv
-		;;
-	merlin)
-		basic_machine=ns32k-utek
-		os=-sysv
-		;;
-	microblaze*)
-		basic_machine=microblaze-xilinx
-		;;
-	mingw64)
-		basic_machine=x86_64-pc
-		os=-mingw64
-		;;
-	mingw32)
-		basic_machine=i686-pc
-		os=-mingw32
-		;;
-	mingw32ce)
-		basic_machine=arm-unknown
-		os=-mingw32ce
-		;;
-	miniframe)
-		basic_machine=m68000-convergent
-		;;
-	*mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*)
-		basic_machine=m68k-atari
-		os=-mint
-		;;
-	mips3*-*)
-		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
-		;;
-	mips3*)
-		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
-		;;
-	monitor)
-		basic_machine=m68k-rom68k
-		os=-coff
-		;;
-	morphos)
-		basic_machine=powerpc-unknown
-		os=-morphos
-		;;
-	moxiebox)
-		basic_machine=moxie-unknown
-		os=-moxiebox
-		;;
-	msdos)
-		basic_machine=i386-pc
-		os=-msdos
-		;;
-	ms1-*)
-		basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'`
-		;;
-	msys)
-		basic_machine=i686-pc
-		os=-msys
-		;;
-	mvs)
-		basic_machine=i370-ibm
-		os=-mvs
-		;;
-	nacl)
-		basic_machine=le32-unknown
-		os=-nacl
-		;;
-	ncr3000)
-		basic_machine=i486-ncr
-		os=-sysv4
-		;;
-	netbsd386)
-		basic_machine=i386-unknown
-		os=-netbsd
-		;;
-	netwinder)
-		basic_machine=armv4l-rebel
-		os=-linux
-		;;
-	news | news700 | news800 | news900)
-		basic_machine=m68k-sony
-		os=-newsos
-		;;
-	news1000)
-		basic_machine=m68030-sony
-		os=-newsos
-		;;
-	news-3600 | risc-news)
-		basic_machine=mips-sony
-		os=-newsos
-		;;
-	necv70)
-		basic_machine=v70-nec
-		os=-sysv
-		;;
-	next | m*-next )
-		basic_machine=m68k-next
-		case $os in
-		    -nextstep* )
-			;;
-		    -ns2*)
-		      os=-nextstep2
-			;;
-		    *)
-		      os=-nextstep3
-			;;
-		esac
-		;;
-	nh3000)
-		basic_machine=m68k-harris
-		os=-cxux
-		;;
-	nh[45]000)
-		basic_machine=m88k-harris
-		os=-cxux
-		;;
-	nindy960)
-		basic_machine=i960-intel
-		os=-nindy
-		;;
-	mon960)
-		basic_machine=i960-intel
-		os=-mon960
-		;;
-	nonstopux)
-		basic_machine=mips-compaq
-		os=-nonstopux
-		;;
-	np1)
-		basic_machine=np1-gould
-		;;
-	neo-tandem)
-		basic_machine=neo-tandem
-		;;
-	nse-tandem)
-		basic_machine=nse-tandem
-		;;
-	nsr-tandem)
-		basic_machine=nsr-tandem
-		;;
-	op50n-* | op60c-*)
-		basic_machine=hppa1.1-oki
-		os=-proelf
-		;;
-	openrisc | openrisc-*)
-		basic_machine=or32-unknown
-		;;
-	os400)
-		basic_machine=powerpc-ibm
-		os=-os400
-		;;
-	OSE68000 | ose68000)
-		basic_machine=m68000-ericsson
-		os=-ose
-		;;
-	os68k)
-		basic_machine=m68k-none
-		os=-os68k
-		;;
-	pa-hitachi)
-		basic_machine=hppa1.1-hitachi
-		os=-hiuxwe2
-		;;
-	paragon)
-		basic_machine=i860-intel
-		os=-osf
-		;;
-	parisc)
-		basic_machine=hppa-unknown
-		os=-linux
-		;;
-	parisc-*)
-		basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'`
-		os=-linux
-		;;
-	pbd)
-		basic_machine=sparc-tti
-		;;
-	pbb)
-		basic_machine=m68k-tti
-		;;
-	pc532 | pc532-*)
-		basic_machine=ns32k-pc532
-		;;
-	pc98)
-		basic_machine=i386-pc
-		;;
-	pc98-*)
-		basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'`
-		;;
-	pentium | p5 | k5 | k6 | nexgen | viac3)
-		basic_machine=i586-pc
-		;;
-	pentiumpro | p6 | 6x86 | athlon | athlon_*)
-		basic_machine=i686-pc
-		;;
-	pentiumii | pentium2 | pentiumiii | pentium3)
-		basic_machine=i686-pc
-		;;
-	pentium4)
-		basic_machine=i786-pc
-		;;
-	pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
-		basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
-		;;
-	pentiumpro-* | p6-* | 6x86-* | athlon-*)
-		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
-		;;
-	pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
-		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
-		;;
-	pentium4-*)
-		basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'`
-		;;
-	pn)
-		basic_machine=pn-gould
-		;;
-	power)	basic_machine=power-ibm
-		;;
-	ppc | ppcbe)	basic_machine=powerpc-unknown
-		;;
-	ppc-* | ppcbe-*)
-		basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
-		;;
-	ppcle | powerpclittle)
-		basic_machine=powerpcle-unknown
-		;;
-	ppcle-* | powerpclittle-*)
-		basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'`
-		;;
-	ppc64)	basic_machine=powerpc64-unknown
-		;;
-	ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
-		;;
-	ppc64le | powerpc64little)
-		basic_machine=powerpc64le-unknown
-		;;
-	ppc64le-* | powerpc64little-*)
-		basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'`
-		;;
-	ps2)
-		basic_machine=i386-ibm
-		;;
-	pw32)
-		basic_machine=i586-unknown
-		os=-pw32
-		;;
-	rdos | rdos64)
-		basic_machine=x86_64-pc
-		os=-rdos
-		;;
-	rdos32)
-		basic_machine=i386-pc
-		os=-rdos
-		;;
-	rom68k)
-		basic_machine=m68k-rom68k
-		os=-coff
-		;;
-	rm[46]00)
-		basic_machine=mips-siemens
-		;;
-	rtpc | rtpc-*)
-		basic_machine=romp-ibm
-		;;
-	s390 | s390-*)
-		basic_machine=s390-ibm
-		;;
-	s390x | s390x-*)
-		basic_machine=s390x-ibm
-		;;
-	sa29200)
-		basic_machine=a29k-amd
-		os=-udi
-		;;
-	sb1)
-		basic_machine=mipsisa64sb1-unknown
-		;;
-	sb1el)
-		basic_machine=mipsisa64sb1el-unknown
-		;;
-	sde)
-		basic_machine=mipsisa32-sde
-		os=-elf
-		;;
-	sei)
-		basic_machine=mips-sei
-		os=-seiux
-		;;
-	sequent)
-		basic_machine=i386-sequent
-		;;
-	sh)
-		basic_machine=sh-hitachi
-		os=-hms
-		;;
-	sh5el)
-		basic_machine=sh5le-unknown
-		;;
-	sh64)
-		basic_machine=sh64-unknown
-		;;
-	sparclite-wrs | simso-wrs)
-		basic_machine=sparclite-wrs
-		os=-vxworks
-		;;
-	sps7)
-		basic_machine=m68k-bull
-		os=-sysv2
-		;;
-	spur)
-		basic_machine=spur-unknown
-		;;
-	st2000)
-		basic_machine=m68k-tandem
-		;;
-	stratus)
-		basic_machine=i860-stratus
-		os=-sysv4
-		;;
-	strongarm-* | thumb-*)
-		basic_machine=arm-`echo $basic_machine | sed 's/^[^-]*-//'`
-		;;
-	sun2)
-		basic_machine=m68000-sun
-		;;
-	sun2os3)
-		basic_machine=m68000-sun
-		os=-sunos3
-		;;
-	sun2os4)
-		basic_machine=m68000-sun
-		os=-sunos4
-		;;
-	sun3os3)
-		basic_machine=m68k-sun
-		os=-sunos3
-		;;
-	sun3os4)
-		basic_machine=m68k-sun
-		os=-sunos4
-		;;
-	sun4os3)
-		basic_machine=sparc-sun
-		os=-sunos3
-		;;
-	sun4os4)
-		basic_machine=sparc-sun
-		os=-sunos4
-		;;
-	sun4sol2)
-		basic_machine=sparc-sun
-		os=-solaris2
-		;;
-	sun3 | sun3-*)
-		basic_machine=m68k-sun
-		;;
-	sun4)
-		basic_machine=sparc-sun
-		;;
-	sun386 | sun386i | roadrunner)
-		basic_machine=i386-sun
-		;;
-	sv1)
-		basic_machine=sv1-cray
-		os=-unicos
-		;;
-	symmetry)
-		basic_machine=i386-sequent
-		os=-dynix
-		;;
-	t3e)
-		basic_machine=alphaev5-cray
-		os=-unicos
-		;;
-	t90)
-		basic_machine=t90-cray
-		os=-unicos
-		;;
-	tile*)
-		basic_machine=$basic_machine-unknown
-		os=-linux-gnu
-		;;
-	tx39)
-		basic_machine=mipstx39-unknown
-		;;
-	tx39el)
-		basic_machine=mipstx39el-unknown
-		;;
-	toad1)
-		basic_machine=pdp10-xkl
-		os=-tops20
-		;;
-	tower | tower-32)
-		basic_machine=m68k-ncr
-		;;
-	tpf)
-		basic_machine=s390x-ibm
-		os=-tpf
-		;;
-	udi29k)
-		basic_machine=a29k-amd
-		os=-udi
-		;;
-	ultra3)
-		basic_machine=a29k-nyu
-		os=-sym1
-		;;
-	v810 | necv810)
-		basic_machine=v810-nec
-		os=-none
-		;;
-	vaxv)
-		basic_machine=vax-dec
-		os=-sysv
-		;;
-	vms)
-		basic_machine=vax-dec
-		os=-vms
-		;;
-	vpp*|vx|vx-*)
-		basic_machine=f301-fujitsu
-		;;
-	vxworks960)
-		basic_machine=i960-wrs
-		os=-vxworks
-		;;
-	vxworks68)
-		basic_machine=m68k-wrs
-		os=-vxworks
-		;;
-	vxworks29k)
-		basic_machine=a29k-wrs
-		os=-vxworks
-		;;
-	w65*)
-		basic_machine=w65-wdc
-		os=-none
-		;;
-	w89k-*)
-		basic_machine=hppa1.1-winbond
-		os=-proelf
-		;;
-	xbox)
-		basic_machine=i686-pc
-		os=-mingw32
-		;;
-	xps | xps100)
-		basic_machine=xps100-honeywell
-		;;
-	xscale-* | xscalee[bl]-*)
-		basic_machine=`echo $basic_machine | sed 's/^xscale/arm/'`
-		;;
-	ymp)
-		basic_machine=ymp-cray
-		os=-unicos
-		;;
-	z8k-*-coff)
-		basic_machine=z8k-unknown
-		os=-sim
-		;;
-	z80-*-coff)
-		basic_machine=z80-unknown
-		os=-sim
-		;;
-	none)
-		basic_machine=none-none
-		os=-none
-		;;
-
-# Here we handle the default manufacturer of certain CPU types.  It is in
-# some cases the only manufacturer, in others, it is the most popular.
-	w89k)
-		basic_machine=hppa1.1-winbond
-		;;
-	op50n)
-		basic_machine=hppa1.1-oki
-		;;
-	op60c)
-		basic_machine=hppa1.1-oki
-		;;
-	romp)
-		basic_machine=romp-ibm
-		;;
-	mmix)
-		basic_machine=mmix-knuth
-		;;
-	rs6000)
-		basic_machine=rs6000-ibm
-		;;
-	vax)
-		basic_machine=vax-dec
-		;;
-	pdp10)
-		# there are many clones, so DEC is not a safe bet
-		basic_machine=pdp10-unknown
-		;;
-	pdp11)
-		basic_machine=pdp11-dec
-		;;
-	we32k)
-		basic_machine=we32k-att
-		;;
-	sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele)
-		basic_machine=sh-unknown
-		;;
-	sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v)
-		basic_machine=sparc-sun
-		;;
-	cydra)
-		basic_machine=cydra-cydrome
-		;;
-	orion)
-		basic_machine=orion-highlevel
-		;;
-	orion105)
-		basic_machine=clipper-highlevel
-		;;
-	mac | mpw | mac-mpw)
-		basic_machine=m68k-apple
-		;;
-	pmac | pmac-mpw)
-		basic_machine=powerpc-apple
-		;;
-	*-unknown)
-		# Make sure to match an already-canonicalized machine name.
-		;;
-	*)
-		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
-		exit 1
-		;;
-esac
-
-# Here we canonicalize certain aliases for manufacturers.
-case $basic_machine in
-	*-digital*)
-		basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'`
-		;;
-	*-commodore*)
-		basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'`
-		;;
-	*)
-		;;
-esac
-
-# Decode manufacturer-specific aliases for certain operating systems.
-
-if [ x"$os" != x"" ]
-then
-case $os in
-	# First match some system type aliases
-	# that might get confused with valid system types.
-	# -solaris* is a basic system type, with this one exception.
-	-auroraux)
-		os=-auroraux
-		;;
-	-solaris1 | -solaris1.*)
-		os=`echo $os | sed -e 's|solaris1|sunos4|'`
-		;;
-	-solaris)
-		os=-solaris2
-		;;
-	-svr4*)
-		os=-sysv4
-		;;
-	-unixware*)
-		os=-sysv4.2uw
-		;;
-	-gnu/linux*)
-		os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
-		;;
-	# First accept the basic system types.
-	# The portable systems comes first.
-	# Each alternative MUST END IN A *, to match a version number.
-	# -sysv* is not here because it comes later, after sysvr4.
-	-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
-	      | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\
-	      | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \
-	      | -sym* | -kopensolaris* | -plan9* \
-	      | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
-	      | -aos* | -aros* | -cloudabi* | -sortix* \
-	      | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
-	      | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
-	      | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
-	      | -bitrig* | -openbsd* | -solidbsd* | -libertybsd* \
-	      | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
-	      | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
-	      | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
-	      | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
-	      | -chorusos* | -chorusrdb* | -cegcc* \
-	      | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
-	      | -midipix* | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \
-	      | -linux-newlib* | -linux-musl* | -linux-uclibc* \
-	      | -uxpv* | -beos* | -mpeix* | -udk* | -moxiebox* \
-	      | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
-	      | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
-	      | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
-	      | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
-	      | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
-	      | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
-	      | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* \
-	      | -onefs* | -tirtos* | -phoenix* | -fuchsia*)
-	# Remember, each alternative MUST END IN *, to match a version number.
-		;;
-	-qnx*)
-		case $basic_machine in
-		    x86-* | i*86-*)
-			;;
-		    *)
-			os=-nto$os
-			;;
-		esac
-		;;
-	-nto-qnx*)
-		;;
-	-nto*)
-		os=`echo $os | sed -e 's|nto|nto-qnx|'`
-		;;
-	-sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
-	      | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \
-	      | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
-		;;
-	-mac*)
-		os=`echo $os | sed -e 's|mac|macos|'`
-		;;
-	-linux-dietlibc)
-		os=-linux-dietlibc
-		;;
-	-linux*)
-		os=`echo $os | sed -e 's|linux|linux-gnu|'`
-		;;
-	-sunos5*)
-		os=`echo $os | sed -e 's|sunos5|solaris2|'`
-		;;
-	-sunos6*)
-		os=`echo $os | sed -e 's|sunos6|solaris3|'`
-		;;
-	-opened*)
-		os=-openedition
-		;;
-	-os400*)
-		os=-os400
-		;;
-	-wince*)
-		os=-wince
-		;;
-	-osfrose*)
-		os=-osfrose
-		;;
-	-osf*)
-		os=-osf
-		;;
-	-utek*)
-		os=-bsd
-		;;
-	-dynix*)
-		os=-bsd
-		;;
-	-acis*)
-		os=-aos
-		;;
-	-atheos*)
-		os=-atheos
-		;;
-	-syllable*)
-		os=-syllable
-		;;
-	-386bsd)
-		os=-bsd
-		;;
-	-ctix* | -uts*)
-		os=-sysv
-		;;
-	-nova*)
-		os=-rtmk-nova
-		;;
-	-ns2 )
-		os=-nextstep2
-		;;
-	-nsk*)
-		os=-nsk
-		;;
-	# Preserve the version number of sinix5.
-	-sinix5.*)
-		os=`echo $os | sed -e 's|sinix|sysv|'`
-		;;
-	-sinix*)
-		os=-sysv4
-		;;
-	-tpf*)
-		os=-tpf
-		;;
-	-triton*)
-		os=-sysv3
-		;;
-	-oss*)
-		os=-sysv3
-		;;
-	-svr4)
-		os=-sysv4
-		;;
-	-svr3)
-		os=-sysv3
-		;;
-	-sysvr4)
-		os=-sysv4
-		;;
-	# This must come after -sysvr4.
-	-sysv*)
-		;;
-	-ose*)
-		os=-ose
-		;;
-	-es1800*)
-		os=-ose
-		;;
-	-xenix)
-		os=-xenix
-		;;
-	-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
-		os=-mint
-		;;
-	-aros*)
-		os=-aros
-		;;
-	-zvmoe)
-		os=-zvmoe
-		;;
-	-dicos*)
-		os=-dicos
-		;;
-	-nacl*)
-		;;
-	-ios)
-		;;
-	-none)
-		;;
-	*)
-		# Get rid of the `-' at the beginning of $os.
-		os=`echo $os | sed 's/[^-]*-//'`
-		echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2
-		exit 1
-		;;
-esac
-else
-
-# Here we handle the default operating systems that come with various machines.
-# The value should be what the vendor currently ships out the door with their
-# machine or put another way, the most popular os provided with the machine.
-
-# Note that if you're going to try to match "-MANUFACTURER" here (say,
-# "-sun"), then you have to tell the case statement up towards the top
-# that MANUFACTURER isn't an operating system.  Otherwise, code above
-# will signal an error saying that MANUFACTURER isn't an operating
-# system, and we'll never get to this point.
-
-case $basic_machine in
-	score-*)
-		os=-elf
-		;;
-	spu-*)
-		os=-elf
-		;;
-	*-acorn)
-		os=-riscix1.2
-		;;
-	arm*-rebel)
-		os=-linux
-		;;
-	arm*-semi)
-		os=-aout
-		;;
-	c4x-* | tic4x-*)
-		os=-coff
-		;;
-	c8051-*)
-		os=-elf
-		;;
-	hexagon-*)
-		os=-elf
-		;;
-	tic54x-*)
-		os=-coff
-		;;
-	tic55x-*)
-		os=-coff
-		;;
-	tic6x-*)
-		os=-coff
-		;;
-	# This must come before the *-dec entry.
-	pdp10-*)
-		os=-tops20
-		;;
-	pdp11-*)
-		os=-none
-		;;
-	*-dec | vax-*)
-		os=-ultrix4.2
-		;;
-	m68*-apollo)
-		os=-domain
-		;;
-	i386-sun)
-		os=-sunos4.0.2
-		;;
-	m68000-sun)
-		os=-sunos3
-		;;
-	m68*-cisco)
-		os=-aout
-		;;
-	mep-*)
-		os=-elf
-		;;
-	mips*-cisco)
-		os=-elf
-		;;
-	mips*-*)
-		os=-elf
-		;;
-	or32-*)
-		os=-coff
-		;;
-	*-tti)	# must be before sparc entry or we get the wrong os.
-		os=-sysv3
-		;;
-	sparc-* | *-sun)
-		os=-sunos4.1.1
-		;;
-	*-be)
-		os=-beos
-		;;
-	*-haiku)
-		os=-haiku
-		;;
-	*-ibm)
-		os=-aix
-		;;
-	*-knuth)
-		os=-mmixware
-		;;
-	*-wec)
-		os=-proelf
-		;;
-	*-winbond)
-		os=-proelf
-		;;
-	*-oki)
-		os=-proelf
-		;;
-	*-hp)
-		os=-hpux
-		;;
-	*-hitachi)
-		os=-hiux
-		;;
-	i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent)
-		os=-sysv
-		;;
-	*-cbm)
-		os=-amigaos
-		;;
-	*-dg)
-		os=-dgux
-		;;
-	*-dolphin)
-		os=-sysv3
-		;;
-	m68k-ccur)
-		os=-rtu
-		;;
-	m88k-omron*)
-		os=-luna
-		;;
-	*-next )
-		os=-nextstep
-		;;
-	*-sequent)
-		os=-ptx
-		;;
-	*-crds)
-		os=-unos
-		;;
-	*-ns)
-		os=-genix
-		;;
-	i370-*)
-		os=-mvs
-		;;
-	*-next)
-		os=-nextstep3
-		;;
-	*-gould)
-		os=-sysv
-		;;
-	*-highlevel)
-		os=-bsd
-		;;
-	*-encore)
-		os=-bsd
-		;;
-	*-sgi)
-		os=-irix
-		;;
-	*-siemens)
-		os=-sysv4
-		;;
-	*-masscomp)
-		os=-rtu
-		;;
-	f30[01]-fujitsu | f700-fujitsu)
-		os=-uxpv
-		;;
-	*-rom68k)
-		os=-coff
-		;;
-	*-*bug)
-		os=-coff
-		;;
-	*-apple)
-		os=-macos
-		;;
-	*-atari*)
-		os=-mint
-		;;
-	*)
-		os=-none
-		;;
-esac
-fi
-
-# Here we handle the case where we know the os, and the CPU type, but not the
-# manufacturer.  We pick the logical manufacturer.
-vendor=unknown
-case $basic_machine in
-	*-unknown)
-		case $os in
-			-riscix*)
-				vendor=acorn
-				;;
-			-sunos*)
-				vendor=sun
-				;;
-			-cnk*|-aix*)
-				vendor=ibm
-				;;
-			-beos*)
-				vendor=be
-				;;
-			-hpux*)
-				vendor=hp
-				;;
-			-mpeix*)
-				vendor=hp
-				;;
-			-hiux*)
-				vendor=hitachi
-				;;
-			-unos*)
-				vendor=crds
-				;;
-			-dgux*)
-				vendor=dg
-				;;
-			-luna*)
-				vendor=omron
-				;;
-			-genix*)
-				vendor=ns
-				;;
-			-mvs* | -opened*)
-				vendor=ibm
-				;;
-			-os400*)
-				vendor=ibm
-				;;
-			-ptx*)
-				vendor=sequent
-				;;
-			-tpf*)
-				vendor=ibm
-				;;
-			-vxsim* | -vxworks* | -windiss*)
-				vendor=wrs
-				;;
-			-aux*)
-				vendor=apple
-				;;
-			-hms*)
-				vendor=hitachi
-				;;
-			-mpw* | -macos*)
-				vendor=apple
-				;;
-			-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
-				vendor=atari
-				;;
-			-vos*)
-				vendor=stratus
-				;;
-		esac
-		basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"`
-		;;
-esac
-
-echo $basic_machine$os
-exit
-
-# Local variables:
-# eval: (add-hook 'write-file-hooks 'time-stamp)
-# time-stamp-start: "timestamp='"
-# time-stamp-format: "%:y-%02m-%02d"
-# time-stamp-end: "'"
-# End:
->>>>>>> main
diff --git a/contrib/jemalloc/configure.ac b/contrib/jemalloc/configure.ac
index f7285a6154b9..f6d25f3345ee 100644
--- a/contrib/jemalloc/configure.ac
+++ b/contrib/jemalloc/configure.ac
@@ -1,4 +1,3 @@
-<<<<<<< HEAD
 dnl Process this file with autoconf to produce a configure script.
 AC_PREREQ(2.68)
 AC_INIT([Makefile.in])
@@ -2668,2412 +2667,3 @@ AC_MSG_RESULT([lazy_lock          : ${enable_lazy_lock}])
 AC_MSG_RESULT([cache-oblivious    : ${enable_cache_oblivious}])
 AC_MSG_RESULT([cxx                : ${enable_cxx}])
 AC_MSG_RESULT([===============================================================================])
-||||||| dec341af7695
-=======
-dnl Process this file with autoconf to produce a configure script.
-AC_PREREQ(2.68)
-AC_INIT([Makefile.in])
-
-AC_CONFIG_AUX_DIR([build-aux])
-
-dnl ============================================================================
-dnl Custom macro definitions.
-
-dnl JE_CONCAT_VVV(r, a, b)
-dnl
-dnl Set $r to the concatenation of $a and $b, with a space separating them iff
-dnl both $a and $b are non-empty.
-AC_DEFUN([JE_CONCAT_VVV],
-if test "x[$]{$2}" = "x" -o "x[$]{$3}" = "x" ; then
-  $1="[$]{$2}[$]{$3}"
-else
-  $1="[$]{$2} [$]{$3}"
-fi
-)
-
-dnl JE_APPEND_VS(a, b)
-dnl
-dnl Set $a to the concatenation of $a and b, with a space separating them iff
-dnl both $a and b are non-empty.
-AC_DEFUN([JE_APPEND_VS],
-  T_APPEND_V=$2
-  JE_CONCAT_VVV($1, $1, T_APPEND_V)
-)
-
-CONFIGURE_CFLAGS=
-SPECIFIED_CFLAGS="${CFLAGS}"
-dnl JE_CFLAGS_ADD(cflag)
-dnl
-dnl CFLAGS is the concatenation of CONFIGURE_CFLAGS and SPECIFIED_CFLAGS
-dnl (ignoring EXTRA_CFLAGS, which does not impact configure tests.  This macro
-dnl appends to CONFIGURE_CFLAGS and regenerates CFLAGS.
-AC_DEFUN([JE_CFLAGS_ADD],
-[
-AC_MSG_CHECKING([whether compiler supports $1])
-T_CONFIGURE_CFLAGS="${CONFIGURE_CFLAGS}"
-JE_APPEND_VS(CONFIGURE_CFLAGS, $1)
-JE_CONCAT_VVV(CFLAGS, CONFIGURE_CFLAGS, SPECIFIED_CFLAGS)
-AC_COMPILE_IFELSE([AC_LANG_PROGRAM(
-[[
-]], [[
-    return 0;
-]])],
-              [je_cv_cflags_added=$1]
-              AC_MSG_RESULT([yes]),
-              [je_cv_cflags_added=]
-              AC_MSG_RESULT([no])
-              [CONFIGURE_CFLAGS="${T_CONFIGURE_CFLAGS}"]
-)
-JE_CONCAT_VVV(CFLAGS, CONFIGURE_CFLAGS, SPECIFIED_CFLAGS)
-])
-
-dnl JE_CFLAGS_SAVE()
-dnl JE_CFLAGS_RESTORE()
-dnl
-dnl Save/restore CFLAGS.  Nesting is not supported.
-AC_DEFUN([JE_CFLAGS_SAVE],
-SAVED_CONFIGURE_CFLAGS="${CONFIGURE_CFLAGS}"
-)
-AC_DEFUN([JE_CFLAGS_RESTORE],
-CONFIGURE_CFLAGS="${SAVED_CONFIGURE_CFLAGS}"
-JE_CONCAT_VVV(CFLAGS, CONFIGURE_CFLAGS, SPECIFIED_CFLAGS)
-)
-
-CONFIGURE_CXXFLAGS=
-SPECIFIED_CXXFLAGS="${CXXFLAGS}"
-dnl JE_CXXFLAGS_ADD(cxxflag)
-AC_DEFUN([JE_CXXFLAGS_ADD],
-[
-AC_MSG_CHECKING([whether compiler supports $1])
-T_CONFIGURE_CXXFLAGS="${CONFIGURE_CXXFLAGS}"
-JE_APPEND_VS(CONFIGURE_CXXFLAGS, $1)
-JE_CONCAT_VVV(CXXFLAGS, CONFIGURE_CXXFLAGS, SPECIFIED_CXXFLAGS)
-AC_LANG_PUSH([C++])
-AC_COMPILE_IFELSE([AC_LANG_PROGRAM(
-[[
-]], [[
-    return 0;
-]])],
-              [je_cv_cxxflags_added=$1]
-              AC_MSG_RESULT([yes]),
-              [je_cv_cxxflags_added=]
-              AC_MSG_RESULT([no])
-              [CONFIGURE_CXXFLAGS="${T_CONFIGURE_CXXFLAGS}"]
-)
-AC_LANG_POP([C++])
-JE_CONCAT_VVV(CXXFLAGS, CONFIGURE_CXXFLAGS, SPECIFIED_CXXFLAGS)
-])
-
-dnl JE_COMPILABLE(label, hcode, mcode, rvar)
-dnl
-dnl Use AC_LINK_IFELSE() rather than AC_COMPILE_IFELSE() so that linker errors
-dnl cause failure.
-AC_DEFUN([JE_COMPILABLE],
-[
-AC_CACHE_CHECK([whether $1 is compilable],
-               [$4],
-               [AC_LINK_IFELSE([AC_LANG_PROGRAM([$2],
-                                                [$3])],
-                               [$4=yes],
-                               [$4=no])])
-])
-
-dnl ============================================================================
-
-CONFIG=`echo ${ac_configure_args} | sed -e 's#'"'"'\([^ ]*\)'"'"'#\1#g'`
-AC_SUBST([CONFIG])
-
-dnl Library revision.
-rev=2
-AC_SUBST([rev])
-
-srcroot=$srcdir
-if test "x${srcroot}" = "x." ; then
-  srcroot=""
-else
-  srcroot="${srcroot}/"
-fi
-AC_SUBST([srcroot])
-abs_srcroot="`cd \"${srcdir}\"; pwd`/"
-AC_SUBST([abs_srcroot])
-
-objroot=""
-AC_SUBST([objroot])
-abs_objroot="`pwd`/"
-AC_SUBST([abs_objroot])
-
-dnl Munge install path variables.
-if test "x$prefix" = "xNONE" ; then
-  prefix="/usr/local"
-fi
-if test "x$exec_prefix" = "xNONE" ; then
-  exec_prefix=$prefix
-fi
-PREFIX=$prefix
-AC_SUBST([PREFIX])
-BINDIR=`eval echo $bindir`
-BINDIR=`eval echo $BINDIR`
-AC_SUBST([BINDIR])
-INCLUDEDIR=`eval echo $includedir`
-INCLUDEDIR=`eval echo $INCLUDEDIR`
-AC_SUBST([INCLUDEDIR])
-LIBDIR=`eval echo $libdir`
-LIBDIR=`eval echo $LIBDIR`
-AC_SUBST([LIBDIR])
-DATADIR=`eval echo $datadir`
-DATADIR=`eval echo $DATADIR`
-AC_SUBST([DATADIR])
-MANDIR=`eval echo $mandir`
-MANDIR=`eval echo $MANDIR`
-AC_SUBST([MANDIR])
-
-dnl Support for building documentation.
-AC_PATH_PROG([XSLTPROC], [xsltproc], [false], [$PATH])
-if test -d "/usr/share/xml/docbook/stylesheet/docbook-xsl" ; then
-  DEFAULT_XSLROOT="/usr/share/xml/docbook/stylesheet/docbook-xsl"
-elif test -d "/usr/share/sgml/docbook/xsl-stylesheets" ; then
-  DEFAULT_XSLROOT="/usr/share/sgml/docbook/xsl-stylesheets"
-else
-  dnl Documentation building will fail if this default gets used.
-  DEFAULT_XSLROOT=""
-fi
-AC_ARG_WITH([xslroot],
-  [AS_HELP_STRING([--with-xslroot=<path>], [XSL stylesheet root path])], [
-if test "x$with_xslroot" = "xno" ; then
-  XSLROOT="${DEFAULT_XSLROOT}"
-else
-  XSLROOT="${with_xslroot}"
-fi
-],
-  XSLROOT="${DEFAULT_XSLROOT}"
-)
-if test "x$XSLTPROC" = "xfalse" ; then
-  XSLROOT=""
-fi
-AC_SUBST([XSLROOT])
-
-dnl If CFLAGS isn't defined, set CFLAGS to something reasonable.  Otherwise,
-dnl just prevent autoconf from molesting CFLAGS.
-CFLAGS=$CFLAGS
-AC_PROG_CC
-
-if test "x$GCC" != "xyes" ; then
-  AC_CACHE_CHECK([whether compiler is MSVC],
-                 [je_cv_msvc],
-                 [AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],
-                                                     [
-#ifndef _MSC_VER
-  int fail[-1];
-#endif
-])],
-                               [je_cv_msvc=yes],
-                               [je_cv_msvc=no])])
-fi
-
-dnl check if a cray prgenv wrapper compiler is being used
-je_cv_cray_prgenv_wrapper=""
-if test "x${PE_ENV}" != "x" ; then
-  case "${CC}" in
-    CC|cc)
-	je_cv_cray_prgenv_wrapper="yes"
-	;;
-    *)
-       ;;
-  esac
-fi
-
-AC_CACHE_CHECK([whether compiler is cray],
-              [je_cv_cray],
-              [AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],
-                                                  [
-#ifndef _CRAYC
-  int fail[-1];
-#endif
-])],
-                            [je_cv_cray=yes],
-                            [je_cv_cray=no])])
-
-if test "x${je_cv_cray}" = "xyes" ; then
-  AC_CACHE_CHECK([whether cray compiler version is 8.4],
-                [je_cv_cray_84],
-                [AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],
-                                                      [
-#if !(_RELEASE_MAJOR == 8 && _RELEASE_MINOR == 4)
-  int fail[-1];
-#endif
-])],
-                              [je_cv_cray_84=yes],
-                              [je_cv_cray_84=no])])
-fi
-
-if test "x$GCC" = "xyes" ; then
-  JE_CFLAGS_ADD([-std=gnu11])
-  if test "x$je_cv_cflags_added" = "x-std=gnu11" ; then
-    AC_DEFINE_UNQUOTED([JEMALLOC_HAS_RESTRICT])
-  else
-    JE_CFLAGS_ADD([-std=gnu99])
-    if test "x$je_cv_cflags_added" = "x-std=gnu99" ; then
-      AC_DEFINE_UNQUOTED([JEMALLOC_HAS_RESTRICT])
-    fi
-  fi
-  JE_CFLAGS_ADD([-Wall])
-  JE_CFLAGS_ADD([-Wextra])
-  JE_CFLAGS_ADD([-Wshorten-64-to-32])
-  JE_CFLAGS_ADD([-Wsign-compare])
-  JE_CFLAGS_ADD([-Wundef])
-  JE_CFLAGS_ADD([-Wno-format-zero-length])
-  JE_CFLAGS_ADD([-pipe])
-  JE_CFLAGS_ADD([-g3])
-elif test "x$je_cv_msvc" = "xyes" ; then
-  CC="$CC -nologo"
-  JE_CFLAGS_ADD([-Zi])
-  JE_CFLAGS_ADD([-MT])
-  JE_CFLAGS_ADD([-W3])
-  JE_CFLAGS_ADD([-FS])
-  JE_APPEND_VS(CPPFLAGS, -I${srcdir}/include/msvc_compat)
-fi
-if test "x$je_cv_cray" = "xyes" ; then
-  dnl cray compiler 8.4 has an inlining bug
-  if test "x$je_cv_cray_84" = "xyes" ; then
-    JE_CFLAGS_ADD([-hipa2])
-    JE_CFLAGS_ADD([-hnognu])
-  fi
-  dnl ignore unreachable code warning
-  JE_CFLAGS_ADD([-hnomessage=128])
-  dnl ignore redefinition of "malloc", "free", etc warning
-  JE_CFLAGS_ADD([-hnomessage=1357])
-fi
-AC_SUBST([CONFIGURE_CFLAGS])
-AC_SUBST([SPECIFIED_CFLAGS])
-AC_SUBST([EXTRA_CFLAGS])
-AC_PROG_CPP
-
-AC_ARG_ENABLE([cxx],
-  [AS_HELP_STRING([--disable-cxx], [Disable C++ integration])],
-if test "x$enable_cxx" = "xno" ; then
-  enable_cxx="0"
-else
-  enable_cxx="1"
-fi
-,
-enable_cxx="1"
-)
-if test "x$enable_cxx" = "x1" ; then
-  dnl Require at least c++14, which is the first version to support sized
-  dnl deallocation.  C++ support is not compiled otherwise.
-  m4_include([m4/ax_cxx_compile_stdcxx.m4])
-  AX_CXX_COMPILE_STDCXX([14], [noext], [optional])
-  if test "x${HAVE_CXX14}" = "x1" ; then
-    JE_CXXFLAGS_ADD([-Wall])
-    JE_CXXFLAGS_ADD([-Wextra])
-    JE_CXXFLAGS_ADD([-g3])
-
-    SAVED_LIBS="${LIBS}"
-    JE_APPEND_VS(LIBS, -lstdc++)
-    JE_COMPILABLE([libstdc++ linkage], [
-#include <stdlib.h>
-], [[
-	int *arr = (int *)malloc(sizeof(int) * 42);
-	if (arr == NULL)
-		return 1;
-]], [je_cv_libstdcxx])
-    if test "x${je_cv_libstdcxx}" = "xno" ; then
-      LIBS="${SAVED_LIBS}"
-    fi
-  else
-    enable_cxx="0"
-  fi
-fi
-AC_SUBST([enable_cxx])
-AC_SUBST([CONFIGURE_CXXFLAGS])
-AC_SUBST([SPECIFIED_CXXFLAGS])
-AC_SUBST([EXTRA_CXXFLAGS])
-
-AC_C_BIGENDIAN([ac_cv_big_endian=1], [ac_cv_big_endian=0])
-if test "x${ac_cv_big_endian}" = "x1" ; then
-  AC_DEFINE_UNQUOTED([JEMALLOC_BIG_ENDIAN], [ ])
-fi
-
-if test "x${je_cv_msvc}" = "xyes" -a "x${ac_cv_header_inttypes_h}" = "xno"; then
-  JE_APPEND_VS(CPPFLAGS, -I${srcdir}/include/msvc_compat/C99)
-fi
-
-if test "x${je_cv_msvc}" = "xyes" ; then
-  LG_SIZEOF_PTR=LG_SIZEOF_PTR_WIN
-  AC_MSG_RESULT([Using a predefined value for sizeof(void *): 4 for 32-bit, 8 for 64-bit])
-else
-  AC_CHECK_SIZEOF([void *])
-  if test "x${ac_cv_sizeof_void_p}" = "x8" ; then
-    LG_SIZEOF_PTR=3
-  elif test "x${ac_cv_sizeof_void_p}" = "x4" ; then
-    LG_SIZEOF_PTR=2
-  else
-    AC_MSG_ERROR([Unsupported pointer size: ${ac_cv_sizeof_void_p}])
-  fi
-fi
-AC_DEFINE_UNQUOTED([LG_SIZEOF_PTR], [$LG_SIZEOF_PTR])
-
-AC_CHECK_SIZEOF([int])
-if test "x${ac_cv_sizeof_int}" = "x8" ; then
-  LG_SIZEOF_INT=3
-elif test "x${ac_cv_sizeof_int}" = "x4" ; then
-  LG_SIZEOF_INT=2
-else
-  AC_MSG_ERROR([Unsupported int size: ${ac_cv_sizeof_int}])
-fi
-AC_DEFINE_UNQUOTED([LG_SIZEOF_INT], [$LG_SIZEOF_INT])
-
-AC_CHECK_SIZEOF([long])
-if test "x${ac_cv_sizeof_long}" = "x8" ; then
-  LG_SIZEOF_LONG=3
-elif test "x${ac_cv_sizeof_long}" = "x4" ; then
-  LG_SIZEOF_LONG=2
-else
-  AC_MSG_ERROR([Unsupported long size: ${ac_cv_sizeof_long}])
-fi
-AC_DEFINE_UNQUOTED([LG_SIZEOF_LONG], [$LG_SIZEOF_LONG])
-
-AC_CHECK_SIZEOF([long long])
-if test "x${ac_cv_sizeof_long_long}" = "x8" ; then
-  LG_SIZEOF_LONG_LONG=3
-elif test "x${ac_cv_sizeof_long_long}" = "x4" ; then
-  LG_SIZEOF_LONG_LONG=2
-else
-  AC_MSG_ERROR([Unsupported long long size: ${ac_cv_sizeof_long_long}])
-fi
-AC_DEFINE_UNQUOTED([LG_SIZEOF_LONG_LONG], [$LG_SIZEOF_LONG_LONG])
-
-AC_CHECK_SIZEOF([intmax_t])
-if test "x${ac_cv_sizeof_intmax_t}" = "x16" ; then
-  LG_SIZEOF_INTMAX_T=4
-elif test "x${ac_cv_sizeof_intmax_t}" = "x8" ; then
-  LG_SIZEOF_INTMAX_T=3
-elif test "x${ac_cv_sizeof_intmax_t}" = "x4" ; then
-  LG_SIZEOF_INTMAX_T=2
-else
-  AC_MSG_ERROR([Unsupported intmax_t size: ${ac_cv_sizeof_intmax_t}])
-fi
-AC_DEFINE_UNQUOTED([LG_SIZEOF_INTMAX_T], [$LG_SIZEOF_INTMAX_T])
-
-AC_CANONICAL_HOST
-dnl CPU-specific settings.
-CPU_SPINWAIT=""
-case "${host_cpu}" in
-  i686|x86_64)
-	HAVE_CPU_SPINWAIT=1
-	if test "x${je_cv_msvc}" = "xyes" ; then
-	    AC_CACHE_VAL([je_cv_pause_msvc],
-	      [JE_COMPILABLE([pause instruction MSVC], [],
-					[[_mm_pause(); return 0;]],
-					[je_cv_pause_msvc])])
-	    if test "x${je_cv_pause_msvc}" = "xyes" ; then
-		CPU_SPINWAIT='_mm_pause()'
-	    fi
-	else
-	    AC_CACHE_VAL([je_cv_pause],
-	      [JE_COMPILABLE([pause instruction], [],
-					[[__asm__ volatile("pause"); return 0;]],
-					[je_cv_pause])])
-	    if test "x${je_cv_pause}" = "xyes" ; then
-		CPU_SPINWAIT='__asm__ volatile("pause")'
-	    fi
-	fi
-	;;
-  *)
-	HAVE_CPU_SPINWAIT=0
-	;;
-esac
-AC_DEFINE_UNQUOTED([HAVE_CPU_SPINWAIT], [$HAVE_CPU_SPINWAIT])
-AC_DEFINE_UNQUOTED([CPU_SPINWAIT], [$CPU_SPINWAIT])
-
-AC_ARG_WITH([lg_vaddr],
-  [AS_HELP_STRING([--with-lg-vaddr=<lg-vaddr>], [Number of significant virtual address bits])],
-  [LG_VADDR="$with_lg_vaddr"], [LG_VADDR="detect"])
-
-case "${host_cpu}" in
-  aarch64)
-    if test "x$LG_VADDR" = "xdetect"; then
-      AC_MSG_CHECKING([number of significant virtual address bits])
-      if test "x${LG_SIZEOF_PTR}" = "x2" ; then
-        #aarch64 ILP32
-        LG_VADDR=32
-      else
-        #aarch64 LP64
-        LG_VADDR=48
-      fi
-      AC_MSG_RESULT([$LG_VADDR])
-    fi
-    ;;
-  x86_64)
-    if test "x$LG_VADDR" = "xdetect"; then
-      AC_CACHE_CHECK([number of significant virtual address bits],
-                     [je_cv_lg_vaddr],
-                     AC_RUN_IFELSE([AC_LANG_PROGRAM(
-[[
-#include <stdio.h>
-#ifdef _WIN32
-#include <limits.h>
-#include <intrin.h>
-typedef unsigned __int32 uint32_t;
-#else
-#include <stdint.h>
-#endif
-]], [[
-	uint32_t r[[4]];
-	uint32_t eax_in = 0x80000008U;
-#ifdef _WIN32
-	__cpuid((int *)r, (int)eax_in);
-#else
-	asm volatile ("cpuid"
-	    : "=a" (r[[0]]), "=b" (r[[1]]), "=c" (r[[2]]), "=d" (r[[3]])
-	    : "a" (eax_in), "c" (0)
-	);
-#endif
-	uint32_t eax_out = r[[0]];
-	uint32_t vaddr = ((eax_out & 0x0000ff00U) >> 8);
-	FILE *f = fopen("conftest.out", "w");
-	if (f == NULL) {
-		return 1;
-	}
-	if (vaddr > (sizeof(void *) << 3)) {
-		vaddr = sizeof(void *) << 3;
-	}
-	fprintf(f, "%u", vaddr);
-	fclose(f);
-	return 0;
-]])],
-                   [je_cv_lg_vaddr=`cat conftest.out`],
-                   [je_cv_lg_vaddr=error],
-                   [je_cv_lg_vaddr=57]))
-      if test "x${je_cv_lg_vaddr}" != "x" ; then
-        LG_VADDR="${je_cv_lg_vaddr}"
-      fi
-      if test "x${LG_VADDR}" != "xerror" ; then
-        AC_DEFINE_UNQUOTED([LG_VADDR], [$LG_VADDR])
-      else
-        AC_MSG_ERROR([cannot determine number of significant virtual address bits])
-      fi
-    fi
-    ;;
-  *)
-    if test "x$LG_VADDR" = "xdetect"; then
-      AC_MSG_CHECKING([number of significant virtual address bits])
-      if test "x${LG_SIZEOF_PTR}" = "x3" ; then
-        LG_VADDR=64
-      elif test "x${LG_SIZEOF_PTR}" = "x2" ; then
-        LG_VADDR=32
-      elif test "x${LG_SIZEOF_PTR}" = "xLG_SIZEOF_PTR_WIN" ; then
-        LG_VADDR="(1U << (LG_SIZEOF_PTR_WIN+3))"
-      else
-        AC_MSG_ERROR([Unsupported lg(pointer size): ${LG_SIZEOF_PTR}])
-      fi
-      AC_MSG_RESULT([$LG_VADDR])
-    fi
-    ;;
-esac
-AC_DEFINE_UNQUOTED([LG_VADDR], [$LG_VADDR])
-
-LD_PRELOAD_VAR="LD_PRELOAD"
-so="so"
-importlib="${so}"
-o="$ac_objext"
-a="a"
-exe="$ac_exeext"
-libprefix="lib"
-link_whole_archive="0"
-DSO_LDFLAGS='-shared -Wl,-soname,$(@F)'
-RPATH='-Wl,-rpath,$(1)'
-SOREV="${so}.${rev}"
-PIC_CFLAGS='-fPIC -DPIC'
-CTARGET='-o $@'
-LDTARGET='-o $@'
-TEST_LD_MODE=
-EXTRA_LDFLAGS=
-ARFLAGS='crus'
-AROUT=' $@'
-CC_MM=1
-
-if test "x$je_cv_cray_prgenv_wrapper" = "xyes" ; then
-  TEST_LD_MODE='-dynamic'
-fi
-
-if test "x${je_cv_cray}" = "xyes" ; then
-  CC_MM=
-fi
-
-AN_MAKEVAR([AR], [AC_PROG_AR])
-AN_PROGRAM([ar], [AC_PROG_AR])
-AC_DEFUN([AC_PROG_AR], [AC_CHECK_TOOL(AR, ar, :)])
-AC_PROG_AR
-
-AN_MAKEVAR([NM], [AC_PROG_NM])
-AN_PROGRAM([nm], [AC_PROG_NM])
-AC_DEFUN([AC_PROG_NM], [AC_CHECK_TOOL(NM, nm, :)])
-AC_PROG_NM
-
-AC_PROG_AWK
-
-dnl ============================================================================
-dnl jemalloc version.
-dnl
-
-AC_ARG_WITH([version],
-  [AS_HELP_STRING([--with-version=<major>.<minor>.<bugfix>-<nrev>-g<gid>],
-   [Version string])],
-  [
-    echo "${with_version}" | grep ['^[0-9]\+\.[0-9]\+\.[0-9]\+-[0-9]\+-g[0-9a-f]\+$'] 2>&1 1>/dev/null
-    if test $? -eq 0 ; then
-      echo "$with_version" > "${objroot}VERSION"
-    else
-      echo "${with_version}" | grep ['^VERSION$'] 2>&1 1>/dev/null
-      if test $? -ne 0 ; then
-        AC_MSG_ERROR([${with_version} does not match <major>.<minor>.<bugfix>-<nrev>-g<gid> or VERSION])
-      fi
-    fi
-  ], [
-    dnl Set VERSION if source directory is inside a git repository.
-    if test "x`test ! \"${srcroot}\" && cd \"${srcroot}\"; git rev-parse --is-inside-work-tree 2>/dev/null`" = "xtrue" ; then
-      dnl Pattern globs aren't powerful enough to match both single- and
-      dnl double-digit version numbers, so iterate over patterns to support up
-      dnl to version 99.99.99 without any accidental matches.
-      for pattern in ['[0-9].[0-9].[0-9]' '[0-9].[0-9].[0-9][0-9]' \
-                     '[0-9].[0-9][0-9].[0-9]' '[0-9].[0-9][0-9].[0-9][0-9]' \
-                     '[0-9][0-9].[0-9].[0-9]' '[0-9][0-9].[0-9].[0-9][0-9]' \
-                     '[0-9][0-9].[0-9][0-9].[0-9]' \
-                     '[0-9][0-9].[0-9][0-9].[0-9][0-9]']; do
-        (test ! "${srcroot}" && cd "${srcroot}"; git describe --long --abbrev=40 --match="${pattern}") > "${objroot}VERSION.tmp" 2>/dev/null
-        if test $? -eq 0 ; then
-          mv "${objroot}VERSION.tmp" "${objroot}VERSION"
-          break
-        fi
-      done
-    fi
-    rm -f "${objroot}VERSION.tmp"
-  ])
-
-if test ! -e "${objroot}VERSION" ; then
-  if test ! -e "${srcroot}VERSION" ; then
-    AC_MSG_RESULT(
-      [Missing VERSION file, and unable to generate it; creating bogus VERSION])
-    echo "0.0.0-0-g0000000000000000000000000000000000000000" > "${objroot}VERSION"
-  else
-    cp ${srcroot}VERSION ${objroot}VERSION
-  fi
-fi
-jemalloc_version=`cat "${objroot}VERSION"`
-jemalloc_version_major=`echo ${jemalloc_version} | tr ".g-" " " | awk '{print [$]1}'`
-jemalloc_version_minor=`echo ${jemalloc_version} | tr ".g-" " " | awk '{print [$]2}'`
-jemalloc_version_bugfix=`echo ${jemalloc_version} | tr ".g-" " " | awk '{print [$]3}'`
-jemalloc_version_nrev=`echo ${jemalloc_version} | tr ".g-" " " | awk '{print [$]4}'`
-jemalloc_version_gid=`echo ${jemalloc_version} | tr ".g-" " " | awk '{print [$]5}'`
-AC_SUBST([jemalloc_version])
-AC_SUBST([jemalloc_version_major])
-AC_SUBST([jemalloc_version_minor])
-AC_SUBST([jemalloc_version_bugfix])
-AC_SUBST([jemalloc_version_nrev])
-AC_SUBST([jemalloc_version_gid])
-
-dnl Platform-specific settings.  abi and RPATH can probably be determined
-dnl programmatically, but doing so is error-prone, which makes it generally
-dnl not worth the trouble.
-dnl
-dnl Define cpp macros in CPPFLAGS, rather than doing AC_DEFINE(macro), since the
-dnl definitions need to be seen before any headers are included, which is a pain
-dnl to make happen otherwise.
-default_retain="0"
-maps_coalesce="1"
-DUMP_SYMS="${NM} -a"
-SYM_PREFIX=""
-case "${host}" in
-  *-*-darwin* | *-*-ios*)
-	abi="macho"
-	RPATH=""
-	LD_PRELOAD_VAR="DYLD_INSERT_LIBRARIES"
-	so="dylib"
-	importlib="${so}"
-	force_tls="0"
-	DSO_LDFLAGS='-shared -Wl,-install_name,$(LIBDIR)/$(@F)'
-	SOREV="${rev}.${so}"
-	sbrk_deprecated="1"
-	SYM_PREFIX="_"
-	;;
-  *-*-freebsd*)
-	abi="elf"
-	AC_DEFINE([JEMALLOC_SYSCTL_VM_OVERCOMMIT], [ ])
-	force_lazy_lock="1"
-	;;
-  *-*-dragonfly*)
-	abi="elf"
-	;;
-  *-*-openbsd*)
-	abi="elf"
-	force_tls="0"
-	;;
-  *-*-bitrig*)
-	abi="elf"
-	;;
-  *-*-linux-android)
-	dnl syscall(2) and secure_getenv(3) are exposed by _GNU_SOURCE.
-	JE_APPEND_VS(CPPFLAGS, -D_GNU_SOURCE)
-	abi="elf"
-	AC_DEFINE([JEMALLOC_PURGE_MADVISE_DONTNEED_ZEROS], [ ])
-	AC_DEFINE([JEMALLOC_HAS_ALLOCA_H])
-	AC_DEFINE([JEMALLOC_PROC_SYS_VM_OVERCOMMIT_MEMORY], [ ])
-	AC_DEFINE([JEMALLOC_THREADED_INIT], [ ])
-	AC_DEFINE([JEMALLOC_C11_ATOMICS])
-	force_tls="0"
-	if test "${LG_SIZEOF_PTR}" = "3"; then
-	  default_retain="1"
-	fi
-	;;
-  *-*-linux*)
-	dnl syscall(2) and secure_getenv(3) are exposed by _GNU_SOURCE.
-	JE_APPEND_VS(CPPFLAGS, -D_GNU_SOURCE)
-	abi="elf"
-	AC_DEFINE([JEMALLOC_PURGE_MADVISE_DONTNEED_ZEROS], [ ])
-	AC_DEFINE([JEMALLOC_HAS_ALLOCA_H])
-	AC_DEFINE([JEMALLOC_PROC_SYS_VM_OVERCOMMIT_MEMORY], [ ])
-	AC_DEFINE([JEMALLOC_THREADED_INIT], [ ])
-	AC_DEFINE([JEMALLOC_USE_CXX_THROW], [ ])
-	if test "${LG_SIZEOF_PTR}" = "3"; then
-	  default_retain="1"
-	fi
-	;;
-  *-*-kfreebsd*)
-	dnl syscall(2) and secure_getenv(3) are exposed by _GNU_SOURCE.
-	JE_APPEND_VS(CPPFLAGS, -D_GNU_SOURCE)
-	abi="elf"
-	AC_DEFINE([JEMALLOC_HAS_ALLOCA_H])
-	AC_DEFINE([JEMALLOC_SYSCTL_VM_OVERCOMMIT], [ ])
-	AC_DEFINE([JEMALLOC_THREADED_INIT], [ ])
-	AC_DEFINE([JEMALLOC_USE_CXX_THROW], [ ])
-	;;
-  *-*-netbsd*)
-	AC_MSG_CHECKING([ABI])
-        AC_COMPILE_IFELSE([AC_LANG_PROGRAM(
-[[#ifdef __ELF__
-/* ELF */
-#else
-#error aout
-#endif
-]])],
-                          [abi="elf"],
-                          [abi="aout"])
-	AC_MSG_RESULT([$abi])
-	;;
-  *-*-solaris2*)
-	abi="elf"
-	RPATH='-Wl,-R,$(1)'
-	dnl Solaris needs this for sigwait().
-	JE_APPEND_VS(CPPFLAGS, -D_POSIX_PTHREAD_SEMANTICS)
-	JE_APPEND_VS(LIBS, -lposix4 -lsocket -lnsl)
-	;;
-  *-ibm-aix*)
-	if test "${LG_SIZEOF_PTR}" = "3"; then
-	  dnl 64bit AIX
-	  LD_PRELOAD_VAR="LDR_PRELOAD64"
-	else
-	  dnl 32bit AIX
-	  LD_PRELOAD_VAR="LDR_PRELOAD"
-	fi
-	abi="xcoff"
-	;;
-  *-*-mingw* | *-*-cygwin*)
-	abi="pecoff"
-	force_tls="0"
-	maps_coalesce="0"
-	RPATH=""
-	so="dll"
-	if test "x$je_cv_msvc" = "xyes" ; then
-	  importlib="lib"
-	  DSO_LDFLAGS="-LD"
-	  EXTRA_LDFLAGS="-link -DEBUG"
-	  CTARGET='-Fo$@'
-	  LDTARGET='-Fe$@'
-	  AR='lib'
-	  ARFLAGS='-nologo -out:'
-	  AROUT='$@'
-	  CC_MM=
-        else
-	  importlib="${so}"
-	  DSO_LDFLAGS="-shared"
-	  link_whole_archive="1"
-	fi
-	case "${host}" in
-	  *-*-cygwin*)
-	    DUMP_SYMS="dumpbin /SYMBOLS"
-	    ;;
-	  *)
-	    ;;
-	esac
-	a="lib"
-	libprefix=""
-	SOREV="${so}"
-	PIC_CFLAGS=""
-	if test "${LG_SIZEOF_PTR}" = "3"; then
-	  default_retain="1"
-	fi
-	;;
-  *)
-	AC_MSG_RESULT([Unsupported operating system: ${host}])
-	abi="elf"
-	;;
-esac
-
-JEMALLOC_USABLE_SIZE_CONST=const
-AC_CHECK_HEADERS([malloc.h], [
-  AC_MSG_CHECKING([whether malloc_usable_size definition can use const argument])
-  AC_COMPILE_IFELSE([AC_LANG_PROGRAM(
-    [#include <malloc.h>
-     #include <stddef.h>
-    size_t malloc_usable_size(const void *ptr);
-    ],
-    [])],[
-                AC_MSG_RESULT([yes])
-         ],[
-                JEMALLOC_USABLE_SIZE_CONST=
-                AC_MSG_RESULT([no])
-         ])
-])
-AC_DEFINE_UNQUOTED([JEMALLOC_USABLE_SIZE_CONST], [$JEMALLOC_USABLE_SIZE_CONST])
-AC_SUBST([abi])
-AC_SUBST([RPATH])
-AC_SUBST([LD_PRELOAD_VAR])
-AC_SUBST([so])
-AC_SUBST([importlib])
-AC_SUBST([o])
-AC_SUBST([a])
-AC_SUBST([exe])
-AC_SUBST([libprefix])
-AC_SUBST([link_whole_archive])
-AC_SUBST([DSO_LDFLAGS])
-AC_SUBST([EXTRA_LDFLAGS])
-AC_SUBST([SOREV])
-AC_SUBST([PIC_CFLAGS])
-AC_SUBST([CTARGET])
-AC_SUBST([LDTARGET])
-AC_SUBST([TEST_LD_MODE])
-AC_SUBST([MKLIB])
-AC_SUBST([ARFLAGS])
-AC_SUBST([AROUT])
-AC_SUBST([DUMP_SYMS])
-AC_SUBST([CC_MM])
-
-dnl Determine whether libm must be linked to use e.g. log(3).
-AC_SEARCH_LIBS([log], [m], , [AC_MSG_ERROR([Missing math functions])])
-if test "x$ac_cv_search_log" != "xnone required" ; then
-  LM="$ac_cv_search_log"
-else
-  LM=
-fi
-AC_SUBST(LM)
-
-JE_COMPILABLE([__attribute__ syntax],
-              [static __attribute__((unused)) void foo(void){}],
-              [],
-              [je_cv_attribute])
-if test "x${je_cv_attribute}" = "xyes" ; then
-  AC_DEFINE([JEMALLOC_HAVE_ATTR], [ ])
-  if test "x${GCC}" = "xyes" -a "x${abi}" = "xelf"; then
-    JE_CFLAGS_ADD([-fvisibility=hidden])
-    JE_CXXFLAGS_ADD([-fvisibility=hidden])
-  fi
-fi
-dnl Check for tls_model attribute support (clang 3.0 still lacks support).
-JE_CFLAGS_SAVE()
-JE_CFLAGS_ADD([-Werror])
-JE_CFLAGS_ADD([-herror_on_warning])
-JE_COMPILABLE([tls_model attribute], [],
-              [static __thread int
-               __attribute__((tls_model("initial-exec"), unused)) foo;
-               foo = 0;],
-              [je_cv_tls_model])
-JE_CFLAGS_RESTORE()
-dnl (Setting of JEMALLOC_TLS_MODEL is done later, after we've checked for
-dnl --disable-initial-exec-tls)
-
-dnl Check for alloc_size attribute support.
-JE_CFLAGS_SAVE()
-JE_CFLAGS_ADD([-Werror])
-JE_CFLAGS_ADD([-herror_on_warning])
-JE_COMPILABLE([alloc_size attribute], [#include <stdlib.h>],
-              [void *foo(size_t size) __attribute__((alloc_size(1)));],
-              [je_cv_alloc_size])
-JE_CFLAGS_RESTORE()
-if test "x${je_cv_alloc_size}" = "xyes" ; then
-  AC_DEFINE([JEMALLOC_HAVE_ATTR_ALLOC_SIZE], [ ])
-fi
-dnl Check for format(gnu_printf, ...) attribute support.
-JE_CFLAGS_SAVE()
-JE_CFLAGS_ADD([-Werror])
-JE_CFLAGS_ADD([-herror_on_warning])
-JE_COMPILABLE([format(gnu_printf, ...) attribute], [#include <stdlib.h>],
-              [void *foo(const char *format, ...) __attribute__((format(gnu_printf, 1, 2)));],
-              [je_cv_format_gnu_printf])
-JE_CFLAGS_RESTORE()
-if test "x${je_cv_format_gnu_printf}" = "xyes" ; then
-  AC_DEFINE([JEMALLOC_HAVE_ATTR_FORMAT_GNU_PRINTF], [ ])
-fi
-dnl Check for format(printf, ...) attribute support.
-JE_CFLAGS_SAVE()
-JE_CFLAGS_ADD([-Werror])
-JE_CFLAGS_ADD([-herror_on_warning])
-JE_COMPILABLE([format(printf, ...) attribute], [#include <stdlib.h>],
-              [void *foo(const char *format, ...) __attribute__((format(printf, 1, 2)));],
-              [je_cv_format_printf])
-JE_CFLAGS_RESTORE()
-if test "x${je_cv_format_printf}" = "xyes" ; then
-  AC_DEFINE([JEMALLOC_HAVE_ATTR_FORMAT_PRINTF], [ ])
-fi
-
-dnl Check for format_arg(...) attribute support.
-JE_CFLAGS_SAVE()
-JE_CFLAGS_ADD([-Werror])
-JE_CFLAGS_ADD([-herror_on_warning])
-JE_COMPILABLE([format(printf, ...) attribute], [#include <stdlib.h>],
-              [const char * __attribute__((__format_arg__(1))) foo(const char *format);],
-              [je_cv_format_arg])
-JE_CFLAGS_RESTORE()
-if test "x${je_cv_format_arg}" = "xyes" ; then
-  AC_DEFINE([JEMALLOC_HAVE_ATTR_FORMAT_ARG], [ ])
-fi
-
-dnl Support optional additions to rpath.
-AC_ARG_WITH([rpath],
-  [AS_HELP_STRING([--with-rpath=<rpath>], [Colon-separated rpath (ELF systems only)])],
-if test "x$with_rpath" = "xno" ; then
-  RPATH_EXTRA=
-else
-  RPATH_EXTRA="`echo $with_rpath | tr \":\" \" \"`"
-fi,
-  RPATH_EXTRA=
-)
-AC_SUBST([RPATH_EXTRA])
-
-dnl Disable rules that do automatic regeneration of configure output by default.
-AC_ARG_ENABLE([autogen],
-  [AS_HELP_STRING([--enable-autogen], [Automatically regenerate configure output])],
-if test "x$enable_autogen" = "xno" ; then
-  enable_autogen="0"
-else
-  enable_autogen="1"
-fi
-,
-enable_autogen="0"
-)
-AC_SUBST([enable_autogen])
-
-AC_PROG_INSTALL
-AC_PROG_RANLIB
-AC_PATH_PROG([LD], [ld], [false], [$PATH])
-AC_PATH_PROG([AUTOCONF], [autoconf], [false], [$PATH])
-
-dnl Enable documentation
-AC_ARG_ENABLE([doc],
-	      [AS_HELP_STRING([--enable-documentation], [Build documentation])],
-if test "x$enable_doc" = "xno" ; then
-  enable_doc="0"
-else
-  enable_doc="1"
-fi
-,
-enable_doc="1"
-)
-AC_SUBST([enable_doc])
-
-dnl Enable shared libs
-AC_ARG_ENABLE([shared],
-  [AS_HELP_STRING([--enable-shared], [Build shared libaries])],
-if test "x$enable_shared" = "xno" ; then
-  enable_shared="0"
-else
-  enable_shared="1"
-fi
-,
-enable_shared="1"
-)
-AC_SUBST([enable_shared])
-
-dnl Enable static libs
-AC_ARG_ENABLE([static],
-  [AS_HELP_STRING([--enable-static], [Build static libaries])],
-if test "x$enable_static" = "xno" ; then
-  enable_static="0"
-else
-  enable_static="1"
-fi
-,
-enable_static="1"
-)
-AC_SUBST([enable_static])
-
-if test "$enable_shared$enable_static" = "00" ; then
-  AC_MSG_ERROR([Please enable one of shared or static builds])
-fi
-
-dnl Perform no name mangling by default.
-AC_ARG_WITH([mangling],
-  [AS_HELP_STRING([--with-mangling=<map>], [Mangle symbols in <map>])],
-  [mangling_map="$with_mangling"], [mangling_map=""])
-
-dnl Do not prefix public APIs by default.
-AC_ARG_WITH([jemalloc_prefix],
-  [AS_HELP_STRING([--with-jemalloc-prefix=<prefix>], [Prefix to prepend to all public APIs])],
-  [JEMALLOC_PREFIX="$with_jemalloc_prefix"],
-  [if test "x$abi" != "xmacho" -a "x$abi" != "xpecoff"; then
-  JEMALLOC_PREFIX=""
-else
-  JEMALLOC_PREFIX="je_"
-fi]
-)
-if test "x$JEMALLOC_PREFIX" = "x" ; then
-  AC_DEFINE([JEMALLOC_IS_MALLOC])
-else
-  JEMALLOC_CPREFIX=`echo ${JEMALLOC_PREFIX} | tr "a-z" "A-Z"`
-  AC_DEFINE_UNQUOTED([JEMALLOC_PREFIX], ["$JEMALLOC_PREFIX"])
-  AC_DEFINE_UNQUOTED([JEMALLOC_CPREFIX], ["$JEMALLOC_CPREFIX"])
-fi
-AC_SUBST([JEMALLOC_PREFIX])
-AC_SUBST([JEMALLOC_CPREFIX])
-
-AC_ARG_WITH([export],
-  [AS_HELP_STRING([--without-export], [disable exporting jemalloc public APIs])],
-  [if test "x$with_export" = "xno"; then
-  AC_DEFINE([JEMALLOC_EXPORT],[])
-fi]
-)
-
-public_syms="aligned_alloc calloc dallocx free mallctl mallctlbymib mallctlnametomib malloc malloc_conf malloc_message malloc_stats_print malloc_usable_size mallocx smallocx_${jemalloc_version_gid} nallocx posix_memalign rallocx realloc sallocx sdallocx xallocx"
-dnl Check for additional platform-specific public API functions.
-AC_CHECK_FUNC([memalign],
-	      [AC_DEFINE([JEMALLOC_OVERRIDE_MEMALIGN], [ ])
-	       public_syms="${public_syms} memalign"])
-AC_CHECK_FUNC([valloc],
-	      [AC_DEFINE([JEMALLOC_OVERRIDE_VALLOC], [ ])
-	       public_syms="${public_syms} valloc"])
-
-dnl Check for allocator-related functions that should be wrapped.
-wrap_syms=
-if test "x${JEMALLOC_PREFIX}" = "x" ; then
-  AC_CHECK_FUNC([__libc_calloc],
-		[AC_DEFINE([JEMALLOC_OVERRIDE___LIBC_CALLOC], [ ])
-		 wrap_syms="${wrap_syms} __libc_calloc"])
-  AC_CHECK_FUNC([__libc_free],
-		[AC_DEFINE([JEMALLOC_OVERRIDE___LIBC_FREE], [ ])
-		 wrap_syms="${wrap_syms} __libc_free"])
-  AC_CHECK_FUNC([__libc_malloc],
-		[AC_DEFINE([JEMALLOC_OVERRIDE___LIBC_MALLOC], [ ])
-		 wrap_syms="${wrap_syms} __libc_malloc"])
-  AC_CHECK_FUNC([__libc_memalign],
-		[AC_DEFINE([JEMALLOC_OVERRIDE___LIBC_MEMALIGN], [ ])
-		 wrap_syms="${wrap_syms} __libc_memalign"])
-  AC_CHECK_FUNC([__libc_realloc],
-		[AC_DEFINE([JEMALLOC_OVERRIDE___LIBC_REALLOC], [ ])
-		 wrap_syms="${wrap_syms} __libc_realloc"])
-  AC_CHECK_FUNC([__libc_valloc],
-		[AC_DEFINE([JEMALLOC_OVERRIDE___LIBC_VALLOC], [ ])
-		 wrap_syms="${wrap_syms} __libc_valloc"])
-  AC_CHECK_FUNC([__posix_memalign],
-		[AC_DEFINE([JEMALLOC_OVERRIDE___POSIX_MEMALIGN], [ ])
-		 wrap_syms="${wrap_syms} __posix_memalign"])
-fi
-
-case "${host}" in
-  *-*-mingw* | *-*-cygwin*)
-    wrap_syms="${wrap_syms} tls_callback"
-    ;;
-  *)
-    ;;
-esac
-
-dnl Mangle library-private APIs.
-AC_ARG_WITH([private_namespace],
-  [AS_HELP_STRING([--with-private-namespace=<prefix>], [Prefix to prepend to all library-private APIs])],
-  [JEMALLOC_PRIVATE_NAMESPACE="${with_private_namespace}je_"],
-  [JEMALLOC_PRIVATE_NAMESPACE="je_"]
-)
-AC_DEFINE_UNQUOTED([JEMALLOC_PRIVATE_NAMESPACE], [$JEMALLOC_PRIVATE_NAMESPACE])
-private_namespace="$JEMALLOC_PRIVATE_NAMESPACE"
-AC_SUBST([private_namespace])
-
-dnl Do not add suffix to installed files by default.
-AC_ARG_WITH([install_suffix],
-  [AS_HELP_STRING([--with-install-suffix=<suffix>], [Suffix to append to all installed files])],
-  [INSTALL_SUFFIX="$with_install_suffix"],
-  [INSTALL_SUFFIX=]
-)
-install_suffix="$INSTALL_SUFFIX"
-AC_SUBST([install_suffix])
-
-dnl Specify default malloc_conf.
-AC_ARG_WITH([malloc_conf],
-  [AS_HELP_STRING([--with-malloc-conf=<malloc_conf>], [config.malloc_conf options string])],
-  [JEMALLOC_CONFIG_MALLOC_CONF="$with_malloc_conf"],
-  [JEMALLOC_CONFIG_MALLOC_CONF=""]
-)
-config_malloc_conf="$JEMALLOC_CONFIG_MALLOC_CONF"
-AC_DEFINE_UNQUOTED([JEMALLOC_CONFIG_MALLOC_CONF], ["$config_malloc_conf"])
-
-dnl Substitute @je_@ in jemalloc_protos.h.in, primarily to make generation of
-dnl jemalloc_protos_jet.h easy.
-je_="je_"
-AC_SUBST([je_])
-
-cfgoutputs_in="Makefile.in"
-cfgoutputs_in="${cfgoutputs_in} jemalloc.pc.in"
-cfgoutputs_in="${cfgoutputs_in} doc/html.xsl.in"
-cfgoutputs_in="${cfgoutputs_in} doc/manpages.xsl.in"
-cfgoutputs_in="${cfgoutputs_in} doc/jemalloc.xml.in"
-cfgoutputs_in="${cfgoutputs_in} include/jemalloc/jemalloc_macros.h.in"
-cfgoutputs_in="${cfgoutputs_in} include/jemalloc/jemalloc_protos.h.in"
-cfgoutputs_in="${cfgoutputs_in} include/jemalloc/jemalloc_typedefs.h.in"
-cfgoutputs_in="${cfgoutputs_in} include/jemalloc/internal/jemalloc_preamble.h.in"
-cfgoutputs_in="${cfgoutputs_in} test/test.sh.in"
-cfgoutputs_in="${cfgoutputs_in} test/include/test/jemalloc_test.h.in"
-
-cfgoutputs_out="Makefile"
-cfgoutputs_out="${cfgoutputs_out} jemalloc.pc"
-cfgoutputs_out="${cfgoutputs_out} doc/html.xsl"
-cfgoutputs_out="${cfgoutputs_out} doc/manpages.xsl"
-cfgoutputs_out="${cfgoutputs_out} doc/jemalloc.xml"
-cfgoutputs_out="${cfgoutputs_out} include/jemalloc/jemalloc_macros.h"
-cfgoutputs_out="${cfgoutputs_out} include/jemalloc/jemalloc_protos.h"
-cfgoutputs_out="${cfgoutputs_out} include/jemalloc/jemalloc_typedefs.h"
-cfgoutputs_out="${cfgoutputs_out} include/jemalloc/internal/jemalloc_preamble.h"
-cfgoutputs_out="${cfgoutputs_out} test/test.sh"
-cfgoutputs_out="${cfgoutputs_out} test/include/test/jemalloc_test.h"
-
-cfgoutputs_tup="Makefile"
-cfgoutputs_tup="${cfgoutputs_tup} jemalloc.pc:jemalloc.pc.in"
-cfgoutputs_tup="${cfgoutputs_tup} doc/html.xsl:doc/html.xsl.in"
-cfgoutputs_tup="${cfgoutputs_tup} doc/manpages.xsl:doc/manpages.xsl.in"
-cfgoutputs_tup="${cfgoutputs_tup} doc/jemalloc.xml:doc/jemalloc.xml.in"
-cfgoutputs_tup="${cfgoutputs_tup} include/jemalloc/jemalloc_macros.h:include/jemalloc/jemalloc_macros.h.in"
-cfgoutputs_tup="${cfgoutputs_tup} include/jemalloc/jemalloc_protos.h:include/jemalloc/jemalloc_protos.h.in"
-cfgoutputs_tup="${cfgoutputs_tup} include/jemalloc/jemalloc_typedefs.h:include/jemalloc/jemalloc_typedefs.h.in"
-cfgoutputs_tup="${cfgoutputs_tup} include/jemalloc/internal/jemalloc_preamble.h"
-cfgoutputs_tup="${cfgoutputs_tup} test/test.sh:test/test.sh.in"
-cfgoutputs_tup="${cfgoutputs_tup} test/include/test/jemalloc_test.h:test/include/test/jemalloc_test.h.in"
-
-cfghdrs_in="include/jemalloc/jemalloc_defs.h.in"
-cfghdrs_in="${cfghdrs_in} include/jemalloc/internal/jemalloc_internal_defs.h.in"
-cfghdrs_in="${cfghdrs_in} include/jemalloc/internal/private_symbols.sh"
-cfghdrs_in="${cfghdrs_in} include/jemalloc/internal/private_namespace.sh"
-cfghdrs_in="${cfghdrs_in} include/jemalloc/internal/public_namespace.sh"
-cfghdrs_in="${cfghdrs_in} include/jemalloc/internal/public_unnamespace.sh"
-cfghdrs_in="${cfghdrs_in} include/jemalloc/jemalloc_rename.sh"
-cfghdrs_in="${cfghdrs_in} include/jemalloc/jemalloc_mangle.sh"
-cfghdrs_in="${cfghdrs_in} include/jemalloc/jemalloc.sh"
-cfghdrs_in="${cfghdrs_in} test/include/test/jemalloc_test_defs.h.in"
-
-cfghdrs_out="include/jemalloc/jemalloc_defs.h"
-cfghdrs_out="${cfghdrs_out} include/jemalloc/jemalloc${install_suffix}.h"
-cfghdrs_out="${cfghdrs_out} include/jemalloc/internal/private_symbols.awk"
-cfghdrs_out="${cfghdrs_out} include/jemalloc/internal/private_symbols_jet.awk"
-cfghdrs_out="${cfghdrs_out} include/jemalloc/internal/public_symbols.txt"
-cfghdrs_out="${cfghdrs_out} include/jemalloc/internal/public_namespace.h"
-cfghdrs_out="${cfghdrs_out} include/jemalloc/internal/public_unnamespace.h"
-cfghdrs_out="${cfghdrs_out} include/jemalloc/jemalloc_protos_jet.h"
-cfghdrs_out="${cfghdrs_out} include/jemalloc/jemalloc_rename.h"
-cfghdrs_out="${cfghdrs_out} include/jemalloc/jemalloc_mangle.h"
-cfghdrs_out="${cfghdrs_out} include/jemalloc/jemalloc_mangle_jet.h"
-cfghdrs_out="${cfghdrs_out} include/jemalloc/internal/jemalloc_internal_defs.h"
-cfghdrs_out="${cfghdrs_out} test/include/test/jemalloc_test_defs.h"
-
-cfghdrs_tup="include/jemalloc/jemalloc_defs.h:include/jemalloc/jemalloc_defs.h.in"
-cfghdrs_tup="${cfghdrs_tup} include/jemalloc/internal/jemalloc_internal_defs.h:include/jemalloc/internal/jemalloc_internal_defs.h.in"
-cfghdrs_tup="${cfghdrs_tup} test/include/test/jemalloc_test_defs.h:test/include/test/jemalloc_test_defs.h.in"
-
-dnl ============================================================================
-dnl jemalloc build options.
-dnl
-
-dnl Do not compile with debugging by default.
-AC_ARG_ENABLE([debug],
-  [AS_HELP_STRING([--enable-debug],
-                  [Build debugging code])],
-[if test "x$enable_debug" = "xno" ; then
-  enable_debug="0"
-else
-  enable_debug="1"
-fi
-],
-[enable_debug="0"]
-)
-if test "x$enable_debug" = "x1" ; then
-  AC_DEFINE([JEMALLOC_DEBUG], [ ])
-fi
-if test "x$enable_debug" = "x1" ; then
-  AC_DEFINE([JEMALLOC_DEBUG], [ ])
-fi
-AC_SUBST([enable_debug])
-
-dnl Only optimize if not debugging.
-if test "x$enable_debug" = "x0" ; then
-  if test "x$GCC" = "xyes" ; then
-    JE_CFLAGS_ADD([-O3])
-    JE_CXXFLAGS_ADD([-O3])
-    JE_CFLAGS_ADD([-funroll-loops])
-  elif test "x$je_cv_msvc" = "xyes" ; then
-    JE_CFLAGS_ADD([-O2])
-    JE_CXXFLAGS_ADD([-O2])
-  else
-    JE_CFLAGS_ADD([-O])
-    JE_CXXFLAGS_ADD([-O])
-  fi
-fi
-
-dnl Enable statistics calculation by default.
-AC_ARG_ENABLE([stats],
-  [AS_HELP_STRING([--disable-stats],
-                  [Disable statistics calculation/reporting])],
-[if test "x$enable_stats" = "xno" ; then
-  enable_stats="0"
-else
-  enable_stats="1"
-fi
-],
-[enable_stats="1"]
-)
-if test "x$enable_stats" = "x1" ; then
-  AC_DEFINE([JEMALLOC_STATS], [ ])
-fi
-AC_SUBST([enable_stats])
-
-dnl Do not enable smallocx by default.
-AC_ARG_ENABLE([experimental_smallocx],
-  [AS_HELP_STRING([--enable-experimental-smallocx], [Enable experimental smallocx API])],
-[if test "x$enable_experimental_smallocx" = "xno" ; then
-enable_experimental_smallocx="0"
-else
-enable_experimental_smallocx="1"
-fi
-],
-[enable_experimental_smallocx="0"]
-)
-if test "x$enable_experimental_smallocx" = "x1" ; then
-  AC_DEFINE([JEMALLOC_EXPERIMENTAL_SMALLOCX_API])
-fi
-AC_SUBST([enable_experimental_smallocx])
-
-dnl Do not enable profiling by default.
-AC_ARG_ENABLE([prof],
-  [AS_HELP_STRING([--enable-prof], [Enable allocation profiling])],
-[if test "x$enable_prof" = "xno" ; then
-  enable_prof="0"
-else
-  enable_prof="1"
-fi
-],
-[enable_prof="0"]
-)
-if test "x$enable_prof" = "x1" ; then
-  backtrace_method=""
-else
-  backtrace_method="N/A"
-fi
-
-AC_ARG_ENABLE([prof-libunwind],
-  [AS_HELP_STRING([--enable-prof-libunwind], [Use libunwind for backtracing])],
-[if test "x$enable_prof_libunwind" = "xno" ; then
-  enable_prof_libunwind="0"
-else
-  enable_prof_libunwind="1"
-fi
-],
-[enable_prof_libunwind="0"]
-)
-AC_ARG_WITH([static_libunwind],
-  [AS_HELP_STRING([--with-static-libunwind=<libunwind.a>],
-  [Path to static libunwind library; use rather than dynamically linking])],
-if test "x$with_static_libunwind" = "xno" ; then
-  LUNWIND="-lunwind"
-else
-  if test ! -f "$with_static_libunwind" ; then
-    AC_MSG_ERROR([Static libunwind not found: $with_static_libunwind])
-  fi
-  LUNWIND="$with_static_libunwind"
-fi,
-  LUNWIND="-lunwind"
-)
-if test "x$backtrace_method" = "x" -a "x$enable_prof_libunwind" = "x1" ; then
-  AC_CHECK_HEADERS([libunwind.h], , [enable_prof_libunwind="0"])
-  if test "x$LUNWIND" = "x-lunwind" ; then
-    AC_CHECK_LIB([unwind], [unw_backtrace], [JE_APPEND_VS(LIBS, $LUNWIND)],
-                 [enable_prof_libunwind="0"])
-  else
-    JE_APPEND_VS(LIBS, $LUNWIND)
-  fi
-  if test "x${enable_prof_libunwind}" = "x1" ; then
-    backtrace_method="libunwind"
-    AC_DEFINE([JEMALLOC_PROF_LIBUNWIND], [ ])
-  fi
-fi
-
-AC_ARG_ENABLE([prof-libgcc],
-  [AS_HELP_STRING([--disable-prof-libgcc],
-  [Do not use libgcc for backtracing])],
-[if test "x$enable_prof_libgcc" = "xno" ; then
-  enable_prof_libgcc="0"
-else
-  enable_prof_libgcc="1"
-fi
-],
-[enable_prof_libgcc="1"]
-)
-if test "x$backtrace_method" = "x" -a "x$enable_prof_libgcc" = "x1" \
-     -a "x$GCC" = "xyes" ; then
-  AC_CHECK_HEADERS([unwind.h], , [enable_prof_libgcc="0"])
-  if test "x${enable_prof_libgcc}" = "x1" ; then
-    AC_CHECK_LIB([gcc], [_Unwind_Backtrace], [JE_APPEND_VS(LIBS, -lgcc)], [enable_prof_libgcc="0"])
-  fi
-  if test "x${enable_prof_libgcc}" = "x1" ; then
-    backtrace_method="libgcc"
-    AC_DEFINE([JEMALLOC_PROF_LIBGCC], [ ])
-  fi
-else
-  enable_prof_libgcc="0"
-fi
-
-AC_ARG_ENABLE([prof-gcc],
-  [AS_HELP_STRING([--disable-prof-gcc],
-  [Do not use gcc intrinsics for backtracing])],
-[if test "x$enable_prof_gcc" = "xno" ; then
-  enable_prof_gcc="0"
-else
-  enable_prof_gcc="1"
-fi
-],
-[enable_prof_gcc="1"]
-)
-if test "x$backtrace_method" = "x" -a "x$enable_prof_gcc" = "x1" \
-     -a "x$GCC" = "xyes" ; then
-  JE_CFLAGS_ADD([-fno-omit-frame-pointer])
-  backtrace_method="gcc intrinsics"
-  AC_DEFINE([JEMALLOC_PROF_GCC], [ ])
-else
-  enable_prof_gcc="0"
-fi
-
-if test "x$backtrace_method" = "x" ; then
-  backtrace_method="none (disabling profiling)"
-  enable_prof="0"
-fi
-AC_MSG_CHECKING([configured backtracing method])
-AC_MSG_RESULT([$backtrace_method])
-if test "x$enable_prof" = "x1" ; then
-  dnl Heap profiling uses the log(3) function.
-  JE_APPEND_VS(LIBS, $LM)
-
-  AC_DEFINE([JEMALLOC_PROF], [ ])
-fi
-AC_SUBST([enable_prof])
-
-dnl Indicate whether adjacent virtual memory mappings automatically coalesce
-dnl (and fragment on demand).
-if test "x${maps_coalesce}" = "x1" ; then
-  AC_DEFINE([JEMALLOC_MAPS_COALESCE], [ ])
-fi
-
-dnl Indicate whether to retain memory (rather than using munmap()) by default.
-if test "x$default_retain" = "x1" ; then
-  AC_DEFINE([JEMALLOC_RETAIN], [ ])
-fi
-
-dnl Enable allocation from DSS if supported by the OS.
-have_dss="1"
-dnl Check whether the BSD/SUSv1 sbrk() exists.  If not, disable DSS support.
-AC_CHECK_FUNC([sbrk], [have_sbrk="1"], [have_sbrk="0"])
-if test "x$have_sbrk" = "x1" ; then
-  if test "x$sbrk_deprecated" = "x1" ; then
-    AC_MSG_RESULT([Disabling dss allocation because sbrk is deprecated])
-    have_dss="0"
-  fi
-else
-  have_dss="0"
-fi
-
-if test "x$have_dss" = "x1" ; then
-  AC_DEFINE([JEMALLOC_DSS], [ ])
-fi
-
-dnl Support the junk/zero filling option by default.
-AC_ARG_ENABLE([fill],
-  [AS_HELP_STRING([--disable-fill], [Disable support for junk/zero filling])],
-[if test "x$enable_fill" = "xno" ; then
-  enable_fill="0"
-else
-  enable_fill="1"
-fi
-],
-[enable_fill="1"]
-)
-if test "x$enable_fill" = "x1" ; then
-  AC_DEFINE([JEMALLOC_FILL], [ ])
-fi
-AC_SUBST([enable_fill])
-
-dnl Disable utrace(2)-based tracing by default.
-AC_ARG_ENABLE([utrace],
-  [AS_HELP_STRING([--enable-utrace], [Enable utrace(2)-based tracing])],
-[if test "x$enable_utrace" = "xno" ; then
-  enable_utrace="0"
-else
-  enable_utrace="1"
-fi
-],
-[enable_utrace="0"]
-)
-JE_COMPILABLE([utrace(2)], [
-#include <sys/types.h>
-#include <sys/param.h>
-#include <sys/time.h>
-#include <sys/uio.h>
-#include <sys/ktrace.h>
-], [
-	utrace((void *)0, 0);
-], [je_cv_utrace])
-if test "x${je_cv_utrace}" = "xno" ; then
-  enable_utrace="0"
-fi
-if test "x$enable_utrace" = "x1" ; then
-  AC_DEFINE([JEMALLOC_UTRACE], [ ])
-fi
-AC_SUBST([enable_utrace])
-
-dnl Do not support the xmalloc option by default.
-AC_ARG_ENABLE([xmalloc],
-  [AS_HELP_STRING([--enable-xmalloc], [Support xmalloc option])],
-[if test "x$enable_xmalloc" = "xno" ; then
-  enable_xmalloc="0"
-else
-  enable_xmalloc="1"
-fi
-],
-[enable_xmalloc="0"]
-)
-if test "x$enable_xmalloc" = "x1" ; then
-  AC_DEFINE([JEMALLOC_XMALLOC], [ ])
-fi
-AC_SUBST([enable_xmalloc])
-
-dnl Support cache-oblivious allocation alignment by default.
-AC_ARG_ENABLE([cache-oblivious],
-  [AS_HELP_STRING([--disable-cache-oblivious],
-                  [Disable support for cache-oblivious allocation alignment])],
-[if test "x$enable_cache_oblivious" = "xno" ; then
-  enable_cache_oblivious="0"
-else
-  enable_cache_oblivious="1"
-fi
-],
-[enable_cache_oblivious="1"]
-)
-if test "x$enable_cache_oblivious" = "x1" ; then
-  AC_DEFINE([JEMALLOC_CACHE_OBLIVIOUS], [ ])
-fi
-AC_SUBST([enable_cache_oblivious])
-
-dnl Do not log by default.
-AC_ARG_ENABLE([log],
-  [AS_HELP_STRING([--enable-log], [Support debug logging])],
-[if test "x$enable_log" = "xno" ; then
-  enable_log="0"
-else
-  enable_log="1"
-fi
-],
-[enable_log="0"]
-)
-if test "x$enable_log" = "x1" ; then
-  AC_DEFINE([JEMALLOC_LOG], [ ])
-fi
-AC_SUBST([enable_log])
-
-dnl Do not use readlinkat by default
-AC_ARG_ENABLE([readlinkat],
-  [AS_HELP_STRING([--enable-readlinkat], [Use readlinkat over readlink])],
-[if test "x$enable_readlinkat" = "xno" ; then
-  enable_readlinkat="0"
-else
-  enable_readlinkat="1"
-fi
-],
-[enable_readlinkat="0"]
-)
-if test "x$enable_readlinkat" = "x1" ; then
-  AC_DEFINE([JEMALLOC_READLINKAT], [ ])
-fi
-AC_SUBST([enable_readlinkat])
-
-dnl Avoid extra safety checks by default
-AC_ARG_ENABLE([opt-safety-checks],
-  [AS_HELP_STRING([--enable-opt-safety-checks],
-  [Perform certain low-overhead checks, even in opt mode])],
-[if test "x$enable_opt_safety_checks" = "xno" ; then
-  enable_opt_safety_checks="0"
-else
-  enable_opt_safety_checks="1"
-fi
-],
-[enable_opt_safety_checks="0"]
-)
-if test "x$enable_opt_safety_checks" = "x1" ; then
-  AC_DEFINE([JEMALLOC_OPT_SAFETY_CHECKS], [ ])
-fi
-AC_SUBST([enable_opt_safety_checks])
-
-JE_COMPILABLE([a program using __builtin_unreachable], [
-void foo (void) {
-  __builtin_unreachable();
-}
-], [
-	{
-		foo();
-	}
-], [je_cv_gcc_builtin_unreachable])
-if test "x${je_cv_gcc_builtin_unreachable}" = "xyes" ; then
-  AC_DEFINE([JEMALLOC_INTERNAL_UNREACHABLE], [__builtin_unreachable])
-else
-  AC_DEFINE([JEMALLOC_INTERNAL_UNREACHABLE], [abort])
-fi
-
-dnl ============================================================================
-dnl Check for  __builtin_ffsl(), then ffsl(3), and fail if neither are found.
-dnl One of those two functions should (theoretically) exist on all platforms
-dnl that jemalloc currently has a chance of functioning on without modification.
-dnl We additionally assume ffs[ll]() or __builtin_ffs[ll]() are defined if
-dnl ffsl() or __builtin_ffsl() are defined, respectively.
-JE_COMPILABLE([a program using __builtin_ffsl], [
-#include <stdio.h>
-#include <strings.h>
-#include <string.h>
-], [
-	{
-		int rv = __builtin_ffsl(0x08);
-		printf("%d\n", rv);
-	}
-], [je_cv_gcc_builtin_ffsl])
-if test "x${je_cv_gcc_builtin_ffsl}" = "xyes" ; then
-  AC_DEFINE([JEMALLOC_INTERNAL_FFSLL], [__builtin_ffsll])
-  AC_DEFINE([JEMALLOC_INTERNAL_FFSL], [__builtin_ffsl])
-  AC_DEFINE([JEMALLOC_INTERNAL_FFS], [__builtin_ffs])
-else
-  JE_COMPILABLE([a program using ffsl], [
-  #include <stdio.h>
-  #include <strings.h>
-  #include <string.h>
-  ], [
-	{
-		int rv = ffsl(0x08);
-		printf("%d\n", rv);
-	}
-  ], [je_cv_function_ffsl])
-  if test "x${je_cv_function_ffsl}" = "xyes" ; then
-    AC_DEFINE([JEMALLOC_INTERNAL_FFSLL], [ffsll])
-    AC_DEFINE([JEMALLOC_INTERNAL_FFSL], [ffsl])
-    AC_DEFINE([JEMALLOC_INTERNAL_FFS], [ffs])
-  else
-    AC_MSG_ERROR([Cannot build without ffsl(3) or __builtin_ffsl()])
-  fi
-fi
-
-JE_COMPILABLE([a program using __builtin_popcountl], [
-#include <stdio.h>
-#include <strings.h>
-#include <string.h>
-], [
-	{
-		int rv = __builtin_popcountl(0x08);
-		printf("%d\n", rv);
-	}
-], [je_cv_gcc_builtin_popcountl])
-if test "x${je_cv_gcc_builtin_popcountl}" = "xyes" ; then
-  AC_DEFINE([JEMALLOC_INTERNAL_POPCOUNT], [__builtin_popcount])
-  AC_DEFINE([JEMALLOC_INTERNAL_POPCOUNTL], [__builtin_popcountl])
-fi
-
-AC_ARG_WITH([lg_quantum],
-  [AS_HELP_STRING([--with-lg-quantum=<lg-quantum>],
-   [Base 2 log of minimum allocation alignment])],
-  [LG_QUANTA="$with_lg_quantum"],
-  [LG_QUANTA="3 4"])
-if test "x$with_lg_quantum" != "x" ; then
-  AC_DEFINE_UNQUOTED([LG_QUANTUM], [$with_lg_quantum])
-fi
-
-AC_ARG_WITH([lg_page],
-  [AS_HELP_STRING([--with-lg-page=<lg-page>], [Base 2 log of system page size])],
-  [LG_PAGE="$with_lg_page"], [LG_PAGE="detect"])
-if test "x$LG_PAGE" = "xdetect"; then
-  AC_CACHE_CHECK([LG_PAGE],
-               [je_cv_lg_page],
-               AC_RUN_IFELSE([AC_LANG_PROGRAM(
-[[
-#include <strings.h>
-#ifdef _WIN32
-#include <windows.h>
-#else
-#include <unistd.h>
-#endif
-#include <stdio.h>
-]],
-[[
-    int result;
-    FILE *f;
-
-#ifdef _WIN32
-    SYSTEM_INFO si;
-    GetSystemInfo(&si);
-    result = si.dwPageSize;
-#else
-    result = sysconf(_SC_PAGESIZE);
-#endif
-    if (result == -1) {
-	return 1;
-    }
-    result = JEMALLOC_INTERNAL_FFSL(result) - 1;
-
-    f = fopen("conftest.out", "w");
-    if (f == NULL) {
-	return 1;
-    }
-    fprintf(f, "%d", result);
-    fclose(f);
-
-    return 0;
-]])],
-                             [je_cv_lg_page=`cat conftest.out`],
-                             [je_cv_lg_page=undefined],
-                             [je_cv_lg_page=12]))
-fi
-if test "x${je_cv_lg_page}" != "x" ; then
-  LG_PAGE="${je_cv_lg_page}"
-fi
-if test "x${LG_PAGE}" != "xundefined" ; then
-   AC_DEFINE_UNQUOTED([LG_PAGE], [$LG_PAGE])
-else
-   AC_MSG_ERROR([cannot determine value for LG_PAGE])
-fi
-
-AC_ARG_WITH([lg_hugepage],
-  [AS_HELP_STRING([--with-lg-hugepage=<lg-hugepage>],
-   [Base 2 log of system huge page size])],
-  [je_cv_lg_hugepage="${with_lg_hugepage}"],
-  [je_cv_lg_hugepage=""])
-if test "x${je_cv_lg_hugepage}" = "x" ; then
-  dnl Look in /proc/meminfo (Linux-specific) for information on the default huge
-  dnl page size, if any.  The relevant line looks like:
-  dnl
-  dnl   Hugepagesize:       2048 kB
-  if test -e "/proc/meminfo" ; then
-    hpsk=[`cat /proc/meminfo 2>/dev/null | \
-          grep -e '^Hugepagesize:[[:space:]]\+[0-9]\+[[:space:]]kB$' | \
-          awk '{print $2}'`]
-    if test "x${hpsk}" != "x" ; then
-      je_cv_lg_hugepage=10
-      while test "${hpsk}" -gt 1 ; do
-        hpsk="$((hpsk / 2))"
-        je_cv_lg_hugepage="$((je_cv_lg_hugepage + 1))"
-      done
-    fi
-  fi
-
-  dnl Set default if unable to automatically configure.
-  if test "x${je_cv_lg_hugepage}" = "x" ; then
-    je_cv_lg_hugepage=21
-  fi
-fi
-if test "x${LG_PAGE}" != "xundefined" -a \
-        "${je_cv_lg_hugepage}" -lt "${LG_PAGE}" ; then
-  AC_MSG_ERROR([Huge page size (2^${je_cv_lg_hugepage}) must be at least page size (2^${LG_PAGE})])
-fi
-AC_DEFINE_UNQUOTED([LG_HUGEPAGE], [${je_cv_lg_hugepage}])
-
-dnl ============================================================================
-dnl Enable libdl by default.
-AC_ARG_ENABLE([libdl],
-  [AS_HELP_STRING([--disable-libdl],
-  [Do not use libdl])],
-[if test "x$enable_libdl" = "xno" ; then
-  enable_libdl="0"
-else
-  enable_libdl="1"
-fi
-],
-[enable_libdl="1"]
-)
-AC_SUBST([libdl])
-
-dnl ============================================================================
-dnl Configure pthreads.
-
-if test "x$abi" != "xpecoff" ; then
-  AC_DEFINE([JEMALLOC_HAVE_PTHREAD], [ ])
-  AC_CHECK_HEADERS([pthread.h], , [AC_MSG_ERROR([pthread.h is missing])])
-  dnl Some systems may embed pthreads functionality in libc; check for libpthread
-  dnl first, but try libc too before failing.
-  AC_CHECK_LIB([pthread], [pthread_create], [JE_APPEND_VS(LIBS, -pthread)],
-               [AC_SEARCH_LIBS([pthread_create], , ,
-                               AC_MSG_ERROR([libpthread is missing]))])
-  wrap_syms="${wrap_syms} pthread_create"
-  have_pthread="1"
-
-dnl Check if we have dlsym support.
-  if test "x$enable_libdl" = "x1" ; then
-    have_dlsym="1"
-    AC_CHECK_HEADERS([dlfcn.h],
-      AC_CHECK_FUNC([dlsym], [],
-        [AC_CHECK_LIB([dl], [dlsym], [LIBS="$LIBS -ldl"], [have_dlsym="0"])]),
-      [have_dlsym="0"])
-    if test "x$have_dlsym" = "x1" ; then
-      AC_DEFINE([JEMALLOC_HAVE_DLSYM], [ ])
-    fi
-  else
-    have_dlsym="0"
-  fi
-
-  JE_COMPILABLE([pthread_atfork(3)], [
-#include <pthread.h>
-], [
-  pthread_atfork((void *)0, (void *)0, (void *)0);
-], [je_cv_pthread_atfork])
-  if test "x${je_cv_pthread_atfork}" = "xyes" ; then
-    AC_DEFINE([JEMALLOC_HAVE_PTHREAD_ATFORK], [ ])
-  fi
-  dnl Check if pthread_setname_np is available with the expected API.
-  JE_COMPILABLE([pthread_setname_np(3)], [
-#include <pthread.h>
-], [
-  pthread_setname_np(pthread_self(), "setname_test");
-], [je_cv_pthread_setname_np])
-  if test "x${je_cv_pthread_setname_np}" = "xyes" ; then
-    AC_DEFINE([JEMALLOC_HAVE_PTHREAD_SETNAME_NP], [ ])
-  fi
-fi
-
-JE_APPEND_VS(CPPFLAGS, -D_REENTRANT)
-
-dnl Check whether clock_gettime(2) is in libc or librt.
-AC_SEARCH_LIBS([clock_gettime], [rt])
-
-dnl Cray wrapper compiler often adds `-lrt` when using `-static`. Check with
-dnl `-dynamic` as well in case a user tries to dynamically link in jemalloc
-if test "x$je_cv_cray_prgenv_wrapper" = "xyes" ; then
-  if test "$ac_cv_search_clock_gettime" != "-lrt"; then
-    JE_CFLAGS_SAVE()
-
-    unset ac_cv_search_clock_gettime
-    JE_CFLAGS_ADD([-dynamic])
-    AC_SEARCH_LIBS([clock_gettime], [rt])
-
-    JE_CFLAGS_RESTORE()
-  fi
-fi
-
-dnl check for CLOCK_MONOTONIC_COARSE (Linux-specific).
-JE_COMPILABLE([clock_gettime(CLOCK_MONOTONIC_COARSE, ...)], [
-#include <time.h>
-], [
-	struct timespec ts;
-
-	clock_gettime(CLOCK_MONOTONIC_COARSE, &ts);
-], [je_cv_clock_monotonic_coarse])
-if test "x${je_cv_clock_monotonic_coarse}" = "xyes" ; then
-  AC_DEFINE([JEMALLOC_HAVE_CLOCK_MONOTONIC_COARSE])
-fi
-
-dnl check for CLOCK_MONOTONIC.
-JE_COMPILABLE([clock_gettime(CLOCK_MONOTONIC, ...)], [
-#include <unistd.h>
-#include <time.h>
-], [
-	struct timespec ts;
-
-	clock_gettime(CLOCK_MONOTONIC, &ts);
-#if !defined(_POSIX_MONOTONIC_CLOCK) || _POSIX_MONOTONIC_CLOCK < 0
-#  error _POSIX_MONOTONIC_CLOCK missing/invalid
-#endif
-], [je_cv_clock_monotonic])
-if test "x${je_cv_clock_monotonic}" = "xyes" ; then
-  AC_DEFINE([JEMALLOC_HAVE_CLOCK_MONOTONIC])
-fi
-
-dnl Check for mach_absolute_time().
-JE_COMPILABLE([mach_absolute_time()], [
-#include <mach/mach_time.h>
-], [
-	mach_absolute_time();
-], [je_cv_mach_absolute_time])
-if test "x${je_cv_mach_absolute_time}" = "xyes" ; then
-  AC_DEFINE([JEMALLOC_HAVE_MACH_ABSOLUTE_TIME])
-fi
-
-dnl Use syscall(2) (if available) by default.
-AC_ARG_ENABLE([syscall],
-  [AS_HELP_STRING([--disable-syscall], [Disable use of syscall(2)])],
-[if test "x$enable_syscall" = "xno" ; then
-  enable_syscall="0"
-else
-  enable_syscall="1"
-fi
-],
-[enable_syscall="1"]
-)
-if test "x$enable_syscall" = "x1" ; then
-  dnl Check if syscall(2) is usable.  Treat warnings as errors, so that e.g. OS
-  dnl X 10.12's deprecation warning prevents use.
-  JE_CFLAGS_SAVE()
-  JE_CFLAGS_ADD([-Werror])
-  JE_COMPILABLE([syscall(2)], [
-#include <sys/syscall.h>
-#include <unistd.h>
-], [
-	syscall(SYS_write, 2, "hello", 5);
-],
-                [je_cv_syscall])
-  JE_CFLAGS_RESTORE()
-  if test "x$je_cv_syscall" = "xyes" ; then
-    AC_DEFINE([JEMALLOC_USE_SYSCALL], [ ])
-  fi
-fi
-
-dnl Check if the GNU-specific secure_getenv function exists.
-AC_CHECK_FUNC([secure_getenv],
-              [have_secure_getenv="1"],
-              [have_secure_getenv="0"]
-             )
-if test "x$have_secure_getenv" = "x1" ; then
-  AC_DEFINE([JEMALLOC_HAVE_SECURE_GETENV], [ ])
-fi
-
-dnl Check if the GNU-specific sched_getcpu function exists.
-AC_CHECK_FUNC([sched_getcpu],
-              [have_sched_getcpu="1"],
-              [have_sched_getcpu="0"]
-             )
-if test "x$have_sched_getcpu" = "x1" ; then
-  AC_DEFINE([JEMALLOC_HAVE_SCHED_GETCPU], [ ])
-fi
-
-dnl Check if the GNU-specific sched_setaffinity function exists.
-AC_CHECK_FUNC([sched_setaffinity],
-              [have_sched_setaffinity="1"],
-              [have_sched_setaffinity="0"]
-             )
-if test "x$have_sched_setaffinity" = "x1" ; then
-  AC_DEFINE([JEMALLOC_HAVE_SCHED_SETAFFINITY], [ ])
-fi
-
-dnl Check if the Solaris/BSD issetugid function exists.
-AC_CHECK_FUNC([issetugid],
-              [have_issetugid="1"],
-              [have_issetugid="0"]
-             )
-if test "x$have_issetugid" = "x1" ; then
-  AC_DEFINE([JEMALLOC_HAVE_ISSETUGID], [ ])
-fi
-
-dnl Check whether the BSD-specific _malloc_thread_cleanup() exists.  If so, use
-dnl it rather than pthreads TSD cleanup functions to support cleanup during
-dnl thread exit, in order to avoid pthreads library recursion during
-dnl bootstrapping.
-AC_CHECK_FUNC([_malloc_thread_cleanup],
-              [have__malloc_thread_cleanup="1"],
-              [have__malloc_thread_cleanup="0"]
-             )
-if test "x$have__malloc_thread_cleanup" = "x1" ; then
-  AC_DEFINE([JEMALLOC_MALLOC_THREAD_CLEANUP], [ ])
-  wrap_syms="${wrap_syms} _malloc_thread_cleanup"
-  force_tls="1"
-fi
-
-dnl Check whether the BSD-specific _pthread_mutex_init_calloc_cb() exists.  If
-dnl so, mutex initialization causes allocation, and we need to implement this
-dnl callback function in order to prevent recursive allocation.
-AC_CHECK_FUNC([_pthread_mutex_init_calloc_cb],
-              [have__pthread_mutex_init_calloc_cb="1"],
-              [have__pthread_mutex_init_calloc_cb="0"]
-             )
-if test "x$have__pthread_mutex_init_calloc_cb" = "x1" ; then
-  AC_DEFINE([JEMALLOC_MUTEX_INIT_CB])
-  wrap_syms="${wrap_syms} _malloc_prefork _malloc_postfork"
-fi
-
-dnl Disable lazy locking by default.
-AC_ARG_ENABLE([lazy_lock],
-  [AS_HELP_STRING([--enable-lazy-lock],
-  [Enable lazy locking (only lock when multi-threaded)])],
-[if test "x$enable_lazy_lock" = "xno" ; then
-  enable_lazy_lock="0"
-else
-  enable_lazy_lock="1"
-fi
-],
-[enable_lazy_lock=""]
-)
-if test "x${enable_lazy_lock}" = "x" ; then
-  if test "x${force_lazy_lock}" = "x1" ; then
-    AC_MSG_RESULT([Forcing lazy-lock to avoid allocator/threading bootstrap issues])
-    enable_lazy_lock="1"
-  else
-    enable_lazy_lock="0"
-  fi
-fi
-if test "x${enable_lazy_lock}" = "x1" -a "x${abi}" = "xpecoff" ; then
-  AC_MSG_RESULT([Forcing no lazy-lock because thread creation monitoring is unimplemented])
-  enable_lazy_lock="0"
-fi
-if test "x$enable_lazy_lock" = "x1" ; then
-  if test "x$have_dlsym" = "x1" ; then
-    AC_DEFINE([JEMALLOC_LAZY_LOCK], [ ])
-  else
-    AC_MSG_ERROR([Missing dlsym support: lazy-lock cannot be enabled.])
-  fi
-fi
-AC_SUBST([enable_lazy_lock])
-
-dnl Automatically configure TLS.
-if test "x${force_tls}" = "x1" ; then
-  enable_tls="1"
-elif test "x${force_tls}" = "x0" ; then
-  enable_tls="0"
-else
-  enable_tls="1"
-fi
-if test "x${enable_tls}" = "x1" ; then
-AC_MSG_CHECKING([for TLS])
-AC_COMPILE_IFELSE([AC_LANG_PROGRAM(
-[[
-    __thread int x;
-]], [[
-    x = 42;
-
-    return 0;
-]])],
-              AC_MSG_RESULT([yes]),
-              AC_MSG_RESULT([no])
-              enable_tls="0")
-else
-  enable_tls="0"
-fi
-AC_SUBST([enable_tls])
-if test "x${enable_tls}" = "x1" ; then
-  AC_DEFINE_UNQUOTED([JEMALLOC_TLS], [ ])
-fi
-
-dnl ============================================================================
-dnl Check for C11 atomics.
-
-JE_COMPILABLE([C11 atomics], [
-#include <stdint.h>
-#if (__STDC_VERSION__ >= 201112L) && !defined(__STDC_NO_ATOMICS__)
-#include <stdatomic.h>
-#else
-#error Atomics not available
-#endif
-], [
-    uint64_t *p = (uint64_t *)0;
-    uint64_t x = 1;
-    volatile atomic_uint_least64_t *a = (volatile atomic_uint_least64_t *)p;
-    uint64_t r = atomic_fetch_add(a, x) + x;
-    return r == 0;
-], [je_cv_c11_atomics])
-if test "x${je_cv_c11_atomics}" = "xyes" ; then
-  AC_DEFINE([JEMALLOC_C11_ATOMICS])
-fi
-
-dnl ============================================================================
-dnl Check for GCC-style __atomic atomics.
-
-JE_COMPILABLE([GCC __atomic atomics], [
-], [
-    int x = 0;
-    int val = 1;
-    int y = __atomic_fetch_add(&x, val, __ATOMIC_RELAXED);
-    int after_add = x;
-    return after_add == 1;
-], [je_cv_gcc_atomic_atomics])
-if test "x${je_cv_gcc_atomic_atomics}" = "xyes" ; then
-  AC_DEFINE([JEMALLOC_GCC_ATOMIC_ATOMICS])
-
-  dnl check for 8-bit atomic support
-  JE_COMPILABLE([GCC 8-bit __atomic atomics], [
-  ], [
-      unsigned char x = 0;
-      int val = 1;
-      int y = __atomic_fetch_add(&x, val, __ATOMIC_RELAXED);
-      int after_add = (int)x;
-      return after_add == 1;
-  ], [je_cv_gcc_u8_atomic_atomics])
-  if test "x${je_cv_gcc_u8_atomic_atomics}" = "xyes" ; then
-    AC_DEFINE([JEMALLOC_GCC_U8_ATOMIC_ATOMICS])
-  fi
-fi
-
-dnl ============================================================================
-dnl Check for GCC-style __sync atomics.
-
-JE_COMPILABLE([GCC __sync atomics], [
-], [
-    int x = 0;
-    int before_add = __sync_fetch_and_add(&x, 1);
-    int after_add = x;
-    return (before_add == 0) && (after_add == 1);
-], [je_cv_gcc_sync_atomics])
-if test "x${je_cv_gcc_sync_atomics}" = "xyes" ; then
-  AC_DEFINE([JEMALLOC_GCC_SYNC_ATOMICS])
-
-  dnl check for 8-bit atomic support
-  JE_COMPILABLE([GCC 8-bit __sync atomics], [
-  ], [
-      unsigned char x = 0;
-      int before_add = __sync_fetch_and_add(&x, 1);
-      int after_add = (int)x;
-      return (before_add == 0) && (after_add == 1);
-  ], [je_cv_gcc_u8_sync_atomics])
-  if test "x${je_cv_gcc_u8_sync_atomics}" = "xyes" ; then
-    AC_DEFINE([JEMALLOC_GCC_U8_SYNC_ATOMICS])
-  fi
-fi
-
-dnl ============================================================================
-dnl Check for atomic(3) operations as provided on Darwin.
-dnl We need this not for the atomic operations (which are provided above), but
-dnl rather for the OS_unfair_lock type it exposes.
-
-JE_COMPILABLE([Darwin OSAtomic*()], [
-#include <libkern/OSAtomic.h>
-#include <inttypes.h>
-], [
-	{
-		int32_t x32 = 0;
-		volatile int32_t *x32p = &x32;
-		OSAtomicAdd32(1, x32p);
-	}
-	{
-		int64_t x64 = 0;
-		volatile int64_t *x64p = &x64;
-		OSAtomicAdd64(1, x64p);
-	}
-], [je_cv_osatomic])
-if test "x${je_cv_osatomic}" = "xyes" ; then
-  AC_DEFINE([JEMALLOC_OSATOMIC], [ ])
-fi
-
-dnl ============================================================================
-dnl Check for madvise(2).
-
-JE_COMPILABLE([madvise(2)], [
-#include <sys/mman.h>
-], [
-	madvise((void *)0, 0, 0);
-], [je_cv_madvise])
-if test "x${je_cv_madvise}" = "xyes" ; then
-  AC_DEFINE([JEMALLOC_HAVE_MADVISE], [ ])
-
-  dnl Check for madvise(..., MADV_FREE).
-  JE_COMPILABLE([madvise(..., MADV_FREE)], [
-#include <sys/mman.h>
-], [
-	madvise((void *)0, 0, MADV_FREE);
-], [je_cv_madv_free])
-  if test "x${je_cv_madv_free}" = "xyes" ; then
-    AC_DEFINE([JEMALLOC_PURGE_MADVISE_FREE], [ ])
-  elif test "x${je_cv_madvise}" = "xyes" ; then
-    case "${host_cpu}" in i686|x86_64)
-        case "${host}" in *-*-linux*)
-            AC_DEFINE([JEMALLOC_PURGE_MADVISE_FREE], [ ])
-            AC_DEFINE([JEMALLOC_DEFINE_MADVISE_FREE], [ ])
-	    ;;
-        esac
-        ;;
-    esac
-  fi
-
-  dnl Check for madvise(..., MADV_DONTNEED).
-  JE_COMPILABLE([madvise(..., MADV_DONTNEED)], [
-#include <sys/mman.h>
-], [
-	madvise((void *)0, 0, MADV_DONTNEED);
-], [je_cv_madv_dontneed])
-  if test "x${je_cv_madv_dontneed}" = "xyes" ; then
-    AC_DEFINE([JEMALLOC_PURGE_MADVISE_DONTNEED], [ ])
-  fi
-
-  dnl Check for madvise(..., MADV_DO[NT]DUMP).
-  JE_COMPILABLE([madvise(..., MADV_DO[[NT]]DUMP)], [
-#include <sys/mman.h>
-], [
-	madvise((void *)0, 0, MADV_DONTDUMP);
-	madvise((void *)0, 0, MADV_DODUMP);
-], [je_cv_madv_dontdump])
-  if test "x${je_cv_madv_dontdump}" = "xyes" ; then
-    AC_DEFINE([JEMALLOC_MADVISE_DONTDUMP], [ ])
-  fi
-
-  dnl Check for madvise(..., MADV_[NO]HUGEPAGE).
-  JE_COMPILABLE([madvise(..., MADV_[[NO]]HUGEPAGE)], [
-#include <sys/mman.h>
-], [
-	madvise((void *)0, 0, MADV_HUGEPAGE);
-	madvise((void *)0, 0, MADV_NOHUGEPAGE);
-], [je_cv_thp])
-case "${host_cpu}" in
-  arm*)
-    ;;
-  *)
-  if test "x${je_cv_thp}" = "xyes" ; then
-    AC_DEFINE([JEMALLOC_HAVE_MADVISE_HUGE], [ ])
-  fi
-  ;;
-esac
-fi
-
-dnl ============================================================================
-dnl Check for __builtin_clz() and __builtin_clzl().
-
-AC_CACHE_CHECK([for __builtin_clz],
-               [je_cv_builtin_clz],
-               [AC_LINK_IFELSE([AC_LANG_PROGRAM([],
-                                                [
-                                                {
-                                                        unsigned x = 0;
-                                                        int y = __builtin_clz(x);
-                                                }
-                                                {
-                                                        unsigned long x = 0;
-                                                        int y = __builtin_clzl(x);
-                                                }
-                                                ])],
-                               [je_cv_builtin_clz=yes],
-                               [je_cv_builtin_clz=no])])
-
-if test "x${je_cv_builtin_clz}" = "xyes" ; then
-  AC_DEFINE([JEMALLOC_HAVE_BUILTIN_CLZ], [ ])
-fi
-
-dnl ============================================================================
-dnl Check for os_unfair_lock operations as provided on Darwin.
-
-JE_COMPILABLE([Darwin os_unfair_lock_*()], [
-#include <os/lock.h>
-#include <AvailabilityMacros.h>
-], [
-	#if MAC_OS_X_VERSION_MIN_REQUIRED < 101200
-	#error "os_unfair_lock is not supported"
-	#else
-	os_unfair_lock lock = OS_UNFAIR_LOCK_INIT;
-	os_unfair_lock_lock(&lock);
-	os_unfair_lock_unlock(&lock);
-	#endif
-], [je_cv_os_unfair_lock])
-if test "x${je_cv_os_unfair_lock}" = "xyes" ; then
-  AC_DEFINE([JEMALLOC_OS_UNFAIR_LOCK], [ ])
-fi
-
-dnl ============================================================================
-dnl Darwin-related configuration.
-
-AC_ARG_ENABLE([zone-allocator],
-  [AS_HELP_STRING([--disable-zone-allocator],
-                  [Disable zone allocator for Darwin])],
-[if test "x$enable_zone_allocator" = "xno" ; then
-  enable_zone_allocator="0"
-else
-  enable_zone_allocator="1"
-fi
-],
-[if test "x${abi}" = "xmacho"; then
-  enable_zone_allocator="1"
-fi
-]
-)
-AC_SUBST([enable_zone_allocator])
-
-if test "x${enable_zone_allocator}" = "x1" ; then
-  if test "x${abi}" != "xmacho"; then
-    AC_MSG_ERROR([--enable-zone-allocator is only supported on Darwin])
-  fi
-  AC_DEFINE([JEMALLOC_ZONE], [ ])
-fi
-
-dnl ============================================================================
-dnl Use initial-exec TLS by default.
-AC_ARG_ENABLE([initial-exec-tls],
-  [AS_HELP_STRING([--disable-initial-exec-tls],
-                  [Disable the initial-exec tls model])],
-[if test "x$enable_initial_exec_tls" = "xno" ; then
-  enable_initial_exec_tls="0"
-else
-  enable_initial_exec_tls="1"
-fi
-],
-[enable_initial_exec_tls="1"]
-)
-AC_SUBST([enable_initial_exec_tls])
-
-if test "x${je_cv_tls_model}" = "xyes" -a \
-       "x${enable_initial_exec_tls}" = "x1" ; then
-  AC_DEFINE([JEMALLOC_TLS_MODEL],
-            [__attribute__((tls_model("initial-exec")))])
-else
-  AC_DEFINE([JEMALLOC_TLS_MODEL], [ ])
-fi
-
-dnl ============================================================================
-dnl Enable background threads if possible.
-
-if test "x${have_pthread}" = "x1" -a "x${je_cv_os_unfair_lock}" != "xyes" ; then
-  AC_DEFINE([JEMALLOC_BACKGROUND_THREAD])
-fi
-
-dnl ============================================================================
-dnl Check for glibc malloc hooks
-
-JE_COMPILABLE([glibc malloc hook], [
-#include <stddef.h>
-
-extern void (* __free_hook)(void *ptr);
-extern void *(* __malloc_hook)(size_t size);
-extern void *(* __realloc_hook)(void *ptr, size_t size);
-], [
-  void *ptr = 0L;
-  if (__malloc_hook) ptr = __malloc_hook(1);
-  if (__realloc_hook) ptr = __realloc_hook(ptr, 2);
-  if (__free_hook && ptr) __free_hook(ptr);
-], [je_cv_glibc_malloc_hook])
-if test "x${je_cv_glibc_malloc_hook}" = "xyes" ; then
-  if test "x${JEMALLOC_PREFIX}" = "x" ; then
-    AC_DEFINE([JEMALLOC_GLIBC_MALLOC_HOOK], [ ])
-    wrap_syms="${wrap_syms} __free_hook __malloc_hook __realloc_hook"
-  fi
-fi
-
-JE_COMPILABLE([glibc memalign hook], [
-#include <stddef.h>
-
-extern void *(* __memalign_hook)(size_t alignment, size_t size);
-], [
-  void *ptr = 0L;
-  if (__memalign_hook) ptr = __memalign_hook(16, 7);
-], [je_cv_glibc_memalign_hook])
-if test "x${je_cv_glibc_memalign_hook}" = "xyes" ; then
-  if test "x${JEMALLOC_PREFIX}" = "x" ; then
-    AC_DEFINE([JEMALLOC_GLIBC_MEMALIGN_HOOK], [ ])
-    wrap_syms="${wrap_syms} __memalign_hook"
-  fi
-fi
-
-JE_COMPILABLE([pthreads adaptive mutexes], [
-#include <pthread.h>
-], [
-  pthread_mutexattr_t attr;
-  pthread_mutexattr_init(&attr);
-  pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_ADAPTIVE_NP);
-  pthread_mutexattr_destroy(&attr);
-], [je_cv_pthread_mutex_adaptive_np])
-if test "x${je_cv_pthread_mutex_adaptive_np}" = "xyes" ; then
-  AC_DEFINE([JEMALLOC_HAVE_PTHREAD_MUTEX_ADAPTIVE_NP], [ ])
-fi
-
-JE_CFLAGS_SAVE()
-JE_CFLAGS_ADD([-D_GNU_SOURCE])
-JE_CFLAGS_ADD([-Werror])
-JE_CFLAGS_ADD([-herror_on_warning])
-JE_COMPILABLE([strerror_r returns char with gnu source], [
-#include <errno.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-], [
-  char *buffer = (char *) malloc(100);
-  char *error = strerror_r(EINVAL, buffer, 100);
-  printf("%s\n", error);
-], [je_cv_strerror_r_returns_char_with_gnu_source])
-JE_CFLAGS_RESTORE()
-if test "x${je_cv_strerror_r_returns_char_with_gnu_source}" = "xyes" ; then
-  AC_DEFINE([JEMALLOC_STRERROR_R_RETURNS_CHAR_WITH_GNU_SOURCE], [ ])
-fi
-
-dnl ============================================================================
-dnl Check for typedefs, structures, and compiler characteristics.
-AC_HEADER_STDBOOL
-
-dnl ============================================================================
-dnl Define commands that generate output files.
-
-AC_CONFIG_COMMANDS([include/jemalloc/internal/public_symbols.txt], [
-  f="${objroot}include/jemalloc/internal/public_symbols.txt"
-  mkdir -p "${objroot}include/jemalloc/internal"
-  cp /dev/null "${f}"
-  for nm in `echo ${mangling_map} |tr ',' ' '` ; do
-    n=`echo ${nm} |tr ':' ' ' |awk '{print $[]1}'`
-    m=`echo ${nm} |tr ':' ' ' |awk '{print $[]2}'`
-    echo "${n}:${m}" >> "${f}"
-    dnl Remove name from public_syms so that it isn't redefined later.
-    public_syms=`for sym in ${public_syms}; do echo "${sym}"; done |grep -v "^${n}\$" |tr '\n' ' '`
-  done
-  for sym in ${public_syms} ; do
-    n="${sym}"
-    m="${JEMALLOC_PREFIX}${sym}"
-    echo "${n}:${m}" >> "${f}"
-  done
-], [
-  srcdir="${srcdir}"
-  objroot="${objroot}"
-  mangling_map="${mangling_map}"
-  public_syms="${public_syms}"
-  JEMALLOC_PREFIX="${JEMALLOC_PREFIX}"
-])
-AC_CONFIG_COMMANDS([include/jemalloc/internal/private_symbols.awk], [
-  f="${objroot}include/jemalloc/internal/private_symbols.awk"
-  mkdir -p "${objroot}include/jemalloc/internal"
-  export_syms=`for sym in ${public_syms}; do echo "${JEMALLOC_PREFIX}${sym}"; done; for sym in ${wrap_syms}; do echo "${sym}"; done;`
-  "${srcdir}/include/jemalloc/internal/private_symbols.sh" "${SYM_PREFIX}" ${export_syms} > "${objroot}include/jemalloc/internal/private_symbols.awk"
-], [
-  srcdir="${srcdir}"
-  objroot="${objroot}"
-  public_syms="${public_syms}"
-  wrap_syms="${wrap_syms}"
-  SYM_PREFIX="${SYM_PREFIX}"
-  JEMALLOC_PREFIX="${JEMALLOC_PREFIX}"
-])
-AC_CONFIG_COMMANDS([include/jemalloc/internal/private_symbols_jet.awk], [
-  f="${objroot}include/jemalloc/internal/private_symbols_jet.awk"
-  mkdir -p "${objroot}include/jemalloc/internal"
-  export_syms=`for sym in ${public_syms}; do echo "jet_${sym}"; done; for sym in ${wrap_syms}; do echo "${sym}"; done;`
-  "${srcdir}/include/jemalloc/internal/private_symbols.sh" "${SYM_PREFIX}" ${export_syms} > "${objroot}include/jemalloc/internal/private_symbols_jet.awk"
-], [
-  srcdir="${srcdir}"
-  objroot="${objroot}"
-  public_syms="${public_syms}"
-  wrap_syms="${wrap_syms}"
-  SYM_PREFIX="${SYM_PREFIX}"
-])
-AC_CONFIG_COMMANDS([include/jemalloc/internal/public_namespace.h], [
-  mkdir -p "${objroot}include/jemalloc/internal"
-  "${srcdir}/include/jemalloc/internal/public_namespace.sh" "${objroot}include/jemalloc/internal/public_symbols.txt" > "${objroot}include/jemalloc/internal/public_namespace.h"
-], [
-  srcdir="${srcdir}"
-  objroot="${objroot}"
-])
-AC_CONFIG_COMMANDS([include/jemalloc/internal/public_unnamespace.h], [
-  mkdir -p "${objroot}include/jemalloc/internal"
-  "${srcdir}/include/jemalloc/internal/public_unnamespace.sh" "${objroot}include/jemalloc/internal/public_symbols.txt" > "${objroot}include/jemalloc/internal/public_unnamespace.h"
-], [
-  srcdir="${srcdir}"
-  objroot="${objroot}"
-])
-AC_CONFIG_COMMANDS([include/jemalloc/jemalloc_protos_jet.h], [
-  mkdir -p "${objroot}include/jemalloc"
-  cat "${srcdir}/include/jemalloc/jemalloc_protos.h.in" | sed -e 's/@je_@/jet_/g' > "${objroot}include/jemalloc/jemalloc_protos_jet.h"
-], [
-  srcdir="${srcdir}"
-  objroot="${objroot}"
-])
-AC_CONFIG_COMMANDS([include/jemalloc/jemalloc_rename.h], [
-  mkdir -p "${objroot}include/jemalloc"
-  "${srcdir}/include/jemalloc/jemalloc_rename.sh" "${objroot}include/jemalloc/internal/public_symbols.txt" > "${objroot}include/jemalloc/jemalloc_rename.h"
-], [
-  srcdir="${srcdir}"
-  objroot="${objroot}"
-])
-AC_CONFIG_COMMANDS([include/jemalloc/jemalloc_mangle.h], [
-  mkdir -p "${objroot}include/jemalloc"
-  "${srcdir}/include/jemalloc/jemalloc_mangle.sh" "${objroot}include/jemalloc/internal/public_symbols.txt" je_ > "${objroot}include/jemalloc/jemalloc_mangle.h"
-], [
-  srcdir="${srcdir}"
-  objroot="${objroot}"
-])
-AC_CONFIG_COMMANDS([include/jemalloc/jemalloc_mangle_jet.h], [
-  mkdir -p "${objroot}include/jemalloc"
-  "${srcdir}/include/jemalloc/jemalloc_mangle.sh" "${objroot}include/jemalloc/internal/public_symbols.txt" jet_ > "${objroot}include/jemalloc/jemalloc_mangle_jet.h"
-], [
-  srcdir="${srcdir}"
-  objroot="${objroot}"
-])
-AC_CONFIG_COMMANDS([include/jemalloc/jemalloc.h], [
-  mkdir -p "${objroot}include/jemalloc"
-  "${srcdir}/include/jemalloc/jemalloc.sh" "${objroot}" > "${objroot}include/jemalloc/jemalloc${install_suffix}.h"
-], [
-  srcdir="${srcdir}"
-  objroot="${objroot}"
-  install_suffix="${install_suffix}"
-])
-
-dnl Process .in files.
-AC_SUBST([cfghdrs_in])
-AC_SUBST([cfghdrs_out])
-AC_CONFIG_HEADERS([$cfghdrs_tup])
-
-dnl ============================================================================
-dnl Generate outputs.
-
-AC_CONFIG_FILES([$cfgoutputs_tup config.stamp bin/jemalloc-config bin/jemalloc.sh bin/jeprof])
-AC_SUBST([cfgoutputs_in])
-AC_SUBST([cfgoutputs_out])
-AC_OUTPUT
-
-dnl ============================================================================
-dnl Print out the results of configuration.
-AC_MSG_RESULT([===============================================================================])
-AC_MSG_RESULT([jemalloc version   : ${jemalloc_version}])
-AC_MSG_RESULT([library revision   : ${rev}])
-AC_MSG_RESULT([])
-AC_MSG_RESULT([CONFIG             : ${CONFIG}])
-AC_MSG_RESULT([CC                 : ${CC}])
-AC_MSG_RESULT([CONFIGURE_CFLAGS   : ${CONFIGURE_CFLAGS}])
-AC_MSG_RESULT([SPECIFIED_CFLAGS   : ${SPECIFIED_CFLAGS}])
-AC_MSG_RESULT([EXTRA_CFLAGS       : ${EXTRA_CFLAGS}])
-AC_MSG_RESULT([CPPFLAGS           : ${CPPFLAGS}])
-AC_MSG_RESULT([CXX                : ${CXX}])
-AC_MSG_RESULT([CONFIGURE_CXXFLAGS : ${CONFIGURE_CXXFLAGS}])
-AC_MSG_RESULT([SPECIFIED_CXXFLAGS : ${SPECIFIED_CXXFLAGS}])
-AC_MSG_RESULT([EXTRA_CXXFLAGS     : ${EXTRA_CXXFLAGS}])
-AC_MSG_RESULT([LDFLAGS            : ${LDFLAGS}])
-AC_MSG_RESULT([EXTRA_LDFLAGS      : ${EXTRA_LDFLAGS}])
-AC_MSG_RESULT([DSO_LDFLAGS        : ${DSO_LDFLAGS}])
-AC_MSG_RESULT([LIBS               : ${LIBS}])
-AC_MSG_RESULT([RPATH_EXTRA        : ${RPATH_EXTRA}])
-AC_MSG_RESULT([])
-AC_MSG_RESULT([XSLTPROC           : ${XSLTPROC}])
-AC_MSG_RESULT([XSLROOT            : ${XSLROOT}])
-AC_MSG_RESULT([])
-AC_MSG_RESULT([PREFIX             : ${PREFIX}])
-AC_MSG_RESULT([BINDIR             : ${BINDIR}])
-AC_MSG_RESULT([DATADIR            : ${DATADIR}])
-AC_MSG_RESULT([INCLUDEDIR         : ${INCLUDEDIR}])
-AC_MSG_RESULT([LIBDIR             : ${LIBDIR}])
-AC_MSG_RESULT([MANDIR             : ${MANDIR}])
-AC_MSG_RESULT([])
-AC_MSG_RESULT([srcroot            : ${srcroot}])
-AC_MSG_RESULT([abs_srcroot        : ${abs_srcroot}])
-AC_MSG_RESULT([objroot            : ${objroot}])
-AC_MSG_RESULT([abs_objroot        : ${abs_objroot}])
-AC_MSG_RESULT([])
-AC_MSG_RESULT([JEMALLOC_PREFIX    : ${JEMALLOC_PREFIX}])
-AC_MSG_RESULT([JEMALLOC_PRIVATE_NAMESPACE])
-AC_MSG_RESULT([                   : ${JEMALLOC_PRIVATE_NAMESPACE}])
-AC_MSG_RESULT([install_suffix     : ${install_suffix}])
-AC_MSG_RESULT([malloc_conf        : ${config_malloc_conf}])
-AC_MSG_RESULT([documentation      : ${enable_doc}])
-AC_MSG_RESULT([shared libs        : ${enable_shared}])
-AC_MSG_RESULT([static libs        : ${enable_static}])
-AC_MSG_RESULT([autogen            : ${enable_autogen}])
-AC_MSG_RESULT([debug              : ${enable_debug}])
-AC_MSG_RESULT([stats              : ${enable_stats}])
-AC_MSG_RESULT([experimetal_smallocx : ${enable_experimental_smallocx}])
-AC_MSG_RESULT([prof               : ${enable_prof}])
-AC_MSG_RESULT([prof-libunwind     : ${enable_prof_libunwind}])
-AC_MSG_RESULT([prof-libgcc        : ${enable_prof_libgcc}])
-AC_MSG_RESULT([prof-gcc           : ${enable_prof_gcc}])
-AC_MSG_RESULT([fill               : ${enable_fill}])
-AC_MSG_RESULT([utrace             : ${enable_utrace}])
-AC_MSG_RESULT([xmalloc            : ${enable_xmalloc}])
-AC_MSG_RESULT([log                : ${enable_log}])
-AC_MSG_RESULT([lazy_lock          : ${enable_lazy_lock}])
-AC_MSG_RESULT([cache-oblivious    : ${enable_cache_oblivious}])
-AC_MSG_RESULT([cxx                : ${enable_cxx}])
-AC_MSG_RESULT([===============================================================================])
->>>>>>> main
diff --git a/contrib/jemalloc/doc/jemalloc.xml.in b/contrib/jemalloc/doc/jemalloc.xml.in
index e2b15de21961..4f5d27996816 100644
--- a/contrib/jemalloc/doc/jemalloc.xml.in
+++ b/contrib/jemalloc/doc/jemalloc.xml.in
@@ -1,4 +1,3 @@
-<<<<<<< HEAD
 <?xml version='1.0' encoding='UTF-8'?>
 <?xml-stylesheet type="text/xsl"
         href="http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl"?>
@@ -3787,3544 +3786,3 @@ malloc_conf = "narenas:1";]]></programlisting></para>
     11.0.</para>
   </refsect1>
 </refentry>
-||||||| dec341af7695
-=======
-<?xml version='1.0' encoding='UTF-8'?>
-<?xml-stylesheet type="text/xsl"
-        href="http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl"?>
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
-        "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
-]>
-
-<refentry>
-  <refentryinfo>
-    <title>User Manual</title>
-    <productname>jemalloc</productname>
-    <releaseinfo role="version">@jemalloc_version@</releaseinfo>
-    <authorgroup>
-      <author>
-        <firstname>Jason</firstname>
-        <surname>Evans</surname>
-        <personblurb>Author</personblurb>
-      </author>
-    </authorgroup>
-  </refentryinfo>
-  <refmeta>
-    <refentrytitle>JEMALLOC</refentrytitle>
-    <manvolnum>3</manvolnum>
-  </refmeta>
-  <refnamediv>
-    <refdescriptor>jemalloc</refdescriptor>
-    <refname>jemalloc</refname>
-    <!-- Each refname causes a man page file to be created.  Only if this were
-         the system malloc(3) implementation would these files be appropriate.
-    <refname>malloc</refname>
-    <refname>calloc</refname>
-    <refname>posix_memalign</refname>
-    <refname>aligned_alloc</refname>
-    <refname>realloc</refname>
-    <refname>free</refname>
-    <refname>mallocx</refname>
-    <refname>rallocx</refname>
-    <refname>xallocx</refname>
-    <refname>sallocx</refname>
-    <refname>dallocx</refname>
-    <refname>sdallocx</refname>
-    <refname>nallocx</refname>
-    <refname>mallctl</refname>
-    <refname>mallctlnametomib</refname>
-    <refname>mallctlbymib</refname>
-    <refname>malloc_stats_print</refname>
-    <refname>malloc_usable_size</refname>
-    -->
-    <refpurpose>general purpose memory allocation functions</refpurpose>
-  </refnamediv>
-  <refsect1 id="library">
-    <title>LIBRARY</title>
-    <para>This manual describes jemalloc @jemalloc_version@.  More information
-    can be found at the <ulink
-    url="http://jemalloc.net/">jemalloc website</ulink>.</para>
-
-    <para>The following configuration options are enabled in libc's built-in
-    jemalloc: <option>--enable-fill</option>,
-    <option>--enable-lazy-lock</option>, <option>--enable-stats</option>,
-    <option>--enable-utrace</option>, <option>--enable-xmalloc</option>, and
-    <option>--with-malloc-conf=abort_conf:false</option>.
-    Additionally, <option>--enable-debug</option> is enabled in development
-    versions of FreeBSD (controlled by the
-    <constant>MK_MALLOC_PRODUCTION</constant> make variable).</para>
-
-  </refsect1>
-  <refsynopsisdiv>
-    <title>SYNOPSIS</title>
-    <funcsynopsis>
-      <funcsynopsisinfo>#include &lt;<filename class="headerfile">stdlib.h</filename>&gt;
-#include &lt;<filename class="headerfile">malloc_np.h</filename>&gt;</funcsynopsisinfo>
-      <refsect2>
-        <title>Standard API</title>
-        <funcprototype>
-          <funcdef>void *<function>malloc</function></funcdef>
-          <paramdef>size_t <parameter>size</parameter></paramdef>
-        </funcprototype>
-        <funcprototype>
-          <funcdef>void *<function>calloc</function></funcdef>
-          <paramdef>size_t <parameter>number</parameter></paramdef>
-          <paramdef>size_t <parameter>size</parameter></paramdef>
-        </funcprototype>
-        <funcprototype>
-          <funcdef>int <function>posix_memalign</function></funcdef>
-          <paramdef>void **<parameter>ptr</parameter></paramdef>
-          <paramdef>size_t <parameter>alignment</parameter></paramdef>
-          <paramdef>size_t <parameter>size</parameter></paramdef>
-        </funcprototype>
-        <funcprototype>
-          <funcdef>void *<function>aligned_alloc</function></funcdef>
-          <paramdef>size_t <parameter>alignment</parameter></paramdef>
-          <paramdef>size_t <parameter>size</parameter></paramdef>
-        </funcprototype>
-        <funcprototype>
-          <funcdef>void *<function>realloc</function></funcdef>
-          <paramdef>void *<parameter>ptr</parameter></paramdef>
-          <paramdef>size_t <parameter>size</parameter></paramdef>
-        </funcprototype>
-        <funcprototype>
-          <funcdef>void <function>free</function></funcdef>
-          <paramdef>void *<parameter>ptr</parameter></paramdef>
-        </funcprototype>
-      </refsect2>
-      <refsect2>
-        <title>Non-standard API</title>
-        <funcprototype>
-          <funcdef>void *<function>mallocx</function></funcdef>
-          <paramdef>size_t <parameter>size</parameter></paramdef>
-          <paramdef>int <parameter>flags</parameter></paramdef>
-        </funcprototype>
-        <funcprototype>
-          <funcdef>void *<function>rallocx</function></funcdef>
-          <paramdef>void *<parameter>ptr</parameter></paramdef>
-          <paramdef>size_t <parameter>size</parameter></paramdef>
-          <paramdef>int <parameter>flags</parameter></paramdef>
-        </funcprototype>
-        <funcprototype>
-          <funcdef>size_t <function>xallocx</function></funcdef>
-          <paramdef>void *<parameter>ptr</parameter></paramdef>
-          <paramdef>size_t <parameter>size</parameter></paramdef>
-          <paramdef>size_t <parameter>extra</parameter></paramdef>
-          <paramdef>int <parameter>flags</parameter></paramdef>
-        </funcprototype>
-        <funcprototype>
-          <funcdef>size_t <function>sallocx</function></funcdef>
-          <paramdef>void *<parameter>ptr</parameter></paramdef>
-          <paramdef>int <parameter>flags</parameter></paramdef>
-        </funcprototype>
-        <funcprototype>
-          <funcdef>void <function>dallocx</function></funcdef>
-          <paramdef>void *<parameter>ptr</parameter></paramdef>
-          <paramdef>int <parameter>flags</parameter></paramdef>
-        </funcprototype>
-        <funcprototype>
-          <funcdef>void <function>sdallocx</function></funcdef>
-          <paramdef>void *<parameter>ptr</parameter></paramdef>
-          <paramdef>size_t <parameter>size</parameter></paramdef>
-          <paramdef>int <parameter>flags</parameter></paramdef>
-        </funcprototype>
-        <funcprototype>
-          <funcdef>size_t <function>nallocx</function></funcdef>
-          <paramdef>size_t <parameter>size</parameter></paramdef>
-          <paramdef>int <parameter>flags</parameter></paramdef>
-        </funcprototype>
-        <funcprototype>
-          <funcdef>int <function>mallctl</function></funcdef>
-          <paramdef>const char *<parameter>name</parameter></paramdef>
-          <paramdef>void *<parameter>oldp</parameter></paramdef>
-          <paramdef>size_t *<parameter>oldlenp</parameter></paramdef>
-          <paramdef>void *<parameter>newp</parameter></paramdef>
-          <paramdef>size_t <parameter>newlen</parameter></paramdef>
-        </funcprototype>
-        <funcprototype>
-          <funcdef>int <function>mallctlnametomib</function></funcdef>
-          <paramdef>const char *<parameter>name</parameter></paramdef>
-          <paramdef>size_t *<parameter>mibp</parameter></paramdef>
-          <paramdef>size_t *<parameter>miblenp</parameter></paramdef>
-        </funcprototype>
-        <funcprototype>
-          <funcdef>int <function>mallctlbymib</function></funcdef>
-          <paramdef>const size_t *<parameter>mib</parameter></paramdef>
-          <paramdef>size_t <parameter>miblen</parameter></paramdef>
-          <paramdef>void *<parameter>oldp</parameter></paramdef>
-          <paramdef>size_t *<parameter>oldlenp</parameter></paramdef>
-          <paramdef>void *<parameter>newp</parameter></paramdef>
-          <paramdef>size_t <parameter>newlen</parameter></paramdef>
-        </funcprototype>
-        <funcprototype>
-          <funcdef>void <function>malloc_stats_print</function></funcdef>
-          <paramdef>void <parameter>(*write_cb)</parameter>
-            <funcparams>void *, const char *</funcparams>
-          </paramdef>
-          <paramdef>void *<parameter>cbopaque</parameter></paramdef>
-          <paramdef>const char *<parameter>opts</parameter></paramdef>
-        </funcprototype>
-        <funcprototype>
-          <funcdef>size_t <function>malloc_usable_size</function></funcdef>
-          <paramdef>const void *<parameter>ptr</parameter></paramdef>
-        </funcprototype>
-        <funcprototype>
-          <funcdef>void <function>(*malloc_message)</function></funcdef>
-          <paramdef>void *<parameter>cbopaque</parameter></paramdef>
-          <paramdef>const char *<parameter>s</parameter></paramdef>
-        </funcprototype>
-        <para><type>const char *</type><varname>malloc_conf</varname>;</para>
-      </refsect2>
-    </funcsynopsis>
-  </refsynopsisdiv>
-  <refsect1 id="description">
-    <title>DESCRIPTION</title>
-    <refsect2>
-      <title>Standard API</title>
-
-      <para>The <function>malloc()</function> function allocates
-      <parameter>size</parameter> bytes of uninitialized memory.  The allocated
-      space is suitably aligned (after possible pointer coercion) for storage
-      of any type of object.</para>
-
-      <para>The <function>calloc()</function> function allocates
-      space for <parameter>number</parameter> objects, each
-      <parameter>size</parameter> bytes in length.  The result is identical to
-      calling <function>malloc()</function> with an argument of
-      <parameter>number</parameter> * <parameter>size</parameter>, with the
-      exception that the allocated memory is explicitly initialized to zero
-      bytes.</para>
-
-      <para>The <function>posix_memalign()</function> function
-      allocates <parameter>size</parameter> bytes of memory such that the
-      allocation's base address is a multiple of
-      <parameter>alignment</parameter>, and returns the allocation in the value
-      pointed to by <parameter>ptr</parameter>.  The requested
-      <parameter>alignment</parameter> must be a power of 2 at least as large as
-      <code language="C">sizeof(<type>void *</type>)</code>.</para>
-
-      <para>The <function>aligned_alloc()</function> function
-      allocates <parameter>size</parameter> bytes of memory such that the
-      allocation's base address is a multiple of
-      <parameter>alignment</parameter>.  The requested
-      <parameter>alignment</parameter> must be a power of 2.  Behavior is
-      undefined if <parameter>size</parameter> is not an integral multiple of
-      <parameter>alignment</parameter>.</para>
-
-      <para>The <function>realloc()</function> function changes the
-      size of the previously allocated memory referenced by
-      <parameter>ptr</parameter> to <parameter>size</parameter> bytes.  The
-      contents of the memory are unchanged up to the lesser of the new and old
-      sizes.  If the new size is larger, the contents of the newly allocated
-      portion of the memory are undefined.  Upon success, the memory referenced
-      by <parameter>ptr</parameter> is freed and a pointer to the newly
-      allocated memory is returned.  Note that
-      <function>realloc()</function> may move the memory allocation,
-      resulting in a different return value than <parameter>ptr</parameter>.
-      If <parameter>ptr</parameter> is <constant>NULL</constant>, the
-      <function>realloc()</function> function behaves identically to
-      <function>malloc()</function> for the specified size.</para>
-
-      <para>The <function>free()</function> function causes the
-      allocated memory referenced by <parameter>ptr</parameter> to be made
-      available for future allocations.  If <parameter>ptr</parameter> is
-      <constant>NULL</constant>, no action occurs.</para>
-    </refsect2>
-    <refsect2>
-      <title>Non-standard API</title>
-      <para>The <function>mallocx()</function>,
-      <function>rallocx()</function>,
-      <function>xallocx()</function>,
-      <function>sallocx()</function>,
-      <function>dallocx()</function>,
-      <function>sdallocx()</function>, and
-      <function>nallocx()</function> functions all have a
-      <parameter>flags</parameter> argument that can be used to specify
-      options.  The functions only check the options that are contextually
-      relevant.  Use bitwise or (<code language="C">|</code>) operations to
-      specify one or more of the following:
-        <variablelist>
-          <varlistentry id="MALLOCX_LG_ALIGN">
-            <term><constant>MALLOCX_LG_ALIGN(<parameter>la</parameter>)
-            </constant></term>
-
-            <listitem><para>Align the memory allocation to start at an address
-            that is a multiple of <code language="C">(1 &lt;&lt;
-            <parameter>la</parameter>)</code>.  This macro does not validate
-            that <parameter>la</parameter> is within the valid
-            range.</para></listitem>
-          </varlistentry>
-          <varlistentry id="MALLOCX_ALIGN">
-            <term><constant>MALLOCX_ALIGN(<parameter>a</parameter>)
-            </constant></term>
-
-            <listitem><para>Align the memory allocation to start at an address
-            that is a multiple of <parameter>a</parameter>, where
-            <parameter>a</parameter> is a power of two.  This macro does not
-            validate that <parameter>a</parameter> is a power of 2.
-            </para></listitem>
-          </varlistentry>
-          <varlistentry id="MALLOCX_ZERO">
-            <term><constant>MALLOCX_ZERO</constant></term>
-
-            <listitem><para>Initialize newly allocated memory to contain zero
-            bytes.  In the growing reallocation case, the real size prior to
-            reallocation defines the boundary between untouched bytes and those
-            that are initialized to contain zero bytes.  If this macro is
-            absent, newly allocated memory is uninitialized.</para></listitem>
-          </varlistentry>
-          <varlistentry id="MALLOCX_TCACHE">
-            <term><constant>MALLOCX_TCACHE(<parameter>tc</parameter>)
-            </constant></term>
-
-            <listitem><para>Use the thread-specific cache (tcache) specified by
-            the identifier <parameter>tc</parameter>, which must have been
-            acquired via the <link
-            linkend="tcache.create"><mallctl>tcache.create</mallctl></link>
-            mallctl.  This macro does not validate that
-            <parameter>tc</parameter> specifies a valid
-            identifier.</para></listitem>
-          </varlistentry>
-          <varlistentry id="MALLOC_TCACHE_NONE">
-            <term><constant>MALLOCX_TCACHE_NONE</constant></term>
-
-            <listitem><para>Do not use a thread-specific cache (tcache).  Unless
-            <constant>MALLOCX_TCACHE(<parameter>tc</parameter>)</constant> or
-            <constant>MALLOCX_TCACHE_NONE</constant> is specified, an
-            automatically managed tcache will be used under many circumstances.
-            This macro cannot be used in the same <parameter>flags</parameter>
-            argument as
-            <constant>MALLOCX_TCACHE(<parameter>tc</parameter>)</constant>.</para></listitem>
-          </varlistentry>
-          <varlistentry id="MALLOCX_ARENA">
-            <term><constant>MALLOCX_ARENA(<parameter>a</parameter>)
-            </constant></term>
-
-            <listitem><para>Use the arena specified by the index
-            <parameter>a</parameter>.  This macro has no effect for regions that
-            were allocated via an arena other than the one specified.  This
-            macro does not validate that <parameter>a</parameter> specifies an
-            arena index in the valid range.</para></listitem>
-          </varlistentry>
-        </variablelist>
-      </para>
-
-      <para>The <function>mallocx()</function> function allocates at
-      least <parameter>size</parameter> bytes of memory, and returns a pointer
-      to the base address of the allocation.  Behavior is undefined if
-      <parameter>size</parameter> is <constant>0</constant>.</para>
-
-      <para>The <function>rallocx()</function> function resizes the
-      allocation at <parameter>ptr</parameter> to be at least
-      <parameter>size</parameter> bytes, and returns a pointer to the base
-      address of the resulting allocation, which may or may not have moved from
-      its original location.  Behavior is undefined if
-      <parameter>size</parameter> is <constant>0</constant>.</para>
-
-      <para>The <function>xallocx()</function> function resizes the
-      allocation at <parameter>ptr</parameter> in place to be at least
-      <parameter>size</parameter> bytes, and returns the real size of the
-      allocation.  If <parameter>extra</parameter> is non-zero, an attempt is
-      made to resize the allocation to be at least <code
-      language="C">(<parameter>size</parameter> +
-      <parameter>extra</parameter>)</code> bytes, though inability to allocate
-      the extra byte(s) will not by itself result in failure to resize.
-      Behavior is undefined if <parameter>size</parameter> is
-      <constant>0</constant>, or if <code
-      language="C">(<parameter>size</parameter> + <parameter>extra</parameter>
-      &gt; <constant>SIZE_T_MAX</constant>)</code>.</para>
-
-      <para>The <function>sallocx()</function> function returns the
-      real size of the allocation at <parameter>ptr</parameter>.</para>
-
-      <para>The <function>dallocx()</function> function causes the
-      memory referenced by <parameter>ptr</parameter> to be made available for
-      future allocations.</para>
-
-      <para>The <function>sdallocx()</function> function is an
-      extension of <function>dallocx()</function> with a
-      <parameter>size</parameter> parameter to allow the caller to pass in the
-      allocation size as an optimization.  The minimum valid input size is the
-      original requested size of the allocation, and the maximum valid input
-      size is the corresponding value returned by
-      <function>nallocx()</function> or
-      <function>sallocx()</function>.</para>
-
-      <para>The <function>nallocx()</function> function allocates no
-      memory, but it performs the same size computation as the
-      <function>mallocx()</function> function, and returns the real
-      size of the allocation that would result from the equivalent
-      <function>mallocx()</function> function call, or
-      <constant>0</constant> if the inputs exceed the maximum supported size
-      class and/or alignment.  Behavior is undefined if
-      <parameter>size</parameter> is <constant>0</constant>.</para>
-
-      <para>The <function>mallctl()</function> function provides a
-      general interface for introspecting the memory allocator, as well as
-      setting modifiable parameters and triggering actions.  The
-      period-separated <parameter>name</parameter> argument specifies a
-      location in a tree-structured namespace; see the <xref
-      linkend="mallctl_namespace" xrefstyle="template:%t"/> section for
-      documentation on the tree contents.  To read a value, pass a pointer via
-      <parameter>oldp</parameter> to adequate space to contain the value, and a
-      pointer to its length via <parameter>oldlenp</parameter>; otherwise pass
-      <constant>NULL</constant> and <constant>NULL</constant>.  Similarly, to
-      write a value, pass a pointer to the value via
-      <parameter>newp</parameter>, and its length via
-      <parameter>newlen</parameter>; otherwise pass <constant>NULL</constant>
-      and <constant>0</constant>.</para>
-
-      <para>The <function>mallctlnametomib()</function> function
-      provides a way to avoid repeated name lookups for applications that
-      repeatedly query the same portion of the namespace, by translating a name
-      to a <quote>Management Information Base</quote> (MIB) that can be passed
-      repeatedly to <function>mallctlbymib()</function>.  Upon
-      successful return from <function>mallctlnametomib()</function>,
-      <parameter>mibp</parameter> contains an array of
-      <parameter>*miblenp</parameter> integers, where
-      <parameter>*miblenp</parameter> is the lesser of the number of components
-      in <parameter>name</parameter> and the input value of
-      <parameter>*miblenp</parameter>.  Thus it is possible to pass a
-      <parameter>*miblenp</parameter> that is smaller than the number of
-      period-separated name components, which results in a partial MIB that can
-      be used as the basis for constructing a complete MIB.  For name
-      components that are integers (e.g. the 2 in
-      <link
-      linkend="arenas.bin.i.size"><mallctl>arenas.bin.2.size</mallctl></link>),
-      the corresponding MIB component will always be that integer.  Therefore,
-      it is legitimate to construct code like the following: <programlisting
-      language="C"><![CDATA[
-unsigned nbins, i;
-size_t mib[4];
-size_t len, miblen;
-
-len = sizeof(nbins);
-mallctl("arenas.nbins", &nbins, &len, NULL, 0);
-
-miblen = 4;
-mallctlnametomib("arenas.bin.0.size", mib, &miblen);
-for (i = 0; i < nbins; i++) {
-	size_t bin_size;
-
-	mib[2] = i;
-	len = sizeof(bin_size);
-	mallctlbymib(mib, miblen, (void *)&bin_size, &len, NULL, 0);
-	/* Do something with bin_size... */
-}]]></programlisting></para>
-
-      <varlistentry id="malloc_stats_print_opts">
-      </varlistentry>
-      <para>The <function>malloc_stats_print()</function> function writes
-      summary statistics via the <parameter>write_cb</parameter> callback
-      function pointer and <parameter>cbopaque</parameter> data passed to
-      <parameter>write_cb</parameter>, or <function>malloc_message()</function>
-      if <parameter>write_cb</parameter> is <constant>NULL</constant>.  The
-      statistics are presented in human-readable form unless <quote>J</quote> is
-      specified as a character within the <parameter>opts</parameter> string, in
-      which case the statistics are presented in <ulink
-      url="http://www.json.org/">JSON format</ulink>.  This function can be
-      called repeatedly.  General information that never changes during
-      execution can be omitted by specifying <quote>g</quote> as a character
-      within the <parameter>opts</parameter> string.  Note that
-      <function>malloc_stats_print()</function> uses the
-      <function>mallctl*()</function> functions internally, so inconsistent
-      statistics can be reported if multiple threads use these functions
-      simultaneously.  If <option>--enable-stats</option> is specified during
-      configuration, <quote>m</quote>, <quote>d</quote>, and <quote>a</quote>
-      can be specified to omit merged arena, destroyed merged arena, and per
-      arena statistics, respectively; <quote>b</quote> and <quote>l</quote> can
-      be specified to omit per size class statistics for bins and large objects,
-      respectively; <quote>x</quote> can be specified to omit all mutex
-      statistics; <quote>e</quote> can be used to omit extent statistics.
-      Unrecognized characters are silently ignored.  Note that thread caching
-      may prevent some statistics from being completely up to date, since extra
-      locking would be required to merge counters that track thread cache
-      operations.</para>
-
-      <para>The <function>malloc_usable_size()</function> function
-      returns the usable size of the allocation pointed to by
-      <parameter>ptr</parameter>.  The return value may be larger than the size
-      that was requested during allocation.  The
-      <function>malloc_usable_size()</function> function is not a
-      mechanism for in-place <function>realloc()</function>; rather
-      it is provided solely as a tool for introspection purposes.  Any
-      discrepancy between the requested allocation size and the size reported
-      by <function>malloc_usable_size()</function> should not be
-      depended on, since such behavior is entirely implementation-dependent.
-      </para>
-    </refsect2>
-  </refsect1>
-  <refsect1 id="tuning">
-    <title>TUNING</title>
-    <para>Once, when the first call is made to one of the memory allocation
-    routines, the allocator initializes its internals based in part on various
-    options that can be specified at compile- or run-time.</para>
-
-    <para>The string specified via <option>--with-malloc-conf</option>, the
-    string pointed to by the global variable <varname>malloc_conf</varname>, the
-    <quote>name</quote> of the file referenced by the symbolic link named
-    <filename class="symlink">/etc/malloc.conf</filename>, and the value of the
-    environment variable <envar>MALLOC_CONF</envar>, will be interpreted, in
-    that order, from left to right as options.  Note that
-    <varname>malloc_conf</varname> may be read before
-    <function>main()</function> is entered, so the declaration of
-    <varname>malloc_conf</varname> should specify an initializer that contains
-    the final value to be read by jemalloc.  <option>--with-malloc-conf</option>
-    and <varname>malloc_conf</varname> are compile-time mechanisms, whereas
-    <filename class="symlink">/etc/malloc.conf</filename> and
-    <envar>MALLOC_CONF</envar> can be safely set any time prior to program
-    invocation.</para>
-
-    <para>An options string is a comma-separated list of option:value pairs.
-    There is one key corresponding to each <link
-    linkend="opt.abort"><mallctl>opt.*</mallctl></link> mallctl (see the <xref
-    linkend="mallctl_namespace" xrefstyle="template:%t"/> section for options
-    documentation).  For example, <literal>abort:true,narenas:1</literal> sets
-    the <link linkend="opt.abort"><mallctl>opt.abort</mallctl></link> and <link
-    linkend="opt.narenas"><mallctl>opt.narenas</mallctl></link> options.  Some
-    options have boolean values (true/false), others have integer values (base
-    8, 10, or 16, depending on prefix), and yet others have raw string
-    values.</para>
-  </refsect1>
-  <refsect1 id="implementation_notes">
-    <title>IMPLEMENTATION NOTES</title>
-    <para>Traditionally, allocators have used
-    <citerefentry><refentrytitle>sbrk</refentrytitle>
-    <manvolnum>2</manvolnum></citerefentry> to obtain memory, which is
-    suboptimal for several reasons, including race conditions, increased
-    fragmentation, and artificial limitations on maximum usable memory.  If
-    <citerefentry><refentrytitle>sbrk</refentrytitle>
-    <manvolnum>2</manvolnum></citerefentry> is supported by the operating
-    system, this allocator uses both
-    <citerefentry><refentrytitle>mmap</refentrytitle>
-    <manvolnum>2</manvolnum></citerefentry> and
-    <citerefentry><refentrytitle>sbrk</refentrytitle>
-    <manvolnum>2</manvolnum></citerefentry>, in that order of preference;
-    otherwise only <citerefentry><refentrytitle>mmap</refentrytitle>
-    <manvolnum>2</manvolnum></citerefentry> is used.</para>
-
-    <para>This allocator uses multiple arenas in order to reduce lock
-    contention for threaded programs on multi-processor systems.  This works
-    well with regard to threading scalability, but incurs some costs.  There is
-    a small fixed per-arena overhead, and additionally, arenas manage memory
-    completely independently of each other, which means a small fixed increase
-    in overall memory fragmentation.  These overheads are not generally an
-    issue, given the number of arenas normally used.  Note that using
-    substantially more arenas than the default is not likely to improve
-    performance, mainly due to reduced cache performance.  However, it may make
-    sense to reduce the number of arenas if an application does not make much
-    use of the allocation functions.</para>
-
-    <para>In addition to multiple arenas, this allocator supports
-    thread-specific caching, in order to make it possible to completely avoid
-    synchronization for most allocation requests.  Such caching allows very fast
-    allocation in the common case, but it increases memory usage and
-    fragmentation, since a bounded number of objects can remain allocated in
-    each thread cache.</para>
-
-    <para>Memory is conceptually broken into extents.  Extents are always
-    aligned to multiples of the page size.  This alignment makes it possible to
-    find metadata for user objects quickly.  User objects are broken into two
-    categories according to size: small and large.  Contiguous small objects
-    comprise a slab, which resides within a single extent, whereas large objects
-    each have their own extents backing them.</para>
-
-    <para>Small objects are managed in groups by slabs.  Each slab maintains
-    a bitmap to track which regions are in use.  Allocation requests that are no
-    more than half the quantum (8 or 16, depending on architecture) are rounded
-    up to the nearest power of two that is at least <code
-    language="C">sizeof(<type>double</type>)</code>.  All other object size
-    classes are multiples of the quantum, spaced such that there are four size
-    classes for each doubling in size, which limits internal fragmentation to
-    approximately 20% for all but the smallest size classes.  Small size classes
-    are smaller than four times the page size, and large size classes extend
-    from four times the page size up to the largest size class that does not
-    exceed <constant>PTRDIFF_MAX</constant>.</para>
-
-    <para>Allocations are packed tightly together, which can be an issue for
-    multi-threaded applications.  If you need to assure that allocations do not
-    suffer from cacheline sharing, round your allocation requests up to the
-    nearest multiple of the cacheline size, or specify cacheline alignment when
-    allocating.</para>
-
-    <para>The <function>realloc()</function>,
-    <function>rallocx()</function>, and
-    <function>xallocx()</function> functions may resize allocations
-    without moving them under limited circumstances.  Unlike the
-    <function>*allocx()</function> API, the standard API does not
-    officially round up the usable size of an allocation to the nearest size
-    class, so technically it is necessary to call
-    <function>realloc()</function> to grow e.g. a 9-byte allocation to
-    16 bytes, or shrink a 16-byte allocation to 9 bytes.  Growth and shrinkage
-    trivially succeeds in place as long as the pre-size and post-size both round
-    up to the same size class.  No other API guarantees are made regarding
-    in-place resizing, but the current implementation also tries to resize large
-    allocations in place, as long as the pre-size and post-size are both large.
-    For shrinkage to succeed, the extent allocator must support splitting (see
-    <link
-    linkend="arena.i.extent_hooks"><mallctl>arena.&lt;i&gt;.extent_hooks</mallctl></link>).
-    Growth only succeeds if the trailing memory is currently available, and the
-    extent allocator supports merging.</para>
-
-    <para>Assuming 4 KiB pages and a 16-byte quantum on a 64-bit system, the
-    size classes in each category are as shown in <xref linkend="size_classes"
-    xrefstyle="template:Table %n"/>.</para>
-
-    <table xml:id="size_classes" frame="all">
-      <title>Size classes</title>
-      <tgroup cols="3" colsep="1" rowsep="1">
-      <colspec colname="c1" align="left"/>
-      <colspec colname="c2" align="right"/>
-      <colspec colname="c3" align="left"/>
-      <thead>
-        <row>
-          <entry>Category</entry>
-          <entry>Spacing</entry>
-          <entry>Size</entry>
-        </row>
-      </thead>
-      <tbody>
-        <row>
-          <entry morerows="8">Small</entry>
-          <entry>lg</entry>
-          <entry>[8]</entry>
-        </row>
-        <row>
-          <entry>16</entry>
-          <entry>[16, 32, 48, 64, 80, 96, 112, 128]</entry>
-        </row>
-        <row>
-          <entry>32</entry>
-          <entry>[160, 192, 224, 256]</entry>
-        </row>
-        <row>
-          <entry>64</entry>
-          <entry>[320, 384, 448, 512]</entry>
-        </row>
-        <row>
-          <entry>128</entry>
-          <entry>[640, 768, 896, 1024]</entry>
-        </row>
-        <row>
-          <entry>256</entry>
-          <entry>[1280, 1536, 1792, 2048]</entry>
-        </row>
-        <row>
-          <entry>512</entry>
-          <entry>[2560, 3072, 3584, 4096]</entry>
-        </row>
-        <row>
-          <entry>1 KiB</entry>
-          <entry>[5 KiB, 6 KiB, 7 KiB, 8 KiB]</entry>
-        </row>
-        <row>
-          <entry>2 KiB</entry>
-          <entry>[10 KiB, 12 KiB, 14 KiB]</entry>
-        </row>
-        <row>
-          <entry morerows="15">Large</entry>
-          <entry>2 KiB</entry>
-          <entry>[16 KiB]</entry>
-        </row>
-        <row>
-          <entry>4 KiB</entry>
-          <entry>[20 KiB, 24 KiB, 28 KiB, 32 KiB]</entry>
-        </row>
-        <row>
-          <entry>8 KiB</entry>
-          <entry>[40 KiB, 48 KiB, 54 KiB, 64 KiB]</entry>
-        </row>
-        <row>
-          <entry>16 KiB</entry>
-          <entry>[80 KiB, 96 KiB, 112 KiB, 128 KiB]</entry>
-        </row>
-        <row>
-          <entry>32 KiB</entry>
-          <entry>[160 KiB, 192 KiB, 224 KiB, 256 KiB]</entry>
-        </row>
-        <row>
-          <entry>64 KiB</entry>
-          <entry>[320 KiB, 384 KiB, 448 KiB, 512 KiB]</entry>
-        </row>
-        <row>
-          <entry>128 KiB</entry>
-          <entry>[640 KiB, 768 KiB, 896 KiB, 1 MiB]</entry>
-        </row>
-        <row>
-          <entry>256 KiB</entry>
-          <entry>[1280 KiB, 1536 KiB, 1792 KiB, 2 MiB]</entry>
-        </row>
-        <row>
-          <entry>512 KiB</entry>
-          <entry>[2560 KiB, 3 MiB, 3584 KiB, 4 MiB]</entry>
-        </row>
-        <row>
-          <entry>1 MiB</entry>
-          <entry>[5 MiB, 6 MiB, 7 MiB, 8 MiB]</entry>
-        </row>
-        <row>
-          <entry>2 MiB</entry>
-          <entry>[10 MiB, 12 MiB, 14 MiB, 16 MiB]</entry>
-        </row>
-        <row>
-          <entry>4 MiB</entry>
-          <entry>[20 MiB, 24 MiB, 28 MiB, 32 MiB]</entry>
-        </row>
-        <row>
-          <entry>8 MiB</entry>
-          <entry>[40 MiB, 48 MiB, 56 MiB, 64 MiB]</entry>
-        </row>
-        <row>
-          <entry>...</entry>
-          <entry>...</entry>
-        </row>
-        <row>
-          <entry>512 PiB</entry>
-          <entry>[2560 PiB, 3 EiB, 3584 PiB, 4 EiB]</entry>
-        </row>
-        <row>
-          <entry>1 EiB</entry>
-          <entry>[5 EiB, 6 EiB, 7 EiB]</entry>
-        </row>
-      </tbody>
-      </tgroup>
-    </table>
-  </refsect1>
-  <refsect1 id="mallctl_namespace">
-    <title>MALLCTL NAMESPACE</title>
-    <para>The following names are defined in the namespace accessible via the
-    <function>mallctl*()</function> functions.  Value types are specified in
-    parentheses, their readable/writable statuses are encoded as
-    <literal>rw</literal>, <literal>r-</literal>, <literal>-w</literal>, or
-    <literal>--</literal>, and required build configuration flags follow, if
-    any.  A name element encoded as <literal>&lt;i&gt;</literal> or
-    <literal>&lt;j&gt;</literal> indicates an integer component, where the
-    integer varies from 0 to some upper value that must be determined via
-    introspection.  In the case of <mallctl>stats.arenas.&lt;i&gt;.*</mallctl>
-    and <mallctl>arena.&lt;i&gt;.{initialized,purge,decay,dss}</mallctl>,
-    <literal>&lt;i&gt;</literal> equal to
-    <constant>MALLCTL_ARENAS_ALL</constant> can be used to operate on all arenas
-    or access the summation of statistics from all arenas; similarly
-    <literal>&lt;i&gt;</literal> equal to
-    <constant>MALLCTL_ARENAS_DESTROYED</constant> can be used to access the
-    summation of statistics from all destroyed arenas.  These constants can be
-    utilized either via <function>mallctlnametomib()</function> followed by
-    <function>mallctlbymib()</function>, or via code such as the following:
-    <programlisting language="C"><![CDATA[
-#define STRINGIFY_HELPER(x) #x
-#define STRINGIFY(x) STRINGIFY_HELPER(x)
-
-mallctl("arena." STRINGIFY(MALLCTL_ARENAS_ALL) ".decay",
-    NULL, NULL, NULL, 0);]]></programlisting>
-    Take special note of the <link
-    linkend="epoch"><mallctl>epoch</mallctl></link> mallctl, which controls
-    refreshing of cached dynamic statistics.</para>
-
-    <variablelist>
-      <varlistentry id="version">
-        <term>
-          <mallctl>version</mallctl>
-          (<type>const char *</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para>Return the jemalloc version string.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="epoch">
-        <term>
-          <mallctl>epoch</mallctl>
-          (<type>uint64_t</type>)
-          <literal>rw</literal>
-        </term>
-        <listitem><para>If a value is passed in, refresh the data from which
-        the <function>mallctl*()</function> functions report values,
-        and increment the epoch.  Return the current epoch.  This is useful for
-        detecting whether another thread caused a refresh.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="background_thread">
-        <term>
-          <mallctl>background_thread</mallctl>
-          (<type>bool</type>)
-          <literal>rw</literal>
-        </term>
-        <listitem><para>Enable/disable internal background worker threads.  When
-        set to true, background threads are created on demand (the number of
-        background threads will be no more than the number of CPUs or active
-        arenas).  Threads run periodically, and handle <link
-        linkend="arena.i.decay">purging</link> asynchronously.  When switching
-        off, background threads are terminated synchronously.  Note that after
-        <citerefentry><refentrytitle>fork</refentrytitle><manvolnum>2</manvolnum></citerefentry>
-        function, the state in the child process will be disabled regardless
-        the state in parent process. See <link
-        linkend="stats.background_thread.num_threads"><mallctl>stats.background_thread</mallctl></link>
-        for related stats.  <link
-        linkend="opt.background_thread"><mallctl>opt.background_thread</mallctl></link>
-        can be used to set the default option.  This option is only available on
-        selected pthread-based platforms.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="max_background_threads">
-        <term>
-          <mallctl>max_background_threads</mallctl>
-          (<type>size_t</type>)
-          <literal>rw</literal>
-        </term>
-        <listitem><para>Maximum number of background worker threads that will
-        be created.  This value is capped at <link
-        linkend="opt.max_background_threads"><mallctl>opt.max_background_threads</mallctl></link> at
-        startup.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="config.cache_oblivious">
-        <term>
-          <mallctl>config.cache_oblivious</mallctl>
-          (<type>bool</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para><option>--enable-cache-oblivious</option> was specified
-        during build configuration.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="config.debug">
-        <term>
-          <mallctl>config.debug</mallctl>
-          (<type>bool</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para><option>--enable-debug</option> was specified during
-        build configuration.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="config.fill">
-        <term>
-          <mallctl>config.fill</mallctl>
-          (<type>bool</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para><option>--enable-fill</option> was specified during
-        build configuration.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="config.lazy_lock">
-        <term>
-          <mallctl>config.lazy_lock</mallctl>
-          (<type>bool</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para><option>--enable-lazy-lock</option> was specified
-        during build configuration.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="config.malloc_conf">
-        <term>
-          <mallctl>config.malloc_conf</mallctl>
-          (<type>const char *</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para>Embedded configure-time-specified run-time options
-        string, empty unless <option>--with-malloc-conf</option> was specified
-        during build configuration.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="config.prof">
-        <term>
-          <mallctl>config.prof</mallctl>
-          (<type>bool</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para><option>--enable-prof</option> was specified during
-        build configuration.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="config.prof_libgcc">
-        <term>
-          <mallctl>config.prof_libgcc</mallctl>
-          (<type>bool</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para><option>--disable-prof-libgcc</option> was not
-        specified during build configuration.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="config.prof_libunwind">
-        <term>
-          <mallctl>config.prof_libunwind</mallctl>
-          (<type>bool</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para><option>--enable-prof-libunwind</option> was specified
-        during build configuration.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="config.stats">
-        <term>
-          <mallctl>config.stats</mallctl>
-          (<type>bool</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para><option>--enable-stats</option> was specified during
-        build configuration.</para></listitem>
-      </varlistentry>
-
-
-      <varlistentry id="config.utrace">
-        <term>
-          <mallctl>config.utrace</mallctl>
-          (<type>bool</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para><option>--enable-utrace</option> was specified during
-        build configuration.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="config.xmalloc">
-        <term>
-          <mallctl>config.xmalloc</mallctl>
-          (<type>bool</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para><option>--enable-xmalloc</option> was specified during
-        build configuration.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="opt.abort">
-        <term>
-          <mallctl>opt.abort</mallctl>
-          (<type>bool</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para>Abort-on-warning enabled/disabled.  If true, most
-        warnings are fatal.  Note that runtime option warnings are not included
-        (see <link
-        linkend="opt.abort_conf"><mallctl>opt.abort_conf</mallctl></link> for
-        that). The process will call
-        <citerefentry><refentrytitle>abort</refentrytitle>
-        <manvolnum>3</manvolnum></citerefentry> in these cases.  This option is
-        disabled by default unless <option>--enable-debug</option> is
-        specified during configuration, in which case it is enabled by default.
-        </para></listitem>
-      </varlistentry>
-
-      <varlistentry id="opt.confirm_conf">
-        <term>
-          <mallctl>opt.confirm_conf</mallctl>
-          (<type>bool</type>)
-          <literal>r-</literal>
-        </term>
-	<listitem><para>Confirm-runtime-options-when-program-starts
-	enabled/disabled.  If true, the string specified via
-	<option>--with-malloc-conf</option>, the string pointed to by the
-	global variable <varname>malloc_conf</varname>, the <quote>name</quote>
-	of the file referenced by the symbolic link named
-	<filename class="symlink">/etc/malloc.conf</filename>, and the value of
-	the environment variable <envar>MALLOC_CONF</envar>, will be printed in
-	order.  Then, each option being set will be individually printed.  This
-	option is disabled by default.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="opt.abort_conf">
-        <term>
-          <mallctl>opt.abort_conf</mallctl>
-          (<type>bool</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para>Abort-on-invalid-configuration enabled/disabled.  If
-        true, invalid runtime options are fatal.  The process will call
-        <citerefentry><refentrytitle>abort</refentrytitle>
-        <manvolnum>3</manvolnum></citerefentry> in these cases.  This option is
-        disabled by default unless <option>--enable-debug</option> is
-        specified during configuration, in which case it is enabled by default.
-        </para></listitem>
-      </varlistentry>
-
-      <varlistentry id="opt.metadata_thp">
-        <term>
-          <mallctl>opt.metadata_thp</mallctl>
-          (<type>const char *</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para>Controls whether to allow jemalloc to use transparent
-        huge page (THP) for internal metadata (see <link
-        linkend="stats.metadata">stats.metadata</link>).  <quote>always</quote>
-        allows such usage.  <quote>auto</quote> uses no THP initially, but may
-        begin to do so when metadata usage reaches certain level.  The default
-        is <quote>disabled</quote>.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="opt.retain">
-        <term>
-          <mallctl>opt.retain</mallctl>
-          (<type>bool</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para>If true, retain unused virtual memory for later reuse
-        rather than discarding it by calling
-        <citerefentry><refentrytitle>munmap</refentrytitle>
-        <manvolnum>2</manvolnum></citerefentry> or equivalent (see <link
-        linkend="stats.retained">stats.retained</link> for related details).
-        It also makes jemalloc use <citerefentry>
-        <refentrytitle>mmap</refentrytitle><manvolnum>2</manvolnum>
-        </citerefentry> or equivalent in a more greedy way, mapping larger
-        chunks in one go.  This option is disabled by default unless discarding
-        virtual memory is known to trigger platform-specific performance
-        problems, namely 1) for [64-bit] Linux, which has a quirk in its virtual
-        memory allocation algorithm that causes semi-permanent VM map holes
-        under normal jemalloc operation; and 2) for [64-bit] Windows, which
-        disallows split / merged regions with
-        <parameter><constant>MEM_RELEASE</constant></parameter>.  Although the
-        same issues may present on 32-bit platforms as well, retaining virtual
-        memory for 32-bit Linux and Windows is disabled by default due to the
-        practical possibility of address space exhaustion.  </para></listitem>
-      </varlistentry>
-
-      <varlistentry id="opt.dss">
-        <term>
-          <mallctl>opt.dss</mallctl>
-          (<type>const char *</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para>dss (<citerefentry><refentrytitle>sbrk</refentrytitle>
-        <manvolnum>2</manvolnum></citerefentry>) allocation precedence as
-        related to <citerefentry><refentrytitle>mmap</refentrytitle>
-        <manvolnum>2</manvolnum></citerefentry> allocation.  The following
-        settings are supported if
-        <citerefentry><refentrytitle>sbrk</refentrytitle>
-        <manvolnum>2</manvolnum></citerefentry> is supported by the operating
-        system: <quote>disabled</quote>, <quote>primary</quote>, and
-        <quote>secondary</quote>; otherwise only <quote>disabled</quote> is
-        supported.  The default is <quote>secondary</quote> if
-        <citerefentry><refentrytitle>sbrk</refentrytitle>
-        <manvolnum>2</manvolnum></citerefentry> is supported by the operating
-        system; <quote>disabled</quote> otherwise.
-        </para></listitem>
-      </varlistentry>
-
-      <varlistentry id="opt.narenas">
-        <term>
-          <mallctl>opt.narenas</mallctl>
-          (<type>unsigned</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para>Maximum number of arenas to use for automatic
-        multiplexing of threads and arenas.  The default is four times the
-        number of CPUs, or one if there is a single CPU.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="opt.oversize_threshold">
-        <term>
-          <mallctl>opt.oversize_threshold</mallctl>
-          (<type>size_t</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para>The threshold in bytes of which requests are considered
-        oversize.  Allocation requests with greater sizes are fulfilled from a
-        dedicated arena (automatically managed, however not within
-        <literal>narenas</literal>), in order to reduce fragmentation by not
-        mixing huge allocations with small ones.  In addition, the decay API
-        guarantees on the extents greater than the specified threshold may be
-        overridden.  Note that requests with arena index specified via
-        <constant>MALLOCX_ARENA</constant>, or threads associated with explicit
-        arenas will not be considered.  The default threshold is 8MiB.  Values
-        not within large size classes disables this feature.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="opt.percpu_arena">
-        <term>
-          <mallctl>opt.percpu_arena</mallctl>
-          (<type>const char *</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para>Per CPU arena mode.  Use the <quote>percpu</quote>
-        setting to enable this feature, which uses number of CPUs to determine
-        number of arenas, and bind threads to arenas dynamically based on the
-        CPU the thread runs on currently.  <quote>phycpu</quote> setting uses
-        one arena per physical CPU, which means the two hyper threads on the
-        same CPU share one arena.  Note that no runtime checking regarding the
-        availability of hyper threading is done at the moment.  When set to
-        <quote>disabled</quote>, narenas and thread to arena association will
-        not be impacted by this option.  The default is <quote>disabled</quote>.
-        </para></listitem>
-      </varlistentry>
-
-      <varlistentry id="opt.background_thread">
-        <term>
-          <mallctl>opt.background_thread</mallctl>
-          (<type>bool</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para>Internal background worker threads enabled/disabled.
-        Because of potential circular dependencies, enabling background thread
-        using this option may cause crash or deadlock during initialization. For
-        a reliable way to use this feature, see <link
-        linkend="background_thread">background_thread</link> for dynamic control
-        options and details.  This option is disabled by
-        default.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="opt.max_background_threads">
-        <term>
-          <mallctl>opt.max_background_threads</mallctl>
-          (<type>size_t</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para>Maximum number of background threads that will be created
-        if <link linkend="background_thread">background_thread</link> is set.
-        Defaults to number of cpus.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="opt.dirty_decay_ms">
-        <term>
-          <mallctl>opt.dirty_decay_ms</mallctl>
-          (<type>ssize_t</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para>Approximate time in milliseconds from the creation of a
-        set of unused dirty pages until an equivalent set of unused dirty pages
-        is purged (i.e. converted to muzzy via e.g.
-        <function>madvise(<parameter>...</parameter><parameter><constant>MADV_FREE</constant></parameter>)</function>
-        if supported by the operating system, or converted to clean otherwise)
-        and/or reused.  Dirty pages are defined as previously having been
-        potentially written to by the application, and therefore consuming
-        physical memory, yet having no current use.  The pages are incrementally
-        purged according to a sigmoidal decay curve that starts and ends with
-        zero purge rate.  A decay time of 0 causes all unused dirty pages to be
-        purged immediately upon creation.  A decay time of -1 disables purging.
-        The default decay time is 10 seconds.  See <link
-        linkend="arenas.dirty_decay_ms"><mallctl>arenas.dirty_decay_ms</mallctl></link>
-        and <link
-        linkend="arena.i.dirty_decay_ms"><mallctl>arena.&lt;i&gt;.dirty_decay_ms</mallctl></link>
-        for related dynamic control options.  See <link
-        linkend="opt.muzzy_decay_ms"><mallctl>opt.muzzy_decay_ms</mallctl></link>
-        for a description of muzzy pages.for a description of muzzy pages.  Note
-        that when the <link
-        linkend="opt.oversize_threshold"><mallctl>oversize_threshold</mallctl></link>
-        feature is enabled, the arenas reserved for oversize requests may have
-        its own default decay settings.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="opt.muzzy_decay_ms">
-        <term>
-          <mallctl>opt.muzzy_decay_ms</mallctl>
-          (<type>ssize_t</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para>Approximate time in milliseconds from the creation of a
-        set of unused muzzy pages until an equivalent set of unused muzzy pages
-        is purged (i.e. converted to clean) and/or reused.  Muzzy pages are
-        defined as previously having been unused dirty pages that were
-        subsequently purged in a manner that left them subject to the
-        reclamation whims of the operating system (e.g.
-        <function>madvise(<parameter>...</parameter><parameter><constant>MADV_FREE</constant></parameter>)</function>),
-        and therefore in an indeterminate state.  The pages are incrementally
-        purged according to a sigmoidal decay curve that starts and ends with
-        zero purge rate.  A decay time of 0 causes all unused muzzy pages to be
-        purged immediately upon creation.  A decay time of -1 disables purging.
-        The default decay time is 10 seconds.  See <link
-        linkend="arenas.muzzy_decay_ms"><mallctl>arenas.muzzy_decay_ms</mallctl></link>
-        and <link
-        linkend="arena.i.muzzy_decay_ms"><mallctl>arena.&lt;i&gt;.muzzy_decay_ms</mallctl></link>
-        for related dynamic control options.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="opt.lg_extent_max_active_fit">
-        <term>
-          <mallctl>opt.lg_extent_max_active_fit</mallctl>
-          (<type>size_t</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para>When reusing dirty extents, this determines the (log
-        base 2 of the) maximum ratio between the size of the active extent
-        selected (to split off from) and the size of the requested allocation.
-        This prevents the splitting of large active extents for smaller
-        allocations, which can reduce fragmentation over the long run
-        (especially for non-active extents).  Lower value may reduce
-        fragmentation, at the cost of extra active extents.  The default value
-        is 6, which gives a maximum ratio of 64 (2^6).</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="opt.stats_print">
-        <term>
-          <mallctl>opt.stats_print</mallctl>
-          (<type>bool</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para>Enable/disable statistics printing at exit.  If
-        enabled, the <function>malloc_stats_print()</function>
-        function is called at program exit via an
-        <citerefentry><refentrytitle>atexit</refentrytitle>
-        <manvolnum>3</manvolnum></citerefentry> function.  <link
-        linkend="opt.stats_print_opts"><mallctl>opt.stats_print_opts</mallctl></link>
-        can be combined to specify output options. If
-        <option>--enable-stats</option> is specified during configuration, this
-        has the potential to cause deadlock for a multi-threaded process that
-        exits while one or more threads are executing in the memory allocation
-        functions.  Furthermore, <function>atexit()</function> may
-        allocate memory during application initialization and then deadlock
-        internally when jemalloc in turn calls
-        <function>atexit()</function>, so this option is not
-        universally usable (though the application can register its own
-        <function>atexit()</function> function with equivalent
-        functionality).  Therefore, this option should only be used with care;
-        it is primarily intended as a performance tuning aid during application
-        development.  This option is disabled by default.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="opt.stats_print_opts">
-        <term>
-          <mallctl>opt.stats_print_opts</mallctl>
-          (<type>const char *</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para>Options (the <parameter>opts</parameter> string) to pass
-        to the <function>malloc_stats_print()</function> at exit (enabled
-        through <link
-        linkend="opt.stats_print"><mallctl>opt.stats_print</mallctl></link>). See
-        available options in <link
-        linkend="malloc_stats_print_opts"><function>malloc_stats_print()</function></link>.
-        Has no effect unless <link
-        linkend="opt.stats_print"><mallctl>opt.stats_print</mallctl></link> is
-        enabled.  The default is <quote></quote>.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="opt.junk">
-        <term>
-          <mallctl>opt.junk</mallctl>
-          (<type>const char *</type>)
-          <literal>r-</literal>
-          [<option>--enable-fill</option>]
-        </term>
-        <listitem><para>Junk filling.  If set to <quote>alloc</quote>, each byte
-        of uninitialized allocated memory will be initialized to
-        <literal>0xa5</literal>.  If set to <quote>free</quote>, all deallocated
-        memory will be initialized to <literal>0x5a</literal>.  If set to
-        <quote>true</quote>, both allocated and deallocated memory will be
-        initialized, and if set to <quote>false</quote>, junk filling be
-        disabled entirely.  This is intended for debugging and will impact
-        performance negatively.  This option is <quote>false</quote> by default
-        unless <option>--enable-debug</option> is specified during
-        configuration, in which case it is <quote>true</quote> by
-        default.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="opt.zero">
-        <term>
-          <mallctl>opt.zero</mallctl>
-          (<type>bool</type>)
-          <literal>r-</literal>
-          [<option>--enable-fill</option>]
-        </term>
-        <listitem><para>Zero filling enabled/disabled.  If enabled, each byte
-        of uninitialized allocated memory will be initialized to 0.  Note that
-        this initialization only happens once for each byte, so
-        <function>realloc()</function> and
-        <function>rallocx()</function> calls do not zero memory that
-        was previously allocated.  This is intended for debugging and will
-        impact performance negatively.  This option is disabled by default.
-        </para></listitem>
-      </varlistentry>
-
-      <varlistentry id="opt.utrace">
-        <term>
-          <mallctl>opt.utrace</mallctl>
-          (<type>bool</type>)
-          <literal>r-</literal>
-          [<option>--enable-utrace</option>]
-        </term>
-        <listitem><para>Allocation tracing based on
-        <citerefentry><refentrytitle>utrace</refentrytitle>
-        <manvolnum>2</manvolnum></citerefentry> enabled/disabled.  This option
-        is disabled by default.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="opt.xmalloc">
-        <term>
-          <mallctl>opt.xmalloc</mallctl>
-          (<type>bool</type>)
-          <literal>r-</literal>
-          [<option>--enable-xmalloc</option>]
-        </term>
-        <listitem><para>Abort-on-out-of-memory enabled/disabled.  If enabled,
-        rather than returning failure for any allocation function, display a
-        diagnostic message on <constant>STDERR_FILENO</constant> and cause the
-        program to drop core (using
-        <citerefentry><refentrytitle>abort</refentrytitle>
-        <manvolnum>3</manvolnum></citerefentry>).  If an application is
-        designed to depend on this behavior, set the option at compile time by
-        including the following in the source code:
-        <programlisting language="C"><![CDATA[
-malloc_conf = "xmalloc:true";]]></programlisting>
-        This option is disabled by default.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="opt.tcache">
-        <term>
-          <mallctl>opt.tcache</mallctl>
-          (<type>bool</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para>Thread-specific caching (tcache) enabled/disabled.  When
-        there are multiple threads, each thread uses a tcache for objects up to
-        a certain size.  Thread-specific caching allows many allocations to be
-        satisfied without performing any thread synchronization, at the cost of
-        increased memory use.  See the <link
-        linkend="opt.lg_tcache_max"><mallctl>opt.lg_tcache_max</mallctl></link>
-        option for related tuning information.  This option is enabled by
-        default.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="opt.lg_tcache_max">
-        <term>
-          <mallctl>opt.lg_tcache_max</mallctl>
-          (<type>size_t</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para>Maximum size class (log base 2) to cache in the
-        thread-specific cache (tcache).  At a minimum, all small size classes
-        are cached, and at a maximum all large size classes are cached.  The
-        default maximum is 32 KiB (2^15).</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="opt.thp">
-        <term>
-          <mallctl>opt.thp</mallctl>
-          (<type>const char *</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para>Transparent hugepage (THP) mode. Settings "always",
-        "never" and "default" are available if THP is supported by the operating
-        system.  The "always" setting enables transparent hugepage for all user
-        memory mappings with
-        <parameter><constant>MADV_HUGEPAGE</constant></parameter>; "never"
-        ensures no transparent hugepage with
-        <parameter><constant>MADV_NOHUGEPAGE</constant></parameter>; the default
-        setting "default" makes no changes.  Note that: this option does not
-        affect THP for jemalloc internal metadata (see <link
-        linkend="opt.metadata_thp"><mallctl>opt.metadata_thp</mallctl></link>);
-        in addition, for arenas with customized <link
-        linkend="arena.i.extent_hooks"><mallctl>extent_hooks</mallctl></link>,
-        this option is bypassed as it is implemented as part of the default
-        extent hooks.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="opt.prof">
-        <term>
-          <mallctl>opt.prof</mallctl>
-          (<type>bool</type>)
-          <literal>r-</literal>
-          [<option>--enable-prof</option>]
-        </term>
-        <listitem><para>Memory profiling enabled/disabled.  If enabled, profile
-        memory allocation activity.  See the <link
-        linkend="opt.prof_active"><mallctl>opt.prof_active</mallctl></link>
-        option for on-the-fly activation/deactivation.  See the <link
-        linkend="opt.lg_prof_sample"><mallctl>opt.lg_prof_sample</mallctl></link>
-        option for probabilistic sampling control.  See the <link
-        linkend="opt.prof_accum"><mallctl>opt.prof_accum</mallctl></link>
-        option for control of cumulative sample reporting.  See the <link
-        linkend="opt.lg_prof_interval"><mallctl>opt.lg_prof_interval</mallctl></link>
-        option for information on interval-triggered profile dumping, the <link
-        linkend="opt.prof_gdump"><mallctl>opt.prof_gdump</mallctl></link>
-        option for information on high-water-triggered profile dumping, and the
-        <link linkend="opt.prof_final"><mallctl>opt.prof_final</mallctl></link>
-        option for final profile dumping.  Profile output is compatible with
-        the <command>jeprof</command> command, which is based on the
-        <command>pprof</command> that is developed as part of the <ulink
-        url="http://code.google.com/p/gperftools/">gperftools
-        package</ulink>.  See <link linkend="heap_profile_format">HEAP PROFILE
-        FORMAT</link> for heap profile format documentation.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="opt.prof_prefix">
-        <term>
-          <mallctl>opt.prof_prefix</mallctl>
-          (<type>const char *</type>)
-          <literal>r-</literal>
-          [<option>--enable-prof</option>]
-        </term>
-        <listitem><para>Filename prefix for profile dumps.  If the prefix is
-        set to the empty string, no automatic dumps will occur; this is
-        primarily useful for disabling the automatic final heap dump (which
-        also disables leak reporting, if enabled).  The default prefix is
-        <filename>jeprof</filename>.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="opt.prof_active">
-        <term>
-          <mallctl>opt.prof_active</mallctl>
-          (<type>bool</type>)
-          <literal>r-</literal>
-          [<option>--enable-prof</option>]
-        </term>
-        <listitem><para>Profiling activated/deactivated.  This is a secondary
-        control mechanism that makes it possible to start the application with
-        profiling enabled (see the <link
-        linkend="opt.prof"><mallctl>opt.prof</mallctl></link> option) but
-        inactive, then toggle profiling at any time during program execution
-        with the <link
-        linkend="prof.active"><mallctl>prof.active</mallctl></link> mallctl.
-        This option is enabled by default.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="opt.prof_thread_active_init">
-        <term>
-          <mallctl>opt.prof_thread_active_init</mallctl>
-          (<type>bool</type>)
-          <literal>r-</literal>
-          [<option>--enable-prof</option>]
-        </term>
-        <listitem><para>Initial setting for <link
-        linkend="thread.prof.active"><mallctl>thread.prof.active</mallctl></link>
-        in newly created threads.  The initial setting for newly created threads
-        can also be changed during execution via the <link
-        linkend="prof.thread_active_init"><mallctl>prof.thread_active_init</mallctl></link>
-        mallctl.  This option is enabled by default.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="opt.lg_prof_sample">
-        <term>
-          <mallctl>opt.lg_prof_sample</mallctl>
-          (<type>size_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-prof</option>]
-        </term>
-        <listitem><para>Average interval (log base 2) between allocation
-        samples, as measured in bytes of allocation activity.  Increasing the
-        sampling interval decreases profile fidelity, but also decreases the
-        computational overhead.  The default sample interval is 512 KiB (2^19
-        B).</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="opt.prof_accum">
-        <term>
-          <mallctl>opt.prof_accum</mallctl>
-          (<type>bool</type>)
-          <literal>r-</literal>
-          [<option>--enable-prof</option>]
-        </term>
-        <listitem><para>Reporting of cumulative object/byte counts in profile
-        dumps enabled/disabled.  If this option is enabled, every unique
-        backtrace must be stored for the duration of execution.  Depending on
-        the application, this can impose a large memory overhead, and the
-        cumulative counts are not always of interest.  This option is disabled
-        by default.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="opt.lg_prof_interval">
-        <term>
-          <mallctl>opt.lg_prof_interval</mallctl>
-          (<type>ssize_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-prof</option>]
-        </term>
-        <listitem><para>Average interval (log base 2) between memory profile
-        dumps, as measured in bytes of allocation activity.  The actual
-        interval between dumps may be sporadic because decentralized allocation
-        counters are used to avoid synchronization bottlenecks.  Profiles are
-        dumped to files named according to the pattern
-        <filename>&lt;prefix&gt;.&lt;pid&gt;.&lt;seq&gt;.i&lt;iseq&gt;.heap</filename>,
-        where <literal>&lt;prefix&gt;</literal> is controlled by the
-        <link
-        linkend="opt.prof_prefix"><mallctl>opt.prof_prefix</mallctl></link>
-        option.  By default, interval-triggered profile dumping is disabled
-        (encoded as -1).
-        </para></listitem>
-      </varlistentry>
-
-      <varlistentry id="opt.prof_gdump">
-        <term>
-          <mallctl>opt.prof_gdump</mallctl>
-          (<type>bool</type>)
-          <literal>r-</literal>
-          [<option>--enable-prof</option>]
-        </term>
-        <listitem><para>Set the initial state of <link
-        linkend="prof.gdump"><mallctl>prof.gdump</mallctl></link>, which when
-        enabled triggers a memory profile dump every time the total virtual
-        memory exceeds the previous maximum.  This option is disabled by
-        default.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="opt.prof_final">
-        <term>
-          <mallctl>opt.prof_final</mallctl>
-          (<type>bool</type>)
-          <literal>r-</literal>
-          [<option>--enable-prof</option>]
-        </term>
-        <listitem><para>Use an
-        <citerefentry><refentrytitle>atexit</refentrytitle>
-        <manvolnum>3</manvolnum></citerefentry> function to dump final memory
-        usage to a file named according to the pattern
-        <filename>&lt;prefix&gt;.&lt;pid&gt;.&lt;seq&gt;.f.heap</filename>,
-        where <literal>&lt;prefix&gt;</literal> is controlled by the <link
-        linkend="opt.prof_prefix"><mallctl>opt.prof_prefix</mallctl></link>
-        option.  Note that <function>atexit()</function> may allocate
-        memory during application initialization and then deadlock internally
-        when jemalloc in turn calls <function>atexit()</function>, so
-        this option is not universally usable (though the application can
-        register its own <function>atexit()</function> function with
-        equivalent functionality).  This option is disabled by
-        default.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="opt.prof_leak">
-        <term>
-          <mallctl>opt.prof_leak</mallctl>
-          (<type>bool</type>)
-          <literal>r-</literal>
-          [<option>--enable-prof</option>]
-        </term>
-        <listitem><para>Leak reporting enabled/disabled.  If enabled, use an
-        <citerefentry><refentrytitle>atexit</refentrytitle>
-        <manvolnum>3</manvolnum></citerefentry> function to report memory leaks
-        detected by allocation sampling.  See the
-        <link linkend="opt.prof"><mallctl>opt.prof</mallctl></link> option for
-        information on analyzing heap profile output.  This option is disabled
-        by default.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="thread.arena">
-        <term>
-          <mallctl>thread.arena</mallctl>
-          (<type>unsigned</type>)
-          <literal>rw</literal>
-        </term>
-        <listitem><para>Get or set the arena associated with the calling
-        thread.  If the specified arena was not initialized beforehand (see the
-        <link
-        linkend="arena.i.initialized"><mallctl>arena.i.initialized</mallctl></link>
-        mallctl), it will be automatically initialized as a side effect of
-        calling this interface.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="thread.allocated">
-        <term>
-          <mallctl>thread.allocated</mallctl>
-          (<type>uint64_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Get the total number of bytes ever allocated by the
-        calling thread.  This counter has the potential to wrap around; it is
-        up to the application to appropriately interpret the counter in such
-        cases.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="thread.allocatedp">
-        <term>
-          <mallctl>thread.allocatedp</mallctl>
-          (<type>uint64_t *</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Get a pointer to the the value that is returned by the
-        <link
-        linkend="thread.allocated"><mallctl>thread.allocated</mallctl></link>
-        mallctl.  This is useful for avoiding the overhead of repeated
-        <function>mallctl*()</function> calls.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="thread.deallocated">
-        <term>
-          <mallctl>thread.deallocated</mallctl>
-          (<type>uint64_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Get the total number of bytes ever deallocated by the
-        calling thread.  This counter has the potential to wrap around; it is
-        up to the application to appropriately interpret the counter in such
-        cases.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="thread.deallocatedp">
-        <term>
-          <mallctl>thread.deallocatedp</mallctl>
-          (<type>uint64_t *</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Get a pointer to the the value that is returned by the
-        <link
-        linkend="thread.deallocated"><mallctl>thread.deallocated</mallctl></link>
-        mallctl.  This is useful for avoiding the overhead of repeated
-        <function>mallctl*()</function> calls.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="thread.tcache.enabled">
-        <term>
-          <mallctl>thread.tcache.enabled</mallctl>
-          (<type>bool</type>)
-          <literal>rw</literal>
-        </term>
-        <listitem><para>Enable/disable calling thread's tcache.  The tcache is
-        implicitly flushed as a side effect of becoming
-        disabled (see <link
-        linkend="thread.tcache.flush"><mallctl>thread.tcache.flush</mallctl></link>).
-        </para></listitem>
-      </varlistentry>
-
-      <varlistentry id="thread.tcache.flush">
-        <term>
-          <mallctl>thread.tcache.flush</mallctl>
-          (<type>void</type>)
-          <literal>--</literal>
-        </term>
-        <listitem><para>Flush calling thread's thread-specific cache (tcache).
-        This interface releases all cached objects and internal data structures
-        associated with the calling thread's tcache.  Ordinarily, this interface
-        need not be called, since automatic periodic incremental garbage
-        collection occurs, and the thread cache is automatically discarded when
-        a thread exits.  However, garbage collection is triggered by allocation
-        activity, so it is possible for a thread that stops
-        allocating/deallocating to retain its cache indefinitely, in which case
-        the developer may find manual flushing useful.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="thread.prof.name">
-        <term>
-          <mallctl>thread.prof.name</mallctl>
-          (<type>const char *</type>)
-          <literal>r-</literal> or
-          <literal>-w</literal>
-          [<option>--enable-prof</option>]
-        </term>
-        <listitem><para>Get/set the descriptive name associated with the calling
-        thread in memory profile dumps.  An internal copy of the name string is
-        created, so the input string need not be maintained after this interface
-        completes execution.  The output string of this interface should be
-        copied for non-ephemeral uses, because multiple implementation details
-        can cause asynchronous string deallocation.  Furthermore, each
-        invocation of this interface can only read or write; simultaneous
-        read/write is not supported due to string lifetime limitations.  The
-        name string must be nil-terminated and comprised only of characters in
-        the sets recognized
-        by <citerefentry><refentrytitle>isgraph</refentrytitle>
-        <manvolnum>3</manvolnum></citerefentry> and
-        <citerefentry><refentrytitle>isblank</refentrytitle>
-        <manvolnum>3</manvolnum></citerefentry>.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="thread.prof.active">
-        <term>
-          <mallctl>thread.prof.active</mallctl>
-          (<type>bool</type>)
-          <literal>rw</literal>
-          [<option>--enable-prof</option>]
-        </term>
-        <listitem><para>Control whether sampling is currently active for the
-        calling thread.  This is an activation mechanism in addition to <link
-        linkend="prof.active"><mallctl>prof.active</mallctl></link>; both must
-        be active for the calling thread to sample.  This flag is enabled by
-        default.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="tcache.create">
-        <term>
-          <mallctl>tcache.create</mallctl>
-          (<type>unsigned</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para>Create an explicit thread-specific cache (tcache) and
-        return an identifier that can be passed to the <link
-        linkend="MALLOCX_TCACHE"><constant>MALLOCX_TCACHE(<parameter>tc</parameter>)</constant></link>
-        macro to explicitly use the specified cache rather than the
-        automatically managed one that is used by default.  Each explicit cache
-        can be used by only one thread at a time; the application must assure
-        that this constraint holds.
-        </para></listitem>
-      </varlistentry>
-
-      <varlistentry id="tcache.flush">
-        <term>
-          <mallctl>tcache.flush</mallctl>
-          (<type>unsigned</type>)
-          <literal>-w</literal>
-        </term>
-        <listitem><para>Flush the specified thread-specific cache (tcache).  The
-        same considerations apply to this interface as to <link
-        linkend="thread.tcache.flush"><mallctl>thread.tcache.flush</mallctl></link>,
-        except that the tcache will never be automatically discarded.
-        </para></listitem>
-      </varlistentry>
-
-      <varlistentry id="tcache.destroy">
-        <term>
-          <mallctl>tcache.destroy</mallctl>
-          (<type>unsigned</type>)
-          <literal>-w</literal>
-        </term>
-        <listitem><para>Flush the specified thread-specific cache (tcache) and
-        make the identifier available for use during a future tcache creation.
-        </para></listitem>
-      </varlistentry>
-
-      <varlistentry id="arena.i.initialized">
-        <term>
-          <mallctl>arena.&lt;i&gt;.initialized</mallctl>
-          (<type>bool</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para>Get whether the specified arena's statistics are
-        initialized (i.e. the arena was initialized prior to the current epoch).
-        This interface can also be nominally used to query whether the merged
-        statistics corresponding to <constant>MALLCTL_ARENAS_ALL</constant> are
-        initialized (always true).</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="arena.i.decay">
-        <term>
-          <mallctl>arena.&lt;i&gt;.decay</mallctl>
-          (<type>void</type>)
-          <literal>--</literal>
-        </term>
-        <listitem><para>Trigger decay-based purging of unused dirty/muzzy pages
-        for arena &lt;i&gt;, or for all arenas if &lt;i&gt; equals
-        <constant>MALLCTL_ARENAS_ALL</constant>.  The proportion of unused
-        dirty/muzzy pages to be purged depends on the current time; see <link
-        linkend="opt.dirty_decay_ms"><mallctl>opt.dirty_decay_ms</mallctl></link>
-        and <link
-        linkend="opt.muzzy_decay_ms"><mallctl>opt.muzy_decay_ms</mallctl></link>
-        for details.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="arena.i.purge">
-        <term>
-          <mallctl>arena.&lt;i&gt;.purge</mallctl>
-          (<type>void</type>)
-          <literal>--</literal>
-        </term>
-        <listitem><para>Purge all unused dirty pages for arena &lt;i&gt;, or for
-        all arenas if &lt;i&gt; equals <constant>MALLCTL_ARENAS_ALL</constant>.
-        </para></listitem>
-      </varlistentry>
-
-      <varlistentry id="arena.i.reset">
-        <term>
-          <mallctl>arena.&lt;i&gt;.reset</mallctl>
-          (<type>void</type>)
-          <literal>--</literal>
-        </term>
-        <listitem><para>Discard all of the arena's extant allocations.  This
-        interface can only be used with arenas explicitly created via <link
-        linkend="arenas.create"><mallctl>arenas.create</mallctl></link>.  None
-        of the arena's discarded/cached allocations may accessed afterward.  As
-        part of this requirement, all thread caches which were used to
-        allocate/deallocate in conjunction with the arena must be flushed
-        beforehand.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="arena.i.destroy">
-        <term>
-          <mallctl>arena.&lt;i&gt;.destroy</mallctl>
-          (<type>void</type>)
-          <literal>--</literal>
-        </term>
-        <listitem><para>Destroy the arena.  Discard all of the arena's extant
-        allocations using the same mechanism as for <link
-        linkend="arena.i.reset"><mallctl>arena.&lt;i&gt;.reset</mallctl></link>
-        (with all the same constraints and side effects), merge the arena stats
-        into those accessible at arena index
-        <constant>MALLCTL_ARENAS_DESTROYED</constant>, and then completely
-        discard all metadata associated with the arena.  Future calls to <link
-        linkend="arenas.create"><mallctl>arenas.create</mallctl></link> may
-        recycle the arena index.  Destruction will fail if any threads are
-        currently associated with the arena as a result of calls to <link
-        linkend="thread.arena"><mallctl>thread.arena</mallctl></link>.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="arena.i.dss">
-        <term>
-          <mallctl>arena.&lt;i&gt;.dss</mallctl>
-          (<type>const char *</type>)
-          <literal>rw</literal>
-        </term>
-        <listitem><para>Set the precedence of dss allocation as related to mmap
-        allocation for arena &lt;i&gt;, or for all arenas if &lt;i&gt; equals
-        <constant>MALLCTL_ARENAS_ALL</constant>.  See <link
-        linkend="opt.dss"><mallctl>opt.dss</mallctl></link> for supported
-        settings.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="arena.i.dirty_decay_ms">
-        <term>
-          <mallctl>arena.&lt;i&gt;.dirty_decay_ms</mallctl>
-          (<type>ssize_t</type>)
-          <literal>rw</literal>
-        </term>
-        <listitem><para>Current per-arena approximate time in milliseconds from
-        the creation of a set of unused dirty pages until an equivalent set of
-        unused dirty pages is purged and/or reused.  Each time this interface is
-        set, all currently unused dirty pages are considered to have fully
-        decayed, which causes immediate purging of all unused dirty pages unless
-        the decay time is set to -1 (i.e. purging disabled).  See <link
-        linkend="opt.dirty_decay_ms"><mallctl>opt.dirty_decay_ms</mallctl></link>
-        for additional information.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="arena.i.muzzy_decay_ms">
-        <term>
-          <mallctl>arena.&lt;i&gt;.muzzy_decay_ms</mallctl>
-          (<type>ssize_t</type>)
-          <literal>rw</literal>
-        </term>
-        <listitem><para>Current per-arena approximate time in milliseconds from
-        the creation of a set of unused muzzy pages until an equivalent set of
-        unused muzzy pages is purged and/or reused.  Each time this interface is
-        set, all currently unused muzzy pages are considered to have fully
-        decayed, which causes immediate purging of all unused muzzy pages unless
-        the decay time is set to -1 (i.e. purging disabled).  See <link
-        linkend="opt.muzzy_decay_ms"><mallctl>opt.muzzy_decay_ms</mallctl></link>
-        for additional information.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="arena.i.retain_grow_limit">
-        <term>
-          <mallctl>arena.&lt;i&gt;.retain_grow_limit</mallctl>
-          (<type>size_t</type>)
-          <literal>rw</literal>
-        </term>
-        <listitem><para>Maximum size to grow retained region (only relevant when
-        <link linkend="opt.retain"><mallctl>opt.retain</mallctl></link> is
-        enabled).  This controls the maximum increment to expand virtual memory,
-        or allocation through <link
-        linkend="arena.i.extent_hooks"><mallctl>arena.&lt;i&gt;extent_hooks</mallctl></link>.
-        In particular, if customized extent hooks reserve physical memory
-        (e.g. 1G huge pages), this is useful to control the allocation hook's
-        input size.  The default is no limit.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="arena.i.extent_hooks">
-        <term>
-          <mallctl>arena.&lt;i&gt;.extent_hooks</mallctl>
-          (<type>extent_hooks_t *</type>)
-          <literal>rw</literal>
-        </term>
-        <listitem><para>Get or set the extent management hook functions for
-        arena &lt;i&gt;.  The functions must be capable of operating on all
-        extant extents associated with arena &lt;i&gt;, usually by passing
-        unknown extents to the replaced functions.  In practice, it is feasible
-        to control allocation for arenas explicitly created via <link
-        linkend="arenas.create"><mallctl>arenas.create</mallctl></link> such
-        that all extents originate from an application-supplied extent allocator
-        (by specifying the custom extent hook functions during arena creation).
-        However, the API guarantees for the automatically created arenas may be
-        relaxed -- hooks set there may be called in a "best effort" fashion; in
-        addition there may be extents created prior to the application having an
-        opportunity to take over extent allocation.</para>
-
-        <programlisting language="C"><![CDATA[
-typedef extent_hooks_s extent_hooks_t;
-struct extent_hooks_s {
-	extent_alloc_t		*alloc;
-	extent_dalloc_t		*dalloc;
-	extent_destroy_t	*destroy;
-	extent_commit_t		*commit;
-	extent_decommit_t	*decommit;
-	extent_purge_t		*purge_lazy;
-	extent_purge_t		*purge_forced;
-	extent_split_t		*split;
-	extent_merge_t		*merge;
-};]]></programlisting>
-        <para>The <type>extent_hooks_t</type> structure comprises function
-        pointers which are described individually below.  jemalloc uses these
-        functions to manage extent lifetime, which starts off with allocation of
-        mapped committed memory, in the simplest case followed by deallocation.
-        However, there are performance and platform reasons to retain extents
-        for later reuse.  Cleanup attempts cascade from deallocation to decommit
-        to forced purging to lazy purging, which gives the extent management
-        functions opportunities to reject the most permanent cleanup operations
-        in favor of less permanent (and often less costly) operations.  All
-        operations except allocation can be universally opted out of by setting
-        the hook pointers to <constant>NULL</constant>, or selectively opted out
-        of by returning failure.  Note that once the extent hook is set, the
-        structure is accessed directly by the associated arenas, so it must
-        remain valid for the entire lifetime of the arenas.</para>
-
-        <funcsynopsis><funcprototype>
-          <funcdef>typedef void *<function>(extent_alloc_t)</function></funcdef>
-          <paramdef>extent_hooks_t *<parameter>extent_hooks</parameter></paramdef>
-          <paramdef>void *<parameter>new_addr</parameter></paramdef>
-          <paramdef>size_t <parameter>size</parameter></paramdef>
-          <paramdef>size_t <parameter>alignment</parameter></paramdef>
-          <paramdef>bool *<parameter>zero</parameter></paramdef>
-          <paramdef>bool *<parameter>commit</parameter></paramdef>
-          <paramdef>unsigned <parameter>arena_ind</parameter></paramdef>
-        </funcprototype></funcsynopsis>
-        <literallayout></literallayout>
-        <para>An extent allocation function conforms to the
-        <type>extent_alloc_t</type> type and upon success returns a pointer to
-        <parameter>size</parameter> bytes of mapped memory on behalf of arena
-        <parameter>arena_ind</parameter> such that the extent's base address is
-        a multiple of <parameter>alignment</parameter>, as well as setting
-        <parameter>*zero</parameter> to indicate whether the extent is zeroed
-        and <parameter>*commit</parameter> to indicate whether the extent is
-        committed.  Upon error the function returns <constant>NULL</constant>
-        and leaves <parameter>*zero</parameter> and
-        <parameter>*commit</parameter> unmodified.  The
-        <parameter>size</parameter> parameter is always a multiple of the page
-        size.  The <parameter>alignment</parameter> parameter is always a power
-        of two at least as large as the page size.  Zeroing is mandatory if
-        <parameter>*zero</parameter> is true upon function entry.  Committing is
-        mandatory if <parameter>*commit</parameter> is true upon function entry.
-        If <parameter>new_addr</parameter> is not <constant>NULL</constant>, the
-        returned pointer must be <parameter>new_addr</parameter> on success or
-        <constant>NULL</constant> on error.  Committed memory may be committed
-        in absolute terms as on a system that does not overcommit, or in
-        implicit terms as on a system that overcommits and satisfies physical
-        memory needs on demand via soft page faults.  Note that replacing the
-        default extent allocation function makes the arena's <link
-        linkend="arena.i.dss"><mallctl>arena.&lt;i&gt;.dss</mallctl></link>
-        setting irrelevant.</para>
-
-        <funcsynopsis><funcprototype>
-          <funcdef>typedef bool <function>(extent_dalloc_t)</function></funcdef>
-          <paramdef>extent_hooks_t *<parameter>extent_hooks</parameter></paramdef>
-          <paramdef>void *<parameter>addr</parameter></paramdef>
-          <paramdef>size_t <parameter>size</parameter></paramdef>
-          <paramdef>bool <parameter>committed</parameter></paramdef>
-          <paramdef>unsigned <parameter>arena_ind</parameter></paramdef>
-        </funcprototype></funcsynopsis>
-        <literallayout></literallayout>
-        <para>
-        An extent deallocation function conforms to the
-        <type>extent_dalloc_t</type> type and deallocates an extent at given
-        <parameter>addr</parameter> and <parameter>size</parameter> with
-        <parameter>committed</parameter>/decommited memory as indicated, on
-        behalf of arena <parameter>arena_ind</parameter>, returning false upon
-        success.  If the function returns true, this indicates opt-out from
-        deallocation; the virtual memory mapping associated with the extent
-        remains mapped, in the same commit state, and available for future use,
-        in which case it will be automatically retained for later reuse.</para>
-
-        <funcsynopsis><funcprototype>
-          <funcdef>typedef void <function>(extent_destroy_t)</function></funcdef>
-          <paramdef>extent_hooks_t *<parameter>extent_hooks</parameter></paramdef>
-          <paramdef>void *<parameter>addr</parameter></paramdef>
-          <paramdef>size_t <parameter>size</parameter></paramdef>
-          <paramdef>bool <parameter>committed</parameter></paramdef>
-          <paramdef>unsigned <parameter>arena_ind</parameter></paramdef>
-        </funcprototype></funcsynopsis>
-        <literallayout></literallayout>
-        <para>
-        An extent destruction function conforms to the
-        <type>extent_destroy_t</type> type and unconditionally destroys an
-        extent at given <parameter>addr</parameter> and
-        <parameter>size</parameter> with
-        <parameter>committed</parameter>/decommited memory as indicated, on
-        behalf of arena <parameter>arena_ind</parameter>.  This function may be
-        called to destroy retained extents during arena destruction (see <link
-        linkend="arena.i.destroy"><mallctl>arena.&lt;i&gt;.destroy</mallctl></link>).</para>
-
-        <funcsynopsis><funcprototype>
-          <funcdef>typedef bool <function>(extent_commit_t)</function></funcdef>
-          <paramdef>extent_hooks_t *<parameter>extent_hooks</parameter></paramdef>
-          <paramdef>void *<parameter>addr</parameter></paramdef>
-          <paramdef>size_t <parameter>size</parameter></paramdef>
-          <paramdef>size_t <parameter>offset</parameter></paramdef>
-          <paramdef>size_t <parameter>length</parameter></paramdef>
-          <paramdef>unsigned <parameter>arena_ind</parameter></paramdef>
-        </funcprototype></funcsynopsis>
-        <literallayout></literallayout>
-        <para>An extent commit function conforms to the
-        <type>extent_commit_t</type> type and commits zeroed physical memory to
-        back pages within an extent at given <parameter>addr</parameter> and
-        <parameter>size</parameter> at <parameter>offset</parameter> bytes,
-        extending for <parameter>length</parameter> on behalf of arena
-        <parameter>arena_ind</parameter>, returning false upon success.
-        Committed memory may be committed in absolute terms as on a system that
-        does not overcommit, or in implicit terms as on a system that
-        overcommits and satisfies physical memory needs on demand via soft page
-        faults. If the function returns true, this indicates insufficient
-        physical memory to satisfy the request.</para>
-
-        <funcsynopsis><funcprototype>
-          <funcdef>typedef bool <function>(extent_decommit_t)</function></funcdef>
-          <paramdef>extent_hooks_t *<parameter>extent_hooks</parameter></paramdef>
-          <paramdef>void *<parameter>addr</parameter></paramdef>
-          <paramdef>size_t <parameter>size</parameter></paramdef>
-          <paramdef>size_t <parameter>offset</parameter></paramdef>
-          <paramdef>size_t <parameter>length</parameter></paramdef>
-          <paramdef>unsigned <parameter>arena_ind</parameter></paramdef>
-        </funcprototype></funcsynopsis>
-        <literallayout></literallayout>
-        <para>An extent decommit function conforms to the
-        <type>extent_decommit_t</type> type and decommits any physical memory
-        that is backing pages within an extent at given
-        <parameter>addr</parameter> and <parameter>size</parameter> at
-        <parameter>offset</parameter> bytes, extending for
-        <parameter>length</parameter> on behalf of arena
-        <parameter>arena_ind</parameter>, returning false upon success, in which
-        case the pages will be committed via the extent commit function before
-        being reused.  If the function returns true, this indicates opt-out from
-        decommit; the memory remains committed and available for future use, in
-        which case it will be automatically retained for later reuse.</para>
-
-        <funcsynopsis><funcprototype>
-          <funcdef>typedef bool <function>(extent_purge_t)</function></funcdef>
-          <paramdef>extent_hooks_t *<parameter>extent_hooks</parameter></paramdef>
-          <paramdef>void *<parameter>addr</parameter></paramdef>
-          <paramdef>size_t <parameter>size</parameter></paramdef>
-          <paramdef>size_t <parameter>offset</parameter></paramdef>
-          <paramdef>size_t <parameter>length</parameter></paramdef>
-          <paramdef>unsigned <parameter>arena_ind</parameter></paramdef>
-        </funcprototype></funcsynopsis>
-        <literallayout></literallayout>
-        <para>An extent purge function conforms to the
-        <type>extent_purge_t</type> type and discards physical pages
-        within the virtual memory mapping associated with an extent at given
-        <parameter>addr</parameter> and <parameter>size</parameter> at
-        <parameter>offset</parameter> bytes, extending for
-        <parameter>length</parameter> on behalf of arena
-        <parameter>arena_ind</parameter>.  A lazy extent purge function (e.g.
-        implemented via
-        <function>madvise(<parameter>...</parameter><parameter><constant>MADV_FREE</constant></parameter>)</function>)
-        can delay purging indefinitely and leave the pages within the purged
-        virtual memory range in an indeterminite state, whereas a forced extent
-        purge function immediately purges, and the pages within the virtual
-        memory range will be zero-filled the next time they are accessed.  If
-        the function returns true, this indicates failure to purge.</para>
-
-        <funcsynopsis><funcprototype>
-          <funcdef>typedef bool <function>(extent_split_t)</function></funcdef>
-          <paramdef>extent_hooks_t *<parameter>extent_hooks</parameter></paramdef>
-          <paramdef>void *<parameter>addr</parameter></paramdef>
-          <paramdef>size_t <parameter>size</parameter></paramdef>
-          <paramdef>size_t <parameter>size_a</parameter></paramdef>
-          <paramdef>size_t <parameter>size_b</parameter></paramdef>
-          <paramdef>bool <parameter>committed</parameter></paramdef>
-          <paramdef>unsigned <parameter>arena_ind</parameter></paramdef>
-        </funcprototype></funcsynopsis>
-        <literallayout></literallayout>
-        <para>An extent split function conforms to the
-        <type>extent_split_t</type> type and optionally splits an extent at
-        given <parameter>addr</parameter> and <parameter>size</parameter> into
-        two adjacent extents, the first of <parameter>size_a</parameter> bytes,
-        and the second of <parameter>size_b</parameter> bytes, operating on
-        <parameter>committed</parameter>/decommitted memory as indicated, on
-        behalf of arena <parameter>arena_ind</parameter>, returning false upon
-        success.  If the function returns true, this indicates that the extent
-        remains unsplit and therefore should continue to be operated on as a
-        whole.</para>
-
-        <funcsynopsis><funcprototype>
-          <funcdef>typedef bool <function>(extent_merge_t)</function></funcdef>
-          <paramdef>extent_hooks_t *<parameter>extent_hooks</parameter></paramdef>
-          <paramdef>void *<parameter>addr_a</parameter></paramdef>
-          <paramdef>size_t <parameter>size_a</parameter></paramdef>
-          <paramdef>void *<parameter>addr_b</parameter></paramdef>
-          <paramdef>size_t <parameter>size_b</parameter></paramdef>
-          <paramdef>bool <parameter>committed</parameter></paramdef>
-          <paramdef>unsigned <parameter>arena_ind</parameter></paramdef>
-        </funcprototype></funcsynopsis>
-        <literallayout></literallayout>
-        <para>An extent merge function conforms to the
-        <type>extent_merge_t</type> type and optionally merges adjacent extents,
-        at given <parameter>addr_a</parameter> and <parameter>size_a</parameter>
-        with given <parameter>addr_b</parameter> and
-        <parameter>size_b</parameter> into one contiguous extent, operating on
-        <parameter>committed</parameter>/decommitted memory as indicated, on
-        behalf of arena <parameter>arena_ind</parameter>, returning false upon
-        success.  If the function returns true, this indicates that the extents
-        remain distinct mappings and therefore should continue to be operated on
-        independently.</para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry id="arenas.narenas">
-        <term>
-          <mallctl>arenas.narenas</mallctl>
-          (<type>unsigned</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para>Current limit on number of arenas.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="arenas.dirty_decay_ms">
-        <term>
-          <mallctl>arenas.dirty_decay_ms</mallctl>
-          (<type>ssize_t</type>)
-          <literal>rw</literal>
-        </term>
-        <listitem><para>Current default per-arena approximate time in
-        milliseconds from the creation of a set of unused dirty pages until an
-        equivalent set of unused dirty pages is purged and/or reused, used to
-        initialize <link
-        linkend="arena.i.dirty_decay_ms"><mallctl>arena.&lt;i&gt;.dirty_decay_ms</mallctl></link>
-        during arena creation.  See <link
-        linkend="opt.dirty_decay_ms"><mallctl>opt.dirty_decay_ms</mallctl></link>
-        for additional information.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="arenas.muzzy_decay_ms">
-        <term>
-          <mallctl>arenas.muzzy_decay_ms</mallctl>
-          (<type>ssize_t</type>)
-          <literal>rw</literal>
-        </term>
-        <listitem><para>Current default per-arena approximate time in
-        milliseconds from the creation of a set of unused muzzy pages until an
-        equivalent set of unused muzzy pages is purged and/or reused, used to
-        initialize <link
-        linkend="arena.i.muzzy_decay_ms"><mallctl>arena.&lt;i&gt;.muzzy_decay_ms</mallctl></link>
-        during arena creation.  See <link
-        linkend="opt.muzzy_decay_ms"><mallctl>opt.muzzy_decay_ms</mallctl></link>
-        for additional information.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="arenas.quantum">
-        <term>
-          <mallctl>arenas.quantum</mallctl>
-          (<type>size_t</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para>Quantum size.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="arenas.page">
-        <term>
-          <mallctl>arenas.page</mallctl>
-          (<type>size_t</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para>Page size.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="arenas.tcache_max">
-        <term>
-          <mallctl>arenas.tcache_max</mallctl>
-          (<type>size_t</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para>Maximum thread-cached size class.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="arenas.nbins">
-        <term>
-          <mallctl>arenas.nbins</mallctl>
-          (<type>unsigned</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para>Number of bin size classes.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="arenas.nhbins">
-        <term>
-          <mallctl>arenas.nhbins</mallctl>
-          (<type>unsigned</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para>Total number of thread cache bin size
-        classes.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="arenas.bin.i.size">
-        <term>
-          <mallctl>arenas.bin.&lt;i&gt;.size</mallctl>
-          (<type>size_t</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para>Maximum size supported by size class.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="arenas.bin.i.nregs">
-        <term>
-          <mallctl>arenas.bin.&lt;i&gt;.nregs</mallctl>
-          (<type>uint32_t</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para>Number of regions per slab.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="arenas.bin.i.slab_size">
-        <term>
-          <mallctl>arenas.bin.&lt;i&gt;.slab_size</mallctl>
-          (<type>size_t</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para>Number of bytes per slab.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="arenas.nlextents">
-        <term>
-          <mallctl>arenas.nlextents</mallctl>
-          (<type>unsigned</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para>Total number of large size classes.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="arenas.lextent.i.size">
-        <term>
-          <mallctl>arenas.lextent.&lt;i&gt;.size</mallctl>
-          (<type>size_t</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para>Maximum size supported by this large size
-        class.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="arenas.create">
-        <term>
-          <mallctl>arenas.create</mallctl>
-          (<type>unsigned</type>, <type>extent_hooks_t *</type>)
-          <literal>rw</literal>
-        </term>
-        <listitem><para>Explicitly create a new arena outside the range of
-        automatically managed arenas, with optionally specified extent hooks,
-        and return the new arena index.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="arenas.lookup">
-        <term>
-          <mallctl>arenas.lookup</mallctl>
-          (<type>unsigned</type>, <type>void*</type>)
-          <literal>rw</literal>
-        </term>
-        <listitem><para>Index of the arena to which an allocation belongs to.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="prof.thread_active_init">
-        <term>
-          <mallctl>prof.thread_active_init</mallctl>
-          (<type>bool</type>)
-          <literal>rw</literal>
-          [<option>--enable-prof</option>]
-        </term>
-        <listitem><para>Control the initial setting for <link
-        linkend="thread.prof.active"><mallctl>thread.prof.active</mallctl></link>
-        in newly created threads.  See the <link
-        linkend="opt.prof_thread_active_init"><mallctl>opt.prof_thread_active_init</mallctl></link>
-        option for additional information.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="prof.active">
-        <term>
-          <mallctl>prof.active</mallctl>
-          (<type>bool</type>)
-          <literal>rw</literal>
-          [<option>--enable-prof</option>]
-        </term>
-        <listitem><para>Control whether sampling is currently active.  See the
-        <link
-        linkend="opt.prof_active"><mallctl>opt.prof_active</mallctl></link>
-        option for additional information, as well as the interrelated <link
-        linkend="thread.prof.active"><mallctl>thread.prof.active</mallctl></link>
-        mallctl.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="prof.dump">
-        <term>
-          <mallctl>prof.dump</mallctl>
-          (<type>const char *</type>)
-          <literal>-w</literal>
-          [<option>--enable-prof</option>]
-        </term>
-        <listitem><para>Dump a memory profile to the specified file, or if NULL
-        is specified, to a file according to the pattern
-        <filename>&lt;prefix&gt;.&lt;pid&gt;.&lt;seq&gt;.m&lt;mseq&gt;.heap</filename>,
-        where <literal>&lt;prefix&gt;</literal> is controlled by the
-        <link
-        linkend="opt.prof_prefix"><mallctl>opt.prof_prefix</mallctl></link>
-        option.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="prof.gdump">
-        <term>
-          <mallctl>prof.gdump</mallctl>
-          (<type>bool</type>)
-          <literal>rw</literal>
-          [<option>--enable-prof</option>]
-        </term>
-        <listitem><para>When enabled, trigger a memory profile dump every time
-        the total virtual memory exceeds the previous maximum.  Profiles are
-        dumped to files named according to the pattern
-        <filename>&lt;prefix&gt;.&lt;pid&gt;.&lt;seq&gt;.u&lt;useq&gt;.heap</filename>,
-        where <literal>&lt;prefix&gt;</literal> is controlled by the <link
-        linkend="opt.prof_prefix"><mallctl>opt.prof_prefix</mallctl></link>
-        option.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="prof.reset">
-        <term>
-          <mallctl>prof.reset</mallctl>
-          (<type>size_t</type>)
-          <literal>-w</literal>
-          [<option>--enable-prof</option>]
-        </term>
-        <listitem><para>Reset all memory profile statistics, and optionally
-        update the sample rate (see <link
-        linkend="opt.lg_prof_sample"><mallctl>opt.lg_prof_sample</mallctl></link>
-        and <link
-        linkend="prof.lg_sample"><mallctl>prof.lg_sample</mallctl></link>).
-        </para></listitem>
-      </varlistentry>
-
-      <varlistentry id="prof.lg_sample">
-        <term>
-          <mallctl>prof.lg_sample</mallctl>
-          (<type>size_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-prof</option>]
-        </term>
-        <listitem><para>Get the current sample rate (see <link
-        linkend="opt.lg_prof_sample"><mallctl>opt.lg_prof_sample</mallctl></link>).
-        </para></listitem>
-      </varlistentry>
-
-      <varlistentry id="prof.interval">
-        <term>
-          <mallctl>prof.interval</mallctl>
-          (<type>uint64_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-prof</option>]
-        </term>
-        <listitem><para>Average number of bytes allocated between
-        interval-based profile dumps.  See the
-        <link
-        linkend="opt.lg_prof_interval"><mallctl>opt.lg_prof_interval</mallctl></link>
-        option for additional information.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.allocated">
-        <term>
-          <mallctl>stats.allocated</mallctl>
-          (<type>size_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Total number of bytes allocated by the
-        application.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.active">
-        <term>
-          <mallctl>stats.active</mallctl>
-          (<type>size_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Total number of bytes in active pages allocated by the
-        application.  This is a multiple of the page size, and greater than or
-        equal to <link
-        linkend="stats.allocated"><mallctl>stats.allocated</mallctl></link>.
-        This does not include <link linkend="stats.arenas.i.pdirty">
-        <mallctl>stats.arenas.&lt;i&gt;.pdirty</mallctl></link>,
-        <link linkend="stats.arenas.i.pmuzzy">
-        <mallctl>stats.arenas.&lt;i&gt;.pmuzzy</mallctl></link>, nor pages
-        entirely devoted to allocator metadata.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.metadata">
-        <term>
-          <mallctl>stats.metadata</mallctl>
-          (<type>size_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Total number of bytes dedicated to metadata, which
-        comprise base allocations used for bootstrap-sensitive allocator
-        metadata structures (see <link
-        linkend="stats.arenas.i.base"><mallctl>stats.arenas.&lt;i&gt;.base</mallctl></link>)
-        and internal allocations (see <link
-        linkend="stats.arenas.i.internal"><mallctl>stats.arenas.&lt;i&gt;.internal</mallctl></link>).
-        Transparent huge page (enabled with <link
-        linkend="opt.metadata_thp">opt.metadata_thp</link>) usage is not
-        considered.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.metadata_thp">
-        <term>
-          <mallctl>stats.metadata_thp</mallctl>
-          (<type>size_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Number of transparent huge pages (THP) used for
-        metadata.  See <link
-        linkend="stats.metadata"><mallctl>stats.metadata</mallctl></link> and
-        <link linkend="opt.metadata_thp">opt.metadata_thp</link>) for
-        details.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.resident">
-        <term>
-          <mallctl>stats.resident</mallctl>
-          (<type>size_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Maximum number of bytes in physically resident data
-        pages mapped by the allocator, comprising all pages dedicated to
-        allocator metadata, pages backing active allocations, and unused dirty
-        pages.  This is a maximum rather than precise because pages may not
-        actually be physically resident if they correspond to demand-zeroed
-        virtual memory that has not yet been touched.  This is a multiple of the
-        page size, and is larger than <link
-        linkend="stats.active"><mallctl>stats.active</mallctl></link>.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.mapped">
-        <term>
-          <mallctl>stats.mapped</mallctl>
-          (<type>size_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Total number of bytes in active extents mapped by the
-        allocator.  This is larger than <link
-        linkend="stats.active"><mallctl>stats.active</mallctl></link>.  This
-        does not include inactive extents, even those that contain unused dirty
-        pages, which means that there is no strict ordering between this and
-        <link
-        linkend="stats.resident"><mallctl>stats.resident</mallctl></link>.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.retained">
-        <term>
-          <mallctl>stats.retained</mallctl>
-          (<type>size_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Total number of bytes in virtual memory mappings that
-        were retained rather than being returned to the operating system via
-        e.g. <citerefentry><refentrytitle>munmap</refentrytitle>
-        <manvolnum>2</manvolnum></citerefentry> or similar.  Retained virtual
-        memory is typically untouched, decommitted, or purged, so it has no
-        strongly associated physical memory (see <link
-        linkend="arena.i.extent_hooks">extent hooks</link> for details).
-        Retained memory is excluded from mapped memory statistics, e.g. <link
-        linkend="stats.mapped"><mallctl>stats.mapped</mallctl></link>.
-        </para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.background_thread.num_threads">
-        <term>
-          <mallctl>stats.background_thread.num_threads</mallctl>
-          (<type>size_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para> Number of <link linkend="background_thread">background
-        threads</link> running currently.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.background_thread.num_runs">
-        <term>
-          <mallctl>stats.background_thread.num_runs</mallctl>
-          (<type>uint64_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para> Total number of runs from all <link
-        linkend="background_thread">background threads</link>.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.background_thread.run_interval">
-        <term>
-          <mallctl>stats.background_thread.run_interval</mallctl>
-          (<type>uint64_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para> Average run interval in nanoseconds of <link
-        linkend="background_thread">background threads</link>.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.mutexes.ctl">
-        <term>
-          <mallctl>stats.mutexes.ctl.{counter};</mallctl>
-          (<type>counter specific type</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Statistics on <varname>ctl</varname> mutex (global
-        scope; mallctl related).  <mallctl>{counter}</mallctl> is one of the
-        counters below:</para>
-        <varlistentry id="mutex_counters">
-          <listitem><para><varname>num_ops</varname> (<type>uint64_t</type>):
-          Total number of lock acquisition operations on this mutex.</para>
-
-	  <para><varname>num_spin_acq</varname> (<type>uint64_t</type>): Number
-	  of times the mutex was spin-acquired.  When the mutex is currently
-	  locked and cannot be acquired immediately, a short period of
-	  spin-retry within jemalloc will be performed.  Acquired through spin
-	  generally means the contention was lightweight and not causing context
-	  switches.</para>
-
-	  <para><varname>num_wait</varname> (<type>uint64_t</type>): Number of
-	  times the mutex was wait-acquired, which means the mutex contention
-	  was not solved by spin-retry, and blocking operation was likely
-	  involved in order to acquire the mutex.  This event generally implies
-	  higher cost / longer delay, and should be investigated if it happens
-	  often.</para>
-
-	  <para><varname>max_wait_time</varname> (<type>uint64_t</type>):
-	  Maximum length of time in nanoseconds spent on a single wait-acquired
-	  lock operation.  Note that to avoid profiling overhead on the common
-	  path, this does not consider spin-acquired cases.</para>
-
-	  <para><varname>total_wait_time</varname> (<type>uint64_t</type>):
-	  Cumulative time in nanoseconds spent on wait-acquired lock operations.
-	  Similarly, spin-acquired cases are not considered.</para>
-
-	  <para><varname>max_num_thds</varname> (<type>uint32_t</type>): Maximum
-	  number of threads waiting on this mutex simultaneously.  Similarly,
-	  spin-acquired cases are not considered.</para>
-
-	  <para><varname>num_owner_switch</varname> (<type>uint64_t</type>):
-	  Number of times the current mutex owner is different from the previous
-	  one.  This event does not generally imply an issue; rather it is an
-	  indicator of how often the protected data are accessed by different
-	  threads.
-	  </para>
-	  </listitem>
-	</varlistentry>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.mutexes.background_thread">
-        <term>
-          <mallctl>stats.mutexes.background_thread.{counter}</mallctl>
-	  (<type>counter specific type</type>) <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Statistics on <varname>background_thread</varname> mutex
-        (global scope; <link
-        linkend="background_thread"><mallctl>background_thread</mallctl></link>
-        related).  <mallctl>{counter}</mallctl> is one of the counters in <link
-        linkend="mutex_counters">mutex profiling
-        counters</link>.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.mutexes.prof">
-        <term>
-          <mallctl>stats.mutexes.prof.{counter}</mallctl>
-	  (<type>counter specific type</type>) <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Statistics on <varname>prof</varname> mutex (global
-        scope; profiling related).  <mallctl>{counter}</mallctl> is one of the
-        counters in <link linkend="mutex_counters">mutex profiling
-        counters</link>.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.mutexes.reset">
-        <term>
-          <mallctl>stats.mutexes.reset</mallctl>
-	  (<type>void</type>) <literal>--</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Reset all mutex profile statistics, including global
-        mutexes, arena mutexes and bin mutexes.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.dss">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.dss</mallctl>
-          (<type>const char *</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para>dss (<citerefentry><refentrytitle>sbrk</refentrytitle>
-        <manvolnum>2</manvolnum></citerefentry>) allocation precedence as
-        related to <citerefentry><refentrytitle>mmap</refentrytitle>
-        <manvolnum>2</manvolnum></citerefentry> allocation.  See <link
-        linkend="opt.dss"><mallctl>opt.dss</mallctl></link> for details.
-        </para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.dirty_decay_ms">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.dirty_decay_ms</mallctl>
-          (<type>ssize_t</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para>Approximate time in milliseconds from the creation of a
-        set of unused dirty pages until an equivalent set of unused dirty pages
-        is purged and/or reused.  See <link
-        linkend="opt.dirty_decay_ms"><mallctl>opt.dirty_decay_ms</mallctl></link>
-        for details.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.muzzy_decay_ms">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.muzzy_decay_ms</mallctl>
-          (<type>ssize_t</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para>Approximate time in milliseconds from the creation of a
-        set of unused muzzy pages until an equivalent set of unused muzzy pages
-        is purged and/or reused.  See <link
-        linkend="opt.muzzy_decay_ms"><mallctl>opt.muzzy_decay_ms</mallctl></link>
-        for details.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.nthreads">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.nthreads</mallctl>
-          (<type>unsigned</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para>Number of threads currently assigned to
-        arena.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.uptime">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.uptime</mallctl>
-          (<type>uint64_t</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para>Time elapsed (in nanoseconds) since the arena was
-        created.  If &lt;i&gt; equals <constant>0</constant> or
-        <constant>MALLCTL_ARENAS_ALL</constant>, this is the uptime since malloc
-        initialization.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.pactive">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.pactive</mallctl>
-          (<type>size_t</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para>Number of pages in active extents.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.pdirty">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.pdirty</mallctl>
-          (<type>size_t</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para>Number of pages within unused extents that are
-        potentially dirty, and for which <function>madvise()</function> or
-        similar has not been called.  See <link
-        linkend="opt.dirty_decay_ms"><mallctl>opt.dirty_decay_ms</mallctl></link>
-        for a description of dirty pages.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.pmuzzy">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.pmuzzy</mallctl>
-          (<type>size_t</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para>Number of pages within unused extents that are muzzy.
-        See <link
-        linkend="opt.muzzy_decay_ms"><mallctl>opt.muzzy_decay_ms</mallctl></link>
-        for a description of muzzy pages.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.mapped">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.mapped</mallctl>
-          (<type>size_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Number of mapped bytes.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.retained">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.retained</mallctl>
-          (<type>size_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Number of retained bytes.  See <link
-        linkend="stats.retained"><mallctl>stats.retained</mallctl></link> for
-        details.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.extent_avail">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.extent_avail</mallctl>
-          (<type>size_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Number of allocated (but unused) extent structs in this
-	arena.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.base">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.base</mallctl>
-          (<type>size_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>
-        Number of bytes dedicated to bootstrap-sensitive allocator metadata
-        structures.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.internal">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.internal</mallctl>
-          (<type>size_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Number of bytes dedicated to internal allocations.
-        Internal allocations differ from application-originated allocations in
-        that they are for internal use, and that they are omitted from heap
-        profiles.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.metadata_thp">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.metadata_thp</mallctl>
-          (<type>size_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Number of transparent huge pages (THP) used for
-        metadata.  See <link linkend="opt.metadata_thp">opt.metadata_thp</link>
-        for details.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.resident">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.resident</mallctl>
-          (<type>size_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Maximum number of bytes in physically resident data
-        pages mapped by the arena, comprising all pages dedicated to allocator
-        metadata, pages backing active allocations, and unused dirty pages.
-        This is a maximum rather than precise because pages may not actually be
-        physically resident if they correspond to demand-zeroed virtual memory
-        that has not yet been touched.  This is a multiple of the page
-        size.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.dirty_npurge">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.dirty_npurge</mallctl>
-          (<type>uint64_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Number of dirty page purge sweeps performed.
-        </para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.dirty_nmadvise">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.dirty_nmadvise</mallctl>
-          (<type>uint64_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Number of <function>madvise()</function> or similar
-        calls made to purge dirty pages.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.dirty_purged">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.dirty_purged</mallctl>
-          (<type>uint64_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Number of dirty pages purged.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.muzzy_npurge">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.muzzy_npurge</mallctl>
-          (<type>uint64_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Number of muzzy page purge sweeps performed.
-        </para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.muzzy_nmadvise">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.muzzy_nmadvise</mallctl>
-          (<type>uint64_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Number of <function>madvise()</function> or similar
-        calls made to purge muzzy pages.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.muzzy_purged">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.muzzy_purged</mallctl>
-          (<type>uint64_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Number of muzzy pages purged.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.small.allocated">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.small.allocated</mallctl>
-          (<type>size_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Number of bytes currently allocated by small objects.
-        </para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.small.nmalloc">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.small.nmalloc</mallctl>
-          (<type>uint64_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Cumulative number of times a small allocation was
-        requested from the arena's bins, whether to fill the relevant tcache if
-        <link linkend="opt.tcache"><mallctl>opt.tcache</mallctl></link> is
-        enabled, or to directly satisfy an allocation request
-        otherwise.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.small.ndalloc">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.small.ndalloc</mallctl>
-          (<type>uint64_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Cumulative number of times a small allocation was
-        returned to the arena's bins, whether to flush the relevant tcache if
-        <link linkend="opt.tcache"><mallctl>opt.tcache</mallctl></link> is
-        enabled, or to directly deallocate an allocation
-        otherwise.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.small.nrequests">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.small.nrequests</mallctl>
-          (<type>uint64_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Cumulative number of allocation requests satisfied by
-        all bin size classes.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.small.nfills">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.small.nfills</mallctl>
-          (<type>uint64_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Cumulative number of tcache fills by all small size
-	classes.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.small.nflushes">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.small.nflushes</mallctl>
-          (<type>uint64_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Cumulative number of tcache flushes by all small size
-        classes.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.large.allocated">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.large.allocated</mallctl>
-          (<type>size_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Number of bytes currently allocated by large objects.
-        </para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.large.nmalloc">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.large.nmalloc</mallctl>
-          (<type>uint64_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Cumulative number of times a large extent was allocated
-        from the arena, whether to fill the relevant tcache if <link
-        linkend="opt.tcache"><mallctl>opt.tcache</mallctl></link> is enabled and
-        the size class is within the range being cached, or to directly satisfy
-        an allocation request otherwise.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.large.ndalloc">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.large.ndalloc</mallctl>
-          (<type>uint64_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Cumulative number of times a large extent was returned
-        to the arena, whether to flush the relevant tcache if <link
-        linkend="opt.tcache"><mallctl>opt.tcache</mallctl></link> is enabled and
-        the size class is within the range being cached, or to directly
-        deallocate an allocation otherwise.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.large.nrequests">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.large.nrequests</mallctl>
-          (<type>uint64_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Cumulative number of allocation requests satisfied by
-        all large size classes.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.large.nfills">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.large.nfills</mallctl>
-          (<type>uint64_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Cumulative number of tcache fills by all large size
-	classes.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.large.nflushes">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.large.nflushes</mallctl>
-          (<type>uint64_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Cumulative number of tcache flushes by all large size
-        classes.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.bins.j.nmalloc">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.bins.&lt;j&gt;.nmalloc</mallctl>
-          (<type>uint64_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Cumulative number of times a bin region of the
-        corresponding size class was allocated from the arena, whether to fill
-        the relevant tcache if <link
-        linkend="opt.tcache"><mallctl>opt.tcache</mallctl></link> is enabled, or
-        to directly satisfy an allocation request otherwise.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.bins.j.ndalloc">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.bins.&lt;j&gt;.ndalloc</mallctl>
-          (<type>uint64_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Cumulative number of times a bin region of the
-        corresponding size class was returned to the arena, whether to flush the
-        relevant tcache if <link
-        linkend="opt.tcache"><mallctl>opt.tcache</mallctl></link> is enabled, or
-        to directly deallocate an allocation otherwise.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.bins.j.nrequests">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.bins.&lt;j&gt;.nrequests</mallctl>
-          (<type>uint64_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Cumulative number of allocation requests satisfied by
-        bin regions of the corresponding size class.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.bins.j.curregs">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.bins.&lt;j&gt;.curregs</mallctl>
-          (<type>size_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Current number of regions for this size
-        class.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.bins.j.nfills">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.bins.&lt;j&gt;.nfills</mallctl>
-          (<type>uint64_t</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para>Cumulative number of tcache fills.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.bins.j.nflushes">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.bins.&lt;j&gt;.nflushes</mallctl>
-          (<type>uint64_t</type>)
-          <literal>r-</literal>
-        </term>
-        <listitem><para>Cumulative number of tcache flushes.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.bins.j.nslabs">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.bins.&lt;j&gt;.nslabs</mallctl>
-          (<type>uint64_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Cumulative number of slabs created.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.bins.j.nreslabs">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.bins.&lt;j&gt;.nreslabs</mallctl>
-          (<type>uint64_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Cumulative number of times the current slab from which
-        to allocate changed.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.bins.j.curslabs">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.bins.&lt;j&gt;.curslabs</mallctl>
-          (<type>size_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Current number of slabs.</para></listitem>
-      </varlistentry>
-
-
-      <varlistentry id="stats.arenas.i.bins.j.nonfull_slabs">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.bins.&lt;j&gt;.nonfull_slabs</mallctl>
-          (<type>size_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Current number of nonfull slabs.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.bins.mutex">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.bins.&lt;j&gt;.mutex.{counter}</mallctl>
-          (<type>counter specific type</type>) <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Statistics on
-        <varname>arena.&lt;i&gt;.bins.&lt;j&gt;</varname> mutex (arena bin
-        scope; bin operation related).  <mallctl>{counter}</mallctl> is one of
-        the counters in <link linkend="mutex_counters">mutex profiling
-        counters</link>.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.extents.n">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.extents.&lt;j&gt;.n{extent_type}</mallctl>
-          (<type>size_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para> Number of extents of the given type in this arena in
-	the bucket corresponding to page size index &lt;j&gt;. The extent type
-	is one of dirty, muzzy, or retained.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.extents.bytes">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.extents.&lt;j&gt;.{extent_type}_bytes</mallctl>
-          (<type>size_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-	<listitem><para> Sum of the bytes managed by extents of the given type
-	in this arena in the bucket corresponding to page size index &lt;j&gt;.
-	The extent type is one of dirty, muzzy, or retained.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.lextents.j.nmalloc">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.lextents.&lt;j&gt;.nmalloc</mallctl>
-          (<type>uint64_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Cumulative number of times a large extent of the
-        corresponding size class was allocated from the arena, whether to fill
-        the relevant tcache if <link
-        linkend="opt.tcache"><mallctl>opt.tcache</mallctl></link> is enabled and
-        the size class is within the range being cached, or to directly satisfy
-        an allocation request otherwise.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.lextents.j.ndalloc">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.lextents.&lt;j&gt;.ndalloc</mallctl>
-          (<type>uint64_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Cumulative number of times a large extent of the
-        corresponding size class was returned to the arena, whether to flush the
-        relevant tcache if <link
-        linkend="opt.tcache"><mallctl>opt.tcache</mallctl></link> is enabled and
-        the size class is within the range being cached, or to directly
-        deallocate an allocation otherwise.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.lextents.j.nrequests">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.lextents.&lt;j&gt;.nrequests</mallctl>
-          (<type>uint64_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Cumulative number of allocation requests satisfied by
-        large extents of the corresponding size class.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.lextents.j.curlextents">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.lextents.&lt;j&gt;.curlextents</mallctl>
-          (<type>size_t</type>)
-          <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Current number of large allocations for this size class.
-        </para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.mutexes.large">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.mutexes.large.{counter}</mallctl>
-          (<type>counter specific type</type>) <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Statistics on <varname>arena.&lt;i&gt;.large</varname>
-        mutex (arena scope; large allocation related).
-        <mallctl>{counter}</mallctl> is one of the counters in <link
-        linkend="mutex_counters">mutex profiling
-        counters</link>.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.mutexes.extent_avail">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.mutexes.extent_avail.{counter}</mallctl>
-          (<type>counter specific type</type>) <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Statistics on <varname>arena.&lt;i&gt;.extent_avail
-        </varname> mutex (arena scope; extent avail related).
-        <mallctl>{counter}</mallctl> is one of the counters in <link
-        linkend="mutex_counters">mutex profiling
-        counters</link>.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.mutexes.extents_dirty">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.mutexes.extents_dirty.{counter}</mallctl>
-          (<type>counter specific type</type>) <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Statistics on <varname>arena.&lt;i&gt;.extents_dirty
-        </varname> mutex (arena scope; dirty extents related).
-        <mallctl>{counter}</mallctl> is one of the counters in <link
-        linkend="mutex_counters">mutex profiling
-        counters</link>.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.mutexes.extents_muzzy">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.mutexes.extents_muzzy.{counter}</mallctl>
-          (<type>counter specific type</type>) <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Statistics on <varname>arena.&lt;i&gt;.extents_muzzy
-        </varname> mutex (arena scope; muzzy extents related).
-        <mallctl>{counter}</mallctl> is one of the counters in <link
-        linkend="mutex_counters">mutex profiling
-        counters</link>.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.mutexes.extents_retained">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.mutexes.extents_retained.{counter}</mallctl>
-          (<type>counter specific type</type>) <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Statistics on <varname>arena.&lt;i&gt;.extents_retained
-        </varname> mutex (arena scope; retained extents related).
-        <mallctl>{counter}</mallctl> is one of the counters in <link
-        linkend="mutex_counters">mutex profiling
-        counters</link>.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.mutexes.decay_dirty">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.mutexes.decay_dirty.{counter}</mallctl>
-          (<type>counter specific type</type>) <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Statistics on <varname>arena.&lt;i&gt;.decay_dirty
-        </varname> mutex (arena scope; decay for dirty pages related).
-        <mallctl>{counter}</mallctl> is one of the counters in <link
-        linkend="mutex_counters">mutex profiling
-        counters</link>.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.mutexes.decay_muzzy">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.mutexes.decay_muzzy.{counter}</mallctl>
-          (<type>counter specific type</type>) <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Statistics on <varname>arena.&lt;i&gt;.decay_muzzy
-        </varname> mutex (arena scope; decay for muzzy pages related).
-        <mallctl>{counter}</mallctl> is one of the counters in <link
-        linkend="mutex_counters">mutex profiling
-        counters</link>.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.mutexes.base">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.mutexes.base.{counter}</mallctl>
-          (<type>counter specific type</type>) <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Statistics on <varname>arena.&lt;i&gt;.base</varname>
-        mutex (arena scope; base allocator related).
-        <mallctl>{counter}</mallctl> is one of the counters in <link
-        linkend="mutex_counters">mutex profiling
-        counters</link>.</para></listitem>
-      </varlistentry>
-
-      <varlistentry id="stats.arenas.i.mutexes.tcache_list">
-        <term>
-          <mallctl>stats.arenas.&lt;i&gt;.mutexes.tcache_list.{counter}</mallctl>
-          (<type>counter specific type</type>) <literal>r-</literal>
-          [<option>--enable-stats</option>]
-        </term>
-        <listitem><para>Statistics on
-        <varname>arena.&lt;i&gt;.tcache_list</varname> mutex (arena scope;
-        tcache to arena association related).  This mutex is expected to be
-        accessed less often.  <mallctl>{counter}</mallctl> is one of the
-        counters in <link linkend="mutex_counters">mutex profiling
-        counters</link>.</para></listitem>
-      </varlistentry>
-
-    </variablelist>
-  </refsect1>
-  <refsect1 id="heap_profile_format">
-    <title>HEAP PROFILE FORMAT</title>
-    <para>Although the heap profiling functionality was originally designed to
-    be compatible with the
-    <command>pprof</command> command that is developed as part of the <ulink
-    url="http://code.google.com/p/gperftools/">gperftools
-    package</ulink>, the addition of per thread heap profiling functionality
-    required a different heap profile format.  The <command>jeprof</command>
-    command is derived from <command>pprof</command>, with enhancements to
-    support the heap profile format described here.</para>
-
-    <para>In the following hypothetical heap profile, <constant>[...]</constant>
-    indicates elision for the sake of compactness.  <programlisting><![CDATA[
-heap_v2/524288
-  t*: 28106: 56637512 [0: 0]
-  [...]
-  t3: 352: 16777344 [0: 0]
-  [...]
-  t99: 17754: 29341640 [0: 0]
-  [...]
-@ 0x5f86da8 0x5f5a1dc [...] 0x29e4d4e 0xa200316 0xabb2988 [...]
-  t*: 13: 6688 [0: 0]
-  t3: 12: 6496 [0: ]
-  t99: 1: 192 [0: 0]
-[...]
-
-MAPPED_LIBRARIES:
-[...]]]></programlisting> The following matches the above heap profile, but most
-tokens are replaced with <constant>&lt;description&gt;</constant> to indicate
-descriptions of the corresponding fields.  <programlisting><![CDATA[
-<heap_profile_format_version>/<mean_sample_interval>
-  <aggregate>: <curobjs>: <curbytes> [<cumobjs>: <cumbytes>]
-  [...]
-  <thread_3_aggregate>: <curobjs>: <curbytes>[<cumobjs>: <cumbytes>]
-  [...]
-  <thread_99_aggregate>: <curobjs>: <curbytes>[<cumobjs>: <cumbytes>]
-  [...]
-@ <top_frame> <frame> [...] <frame> <frame> <frame> [...]
-  <backtrace_aggregate>: <curobjs>: <curbytes> [<cumobjs>: <cumbytes>]
-  <backtrace_thread_3>: <curobjs>: <curbytes> [<cumobjs>: <cumbytes>]
-  <backtrace_thread_99>: <curobjs>: <curbytes> [<cumobjs>: <cumbytes>]
-[...]
-
-MAPPED_LIBRARIES:
-</proc/<pid>/maps>]]></programlisting></para>
-  </refsect1>
-
-  <refsect1 id="debugging_malloc_problems">
-    <title>DEBUGGING MALLOC PROBLEMS</title>
-    <para>When debugging, it is a good idea to configure/build jemalloc with
-    the <option>--enable-debug</option> and <option>--enable-fill</option>
-    options, and recompile the program with suitable options and symbols for
-    debugger support.  When so configured, jemalloc incorporates a wide variety
-    of run-time assertions that catch application errors such as double-free,
-    write-after-free, etc.</para>
-
-    <para>Programs often accidentally depend on <quote>uninitialized</quote>
-    memory actually being filled with zero bytes.  Junk filling
-    (see the <link linkend="opt.junk"><mallctl>opt.junk</mallctl></link>
-    option) tends to expose such bugs in the form of obviously incorrect
-    results and/or coredumps.  Conversely, zero
-    filling (see the <link
-    linkend="opt.zero"><mallctl>opt.zero</mallctl></link> option) eliminates
-    the symptoms of such bugs.  Between these two options, it is usually
-    possible to quickly detect, diagnose, and eliminate such bugs.</para>
-
-    <para>This implementation does not provide much detail about the problems
-    it detects, because the performance impact for storing such information
-    would be prohibitive.</para>
-  </refsect1>
-  <refsect1 id="diagnostic_messages">
-    <title>DIAGNOSTIC MESSAGES</title>
-    <para>If any of the memory allocation/deallocation functions detect an
-    error or warning condition, a message will be printed to file descriptor
-    <constant>STDERR_FILENO</constant>.  Errors will result in the process
-    dumping core.  If the <link
-    linkend="opt.abort"><mallctl>opt.abort</mallctl></link> option is set, most
-    warnings are treated as errors.</para>
-
-    <para>The <varname>malloc_message</varname> variable allows the programmer
-    to override the function which emits the text strings forming the errors
-    and warnings if for some reason the <constant>STDERR_FILENO</constant> file
-    descriptor is not suitable for this.
-    <function>malloc_message()</function> takes the
-    <parameter>cbopaque</parameter> pointer argument that is
-    <constant>NULL</constant> unless overridden by the arguments in a call to
-    <function>malloc_stats_print()</function>, followed by a string
-    pointer.  Please note that doing anything which tries to allocate memory in
-    this function is likely to result in a crash or deadlock.</para>
-
-    <para>All messages are prefixed by
-    <quote><computeroutput>&lt;jemalloc&gt;: </computeroutput></quote>.</para>
-  </refsect1>
-  <refsect1 id="return_values">
-    <title>RETURN VALUES</title>
-    <refsect2>
-      <title>Standard API</title>
-      <para>The <function>malloc()</function> and
-      <function>calloc()</function> functions return a pointer to the
-      allocated memory if successful; otherwise a <constant>NULL</constant>
-      pointer is returned and <varname>errno</varname> is set to
-      <errorname>ENOMEM</errorname>.</para>
-
-      <para>The <function>posix_memalign()</function> function
-      returns the value 0 if successful; otherwise it returns an error value.
-      The <function>posix_memalign()</function> function will fail
-      if:
-        <variablelist>
-          <varlistentry>
-            <term><errorname>EINVAL</errorname></term>
-
-            <listitem><para>The <parameter>alignment</parameter> parameter is
-            not a power of 2 at least as large as
-            <code language="C">sizeof(<type>void *</type>)</code>.
-            </para></listitem>
-          </varlistentry>
-          <varlistentry>
-            <term><errorname>ENOMEM</errorname></term>
-
-            <listitem><para>Memory allocation error.</para></listitem>
-          </varlistentry>
-        </variablelist>
-      </para>
-
-      <para>The <function>aligned_alloc()</function> function returns
-      a pointer to the allocated memory if successful; otherwise a
-      <constant>NULL</constant> pointer is returned and
-      <varname>errno</varname> is set.  The
-      <function>aligned_alloc()</function> function will fail if:
-        <variablelist>
-          <varlistentry>
-            <term><errorname>EINVAL</errorname></term>
-
-            <listitem><para>The <parameter>alignment</parameter> parameter is
-            not a power of 2.
-            </para></listitem>
-          </varlistentry>
-          <varlistentry>
-            <term><errorname>ENOMEM</errorname></term>
-
-            <listitem><para>Memory allocation error.</para></listitem>
-          </varlistentry>
-        </variablelist>
-      </para>
-
-      <para>The <function>realloc()</function> function returns a
-      pointer, possibly identical to <parameter>ptr</parameter>, to the
-      allocated memory if successful; otherwise a <constant>NULL</constant>
-      pointer is returned, and <varname>errno</varname> is set to
-      <errorname>ENOMEM</errorname> if the error was the result of an
-      allocation failure.  The <function>realloc()</function>
-      function always leaves the original buffer intact when an error occurs.
-      </para>
-
-      <para>The <function>free()</function> function returns no
-      value.</para>
-    </refsect2>
-    <refsect2>
-      <title>Non-standard API</title>
-      <para>The <function>mallocx()</function> and
-      <function>rallocx()</function> functions return a pointer to
-      the allocated memory if successful; otherwise a <constant>NULL</constant>
-      pointer is returned to indicate insufficient contiguous memory was
-      available to service the allocation request.  </para>
-
-      <para>The <function>xallocx()</function> function returns the
-      real size of the resulting resized allocation pointed to by
-      <parameter>ptr</parameter>, which is a value less than
-      <parameter>size</parameter> if the allocation could not be adequately
-      grown in place.  </para>
-
-      <para>The <function>sallocx()</function> function returns the
-      real size of the allocation pointed to by <parameter>ptr</parameter>.
-      </para>
-
-      <para>The <function>nallocx()</function> returns the real size
-      that would result from a successful equivalent
-      <function>mallocx()</function> function call, or zero if
-      insufficient memory is available to perform the size computation.  </para>
-
-      <para>The <function>mallctl()</function>,
-      <function>mallctlnametomib()</function>, and
-      <function>mallctlbymib()</function> functions return 0 on
-      success; otherwise they return an error value.  The functions will fail
-      if:
-        <variablelist>
-          <varlistentry>
-            <term><errorname>EINVAL</errorname></term>
-
-            <listitem><para><parameter>newp</parameter> is not
-            <constant>NULL</constant>, and <parameter>newlen</parameter> is too
-            large or too small.  Alternatively, <parameter>*oldlenp</parameter>
-            is too large or too small; in this case as much data as possible
-            are read despite the error.</para></listitem>
-          </varlistentry>
-          <varlistentry>
-            <term><errorname>ENOENT</errorname></term>
-
-            <listitem><para><parameter>name</parameter> or
-            <parameter>mib</parameter> specifies an unknown/invalid
-            value.</para></listitem>
-          </varlistentry>
-          <varlistentry>
-            <term><errorname>EPERM</errorname></term>
-
-            <listitem><para>Attempt to read or write void value, or attempt to
-            write read-only value.</para></listitem>
-          </varlistentry>
-          <varlistentry>
-            <term><errorname>EAGAIN</errorname></term>
-
-            <listitem><para>A memory allocation failure
-            occurred.</para></listitem>
-          </varlistentry>
-          <varlistentry>
-            <term><errorname>EFAULT</errorname></term>
-
-            <listitem><para>An interface with side effects failed in some way
-            not directly related to <function>mallctl*()</function>
-            read/write processing.</para></listitem>
-          </varlistentry>
-        </variablelist>
-      </para>
-
-      <para>The <function>malloc_usable_size()</function> function
-      returns the usable size of the allocation pointed to by
-      <parameter>ptr</parameter>.  </para>
-    </refsect2>
-  </refsect1>
-  <refsect1 id="environment">
-    <title>ENVIRONMENT</title>
-    <para>The following environment variable affects the execution of the
-    allocation functions:
-      <variablelist>
-        <varlistentry>
-          <term><envar>MALLOC_CONF</envar></term>
-
-          <listitem><para>If the environment variable
-          <envar>MALLOC_CONF</envar> is set, the characters it contains
-          will be interpreted as options.</para></listitem>
-        </varlistentry>
-      </variablelist>
-    </para>
-  </refsect1>
-  <refsect1 id="examples">
-    <title>EXAMPLES</title>
-    <para>To dump core whenever a problem occurs:
-      <screen>ln -s 'abort:true' /etc/malloc.conf</screen>
-    </para>
-    <para>To specify in the source that only one arena should be automatically
-    created:
-      <programlisting language="C"><![CDATA[
-malloc_conf = "narenas:1";]]></programlisting></para>
-  </refsect1>
-  <refsect1 id="see_also">
-    <title>SEE ALSO</title>
-    <para><citerefentry><refentrytitle>madvise</refentrytitle>
-    <manvolnum>2</manvolnum></citerefentry>,
-    <citerefentry><refentrytitle>mmap</refentrytitle>
-    <manvolnum>2</manvolnum></citerefentry>,
-    <citerefentry><refentrytitle>sbrk</refentrytitle>
-    <manvolnum>2</manvolnum></citerefentry>,
-    <citerefentry><refentrytitle>utrace</refentrytitle>
-    <manvolnum>2</manvolnum></citerefentry>,
-    <citerefentry><refentrytitle>alloca</refentrytitle>
-    <manvolnum>3</manvolnum></citerefentry>,
-    <citerefentry><refentrytitle>atexit</refentrytitle>
-    <manvolnum>3</manvolnum></citerefentry>,
-    <citerefentry><refentrytitle>getpagesize</refentrytitle>
-    <manvolnum>3</manvolnum></citerefentry></para>
-  </refsect1>
-  <refsect1 id="standards">
-    <title>STANDARDS</title>
-    <para>The <function>malloc()</function>,
-    <function>calloc()</function>,
-    <function>realloc()</function>, and
-    <function>free()</function> functions conform to ISO/IEC
-    9899:1990 (<quote>ISO C90</quote>).</para>
-
-    <para>The <function>posix_memalign()</function> function conforms
-    to IEEE Std 1003.1-2001 (<quote>POSIX.1</quote>).</para>
-  </refsect1>
-  <refsect1 id="history">
-    <title>HISTORY</title>
-    <para>The <function>malloc_usable_size()</function> and
-    <function>posix_memalign()</function> functions first appeared in FreeBSD
-    7.0.</para>
-
-    <para>The <function>aligned_alloc()</function>,
-    <function>malloc_stats_print()</function>, and
-    <function>mallctl*()</function> functions first appeared in FreeBSD
-    10.0.</para>
-
-    <para>The <function>*allocx()</function> functions first appeared in FreeBSD
-    11.0.</para>
-  </refsect1>
-</refentry>
->>>>>>> main
diff --git a/contrib/jemalloc/include/jemalloc/internal/jemalloc_internal_defs.h.in b/contrib/jemalloc/include/jemalloc/internal/jemalloc_internal_defs.h.in
index 52b31878a464..3588072f178c 100644
--- a/contrib/jemalloc/include/jemalloc/internal/jemalloc_internal_defs.h.in
+++ b/contrib/jemalloc/include/jemalloc/internal/jemalloc_internal_defs.h.in
@@ -1,4 +1,3 @@
-<<<<<<< HEAD
 #ifndef JEMALLOC_INTERNAL_DEFS_H_
 #define JEMALLOC_INTERNAL_DEFS_H_
 /*
@@ -426,372 +425,3 @@
 #undef JEMALLOC_ZERO_REALLOC_DEFAULT_FREE
 
 #endif /* JEMALLOC_INTERNAL_DEFS_H_ */
-||||||| dec341af7695
-=======
-#ifndef JEMALLOC_INTERNAL_DEFS_H_
-#define JEMALLOC_INTERNAL_DEFS_H_
-/*
- * If JEMALLOC_PREFIX is defined via --with-jemalloc-prefix, it will cause all
- * public APIs to be prefixed.  This makes it possible, with some care, to use
- * multiple allocators simultaneously.
- */
-#undef JEMALLOC_PREFIX
-#undef JEMALLOC_CPREFIX
-
-/*
- * Define overrides for non-standard allocator-related functions if they are
- * present on the system.
- */
-#undef JEMALLOC_OVERRIDE___LIBC_CALLOC
-#undef JEMALLOC_OVERRIDE___LIBC_FREE
-#undef JEMALLOC_OVERRIDE___LIBC_MALLOC
-#undef JEMALLOC_OVERRIDE___LIBC_MEMALIGN
-#undef JEMALLOC_OVERRIDE___LIBC_REALLOC
-#undef JEMALLOC_OVERRIDE___LIBC_VALLOC
-#undef JEMALLOC_OVERRIDE___POSIX_MEMALIGN
-
-/*
- * JEMALLOC_PRIVATE_NAMESPACE is used as a prefix for all library-private APIs.
- * For shared libraries, symbol visibility mechanisms prevent these symbols
- * from being exported, but for static libraries, naming collisions are a real
- * possibility.
- */
-#undef JEMALLOC_PRIVATE_NAMESPACE
-
-/*
- * Hyper-threaded CPUs may need a special instruction inside spin loops in
- * order to yield to another virtual CPU.
- */
-#undef CPU_SPINWAIT
-/* 1 if CPU_SPINWAIT is defined, 0 otherwise. */
-#undef HAVE_CPU_SPINWAIT
-
-/*
- * Number of significant bits in virtual addresses.  This may be less than the
- * total number of bits in a pointer, e.g. on x64, for which the uppermost 16
- * bits are the same as bit 47.
- */
-#undef LG_VADDR
-
-/* Defined if C11 atomics are available. */
-#undef JEMALLOC_C11_ATOMICS
-
-/* Defined if GCC __atomic atomics are available. */
-#undef JEMALLOC_GCC_ATOMIC_ATOMICS
-/* and the 8-bit variant support. */
-#undef JEMALLOC_GCC_U8_ATOMIC_ATOMICS
-
-/* Defined if GCC __sync atomics are available. */
-#undef JEMALLOC_GCC_SYNC_ATOMICS
-/* and the 8-bit variant support. */
-#undef JEMALLOC_GCC_U8_SYNC_ATOMICS
-
-/*
- * Defined if __builtin_clz() and __builtin_clzl() are available.
- */
-#undef JEMALLOC_HAVE_BUILTIN_CLZ
-
-/*
- * Defined if os_unfair_lock_*() functions are available, as provided by Darwin.
- */
-#undef JEMALLOC_OS_UNFAIR_LOCK
-
-/* Defined if syscall(2) is usable. */
-#undef JEMALLOC_USE_SYSCALL
-
-/*
- * Defined if secure_getenv(3) is available.
- */
-#undef JEMALLOC_HAVE_SECURE_GETENV
-
-/*
- * Defined if issetugid(2) is available.
- */
-#undef JEMALLOC_HAVE_ISSETUGID
-
-/* Defined if pthread_atfork(3) is available. */
-#undef JEMALLOC_HAVE_PTHREAD_ATFORK
-
-/* Defined if pthread_setname_np(3) is available. */
-#undef JEMALLOC_HAVE_PTHREAD_SETNAME_NP
-
-/*
- * Defined if clock_gettime(CLOCK_MONOTONIC_COARSE, ...) is available.
- */
-#undef JEMALLOC_HAVE_CLOCK_MONOTONIC_COARSE
-
-/*
- * Defined if clock_gettime(CLOCK_MONOTONIC, ...) is available.
- */
-#undef JEMALLOC_HAVE_CLOCK_MONOTONIC
-
-/*
- * Defined if mach_absolute_time() is available.
- */
-#undef JEMALLOC_HAVE_MACH_ABSOLUTE_TIME
-
-/*
- * Defined if _malloc_thread_cleanup() exists.  At least in the case of
- * FreeBSD, pthread_key_create() allocates, which if used during malloc
- * bootstrapping will cause recursion into the pthreads library.  Therefore, if
- * _malloc_thread_cleanup() exists, use it as the basis for thread cleanup in
- * malloc_tsd.
- */
-#undef JEMALLOC_MALLOC_THREAD_CLEANUP
-
-/*
- * Defined if threaded initialization is known to be safe on this platform.
- * Among other things, it must be possible to initialize a mutex without
- * triggering allocation in order for threaded allocation to be safe.
- */
-#undef JEMALLOC_THREADED_INIT
-
-/*
- * Defined if the pthreads implementation defines
- * _pthread_mutex_init_calloc_cb(), in which case the function is used in order
- * to avoid recursive allocation during mutex initialization.
- */
-#undef JEMALLOC_MUTEX_INIT_CB
-
-/* Non-empty if the tls_model attribute is supported. */
-#undef JEMALLOC_TLS_MODEL
-
-/*
- * JEMALLOC_DEBUG enables assertions and other sanity checks, and disables
- * inline functions.
- */
-#undef JEMALLOC_DEBUG
-
-/* JEMALLOC_STATS enables statistics calculation. */
-#undef JEMALLOC_STATS
-
-/* JEMALLOC_EXPERIMENTAL_SMALLOCX_API enables experimental smallocx API. */
-#undef JEMALLOC_EXPERIMENTAL_SMALLOCX_API
-
-/* JEMALLOC_PROF enables allocation profiling. */
-#undef JEMALLOC_PROF
-
-/* Use libunwind for profile backtracing if defined. */
-#undef JEMALLOC_PROF_LIBUNWIND
-
-/* Use libgcc for profile backtracing if defined. */
-#undef JEMALLOC_PROF_LIBGCC
-
-/* Use gcc intrinsics for profile backtracing if defined. */
-#undef JEMALLOC_PROF_GCC
-
-/*
- * JEMALLOC_DSS enables use of sbrk(2) to allocate extents from the data storage
- * segment (DSS).
- */
-#undef JEMALLOC_DSS
-
-/* Support memory filling (junk/zero). */
-#undef JEMALLOC_FILL
-
-/* Support utrace(2)-based tracing. */
-#undef JEMALLOC_UTRACE
-
-/* Support optional abort() on OOM. */
-#undef JEMALLOC_XMALLOC
-
-/* Support lazy locking (avoid locking unless a second thread is launched). */
-#undef JEMALLOC_LAZY_LOCK
-
-/*
- * Minimum allocation alignment is 2^LG_QUANTUM bytes (ignoring tiny size
- * classes).
- */
-#undef LG_QUANTUM
-
-/* One page is 2^LG_PAGE bytes. */
-#undef LG_PAGE
-
-/*
- * One huge page is 2^LG_HUGEPAGE bytes.  Note that this is defined even if the
- * system does not explicitly support huge pages; system calls that require
- * explicit huge page support are separately configured.
- */
-#undef LG_HUGEPAGE
-
-/*
- * If defined, adjacent virtual memory mappings with identical attributes
- * automatically coalesce, and they fragment when changes are made to subranges.
- * This is the normal order of things for mmap()/munmap(), but on Windows
- * VirtualAlloc()/VirtualFree() operations must be precisely matched, i.e.
- * mappings do *not* coalesce/fragment.
- */
-#undef JEMALLOC_MAPS_COALESCE
-
-/*
- * If defined, retain memory for later reuse by default rather than using e.g.
- * munmap() to unmap freed extents.  This is enabled on 64-bit Linux because
- * common sequences of mmap()/munmap() calls will cause virtual memory map
- * holes.
- */
-#undef JEMALLOC_RETAIN
-
-/* TLS is used to map arenas and magazine caches to threads. */
-#undef JEMALLOC_TLS
-
-/*
- * Used to mark unreachable code to quiet "end of non-void" compiler warnings.
- * Don't use this directly; instead use unreachable() from util.h
- */
-#undef JEMALLOC_INTERNAL_UNREACHABLE
-
-/*
- * ffs*() functions to use for bitmapping.  Don't use these directly; instead,
- * use ffs_*() from util.h.
- */
-#undef JEMALLOC_INTERNAL_FFSLL
-#undef JEMALLOC_INTERNAL_FFSL
-#undef JEMALLOC_INTERNAL_FFS
-
-/*
- * popcount*() functions to use for bitmapping.
- */
-#undef JEMALLOC_INTERNAL_POPCOUNTL
-#undef JEMALLOC_INTERNAL_POPCOUNT
-
-/*
- * If defined, explicitly attempt to more uniformly distribute large allocation
- * pointer alignments across all cache indices.
- */
-#undef JEMALLOC_CACHE_OBLIVIOUS
-
-/*
- * If defined, enable logging facilities.  We make this a configure option to
- * avoid taking extra branches everywhere.
- */
-#undef JEMALLOC_LOG
-
-/*
- * If defined, use readlinkat() (instead of readlink()) to follow
- * /etc/malloc_conf.
- */
-#undef JEMALLOC_READLINKAT
-
-/*
- * Darwin (OS X) uses zones to work around Mach-O symbol override shortcomings.
- */
-#undef JEMALLOC_ZONE
-
-/*
- * Methods for determining whether the OS overcommits.
- * JEMALLOC_PROC_SYS_VM_OVERCOMMIT_MEMORY: Linux's
- *                                         /proc/sys/vm.overcommit_memory file.
- * JEMALLOC_SYSCTL_VM_OVERCOMMIT: FreeBSD's vm.overcommit sysctl.
- */
-#undef JEMALLOC_SYSCTL_VM_OVERCOMMIT
-#undef JEMALLOC_PROC_SYS_VM_OVERCOMMIT_MEMORY
-
-/* Defined if madvise(2) is available. */
-#undef JEMALLOC_HAVE_MADVISE
-
-/*
- * Defined if transparent huge pages are supported via the MADV_[NO]HUGEPAGE
- * arguments to madvise(2).
- */
-#undef JEMALLOC_HAVE_MADVISE_HUGE
-
-/*
- * Methods for purging unused pages differ between operating systems.
- *
- *   madvise(..., MADV_FREE) : This marks pages as being unused, such that they
- *                             will be discarded rather than swapped out.
- *   madvise(..., MADV_DONTNEED) : If JEMALLOC_PURGE_MADVISE_DONTNEED_ZEROS is
- *                                 defined, this immediately discards pages,
- *                                 such that new pages will be demand-zeroed if
- *                                 the address region is later touched;
- *                                 otherwise this behaves similarly to
- *                                 MADV_FREE, though typically with higher
- *                                 system overhead.
- */
-#undef JEMALLOC_PURGE_MADVISE_FREE
-#undef JEMALLOC_PURGE_MADVISE_DONTNEED
-#undef JEMALLOC_PURGE_MADVISE_DONTNEED_ZEROS
-
-/* Defined if madvise(2) is available but MADV_FREE is not (x86 Linux only). */
-#undef JEMALLOC_DEFINE_MADVISE_FREE
-
-/*
- * Defined if MADV_DO[NT]DUMP is supported as an argument to madvise.
- */
-#undef JEMALLOC_MADVISE_DONTDUMP
-
-/*
- * Defined if transparent huge pages (THPs) are supported via the
- * MADV_[NO]HUGEPAGE arguments to madvise(2), and THP support is enabled.
- */
-#undef JEMALLOC_THP
-
-/* Define if operating system has alloca.h header. */
-#undef JEMALLOC_HAS_ALLOCA_H
-
-/* C99 restrict keyword supported. */
-#undef JEMALLOC_HAS_RESTRICT
-
-/* For use by hash code. */
-#undef JEMALLOC_BIG_ENDIAN
-
-/* sizeof(int) == 2^LG_SIZEOF_INT. */
-#undef LG_SIZEOF_INT
-
-/* sizeof(long) == 2^LG_SIZEOF_LONG. */
-#undef LG_SIZEOF_LONG
-
-/* sizeof(long long) == 2^LG_SIZEOF_LONG_LONG. */
-#undef LG_SIZEOF_LONG_LONG
-
-/* sizeof(intmax_t) == 2^LG_SIZEOF_INTMAX_T. */
-#undef LG_SIZEOF_INTMAX_T
-
-/* glibc malloc hooks (__malloc_hook, __realloc_hook, __free_hook). */
-#undef JEMALLOC_GLIBC_MALLOC_HOOK
-
-/* glibc memalign hook. */
-#undef JEMALLOC_GLIBC_MEMALIGN_HOOK
-
-/* pthread support */
-#undef JEMALLOC_HAVE_PTHREAD
-
-/* dlsym() support */
-#undef JEMALLOC_HAVE_DLSYM
-
-/* Adaptive mutex support in pthreads. */
-#undef JEMALLOC_HAVE_PTHREAD_MUTEX_ADAPTIVE_NP
-
-/* GNU specific sched_getcpu support */
-#undef JEMALLOC_HAVE_SCHED_GETCPU
-
-/* GNU specific sched_setaffinity support */
-#undef JEMALLOC_HAVE_SCHED_SETAFFINITY
-
-/*
- * If defined, all the features necessary for background threads are present.
- */
-#undef JEMALLOC_BACKGROUND_THREAD
-
-/*
- * If defined, jemalloc symbols are not exported (doesn't work when
- * JEMALLOC_PREFIX is not defined).
- */
-#undef JEMALLOC_EXPORT
-
-/* config.malloc_conf options string. */
-#undef JEMALLOC_CONFIG_MALLOC_CONF
-
-/* If defined, jemalloc takes the malloc/free/etc. symbol names. */
-#undef JEMALLOC_IS_MALLOC
-
-/*
- * Defined if strerror_r returns char * if _GNU_SOURCE is defined.
- */
-#undef JEMALLOC_STRERROR_R_RETURNS_CHAR_WITH_GNU_SOURCE
-
-/* Performs additional safety checks when defined. */
-#undef JEMALLOC_OPT_SAFETY_CHECKS
-
-#endif /* JEMALLOC_INTERNAL_DEFS_H_ */
->>>>>>> main
diff --git a/contrib/jemalloc/include/jemalloc/internal/jemalloc_preamble.h.in b/contrib/jemalloc/include/jemalloc/internal/jemalloc_preamble.h.in
index c4fb2d0793bf..e4932f1e8c18 100644
--- a/contrib/jemalloc/include/jemalloc/internal/jemalloc_preamble.h.in
+++ b/contrib/jemalloc/include/jemalloc/internal/jemalloc_preamble.h.in
@@ -1,4 +1,3 @@
-<<<<<<< HEAD
 #ifndef JEMALLOC_PREAMBLE_H
 #define JEMALLOC_PREAMBLE_H
 
@@ -261,218 +260,3 @@ static const bool have_memcntl =
     ;
 
 #endif /* JEMALLOC_PREAMBLE_H */
-||||||| dec341af7695
-=======
-#ifndef JEMALLOC_PREAMBLE_H
-#define JEMALLOC_PREAMBLE_H
-
-#include "jemalloc_internal_defs.h"
-#include "jemalloc/internal/jemalloc_internal_decls.h"
-
-#ifdef JEMALLOC_UTRACE
-#include <sys/ktrace.h>
-#endif
-
-#ifndef JEMALLOC_PRIVATE_NAMESPACE
-#include "un-namespace.h"
-#include "libc_private.h"
-#endif
-
-#define JEMALLOC_NO_DEMANGLE
-#ifdef JEMALLOC_JET
-#  undef JEMALLOC_IS_MALLOC
-#  define JEMALLOC_N(n) jet_##n
-#  include "jemalloc/internal/public_namespace.h"
-#  define JEMALLOC_NO_RENAME
-#  include "../jemalloc@install_suffix@.h"
-#  undef JEMALLOC_NO_RENAME
-#else
-#  define JEMALLOC_N(n) @private_namespace@##n
-#  include "../jemalloc@install_suffix@.h"
-#endif
-
-#if defined(JEMALLOC_OSATOMIC)
-#include <libkern/OSAtomic.h>
-#endif
-
-#ifdef JEMALLOC_ZONE
-#include <mach/mach_error.h>
-#include <mach/mach_init.h>
-#include <mach/vm_map.h>
-#endif
-
-#include "jemalloc/internal/jemalloc_internal_macros.h"
-
-/*
- * Note that the ordering matters here; the hook itself is name-mangled.  We
- * want the inclusion of hooks to happen early, so that we hook as much as
- * possible.
- */
-#ifndef JEMALLOC_NO_PRIVATE_NAMESPACE
-#  ifndef JEMALLOC_JET
-#    include "jemalloc/internal/private_namespace.h"
-#  else
-#    include "jemalloc/internal/private_namespace_jet.h"
-#  endif
-#endif
-#include "jemalloc/internal/test_hooks.h"
-
-#ifdef JEMALLOC_DEFINE_MADVISE_FREE
-#  define JEMALLOC_MADV_FREE 8
-#endif
-
-static const bool config_debug =
-#ifdef JEMALLOC_DEBUG
-    true
-#else
-    false
-#endif
-    ;
-static const bool have_dss =
-#ifdef JEMALLOC_DSS
-    true
-#else
-    false
-#endif
-    ;
-static const bool have_madvise_huge =
-#ifdef JEMALLOC_HAVE_MADVISE_HUGE
-    true
-#else
-    false
-#endif
-    ;
-static const bool config_fill =
-#ifdef JEMALLOC_FILL
-    true
-#else
-    false
-#endif
-    ;
-static const bool config_lazy_lock = true;
-static const char * const config_malloc_conf = JEMALLOC_CONFIG_MALLOC_CONF;
-static const bool config_prof =
-#ifdef JEMALLOC_PROF
-    true
-#else
-    false
-#endif
-    ;
-static const bool config_prof_libgcc =
-#ifdef JEMALLOC_PROF_LIBGCC
-    true
-#else
-    false
-#endif
-    ;
-static const bool config_prof_libunwind =
-#ifdef JEMALLOC_PROF_LIBUNWIND
-    true
-#else
-    false
-#endif
-    ;
-static const bool maps_coalesce =
-#ifdef JEMALLOC_MAPS_COALESCE
-    true
-#else
-    false
-#endif
-    ;
-static const bool config_stats =
-#ifdef JEMALLOC_STATS
-    true
-#else
-    false
-#endif
-    ;
-static const bool config_tls =
-#ifdef JEMALLOC_TLS
-    true
-#else
-    false
-#endif
-    ;
-static const bool config_utrace =
-#ifdef JEMALLOC_UTRACE
-    true
-#else
-    false
-#endif
-    ;
-static const bool config_xmalloc =
-#ifdef JEMALLOC_XMALLOC
-    true
-#else
-    false
-#endif
-    ;
-static const bool config_cache_oblivious =
-#ifdef JEMALLOC_CACHE_OBLIVIOUS
-    true
-#else
-    false
-#endif
-    ;
-/*
- * Undocumented, for jemalloc development use only at the moment.  See the note
- * in jemalloc/internal/log.h.
- */
-static const bool config_log =
-#ifdef JEMALLOC_LOG
-    true
-#else
-    false
-#endif
-    ;
-/*
- * Are extra safety checks enabled; things like checking the size of sized
- * deallocations, double-frees, etc.
- */
-static const bool config_opt_safety_checks =
-#ifdef JEMALLOC_OPT_SAFETY_CHECKS
-    true
-#elif defined(JEMALLOC_DEBUG)
-    /*
-     * This lets us only guard safety checks by one flag instead of two; fast
-     * checks can guard solely by config_opt_safety_checks and run in debug mode
-     * too.
-     */
-    true
-#else
-    false
-#endif
-    ;
-
-#if defined(_WIN32) || defined(JEMALLOC_HAVE_SCHED_GETCPU)
-/* Currently percpu_arena depends on sched_getcpu. */
-#define JEMALLOC_PERCPU_ARENA
-#endif
-static const bool have_percpu_arena =
-#ifdef JEMALLOC_PERCPU_ARENA
-    true
-#else
-    false
-#endif
-    ;
-/*
- * Undocumented, and not recommended; the application should take full
- * responsibility for tracking provenance.
- */
-static const bool force_ivsalloc =
-#ifdef JEMALLOC_FORCE_IVSALLOC
-    true
-#else
-    false
-#endif
-    ;
-static const bool have_background_thread =
-#ifdef JEMALLOC_BACKGROUND_THREAD
-    true
-#else
-    false
-#endif
-    ;
-
-#endif /* JEMALLOC_PREAMBLE_H */
->>>>>>> main
diff --git a/contrib/jemalloc/include/jemalloc/internal/tsd_win.h b/contrib/jemalloc/include/jemalloc/internal/tsd_win.h
index 46be2434b5a5..a91dac88e06a 100644
--- a/contrib/jemalloc/include/jemalloc/internal/tsd_win.h
+++ b/contrib/jemalloc/include/jemalloc/internal/tsd_win.h
@@ -1,4 +1,3 @@
-<<<<<<< HEAD
 #ifdef JEMALLOC_INTERNAL_TSD_WIN_H
 #error This file should be included only once, by tsd.h.
 #endif
@@ -138,145 +137,3 @@ tsd_set(tsd_t *val) {
 	}
 	wrapper->initialized = true;
 }
-||||||| dec341af7695
-=======
-#ifdef JEMALLOC_INTERNAL_TSD_WIN_H
-#error This file should be included only once, by tsd.h.
-#endif
-#define JEMALLOC_INTERNAL_TSD_WIN_H
-
-typedef struct {
-	bool initialized;
-	tsd_t val;
-} tsd_wrapper_t;
-
-extern DWORD tsd_tsd;
-extern tsd_wrapper_t tsd_boot_wrapper;
-extern bool tsd_booted;
-
-/* Initialization/cleanup. */
-JEMALLOC_ALWAYS_INLINE bool
-tsd_cleanup_wrapper(void) {
-	DWORD error = GetLastError();
-	tsd_wrapper_t *wrapper = (tsd_wrapper_t *)TlsGetValue(tsd_tsd);
-	SetLastError(error);
-
-	if (wrapper == NULL) {
-		return false;
-	}
-
-	if (wrapper->initialized) {
-		wrapper->initialized = false;
-		tsd_cleanup(&wrapper->val);
-		if (wrapper->initialized) {
-			/* Trigger another cleanup round. */
-			return true;
-		}
-	}
-	malloc_tsd_dalloc(wrapper);
-	return false;
-}
-
-JEMALLOC_ALWAYS_INLINE void
-tsd_wrapper_set(tsd_wrapper_t *wrapper) {
-	if (!TlsSetValue(tsd_tsd, (void *)wrapper)) {
-		malloc_write("<jemalloc>: Error setting TSD\n");
-		abort();
-	}
-}
-
-JEMALLOC_ALWAYS_INLINE tsd_wrapper_t *
-tsd_wrapper_get(bool init) {
-	DWORD error = GetLastError();
-	tsd_wrapper_t *wrapper = (tsd_wrapper_t *) TlsGetValue(tsd_tsd);
-	SetLastError(error);
-
-	if (init && unlikely(wrapper == NULL)) {
-		wrapper = (tsd_wrapper_t *)
-		    malloc_tsd_malloc(sizeof(tsd_wrapper_t));
-		if (wrapper == NULL) {
-			malloc_write("<jemalloc>: Error allocating TSD\n");
-			abort();
-		} else {
-			wrapper->initialized = false;
-			/* MSVC is finicky about aggregate initialization. */
-			tsd_t tsd_initializer = TSD_INITIALIZER;
-			wrapper->val = tsd_initializer;
-		}
-		tsd_wrapper_set(wrapper);
-	}
-	return wrapper;
-}
-
-JEMALLOC_ALWAYS_INLINE bool
-tsd_boot0(void) {
-	tsd_tsd = TlsAlloc();
-	if (tsd_tsd == TLS_OUT_OF_INDEXES) {
-		return true;
-	}
-	malloc_tsd_cleanup_register(&tsd_cleanup_wrapper);
-	tsd_wrapper_set(&tsd_boot_wrapper);
-	tsd_booted = true;
-	return false;
-}
-
-JEMALLOC_ALWAYS_INLINE void
-tsd_boot1(void) {
-	tsd_wrapper_t *wrapper;
-	wrapper = (tsd_wrapper_t *)
-	    malloc_tsd_malloc(sizeof(tsd_wrapper_t));
-	if (wrapper == NULL) {
-		malloc_write("<jemalloc>: Error allocating TSD\n");
-		abort();
-	}
-	tsd_boot_wrapper.initialized = false;
-	tsd_cleanup(&tsd_boot_wrapper.val);
-	wrapper->initialized = false;
-	tsd_t initializer = TSD_INITIALIZER;
-	wrapper->val = initializer;
-	tsd_wrapper_set(wrapper);
-}
-JEMALLOC_ALWAYS_INLINE bool
-tsd_boot(void) {
-	if (tsd_boot0()) {
-		return true;
-	}
-	tsd_boot1();
-	return false;
-}
-
-JEMALLOC_ALWAYS_INLINE bool
-tsd_booted_get(void) {
-	return tsd_booted;
-}
-
-JEMALLOC_ALWAYS_INLINE bool
-tsd_get_allocates(void) {
-	return true;
-}
-
-/* Get/set. */
-JEMALLOC_ALWAYS_INLINE tsd_t *
-tsd_get(bool init) {
-	tsd_wrapper_t *wrapper;
-
-	assert(tsd_booted);
-	wrapper = tsd_wrapper_get(init);
-	if (tsd_get_allocates() && !init && wrapper == NULL) {
-		return NULL;
-	}
-	return &wrapper->val;
-}
-
-JEMALLOC_ALWAYS_INLINE void
-tsd_set(tsd_t *val) {
-	tsd_wrapper_t *wrapper;
-
-	assert(tsd_booted);
-	wrapper = tsd_wrapper_get(true);
-	if (likely(&wrapper->val != val)) {
-		wrapper->val = *(val);
-	}
-	wrapper->initialized = true;
-}
->>>>>>> main
diff --git a/contrib/jemalloc/include/jemalloc/jemalloc_defs.h.in b/contrib/jemalloc/include/jemalloc/jemalloc_defs.h.in
index 19c990dcdbdf..cbe2fca6ba53 100644
--- a/contrib/jemalloc/include/jemalloc/jemalloc_defs.h.in
+++ b/contrib/jemalloc/include/jemalloc/jemalloc_defs.h.in
@@ -1,4 +1,3 @@
-<<<<<<< HEAD
 /* Defined if __attribute__((...)) syntax is supported. */
 #undef JEMALLOC_HAVE_ATTR
 
@@ -53,54 +52,3 @@
 
 /* sizeof(void *) == 2^LG_SIZEOF_PTR. */
 #undef LG_SIZEOF_PTR
-||||||| dec341af7695
-=======
-/* Defined if __attribute__((...)) syntax is supported. */
-#undef JEMALLOC_HAVE_ATTR
-
-/* Defined if alloc_size attribute is supported. */
-#undef JEMALLOC_HAVE_ATTR_ALLOC_SIZE
-
-/* Defined if format_arg(...) attribute is supported. */
-#undef JEMALLOC_HAVE_ATTR_FORMAT_ARG
-
-/* Defined if format(gnu_printf, ...) attribute is supported. */
-#undef JEMALLOC_HAVE_ATTR_FORMAT_GNU_PRINTF
-
-/* Defined if format(printf, ...) attribute is supported. */
-#undef JEMALLOC_HAVE_ATTR_FORMAT_PRINTF
-
-/*
- * Define overrides for non-standard allocator-related functions if they are
- * present on the system.
- */
-#undef JEMALLOC_OVERRIDE_MEMALIGN
-#undef JEMALLOC_OVERRIDE_VALLOC
-
-/*
- * At least Linux omits the "const" in:
- *
- *   size_t malloc_usable_size(const void *ptr);
- *
- * Match the operating system's prototype.
- */
-#undef JEMALLOC_USABLE_SIZE_CONST
-
-/*
- * If defined, specify throw() for the public function prototypes when compiling
- * with C++.  The only justification for this is to match the prototypes that
- * glibc defines.
- */
-#undef JEMALLOC_USE_CXX_THROW
-
-#ifdef _MSC_VER
-#  ifdef _WIN64
-#    define LG_SIZEOF_PTR_WIN 3
-#  else
-#    define LG_SIZEOF_PTR_WIN 2
-#  endif
-#endif
-
-/* sizeof(void *) == 2^LG_SIZEOF_PTR. */
-#undef LG_SIZEOF_PTR
->>>>>>> main
diff --git a/contrib/jemalloc/include/jemalloc/jemalloc_macros.h.in b/contrib/jemalloc/include/jemalloc/jemalloc_macros.h.in
index dc57f521f580..ebb3137e6f7e 100644
--- a/contrib/jemalloc/include/jemalloc/jemalloc_macros.h.in
+++ b/contrib/jemalloc/include/jemalloc/jemalloc_macros.h.in
@@ -1,4 +1,3 @@
-<<<<<<< HEAD
 #include <stdlib.h>
 #include <stdbool.h>
 #include <stdint.h>
@@ -148,135 +147,3 @@
 #else
 #  define JEMALLOC_SYS_NOTHROW JEMALLOC_NOTHROW
 #endif
-||||||| dec341af7695
-=======
-#include <stdlib.h>
-#include <stdbool.h>
-#include <stdint.h>
-#include <limits.h>
-#include <strings.h>
-
-#define JEMALLOC_VERSION "@jemalloc_version@"
-#define JEMALLOC_VERSION_MAJOR @jemalloc_version_major@
-#define JEMALLOC_VERSION_MINOR @jemalloc_version_minor@
-#define JEMALLOC_VERSION_BUGFIX @jemalloc_version_bugfix@
-#define JEMALLOC_VERSION_NREV @jemalloc_version_nrev@
-#define JEMALLOC_VERSION_GID "@jemalloc_version_gid@"
-#define JEMALLOC_VERSION_GID_IDENT @jemalloc_version_gid@
-
-#define MALLOCX_LG_ALIGN(la)	((int)(la))
-#if LG_SIZEOF_PTR == 2
-#  define MALLOCX_ALIGN(a)	((int)(ffs((int)(a))-1))
-#else
-#  define MALLOCX_ALIGN(a)						\
-     ((int)(((size_t)(a) < (size_t)INT_MAX) ? ffs((int)(a))-1 :	\
-     ffs((int)(((size_t)(a))>>32))+31))
-#endif
-#define MALLOCX_ZERO	((int)0x40)
-/*
- * Bias tcache index bits so that 0 encodes "automatic tcache management", and 1
- * encodes MALLOCX_TCACHE_NONE.
- */
-#define MALLOCX_TCACHE(tc)	((int)(((tc)+2) << 8))
-#define MALLOCX_TCACHE_NONE	MALLOCX_TCACHE(-1)
-/*
- * Bias arena index bits so that 0 encodes "use an automatically chosen arena".
- */
-#define MALLOCX_ARENA(a)	((((int)(a))+1) << 20)
-
-/*
- * Use as arena index in "arena.<i>.{purge,decay,dss}" and
- * "stats.arenas.<i>.*" mallctl interfaces to select all arenas.  This
- * definition is intentionally specified in raw decimal format to support
- * cpp-based string concatenation, e.g.
- *
- *   #define STRINGIFY_HELPER(x) #x
- *   #define STRINGIFY(x) STRINGIFY_HELPER(x)
- *
- *   mallctl("arena." STRINGIFY(MALLCTL_ARENAS_ALL) ".purge", NULL, NULL, NULL,
- *       0);
- */
-#define MALLCTL_ARENAS_ALL	4096
-/*
- * Use as arena index in "stats.arenas.<i>.*" mallctl interfaces to select
- * destroyed arenas.
- */
-#define MALLCTL_ARENAS_DESTROYED	4097
-
-#if defined(__cplusplus) && defined(JEMALLOC_USE_CXX_THROW)
-#  define JEMALLOC_CXX_THROW throw()
-#else
-#  define JEMALLOC_CXX_THROW
-#endif
-
-#if defined(_MSC_VER)
-#  define JEMALLOC_ATTR(s)
-#  define JEMALLOC_ALIGNED(s) __declspec(align(s))
-#  define JEMALLOC_ALLOC_SIZE(s)
-#  define JEMALLOC_ALLOC_SIZE2(s1, s2)
-#  ifndef JEMALLOC_EXPORT
-#    ifdef DLLEXPORT
-#      define JEMALLOC_EXPORT __declspec(dllexport)
-#    else
-#      define JEMALLOC_EXPORT __declspec(dllimport)
-#    endif
-#  endif
-#  define JEMALLOC_FORMAT_ARG(i)
-#  define JEMALLOC_FORMAT_PRINTF(s, i)
-#  define JEMALLOC_NOINLINE __declspec(noinline)
-#  ifdef __cplusplus
-#    define JEMALLOC_NOTHROW __declspec(nothrow)
-#  else
-#    define JEMALLOC_NOTHROW
-#  endif
-#  define JEMALLOC_SECTION(s) __declspec(allocate(s))
-#  define JEMALLOC_RESTRICT_RETURN __declspec(restrict)
-#  if _MSC_VER >= 1900 && !defined(__EDG__)
-#    define JEMALLOC_ALLOCATOR __declspec(allocator)
-#  else
-#    define JEMALLOC_ALLOCATOR
-#  endif
-#elif defined(JEMALLOC_HAVE_ATTR)
-#  define JEMALLOC_ATTR(s) __attribute__((s))
-#  define JEMALLOC_ALIGNED(s) JEMALLOC_ATTR(aligned(s))
-#  ifdef JEMALLOC_HAVE_ATTR_ALLOC_SIZE
-#    define JEMALLOC_ALLOC_SIZE(s) JEMALLOC_ATTR(alloc_size(s))
-#    define JEMALLOC_ALLOC_SIZE2(s1, s2) JEMALLOC_ATTR(alloc_size(s1, s2))
-#  else
-#    define JEMALLOC_ALLOC_SIZE(s)
-#    define JEMALLOC_ALLOC_SIZE2(s1, s2)
-#  endif
-#  ifndef JEMALLOC_EXPORT
-#    define JEMALLOC_EXPORT JEMALLOC_ATTR(visibility("default"))
-#  endif
-#  ifdef JEMALLOC_HAVE_ATTR_FORMAT_ARG
-#    define JEMALLOC_FORMAT_ARG(i) JEMALLOC_ATTR(__format_arg__(3))
-#  else
-#    define JEMALLOC_FORMAT_ARG(i)
-#  endif
-#  ifdef JEMALLOC_HAVE_ATTR_FORMAT_GNU_PRINTF
-#    define JEMALLOC_FORMAT_PRINTF(s, i) JEMALLOC_ATTR(format(gnu_printf, s, i))
-#  elif defined(JEMALLOC_HAVE_ATTR_FORMAT_PRINTF)
-#    define JEMALLOC_FORMAT_PRINTF(s, i) JEMALLOC_ATTR(format(printf, s, i))
-#  else
-#    define JEMALLOC_FORMAT_PRINTF(s, i)
-#  endif
-#  define JEMALLOC_NOINLINE JEMALLOC_ATTR(noinline)
-#  define JEMALLOC_NOTHROW JEMALLOC_ATTR(nothrow)
-#  define JEMALLOC_SECTION(s) JEMALLOC_ATTR(section(s))
-#  define JEMALLOC_RESTRICT_RETURN
-#  define JEMALLOC_ALLOCATOR
-#else
-#  define JEMALLOC_ATTR(s)
-#  define JEMALLOC_ALIGNED(s)
-#  define JEMALLOC_ALLOC_SIZE(s)
-#  define JEMALLOC_ALLOC_SIZE2(s1, s2)
-#  define JEMALLOC_EXPORT
-#  define JEMALLOC_FORMAT_PRINTF(s, i)
-#  define JEMALLOC_NOINLINE
-#  define JEMALLOC_NOTHROW
-#  define JEMALLOC_SECTION(s)
-#  define JEMALLOC_RESTRICT_RETURN
-#  define JEMALLOC_ALLOCATOR
-#endif
->>>>>>> main
diff --git a/contrib/jemalloc/include/jemalloc/jemalloc_protos.h.in b/contrib/jemalloc/include/jemalloc/jemalloc_protos.h.in
index 116ef116b4e1..356221cc8d52 100644
--- a/contrib/jemalloc/include/jemalloc/jemalloc_protos.h.in
+++ b/contrib/jemalloc/include/jemalloc/jemalloc_protos.h.in
@@ -1,4 +1,3 @@
-<<<<<<< HEAD
 /*
  * The @je_@ prefix on the following public symbol declarations is an artifact
  * of namespace management, and should be omitted in application code unless
@@ -70,72 +69,3 @@ JEMALLOC_EXPORT JEMALLOC_ALLOCATOR JEMALLOC_RESTRICT_RETURN
     void JEMALLOC_SYS_NOTHROW	*@je_@valloc(size_t size) JEMALLOC_CXX_THROW
     JEMALLOC_ATTR(malloc);
 #endif
-||||||| dec341af7695
-=======
-/*
- * The @je_@ prefix on the following public symbol declarations is an artifact
- * of namespace management, and should be omitted in application code unless
- * JEMALLOC_NO_DEMANGLE is defined (see jemalloc_mangle@install_suffix@.h).
- */
-extern JEMALLOC_EXPORT const char	*@je_@malloc_conf;
-extern JEMALLOC_EXPORT void		(*@je_@malloc_message)(void *cbopaque,
-    const char *s);
-
-JEMALLOC_EXPORT JEMALLOC_ALLOCATOR JEMALLOC_RESTRICT_RETURN
-    void JEMALLOC_NOTHROW	*@je_@malloc(size_t size)
-    JEMALLOC_CXX_THROW JEMALLOC_ATTR(malloc) JEMALLOC_ALLOC_SIZE(1);
-JEMALLOC_EXPORT JEMALLOC_ALLOCATOR JEMALLOC_RESTRICT_RETURN
-    void JEMALLOC_NOTHROW	*@je_@calloc(size_t num, size_t size)
-    JEMALLOC_CXX_THROW JEMALLOC_ATTR(malloc) JEMALLOC_ALLOC_SIZE2(1, 2);
-JEMALLOC_EXPORT int JEMALLOC_NOTHROW	@je_@posix_memalign(void **memptr,
-    size_t alignment, size_t size) JEMALLOC_CXX_THROW JEMALLOC_ATTR(nonnull(1));
-JEMALLOC_EXPORT JEMALLOC_ALLOCATOR JEMALLOC_RESTRICT_RETURN
-    void JEMALLOC_NOTHROW	*@je_@aligned_alloc(size_t alignment,
-    size_t size) JEMALLOC_CXX_THROW JEMALLOC_ATTR(malloc)
-    JEMALLOC_ALLOC_SIZE(2);
-JEMALLOC_EXPORT JEMALLOC_ALLOCATOR JEMALLOC_RESTRICT_RETURN
-    void JEMALLOC_NOTHROW	*@je_@realloc(void *ptr, size_t size)
-    JEMALLOC_CXX_THROW JEMALLOC_ALLOC_SIZE(2);
-JEMALLOC_EXPORT void JEMALLOC_NOTHROW	@je_@free(void *ptr)
-    JEMALLOC_CXX_THROW;
-
-JEMALLOC_EXPORT JEMALLOC_ALLOCATOR JEMALLOC_RESTRICT_RETURN
-    void JEMALLOC_NOTHROW	*@je_@mallocx(size_t size, int flags)
-    JEMALLOC_ATTR(malloc) JEMALLOC_ALLOC_SIZE(1);
-JEMALLOC_EXPORT JEMALLOC_ALLOCATOR JEMALLOC_RESTRICT_RETURN
-    void JEMALLOC_NOTHROW	*@je_@rallocx(void *ptr, size_t size,
-    int flags) JEMALLOC_ALLOC_SIZE(2);
-JEMALLOC_EXPORT size_t JEMALLOC_NOTHROW	@je_@xallocx(void *ptr, size_t size,
-    size_t extra, int flags);
-JEMALLOC_EXPORT size_t JEMALLOC_NOTHROW	@je_@sallocx(const void *ptr,
-    int flags) JEMALLOC_ATTR(pure);
-JEMALLOC_EXPORT void JEMALLOC_NOTHROW	@je_@dallocx(void *ptr, int flags);
-JEMALLOC_EXPORT void JEMALLOC_NOTHROW	@je_@sdallocx(void *ptr, size_t size,
-    int flags);
-JEMALLOC_EXPORT size_t JEMALLOC_NOTHROW	@je_@nallocx(size_t size, int flags)
-    JEMALLOC_ATTR(pure);
-
-JEMALLOC_EXPORT int JEMALLOC_NOTHROW	@je_@mallctl(const char *name,
-    void *oldp, size_t *oldlenp, void *newp, size_t newlen);
-JEMALLOC_EXPORT int JEMALLOC_NOTHROW	@je_@mallctlnametomib(const char *name,
-    size_t *mibp, size_t *miblenp);
-JEMALLOC_EXPORT int JEMALLOC_NOTHROW	@je_@mallctlbymib(const size_t *mib,
-    size_t miblen, void *oldp, size_t *oldlenp, void *newp, size_t newlen);
-JEMALLOC_EXPORT void JEMALLOC_NOTHROW	@je_@malloc_stats_print(
-    void (*write_cb)(void *, const char *), void *@je_@cbopaque,
-    const char *opts);
-JEMALLOC_EXPORT size_t JEMALLOC_NOTHROW	@je_@malloc_usable_size(
-    JEMALLOC_USABLE_SIZE_CONST void *ptr) JEMALLOC_CXX_THROW;
-
-#ifdef JEMALLOC_OVERRIDE_MEMALIGN
-JEMALLOC_EXPORT JEMALLOC_ALLOCATOR JEMALLOC_RESTRICT_RETURN
-    void JEMALLOC_NOTHROW	*@je_@memalign(size_t alignment, size_t size)
-    JEMALLOC_CXX_THROW JEMALLOC_ATTR(malloc);
-#endif
-
-#ifdef JEMALLOC_OVERRIDE_VALLOC
-JEMALLOC_EXPORT JEMALLOC_ALLOCATOR JEMALLOC_RESTRICT_RETURN
-    void JEMALLOC_NOTHROW	*@je_@valloc(size_t size) JEMALLOC_CXX_THROW
-    JEMALLOC_ATTR(malloc);
-#endif
->>>>>>> main
diff --git a/contrib/jemalloc/m4/ax_cxx_compile_stdcxx.m4 b/contrib/jemalloc/m4/ax_cxx_compile_stdcxx.m4
index 72784472d275..43087b2e6889 100644
--- a/contrib/jemalloc/m4/ax_cxx_compile_stdcxx.m4
+++ b/contrib/jemalloc/m4/ax_cxx_compile_stdcxx.m4
@@ -1,4 +1,3 @@
-<<<<<<< HEAD
 # ===========================================================================
 #  https://www.gnu.org/software/autoconf-archive/ax_cxx_compile_stdcxx.html
 # ===========================================================================
@@ -950,568 +949,3 @@ namespace cxx17
 #endif  // __cplusplus < 201703L
 
 ]])
-||||||| dec341af7695
-=======
-# ===========================================================================
-#   http://www.gnu.org/software/autoconf-archive/ax_cxx_compile_stdcxx.html
-# ===========================================================================
-#
-# SYNOPSIS
-#
-#   AX_CXX_COMPILE_STDCXX(VERSION, [ext|noext], [mandatory|optional])
-#
-# DESCRIPTION
-#
-#   Check for baseline language coverage in the compiler for the specified
-#   version of the C++ standard.  If necessary, add switches to CXX and
-#   CXXCPP to enable support.  VERSION may be '11' (for the C++11 standard)
-#   or '14' (for the C++14 standard).
-#
-#   The second argument, if specified, indicates whether you insist on an
-#   extended mode (e.g. -std=gnu++11) or a strict conformance mode (e.g.
-#   -std=c++11).  If neither is specified, you get whatever works, with
-#   preference for an extended mode.
-#
-#   The third argument, if specified 'mandatory' or if left unspecified,
-#   indicates that baseline support for the specified C++ standard is
-#   required and that the macro should error out if no mode with that
-#   support is found.  If specified 'optional', then configuration proceeds
-#   regardless, after defining HAVE_CXX${VERSION} if and only if a
-#   supporting mode is found.
-#
-# LICENSE
-#
-#   Copyright (c) 2008 Benjamin Kosnik <bkoz@redhat.com>
-#   Copyright (c) 2012 Zack Weinberg <zackw@panix.com>
-#   Copyright (c) 2013 Roy Stogner <roystgnr@ices.utexas.edu>
-#   Copyright (c) 2014, 2015 Google Inc.; contributed by Alexey Sokolov <sokolov@google.com>
-#   Copyright (c) 2015 Paul Norman <penorman@mac.com>
-#   Copyright (c) 2015 Moritz Klammler <moritz@klammler.eu>
-#
-#   Copying and distribution of this file, with or without modification, are
-#   permitted in any medium without royalty provided the copyright notice
-#   and this notice are preserved.  This file is offered as-is, without any
-#   warranty.
-
-#serial 4
-
-dnl  This macro is based on the code from the AX_CXX_COMPILE_STDCXX_11 macro
-dnl  (serial version number 13).
-
-AC_DEFUN([AX_CXX_COMPILE_STDCXX], [dnl
-  m4_if([$1], [11], [],
-        [$1], [14], [],
-        [$1], [17], [m4_fatal([support for C++17 not yet implemented in AX_CXX_COMPILE_STDCXX])],
-        [m4_fatal([invalid first argument `$1' to AX_CXX_COMPILE_STDCXX])])dnl
-  m4_if([$2], [], [],
-        [$2], [ext], [],
-        [$2], [noext], [],
-        [m4_fatal([invalid second argument `$2' to AX_CXX_COMPILE_STDCXX])])dnl
-  m4_if([$3], [], [ax_cxx_compile_cxx$1_required=true],
-        [$3], [mandatory], [ax_cxx_compile_cxx$1_required=true],
-        [$3], [optional], [ax_cxx_compile_cxx$1_required=false],
-        [m4_fatal([invalid third argument `$3' to AX_CXX_COMPILE_STDCXX])])
-  AC_LANG_PUSH([C++])dnl
-  ac_success=no
-  AC_CACHE_CHECK(whether $CXX supports C++$1 features by default,
-  ax_cv_cxx_compile_cxx$1,
-  [AC_COMPILE_IFELSE([AC_LANG_SOURCE([_AX_CXX_COMPILE_STDCXX_testbody_$1])],
-    [ax_cv_cxx_compile_cxx$1=yes],
-    [ax_cv_cxx_compile_cxx$1=no])])
-  if test x$ax_cv_cxx_compile_cxx$1 = xyes; then
-    ac_success=yes
-  fi
-
-  m4_if([$2], [noext], [], [dnl
-  if test x$ac_success = xno; then
-    for switch in -std=gnu++$1 -std=gnu++0x; do
-      cachevar=AS_TR_SH([ax_cv_cxx_compile_cxx$1_$switch])
-      AC_CACHE_CHECK(whether $CXX supports C++$1 features with $switch,
-                     $cachevar,
-        [ac_save_CXX="$CXX"
-         CXX="$CXX $switch"
-         AC_COMPILE_IFELSE([AC_LANG_SOURCE([_AX_CXX_COMPILE_STDCXX_testbody_$1])],
-          [eval $cachevar=yes],
-          [eval $cachevar=no])
-         CXX="$ac_save_CXX"])
-      if eval test x\$$cachevar = xyes; then
-        CXX="$CXX $switch"
-        if test -n "$CXXCPP" ; then
-          CXXCPP="$CXXCPP $switch"
-        fi
-        ac_success=yes
-        break
-      fi
-    done
-  fi])
-
-  m4_if([$2], [ext], [], [dnl
-  if test x$ac_success = xno; then
-    dnl HP's aCC needs +std=c++11 according to:
-    dnl http://h21007.www2.hp.com/portal/download/files/unprot/aCxx/PDF_Release_Notes/769149-001.pdf
-    dnl Cray's crayCC needs "-h std=c++11"
-    for switch in -std=c++$1 -std=c++0x +std=c++$1 "-h std=c++$1"; do
-      cachevar=AS_TR_SH([ax_cv_cxx_compile_cxx$1_$switch])
-      AC_CACHE_CHECK(whether $CXX supports C++$1 features with $switch,
-                     $cachevar,
-        [ac_save_CXX="$CXX"
-         CXX="$CXX $switch"
-         AC_COMPILE_IFELSE([AC_LANG_SOURCE([_AX_CXX_COMPILE_STDCXX_testbody_$1])],
-          [eval $cachevar=yes],
-          [eval $cachevar=no])
-         CXX="$ac_save_CXX"])
-      if eval test x\$$cachevar = xyes; then
-        CXX="$CXX $switch"
-        if test -n "$CXXCPP" ; then
-          CXXCPP="$CXXCPP $switch"
-        fi
-        ac_success=yes
-        break
-      fi
-    done
-  fi])
-  AC_LANG_POP([C++])
-  if test x$ax_cxx_compile_cxx$1_required = xtrue; then
-    if test x$ac_success = xno; then
-      AC_MSG_ERROR([*** A compiler with support for C++$1 language features is required.])
-    fi
-  fi
-  if test x$ac_success = xno; then
-    HAVE_CXX$1=0
-    AC_MSG_NOTICE([No compiler with C++$1 support was found])
-  else
-    HAVE_CXX$1=1
-    AC_DEFINE(HAVE_CXX$1,1,
-              [define if the compiler supports basic C++$1 syntax])
-  fi
-  AC_SUBST(HAVE_CXX$1)
-])
-
-
-dnl  Test body for checking C++11 support
-
-m4_define([_AX_CXX_COMPILE_STDCXX_testbody_11],
-  _AX_CXX_COMPILE_STDCXX_testbody_new_in_11
-)
-
-
-dnl  Test body for checking C++14 support
-
-m4_define([_AX_CXX_COMPILE_STDCXX_testbody_14],
-  _AX_CXX_COMPILE_STDCXX_testbody_new_in_11
-  _AX_CXX_COMPILE_STDCXX_testbody_new_in_14
-)
-
-
-dnl  Tests for new features in C++11
-
-m4_define([_AX_CXX_COMPILE_STDCXX_testbody_new_in_11], [[
-
-// If the compiler admits that it is not ready for C++11, why torture it?
-// Hopefully, this will speed up the test.
-
-#ifndef __cplusplus
-
-#error "This is not a C++ compiler"
-
-#elif __cplusplus < 201103L
-
-#error "This is not a C++11 compiler"
-
-#else
-
-namespace cxx11
-{
-
-  namespace test_static_assert
-  {
-
-    template <typename T>
-    struct check
-    {
-      static_assert(sizeof(int) <= sizeof(T), "not big enough");
-    };
-
-  }
-
-  namespace test_final_override
-  {
-
-    struct Base
-    {
-      virtual void f() {}
-    };
-
-    struct Derived : public Base
-    {
-      virtual void f() override {}
-    };
-
-  }
-
-  namespace test_double_right_angle_brackets
-  {
-
-    template < typename T >
-    struct check {};
-
-    typedef check<void> single_type;
-    typedef check<check<void>> double_type;
-    typedef check<check<check<void>>> triple_type;
-    typedef check<check<check<check<void>>>> quadruple_type;
-
-  }
-
-  namespace test_decltype
-  {
-
-    int
-    f()
-    {
-      int a = 1;
-      decltype(a) b = 2;
-      return a + b;
-    }
-
-  }
-
-  namespace test_type_deduction
-  {
-
-    template < typename T1, typename T2 >
-    struct is_same
-    {
-      static const bool value = false;
-    };
-
-    template < typename T >
-    struct is_same<T, T>
-    {
-      static const bool value = true;
-    };
-
-    template < typename T1, typename T2 >
-    auto
-    add(T1 a1, T2 a2) -> decltype(a1 + a2)
-    {
-      return a1 + a2;
-    }
-
-    int
-    test(const int c, volatile int v)
-    {
-      static_assert(is_same<int, decltype(0)>::value == true, "");
-      static_assert(is_same<int, decltype(c)>::value == false, "");
-      static_assert(is_same<int, decltype(v)>::value == false, "");
-      auto ac = c;
-      auto av = v;
-      auto sumi = ac + av + 'x';
-      auto sumf = ac + av + 1.0;
-      static_assert(is_same<int, decltype(ac)>::value == true, "");
-      static_assert(is_same<int, decltype(av)>::value == true, "");
-      static_assert(is_same<int, decltype(sumi)>::value == true, "");
-      static_assert(is_same<int, decltype(sumf)>::value == false, "");
-      static_assert(is_same<int, decltype(add(c, v))>::value == true, "");
-      return (sumf > 0.0) ? sumi : add(c, v);
-    }
-
-  }
-
-  namespace test_noexcept
-  {
-
-    int f() { return 0; }
-    int g() noexcept { return 0; }
-
-    static_assert(noexcept(f()) == false, "");
-    static_assert(noexcept(g()) == true, "");
-
-  }
-
-  namespace test_constexpr
-  {
-
-    template < typename CharT >
-    unsigned long constexpr
-    strlen_c_r(const CharT *const s, const unsigned long acc) noexcept
-    {
-      return *s ? strlen_c_r(s + 1, acc + 1) : acc;
-    }
-
-    template < typename CharT >
-    unsigned long constexpr
-    strlen_c(const CharT *const s) noexcept
-    {
-      return strlen_c_r(s, 0UL);
-    }
-
-    static_assert(strlen_c("") == 0UL, "");
-    static_assert(strlen_c("1") == 1UL, "");
-    static_assert(strlen_c("example") == 7UL, "");
-    static_assert(strlen_c("another\0example") == 7UL, "");
-
-  }
-
-  namespace test_rvalue_references
-  {
-
-    template < int N >
-    struct answer
-    {
-      static constexpr int value = N;
-    };
-
-    answer<1> f(int&)       { return answer<1>(); }
-    answer<2> f(const int&) { return answer<2>(); }
-    answer<3> f(int&&)      { return answer<3>(); }
-
-    void
-    test()
-    {
-      int i = 0;
-      const int c = 0;
-      static_assert(decltype(f(i))::value == 1, "");
-      static_assert(decltype(f(c))::value == 2, "");
-      static_assert(decltype(f(0))::value == 3, "");
-    }
-
-  }
-
-  namespace test_uniform_initialization
-  {
-
-    struct test
-    {
-      static const int zero {};
-      static const int one {1};
-    };
-
-    static_assert(test::zero == 0, "");
-    static_assert(test::one == 1, "");
-
-  }
-
-  namespace test_lambdas
-  {
-
-    void
-    test1()
-    {
-      auto lambda1 = [](){};
-      auto lambda2 = lambda1;
-      lambda1();
-      lambda2();
-    }
-
-    int
-    test2()
-    {
-      auto a = [](int i, int j){ return i + j; }(1, 2);
-      auto b = []() -> int { return '0'; }();
-      auto c = [=](){ return a + b; }();
-      auto d = [&](){ return c; }();
-      auto e = [a, &b](int x) mutable {
-        const auto identity = [](int y){ return y; };
-        for (auto i = 0; i < a; ++i)
-          a += b--;
-        return x + identity(a + b);
-      }(0);
-      return a + b + c + d + e;
-    }
-
-    int
-    test3()
-    {
-      const auto nullary = [](){ return 0; };
-      const auto unary = [](int x){ return x; };
-      using nullary_t = decltype(nullary);
-      using unary_t = decltype(unary);
-      const auto higher1st = [](nullary_t f){ return f(); };
-      const auto higher2nd = [unary](nullary_t f1){
-        return [unary, f1](unary_t f2){ return f2(unary(f1())); };
-      };
-      return higher1st(nullary) + higher2nd(nullary)(unary);
-    }
-
-  }
-
-  namespace test_variadic_templates
-  {
-
-    template <int...>
-    struct sum;
-
-    template <int N0, int... N1toN>
-    struct sum<N0, N1toN...>
-    {
-      static constexpr auto value = N0 + sum<N1toN...>::value;
-    };
-
-    template <>
-    struct sum<>
-    {
-      static constexpr auto value = 0;
-    };
-
-    static_assert(sum<>::value == 0, "");
-    static_assert(sum<1>::value == 1, "");
-    static_assert(sum<23>::value == 23, "");
-    static_assert(sum<1, 2>::value == 3, "");
-    static_assert(sum<5, 5, 11>::value == 21, "");
-    static_assert(sum<2, 3, 5, 7, 11, 13>::value == 41, "");
-
-  }
-
-  // http://stackoverflow.com/questions/13728184/template-aliases-and-sfinae
-  // Clang 3.1 fails with headers of libstd++ 4.8.3 when using std::function
-  // because of this.
-  namespace test_template_alias_sfinae
-  {
-
-    struct foo {};
-
-    template<typename T>
-    using member = typename T::member_type;
-
-    template<typename T>
-    void func(...) {}
-
-    template<typename T>
-    void func(member<T>*) {}
-
-    void test();
-
-    void test() { func<foo>(0); }
-
-  }
-
-}  // namespace cxx11
-
-#endif  // __cplusplus >= 201103L
-
-]])
-
-
-dnl  Tests for new features in C++14
-
-m4_define([_AX_CXX_COMPILE_STDCXX_testbody_new_in_14], [[
-
-// If the compiler admits that it is not ready for C++14, why torture it?
-// Hopefully, this will speed up the test.
-
-#ifndef __cplusplus
-
-#error "This is not a C++ compiler"
-
-#elif __cplusplus < 201402L
-
-#error "This is not a C++14 compiler"
-
-#else
-
-namespace cxx14
-{
-
-  namespace test_polymorphic_lambdas
-  {
-
-    int
-    test()
-    {
-      const auto lambda = [](auto&&... args){
-        const auto istiny = [](auto x){
-          return (sizeof(x) == 1UL) ? 1 : 0;
-        };
-        const int aretiny[] = { istiny(args)... };
-        return aretiny[0];
-      };
-      return lambda(1, 1L, 1.0f, '1');
-    }
-
-  }
-
-  namespace test_binary_literals
-  {
-
-    constexpr auto ivii = 0b0000000000101010;
-    static_assert(ivii == 42, "wrong value");
-
-  }
-
-  namespace test_generalized_constexpr
-  {
-
-    template < typename CharT >
-    constexpr unsigned long
-    strlen_c(const CharT *const s) noexcept
-    {
-      auto length = 0UL;
-      for (auto p = s; *p; ++p)
-        ++length;
-      return length;
-    }
-
-    static_assert(strlen_c("") == 0UL, "");
-    static_assert(strlen_c("x") == 1UL, "");
-    static_assert(strlen_c("test") == 4UL, "");
-    static_assert(strlen_c("another\0test") == 7UL, "");
-
-  }
-
-  namespace test_lambda_init_capture
-  {
-
-    int
-    test()
-    {
-      auto x = 0;
-      const auto lambda1 = [a = x](int b){ return a + b; };
-      const auto lambda2 = [a = lambda1(x)](){ return a; };
-      return lambda2();
-    }
-
-  }
-
-  namespace test_digit_seperators
-  {
-
-    constexpr auto ten_million = 100'000'000;
-    static_assert(ten_million == 100000000, "");
-
-  }
-
-  namespace test_return_type_deduction
-  {
-
-    auto f(int& x) { return x; }
-    decltype(auto) g(int& x) { return x; }
-
-    template < typename T1, typename T2 >
-    struct is_same
-    {
-      static constexpr auto value = false;
-    };
-
-    template < typename T >
-    struct is_same<T, T>
-    {
-      static constexpr auto value = true;
-    };
-
-    int
-    test()
-    {
-      auto x = 0;
-      static_assert(is_same<int, decltype(f(x))>::value, "");
-      static_assert(is_same<int&, decltype(g(x))>::value, "");
-      return x;
-    }
-
-  }
-
-}  // namespace cxx14
-
-#endif  // __cplusplus >= 201402L
-
-]])
->>>>>>> main
diff --git a/contrib/jemalloc/scripts/gen_run_tests.py b/contrib/jemalloc/scripts/gen_run_tests.py
index 698d3bce4bbf..7c3075f9f6a6 100755
--- a/contrib/jemalloc/scripts/gen_run_tests.py
+++ b/contrib/jemalloc/scripts/gen_run_tests.py
@@ -1,4 +1,3 @@
-<<<<<<< HEAD
 #!/usr/bin/env python3
 
 import sys
@@ -129,132 +128,3 @@ chmod 755 run_test_%(ind)d.sh""" % {'ind': ind, 'config_line': config_line,
 
 print('for i in `seq 0 %(last_ind)d` ; do echo run_test_${i}.sh ; done | xargs'
     ' -P %(nparallel)d -n 1 sh' % {'last_ind': ind-1, 'nparallel': nparallel})
-||||||| dec341af7695
-=======
-#!/usr/bin/env python
-
-import sys
-from itertools import combinations
-from os import uname
-from multiprocessing import cpu_count
-from subprocess import call
-
-# Later, we want to test extended vaddr support.  Apparently, the "real" way of
-# checking this is flaky on OS X.
-bits_64 = sys.maxsize > 2**32
-
-nparallel = cpu_count() * 2
-
-uname = uname()[0]
-
-if "BSD" in uname:
-    make_cmd = 'gmake'
-else:
-    make_cmd = 'make'
-
-def powerset(items):
-    result = []
-    for i in xrange(len(items) + 1):
-        result += combinations(items, i)
-    return result
-
-possible_compilers = []
-for cc, cxx in (['gcc', 'g++'], ['clang', 'clang++']):
-    try:
-        cmd_ret = call([cc, "-v"])
-        if cmd_ret == 0:
-            possible_compilers.append((cc, cxx))
-    except:
-        pass
-possible_compiler_opts = [
-    '-m32',
-]
-possible_config_opts = [
-    '--enable-debug',
-    '--enable-prof',
-    '--disable-stats',
-    '--enable-opt-safety-checks',
-]
-if bits_64:
-    possible_config_opts.append('--with-lg-vaddr=56')
-
-possible_malloc_conf_opts = [
-    'tcache:false',
-    'dss:primary',
-    'percpu_arena:percpu',
-    'background_thread:true',
-]
-
-print 'set -e'
-print 'if [ -f Makefile ] ; then %(make_cmd)s relclean ; fi' % {'make_cmd': make_cmd}
-print 'autoconf'
-print 'rm -rf run_tests.out'
-print 'mkdir run_tests.out'
-print 'cd run_tests.out'
-
-ind = 0
-for cc, cxx in possible_compilers:
-    for compiler_opts in powerset(possible_compiler_opts):
-        for config_opts in powerset(possible_config_opts):
-            for malloc_conf_opts in powerset(possible_malloc_conf_opts):
-                if cc is 'clang' \
-                  and '-m32' in possible_compiler_opts \
-                  and '--enable-prof' in config_opts:
-                    continue
-                config_line = (
-                    'EXTRA_CFLAGS=-Werror EXTRA_CXXFLAGS=-Werror '
-                    + 'CC="{} {}" '.format(cc, " ".join(compiler_opts))
-                    + 'CXX="{} {}" '.format(cxx, " ".join(compiler_opts))
-                    + '../../configure '
-                    + " ".join(config_opts) + (' --with-malloc-conf=' +
-                    ",".join(malloc_conf_opts) if len(malloc_conf_opts) > 0
-                    else '')
-                )
-
-                # We don't want to test large vaddr spaces in 32-bit mode.
-		if ('-m32' in compiler_opts and '--with-lg-vaddr=56' in
-                  config_opts):
-		    continue
-
-                # Per CPU arenas are only supported on Linux.
-                linux_supported = ('percpu_arena:percpu' in malloc_conf_opts \
-                  or 'background_thread:true' in malloc_conf_opts)
-                # Heap profiling and dss are not supported on OS X.
-                darwin_unsupported = ('--enable-prof' in config_opts or \
-                  'dss:primary' in malloc_conf_opts)
-                if (uname == 'Linux' and linux_supported) \
-                  or (not linux_supported and (uname != 'Darwin' or \
-                  not darwin_unsupported)):
-                    print """cat <<EOF > run_test_%(ind)d.sh
-#!/bin/sh
-
-set -e
-
-abort() {
-    echo "==> Error" >> run_test.log
-    echo "Error; see run_tests.out/run_test_%(ind)d.out/run_test.log"
-    exit 255 # Special exit code tells xargs to terminate.
-}
-
-# Environment variables are not supported.
-run_cmd() {
-    echo "==> \$@" >> run_test.log
-    \$@ >> run_test.log 2>&1 || abort
-}
-
-echo "=> run_test_%(ind)d: %(config_line)s"
-mkdir run_test_%(ind)d.out
-cd run_test_%(ind)d.out
-
-echo "==> %(config_line)s" >> run_test.log
-%(config_line)s >> run_test.log 2>&1 || abort
-
-run_cmd %(make_cmd)s all tests
-run_cmd %(make_cmd)s check
-run_cmd %(make_cmd)s distclean
-EOF
-chmod 755 run_test_%(ind)d.sh""" % {'ind': ind, 'config_line': config_line, 'make_cmd': make_cmd}
-                    ind += 1
-
-print 'for i in `seq 0 %(last_ind)d` ; do echo run_test_${i}.sh ; done | xargs -P %(nparallel)d -n 1 sh' % {'last_ind': ind-1, 'nparallel': nparallel}
->>>>>>> main
diff --git a/contrib/jemalloc/scripts/gen_travis.py b/contrib/jemalloc/scripts/gen_travis.py
index c306744e6a65..4366a066eeab 100755
--- a/contrib/jemalloc/scripts/gen_travis.py
+++ b/contrib/jemalloc/scripts/gen_travis.py
@@ -1,4 +1,3 @@
-<<<<<<< HEAD
 #!/usr/bin/env python3
 
 from itertools import combinations, chain
@@ -326,155 +325,3 @@ def main():
 
 if __name__ == '__main__':
     main()
-||||||| dec341af7695
-=======
-#!/usr/bin/env python
-
-from itertools import combinations
-
-travis_template = """\
-language: generic
-dist: precise
-
-matrix:
-  include:
-%s
-
-before_script:
-  - autoconf
-  - scripts/gen_travis.py > travis_script && diff .travis.yml travis_script
-  - ./configure ${COMPILER_FLAGS:+ \
-      CC="$CC $COMPILER_FLAGS" \
-      CXX="$CXX $COMPILER_FLAGS" } \
-      $CONFIGURE_FLAGS
-  - make -j3
-  - make -j3 tests
-
-script:
-  - make check
-"""
-
-# The 'default' configuration is gcc, on linux, with no compiler or configure
-# flags.  We also test with clang, -m32, --enable-debug, --enable-prof,
-# --disable-stats, and --with-malloc-conf=tcache:false.  To avoid abusing
-# travis though, we don't test all 2**7 = 128 possible combinations of these;
-# instead, we only test combinations of up to 2 'unusual' settings, under the
-# hope that bugs involving interactions of such settings are rare.
-# Things at once, for C(7, 0) + C(7, 1) + C(7, 2) = 29
-MAX_UNUSUAL_OPTIONS = 2
-
-os_default = 'linux'
-os_unusual = 'osx'
-
-compilers_default = 'CC=gcc CXX=g++'
-compilers_unusual = 'CC=clang CXX=clang++'
-
-compiler_flag_unusuals = ['-m32']
-
-configure_flag_unusuals = [
-    '--enable-debug',
-    '--enable-prof',
-    '--disable-stats',
-    '--disable-libdl',
-    '--enable-opt-safety-checks',
-]
-
-malloc_conf_unusuals = [
-    'tcache:false',
-    'dss:primary',
-    'percpu_arena:percpu',
-    'background_thread:true',
-]
-
-all_unusuals = (
-    [os_unusual] + [compilers_unusual] + compiler_flag_unusuals
-    + configure_flag_unusuals + malloc_conf_unusuals
-)
-
-unusual_combinations_to_test = []
-for i in xrange(MAX_UNUSUAL_OPTIONS + 1):
-    unusual_combinations_to_test += combinations(all_unusuals, i)
-
-gcc_multilib_set = False
-# Formats a job from a combination of flags
-def format_job(combination):
-    global gcc_multilib_set
-
-    os = os_unusual if os_unusual in combination else os_default
-    compilers = compilers_unusual if compilers_unusual in combination else compilers_default
-
-    compiler_flags = [x for x in combination if x in compiler_flag_unusuals]
-    configure_flags = [x for x in combination if x in configure_flag_unusuals]
-    malloc_conf = [x for x in combination if x in malloc_conf_unusuals]
-
-    # Filter out unsupported configurations on OS X.
-    if os == 'osx' and ('dss:primary' in malloc_conf or \
-      'percpu_arena:percpu' in malloc_conf or 'background_thread:true' \
-      in malloc_conf):
-        return ""
-    if len(malloc_conf) > 0:
-        configure_flags.append('--with-malloc-conf=' + ",".join(malloc_conf))
-
-    # Filter out an unsupported configuration - heap profiling on OS X.
-    if os == 'osx' and '--enable-prof' in configure_flags:
-        return ""
-
-    # We get some spurious errors when -Warray-bounds is enabled.
-    env_string = ('{} COMPILER_FLAGS="{}" CONFIGURE_FLAGS="{}" '
-	'EXTRA_CFLAGS="-Werror -Wno-array-bounds"').format(
-        compilers, " ".join(compiler_flags), " ".join(configure_flags))
-
-    job = ""
-    job += '    - os: %s\n' % os
-    job += '      env: %s\n' % env_string
-    if '-m32' in combination and os == 'linux':
-        job += '      addons:'
-        if gcc_multilib_set:
-            job += ' *gcc_multilib\n'
-        else:
-            job += ' &gcc_multilib\n'
-            job += '        apt:\n'
-            job += '          packages:\n'
-            job += '            - gcc-multilib\n'
-            gcc_multilib_set = True
-    return job
-
-include_rows = ""
-for combination in unusual_combinations_to_test:
-    include_rows += format_job(combination)
-
-# Development build
-include_rows += '''\
-    # Development build
-    - os: linux
-      env: CC=gcc CXX=g++ COMPILER_FLAGS="" CONFIGURE_FLAGS="--enable-debug --disable-cache-oblivious --enable-stats --enable-log --enable-prof" EXTRA_CFLAGS="-Werror -Wno-array-bounds"
-'''
-
-# Enable-expermental-smallocx
-include_rows += '''\
-    # --enable-expermental-smallocx:
-    - os: linux
-      env: CC=gcc CXX=g++ COMPILER_FLAGS="" CONFIGURE_FLAGS="--enable-debug --enable-experimental-smallocx --enable-stats --enable-prof" EXTRA_CFLAGS="-Werror -Wno-array-bounds"
-'''
-
-# Valgrind build bots
-include_rows += '''
-    # Valgrind
-    - os: linux
-      env: CC=gcc CXX=g++ COMPILER_FLAGS="" CONFIGURE_FLAGS="" EXTRA_CFLAGS="-Werror -Wno-array-bounds" JEMALLOC_TEST_PREFIX="valgrind"
-      addons:
-        apt:
-          packages:
-            - valgrind
-'''
-
-# To enable valgrind on macosx add:
-#
-#  - os: osx
-#    env: CC=gcc CXX=g++ COMPILER_FLAGS="" CONFIGURE_FLAGS="" EXTRA_CFLAGS="-Werror -Wno-array-bounds" JEMALLOC_TEST_PREFIX="valgrind"
-#    install: brew install valgrind
-#
-# It currently fails due to: https://github.com/jemalloc/jemalloc/issues/1274
-
-print travis_template % include_rows
->>>>>>> main
diff --git a/contrib/jemalloc/src/jemalloc_cpp.cpp b/contrib/jemalloc/src/jemalloc_cpp.cpp
index d606686e0c97..451655f1b5a5 100644
--- a/contrib/jemalloc/src/jemalloc_cpp.cpp
+++ b/contrib/jemalloc/src/jemalloc_cpp.cpp
@@ -1,4 +1,3 @@
-<<<<<<< HEAD
 #include <mutex>
 #include <new>
 
@@ -253,147 +252,3 @@ operator delete[](void* ptr, std::size_t size, std::align_val_t alignment) noexc
 }
 
 #endif  // __cpp_aligned_new
-||||||| dec341af7695
-=======
-#include <mutex>
-#include <new>
-
-#define JEMALLOC_CPP_CPP_
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#include "jemalloc/internal/jemalloc_preamble.h"
-#include "jemalloc/internal/jemalloc_internal_includes.h"
-
-#ifdef __cplusplus
-}
-#endif
-
-// All operators in this file are exported.
-
-// Possibly alias hidden versions of malloc and sdallocx to avoid an extra plt
-// thunk?
-//
-// extern __typeof (sdallocx) sdallocx_int
-//  __attribute ((alias ("sdallocx"),
-//		visibility ("hidden")));
-//
-// ... but it needs to work with jemalloc namespaces.
-
-void	*operator new(std::size_t size);
-void	*operator new[](std::size_t size);
-void	*operator new(std::size_t size, const std::nothrow_t &) noexcept;
-void	*operator new[](std::size_t size, const std::nothrow_t &) noexcept;
-void	operator delete(void *ptr) noexcept;
-void	operator delete[](void *ptr) noexcept;
-void	operator delete(void *ptr, const std::nothrow_t &) noexcept;
-void	operator delete[](void *ptr, const std::nothrow_t &) noexcept;
-
-#if __cpp_sized_deallocation >= 201309
-/* C++14's sized-delete operators. */
-void	operator delete(void *ptr, std::size_t size) noexcept;
-void	operator delete[](void *ptr, std::size_t size) noexcept;
-#endif
-
-JEMALLOC_NOINLINE
-static void *
-handleOOM(std::size_t size, bool nothrow) {
-	void *ptr = nullptr;
-
-	while (ptr == nullptr) {
-		std::new_handler handler;
-		// GCC-4.8 and clang 4.0 do not have std::get_new_handler.
-		{
-			static std::mutex mtx;
-			std::lock_guard<std::mutex> lock(mtx);
-
-			handler = std::set_new_handler(nullptr);
-			std::set_new_handler(handler);
-		}
-		if (handler == nullptr)
-			break;
-
-		try {
-			handler();
-		} catch (const std::bad_alloc &) {
-			break;
-		}
-
-		ptr = je_malloc(size);
-	}
-
-	if (ptr == nullptr && !nothrow)
-		std::__throw_bad_alloc();
-	return ptr;
-}
-
-template <bool IsNoExcept>
-JEMALLOC_ALWAYS_INLINE
-void *
-newImpl(std::size_t size) noexcept(IsNoExcept) {
-	void *ptr = je_malloc(size);
-	if (likely(ptr != nullptr))
-		return ptr;
-
-	return handleOOM(size, IsNoExcept);
-}
-
-void *
-operator new(std::size_t size) {
-	return newImpl<false>(size);
-}
-
-void *
-operator new[](std::size_t size) {
-	return newImpl<false>(size);
-}
-
-void *
-operator new(std::size_t size, const std::nothrow_t &) noexcept {
-	return newImpl<true>(size);
-}
-
-void *
-operator new[](std::size_t size, const std::nothrow_t &) noexcept {
-	return newImpl<true>(size);
-}
-
-void
-operator delete(void *ptr) noexcept {
-	je_free(ptr);
-}
-
-void
-operator delete[](void *ptr) noexcept {
-	je_free(ptr);
-}
-
-void
-operator delete(void *ptr, const std::nothrow_t &) noexcept {
-	je_free(ptr);
-}
-
-void operator delete[](void *ptr, const std::nothrow_t &) noexcept {
-	je_free(ptr);
-}
-
-#if __cpp_sized_deallocation >= 201309
-
-void
-operator delete(void *ptr, std::size_t size) noexcept {
-	if (unlikely(ptr == nullptr)) {
-		return;
-	}
-	je_sdallocx_noflags(ptr, size);
-}
-
-void operator delete[](void *ptr, std::size_t size) noexcept {
-	if (unlikely(ptr == nullptr)) {
-		return;
-	}
-	je_sdallocx_noflags(ptr, size);
-}
-
-#endif  // __cpp_sized_deallocation
->>>>>>> main
diff --git a/contrib/kyua/doc/kyuafile.5.in b/contrib/kyua/doc/kyuafile.5.in
index ae1e4fe40e32..a9106e95d790 100644
--- a/contrib/kyua/doc/kyuafile.5.in
+++ b/contrib/kyua/doc/kyuafile.5.in
@@ -290,6 +290,16 @@ it can run.
 .Pp
 ATF:
 .Va require.files
+.It Va required_kmods
+Whitespace-separated list of kernel module names that the test requires to
+be loaded before it can run.
+This requirement checking is platform-dependent.
+It is ignored for a non-supported platform.
+Supported platforms:
+.Fx .
+.Pp
+ATF:
+.Va require.kmods
 .It Va required_memory
 Amount of physical memory that the test needs to run successfully.
 .Pp
@@ -475,7 +485,7 @@ plain_test_program{name='the_test',
 .Ss FreeBSD jail execution environment
 The following example configures the test to be run within a temporary jail
 with
-.Xr vnet 9
+.Xr VNET 9
 support and the permission to create raw sockets:
 .Bd -literal -offset indent
 syntax(2)
diff --git a/contrib/kyua/drivers/report_junit_test.cpp b/contrib/kyua/drivers/report_junit_test.cpp
index 0f009c6befd3..1c0929c0fef2 100644
--- a/contrib/kyua/drivers/report_junit_test.cpp
+++ b/contrib/kyua/drivers/report_junit_test.cpp
@@ -70,6 +70,7 @@ static const char* const default_metadata =
     "required_configs is empty\n"
     "required_disk_space = 0\n"
     "required_files is empty\n"
+    "required_kmods is empty\n"
     "required_memory = 0\n"
     "required_programs is empty\n"
     "required_user is empty\n"
@@ -89,6 +90,7 @@ static const char* const overriden_metadata =
     "required_configs is empty\n"
     "required_disk_space = 0\n"
     "required_files is empty\n"
+    "required_kmods is empty\n"
     "required_memory = 0\n"
     "required_programs is empty\n"
     "required_user is empty\n"
@@ -228,6 +230,7 @@ ATF_TEST_CASE_BODY(junit_metadata__overrides)
         + "required_configs = config1\n"
         + "required_disk_space = 456\n"
         + "required_files = file1\n"
+        + "required_kmods is empty\n"
         + "required_memory = 123\n"
         + "required_programs = prog1\n"
         + "required_user = root\n"
diff --git a/contrib/kyua/drivers/run_tests.cpp b/contrib/kyua/drivers/run_tests.cpp
index d92940005242..3af9a1268815 100644
--- a/contrib/kyua/drivers/run_tests.cpp
+++ b/contrib/kyua/drivers/run_tests.cpp
@@ -209,7 +209,7 @@ finish_test(scheduler::result_handle_ptr result_handle,
     hooks.got_result(
         *test_result_handle->test_program(),
         test_result_handle->test_case_name(),
-        test_result_handle->test_result(),
+        test_result,
         result_handle->end_time() - result_handle->start_time());
 }
 
diff --git a/contrib/kyua/engine/atf_list.cpp b/contrib/kyua/engine/atf_list.cpp
index e0c4170605d1..5c74a80be913 100644
--- a/contrib/kyua/engine/atf_list.cpp
+++ b/contrib/kyua/engine/atf_list.cpp
@@ -133,10 +133,8 @@ engine::parse_atf_metadata(const model::properties_map& props)
                 mdbuilder.set_string("required_disk_space", value);
             } else if (name == "require.files") {
                 mdbuilder.set_string("required_files", value);
-#ifdef __FreeBSD__
             } else if (name == "require.kmods") {
                 mdbuilder.set_string("required_kmods", value);
-#endif
             } else if (name == "require.machine") {
                 mdbuilder.set_string("allowed_platforms", value);
             } else if (name == "require.memory") {
diff --git a/contrib/kyua/engine/requirements.cpp b/contrib/kyua/engine/requirements.cpp
index dff43e531a57..d5838b83f33a 100644
--- a/contrib/kyua/engine/requirements.cpp
+++ b/contrib/kyua/engine/requirements.cpp
@@ -41,10 +41,6 @@
 #include "utils/sanity.hpp"
 #include "utils/units.hpp"
 
-#ifdef __FreeBSD__
-#include <libutil.h>
-#endif
-
 namespace config = utils::config;
 namespace fs = utils::fs;
 namespace passwd = utils::passwd;
@@ -224,26 +220,6 @@ check_required_programs(const model::paths_set& required_programs)
 }
 
 
-#ifdef __FreeBSD__
-/// Checks if all required kmods are loaded.
-///
-/// \param required_programs Set of kmods.
-///
-/// \return Empty if the required kmods are all loaded or an error
-/// message otherwise.
-static std::string
-check_required_kmods(const model::strings_set& required_kmods)
-{
-    for (model::strings_set::const_iterator iter = required_kmods.begin();
-         iter != required_kmods.end(); iter++) {
-        if (!kld_isloaded((*iter).c_str()))
-            return F("Required kmod '%s' not loaded") % *iter;
-    }
-    return "";
-}
-#endif
-
-
 /// Checks if the current system has the specified amount of memory.
 ///
 /// \param required_memory Amount of required physical memory, or zero if not
@@ -289,9 +265,29 @@ check_required_disk_space(const units::bytes& required_disk_space,
 }
 
 
+/// List of registered extra requirement checkers.
+///
+/// Use register_reqs_checker() to add an entry to this global list.
+static std::vector< std::shared_ptr< engine::reqs_checker > > _reqs_checkers;
+
+
 }  // anonymous namespace
 
 
+const std::vector< std::shared_ptr< engine::reqs_checker > >
+engine::reqs_checkers()
+{
+    return _reqs_checkers;
+}
+
+void
+engine::register_reqs_checker(
+    const std::shared_ptr< engine::reqs_checker > checker)
+{
+    _reqs_checkers.push_back(checker);
+}
+
+
 /// Checks if all the requirements specified by the test case are met.
 ///
 /// \param md The test metadata.
@@ -336,12 +332,6 @@ engine::check_reqs(const model::metadata& md, const config::tree& cfg,
     if (!reason.empty())
         return reason;
 
-#ifdef __FreeBSD__
-    reason = check_required_kmods(md.required_kmods());
-    if (!reason.empty())
-        return reason;
-#endif
-
     reason = check_required_memory(md.required_memory());
     if (!reason.empty())
         return reason;
@@ -351,6 +341,13 @@ engine::check_reqs(const model::metadata& md, const config::tree& cfg,
     if (!reason.empty())
         return reason;
 
+    // Iterate over extra checkers registered.
+    for (auto& checker : engine::reqs_checkers()) {
+        reason = checker->exec(md, cfg, test_suite, work_directory);
+        if (!reason.empty())
+            return reason;
+    }
+
     INV(reason.empty());
     return reason;
 }
diff --git a/contrib/kyua/engine/requirements.hpp b/contrib/kyua/engine/requirements.hpp
index a36a938b3034..92e80c5122aa 100644
--- a/contrib/kyua/engine/requirements.hpp
+++ b/contrib/kyua/engine/requirements.hpp
@@ -44,6 +44,32 @@ namespace engine {
 std::string check_reqs(const model::metadata&, const utils::config::tree&,
                        const std::string&, const utils::fs::path&);
 
+/// Abstract interface of a requirement checker.
+class reqs_checker {
+public:
+    /// Constructor.
+    reqs_checker() {}
+
+    /// Destructor.
+    virtual ~reqs_checker() {}
+
+    /// Run the checker.
+    virtual std::string exec(const model::metadata&,
+                             const utils::config::tree&,
+                             const std::string&,
+                             const utils::fs::path&) const = 0;
+};
+
+/// Register an extra requirement checker.
+///
+/// \param checker A requirement checker.
+void register_reqs_checker(const std::shared_ptr< reqs_checker > checker);
+
+/// Returns the list of registered extra requirement checkers.
+///
+/// \return A vector of pointers to extra requirement checkers.
+const std::vector< std::shared_ptr< reqs_checker > > reqs_checkers();
+
 
 }  // namespace engine
 
diff --git a/contrib/kyua/integration/cmd_report_junit_test.sh b/contrib/kyua/integration/cmd_report_junit_test.sh
index d86228acf7e5..49b8c5790167 100644
--- a/contrib/kyua/integration/cmd_report_junit_test.sh
+++ b/contrib/kyua/integration/cmd_report_junit_test.sh
@@ -104,6 +104,7 @@ is_exclusive = false
 required_configs is empty
 required_disk_space = 0
 required_files is empty
+required_kmods is empty
 required_memory = 0
 required_programs is empty
 required_user is empty
@@ -144,6 +145,7 @@ is_exclusive = false
 required_configs is empty
 required_disk_space = 0
 required_files is empty
+required_kmods is empty
 required_memory = 0
 required_programs is empty
 required_user is empty
@@ -222,6 +224,7 @@ is_exclusive = false
 required_configs is empty
 required_disk_space = 0
 required_files is empty
+required_kmods is empty
 required_memory = 0
 required_programs is empty
 required_user is empty
@@ -262,6 +265,7 @@ is_exclusive = false
 required_configs is empty
 required_disk_space = 0
 required_files is empty
+required_kmods is empty
 required_memory = 0
 required_programs is empty
 required_user is empty
diff --git a/contrib/kyua/integration/cmd_report_test.sh b/contrib/kyua/integration/cmd_report_test.sh
index 8b2b97f9cb4a..1fc1932d3c47 100644
--- a/contrib/kyua/integration/cmd_report_test.sh
+++ b/contrib/kyua/integration/cmd_report_test.sh
@@ -258,6 +258,7 @@ Metadata:
     required_configs is empty
     required_disk_space = 0
     required_files is empty
+    required_kmods is empty
     required_memory = 0
     required_programs is empty
     required_user is empty
diff --git a/contrib/kyua/model/metadata.cpp b/contrib/kyua/model/metadata.cpp
index a5a9a1315964..afb31435a238 100644
--- a/contrib/kyua/model/metadata.cpp
+++ b/contrib/kyua/model/metadata.cpp
@@ -256,9 +256,7 @@ init_tree(config::tree& tree)
     tree.define< bytes_node >("required_disk_space");
     tree.define< paths_set_node >("required_files");
     tree.define< bytes_node >("required_memory");
-#ifdef __FreeBSD__
     tree.define< config::strings_set_node >("required_kmods");
-#endif
     tree.define< paths_set_node >("required_programs");
     tree.define< user_node >("required_user");
     tree.define< delta_node >("timeout");
@@ -285,9 +283,7 @@ set_defaults(config::tree& tree)
     tree.set< bytes_node >("required_disk_space", units::bytes(0));
     tree.set< paths_set_node >("required_files", model::paths_set());
     tree.set< bytes_node >("required_memory", units::bytes(0));
-#ifdef __FreeBSD__
     tree.set< config::strings_set_node >("required_kmods", model::strings_set());
-#endif
     tree.set< paths_set_node >("required_programs", model::paths_set());
     tree.set< user_node >("required_user", "");
     // TODO(jmmv): We shouldn't be setting a default timeout like this.  See
@@ -603,20 +599,20 @@ model::metadata::required_memory(void) const
 }
 
 
-#ifdef __FreeBSD__
-/// Returns the list of kmods needed by the test.
+/// Returns the list of kernel modules needed by the test.
 ///
-/// \return Set of strings.
+/// \return Set of kernel module names.
 const model::strings_set&
 model::metadata::required_kmods(void) const
 {
     if (_pimpl->props.is_set("required_kmods")) {
-        return _pimpl->props.lookup< config::strings_set_node >("required_kmods");
+        return _pimpl->props.lookup< config::strings_set_node >(
+            "required_kmods");
     } else {
-	return get_defaults().lookup< config::strings_set_node >("required_kmods");
+        return get_defaults().lookup< config::strings_set_node >(
+            "required_kmods");
     }
 }
-#endif
 
 
 /// Returns the list of programs needed by the test.
diff --git a/contrib/kyua/model/metadata.hpp b/contrib/kyua/model/metadata.hpp
index 8af6c7c161af..eee7eaf0f7c4 100644
--- a/contrib/kyua/model/metadata.hpp
+++ b/contrib/kyua/model/metadata.hpp
@@ -76,9 +76,7 @@ public:
     const utils::units::bytes& required_disk_space(void) const;
     const paths_set& required_files(void) const;
     const utils::units::bytes& required_memory(void) const;
-#ifdef __FreeBSD__
     const strings_set& required_kmods(void) const;
-#endif
     const paths_set& required_programs(void) const;
     const std::string& required_user(void) const;
     const utils::datetime::delta& timeout(void) const;
@@ -124,9 +122,7 @@ public:
     metadata_builder& set_required_disk_space(const utils::units::bytes&);
     metadata_builder& set_required_files(const paths_set&);
     metadata_builder& set_required_memory(const utils::units::bytes&);
-#ifdef __FreeBSD__
     metadata_builder& set_required_kmods(const strings_set&);
-#endif
     metadata_builder& set_required_programs(const paths_set&);
     metadata_builder& set_required_user(const std::string&);
     metadata_builder& set_string(const std::string&, const std::string&);
diff --git a/contrib/kyua/model/metadata_test.cpp b/contrib/kyua/model/metadata_test.cpp
index b4c3dff5b029..bdb1d3655c33 100644
--- a/contrib/kyua/model/metadata_test.cpp
+++ b/contrib/kyua/model/metadata_test.cpp
@@ -57,6 +57,7 @@ ATF_TEST_CASE_BODY(defaults)
     ATF_REQUIRE(md.required_configs().empty());
     ATF_REQUIRE_EQ(units::bytes(0), md.required_disk_space());
     ATF_REQUIRE(md.required_files().empty());
+    ATF_REQUIRE(md.required_kmods().empty());
     ATF_REQUIRE_EQ(units::bytes(0), md.required_memory());
     ATF_REQUIRE(md.required_programs().empty());
     ATF_REQUIRE(md.required_user().empty());
@@ -322,6 +323,7 @@ ATF_TEST_CASE_BODY(to_properties)
     props["required_configs"] = "";
     props["required_disk_space"] = "0";
     props["required_files"] = "bar foo";
+    props["required_kmods"] = "";
     props["required_memory"] = "1.00K";
     props["required_programs"] = "";
     props["required_user"] = "";
@@ -412,7 +414,7 @@ ATF_TEST_CASE_BODY(output__defaults)
                    "has_cleanup='false', is_exclusive='false', "
                    "required_configs='', "
                    "required_disk_space='0', required_files='', "
-                   "required_memory='0', "
+                   "required_kmods='', required_memory='0', "
                    "required_programs='', required_user='', timeout='300'}",
                    str.str());
 }
@@ -435,7 +437,7 @@ ATF_TEST_CASE_BODY(output__some_values)
         "has_cleanup='false', is_exclusive='true', "
         "required_configs='', "
         "required_disk_space='0', required_files='bar foo', "
-        "required_memory='1.00K', "
+        "required_kmods='', required_memory='1.00K', "
         "required_programs='', required_user='', timeout='300'}",
         str.str());
 }
diff --git a/contrib/kyua/model/test_case_test.cpp b/contrib/kyua/model/test_case_test.cpp
index 1e2597d1501e..29df7ee35863 100644
--- a/contrib/kyua/model/test_case_test.cpp
+++ b/contrib/kyua/model/test_case_test.cpp
@@ -204,7 +204,7 @@ ATF_TEST_CASE_BODY(test_case__output)
         "has_cleanup='false', "
         "is_exclusive='false', "
         "required_configs='', required_disk_space='0', required_files='', "
-        "required_memory='0', "
+        "required_kmods='', required_memory='0', "
         "required_programs='', required_user='', timeout='300'}}",
         str.str());
 }
diff --git a/contrib/kyua/model/test_program_test.cpp b/contrib/kyua/model/test_program_test.cpp
index ddfbc430387c..f7a84d770fc0 100644
--- a/contrib/kyua/model/test_program_test.cpp
+++ b/contrib/kyua/model/test_program_test.cpp
@@ -547,7 +547,7 @@ check_output__no_test_cases(void)
         "description='', execenv='', execenv_jail_params='', "
         "has_cleanup='false', is_exclusive='false', "
         "required_configs='', required_disk_space='0', required_files='', "
-        "required_memory='0', "
+        "required_kmods='', required_memory='0', "
         "required_programs='', required_user='', timeout='300'}, "
         "test_cases=map()}",
         str.str());
@@ -597,7 +597,7 @@ check_output__some_test_cases(void)
         "description='', execenv='', execenv_jail_params='', "
         "has_cleanup='false', is_exclusive='false', "
         "required_configs='', required_disk_space='0', required_files='', "
-        "required_memory='0', "
+        "required_kmods='', required_memory='0', "
         "required_programs='', required_user='', timeout='300'}, "
         "test_cases=map("
         "another-name=test_case{name='another-name', "
@@ -605,14 +605,14 @@ check_output__some_test_cases(void)
         "description='', execenv='', execenv_jail_params='', "
         "has_cleanup='false', is_exclusive='false', "
         "required_configs='', required_disk_space='0', required_files='', "
-        "required_memory='0', "
+        "required_kmods='', required_memory='0', "
         "required_programs='', required_user='', timeout='300'}}, "
         "the-name=test_case{name='the-name', "
         "metadata=metadata{allowed_architectures='a', allowed_platforms='foo', "
         "custom.bar='baz', description='', execenv='', execenv_jail_params='', "
         "has_cleanup='false', is_exclusive='false', "
         "required_configs='', required_disk_space='0', required_files='', "
-        "required_memory='0', "
+        "required_kmods='', required_memory='0', "
         "required_programs='', required_user='', timeout='300'}})}",
         str.str());
 }
diff --git a/contrib/kyua/os/freebsd/main.cpp b/contrib/kyua/os/freebsd/main.cpp
index 13e5dcf0e023..700284b64b78 100644
--- a/contrib/kyua/os/freebsd/main.cpp
+++ b/contrib/kyua/os/freebsd/main.cpp
@@ -31,6 +31,9 @@
 #include "engine/execenv/execenv.hpp"
 #include "os/freebsd/execenv_jail_manager.hpp"
 
+#include "engine/requirements.hpp"
+#include "os/freebsd/reqs_checker_kmods.hpp"
+
 namespace execenv = engine::execenv;
 
 /// FreeBSD related features initialization.
@@ -50,5 +53,13 @@ freebsd::main(const int, const char* const* const)
         std::shared_ptr< execenv::manager >(new freebsd::execenv_jail_manager())
     );
 
+#ifdef __FreeBSD__
+    engine::register_reqs_checker(
+        std::shared_ptr< engine::reqs_checker >(
+            new freebsd::reqs_checker_kmods()
+        )
+    );
+#endif
+
     return 0;
 }
diff --git a/contrib/kyua/os/freebsd/reqs_checker_kmods.cpp b/contrib/kyua/os/freebsd/reqs_checker_kmods.cpp
new file mode 100644
index 000000000000..3ae3446a7815
--- /dev/null
+++ b/contrib/kyua/os/freebsd/reqs_checker_kmods.cpp
@@ -0,0 +1,50 @@
+// Copyright 2025 The Kyua Authors.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+// * Redistributions of source code must retain the above copyright
+//   notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above copyright
+//   notice, this list of conditions and the following disclaimer in the
+//   documentation and/or other materials provided with the distribution.
+// * Neither the name of Google Inc. nor the names of its contributors
+//   may be used to endorse or promote products derived from this software
+//   without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#include "os/freebsd/reqs_checker_kmods.hpp"
+
+#include "model/metadata.hpp"
+
+extern "C" {
+#include "libutil.h"
+}
+
+std::string
+freebsd::reqs_checker_kmods::exec(const model::metadata& md,
+                                  const utils::config::tree&,
+                                  const std::string&,
+                                  const utils::fs::path&) const
+{
+    std::string reason = "";
+    for (auto& kmod : md.required_kmods())
+        if (!::kld_isloaded((kmod).c_str()))
+            reason += " " + kmod;
+    if (!reason.empty())
+        reason = "Required kmods are not loaded:" + reason + ".";
+    return reason;
+}
diff --git a/contrib/kyua/os/freebsd/reqs_checker_kmods.hpp b/contrib/kyua/os/freebsd/reqs_checker_kmods.hpp
new file mode 100644
index 000000000000..8c7c69e35d07
--- /dev/null
+++ b/contrib/kyua/os/freebsd/reqs_checker_kmods.hpp
@@ -0,0 +1,54 @@
+// Copyright 2025 The Kyua Authors.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+// * Redistributions of source code must retain the above copyright
+//   notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above copyright
+//   notice, this list of conditions and the following disclaimer in the
+//   documentation and/or other materials provided with the distribution.
+// * Neither the name of Google Inc. nor the names of its contributors
+//   may be used to endorse or promote products derived from this software
+//   without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+/// \file os/freebsd/reqs_checker_kmods.hpp
+/// FreeBSD kernel module requirement checker.
+
+#if !defined(FREEBSD_REQS_CHECKER_KMODS)
+#define FREEBSD_REQS_CHECKER_KMODS
+
+#include "engine/requirements.hpp"
+#include "model/metadata_fwd.hpp"
+#include "utils/config/tree_fwd.hpp"
+#include "utils/fs/path_fwd.hpp"
+
+namespace freebsd {
+
+
+class reqs_checker_kmods : public engine::reqs_checker {
+public:
+    std::string exec(const model::metadata&,
+                     const utils::config::tree&,
+                     const std::string&,
+                     const utils::fs::path&) const;
+};
+
+
+}  // namespace freebsd
+
+#endif  // !defined(FREEBSD_REQS_CHECKER_KMODS)
diff --git a/contrib/libucl/CMakeLists.txt b/contrib/libucl/CMakeLists.txt
deleted file mode 100644
index 5fe772a30f88..000000000000
--- a/contrib/libucl/CMakeLists.txt
+++ /dev/null
@@ -1,314 +0,0 @@
-PROJECT(libucl C)
-CMAKE_MINIMUM_REQUIRED(VERSION 2.6.0 FATAL_ERROR)
-
-SET(LIBUCL_VERSION_MAJOR 0)
-SET(LIBUCL_VERSION_MINOR 5)
-SET(LIBUCL_VERSION_PATCH 0)
-
-SET(LIBUCL_VERSION
-        "${LIBUCL_VERSION_MAJOR}.${LIBUCL_VERSION_MINOR}.${LIBUCL_VERSION_PATCH}")
-
-INCLUDE(CheckCCompilerFlag)
-INCLUDE(CheckCSourceCompiles)
-INCLUDE(FindOpenSSL)
-INCLUDE(GNUInstallDirs)
-
-OPTION(ENABLE_URL_INCLUDE  "Enable urls in ucl includes (requires libcurl or libfetch) [default: OFF]" OFF)
-OPTION(ENABLE_URL_SIGN  "Enable signatures check in ucl includes (requires openssl) [default: OFF]" OFF)
-OPTION(BUILD_SHARED_LIBS "Build Shared Libraries [default: OFF]" OFF)
-OPTION(ENABLE_LUA "Enable lua support [default: OFF]" OFF)
-OPTION(ENABLE_LUAJIT "Enable luajit support [default: OFF]" OFF)
-OPTION(ENABLE_UTILS "Enable building utility binaries [default: OFF]" OFF)
-
-# Find lua installation
-MACRO(FindLua)
-	# Find lua libraries
-	UNSET(LUA_INCLUDE_DIR CACHE)
-	UNSET(LUA_LIBRARY CACHE)
-	CMAKE_PARSE_ARGUMENTS(LUA "" "VERSION_MAJOR;VERSION_MINOR;ROOT" "" ${ARGN})
-
-	IF(NOT LUA_VERSION_MAJOR OR NOT LUA_VERSION_MINOR)
-		MESSAGE(FATAL_ERROR "Invalid FindLua invocation: ${ARGN}")
-	ENDIF()
-
-	IF(ENABLE_LUAJIT MATCHES "ON")
-		MESSAGE(STATUS "Check for luajit ${LUA_VERSION_MAJOR}.${LUA_VERSION_MINOR}")
-		FIND_PATH(LUA_INCLUDE_DIR luajit.h
-				HINTS
-				"${RSPAMD_SEARCH_PATH}" "${LUA_ROOT}"
-				$ENV{LUA_DIR}
-				PATH_SUFFIXES "include/luajit-2.0"
-				"include/luajit${LUA_VERSION_MAJOR}${LUA_VERSION_MINOR}"
-				"include/luajit${LUA_VERSION_MAJOR}.${LUA_VERSION_MINOR}"
-				"include/luajit-${LUA_VERSION_MAJOR}.${LUA_VERSION_MINOR}"
-				"include/luajit"
-				"include/lua${LUA_VERSION_MAJOR}${LUA_VERSION_MINOR}"
-				"include/lua${LUA_VERSION_MAJOR}.${LUA_VERSION_MINOR}"
-				"include/lua-${LUA_VERSION_MAJOR}.${LUA_VERSION_MINOR}"
-				include/lua include
-				PATHS ${RSPAMD_DEFAULT_INCLUDE_PATHS}
-		)
-		FIND_LIBRARY(LUA_LIBRARY
-				NAMES luajit
-				"luajit-2.0"
-				"luajit2.0"
-				"luajit${LUA_VERSION_MAJOR}${LUA_VERSION_MINOR}"
-				"luajit${LUA_VERSION_MAJOR}.${LUA_VERSION_MINOR}"
-				"luajit-${LUA_VERSION_MAJOR}.${LUA_VERSION_MINOR}"
-				HINTS
-				"${RSPAMD_SEARCH_PATH}" "${LUA_ROOT}"
-				$ENV{LUA_DIR}
-				PATH_SUFFIXES lib64 lib
-				PATHS ${RSPAMD_DEFAULT_LIBRARY_PATHS}
-				DOC "Lua library"
-		)
-
-		IF(NOT LUA_LIBRARY OR NOT LUA_INCLUDE_DIR)
-			MESSAGE(STATUS "Fallback from luajit to plain lua")
-			SET(ENABLE_LUAJIT "OFF")
-			MESSAGE(STATUS "Check for lua ${LUA_VERSION_MAJOR}.${LUA_VERSION_MINOR}")
-			FIND_PATH(LUA_INCLUDE_DIR lua.h
-					HINTS
-					"${RSPAMD_SEARCH_PATH}" "${LUA_ROOT}"
-					$ENV{LUA_DIR}
-					PATH_SUFFIXES "include/lua${LUA_VERSION_MAJOR}${LUA_VERSION_MINOR}"
-					"include/lua${LUA_VERSION_MAJOR}.${LUA_VERSION_MINOR}"
-					"include/lua-${LUA_VERSION_MAJOR}.${LUA_VERSION_MINOR}"
-					include/lua include
-					PATHS ${RSPAMD_DEFAULT_INCLUDE_PATHS}
-			)
-			FIND_LIBRARY(LUA_LIBRARY
-					NAMES lua
-					"lua${LUA_VERSION_MAJOR}${LUA_VERSION_MINOR}"
-					"lua${LUA_VERSION_MAJOR}.${LUA_VERSION_MINOR}"
-					"lua-${LUA_VERSION_MAJOR}.${LUA_VERSION_MINOR}"
-					HINTS
-					"${RSPAMD_SEARCH_PATH}" "${LUA_ROOT}"
-					$ENV{LUA_DIR}
-					PATH_SUFFIXES lib64 lib
-					PATHS ${RSPAMD_DEFAULT_LIBRARY_PATHS}
-					DOC "Lua library"
-			)
-		ENDIF()
-	ELSE(ENABLE_LUAJIT MATCHES "ON")
-		MESSAGE(STATUS "Check for lua ${LUA_VERSION_MAJOR}.${LUA_VERSION_MINOR}")
-		FIND_PATH(LUA_INCLUDE_DIR lua.h
-				HINTS
-				"${RSPAMD_SEARCH_PATH}" "${LUA_ROOT}"
-				$ENV{LUA_DIR}
-				PATH_SUFFIXES "include/lua${LUA_VERSION_MAJOR}${LUA_VERSION_MINOR}"
-				"include/lua${LUA_VERSION_MAJOR}.${LUA_VERSION_MINOR}"
-				"include/lua-${LUA_VERSION_MAJOR}.${LUA_VERSION_MINOR}"
-				include/lua include
-				PATHS ${RSPAMD_DEFAULT_INCLUDE_PATHS}
-		)
-		FIND_LIBRARY(LUA_LIBRARY
-				NAMES lua
-				"lua${LUA_VERSION_MAJOR}${LUA_VERSION_MINOR}"
-				"lua${LUA_VERSION_MAJOR}.${LUA_VERSION_MINOR}"
-				"lua-${LUA_VERSION_MAJOR}.${LUA_VERSION_MINOR}"
-				HINTS
-				"${RSPAMD_SEARCH_PATH}" "${LUA_ROOT}"
-				$ENV{LUA_DIR}
-				PATH_SUFFIXES lib64 lib
-				PATHS ${RSPAMD_DEFAULT_LIBRARY_PATHS}
-				DOC "Lua library"
-		)
-	ENDIF(ENABLE_LUAJIT MATCHES "ON")
-
-	IF(LUA_LIBRARY AND LUA_INCLUDE_DIR)
-		SET(LUA_FOUND 1)
-		IF(NOT LUA_VERSION_MAJOR OR NOT LUA_VERSION_MINOR)
-			SET(LUA_VERSION_MAJOR ${LUA_VERSION_MAJOR})
-			SET(LUA_VERSION_MINOR ${LUA_VERSION_MINOR})
-		ENDIF(NOT LUA_VERSION_MAJOR OR NOT LUA_VERSION_MINOR)
-		IF(ENABLE_LUAJIT MATCHES "ON")
-			MESSAGE(STATUS "Found luajit ${LUA_VERSION_MAJOR}.${LUA_VERSION_MINOR}")
-		ELSE(ENABLE_LUAJIT MATCHES "ON")
-			MESSAGE(STATUS "Found lua ${LUA_VERSION_MAJOR}.${LUA_VERSION_MINOR}")
-		ENDIF(ENABLE_LUAJIT MATCHES "ON")
-	ENDIF(LUA_LIBRARY AND LUA_INCLUDE_DIR)
-ENDMACRO()
-
-IF(CMAKE_SYSTEM_NAME STREQUAL "Linux")
-	LIST(APPEND CMAKE_REQUIRED_LIBRARIES rt)
-ENDIF(CMAKE_SYSTEM_NAME STREQUAL "Linux")
-
-IF(ENABLE_URL_INCLUDE MATCHES "ON")
-    FIND_LIBRARY(LIBFETCH_LIBRARY NAMES fetch PATHS	PATH_SUFFIXES lib64 lib
-                      PATHS
-                          ~/Library/Frameworks
-                          /Library/Frameworks
-                          /usr/local
-                          /usr
-                          /sw
-                          /opt/local
-                          /opt/csw
-                          /opt
-                     DOC "Path where the libfetch library can be found")
-    IF(LIBFETCH_LIBRARY)
-    	FIND_FILE(HAVE_FETCH_H NAMES fetch.h PATHS /usr/include
-    											   /opt/include
-    											   /usr/local/include
-    				DOC "Path to libfetch header")
-    ELSE(LIBFETCH_LIBRARY)
-    	# Try to find libcurl
-        FIND_PACKAGE(CURL)
-    	IF(NOT CURL_FOUND)
-    		MESSAGE(WARNING "Neither libcurl nor libfetch were found, no support of URL includes in configuration")
-    	ENDIF(NOT CURL_FOUND)
-    ENDIF(LIBFETCH_LIBRARY)
-ENDIF(ENABLE_URL_INCLUDE MATCHES "ON")
-
-set(SYNC_BUILTINS_TEST_SOURCE [====[
-int main()
-{
-    unsigned long val;
-
-    __sync_bool_compare_and_swap(&val, 0, 1);
-    __sync_add_and_fetch(&val, 1);
-    __sync_fetch_and_add(&val, 0);
-    __sync_sub_and_fetch(&val, 1);
-
-    return 0;
-}
-]====])
-
-CHECK_C_SOURCE_COMPILES("${SYNC_BUILTINS_TEST_SOURCE}" HAVE_ATOMIC_BUILTINS)
-IF(NOT HAVE_ATOMIC_BUILTINS)
-    MESSAGE(WARNING "Libucl references could be thread-unsafe because atomic builtins are missing")
-ENDIF(NOT HAVE_ATOMIC_BUILTINS)
-
-SET(CMAKE_C_WARN_FLAGS "")
-CHECK_C_COMPILER_FLAG(-W SUPPORT_W)
-CHECK_C_COMPILER_FLAG(-Wno-pointer-sign SUPPORT_WPOINTER_SIGN)
-CHECK_C_COMPILER_FLAG(-Wno-unused-parameter SUPPORT_WUNUSED_PARAMETER)
-IF(SUPPORT_W)
-    SET(CMAKE_C_WARN_FLAGS "${CMAKE_C_WARN_FLAGS} -W")
-ENDIF(SUPPORT_W)
-IF(SUPPORT_WPOINTER_SIGN)
-	SET(CMAKE_C_WARN_FLAGS "${CMAKE_C_WARN_FLAGS} -Wno-pointer-sign")
-ENDIF(SUPPORT_WPOINTER_SIGN)
-IF(SUPPORT_WUNUSED_PARAMETER)
-	SET(CMAKE_C_WARN_FLAGS "${CMAKE_C_WARN_FLAGS} -Wno-unused-parameter")
-ENDIF(SUPPORT_WUNUSED_PARAMETER)
-
-SET( CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${CMAKE_C_WARN_FLAGS}" )
-
-IF(ENABLE_URL_SIGN MATCHES "ON")
-	IF(OPENSSL_FOUND)
-		SET(HAVE_OPENSSL 1)
-		INCLUDE_DIRECTORIES("${OPENSSL_INCLUDE_DIR}")
-	ENDIF(OPENSSL_FOUND)
-ENDIF(ENABLE_URL_SIGN MATCHES "ON")
-
-SET(UCL_COMPILE_DEFS)
-IF(HAVE_FETCH_H)
-    LIST(APPEND UCL_COMPILE_DEFS -DHAVE_FETCH_H=1)
-ENDIF(HAVE_FETCH_H)
-IF(CURL_FOUND)
-    LIST(APPEND UCL_COMPILE_DEFS -DCURL_FOUND=1)
-ENDIF(CURL_FOUND)
-IF(HAVE_OPENSSL)
-    LIST(APPEND UCL_COMPILE_DEFS -DHAVE_OPENSSL=1)
-ENDIF(HAVE_OPENSSL)
-IF(HAVE_ATOMIC_BUILTINS)
-    LIST(APPEND UCL_COMPILE_DEFS -DHAVE_ATOMIC_BUILTINS=1)
-ENDIF(HAVE_ATOMIC_BUILTINS)
-
-SET(UCLSRC src/ucl_util.c
-		src/ucl_parser.c
-		src/ucl_emitter.c
-		src/ucl_emitter_streamline.c
-		src/ucl_emitter_utils.c
-		src/ucl_hash.c
-		src/ucl_schema.c
-		src/ucl_msgpack.c
-		src/ucl_sexp.c)
-
-SET(UCLHDR include/ucl.h
-		include/ucl++.h)
-
-SET (LIB_TYPE STATIC)
-IF (BUILD_SHARED_LIBS)
-  SET (LIB_TYPE SHARED)
-ENDIF (BUILD_SHARED_LIBS)
-ADD_LIBRARY(ucl ${LIB_TYPE} ${UCLSRC})
-ADD_LIBRARY(ucl::ucl ALIAS ucl)
-SET_TARGET_PROPERTIES(ucl PROPERTIES VERSION ${LIBUCL_VERSION} SOVERSION ${LIBUCL_VERSION_MAJOR})
-TARGET_INCLUDE_DIRECTORIES(ucl
-	PUBLIC
-	  include
-	PRIVATE
-	  src
-	  uthash
-	  klib)
-TARGET_COMPILE_DEFINITIONS(ucl
-    PRIVATE
-    ${UCL_COMPILE_DEFS}
-)
-
-IF(ENABLE_LUA MATCHES "ON")
-	IF(ENABLE_LUAJIT MATCHES "ON")
-		FindLua(VERSION_MAJOR "5" VERSION_MINOR "1" ROOT "${LUA_ROOT}")
-		IF(NOT LUA_FOUND)
-			MESSAGE(FATAL_ERROR "Lua not found, lua support is required")
-		ELSE(NOT LUA_FOUND)
-			INCLUDE_DIRECTORIES("${LUA_INCLUDE_DIR}")
-		ENDIF(NOT LUA_FOUND)
-	ELSE(ENABLE_LUAJIT MATCHES "ON")
-		FindLua(VERSION_MAJOR "5" VERSION_MINOR "2" ROOT "${LUA_ROOT}")
-		IF(NOT LUA_FOUND)
-			FindLua(VERSION_MAJOR "5" VERSION_MINOR "1" ROOT "${LUA_ROOT}")
-		ENDIF(NOT LUA_FOUND)
-		IF(NOT LUA_FOUND)
-			MESSAGE(FATAL_ERROR "Lua not found, lua support is required")
-		ELSE(NOT LUA_FOUND)
-			INCLUDE_DIRECTORIES("${LUA_INCLUDE_DIR}")
-		ENDIF(NOT LUA_FOUND)
-	ENDIF(ENABLE_LUAJIT MATCHES "ON")
-	SET(UCL_LUA_SRC lua/lua_ucl.c)
-	ADD_LIBRARY(lua-ucl ${LIB_TYPE} ${UCL_LUA_SRC})
-	ADD_LIBRARY(ucl::lua ALIAS lua-ucl)
-	IF(ENABLE_LUAJIT MATCHES "ON")
-		TARGET_LINK_LIBRARIES(lua-ucl "${LUAJIT_LIBRARY}")
-	ELSE(ENABLE_LUAJIT MATCHES "ON")
-		TARGET_LINK_LIBRARIES(lua-ucl "${LUA_LIBRARY}")
-	ENDIF(ENABLE_LUAJIT MATCHES "ON")
-	TARGET_LINK_LIBRARIES(lua-ucl ucl)
-	TARGET_INCLUDE_DIRECTORIES(lua-ucl PUBLIC include PRIVATE src uthash)
-	SET_TARGET_PROPERTIES(lua-ucl PROPERTIES
-		VERSION ${LIBUCL_VERSION}
-		SOVERSION ${LIBUCL_VERSION_MAJOR}
-		PUBLIC_HEADER include/lua_ucl.h)
-	INSTALL(TARGETS lua-ucl DESTINATION ${CMAKE_INSTALL_LIBDIR}
-			PUBLIC_HEADER DESTINATION ${CMAKE_INSTALL_INCLUDEDIR})
-ENDIF()
-
-IF(HAVE_FETCH_H)
-    TARGET_LINK_LIBRARIES(ucl fetch)
-ELSE(HAVE_FETCH_H)
-    IF(CURL_FOUND)
-        TARGET_LINK_LIBRARIES(ucl ${CURL_LIBRARIES})
-    ENDIF(CURL_FOUND)
-ENDIF(HAVE_FETCH_H)
-IF(ENABLE_URL_SIGN MATCHES "ON")
-	IF(OPENSSL_FOUND)
-		TARGET_LINK_LIBRARIES(ucl ${OPENSSL_LIBRARIES})
-	ENDIF(OPENSSL_FOUND)
-ENDIF(ENABLE_URL_SIGN MATCHES "ON")
-
-IF(UNIX)
-    TARGET_LINK_LIBRARIES(ucl -lm)
-ENDIF(UNIX)
-
-SET_TARGET_PROPERTIES(ucl PROPERTIES
-	PUBLIC_HEADER "${UCLHDR}")
-
-INSTALL(TARGETS ucl DESTINATION ${CMAKE_INSTALL_LIBDIR}
-		PUBLIC_HEADER DESTINATION ${CMAKE_INSTALL_INCLUDEDIR})
-
-IF(ENABLE_UTILS MATCHES "ON")
-    ADD_SUBDIRECTORY(utils)
-ENDIF()
-
diff --git a/contrib/libucl/ChangeLog.md b/contrib/libucl/ChangeLog.md
deleted file mode 100644
index cba29aa9a7b5..000000000000
--- a/contrib/libucl/ChangeLog.md
+++ /dev/null
@@ -1,103 +0,0 @@
-# Version history
-
-## Libucl 0.5
-
-- Streamline emitter has been added, so it is now possible to output partial `ucl` objects
-- Emitter now is more flexible due to emitter_context structure
-
-### 0.5.1
-- Fixed number of bugs and memory leaks
-
-### 0.5.2
-
-- Allow userdata objects to be emitted and destructed
-- Use userdata objects to store lua function references
-
-### Libucl 0.6
-
-- Reworked macro interface
-
-### Libucl 0.6.1
-
-- Various utilities fixes
-
-### Libucl 0.7.0
-
-- Move to klib library from uthash to reduce memory overhead and increase performance
-
-### Libucl 0.7.1
-
-- Added safe iterators API
-
-### Libucl 0.7.2
-
-- Fixed serious bugs in schema and arrays iteration
-
-### Libucl 0.7.3
-
-- Fixed a bug with macros that come after an empty object
-- Fixed a bug in include processing when an incorrect variable has been destroyed (use-after-free)
-
-### Libucl 0.8.0
-
-- Allow to save comments and macros when parsing UCL documents
-- C++ API
-- Python bindings (by Eitan Adler)
-- Add msgpack support for parser and emitter
-- Add Canonical S-expressions parser for libucl
-- CLI interface for parsing and validation (by Maxim Ignatenko)
-- Implement include with priority
-- Add 'nested' functionality to .include macro (by Allan Jude)
-- Allow searching an array of paths for includes (by Allan Jude)
-- Add new .load macro (by Allan Jude)
-- Implement .inherit macro (#100)
-- Add merge strategies
-- Add schema validation to lua API
-- Add support for external references to schema validation
-- Add coveralls integration to libucl
-- Implement tests for 80% of libucl code lines
-- Fix tonns of minor and major bugs
-- Improve documentation
-- Rework function names to the common conventions (old names are preserved for backwards compatibility)
-- Add Coverity scan integration
-- Add fuzz tests
-
-**Incompatible changes**:
-
-- `ucl_object_emit_full` now accepts additional argument `comments` that could be used to emit comments with UCL output
-
-### Libucl 0.8.1
-
-- Create ucl_parser_add_file_full() to be able to specify merge mode and parser type (by Allan Jude)
-- C++ wrapper improvements (by @ftilde)
-- C++ wrapper: add convenience method at() and lookup() (by Yonghee Kim)
-- C++ wrapper: add assignment operator to Ucl class (by Yonghee Kim)
-- C++ wrapper: support variables in parser (by Yonghee Kim)
-- C++ wrapper: refactoring C++ interface (by Yonghee Kim):
-    - use auto variables (if possible)
-    - remove dangling expressions
-    - use std::set::emplace instead of std::set::insert
-    - not use std::move in return statement; considering copy elision
-- C++ wrapper: fix compilation error and warnings (by Zhe Wang)
-- C++ wrapper: fix iteration over objects in which the first value is `false` (by Zhe Wang)
-- C++ wrapper: Macro helper functions (by Chris Meacham)
-- C++ wrapper: Changing the duplicate strategy in the C++ API (by Chris Meacham)
-- C++ wrapper: Added access functions for the size of a UCL_ARRAY (by Chris Meacham)
-- Fix caseless comparison
-- Fix include when EPERM is issued
-- Fix Windows build
-- Allow to reserve space in arrays and hashes
-- Fix bug with including of empty files
-- Move to mum_hash from xxhash
-- Fix msgpack on non-x86
-- python: Add support to Python 3 (by Denis Volpato Martins)
-- python: Add support for Python 2.6 tests (by Denis Volpato Martins)
-- python: Implement validation function and tests (by Denis Volpato Martins)
-- python: Added UCL_NULL handling and tests (by Denis Volpato Martins)
-- Fix schema validation for patternProperties with object data (by Denis Volpato Martins)
-- Remove the dependency on NBBY, add missing <strings.h> include (by Ed Schouten)
-- Allow to emit msgpack from Lua
-- Performance improvements in Lua API
-- Allow to pass opaque objects in Lua API for transparent C passthrough
-- Various bugs fixed
-- Couple of memory leaks plugged
\ No newline at end of file
diff --git a/contrib/libucl/FREEBSD-Xlist b/contrib/libucl/FREEBSD-Xlist
new file mode 100644
index 000000000000..6d8cb4ff8f5b
--- /dev/null
+++ b/contrib/libucl/FREEBSD-Xlist
@@ -0,0 +1,40 @@
+.github
+.gitignore
+CMakeLists.txt
+ChangeLog.md
+Makefile.am
+Makefile.unix
+Makefile.w32
+README.md
+autogen.sh
+configure.ac
+doc/Makefile.am
+doc/api.md
+doc/lua_api.md
+doc/pandoc.template
+examples/ucl_cpp.cc
+haskell/hucl.hs
+libucl.pc.in
+lua/Makefile.am
+lua/libucl.rockspec.in
+m4/.gitignore
+m4/ax_lua.m4
+m4/gcov.m4
+python/MANIFEST.in
+python/setup.py
+python/src/uclmodule.c
+python/tests/__init__.py
+python/tests/compat.py
+python/tests/test_dump.py
+python/tests/test_example.py
+python/tests/test_load.py
+python/tests/test_validation.py
+python/ucl.pyi
+src/Makefile.am
+stamp-h.in
+tests/Makefile.am
+utils/CMakeLists.txt
+utils/Makefile.am
+utils/chargen.c
+utils/objdump.c
+utils/ucl-tool.c
diff --git a/contrib/libucl/FREEBSD-upgrade b/contrib/libucl/FREEBSD-upgrade
new file mode 100644
index 000000000000..b80736d7877b
--- /dev/null
+++ b/contrib/libucl/FREEBSD-upgrade
@@ -0,0 +1,39 @@
+# FreeBSD libucl import instruction
+#
+# At least the following ports are required when importing libucl:
+# - devel/autoconf
+# - devel/automake
+# - devel/git
+# - devel/gmake
+# - devel/libtool
+#
+# 1. Vendor import
+#
+# $ git clone https://github.com/vstakhov/libucl.git /tmp/libucl
+# $ cd /tmp/libucl
+# $ git checkout <REF_BRANCH_TO_BE_IMPORTED>
+# $ cd /usr/src
+# $ git checkout vendor/libucl
+# $ rsync -va --delete --exclude=.git /tmp/libucl/ /usr/src/contrib/libucl/
+# $ git add .
+# $ git commit -m "vendor import libucl <REF_BRANCH_TO_BE_IMPORTED>"
+# $ git tag -a vendor/libucl/<REF_BRANCH_TO_BE_IMPORTED> -m "vendor import libucl <REF_BRANCH_TO_BE_IMPORTED>"
+# $ git push --follow-tags freebsd vendor/libucl/<REF_BRANCH_TO_BE_IMPORTED>
+#
+# 2. Test
+#
+# $ cd /usr/src
+# $ git checkout vendor/libucl/<REF_BRANCH_TO_BE_IMPORTED>
+# $ ./autogen.sh
+# $ ./configure
+# $ gmake
+# $ gmake check
+# $ gmake clean
+#
+# 3. Merge vendor tree
+#
+# $ git subtree merge -P contrib/libucl vendor/libucl/<REF_BRANCH_TO_BE_IMPORTED>
+# $ sh -c 'for F in `cat FREEBSD-Xlist | grep -v FreeBSD`; do rm -rf ./$F ; done'
+#
+# Recheck if there were any new files were added which are not necessary in the
+# contrib tree. If so, remove them and also add them to the FREEBSD-Xlist file.
diff --git a/contrib/libucl/Makefile.am b/contrib/libucl/Makefile.am
deleted file mode 100644
index 5b51bcc3b468..000000000000
--- a/contrib/libucl/Makefile.am
+++ /dev/null
@@ -1,81 +0,0 @@
-ACLOCAL_AMFLAGS = -I m4
-EXTRA_DIST = uthash klib README.md
-
-pkgconfigdir = $(libdir)/pkgconfig
-pkgconfig_DATA = libucl.pc
-
-if LUA_SUB
-  LUA_SUBDIR = lua
-endif
-
-COVERAGE_INFO_FILE = $(top_builddir)/coverage.info
-COVERAGE_REPORT_DIR = $(top_builddir)/coverage
-
-.PHONY = coverage-requirement-check clean-coverage-report
-
-coverage-requirement-check:
-	@if test ! -e $(GCOV); then \
-		echo "Cannot find $(GCOV). Please install gcov."; \
-		exit 1; \
-	fi
-
-coverage: coverage-requirement-check clean-coverage coverage-build coverage-check coverage-report
-	@echo "Please execute 'make clean' before 'make' or 'make check' to remove instrumented object files(compiled with -O0 etc.). Note that 'make clean' also remove coverage data."
-
-coverage-build: coverage-requirement-check
-	@if test `find $(top_builddir) -name "*.gcno" | wc -l` -eq 0; then \
-		echo "Start to remove old non-instrumented object files..."; \
-		$(MAKE) $(AM_MAKEFLAGS) clean; \
-		echo "Successfully removed old non-instrumented object files."; \
-	fi
-	@echo "Start to build libraries with coverage options..."
-	$(MAKE) $(AM_MAKEFLAGS) \
-		CFLAGS="$(CFLAGS) $(COVERAGE_CFLAGS) $(COVERAGE_OPTFLAGS)" \
-		CXXFLAGS="$(CXXFLAGS) $(COVERAGE_CXXFLAGS) $(COVERAGE_OPTFLAGS)" \
-		LDFLAGS="$(LDFLAGS) $(COVERAGE_LDFLAGS)" \
-		LIBS="$(LIBS) $(COVERAGE_LIBS)"
-	@echo "Successfully built libraries with coverage options."
-
-coverage-check: coverage-requirement-check
-	@echo "Start to run tests with instrumented libraries..."
-	$(MAKE) $(AM_MAKEFLAGS) check \
-		CFLAGS="$(CFLAGS) $(COVERAGE_CFLAGS) $(COVERAGE_OPTFLAGS)" \
-		CXXFLAGS="$(CXXFLAGS) $(COVERAGE_CXXFLAGS) $(COVERAGE_OPTFLAGS)" \
-		LDFLAGS="$(LDFLAGS) $(COVERAGE_LDFLAGS)" \
-		LIBS="$(LIBS) $(COVERAGE_LIBS)"
-	@echo "Successfully run tests with instrumented libraries."
-
-coverage-lcov: coverage-check coverage-requirement-check
-	$(LCOV) --capture \
-		--directory "$(top_builddir)/" \
-		--output-file $(COVERAGE_INFO_FILE) \
-		--gcov-tool $(GCOV) \
-		--compat-libtool --checksum
-	$(LCOV) --extract $(COVERAGE_INFO_FILE) `pwd`/src/ucl_\* \
-		--output-file $(COVERAGE_INFO_FILE)
-
-coverage-report: coverage-lcov
-	@echo "Start to create coverage reports..."
-	$(GENHTML) --prefix "$(top_srcdir)" \
-		--output-directory $(COVERAGE_REPORT_DIR) \
-		--title $(PACKAGE_NAME) \
-		--legend --show-details \
-		$(GENHTML_OPTIONS) \
-		$(COVERAGE_INFO_FILE)
-	@echo "Successfully created coverage reports into $(COVERAGE_REPORT_DIR) directory."
-
-clean-coverage-report:
-	-rm -rf $(COVERAGE_INFO_FILE)
-	-rm -rf $(COVERAGE_REPORT_DIR)
-
-clean-coverage: clean-coverage-report
-	-$(LCOV) --gcov-tool $(GCOV) --zerocounters --directory $(top_builddir)
-	@if xargs --version 2>/dev/null; then \
-		find $(top_builddir) -name "*.gcno" | xargs --no-run-if-empty rm; \
-	else \
-		find $(top_builddir) -name "*.gcno" | xargs rm; \
-	fi
-
-clean-local: clean-coverage
-
-SUBDIRS = src tests utils doc $(LUA_SUBDIR)
diff --git a/contrib/libucl/Makefile.unix b/contrib/libucl/Makefile.unix
deleted file mode 100644
index 0653d4843f7e..000000000000
--- a/contrib/libucl/Makefile.unix
+++ /dev/null
@@ -1,89 +0,0 @@
-CC ?= gcc
-DESTDIR ?= /usr/local
-LD ?= gcc
-C_COMMON_FLAGS ?= -fPIC -Wall -W -Wno-unused-parameter -Wno-pointer-sign -I./include -I./uthash -I./src -I./klib
-MAJOR_VERSION = 0
-MINOR_VERSION = 2
-PATCH_VERSION = 9
-VERSION = "$(MAJOR_VERSION).$(MINOR_VERSION).$(PATCH_VERSION)"
-SONAME = libucl.so
-SONAME_FULL = $(SONAME).$(MAJOR_VERSION)
-OBJDIR ?= .obj
-TESTDIR ?= tests
-SRCDIR ?= src
-INCLUDEDIR ?= include
-MKDIR ?= mkdir
-INSTALL ?= install
-RM ?= rm
-RMDIR ?= rmdir
-LN ?= ln
-LD_SHARED_FLAGS ?= -Wl,-soname,$(SONAME) -shared -lm
-LD_UCL_FLAGS ?= -L$(OBJDIR) -Wl,-rpath,$(OBJDIR) -lucl
-LD_ADD ?= -lrt
-COPT_FLAGS ?= -O2
-HDEPS = $(SRCDIR)/ucl_hash.h \
-		$(SRCDIR)/ucl_chartable.h \
-		$(SRCDIR)/ucl_internal.h \
-		$(INCLUDEDIR)/ucl.h \
-		$(SRCDIR)/mum.h
-OBJECTS = $(OBJDIR)/ucl_hash.o \
-		$(OBJDIR)/ucl_util.o \
-		$(OBJDIR)/ucl_parser.o \
-		$(OBJDIR)/ucl_emitter.o \
-		$(OBJDIR)/ucl_schema.o
-
-all: $(OBJDIR) $(OBJDIR)/$(SONAME)
-
-$(OBJDIR)/$(SONAME): $(OBJDIR)/$(SONAME_FULL)
-	$(LN) -sf $(SONAME_FULL) $(OBJDIR)/$(SONAME)
-
-$(OBJDIR)/$(SONAME_FULL): $(OBJECTS)
-	$(CC) -o $(OBJDIR)/$(SONAME_FULL) $(OBJECTS) $(LD_SHARED_FLAGS) $(LDFLAGS) $(SSL_LIBS) $(FETCH_LIBS)
-
-$(OBJDIR):
-	@$(MKDIR) -p $(OBJDIR)
-
-# Compile rules
-$(OBJDIR)/ucl_util.o: $(SRCDIR)/ucl_util.c $(HDEPS)
-	$(CC) -o $(OBJDIR)/ucl_util.o $(CPPFLAGS) $(COPT_FLAGS) $(CFLAGS) $(C_COMMON_FLAGS) $(SSL_CFLAGS) $(FETCH_FLAGS) -c $(SRCDIR)/ucl_util.c
-$(OBJDIR)/ucl_parser.o: $(SRCDIR)/ucl_parser.c $(HDEPS)
-	$(CC) -o $(OBJDIR)/ucl_parser.o $(CPPFLAGS) $(COPT_FLAGS) $(CFLAGS) $(C_COMMON_FLAGS) $(SSL_CFLAGS) $(FETCH_FLAGS) -c $(SRCDIR)/ucl_parser.c
-$(OBJDIR)/ucl_emitter.o: $(SRCDIR)/ucl_emitter.c $(HDEPS)
-	$(CC) -o $(OBJDIR)/ucl_emitter.o $(CPPFLAGS) $(COPT_FLAGS) $(CFLAGS) $(C_COMMON_FLAGS) $(SSL_CFLAGS) $(FETCH_FLAGS) -c $(SRCDIR)/ucl_emitter.c
-$(OBJDIR)/ucl_hash.o: $(SRCDIR)/ucl_hash.c $(HDEPS)
-	$(CC) -o $(OBJDIR)/ucl_hash.o $(CPPFLAGS) $(COPT_FLAGS) $(CFLAGS) $(C_COMMON_FLAGS) $(SSL_CFLAGS) $(FETCH_FLAGS) -c $(SRCDIR)/ucl_hash.c
-$(OBJDIR)/ucl_schema.o: $(SRCDIR)/ucl_schema.c $(HDEPS)
-	$(CC) -o $(OBJDIR)/ucl_schema.o $(CPPFLAGS) $(COPT_FLAGS) $(CFLAGS) $(C_COMMON_FLAGS) $(SSL_CFLAGS) $(FETCH_FLAGS) -c $(SRCDIR)/ucl_schema.c
-
-clean:
-	$(RM) $(OBJDIR)/*.o $(OBJDIR)/$(SONAME_FULL) $(OBJDIR)/$(SONAME) $(OBJDIR)/chargen $(OBJDIR)/test_basic $(OBJDIR)/test_speed $(OBJDIR)/objdump $(OBJDIR)/test_generate $(OBJDIR)/test_schema || true
-	$(RMDIR) $(OBJDIR)
-	
-# Utils
-
-chargen: utils/chargen.c $(OBJDIR)/$(SONAME)
-	$(CC) -o $(OBJDIR)/chargen $(CPPFLAGS) $(COPT_FLAGS) $(CFLAGS) $(C_COMMON_FLAGS) $(SSL_CFLAGS) $(FETCH_FLAGS) $(LDFLAGS) utils/chargen.c
-objdump: utils/objdump.c $(OBJDIR)/$(SONAME)
-	$(CC) -o $(OBJDIR)/objdump $(CPPFLAGS) $(COPT_FLAGS) $(CFLAGS) $(C_COMMON_FLAGS) $(SSL_CFLAGS) $(FETCH_FLAGS) $(LDFLAGS) utils/objdump.c $(LD_UCL_FLAGS)
-
-# Tests
-
-test: $(OBJDIR) $(OBJDIR)/$(SONAME) $(OBJDIR)/test_basic $(OBJDIR)/test_speed $(OBJDIR)/test_generate $(OBJDIR)/test_schema
-
-run-test: test
-	TEST_DIR=$(TESTDIR) $(TESTDIR)/run_tests.sh $(OBJDIR)/test_basic $(OBJDIR)/test_speed $(OBJDIR)/test_generate $(OBJDIR)/test_schema
-	
-$(OBJDIR)/test_basic: $(TESTDIR)/test_basic.c $(OBJDIR)/$(SONAME)
-	$(CC) -o $(OBJDIR)/test_basic $(CPPFLAGS) $(COPT_FLAGS) $(CFLAGS) $(C_COMMON_FLAGS) $(SSL_CFLAGS) $(FETCH_FLAGS) $(LDFLAGS) $(TESTDIR)/test_basic.c $(LD_UCL_FLAGS)
-$(OBJDIR)/test_schema: $(TESTDIR)/test_schema.c $(OBJDIR)/$(SONAME)
-	$(CC) -o $(OBJDIR)/test_schema $(CPPFLAGS) $(COPT_FLAGS) $(CFLAGS) $(C_COMMON_FLAGS) $(SSL_CFLAGS) $(FETCH_FLAGS) $(LDFLAGS) $(TESTDIR)/test_schema.c $(LD_UCL_FLAGS)
-$(OBJDIR)/test_speed: $(TESTDIR)/test_speed.c $(OBJDIR)/$(SONAME)
-	$(CC) -o $(OBJDIR)/test_speed $(CPPFLAGS) $(COPT_FLAGS) $(CFLAGS) $(C_COMMON_FLAGS) $(SSL_CFLAGS) $(FETCH_FLAGS) $(LDFLAGS) $(TESTDIR)/test_speed.c $(LD_UCL_FLAGS) $(LD_ADD)
-$(OBJDIR)/test_generate: $(TESTDIR)/test_generate.c $(OBJDIR)/$(SONAME)
-	$(CC) -o $(OBJDIR)/test_generate $(CPPFLAGS) $(COPT_FLAGS) $(CFLAGS) $(C_COMMON_FLAGS) $(SSL_CFLAGS) $(FETCH_FLAGS) $(LDFLAGS) $(TESTDIR)/test_generate.c $(LD_UCL_FLAGS) $(LD_ADD)
-
-install: $(OBJDIR)/$(SONAME)
-	$(INSTALL) -m0755 $(SONAME) $(DESTDIR)/lib/$(SONAME)
-	$(INSTALL) -m0644 include/ucl.h $(DESTDIR)/include/ucl.h
-
-.PHONY: clean $(OBJDIR)
diff --git a/contrib/libucl/Makefile.w32 b/contrib/libucl/Makefile.w32
deleted file mode 100644
index 5d9398bf1988..000000000000
--- a/contrib/libucl/Makefile.w32
+++ /dev/null
@@ -1,92 +0,0 @@
-CC ?= gcc
-DESTDIR ?= /usr/local
-LD ?= gcc
-C_COMMON_FLAGS ?= -fPIC -Wall -W -Wno-unused-parameter -Wno-pointer-sign -I./include -I./uthash -I./src
-MAJOR_VERSION = 0
-MINOR_VERSION = 2
-PATCH_VERSION = 9
-VERSION = "$(MAJOR_VERSION).$(MINOR_VERSION).$(PATCH_VERSION)"
-SONAME = libucl.dll
-OBJDIR ?= .obj
-TESTDIR ?= tests
-SRCDIR ?= src
-INCLUDEDIR ?= include
-MKDIR ?= mkdir
-INSTALL ?= install
-RM ?= rm
-RMDIR ?= rmdir
-ifeq (Windows_NT, $(OS))
-LN ?= ln
-else
-LN ?= rem ln
-endif
-LD_SHARED_FLAGS ?= -Wl,-soname,$(SONAME) -shared -lm
-LD_UCL_FLAGS ?= -L$(OBJDIR) -Wl,-rpath,$(OBJDIR) -lucl
-LD_ADD ?= -lrt
-COPT_FLAGS ?= -O2
-HDEPS = $(SRCDIR)/ucl_hash.h \
-		$(SRCDIR)/ucl_chartable.h \
-		$(SRCDIR)/ucl_internal.h \
-		$(INCLUDEDIR)/ucl.h \
-		$(SRCDIR)/mum.h
-OBJECTS = $(OBJDIR)/ucl_hash.o \
-		$(OBJDIR)/ucl_util.o \
-		$(OBJDIR)/ucl_parser.o \
-		$(OBJDIR)/ucl_emitter.o \
-		$(OBJDIR)/ucl_emitter_utils.o \
-		$(OBJDIR)/ucl_schema.o
-
-all: $(OBJDIR) $(OBJDIR)/$(SONAME)
-
-$(OBJDIR)/$(SONAME): $(OBJECTS)
-	$(CC) -o $(OBJDIR)/$(SONAME) $(OBJECTS) $(LD_SHARED_FLAGS) $(LDFLAGS) $(SSL_LIBS) $(FETCH_LIBS)
-
-$(OBJDIR):
-	@$(MKDIR) -p $(OBJDIR)
-
-# Compile rules
-$(OBJDIR)/ucl_util.o: $(SRCDIR)/ucl_util.c $(HDEPS)
-	$(CC) -o $(OBJDIR)/ucl_util.o $(CPPFLAGS) $(COPT_FLAGS) $(CFLAGS) $(C_COMMON_FLAGS) $(SSL_CFLAGS) $(FETCH_FLAGS) -c $(SRCDIR)/ucl_util.c
-$(OBJDIR)/ucl_parser.o: $(SRCDIR)/ucl_parser.c $(HDEPS)
-	$(CC) -o $(OBJDIR)/ucl_parser.o $(CPPFLAGS) $(COPT_FLAGS) $(CFLAGS) $(C_COMMON_FLAGS) $(SSL_CFLAGS) $(FETCH_FLAGS) -c $(SRCDIR)/ucl_parser.c
-$(OBJDIR)/ucl_emitter.o: $(SRCDIR)/ucl_emitter.c $(HDEPS)
-	$(CC) -o $(OBJDIR)/ucl_emitter.o $(CPPFLAGS) $(COPT_FLAGS) $(CFLAGS) $(C_COMMON_FLAGS) $(SSL_CFLAGS) $(FETCH_FLAGS) -c $(SRCDIR)/ucl_emitter.c
-$(OBJDIR)/ucl_emitter_utils.o: $(SRCDIR)/ucl_emitter_utils.c $(HDEPS)
-	$(CC) -o $(OBJDIR)/ucl_emitter_utils.o $(CPPFLAGS) $(COPT_FLAGS) $(CFLAGS) $(C_COMMON_FLAGS) $(SSL_CFLAGS) $(FETCH_FLAGS) -c $(SRCDIR)/ucl_emitter_utils.c
-$(OBJDIR)/ucl_hash.o: $(SRCDIR)/ucl_hash.c $(HDEPS)
-	$(CC) -o $(OBJDIR)/ucl_hash.o $(CPPFLAGS) $(COPT_FLAGS) $(CFLAGS) $(C_COMMON_FLAGS) $(SSL_CFLAGS) $(FETCH_FLAGS) -c $(SRCDIR)/ucl_hash.c
-$(OBJDIR)/ucl_schema.o: $(SRCDIR)/ucl_schema.c $(HDEPS)
-	$(CC) -o $(OBJDIR)/ucl_schema.o $(CPPFLAGS) $(COPT_FLAGS) $(CFLAGS) $(C_COMMON_FLAGS) $(SSL_CFLAGS) $(FETCH_FLAGS) -c $(SRCDIR)/ucl_schema.c
-$(OBJDIR)/xxhash.o: $(SRCDIR)/xxhash.c $(HDEPS)
-	$(CC) -o $(OBJDIR)/xxhash.o $(CPPFLAGS) $(COPT_FLAGS) $(CFLAGS) $(C_COMMON_FLAGS) $(SSL_CFLAGS) $(FETCH_FLAGS) -c $(SRCDIR)/xxhash.c
-
-clean:
-	$(RM) $(OBJDIR)/*.o $(OBJDIR)/$(SONAME) $(OBJDIR)/$(SONAME) $(OBJDIR)/chargen $(OBJDIR)/test_basic $(OBJDIR)/test_speed $(OBJDIR)/objdump $(OBJDIR)/test_generate
-	$(RMDIR) $(OBJDIR)
-
-# Utils
-
-chargen: utils/chargen.c $(OBJDIR)/$(SONAME)
-	$(CC) -o $(OBJDIR)/chargen $(CPPFLAGS) $(COPT_FLAGS) $(CFLAGS) $(C_COMMON_FLAGS) $(SSL_CFLAGS) $(FETCH_FLAGS) $(LDFLAGS) utils/chargen.c
-objdump: utils/objdump.c $(OBJDIR)/$(SONAME)
-	$(CC) -o $(OBJDIR)/objdump $(CPPFLAGS) $(COPT_FLAGS) $(CFLAGS) $(C_COMMON_FLAGS) $(SSL_CFLAGS) $(FETCH_FLAGS) $(LDFLAGS) utils/objdump.c $(LD_UCL_FLAGS)
-
-# Tests
-
-test: $(OBJDIR) $(OBJDIR)/$(SONAME) $(OBJDIR)/test_basic $(OBJDIR)/test_speed $(OBJDIR)/test_generate
-
-run-test: test
-	TEST_DIR=$(TESTDIR) $(TESTDIR)/run_tests.sh $(OBJDIR)/test_basic $(OBJDIR)/test_speed $(OBJDIR)/test_generate
-
-$(OBJDIR)/test_basic: $(TESTDIR)/test_basic.c $(OBJDIR)/$(SONAME)
-	$(CC) -o $(OBJDIR)/test_basic $(CPPFLAGS) $(COPT_FLAGS) $(CFLAGS) $(C_COMMON_FLAGS) $(SSL_CFLAGS) $(FETCH_FLAGS) $(LDFLAGS) $(TESTDIR)/test_basic.c $(LD_UCL_FLAGS)
-$(OBJDIR)/test_speed: $(TESTDIR)/test_speed.c $(OBJDIR)/$(SONAME)
-	$(CC) -o $(OBJDIR)/test_speed $(CPPFLAGS) $(COPT_FLAGS) $(CFLAGS) $(C_COMMON_FLAGS) $(SSL_CFLAGS) $(FETCH_FLAGS) $(LDFLAGS) $(TESTDIR)/test_speed.c $(LD_UCL_FLAGS) $(LD_ADD)
-$(OBJDIR)/test_generate: $(TESTDIR)/test_generate.c $(OBJDIR)/$(SONAME)
-	$(CC) -o $(OBJDIR)/test_generate $(CPPFLAGS) $(COPT_FLAGS) $(CFLAGS) $(C_COMMON_FLAGS) $(SSL_CFLAGS) $(FETCH_FLAGS) $(LDFLAGS) $(TESTDIR)/test_generate.c $(LD_UCL_FLAGS) $(LD_ADD)
-
-install: $(OBJDIR)/$(SONAME)
-	$(INSTALL) -m0755 $(SONAME) $(DESTDIR)/lib/$(SONAME)
-	$(INSTALL) -m0644 include/ucl.h $(DESTDIR)/include/ucl.h
-
-.PHONY: clean $(OBJDIR)
diff --git a/contrib/libucl/README.md b/contrib/libucl/README.md
deleted file mode 100644
index 53d8a651d73b..000000000000
--- a/contrib/libucl/README.md
+++ /dev/null
@@ -1,418 +0,0 @@
-# LIBUCL
-
-[![CircleCI](https://circleci.com/gh/vstakhov/libucl.svg?style=svg)](https://circleci.com/gh/vstakhov/libucl)
-[![Coverity](https://scan.coverity.com/projects/4138/badge.svg)](https://scan.coverity.com/projects/4138)
-[![Coverage Status](https://coveralls.io/repos/github/vstakhov/libucl/badge.svg?branch=master)](https://coveralls.io/github/vstakhov/libucl?branch=master)
-
-**Table of Contents**  *generated with [DocToc](http://doctoc.herokuapp.com/)*
-
-- [Introduction](#introduction)
-- [Basic structure](#basic-structure)
-- [Improvements to the json notation](#improvements-to-the-json-notation)
-	- [General syntax sugar](#general-syntax-sugar)
-	- [Automatic arrays creation](#automatic-arrays-creation)
-	- [Named keys hierarchy](#named-keys-hierarchy)
-	- [Convenient numbers and booleans](#convenient-numbers-and-booleans)
-- [General improvements](#general-improvements)
-	- [Comments](#comments)
-	- [Macros support](#macros-support)
-	- [Variables support](#variables-support)
-	- [Multiline strings](#multiline-strings)
-	- [Single quoted strings](#single-quoted-strings)
-- [Emitter](#emitter)
-- [Validation](#validation)
-- [Performance](#performance)
-- [Conclusion](#conclusion)
-
-## Introduction
-
-This document describes the main features and principles of the configuration
-language called `UCL` - universal configuration language.
-
-If you are looking for the libucl API documentation you can find it at [this page](doc/api.md).
-
-## Basic structure
-
-UCL is heavily infused by `nginx` configuration as the example of a convenient configuration
-system. However, UCL is fully compatible with `JSON` format and is able to parse json files.
-For example, you can write the same configuration in the following ways:
-
-* in nginx like:
-
-```nginx
-param = value;
-section {
-    param = value;
-    param1 = value1;
-    flag = true;
-    number = 10k;
-    time = 0.2s;
-    string = "something";
-    subsection {
-        host = {
-            host = "hostname";
-            port = 900;
-        }
-        host = {
-            host = "hostname";
-            port = 901;
-        }
-    }
-}
-```
-
-* or in JSON:
-
-```json
-{
-    "param": "value",
-    "section": {
-        "param": "value",
-        "param1": "value1",
-        "flag": true,
-        "number": 10000,
-        "time": "0.2s",
-        "string": "something",
-        "subsection": {
-            "host": [
-                {
-                    "host": "hostname",
-                    "port": 900
-                },
-                {
-                    "host": "hostname",
-                    "port": 901
-                }
-            ]
-        }
-    }
-}
-```
-
-## Improvements to the json notation.
-
-There are various things that make ucl configuration more convenient for editing than strict json:
-
-### General syntax sugar
-
-* Braces are not necessary to enclose a top object: it is automatically treated as an object:
-
-```json
-"key": "value"
-```
-is equal to:
-```json
-{"key": "value"}
-```
-
-* There is no requirement of quotes for strings and keys, moreover, `:` may be replaced `=` or even be skipped for objects:
-
-```nginx
-key = value;
-section {
-    key = value;
-}
-```
-is equal to:
-```json
-{
-    "key": "value",
-    "section": {
-        "key": "value"
-    }
-}
-```
-
-* No commas mess: you can safely place a comma or semicolon for the last element in an array or an object:
-
-```json
-{
-    "key1": "value",
-    "key2": "value",
-}
-```
-### Automatic arrays creation
-
-* Non-unique keys in an object are allowed and are automatically converted to the arrays internally:
-
-```json
-{
-    "key": "value1",
-    "key": "value2"
-}
-```
-is converted to:
-```json
-{
-    "key": ["value1", "value2"]
-}
-```
-
-### Named keys hierarchy
-
-UCL accepts named keys and organize them into objects hierarchy internally. Here is an example of this process:
-```nginx
-section "blah" {
-	key = value;
-}
-section foo {
-	key = value;
-}
-```
-
-is converted to the following object:
-
-```nginx
-section {
-	blah {
-		key = value;
-	}
-	foo {
-		key = value;
-	}
-}
-```
-
-Plain definitions may be more complex and contain more than a single level of nested objects:
-
-```nginx
-section "blah" "foo" {
-	key = value;
-}
-```
-
-is presented as:
-
-```nginx
-section {
-	blah {
-		foo {
-			key = value;
-		}
-	}
-}
-```
-
-### Convenient numbers and booleans
-
-* Numbers can have suffixes to specify standard multipliers:
-    + `[kKmMgG]` - standard 10 base multipliers (so `1k` is translated to 1000)
-    + `[kKmMgG]b` - 2 power multipliers (so `1kb` is translated to 1024)
-    + `[s|min|d|w|y]` - time multipliers, all time values are translated to float number of seconds, for example `10min` is translated to 600.0 and `10ms` is translated to 0.01
-* Hexadecimal integers can be used by `0x` prefix, for example `key = 0xff`. However, floating point values can use decimal base only.
-* Booleans can be specified as `true` or `yes` or `on` and `false` or `no` or `off`.
-* It is still possible to treat numbers and booleans as strings by enclosing them in double quotes.
-
-## General improvements
-
-### Comments
-
-UCL supports different style of comments:
-
-* single line: `#`
-* multiline: `/* ... */`
-
-Multiline comments may be nested:
-```c
-# Sample single line comment
-/*
- some comment
- /* nested comment */
- end of comment
-*/
-```
-
-### Macros support
-
-UCL supports external macros both multiline and single line ones:
-```nginx
-.macro_name "sometext";
-.macro_name {
-    Some long text
-    ....
-};
-```
-
-Moreover, each macro can accept an optional list of arguments in braces. These
-arguments themselves are the UCL object that is parsed and passed to a macro as
-options:
-
-```nginx
-.macro_name(param=value) "something";
-.macro_name(param={key=value}) "something";
-.macro_name(.include "params.conf") "something";
-.macro_name(#this is multiline macro
-param = [value1, value2]) "something";
-.macro_name(key="()") "something";
-```
-
-UCL also provide a convenient `include` macro to load content from another files
-to the current UCL object. This macro accepts either path to file:
-
-```nginx
-.include "/full/path.conf"
-.include "./relative/path.conf"
-.include "${CURDIR}/path.conf"
-```
-
-or URL (if ucl is built with url support provided by either `libcurl` or `libfetch`):
-
-	.include "http://example.com/file.conf"
-
-`.include` macro supports a set of options:
-
-* `try` (default: **false**) - if this option is `true` than UCL treats errors on loading of
-this file as non-fatal. For example, such a file can be absent but it won't stop the parsing
-of the top-level document.
-* `sign` (default: **false**) - if this option is `true` UCL loads and checks the signature for
-a file from path named `<FILEPATH>.sig`. Trusted public keys should be provided for UCL API after
-parser is created but before any configurations are parsed.
-* `glob` (default: **false**) - if this option is `true` UCL treats the filename as GLOB pattern and load
-all files that matches the specified pattern (normally the format of patterns is defined in `glob` manual page
-for your operating system). This option is meaningless for URL includes.
-* `url` (default: **true**) - allow URL includes.
-* `path` (default: empty) - A UCL_ARRAY of directories to search for the include file.
-Search ends after the first match, unless `glob` is true, then all matches are included.
-* `prefix` (default false) - Put included contents inside an object, instead
-of loading them into the root. If no `key` is provided, one is automatically generated based on each files basename()
-* `key` (default: <empty string>) - Key to load contents of include into. If
-the key already exists, it must be the correct type
-* `target` (default: object) - Specify if the `prefix` `key` should be an
-object or an array.
-* `priority` (default: 0) - specify priority for the include (see below).
-* `duplicate` (default: 'append') - specify policy of duplicates resolving:
-	- `append` - default strategy, if we have new object of higher priority then it replaces old one, if we have new object with less priority it is ignored completely, and if we have two duplicate objects with the same priority then we have a multi-value key (implicit array)
-	- `merge` - if we have object or array, then new keys are merged inside, if we have a plain object then an implicit array is formed (regardless of priorities)
-	- `error` - create error on duplicate keys and stop parsing
-	- `rewrite` - always rewrite an old value with new one (ignoring priorities)
-
-Priorities are used by UCL parser to manage the policy of objects rewriting during including other files
-as following:
-
-* If we have two objects with the same priority then we form an implicit array
-* If a new object has bigger priority then we overwrite an old one
-* If a new object has lower priority then we ignore it
-
-By default, the priority of top-level object is set to zero (lowest priority). Currently,
-you can define up to 16 priorities (from 0 to 15). Includes with bigger priorities will
-rewrite keys from the objects with lower priorities as specified by the policy. The priority
-of the top-level or any other object can be changed with the `.priority` macro, which has no
-options and takes the new priority:
-
-```
-# Default priority: 0.
-foo = 6
-.priority 5
-# The following will have priority 5.
-bar = 6
-baz = 7
-# The following will be included with a priority of 3, 5, and 6 respectively.
-.include(priority=3) "path.conf"
-.include(priority=5) "equivalent-path.conf"
-.include(priority=6) "highpriority-path.conf"
-```
-
-### Variables support
-
-UCL supports variables in input. Variables are registered by a user of the UCL parser and can be presented in the following forms:
-
-* `${VARIABLE}`
-* `$VARIABLE`
-
-UCL currently does not support nested variables. To escape variables one could use double dollar signs:
-
-* `$${VARIABLE}` is converted to `${VARIABLE}`
-* `$$VARIABLE` is converted to `$VARIABLE`
-
-However, if no valid variables are found in a string, no expansion will be performed (and `$$` thus remains unchanged). This may be a subject
-to change in future libucl releases.
-
-### Multiline strings
-
-UCL can handle multiline strings as well as single line ones. It uses shell/perl like notation for such objects:
-```
-key = <<EOD
-some text
-splitted to
-lines
-EOD
-```
-
-In this example `key` will be interpreted as the following string: `some text\nsplitted to\nlines`.
-Here are some rules for this syntax:
-
-* Multiline terminator must start just after `<<` symbols and it must consist of capital letters only (e.g. `<<eof` or `<< EOF` won't work);
-* Terminator must end with a single newline character (and no spaces are allowed between terminator and newline character);
-* To finish multiline string you need to include a terminator string just after newline and followed by a newline (no spaces or other characters are allowed as well);
-* The initial and the final newlines are not inserted to the resulting string, but you can still specify newlines at the beginning and at the end of a value, for example:
-
-```
-key <<EOD
-
-some
-text
-
-EOD
-```
-
-### Single quoted strings
-
-It is possible to use single quoted strings to simplify escaping rules. All values passed in single quoted strings are *NOT* escaped, with two exceptions: a single `'` character just before `\` character, and a newline character just after `\` character that is ignored.
-
-```
-key = 'value'; # Read as value
-key = 'value\n\'; # Read as  value\n\
-key = 'value\''; # Read as value'
-key = 'value\
-bla'; # Read as valuebla
-```
-
-## Emitter
-
-Each UCL object can be serialized to one of the four supported formats:
-
-* `JSON` - canonic json notation (with spaces indented structure);
-* `Compacted JSON` - compact json notation (without spaces or newlines);
-* `Configuration` - nginx like notation;
-* `YAML` - yaml inlined notation.
-
-## Validation
-
-UCL allows validation of objects. It uses the same schema that is used for json: [json schema v4](http://json-schema.org). UCL supports the full set of json schema with the exception of remote references. This feature is unlikely useful for configuration objects. Of course, a schema definition can be in UCL format instead of JSON that simplifies schemas writing. Moreover, since UCL supports multiple values for keys in an object it is possible to specify generic integer constraints `maxValues` and `minValues` to define the limits of values count in a single key. UCL currently is not absolutely strict about validation schemas themselves, therefore UCL users should supply valid schemas (as it is defined in json-schema draft v4) to ensure that the input objects are validated properly.
-
-## Performance
-
-Are UCL parser and emitter fast enough? Well, there are some numbers.
-I got a 19Mb file that consist of ~700 thousand lines of json (obtained via
-http://www.json-generator.com/). Then I checked jansson library that performs json
-parsing and emitting and compared it with UCL. Here are results:
-
-```
-jansson: parsed json in 1.3899 seconds
-jansson: emitted object in 0.2609 seconds
-
-ucl: parsed input in 0.6649 seconds
-ucl: emitted config in 0.2423 seconds
-ucl: emitted json in 0.2329 seconds
-ucl: emitted compact json in 0.1811 seconds
-ucl: emitted yaml in 0.2489 seconds
-```
-
-So far, UCL seems to be significantly faster than jansson on parsing and slightly faster on emitting. Moreover,
-UCL compiled with optimizations (-O3) performs significantly faster:
-```
-ucl: parsed input in 0.3002 seconds
-ucl: emitted config in 0.1174 seconds
-ucl: emitted json in 0.1174 seconds
-ucl: emitted compact json in 0.0991 seconds
-ucl: emitted yaml in 0.1354 seconds
-```
-
-You can do your own benchmarks by running `make check` in libucl top directory.
-
-## Conclusion
-
-UCL has clear design that should be very convenient for reading and writing. At the same time it is compatible with
-JSON language and therefore can be used as a simple JSON parser. Macro logic provides an ability to extend configuration
-language (for example by including some lua code) and comments allow to disable or enable the parts of a configuration
-quickly.
diff --git a/contrib/libucl/autogen.sh b/contrib/libucl/autogen.sh
deleted file mode 100755
index 68f4a174b46e..000000000000
--- a/contrib/libucl/autogen.sh
+++ /dev/null
@@ -1,2 +0,0 @@
-#!/bin/sh
-autoreconf -i
diff --git a/contrib/libucl/configure.ac b/contrib/libucl/configure.ac
deleted file mode 100644
index 731b7113e689..000000000000
--- a/contrib/libucl/configure.ac
+++ /dev/null
@@ -1,188 +0,0 @@
-m4_define([maj_ver], [0])
-m4_define([med_ver], [8])
-m4_define([min_ver], [1])
-m4_define([so_version], [6:0:1])
-m4_define([ucl_version], [maj_ver.med_ver.min_ver])
-
-AC_INIT([libucl],[ucl_version],[https://github.com/vstakhov/libucl],[libucl])
-AC_CONFIG_SRCDIR([configure.ac])
-AM_INIT_AUTOMAKE([1.11 foreign -Wall -Wportability no-dist-gzip dist-xz])
-m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
-
-UCL_VERSION=ucl_version
-SO_VERSION=so_version
-
-AC_SUBST(UCL_VERSION)
-AC_SUBST(SO_VERSION)
-
-AC_PROG_CC_C99
-AM_PROG_CC_C_O
-AM_PROG_AR
-LT_INIT
-AC_CONFIG_MACRO_DIR([m4])
-AC_CONFIG_HEADERS([config.h])
-
-AC_C_CONST
-AC_TYPE_SIZE_T
-
-AC_CHECK_HEADERS_ONCE([fcntl.h unistd.h])
-AC_TYPE_OFF_T
-AC_FUNC_MMAP
-AC_CHECK_HEADERS_ONCE([fcntl.h])
-AC_CHECK_HEADERS_ONCE([sys/types.h])
-AC_CHECK_HEADERS_ONCE([sys/stat.h])
-AC_CHECK_HEADERS_ONCE([sys/param.h])
-AC_CHECK_HEADERS_ONCE([sys/mman.h])
-AC_CHECK_HEADERS_ONCE([stdlib.h])
-AC_CHECK_HEADERS_ONCE([stddef.h])
-AC_CHECK_HEADERS_ONCE([stdarg.h])
-AC_CHECK_HEADERS_ONCE([stdbool.h])
-AC_CHECK_HEADERS_ONCE([stdint.h])
-AC_CHECK_HEADERS_ONCE([string.h])
-AC_CHECK_HEADERS_ONCE([strings.h])
-AC_CHECK_HEADERS_ONCE([unistd.h])
-AC_CHECK_HEADERS_ONCE([ctype.h])
-AC_CHECK_HEADERS_ONCE([errno.h])
-AC_CHECK_HEADERS_ONCE([limits.h])
-AC_CHECK_HEADERS_ONCE([libgen.h])
-AC_CHECK_HEADERS_ONCE([stdio.h])
-AC_CHECK_HEADERS_ONCE([float.h])
-AC_CHECK_HEADERS_ONCE([math.h])
-AC_CHECK_HEADERS_ONCE([endian.h sys/endian.h machine/endian.h])
-
-dnl Example of default-disabled feature
-AC_ARG_ENABLE([urls], AS_HELP_STRING([--enable-urls], 
-	[Enable URLs fetch (requires libfetch or libcurl) @<:@default=no@:>@]), [],
-	[enable_urls=no])
-AC_ARG_ENABLE([regex], AS_HELP_STRING([--enable-regex], 
-	[Enable regex checking for schema @<:@default=yes@:>@]), [],
-	[enable_regex=yes])
-AC_ARG_ENABLE([signatures], AS_HELP_STRING([--enable-signatures],
-	[Enable signatures check (requires openssl) @<:@default=no@:>@]), [],
-	[enable_signatures=no])
-AC_ARG_ENABLE([lua], AS_HELP_STRING([--enable-lua],
-	[Enable lua API build (requires lua libraries and headers) @<:@default=no@:>@]), [],
-	[enable_lua=no])
-AC_ARG_ENABLE([utils],
-	AS_HELP_STRING([--enable-utils], [Build and install utils @<:@default=no@:>@]),
-	[case "${enableval}" in
-  		yes) utils=true ;;
-  		no)  utils=false ;;
-  		*) AC_MSG_ERROR([bad value ${enableval} for --enable-utils]) ;;
-	esac],[utils=false])
-AM_CONDITIONAL([UTILS], [test x$utils = xtrue])
-
-AS_IF([test "x$enable_signatures" = "xyes"], [
-	AC_SEARCH_LIBS([CRYPTO_new_ex_data], [crypto], [
-		AC_DEFINE(HAVE_OPENSSL, 1, [Define to 1 if you have the 'crypto' library (-lcrypto).])
-		LIBCRYPTO_LIB="-lcrypto"
-		LIBS_EXTRA="${LIBS_EXTRA} -lcrypto"
-		], [AC_MSG_ERROR([unable to find the CRYPTO_new_ex_data() function])])
-])
-AC_SUBST(LIBCRYPTO_LIB)
-AC_PATH_PROG(PANDOC, pandoc, [/non/existent])
-
-AC_SEARCH_LIBS([clock_gettime], [rt], [], [
-	AC_CHECK_HEADER([mach/mach_time.h], [
-		AC_DEFINE(HAVE_MACH_MACH_TIME_H, 1, [Define to 1 on Darwin])
-	], [AC_MSG_ERROR([unable to find clock_gettime or mach_absolute_time])])
-])
-AC_SEARCH_LIBS([remainder], [m], [], [AC_MSG_ERROR([unable to find remainder() function])])
-
-AS_IF([test "x$enable_regex" = "xyes"], [
-	AC_CHECK_HEADER([regex.h], [
-		AC_DEFINE(HAVE_REGEX_H, 1, [Define to 1 if you have the <regex.h> header file.])
-		AC_SEARCH_LIBS([regexec], [regex], [
-			AS_IF([test "x$ac_cv_search_regexec" = "x-lregex"], [
-				LIBREGEX_LIB="-lregex"
-				LIBS_EXTRA="${LIBS_EXTRA} -lregex"
-				]
-			)], 
-			[AC_MSG_ERROR([unable to find the regexec() function])])],
-			[AC_MSG_ERROR([unable to find the regex.h header])
-		],
-		[#include <sys/types.h>])
-])
-AC_SUBST(LIBREGEX_LIB)
-
-AS_IF([test "x$enable_lua" = "xyes"], [
-	AX_PROG_LUA([5.1], [], [
-		AX_LUA_HEADERS([
-			AX_LUA_LIBS([
-				AC_DEFINE(HAVE_LUA, 1, [Define to 1 for lua support.])
-				with_lua="yes"
-			], [AC_MSG_ERROR([unable to find the lua libraries])
-			])
-		], [AC_MSG_ERROR([unable to find the lua header files])
-		])
-	], [AC_MSG_ERROR([unable to find the lua interpreter])])
-], [with_lua="no"])
-
-AM_CONDITIONAL([LUA_SUB], [test "$with_lua" = "yes"])
-
-AS_IF([test "x$enable_urls" = "xyes"], [
-	AC_CHECK_HEADER([fetch.h], [
-		AC_DEFINE(HAVE_FETCH_H, 1, [Define to 1 if you have the <fetch.h> header file.])
-		AC_CHECK_LIB(fetch, fetchXGet, [
-			AC_DEFINE(HAVE_LIBFETCH, 1, [Define to 1 if you have the 'fetch' library (-lfetch).])
-			LIBFETCH_LIBS="-lfetch"
-			have_libfetch="yes"
-			LIBS_EXTRA="${LIBS_EXTRA} -lfetch"
-		])
-	], [],[
-	#include <stdio.h>
-	#ifdef HAVE_SYS_PARAM_H
-	#include <sys/param.h>
-	#endif
-	])
-	AC_SUBST(LIBFETCH_LIBS)
-
-	AS_IF([ test "x$have_libfetch" != "xyes"], [
-		dnl Fallback to libcurl
-		PKG_CHECK_MODULES([CURL], [libcurl], [
-			AC_DEFINE(CURL_FOUND, 1, [Use libcurl])
-			LIBS_EXTRA="${LIBS_EXTRA} -lcurl"],
-		[AC_MSG_ERROR([unable to find neither libfetch nor libcurl])])
-	])
-	AC_SUBST(CURL_FOUND)
-	AC_SUBST(CURL_LIBS)
-	AC_SUBST(CURL_CFLAGS)
-])
-
-AC_SUBST(LIBS_EXTRA)
-
-AC_MSG_CHECKING(for GCC atomic builtins)
-AC_LINK_IFELSE([
-	AC_LANG_SOURCE([[
-		int main() {
-			volatile unsigned long val = 1;
-			__sync_synchronize();
-			__sync_val_compare_and_swap(&val, 1, 0);
-			__sync_add_and_fetch(&val, 1);
-			__sync_sub_and_fetch(&val, 1);
-			return 0;
-		}
-	]])
-],
-[
-	AC_MSG_RESULT([yes])
-	AC_DEFINE([HAVE_ATOMIC_BUILTINS], [1], [Has gcc/MSVC atomic intrinsics])
-],
-[
-	AC_MSG_RESULT([no])
-	AC_DEFINE([HAVE_ATOMIC_BUILTINS], [0], [Has gcc/MSVC atomic intrinsics])
-	AC_MSG_WARN([Libucl references could be thread-unsafe because atomic builtins are missing])
-])
-
-AX_CODE_COVERAGE
-
-AC_CONFIG_FILES(Makefile \
-	src/Makefile \
-	lua/Makefile
-	tests/Makefile \
-	utils/Makefile \
-	doc/Makefile \
-	lua/libucl.rockspec \
-	libucl.pc)
-AC_CONFIG_FILES([stamp-h], [echo timestamp > stamp-h])
-AC_OUTPUT
diff --git a/contrib/libucl/doc/Makefile.am b/contrib/libucl/doc/Makefile.am
deleted file mode 100644
index dcfacf6a9a25..000000000000
--- a/contrib/libucl/doc/Makefile.am
+++ /dev/null
@@ -1,9 +0,0 @@
-EXTRA_DIST = api.md
-
-dist_man_MANS = libucl.3
-
-gen-man: @PANDOC@
-	tail -n +$$(grep -n '# Synopsis' api.md | cut -d':' -f1) api.md | \
-	cat pandoc.template - | sed -e 's/^# \(.*\)/# \U\1/' \
-	-e "s/%%date%%/$$(LANG=C date +'%d %B, %Y')/" | \
-	@PANDOC@ -s -f markdown -t man -o libucl.3
diff --git a/contrib/libucl/doc/api.md b/contrib/libucl/doc/api.md
deleted file mode 100644
index a0d33c0e68a9..000000000000
--- a/contrib/libucl/doc/api.md
+++ /dev/null
@@ -1,506 +0,0 @@
-# API documentation
-
-**Table of Contents**  *generated with [DocToc](http://doctoc.herokuapp.com/)*
-
-- [Synopsis](#synopsis)
-- [Description](#description)
-	- [Parser functions](#parser-functions)
-	- [Emitting functions](#emitting-functions)
-	- [Conversion functions](#conversion-functions)
-	- [Generation functions](#generation-functions)
-	- [Iteration functions](#iteration-functions)
-	- [Validation functions](#validation-functions)
-	- [Utility functions](#utility-functions)
-- [Parser functions](#parser-functions-1)
-	- [ucl_parser_new](#ucl_parser_new)
-	- [ucl_parser_register_macro](#ucl_parser_register_macro)
-	- [ucl_parser_register_variable](#ucl_parser_register_variable)
-	- [ucl_parser_add_chunk](#ucl_parser_add_chunk)
-	- [ucl_parser_add_string](#ucl_parser_add_string)
-	- [ucl_parser_add_file](#ucl_parser_add_file)
-	- [ucl_parser_get_object](#ucl_parser_get_object)
-	- [ucl_parser_get_error](#ucl_parser_get_error)
-	- [ucl_parser_free](#ucl_parser_free)
-	- [ucl_pubkey_add](#ucl_pubkey_add)
-	- [ucl_parser_set_filevars](#ucl_parser_set_filevars)
-	- [Parser usage example](#parser-usage-example)
-- [Emitting functions](#emitting-functions-1)
-	- [ucl_object_emit](#ucl_object_emit)
-	- [ucl_object_emit_full](#ucl_object_emit_full)
-- [Conversion functions](#conversion-functions-1)
-- [Generation functions](#generation-functions-1)
-	- [ucl_object_new](#ucl_object_new)
-	- [ucl_object_typed_new](#ucl_object_typed_new)
-	- [Primitive objects generation](#primitive-objects-generation)
-	- [ucl_object_fromstring_common](#ucl_object_fromstring_common)
-- [Iteration functions](#iteration-functions-1)
-	- [ucl_iterate_object](#ucl_iterate_object)
-- [Validation functions](#validation-functions-1)
-	- [ucl_object_validate](#ucl_object_validate)
-
-# Synopsis
-
-`#include <ucl.h>`
-
-# Description
-
-Libucl is a parser and `C` API to parse and generate `ucl` objects. Libucl consist of several groups of functions:
-
-### Parser functions
-Used to parse `ucl` files and provide interface to extract `ucl` object. Currently, `libucl` can parse only full `ucl` documents, for instance, it is impossible to parse a part of document and therefore it is impossible to use `libucl` as a streaming parser. In future, this limitation can be removed.
-
-### Emitting functions
-Convert `ucl` objects to some textual or binary representation. Currently, libucl supports the following exports:
-
-- `JSON` - valid json format (can possibly lose some original data, such as implicit arrays)
-- `Config` - human-readable configuration format (lossless)
-- `YAML` - embedded yaml format (has the same limitations as `json` output)
-
-### Conversion functions
-Help to convert `ucl` objects to C types. These functions are used to convert `ucl_object_t` to C primitive types, such as numbers, strings or boolean values.
-
-### Generation functions
-Allow creation of `ucl` objects from C types and creating of complex `ucl` objects, such as hashes or arrays from primitive `ucl` objects, such as numbers or strings.
-
-### Iteration functions
-Iterate over `ucl` complex objects or over a chain of values, for example when a key in an object has multiple values (that can be treated as implicit array or implicit consolidation).
-
-### Validation functions
-Validation functions are used to validate some object `obj` using json-schema compatible object `schema`. Both input and schema must be UCL objects to perform validation.
-
-### Utility functions
-Provide basic utilities to manage `ucl` objects: creating, removing, retaining and releasing reference count and so on.
-
-# Parser functions
-
-Parser functions operates with `struct ucl_parser`.
-
-### ucl_parser_new
-
-~~~C
-struct ucl_parser* ucl_parser_new (int flags);
-~~~
-
-Creates new parser with the specified flags:
-
-- `UCL_PARSER_KEY_LOWERCASE` - lowercase keys parsed
-- `UCL_PARSER_ZEROCOPY` - try to use zero-copy mode when reading files (in zero-copy mode text chunk being parsed without copying strings so it should exist till any object parsed is used)
-- `UCL_PARSER_NO_TIME` - treat time values as strings without parsing them as floats
-
-### ucl_parser_register_macro
-
-~~~C
-void ucl_parser_register_macro (struct ucl_parser *parser,
-    const char *macro, ucl_macro_handler handler, void* ud);
-~~~
-
-Register new macro with name .`macro` parsed by handler `handler` that accepts opaque data pointer `ud`. Macro handler should be of the following type:
-
-~~~C
-bool (*ucl_macro_handler) (const unsigned char *data,
-    size_t len, void* ud);`
-~~~
-
-Handler function accepts macro text `data` of length `len` and the opaque pointer `ud`. If macro is parsed successfully the handler should return `true`. `false` indicates parsing failure and the parser can be terminated.
-
-### ucl_parser_register_variable
-
-~~~C
-void ucl_parser_register_variable (struct ucl_parser *parser,
-    const char *var, const char *value);
-~~~
-
-Register new variable $`var` that should be replaced by the parser to the `value` string.
-
-### ucl_parser_add_chunk
-
-~~~C
-bool ucl_parser_add_chunk (struct ucl_parser *parser, 
-    const unsigned char *data, size_t len);
-~~~
-
-Add new text chunk with `data` of length `len` to the parser. At the moment, `libucl` parser is not a streamlined parser and chunk *must* contain the *valid* ucl object. For example, this object should be valid:
-
-~~~json
-{ "var": "value" }
-~~~
-
-while this one won't be parsed correctly:
-
-~~~json
-{ "var": 
-~~~
-
-This limitation may possible be removed in future.
-
-### ucl_parser_add_string
-~~~C
-bool ucl_parser_add_string (struct ucl_parser *parser, 
-    const char *data, size_t len);
-~~~
-
-This function acts exactly like `ucl_parser_add_chunk` does but if `len` argument is zero, then the string `data` must be zero-terminated and the actual length is calculated up to `\0` character. 
-
-### ucl_parser_add_file
-
-~~~C
-bool ucl_parser_add_file (struct ucl_parser *parser, 
-    const char *filename);
-~~~
-
-Load file `filename` and parse it with the specified `parser`. This function uses `mmap` call to load file, therefore, it should not be `shrunk` during parsing. Otherwise, `libucl` can cause memory corruption and terminate the calling application. This function is also used by the internal handler of `include` macro, hence, this macro has the same limitation.
-
-### ucl_parser_get_object
-
-~~~C
-ucl_object_t* ucl_parser_get_object (struct ucl_parser *parser);
-~~~
-
-If the `ucl` data has been parsed correctly this function returns the top object for the parser. Otherwise, this function returns the `NULL` pointer. The reference count for `ucl` object returned is increased by one, therefore, a caller should decrease reference by using `ucl_object_unref` to free object after usage.
-
-### ucl_parser_get_error
-
-~~~C
-const char *ucl_parser_get_error(struct ucl_parser *parser);
-~~~
-
-Returns the constant error string for the parser object. If no error occurred during parsing a `NULL` object is returned. A caller should not try to free or modify this string.
-
-### ucl_parser_free
-
-~~~C
-void ucl_parser_free (struct ucl_parser *parser);
-~~~
-
-Frees memory occupied by the parser object. The reference count for top object is decreased as well, however if the function `ucl_parser_get_object` was called previously then the top object won't be freed.
-
-### ucl_pubkey_add
-
-~~~C
-bool ucl_pubkey_add (struct ucl_parser *parser, 
-    const unsigned char *key, size_t len);
-~~~
-
-This function adds a public key from text blob `key` of length `len` to the `parser` object. This public key should be in the `PEM` format and can be used by `.includes` macro for checking signatures of files included. `Openssl` support should be enabled to make this function working. If a key cannot be added (e.g. due to format error) or `openssl` was not linked to `libucl` then this function returns `false`.
-
-### ucl_parser_set_filevars
-
-~~~C
-bool ucl_parser_set_filevars (struct ucl_parser *parser, 
-    const char *filename, bool need_expand);
-~~~
-
-Add the standard file variables to the `parser` based on the `filename` specified:
-
-- `$FILENAME` - a filename of `ucl` input
-- `$CURDIR` - a current directory of the input
-
-For example, if a `filename` param is `../something.conf` then the variables will have the following values:
-
-- `$FILENAME` - "../something.conf"
-- `$CURDIR` - ".."
-
-if `need_expand` parameter is `true` then all relative paths are expanded using `realpath` call. In this example if `..` is `/etc/dir` then variables will have these values:
-
-- `$FILENAME` - "/etc/something.conf"
-- `$CURDIR` - "/etc"
-
-## Parser usage example
-
-The following example loads, parses and extracts `ucl` object from stdin using `libucl` parser functions (the length of input is limited to 8K):
-
-~~~C
-char inbuf[8192];
-struct ucl_parser *parser = NULL;
-int ret = 0, r = 0;
-ucl_object_t *obj = NULL;
-FILE *in;
-
-in = stdin;
-parser = ucl_parser_new (0);
-while (!feof (in) && r < (int)sizeof (inbuf)) {
-	r += fread (inbuf + r, 1, sizeof (inbuf) - r, in);
-}
-ucl_parser_add_chunk (parser, inbuf, r);
-fclose (in);
-
-if (ucl_parser_get_error (parser)) {
-	printf ("Error occurred: %s\n", ucl_parser_get_error (parser));
-	ret = 1;
-}
-else {
-    obj = ucl_parser_get_object (parser);
-}
-
-if (parser != NULL) {
-	ucl_parser_free (parser);
-}
-if (obj != NULL) {
-	ucl_object_unref (obj);
-}
-return ret;
-~~~
-
-# Emitting functions
-
-Libucl can transform UCL objects to a number of textual formats:
-
-- configuration (`UCL_EMIT_CONFIG`) - nginx like human readable configuration file where implicit arrays are transformed to the duplicate keys
-- compact json: `UCL_EMIT_JSON_COMPACT` - single line valid json without spaces
-- formatted json: `UCL_EMIT_JSON` - pretty formatted JSON with newlines and spaces
-- compact yaml: `UCL_EMIT_YAML` - compact YAML output
-
-Moreover, libucl API allows to select a custom set of emitting functions allowing 
-efficient and zero-copy output of libucl objects. Libucl uses the following structure to support this feature:
-
-~~~C
-struct ucl_emitter_functions {
-	/** Append a single character */
-	int (*ucl_emitter_append_character) (unsigned char c, size_t nchars, void *ud);
-	/** Append a string of a specified length */
-	int (*ucl_emitter_append_len) (unsigned const char *str, size_t len, void *ud);
-	/** Append a 64 bit integer */
-	int (*ucl_emitter_append_int) (int64_t elt, void *ud);
-	/** Append floating point element */
-	int (*ucl_emitter_append_double) (double elt, void *ud);
-	/** Opaque userdata pointer */
-	void *ud;
-};
-~~~
-
-This structure defines the following callbacks:
-
-- `ucl_emitter_append_character` - a function that is called to append `nchars` characters equal to `c`
-- `ucl_emitter_append_len` - used to append a string of length `len` starting from pointer `str`
-- `ucl_emitter_append_int` - this function applies to integer numbers
-- `ucl_emitter_append_double` - this function is intended to output floating point variable
-
-The set of these functions could be used to output text formats of `UCL` objects to different structures or streams.
-
-Libucl provides the following functions for emitting UCL objects:
-
-### ucl_object_emit
-
-~~~C
-unsigned char *ucl_object_emit (const ucl_object_t *obj, enum ucl_emitter emit_type);
-~~~
-
-Allocate a string that is suitable to fit the underlying UCL object `obj` and fill it with the textual representation of the object `obj` according to style `emit_type`. The caller should free the returned string after using.
-
-### ucl_object_emit_full
-
-~~~C
-bool ucl_object_emit_full (const ucl_object_t *obj, enum ucl_emitter emit_type,
-		struct ucl_emitter_functions *emitter);
-~~~
-
-This function is similar to the previous with the exception that it accepts the additional argument `emitter` that defines the concrete set of output functions. This emit function could be useful for custom structures or streams emitters (including C++ ones, for example).
-
-# Conversion functions
-
-Conversion functions are used to convert UCL objects to primitive types, such as strings, numbers, or boolean values. There are two types of conversion functions:
-
-- safe: try to convert an ucl object to a primitive type and fail if such a conversion is not possible
-- unsafe: return primitive type without additional checks, if the object cannot be converted then some reasonable default is returned (NULL for strings and 0 for numbers)
-
-Also there is a single `ucl_object_tostring_forced` function that converts any UCL object (including compound types - arrays and objects) to a string representation. For objects, arrays, booleans and numeric types this function performs emitting to a compact json format actually.
-
-Here is a list of all conversion functions:
-
-- `ucl_object_toint` - returns `int64_t` of UCL object
-- `ucl_object_todouble` - returns `double` of UCL object
-- `ucl_object_toboolean` - returns `bool` of UCL object
-- `ucl_object_tostring` - returns `const char *` of UCL object (this string is NULL terminated)
-- `ucl_object_tolstring` - returns `const char *` and `size_t` len of UCL object (string does not need to be NULL terminated)
-- `ucl_object_tostring_forced` - returns string representation of any UCL object
-
-Strings returned by these pointers are associated with the UCL object and exist over its lifetime. A caller should not free this memory.
-
-# Generation functions
-
-It is possible to generate UCL objects from C primitive types. Moreover, libucl allows creation and modifying complex UCL objects, such as arrays or associative objects. 
-
-## ucl_object_new
-~~~C
-ucl_object_t * ucl_object_new (void)
-~~~
-
-Creates new object of type `UCL_NULL`. This object should be released by caller.
-
-## ucl_object_typed_new
-~~~C
-ucl_object_t * ucl_object_typed_new (unsigned int type)
-~~~
-
-Create an object of a specified type:
-- `UCL_OBJECT` - UCL object - key/value pairs
-- `UCL_ARRAY` - UCL array
-- `UCL_INT` - integer number
-- `UCL_FLOAT` - floating point number
-- `UCL_STRING` - NULL terminated string
-- `UCL_BOOLEAN` - boolean value
-- `UCL_TIME` - time value (floating point number of seconds)
-- `UCL_USERDATA` - opaque userdata pointer (may be used in macros)
-- `UCL_NULL` - null value
-
-This object should be released by caller.
-
-## Primitive objects generation
-Libucl provides the functions similar to inverse conversion functions called with the specific C type:
-- `ucl_object_fromint` - converts `int64_t` to UCL object
-- `ucl_object_fromdouble` - converts `double` to UCL object
-- `ucl_object_frombool` - converts `bool` to UCL object
-- `ucl_object_fromstring` - converts `const char *` to UCL object (this string should be NULL terminated)
-- `ucl_object_fromlstring` - converts `const char *` and `size_t` len to UCL object (string does not need to be NULL terminated)
-
-Also there is a function to generate UCL object from a string performing various parsing or conversion operations called `ucl_object_fromstring_common`.
-
-## ucl_object_fromstring_common
-~~~C
-ucl_object_t * ucl_object_fromstring_common (const char *str, 
-	size_t len, enum ucl_string_flags flags)
-~~~
-
-This function is used to convert a string `str` of size `len` to a UCL object applying `flags` conversions. If `len` is equal to zero then a `str` is assumed as NULL-terminated. This function supports the following flags (a set of flags can be specified using logical `OR` operation):
-
-- `UCL_STRING_ESCAPE` - perform JSON escape
-- `UCL_STRING_TRIM` - trim leading and trailing whitespaces
-- `UCL_STRING_PARSE_BOOLEAN` - parse passed string and detect boolean
-- `UCL_STRING_PARSE_INT` - parse passed string and detect integer number
-- `UCL_STRING_PARSE_DOUBLE` - parse passed string and detect integer or float number
-- `UCL_STRING_PARSE_TIME` - parse time values as floating point numbers
-- `UCL_STRING_PARSE_NUMBER` - parse passed string and detect number (both float, integer and time types)
-- `UCL_STRING_PARSE` - parse passed string (and detect booleans, numbers and time values)
-- `UCL_STRING_PARSE_BYTES` - assume that numeric multipliers are in bytes notation, for example `10k` means `10*1024` and not `10*1000` as assumed without this flag
-
-If parsing operations fail then the resulting UCL object will be a `UCL_STRING`. A caller should always check the type of the returned object and release it after using.
-
-# Iteration functions
-
-Iteration are used to iterate over UCL compound types: arrays and objects. Moreover, iterations could be performed over the keys with multiple values (implicit arrays).
-There are two types of iterators API: old and unsafe one via `ucl_iterate_object` and the proposed interface of safe iterators.
-
-
-## ucl_iterate_object
-~~~C
-const ucl_object_t* ucl_iterate_object (const ucl_object_t *obj, 
-	ucl_object_iter_t *iter, bool expand_values);
-~~~
-
-This function accepts opaque iterator pointer `iter`. In the first call this iterator *must* be initialized to `NULL`. Iterator is changed by this function call. `ucl_iterate_object` returns the next UCL object in the compound object `obj` or `NULL` if all objects have been iterated. The reference count of the object returned is not increased, so a caller should not unref the object or modify its content (e.g. by inserting to another compound object). The object `obj` should not be changed during the iteration process as well. `expand_values` flag speicifies whether `ucl_iterate_object` should expand keys with multiple values. The general rule is that if you need to iterate through the *object* or *explicit array*, then you always need to set this flag to `true`. However, if you get some key in the object and want to extract all its values then you should set `expand_values` to `false`. Mixing of iteration types is not permitted since the iterator is set according to the iteration type and cannot be reused. Here is an example of iteration over the objects using libucl API (assuming that `top` is `UCL_OBJECT` in this example):
-
-~~~C
-ucl_object_iter_t it = NULL, it_obj = NULL;
-const ucl_object_t *cur, *tmp;
-
-/* Iterate over the object */
-while ((obj = ucl_iterate_object (top, &it, true))) {
-	printf ("key: \"%s\"\n", ucl_object_key (obj));
-	/* Iterate over the values of a key */
-	while ((cur = ucl_iterate_object (obj, &it_obj, false))) {
-		printf ("value: \"%s\"\n", 
-			ucl_object_tostring_forced (cur));
-	}
-}
-~~~
-
-## Safe iterators API
-
-Safe iterators are defined to clarify iterating over UCL objects and simplify flattening of UCL objects in non-trivial cases.
-For example, if there is an implicit array that contains another array and a boolean value it is extremely unclear how to iterate over
-such an object. Safe iterators are desinged to define two sorts of iteration:
-
-1. Iteration over complex objects with expanding all values
-2. Iteration over complex objects without expanding of values
-
-The following example demonstrates the difference between these two types of iteration:
-
-~~~
-key = 1;
-key = [2, 3, 4];
-
-Iteration with expansion:
-
-1, 2, 3, 4
-
-Iteration without expansion:
-
-1, [2, 3, 4]
-~~~
-
-UCL defines the following functions to manage safe iterators:
-
-- `ucl_object_iterate_new` - creates new safe iterator
-- `ucl_object_iterate_reset` - resets iterator to a new object
-- `ucl_object_iterate_safe` - safely iterate the object inside iterator. Note: function may allocate and free memory during its operation. Therefore it returns `NULL` either while trying to access item after the last one or when exception (such as memory allocation failure) happens.
-- `ucl_object_iter_chk_excpn` -  check if the last call to `ucl_object_iterate_safe` ended up in unrecoverable exception (e.g. `ENOMEM`).
-- `ucl_object_iterate_free` - free memory associated with the safe iterator
-
-Please note that unlike unsafe iterators, safe iterators *must* be explicitly initialized and freed.
-An assert is likely generated if you use uninitialized or `NULL` iterator in all safe iterators functions.
-
-~~~C
-ucl_object_iter_t it;
-const ucl_object_t *cur;
-
-it = ucl_object_iterate_new (obj);
-
-while ((cur = ucl_object_iterate_safe (it, true)) != NULL) {
-	/* Do something */
-}
-/* Check error condition */
-if (ucl_object_iter_chk_excpn (it)) {
-    ucl_object_iterate_free (it);
-    exit (1);
-}
-
-/* Switch to another object */
-it = ucl_object_iterate_reset (it, another_obj);
-
-while ((cur = ucl_object_iterate_safe (it, true)) != NULL) {
-	/* Do something else */
-}
-/* Check error condition */
-if (ucl_object_iter_chk_excpn (it)) {
-    ucl_object_iterate_free (it);
-    exit (1);
-}
-
-ucl_object_iterate_free (it);
-~~~
-
-# Validation functions
-
-Currently, there is only one validation function called `ucl_object_validate`. It performs validation of object using the specified schema. This function is defined as following:
-
-## ucl_object_validate
-~~~C
-bool ucl_object_validate (const ucl_object_t *schema,
-	const ucl_object_t *obj, struct ucl_schema_error *err);
-~~~
-
-This function uses ucl object `schema`, that must be valid in terms of `json-schema` draft v4, to validate input object `obj`. If this function returns `true` then validation procedure has been succeed. Otherwise, `false` is returned and `err` is set to a specific value. If a caller sets `err` to NULL then this function does not set any error just returning `false`. Error is the structure defined as following:
-
-~~~C
-struct ucl_schema_error {
-	enum ucl_schema_error_code code;	/* error code */
-	char msg[128];				/* error message */
-	ucl_object_t *obj;			/* object where error occurred */
-};
-~~~
-
-Caller may use `code` field to get a numeric error code:
-
-~~~C
-enum ucl_schema_error_code {
-	UCL_SCHEMA_OK = 0,          /* no error */
-	UCL_SCHEMA_TYPE_MISMATCH,   /* type of object is incorrect */
-	UCL_SCHEMA_INVALID_SCHEMA,  /* schema is invalid */
-	UCL_SCHEMA_MISSING_PROPERTY,/* missing properties */
-	UCL_SCHEMA_CONSTRAINT,      /* constraint found */
-	UCL_SCHEMA_MISSING_DEPENDENCY, /* missing dependency */
-	UCL_SCHEMA_UNKNOWN          /* generic error */
-};
-~~~
-
-`msg` is a string description of an error and `obj` is an object where error has occurred. Error object is not allocated by libucl, so there is no need to free it after validation (a static object should thus be used).
diff --git a/contrib/libucl/doc/lua_api.md b/contrib/libucl/doc/lua_api.md
deleted file mode 100644
index 7da414903b01..000000000000
--- a/contrib/libucl/doc/lua_api.md
+++ /dev/null
@@ -1,196 +0,0 @@
-## Module `ucl`
-
-This lua module allows to parse objects from strings and to store data into
-ucl objects. It uses `libucl` C library to parse and manipulate with ucl objects.
-
-Example:
-
-~~~lua
-local ucl = require("ucl")
-
-local parser = ucl.parser()
-local res,err = parser:parse_string('{key=value}')
-
-if not res then
-	print('parser error: ' .. err)
-else
-	local obj = parser:get_object()
-	local got = ucl.to_format(obj, 'json')
-end
-
-local table = {
-  str = 'value',
-  num = 100500,
-  null = ucl.null,
-  func = function ()
-    return 'huh'
-  end
-}
-
-
-print(ucl.to_format(table, 'ucl'))
--- Output:
---[[
-num = 100500;
-str = "value";
-null = null;
-func = "huh";
---]]
-~~~
-
-###Brief content:
-
-**Functions**:
-
-> [`ucl_object_push_lua(L, obj, allow_array)`](#function-ucl_object_push_lual-obj-allow_array)
-
-> [`ucl.to_format(var, format)`](#function-uclto_formatvar-format)
-
-
-
-**Methods**:
-
-> [`parser:parse_file(name)`](#method-parserparse_filename)
-
-> [`parser:parse_string(input)`](#method-parserparse_stringinput)
-
-> [`parser:get_object()`](#method-parserget_object)
-
-
-## Functions
-
-The module `ucl` defines the following functions.
-
-### Function `ucl_object_push_lua(L, obj, allow_array)`
-
-This is a `C` function to push `UCL` object as lua variable. This function
-converts `obj` to lua representation using the following conversions:
-
-- *scalar* values are directly presented by lua objects
-- *userdata* values are converted to lua function objects using `LUA_REGISTRYINDEX`,
-this can be used to pass functions from lua to c and vice-versa
-- *arrays* are converted to lua tables with numeric indices suitable for `ipairs` iterations
-- *objects* are converted to lua tables with string indices
-
-**Parameters:**
-
-- `L {lua_State}`: lua state pointer
-- `obj {ucl_object_t}`: object to push
-- `allow_array {bool}`: expand implicit arrays (should be true for all but partial arrays)
-
-**Returns:**
-
-- `{int}`: `1` if an object is pushed to lua
-
-Back to [module description](#module-ucl).
-
-### Function `ucl.to_format(var, format)`
-
-Converts lua variable `var` to the specified `format`. Formats supported are:
-
-- `json` - fine printed json
-- `json-compact` - compacted json
-- `config` - fine printed configuration
-- `ucl` - same as `config`
-- `yaml` - embedded yaml
-
-If `var` contains function, they are called during output formatting and if
-they return string value, then this value is used for ouptut.
-
-**Parameters:**
-
-- `var {variant}`: any sort of lua variable (if userdata then metafield `__to_ucl` is searched for output)
-- `format {string}`: any available format
-
-**Returns:**
-
-- `{string}`: string representation of `var` in the specific `format`.
-
-Example:
-
-~~~lua
-local table = {
-  str = 'value',
-  num = 100500,
-  null = ucl.null,
-  func = function ()
-    return 'huh'
-  end
-}
-
-
-print(ucl.to_format(table, 'ucl'))
--- Output:
---[[
-num = 100500;
-str = "value";
-null = null;
-func = "huh";
---]]
-~~~
-
-Back to [module description](#module-ucl).
-
-
-## Methods
-
-The module `ucl` defines the following methods.
-
-### Method `parser:parse_file(name)`
-
-Parse UCL object from file.
-
-**Parameters:**
-
-- `name {string}`: filename to parse
-
-**Returns:**
-
-- `{bool[, string]}`: if res is `true` then file has been parsed successfully, otherwise an error string is also returned
-
-Example:
-
-~~~lua
-local parser = ucl.parser()
-local res,err = parser:parse_file('/some/file.conf')
-
-if not res then
-	print('parser error: ' .. err)
-else
-	-- Do something with object
-end
-~~~
-
-Back to [module description](#module-ucl).
-
-### Method `parser:parse_string(input)`
-
-Parse UCL object from file.
-
-**Parameters:**
-
-- `input {string}`: string to parse
-
-**Returns:**
-
-- `{bool[, string]}`: if res is `true` then file has been parsed successfully, otherwise an error string is also returned
-
-Back to [module description](#module-ucl).
-
-### Method `parser:get_object()`
-
-Get top object from parser and export it to lua representation.
-
-**Parameters:**
-
-	nothing
-
-**Returns:**
-
-- `{variant or nil}`: ucl object as lua native variable
-
-Back to [module description](#module-ucl).
-
-
-Back to [top](#).
-
diff --git a/contrib/libucl/doc/pandoc.template b/contrib/libucl/doc/pandoc.template
deleted file mode 100644
index 2effe1a157ef..000000000000
--- a/contrib/libucl/doc/pandoc.template
+++ /dev/null
@@ -1,12 +0,0 @@
-% LIBUCL(3) Libucl manual
-% Vsevolod Stakhov <vsevolod@highsecure.ru>
-% %%date%%
-
-# Name
-
-**ucl_parser_new**, **ucl_parser_register_macro**, **ucl_parser_register_variable**, **ucl_parser_add_chunk**, **ucl_parser_add_string**, **ucl_parser_add_file**, **ucl_parser_get_object**, **ucl_parser_get_error**, **ucl_parser_free**, **ucl_pubkey_add**, **ucl_parser_set_filevars** - universal configuration library parser and utility functions
-
-# Library
-
-UCL library (libucl, -lucl)
-
diff --git a/contrib/libucl/examples/ucl_cpp.cc b/contrib/libucl/examples/ucl_cpp.cc
deleted file mode 100644
index 2d15d84a6c8d..000000000000
--- a/contrib/libucl/examples/ucl_cpp.cc
+++ /dev/null
@@ -1,26 +0,0 @@
-#include <iostream>
-#include <string>
-#include "ucl++.h"
-
-int main(int argc, char **argv)
-{
-	std::string input, err;
-
-	input.assign((std::istreambuf_iterator<char>(std::cin)),
-		std::istreambuf_iterator<char>());
-
-	auto obj = ucl::Ucl::parse(input, err);
-
-	if (obj) {
-		std::cout << obj.dump(UCL_EMIT_CONFIG) << std::endl;
-
-		for (const auto &o : obj) {
-			std::cout << o.dump(UCL_EMIT_CONFIG) << std::endl;
-		}
-	}
-	else {
-		std::cerr << "Error: " << err << std::endl;
-
-		return 1;
-	}
-}
diff --git a/contrib/libucl/haskell/hucl.hs b/contrib/libucl/haskell/hucl.hs
deleted file mode 100644
index 2dd3ac01e4c0..000000000000
--- a/contrib/libucl/haskell/hucl.hs
+++ /dev/null
@@ -1,123 +0,0 @@
-{-# LANGUAGE ForeignFunctionInterface #-}
-
--- an example UCL FFI module:
--- uses the Object Model from Messagepack to emit 
--- 
-
-module Data.UCL ( unpack ) where
-import Foreign.C
-import Foreign.Ptr
-import System.IO.Unsafe ( unsafePerformIO )
-import qualified Data.Text as T
-import qualified Data.Vector as V
-import qualified Data.MessagePack as MSG
-
-type ParserHandle = Ptr ()
-type UCLObjectHandle = Ptr ()
-type UCLIterHandle = Ptr ()
-type UCLEmitterType = CInt
-type ErrorString = String
-
-
-foreign import ccall "ucl_parser_new" ucl_parser_new :: CInt -> ParserHandle
-foreign import ccall "ucl_parser_add_string" ucl_parser_add_string :: ParserHandle -> CString -> CUInt -> IO Bool
-foreign import ccall "ucl_parser_add_file" ucl_parser_add_file :: ParserHandle -> CString -> IO Bool
-foreign import ccall "ucl_parser_get_object" ucl_parser_get_object :: ParserHandle -> UCLObjectHandle
-foreign import ccall "ucl_parser_get_error" ucl_parser_get_error :: ParserHandle -> CString
-
-foreign import ccall "ucl_object_iterate_new" ucl_object_iterate_new :: UCLObjectHandle -> UCLIterHandle
-foreign import ccall "ucl_object_iterate_safe" ucl_object_iterate_safe :: UCLIterHandle -> Bool -> UCLObjectHandle
-foreign import ccall "ucl_object_type" ucl_object_type :: UCLObjectHandle -> CUInt
-foreign import ccall "ucl_object_key" ucl_object_key :: UCLObjectHandle -> CString
-foreign import ccall "ucl_object_toint" ucl_object_toint :: UCLObjectHandle -> CInt
-foreign import ccall "ucl_object_todouble" ucl_object_todouble :: UCLObjectHandle -> CDouble
-foreign import ccall "ucl_object_tostring" ucl_object_tostring :: UCLObjectHandle -> CString
-foreign import ccall "ucl_object_toboolean" ucl_object_toboolean :: UCLObjectHandle -> Bool
-
-foreign import ccall "ucl_object_emit" ucl_object_emit :: UCLObjectHandle -> UCLEmitterType -> CString
-foreign import ccall "ucl_object_emit_len" ucl_object_emit_len :: UCLObjectHandle -> UCLEmitterType -> Ptr CSize -> IO CString
-
-type UCL_TYPE = CUInt
-ucl_OBJECT :: UCL_TYPE
-ucl_OBJECT = 0
-ucl_ARRAY :: UCL_TYPE
-ucl_ARRAY = 1
-ucl_INT :: UCL_TYPE
-ucl_INT = 2
-ucl_FLOAT :: UCL_TYPE
-ucl_FLOAT = 3
-ucl_STRING :: UCL_TYPE
-ucl_STRING = 4
-ucl_BOOLEAN :: UCL_TYPE
-ucl_BOOLEAN = 5
-ucl_TIME :: UCL_TYPE
-ucl_TIME = 6
-ucl_USERDATA :: UCL_TYPE
-ucl_USERDATA = 7
-ucl_NULL :: UCL_TYPE
-ucl_NULL = 8
-
-ucl_emit_json           :: UCLEmitterType
-ucl_emit_json         = 0 
-ucl_emit_json_compact   :: UCLEmitterType
-ucl_emit_json_compact = 1 :: UCLEmitterType
-ucl_emit_msgpack        :: UCLEmitterType
-ucl_emit_msgpack      = 4 :: UCLEmitterType
-
-ucl_parser_parse_string_pure :: String -> Either UCLObjectHandle ErrorString
-ucl_parser_parse_string_pure s = unsafePerformIO $ do
-    cs <- newCString s
-    let p = ucl_parser_new 0x4
-    didParse <- ucl_parser_add_string p cs (toEnum $ length s)
-    if didParse 
-    then return $ Left $ ucl_parser_get_object p
-    else Right <$> peekCString ( ucl_parser_get_error p)
-
-ucl_parser_add_file_pure :: String -> Either UCLObjectHandle ErrorString
-ucl_parser_add_file_pure s = unsafePerformIO $ do
-    cs <- newCString s
-    let p = ucl_parser_new 0x4
-    didParse <- ucl_parser_add_file p cs
-    if didParse 
-    then return $ Left $ ucl_parser_get_object p
-    else Right <$> peekCString ( ucl_parser_get_error p)
-
-unpack :: MSG.MessagePack a => String -> Either a ErrorString
-unpack s = case ucl_parser_parse_string_pure s of
-    (Right err) -> Right err
-    (Left obj)  -> case MSG.fromObject (ucl_to_msgpack_object obj) of
-        Nothing  -> Right "MessagePack fromObject Error" 
-        (Just a) -> Left a
-
-ucl_to_msgpack_object :: UCLObjectHandle -> MSG.Object
-ucl_to_msgpack_object o = toMsgPackObj (ucl_object_type o) o
-    where 
-        toMsgPackObj n obj
-            |n==ucl_OBJECT   = MSG.ObjectMap $ uclObjectToVector obj
-            |n==ucl_ARRAY    = MSG.ObjectArray undefined
-            |n==ucl_INT      = MSG.ObjectInt $ fromEnum $ ucl_object_toint obj
-            |n==ucl_FLOAT    = MSG.ObjectDouble $ realToFrac $ ucl_object_todouble obj
-            |n==ucl_STRING   = MSG.ObjectStr $ T.pack $ unsafePerformIO $ peekCString $ ucl_object_tostring obj
-            |n==ucl_BOOLEAN  = MSG.ObjectBool $ ucl_object_toboolean obj
-            |n==ucl_TIME     = error "time undefined"
-            |n==ucl_USERDATA = error "userdata undefined"
-            |n==ucl_NULL     = error "null undefined"
-            |otherwise = error "\"Unknown Type\" Error"
-
-uclObjectToVector :: UCLObjectHandle -> V.Vector (MSG.Object,MSG.Object)
-uclObjectToVector o = iterateObject (ucl_object_iterate_safe iter True ) iter V.empty
-    where 
-        iter = ucl_object_iterate_new o
-        iterateObject obj it vec = if ucl_object_type obj == ucl_NULL
-            then vec
-            else iterateObject (ucl_object_iterate_safe it True) it (V.snoc vec ( getUclKey obj , ucl_to_msgpack_object obj))
-        getUclKey obj = MSG.ObjectStr $ T.pack $ unsafePerformIO $ peekCString $ ucl_object_key obj
-
-uclArrayToVector :: UCLObjectHandle -> V.Vector MSG.Object
-uclArrayToVector o = iterateArray (ucl_object_iterate_safe iter True ) iter V.empty
-    where 
-        iter = ucl_object_iterate_new o
-        iterateArray obj it vec = if ucl_object_type obj == ucl_NULL
-            then vec
-            else iterateArray (ucl_object_iterate_safe it True) it (V.snoc vec (ucl_to_msgpack_object obj))
-
diff --git a/contrib/libucl/include/ucl.h b/contrib/libucl/include/ucl.h
index 39da2593648d..b8625b9fce2f 100644
--- a/contrib/libucl/include/ucl.h
+++ b/contrib/libucl/include/ucl.h
@@ -1411,13 +1411,13 @@ struct ucl_emitter_operations {
 		const ucl_object_t *obj, bool first, bool print_key);
 	/** Start ucl object */
 	void (*ucl_emitter_start_object) (struct ucl_emitter_context *ctx,
-		const ucl_object_t *obj, bool print_key);
+		const ucl_object_t *obj, bool first, bool print_key);
 	/** End ucl object */
 	void (*ucl_emitter_end_object) (struct ucl_emitter_context *ctx,
 		const ucl_object_t *obj);
 	/** Start ucl array */
 	void (*ucl_emitter_start_array) (struct ucl_emitter_context *ctx,
-		const ucl_object_t *obj, bool print_key);
+		const ucl_object_t *obj, bool first, bool print_key);
 	void (*ucl_emitter_end_array) (struct ucl_emitter_context *ctx,
 		const ucl_object_t *obj);
 };
diff --git a/contrib/libucl/libucl.pc b/contrib/libucl/libucl.pc
deleted file mode 100644
index 4878bebafcdd..000000000000
--- a/contrib/libucl/libucl.pc
+++ /dev/null
@@ -1,11 +0,0 @@
-prefix=/usr/local
-exec_prefix=${prefix}
-libdir=${exec_prefix}/lib
-includedir=${prefix}/include
-
-Name: LibUCL
-Description: Universal configuration library
-Version: 0.9.0
-Libs: -L${libdir} -lucl
-Libs.private:  
-Cflags: -I${includedir}/
diff --git a/contrib/libucl/libucl.pc.in b/contrib/libucl/libucl.pc.in
deleted file mode 100644
index 3433fa9d8b1c..000000000000
--- a/contrib/libucl/libucl.pc.in
+++ /dev/null
@@ -1,11 +0,0 @@
-prefix=@prefix@
-exec_prefix=@exec_prefix@
-libdir=@libdir@
-includedir=@includedir@
-
-Name: LibUCL
-Description: Universal configuration library
-Version: @UCL_VERSION@
-Libs: -L${libdir} -lucl
-Libs.private: @LIBS_EXTRA@ @LUA_LIB@
-Cflags: -I${includedir}/
diff --git a/contrib/libucl/lua/Makefile.am b/contrib/libucl/lua/Makefile.am
deleted file mode 100644
index 95beafbfc94e..000000000000
--- a/contrib/libucl/lua/Makefile.am
+++ /dev/null
@@ -1,26 +0,0 @@
-ucl_common_cflags=	-I$(top_srcdir)/src \
-			-I$(top_srcdir)/include \
-			-I$(top_srcdir)/uthash \
-			-Wall -W -Wno-unused-parameter -Wno-pointer-sign
-luaexec_LTLIBRARIES=	ucl.la
-ucl_la_SOURCES=	lua_ucl.c
-ucl_la_CFLAGS=	$(ucl_common_cflags) \
-					@LUA_INCLUDE@
-ucl_la_LDFLAGS = -module -export-dynamic -avoid-version
-ucl_la_LIBADD=	$(top_srcdir)/src/libucl.la \
-					@LIBFETCH_LIBS@ \
-					@LIBCRYPTO_LIB@ \
-					@LIBREGEX_LIB@ \
-					@CURL_LIBS@ \
-					@LUA_LIB@
-
-include_HEADERS=	$(top_srcdir)/include/lua_ucl.h
-
-ROCKSPEC = $(PACKAGE)-$(VERSION)-1.rockspec
-EXTRA_DIST = $(PACKAGE).rockspec.in \
-			test.lua
-DISTCLEANFILES = $(PACKAGE).rockspec
-
-$(ROCKSPEC): $(PACKAGE).rockspec dist
-	sed -e 's/@MD5@/'`$(MD5SUM) $(distdir).tar.gz | \
-	cut -d " " -f 1`'/g' < $(PACKAGE).rockspec > $@
\ No newline at end of file
diff --git a/contrib/libucl/lua/libucl.rockspec.in b/contrib/libucl/lua/libucl.rockspec.in
deleted file mode 100644
index 52f39176a7bd..000000000000
--- a/contrib/libucl/lua/libucl.rockspec.in
+++ /dev/null
@@ -1,26 +0,0 @@
-package="@PACKAGE@"
-version="@VERSION@-1"
-source = {
-  url = "https://github.com/downloads/vstakhov/@PACKAGE@/@PACKAGE@-@VERSION@.tar.gz",
-  md5 = "@MD5@",
-  dir = "@PACKAGE@-@VERSION@"
-}
-description = {
-  summary = "UCL - json like configuration language",
-  detailed = [[
-      UCL is heavily infused by nginx configuration as the example 
-      of a convenient configuration system. 
-      However, UCL is fully compatible with JSON format and is able 
-      to parse json files. 
-   ]],
-  homepage = "http://github.com/vstakhov/@PACKAGE@/",
-  license = ""
-}
-dependencies = {
-  "lua >= 5.1"
-}
-build = {
-  type = "command",
-  build_command = "LUA=$(LUA) CPPFLAGS=-I$(LUA_INCDIR) ./configure --prefix=$(PREFIX) --libdir=$(LIBDIR) --datadir=$(LUADIR) && make clean && make",
-  install_command = "make install"
-}
diff --git a/contrib/libucl/lua/lua_ucl.c b/contrib/libucl/lua/lua_ucl.c
index b34fd56878b8..1b3f9dfd111c 100644
--- a/contrib/libucl/lua/lua_ucl.c
+++ b/contrib/libucl/lua/lua_ucl.c
@@ -30,6 +30,8 @@
 #include "lua_ucl.h"
 #include <strings.h>
 
+#include "bootstrap.h"
+
 /***
  * @module ucl
  * This lua module allows to parse objects from strings and to store data into
@@ -82,6 +84,11 @@ static ucl_object_t* ucl_object_lua_fromelt (lua_State *L, int idx, ucl_string_f
 
 static void *ucl_null;
 
+struct _rspamd_lua_text {
+	const char *start;
+	unsigned int len;
+	unsigned int flags;
+};
 
 enum lua_ucl_push_flags {
 	LUA_UCL_DEFAULT_FLAGS = 0,
@@ -240,7 +247,7 @@ ucl_object_lua_push_scalar (lua_State *L, const ucl_object_t *obj,
 		lua_pushboolean (L, ucl_obj_toboolean (obj));
 		break;
 	case UCL_STRING:
-		lua_pushstring (L, ucl_obj_tostring (obj));
+		lua_pushlstring (L, ucl_obj_tostring (obj), obj->len);
 		break;
 	case UCL_INT:
 #if LUA_VERSION_NUM >= 501
@@ -401,7 +408,6 @@ ucl_object_lua_fromtable (lua_State *L, int idx, ucl_string_flags_t flags)
 
 	/* Table iterate */
 	if (is_array) {
-		int i;
 
 		if (!is_implicit) {
 			top = ucl_object_typed_new (UCL_ARRAY);
@@ -411,7 +417,7 @@ ucl_object_lua_fromtable (lua_State *L, int idx, ucl_string_flags_t flags)
 			top = NULL;
 		}
 
-		for (i = 1; i <= max; i ++) {
+		for (size_t i = 1; i <= max; i ++) {
 			lua_pushinteger (L, i);
 			lua_gettable (L, idx);
 
@@ -479,7 +485,16 @@ ucl_object_lua_fromelt (lua_State *L, int idx, ucl_string_flags_t flags)
 		str = lua_tolstring (L, idx, &sz);
 
 		if (str) {
-			obj = ucl_object_fromstring_common (str, sz, flags);
+			/*
+			 * ucl_object_fromstring_common has a `logic` to use strlen if sz is zero
+			 * which is totally broken...
+			 */
+			if (sz > 0) {
+				obj = ucl_object_fromstring_common(str, sz, flags);
+			}
+			else {
+				obj = ucl_object_fromstring_common("", sz, flags);
+			}
 		}
 		else {
 			obj = ucl_object_typed_new (UCL_NULL);
@@ -501,6 +516,24 @@ ucl_object_lua_fromelt (lua_State *L, int idx, ucl_string_flags_t flags)
 		if (lua_topointer (L, idx) == ucl_null) {
 			obj = ucl_object_typed_new (UCL_NULL);
 		}
+		else {
+			/* Assume it is a text like object */
+			struct _rspamd_lua_text *t = lua_touserdata (L, idx);
+
+			if (t) {
+				if (t->len >0) {
+					obj = ucl_object_fromstring_common(t->start, t->len, 0);
+				}
+				else {
+					obj = ucl_object_fromstring_common("", 0, 0);
+				}
+
+				/* Binary text */
+				if (t->flags & (1u << 5u)) {
+					obj->flags |= UCL_OBJECT_BINARY;
+				}
+			}
+		}
 		break;
 	case LUA_TTABLE:
 	case LUA_TFUNCTION:
@@ -556,10 +589,10 @@ ucl_object_lua_import (lua_State *L, int idx)
 	t = lua_type (L, idx);
 	switch (t) {
 	case LUA_TTABLE:
-		obj = ucl_object_lua_fromtable (L, idx, 0);
+		obj = ucl_object_lua_fromtable (L, idx, UCL_STRING_RAW);
 		break;
 	default:
-		obj = ucl_object_lua_fromelt (L, idx, 0);
+		obj = ucl_object_lua_fromelt (L, idx, UCL_STRING_RAW);
 		break;
 	}
 
@@ -584,10 +617,10 @@ ucl_object_lua_import_escape (lua_State *L, int idx)
 	t = lua_type (L, idx);
 	switch (t) {
 	case LUA_TTABLE:
-		obj = ucl_object_lua_fromtable (L, idx, UCL_STRING_RAW);
+		obj = ucl_object_lua_fromtable (L, idx, UCL_STRING_ESCAPE);
 		break;
 	default:
-		obj = ucl_object_lua_fromelt (L, idx, UCL_STRING_RAW);
+		obj = ucl_object_lua_fromelt (L, idx, UCL_STRING_ESCAPE);
 		break;
 	}
 
@@ -598,11 +631,12 @@ static int
 lua_ucl_to_string (lua_State *L, const ucl_object_t *obj, enum ucl_emitter type)
 {
 	unsigned char *result;
+	size_t outlen;
 
-	result = ucl_object_emit (obj, type);
+	result = ucl_object_emit_len (obj, type, &outlen);
 
 	if (result != NULL) {
-		lua_pushstring (L, (const char *)result);
+		lua_pushlstring (L, (const char *)result, outlen);
 		free (result);
 	}
 	else {
@@ -625,7 +659,6 @@ lua_ucl_parser_init (lua_State *L)
 	parser = ucl_parser_new (flags);
 	if (parser == NULL) {
 		lua_pushnil (L);
-		return 1;
 	}
 
 	pparser = lua_newuserdata (L, sizeof (parser));
@@ -834,12 +867,6 @@ lua_ucl_parser_parse_string (lua_State *L)
 	return ret;
 }
 
-struct _rspamd_lua_text {
-	const char *start;
-	unsigned int len;
-	unsigned int flags;
-};
-
 /***
  * @method parser:parse_text(input)
  * Parse UCL object from text object (Rspamd specific).
@@ -855,7 +882,24 @@ lua_ucl_parser_parse_text (lua_State *L)
 	int ret = 2;
 
 	parser = lua_ucl_parser_get (L, 1);
-	t = lua_touserdata (L, 2);
+
+	if (lua_type (L, 2) == LUA_TUSERDATA) {
+		t = lua_touserdata (L, 2);
+	}
+	else if (lua_type (L, 2) == LUA_TSTRING) {
+		const char *s;
+		size_t len;
+		static struct _rspamd_lua_text st_t;
+
+		s = lua_tolstring (L, 2, &len);
+		st_t.start = s;
+		st_t.len = len;
+
+		t = &st_t;
+	}
+	else {
+		return luaL_error(L, "invalid argument as input, expected userdata or a string");
+	}
 
 	if (lua_type (L, 3) == LUA_TSTRING) {
 		type = lua_ucl_str_to_parse_type (lua_tostring (L, 3));
@@ -1426,10 +1470,11 @@ lua_ucl_to_format (lua_State *L)
 				format = UCL_EMIT_YAML;
 			}
 			else if (strcasecmp (strtype, "config") == 0 ||
-				strcasecmp (strtype, "ucl") == 0) {
+					 strcasecmp (strtype, "ucl") == 0) {
 				format = UCL_EMIT_CONFIG;
 			}
-			else if (strcasecmp (strtype, "msgpack") == 0) {
+			else if (strcasecmp (strtype, "msgpack") == 0 ||
+					 strcasecmp (strtype, "messagepack") == 0) {
 				format = UCL_EMIT_MSGPACK;
 			}
 		}
@@ -1528,3 +1573,5 @@ ucl_object_toclosure (const ucl_object_t *obj)
 
 	return (struct ucl_lua_funcdata*)obj->value.ud;
 }
+
+FLUA_MODULE(ucl);
diff --git a/contrib/libucl/m4/ax_lua.m4 b/contrib/libucl/m4/ax_lua.m4
deleted file mode 100644
index f8e2fd4c85ce..000000000000
--- a/contrib/libucl/m4/ax_lua.m4
+++ /dev/null
@@ -1,664 +0,0 @@
-# ===========================================================================
-#          http://www.gnu.org/software/autoconf-archive/ax_lua.html
-# ===========================================================================
-#
-# SYNOPSIS
-#
-#   AX_PROG_LUA[([MINIMUM-VERSION], [TOO-BIG-VERSION], [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])]
-#   AX_LUA_HEADERS[([ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])]
-#   AX_LUA_LIBS[([ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])]
-#   AX_LUA_READLINE[([ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])]
-#
-# DESCRIPTION
-#
-#   Detect a Lua interpreter, optionally specifying a minimum and maximum
-#   version number. Set up important Lua paths, such as the directories in
-#   which to install scripts and modules (shared libraries).
-#
-#   Also detect Lua headers and libraries. The Lua version contained in the
-#   header is checked to match the Lua interpreter version exactly. When
-#   searching for Lua libraries, the version number is used as a suffix.
-#   This is done with the goal of supporting multiple Lua installs (5.1,
-#   5.2, and 5.3 side-by-side).
-#
-#   A note on compatibility with previous versions: This file has been
-#   mostly rewritten for serial 18. Most developers should be able to use
-#   these macros without needing to modify configure.ac. Care has been taken
-#   to preserve each macro's behavior, but there are some differences:
-#
-#   1) AX_WITH_LUA is deprecated; it now expands to the exact same thing as
-#   AX_PROG_LUA with no arguments.
-#
-#   2) AX_LUA_HEADERS now checks that the version number defined in lua.h
-#   matches the interpreter version. AX_LUA_HEADERS_VERSION is therefore
-#   unnecessary, so it is deprecated and does not expand to anything.
-#
-#   3) The configure flag --with-lua-suffix no longer exists; the user
-#   should instead specify the LUA precious variable on the command line.
-#   See the AX_PROG_LUA description for details.
-#
-#   Please read the macro descriptions below for more information.
-#
-#   This file was inspired by Andrew Dalke's and James Henstridge's
-#   python.m4 and Tom Payne's, Matthieu Moy's, and Reuben Thomas's ax_lua.m4
-#   (serial 17). Basically, this file is a mash-up of those two files. I
-#   like to think it combines the best of the two!
-#
-#   AX_PROG_LUA: Search for the Lua interpreter, and set up important Lua
-#   paths. Adds precious variable LUA, which may contain the path of the Lua
-#   interpreter. If LUA is blank, the user's path is searched for an
-#   suitable interpreter.
-#
-#   If MINIMUM-VERSION is supplied, then only Lua interpreters with a
-#   version number greater or equal to MINIMUM-VERSION will be accepted. If
-#   TOO-BIG-VERSION is also supplied, then only Lua interpreters with a
-#   version number greater or equal to MINIMUM-VERSION and less than
-#   TOO-BIG-VERSION will be accepted.
-#
-#   The Lua version number, LUA_VERSION, is found from the interpreter, and
-#   substituted. LUA_PLATFORM is also found, but not currently supported (no
-#   standard representation).
-#
-#   Finally, the macro finds four paths:
-#
-#     luadir             Directory to install Lua scripts.
-#     pkgluadir          $luadir/$PACKAGE
-#     luaexecdir         Directory to install Lua modules.
-#     pkgluaexecdir      $luaexecdir/$PACKAGE
-#
-#   These paths are found based on $prefix, $exec_prefix, Lua's
-#   package.path, and package.cpath. The first path of package.path
-#   beginning with $prefix is selected as luadir. The first path of
-#   package.cpath beginning with $exec_prefix is used as luaexecdir. This
-#   should work on all reasonable Lua installations. If a path cannot be
-#   determined, a default path is used. Of course, the user can override
-#   these later when invoking make.
-#
-#     luadir             Default: $prefix/share/lua/$LUA_VERSION
-#     luaexecdir         Default: $exec_prefix/lib/lua/$LUA_VERSION
-#
-#   These directories can be used by Automake as install destinations. The
-#   variable name minus 'dir' needs to be used as a prefix to the
-#   appropriate Automake primary, e.g. lua_SCRIPS or luaexec_LIBRARIES.
-#
-#   If an acceptable Lua interpreter is found, then ACTION-IF-FOUND is
-#   performed, otherwise ACTION-IF-NOT-FOUND is preformed. If ACTION-IF-NOT-
-#   FOUND is blank, then it will default to printing an error. To prevent
-#   the default behavior, give ':' as an action.
-#
-#   AX_LUA_HEADERS: Search for Lua headers. Requires that AX_PROG_LUA be
-#   expanded before this macro. Adds precious variable LUA_INCLUDE, which
-#   may contain Lua specific include flags, e.g. -I/usr/include/lua5.1. If
-#   LUA_INCLUDE is blank, then this macro will attempt to find suitable
-#   flags.
-#
-#   LUA_INCLUDE can be used by Automake to compile Lua modules or
-#   executables with embedded interpreters. The *_CPPFLAGS variables should
-#   be used for this purpose, e.g. myprog_CPPFLAGS = $(LUA_INCLUDE).
-#
-#   This macro searches for the header lua.h (and others). The search is
-#   performed with a combination of CPPFLAGS, CPATH, etc, and LUA_INCLUDE.
-#   If the search is unsuccessful, then some common directories are tried.
-#   If the headers are then found, then LUA_INCLUDE is set accordingly.
-#
-#   The paths automatically searched are:
-#
-#     * /usr/include/luaX.Y
-#     * /usr/include/lua/X.Y
-#     * /usr/include/luaXY
-#     * /usr/local/include/luaX.Y
-#     * /usr/local/include/lua-X.Y
-#     * /usr/local/include/lua/X.Y
-#     * /usr/local/include/luaXY
-#
-#   (Where X.Y is the Lua version number, e.g. 5.1.)
-#
-#   The Lua version number found in the headers is always checked to match
-#   the Lua interpreter's version number. Lua headers with mismatched
-#   version numbers are not accepted.
-#
-#   If headers are found, then ACTION-IF-FOUND is performed, otherwise
-#   ACTION-IF-NOT-FOUND is performed. If ACTION-IF-NOT-FOUND is blank, then
-#   it will default to printing an error. To prevent the default behavior,
-#   set the action to ':'.
-#
-#   AX_LUA_LIBS: Search for Lua libraries. Requires that AX_PROG_LUA be
-#   expanded before this macro. Adds precious variable LUA_LIB, which may
-#   contain Lua specific linker flags, e.g. -llua5.1. If LUA_LIB is blank,
-#   then this macro will attempt to find suitable flags.
-#
-#   LUA_LIB can be used by Automake to link Lua modules or executables with
-#   embedded interpreters. The *_LIBADD and *_LDADD variables should be used
-#   for this purpose, e.g. mymod_LIBADD = $(LUA_LIB).
-#
-#   This macro searches for the Lua library. More technically, it searches
-#   for a library containing the function lua_load. The search is performed
-#   with a combination of LIBS, LIBRARY_PATH, and LUA_LIB.
-#
-#   If the search determines that some linker flags are missing, then those
-#   flags will be added to LUA_LIB.
-#
-#   If libraries are found, then ACTION-IF-FOUND is performed, otherwise
-#   ACTION-IF-NOT-FOUND is performed. If ACTION-IF-NOT-FOUND is blank, then
-#   it will default to printing an error. To prevent the default behavior,
-#   set the action to ':'.
-#
-#   AX_LUA_READLINE: Search for readline headers and libraries. Requires the
-#   AX_LIB_READLINE macro, which is provided by ax_lib_readline.m4 from the
-#   Autoconf Archive.
-#
-#   If a readline compatible library is found, then ACTION-IF-FOUND is
-#   performed, otherwise ACTION-IF-NOT-FOUND is performed.
-#
-# LICENSE
-#
-#   Copyright (c) 2015 Reuben Thomas <rrt@sc3d.org>
-#   Copyright (c) 2014 Tim Perkins <tprk77@gmail.com>
-#
-#   This program is free software: you can redistribute it and/or modify it
-#   under the terms of the GNU General Public License as published by the
-#   Free Software Foundation, either version 3 of the License, or (at your
-#   option) any later version.
-#
-#   This program is distributed in the hope that it will be useful, but
-#   WITHOUT ANY WARRANTY; without even the implied warranty of
-#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
-#   Public License for more details.
-#
-#   You should have received a copy of the GNU General Public License along
-#   with this program. If not, see <http://www.gnu.org/licenses/>.
-#
-#   As a special exception, the respective Autoconf Macro's copyright owner
-#   gives unlimited permission to copy, distribute and modify the configure
-#   scripts that are the output of Autoconf when processing the Macro. You
-#   need not follow the terms of the GNU General Public License when using
-#   or distributing such scripts, even though portions of the text of the
-#   Macro appear in them. The GNU General Public License (GPL) does govern
-#   all other use of the material that constitutes the Autoconf Macro.
-#
-#   This special exception to the GPL applies to versions of the Autoconf
-#   Macro released by the Autoconf Archive. When you make and distribute a
-#   modified version of the Autoconf Macro, you may extend this special
-#   exception to the GPL to apply to your modified version as well.
-
-#serial 39
-
-dnl =========================================================================
-dnl AX_PROG_LUA([MINIMUM-VERSION], [TOO-BIG-VERSION],
-dnl             [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
-dnl =========================================================================
-AC_DEFUN([AX_PROG_LUA],
-[
-  dnl Check for required tools.
-  AC_REQUIRE([AC_PROG_GREP])
-  AC_REQUIRE([AC_PROG_SED])
-
-  dnl Make LUA a precious variable.
-  AC_ARG_VAR([LUA], [The Lua interpreter, e.g. /usr/bin/lua5.1])
-
-  dnl Find a Lua interpreter.
-  m4_define_default([_AX_LUA_INTERPRETER_LIST],
-    [lua lua5.3 lua53 lua5.2 lua52 lua5.1 lua51 lua50])
-
-  m4_if([$1], [],
-  [ dnl No version check is needed. Find any Lua interpreter.
-    AS_IF([test "x$LUA" = 'x'],
-      [AC_PATH_PROGS([LUA], [_AX_LUA_INTERPRETER_LIST], [:])])
-    ax_display_LUA='lua'
-
-    AS_IF([test "x$LUA" != 'x:'],
-      [ dnl At least check if this is a Lua interpreter.
-        AC_MSG_CHECKING([if $LUA is a Lua interpreter])
-        _AX_LUA_CHK_IS_INTRP([$LUA],
-          [AC_MSG_RESULT([yes])],
-          [ AC_MSG_RESULT([no])
-            AC_MSG_ERROR([not a Lua interpreter])
-          ])
-      ])
-  ],
-  [ dnl A version check is needed.
-    AS_IF([test "x$LUA" != 'x'],
-    [ dnl Check if this is a Lua interpreter.
-      AC_MSG_CHECKING([if $LUA is a Lua interpreter])
-      _AX_LUA_CHK_IS_INTRP([$LUA],
-        [AC_MSG_RESULT([yes])],
-        [ AC_MSG_RESULT([no])
-          AC_MSG_ERROR([not a Lua interpreter])
-        ])
-      dnl Check the version.
-      m4_if([$2], [],
-        [_ax_check_text="whether $LUA version >= $1"],
-        [_ax_check_text="whether $LUA version >= $1, < $2"])
-      AC_MSG_CHECKING([$_ax_check_text])
-      _AX_LUA_CHK_VER([$LUA], [$1], [$2],
-        [AC_MSG_RESULT([yes])],
-        [ AC_MSG_RESULT([no])
-          AC_MSG_ERROR([version is out of range for specified LUA])])
-      ax_display_LUA=$LUA
-    ],
-    [ dnl Try each interpreter until we find one that satisfies VERSION.
-      m4_if([$2], [],
-        [_ax_check_text="for a Lua interpreter with version >= $1"],
-        [_ax_check_text="for a Lua interpreter with version >= $1, < $2"])
-      AC_CACHE_CHECK([$_ax_check_text],
-        [ax_cv_pathless_LUA],
-        [ for ax_cv_pathless_LUA in _AX_LUA_INTERPRETER_LIST none; do
-            test "x$ax_cv_pathless_LUA" = 'xnone' && break
-            _AX_LUA_CHK_IS_INTRP([$ax_cv_pathless_LUA], [], [continue])
-            _AX_LUA_CHK_VER([$ax_cv_pathless_LUA], [$1], [$2], [break])
-          done
-        ])
-      dnl Set $LUA to the absolute path of $ax_cv_pathless_LUA.
-      AS_IF([test "x$ax_cv_pathless_LUA" = 'xnone'],
-        [LUA=':'],
-        [AC_PATH_PROG([LUA], [$ax_cv_pathless_LUA])])
-      ax_display_LUA=$ax_cv_pathless_LUA
-    ])
-  ])
-
-  AS_IF([test "x$LUA" = 'x:'],
-  [ dnl Run any user-specified action, or abort.
-    m4_default([$4], [AC_MSG_ERROR([cannot find suitable Lua interpreter])])
-  ],
-  [ dnl Query Lua for its version number.
-    AC_CACHE_CHECK([for $ax_display_LUA version],
-      [ax_cv_lua_version],
-      [ dnl Get the interpreter version in X.Y format. This should work for
-        dnl interpreters version 5.0 and beyond.
-        ax_cv_lua_version=[`$LUA -e '
-          -- return a version number in X.Y format
-          local _, _, ver = string.find(_VERSION, "^Lua (%d+%.%d+)")
-          print(ver)'`]
-      ])
-    AS_IF([test "x$ax_cv_lua_version" = 'x'],
-      [AC_MSG_ERROR([invalid Lua version number])])
-    AC_SUBST([LUA_VERSION], [$ax_cv_lua_version])
-    AC_SUBST([LUA_SHORT_VERSION], [`echo "$LUA_VERSION" | $SED 's|\.||'`])
-
-    dnl The following check is not supported:
-    dnl At times (like when building shared libraries) you may want to know
-    dnl which OS platform Lua thinks this is.
-    AC_CACHE_CHECK([for $ax_display_LUA platform],
-      [ax_cv_lua_platform],
-      [ax_cv_lua_platform=[`$LUA -e 'print("unknown")'`]])
-    AC_SUBST([LUA_PLATFORM], [$ax_cv_lua_platform])
-
-    dnl Use the values of $prefix and $exec_prefix for the corresponding
-    dnl values of LUA_PREFIX and LUA_EXEC_PREFIX. These are made distinct
-    dnl variables so they can be overridden if need be. However, the general
-    dnl consensus is that you shouldn't need this ability.
-    AC_SUBST([LUA_PREFIX], ['${prefix}'])
-    AC_SUBST([LUA_EXEC_PREFIX], ['${exec_prefix}'])
-
-    dnl Lua provides no way to query the script directory, and instead
-    dnl provides LUA_PATH. However, we should be able to make a safe educated
-    dnl guess. If the built-in search path contains a directory which is
-    dnl prefixed by $prefix, then we can store scripts there. The first
-    dnl matching path will be used.
-    AC_CACHE_CHECK([for $ax_display_LUA script directory],
-      [ax_cv_lua_luadir],
-      [ AS_IF([test "x$prefix" = 'xNONE'],
-          [ax_lua_prefix=$ac_default_prefix],
-          [ax_lua_prefix=$prefix])
-
-        dnl Initialize to the default path.
-        ax_cv_lua_luadir="$LUA_PREFIX/share/lua/$LUA_VERSION"
-
-        dnl Try to find a path with the prefix.
-        _AX_LUA_FND_PRFX_PTH([$LUA], [$ax_lua_prefix], [script])
-        AS_IF([test "x$ax_lua_prefixed_path" != 'x'],
-        [ dnl Fix the prefix.
-          _ax_strip_prefix=`echo "$ax_lua_prefix" | $SED 's|.|.|g'`
-          ax_cv_lua_luadir=`echo "$ax_lua_prefixed_path" | \
-            $SED "s|^$_ax_strip_prefix|$LUA_PREFIX|"`
-        ])
-      ])
-    AC_SUBST([luadir], [$ax_cv_lua_luadir])
-    AC_SUBST([pkgluadir], [\${luadir}/$PACKAGE])
-
-    dnl Lua provides no way to query the module directory, and instead
-    dnl provides LUA_PATH. However, we should be able to make a safe educated
-    dnl guess. If the built-in search path contains a directory which is
-    dnl prefixed by $exec_prefix, then we can store modules there. The first
-    dnl matching path will be used.
-    AC_CACHE_CHECK([for $ax_display_LUA module directory],
-      [ax_cv_lua_luaexecdir],
-      [ AS_IF([test "x$exec_prefix" = 'xNONE'],
-          [ax_lua_exec_prefix=$ax_lua_prefix],
-          [ax_lua_exec_prefix=$exec_prefix])
-
-        dnl Initialize to the default path.
-        ax_cv_lua_luaexecdir="$LUA_EXEC_PREFIX/lib/lua/$LUA_VERSION"
-
-        dnl Try to find a path with the prefix.
-        _AX_LUA_FND_PRFX_PTH([$LUA],
-          [$ax_lua_exec_prefix], [module])
-        AS_IF([test "x$ax_lua_prefixed_path" != 'x'],
-        [ dnl Fix the prefix.
-          _ax_strip_prefix=`echo "$ax_lua_exec_prefix" | $SED 's|.|.|g'`
-          ax_cv_lua_luaexecdir=`echo "$ax_lua_prefixed_path" | \
-            $SED "s|^$_ax_strip_prefix|$LUA_EXEC_PREFIX|"`
-        ])
-      ])
-    AC_SUBST([luaexecdir], [$ax_cv_lua_luaexecdir])
-    AC_SUBST([pkgluaexecdir], [\${luaexecdir}/$PACKAGE])
-
-    dnl Run any user specified action.
-    $3
-  ])
-])
-
-dnl AX_WITH_LUA is now the same thing as AX_PROG_LUA.
-AC_DEFUN([AX_WITH_LUA],
-[
-  AC_MSG_WARN([[$0 is deprecated, please use AX_PROG_LUA instead]])
-  AX_PROG_LUA
-])
-
-
-dnl =========================================================================
-dnl _AX_LUA_CHK_IS_INTRP(PROG, [ACTION-IF-TRUE], [ACTION-IF-FALSE])
-dnl =========================================================================
-AC_DEFUN([_AX_LUA_CHK_IS_INTRP],
-[
-  dnl A minimal Lua factorial to prove this is an interpreter. This should work
-  dnl for Lua interpreters version 5.0 and beyond.
-  _ax_lua_factorial=[`$1 2>/dev/null -e '
-    -- a simple factorial
-    function fact (n)
-      if n == 0 then
-        return 1
-      else
-        return n * fact(n-1)
-      end
-    end
-    print("fact(5) is " .. fact(5))'`]
-  AS_IF([test "$_ax_lua_factorial" = 'fact(5) is 120'],
-    [$2], [$3])
-])
-
-
-dnl =========================================================================
-dnl _AX_LUA_CHK_VER(PROG, MINIMUM-VERSION, [TOO-BIG-VERSION],
-dnl                 [ACTION-IF-TRUE], [ACTION-IF-FALSE])
-dnl =========================================================================
-AC_DEFUN([_AX_LUA_CHK_VER],
-[
-  dnl Check that the Lua version is within the bounds. Only the major and minor
-  dnl version numbers are considered. This should work for Lua interpreters
-  dnl version 5.0 and beyond.
-  _ax_lua_good_version=[`$1 -e '
-    -- a script to compare versions
-    function verstr2num(verstr)
-      local _, _, majorver, minorver = string.find(verstr, "^(%d+)%.(%d+)")
-      if majorver and minorver then
-        return tonumber(majorver) * 100 + tonumber(minorver)
-      end
-    end
-    local minver = verstr2num("$2")
-    local _, _, trimver = string.find(_VERSION, "^Lua (.*)")
-    local ver = verstr2num(trimver)
-    local maxver = verstr2num("$3") or 1e9
-    if minver <= ver and ver < maxver then
-      print("yes")
-    else
-      print("no")
-    end'`]
-    AS_IF([test "x$_ax_lua_good_version" = "xyes"],
-      [$4], [$5])
-])
-
-
-dnl =========================================================================
-dnl _AX_LUA_FND_PRFX_PTH(PROG, PREFIX, SCRIPT-OR-MODULE-DIR)
-dnl =========================================================================
-AC_DEFUN([_AX_LUA_FND_PRFX_PTH],
-[
-  dnl Get the script or module directory by querying the Lua interpreter,
-  dnl filtering on the given prefix, and selecting the shallowest path. If no
-  dnl path is found matching the prefix, the result will be an empty string.
-  dnl The third argument determines the type of search, it can be 'script' or
-  dnl 'module'. Supplying 'script' will perform the search with package.path
-  dnl and LUA_PATH, and supplying 'module' will search with package.cpath and
-  dnl LUA_CPATH. This is done for compatibility with Lua 5.0.
-
-  ax_lua_prefixed_path=[`$1 -e '
-    -- get the path based on search type
-    local searchtype = "$3"
-    local paths = ""
-    if searchtype == "script" then
-      paths = (package and package.path) or LUA_PATH
-    elseif searchtype == "module" then
-      paths = (package and package.cpath) or LUA_CPATH
-    end
-    -- search for the prefix
-    local prefix = "'$2'"
-    local minpath = ""
-    local mindepth = 1e9
-    string.gsub(paths, "(@<:@^;@:>@+)",
-      function (path)
-        path = string.gsub(path, "%?.*$", "")
-        path = string.gsub(path, "/@<:@^/@:>@*$", "")
-        if string.find(path, prefix) then
-          local depth = string.len(string.gsub(path, "@<:@^/@:>@", ""))
-          if depth < mindepth then
-            minpath = path
-            mindepth = depth
-          end
-        end
-      end)
-    print(minpath)'`]
-])
-
-
-dnl =========================================================================
-dnl AX_LUA_HEADERS([ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
-dnl =========================================================================
-AC_DEFUN([AX_LUA_HEADERS],
-[
-  dnl Check for LUA_VERSION.
-  AC_MSG_CHECKING([if LUA_VERSION is defined])
-  AS_IF([test "x$LUA_VERSION" != 'x'],
-    [AC_MSG_RESULT([yes])],
-    [ AC_MSG_RESULT([no])
-      AC_MSG_ERROR([cannot check Lua headers without knowing LUA_VERSION])
-    ])
-
-  dnl Make LUA_INCLUDE a precious variable.
-  AC_ARG_VAR([LUA_INCLUDE], [The Lua includes, e.g. -I/usr/include/lua5.1])
-
-  dnl Some default directories to search.
-  LUA_SHORT_VERSION=`echo "$LUA_VERSION" | $SED 's|\.||'`
-  m4_define_default([_AX_LUA_INCLUDE_LIST],
-    [ /usr/include/lua$LUA_VERSION \
-      /usr/include/lua-$LUA_VERSION \
-      /usr/include/lua/$LUA_VERSION \
-      /usr/include/lua$LUA_SHORT_VERSION \
-      /usr/local/include/lua$LUA_VERSION \
-      /usr/local/include/lua-$LUA_VERSION \
-      /usr/local/include/lua/$LUA_VERSION \
-      /usr/local/include/lua$LUA_SHORT_VERSION \
-    ])
-
-  dnl Try to find the headers.
-  _ax_lua_saved_cppflags=$CPPFLAGS
-  CPPFLAGS="$CPPFLAGS $LUA_INCLUDE"
-  AC_CHECK_HEADERS([lua.h lualib.h lauxlib.h luaconf.h])
-  CPPFLAGS=$_ax_lua_saved_cppflags
-
-  dnl Try some other directories if LUA_INCLUDE was not set.
-  AS_IF([test "x$LUA_INCLUDE" = 'x' &&
-         test "x$ac_cv_header_lua_h" != 'xyes'],
-    [ dnl Try some common include paths.
-      for _ax_include_path in _AX_LUA_INCLUDE_LIST; do
-        test ! -d "$_ax_include_path" && continue
-
-        AC_MSG_CHECKING([for Lua headers in])
-        AC_MSG_RESULT([$_ax_include_path])
-
-        AS_UNSET([ac_cv_header_lua_h])
-        AS_UNSET([ac_cv_header_lualib_h])
-        AS_UNSET([ac_cv_header_lauxlib_h])
-        AS_UNSET([ac_cv_header_luaconf_h])
-
-        _ax_lua_saved_cppflags=$CPPFLAGS
-        CPPFLAGS="$CPPFLAGS -I$_ax_include_path"
-        AC_CHECK_HEADERS([lua.h lualib.h lauxlib.h luaconf.h])
-        CPPFLAGS=$_ax_lua_saved_cppflags
-
-        AS_IF([test "x$ac_cv_header_lua_h" = 'xyes'],
-          [ LUA_INCLUDE="-I$_ax_include_path"
-            break
-          ])
-      done
-    ])
-
-  AS_IF([test "x$ac_cv_header_lua_h" = 'xyes'],
-    [ dnl Make a program to print LUA_VERSION defined in the header.
-      dnl TODO It would be really nice if we could do this without compiling a
-      dnl program, then it would work when cross compiling. But I'm not sure how
-      dnl to do this reliably. For now, assume versions match when cross compiling.
-
-      AS_IF([test "x$cross_compiling" != 'xyes'],
-        [ AC_CACHE_CHECK([for Lua header version],
-            [ax_cv_lua_header_version],
-            [ _ax_lua_saved_cppflags=$CPPFLAGS
-              CPPFLAGS="$CPPFLAGS $LUA_INCLUDE"
-              AC_RUN_IFELSE(
-                [ AC_LANG_SOURCE([[
-#include <lua.h>
-#include <stdlib.h>
-#include <stdio.h>
-int main(int argc, char ** argv)
-{
-  if(argc > 1) printf("%s", LUA_VERSION);
-  exit(EXIT_SUCCESS);
-}
-]])
-                ],
-                [ ax_cv_lua_header_version=`./conftest$EXEEXT p | \
-                    $SED -n "s|^Lua \(@<:@0-9@:>@\{1,\}\.@<:@0-9@:>@\{1,\}\).\{0,\}|\1|p"`
-                ],
-                [ax_cv_lua_header_version='unknown'])
-              CPPFLAGS=$_ax_lua_saved_cppflags
-            ])
-
-          dnl Compare this to the previously found LUA_VERSION.
-          AC_MSG_CHECKING([if Lua header version matches $LUA_VERSION])
-          AS_IF([test "x$ax_cv_lua_header_version" = "x$LUA_VERSION"],
-            [ AC_MSG_RESULT([yes])
-              ax_header_version_match='yes'
-            ],
-            [ AC_MSG_RESULT([no])
-              ax_header_version_match='no'
-            ])
-        ],
-        [ AC_MSG_WARN([cross compiling so assuming header version number matches])
-          ax_header_version_match='yes'
-        ])
-    ])
-
-  dnl Was LUA_INCLUDE specified?
-  AS_IF([test "x$ax_header_version_match" != 'xyes' &&
-         test "x$LUA_INCLUDE" != 'x'],
-    [AC_MSG_ERROR([cannot find headers for specified LUA_INCLUDE])])
-
-  dnl Test the final result and run user code.
-  AS_IF([test "x$ax_header_version_match" = 'xyes'], [$1],
-    [m4_default([$2], [AC_MSG_ERROR([cannot find Lua includes])])])
-])
-
-dnl AX_LUA_HEADERS_VERSION no longer exists, use AX_LUA_HEADERS.
-AC_DEFUN([AX_LUA_HEADERS_VERSION],
-[
-  AC_MSG_WARN([[$0 is deprecated, please use AX_LUA_HEADERS instead]])
-])
-
-
-dnl =========================================================================
-dnl AX_LUA_LIBS([ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
-dnl =========================================================================
-AC_DEFUN([AX_LUA_LIBS],
-[
-  dnl TODO Should this macro also check various -L flags?
-
-  dnl Check for LUA_VERSION.
-  AC_MSG_CHECKING([if LUA_VERSION is defined])
-  AS_IF([test "x$LUA_VERSION" != 'x'],
-    [AC_MSG_RESULT([yes])],
-    [ AC_MSG_RESULT([no])
-      AC_MSG_ERROR([cannot check Lua libs without knowing LUA_VERSION])
-    ])
-
-  dnl Make LUA_LIB a precious variable.
-  AC_ARG_VAR([LUA_LIB], [The Lua library, e.g. -llua5.1])
-
-  AS_IF([test "x$LUA_LIB" != 'x'],
-  [ dnl Check that LUA_LIBS works.
-    _ax_lua_saved_libs=$LIBS
-    LIBS="$LUA_LIB $LIBS"
-    AC_SEARCH_LIBS([lua_load], [],
-      [_ax_found_lua_libs='yes'],
-      [_ax_found_lua_libs='no'])
-    LIBS=$_ax_lua_saved_libs
-
-    dnl Check the result.
-    AS_IF([test "x$_ax_found_lua_libs" != 'xyes'],
-      [AC_MSG_ERROR([cannot find libs for specified LUA_LIB])])
-  ],
-  [ dnl First search for extra libs.
-    _ax_lua_extra_libs=''
-
-    _ax_lua_saved_libs=$LIBS
-    LIBS="$LUA_LIB $LIBS"
-    AC_SEARCH_LIBS([exp], [m])
-    AC_SEARCH_LIBS([dlopen], [dl])
-    LIBS=$_ax_lua_saved_libs
-
-    AS_IF([test "x$ac_cv_search_exp" != 'xno' &&
-           test "x$ac_cv_search_exp" != 'xnone required'],
-      [_ax_lua_extra_libs="$_ax_lua_extra_libs $ac_cv_search_exp"])
-
-    AS_IF([test "x$ac_cv_search_dlopen" != 'xno' &&
-           test "x$ac_cv_search_dlopen" != 'xnone required'],
-      [_ax_lua_extra_libs="$_ax_lua_extra_libs $ac_cv_search_dlopen"])
-
-    dnl Try to find the Lua libs.
-    _ax_lua_saved_libs=$LIBS
-    LIBS="$LUA_LIB $LIBS"
-    AC_SEARCH_LIBS([lua_load],
-      [ lua$LUA_VERSION \
-        lua$LUA_SHORT_VERSION \
-        lua-$LUA_VERSION \
-        lua-$LUA_SHORT_VERSION \
-        lua \
-      ],
-      [_ax_found_lua_libs='yes'],
-      [_ax_found_lua_libs='no'],
-      [$_ax_lua_extra_libs])
-    LIBS=$_ax_lua_saved_libs
-
-    AS_IF([test "x$ac_cv_search_lua_load" != 'xno' &&
-           test "x$ac_cv_search_lua_load" != 'xnone required'],
-      [LUA_LIB="$ac_cv_search_lua_load $_ax_lua_extra_libs"])
-  ])
-
-  dnl Test the result and run user code.
-  AS_IF([test "x$_ax_found_lua_libs" = 'xyes'], [$1],
-    [m4_default([$2], [AC_MSG_ERROR([cannot find Lua libs])])])
-])
-
-
-dnl =========================================================================
-dnl AX_LUA_READLINE([ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
-dnl =========================================================================
-AC_DEFUN([AX_LUA_READLINE],
-[
-  AX_LIB_READLINE
-  AS_IF([test "x$ac_cv_header_readline_readline_h" != 'x' &&
-         test "x$ac_cv_header_readline_history_h" != 'x'],
-    [ LUA_LIBS_CFLAGS="-DLUA_USE_READLINE $LUA_LIBS_CFLAGS"
-      $1
-    ],
-    [$2])
-])
diff --git a/contrib/libucl/m4/gcov.m4 b/contrib/libucl/m4/gcov.m4
deleted file mode 100644
index a1359a0de64b..000000000000
--- a/contrib/libucl/m4/gcov.m4
+++ /dev/null
@@ -1,89 +0,0 @@
-# SYNOPSIS
-#
-#   Add code coverage support with gcov/lcov.
-#
-#   AX_CODE_COVERAGE()
-#
-# DESCRIPTION
-#
-#   Provides a --enable-coverage option which checks for available
-#   gcov/lcov binaries and provides ENABLE_CODE_COVERAGE conditional.
-#
-# LAST MODIFICATION
-#
-#   $Id: coverage.m4 40881 2013-08-20 17:54:39Z damon $
-#
-# COPYLEFT
-#
-#   Copyright (c) 2012 Roy H. Stogner <roystgnr@ices.utexas.edu>
-#   Copyright (c) 2010 Karl W. Schulz <karl@ices.utexas.edu>
-#
-#   Copying and distribution of this file, with or without modification, are
-#   permitted in any medium without royalty provided the copyright notice
-#   and this notice are preserved.
-
-AC_DEFUN([AX_CODE_COVERAGE],
-[
-
-AC_ARG_ENABLE(coverage, AC_HELP_STRING([--enable-coverage],[configure code coverage analysis tools]))
-
-HAVE_GCOV_TOOLS=0
-
-GCOV_FLAGS=""
-
-if test "x$enable_coverage" = "xyes"; then
-
-   # ----------------------------
-   # Check for gcov/lcov binaries
-   # ----------------------------
-
-   AC_ARG_VAR([GCOV], [Coverage testing command])
-   if test "x$GCOV" = "x"; then
-    AC_PATH_PROG(GCOV, gcov, no)
-   else
-    AC_PATH_PROG(GCOV, $GCOV, no)
-   fi
-
-   AC_PATH_PROG(LCOV, lcov, no)
-   AC_PATH_PROG(GENHTML, genhtml)
-
-   # ----------------------------------
-   # include coverage compiler options
-   # ----------------------------------
-   AC_MSG_CHECKING([for clang])
-
-   AC_COMPILE_IFELSE(
-   [AC_LANG_PROGRAM([], [[
- #ifndef __clang__
-   not clang
- #endif
- ]])],
- [CLANG=yes], [CLANG=no])
-
-   AC_MSG_RESULT([$CLANG])
-   HAVE_GCOV_TOOLS=1
-   COVERAGE_CFLAGS="-fprofile-arcs -ftest-coverage"
-   COVERAGE_LDFLAGS="--coverage -fprofile-arcs -ftest-coverage"
-   COVERAGE_OPTFLAGS="-O0"
-
-   # Test for C...
-   CFLAGS="${GCOV_FLAGS} ${CFLAGS}"
-   CXXFLAGS="${GCOV_FLAGS} ${CXXFLAGS}"
-   if test "x$GCC" = "xyes" -a "x$CLANG" = "xno"; then
-     COVERAGE_LIBS="-lgcov"
-   else
-     COVERAGE_LIBS=""
-   fi
-fi
-
-AC_SUBST([GCOV])
-AC_SUBST([LCOV])
-AC_SUBST([GENHTML])
-AC_SUBST([GENHTML_OPTIONS])
-AC_SUBST([COVERAGE_CFLAGS])
-AC_SUBST([COVERAGE_OPTFLAGS])
-AC_SUBST([COVERAGE_LDFLAGS])
-AC_SUBST([COVERAGE_LIBS])
-AM_CONDITIONAL(CODE_COVERAGE_ENABLED,test x$HAVE_GCOV_TOOLS = x1)
-
-])
diff --git a/contrib/libucl/python/MANIFEST.in b/contrib/libucl/python/MANIFEST.in
deleted file mode 100644
index 336a4b3a7a07..000000000000
--- a/contrib/libucl/python/MANIFEST.in
+++ /dev/null
@@ -1,5 +0,0 @@
-include COPYING
-recursive-include include *.h
-recursive-include src *.h
-recursive-include klib *.h
-recursive-include uthash *.h
diff --git a/contrib/libucl/python/setup.py b/contrib/libucl/python/setup.py
deleted file mode 100644
index 8da832bac381..000000000000
--- a/contrib/libucl/python/setup.py
+++ /dev/null
@@ -1,75 +0,0 @@
-try:
-    from setuptools import setup, Extension
-    # setuptools doesn't support template param for MANIFEST.in
-    from setuptools.command.egg_info import manifest_maker
-    manifest_maker.template = 'python/MANIFEST.in'
-except ImportError:
-    from distutils.core import setup, Extension
-
-import os
-import sys
-
-LIB_ROOT = os.path.abspath(os.path.join(__file__, os.pardir, os.pardir))  
-if os.getcwd() != LIB_ROOT:
-    os.chdir(LIB_ROOT)
-if LIB_ROOT not in sys.path:
-    sys.path.append(LIB_ROOT)
-
-tests_require = []
-
-if sys.version < '2.7':
-    tests_require.append('unittest2')
-
-uclmodule = Extension(
-    'ucl',
-    libraries=['ucl', 'curl'],
-    sources=['python/src/uclmodule.c'],
-    include_dirs=['include'],
-    language='c',
-)
-
-ucl_lib = {
-    'sources': ['src/' + fn for fn in os.listdir('src') if fn.endswith('.c')],
-    'include_dirs': ['include', 'src', 'uthash', 'klib'],
-    'macros': [('CURL_FOUND', '1')],
-}
-
-# sdist setup() will pull in the *.c files automatically, but not headers
-# MANIFEST.in will include the headers for sdist only
-template = 'python/MANIFEST.in'
-
-# distutils assume setup.py is in the root of the project
-# we need to include C source from the parent so trick it
-in_ucl_root = 'setup.py' in os.listdir('python')
-if in_ucl_root:
-    os.link('python/setup.py', 'setup.py')
-
-setup(
-    name = 'ucl',
-    version = '0.8.1',
-    description = 'ucl parser and emitter',
-    ext_modules = [uclmodule],
-    template=template, # no longer supported with setuptools but doesn't hurt
-    libraries = [('ucl', ucl_lib)],
-    test_suite = 'tests',
-    tests_require = tests_require,
-    author = "Eitan Adler, Denis Volpato Martins",
-    author_email = "lists@eitanadler.com",
-    url = "https://github.com/vstakhov/libucl/",
-    license = "MIT",
-    classifiers = [
-        "Development Status :: 3 - Alpha",
-        "Intended Audience :: Developers",
-        "License :: DFSG approved",
-        "License :: OSI Approved :: MIT License",
-        "Programming Language :: C",
-        "Programming Language :: Python :: 2",
-        "Programming Language :: Python :: 3",
-        "Programming Language :: Python :: Implementation :: CPython",
-        "Topic :: Software Development :: Libraries",
-    ]
-)
-
-# clean up the trick after the build
-if in_ucl_root:
-    os.unlink("setup.py")
diff --git a/contrib/libucl/python/src/uclmodule.c b/contrib/libucl/python/src/uclmodule.c
deleted file mode 100644
index d1051fbb0d12..000000000000
--- a/contrib/libucl/python/src/uclmodule.c
+++ /dev/null
@@ -1,335 +0,0 @@
-// Attempts to load a UCL structure from a string
-#include <ucl.h>
-#include <Python.h>
-
-static PyObject *SchemaError;
-
-static PyObject *
-_basic_ucl_type (ucl_object_t const *obj)
-{
-	switch (obj->type) {
-	case UCL_INT:
-		return Py_BuildValue ("L", (long long)ucl_object_toint (obj));
-	case UCL_FLOAT:
-		return Py_BuildValue ("d", ucl_object_todouble (obj));
-	case UCL_STRING:
-		return Py_BuildValue ("s", ucl_object_tostring (obj));
-	case UCL_BOOLEAN:
-		return PyBool_FromLong (ucl_object_toboolean (obj));
-	case UCL_TIME:
-		return Py_BuildValue ("d", ucl_object_todouble (obj));
-	case UCL_NULL:
-		Py_RETURN_NONE;
-	}
-	return NULL;
-}
-
-static PyObject *
-_iterate_valid_ucl (ucl_object_t const *obj)
-{
-	const ucl_object_t *tmp;
-	ucl_object_iter_t it = NULL;
-
-	tmp = obj;
-
-	while ((obj = ucl_object_iterate (tmp, &it, false))) {
-		PyObject *val;
-
-		val = _basic_ucl_type(obj);
-		if (!val) {
-			PyObject *key = NULL;
-
-			if (obj->key != NULL) {
-				key = Py_BuildValue("s", ucl_object_key(obj));
-			}
-
-			if (obj->type == UCL_OBJECT) {
-				const ucl_object_t *cur;
-				ucl_object_iter_t it_obj = NULL;
-
-				val = PyDict_New();
-
-				while ((cur = ucl_object_iterate (obj, &it_obj, true))) {
-					PyObject *keyobj = Py_BuildValue("s",ucl_object_key(cur));
-					PyDict_SetItem(val, keyobj, _iterate_valid_ucl(cur));
-				}
-			} else if (obj->type == UCL_ARRAY) {
-				const ucl_object_t *cur;
-				ucl_object_iter_t it_obj = NULL;
-
-				val = PyList_New(0);
-
-				while ((cur = ucl_object_iterate (obj, &it_obj, true))) {
-					PyList_Append(val, _iterate_valid_ucl(cur));
-				}
-			} else if (obj->type == UCL_USERDATA) {
-				// XXX: this should be
-				// PyBytes_FromStringAndSize; where is the
-				// length from?
-				val = PyBytes_FromString(obj->value.ud);
-			}
-		}
-		return val;
-	}
-
-	PyErr_SetString(PyExc_SystemError, "unhandled type");
-	return NULL;
-}
-
-static PyObject *
-_internal_load_ucl (char *uclstr)
-{
-	PyObject *ret;
-	struct ucl_parser *parser =
-	    ucl_parser_new (UCL_PARSER_NO_TIME|UCL_PARSER_NO_IMPLICIT_ARRAYS);
-	bool r = ucl_parser_add_string(parser, uclstr, 0);
-
-	if (r) {
-		if (ucl_parser_get_error (parser)) {
-			PyErr_SetString(PyExc_ValueError, ucl_parser_get_error(parser));
-			ucl_parser_free(parser);
-			ret = NULL;
-			goto return_with_parser;
-		} else {
-			ucl_object_t *uclobj = ucl_parser_get_object(parser);
-			ret = _iterate_valid_ucl(uclobj);
-			ucl_object_unref(uclobj);
-			goto return_with_parser;
-		}
-	}
-	else {
-		PyErr_SetString(PyExc_ValueError, ucl_parser_get_error (parser));
-		ret = NULL;
-		goto return_with_parser;
-	}
-
-return_with_parser:
-	ucl_parser_free(parser);
-	return ret;
-}
-
-static PyObject*
-ucl_load (PyObject *self, PyObject *args)
-{
-	char *uclstr;
-
-	if (PyArg_ParseTuple(args, "z", &uclstr)) {
-		if (!uclstr) {
-			Py_RETURN_NONE;
-		}
-
-		return _internal_load_ucl(uclstr);
-	}
-
-	return NULL;
-}
-
-static ucl_object_t *
-_iterate_python (PyObject *obj)
-{
-	if (obj == Py_None) {
-		return ucl_object_new();
-	}
-	else if (PyBool_Check (obj)) {
-		return ucl_object_frombool (obj == Py_True);
-	}
-#if PY_MAJOR_VERSION < 3
-	else if (PyInt_Check (obj)) {
-		return ucl_object_fromint (PyInt_AsLong (obj));
-	}
-#endif
-	else if (PyLong_Check (obj)) {
-		return ucl_object_fromint (PyLong_AsLong (obj));
-	}
-	else if (PyFloat_Check (obj)) {
-		return ucl_object_fromdouble (PyFloat_AsDouble (obj));
-	}
-	else if (PyUnicode_Check (obj)) {
-		ucl_object_t *ucl_str;
-		PyObject *str = PyUnicode_AsASCIIString(obj);
-		ucl_str = ucl_object_fromstring (PyBytes_AsString (str));
-		Py_DECREF(str);
-		return ucl_str;
-	}
-#if PY_MAJOR_VERSION < 3
-	else if (PyString_Check (obj)) {
-		return ucl_object_fromstring (PyString_AsString (obj));
-	}
-#endif
-	else if (PyDict_Check(obj)) {
-		PyObject *key, *value;
-		Py_ssize_t pos = 0;
-		ucl_object_t *top, *elm;
-		char *keystr = NULL;
-
-		top = ucl_object_typed_new (UCL_OBJECT);
-
-		while (PyDict_Next(obj, &pos, &key, &value)) {
-			elm = _iterate_python(value);
-			
-			if (PyUnicode_Check(key)) {
-				PyObject *keyascii = PyUnicode_AsASCIIString(key);
-				keystr = PyBytes_AsString(keyascii);
-				Py_DECREF(keyascii);
-			}
-#if PY_MAJOR_VERSION < 3
-			else if (PyString_Check(key)) {
-				keystr = PyString_AsString(key);
-			}
-#endif
-			else {
-				PyErr_SetString(PyExc_TypeError, "Unknown key type");
-				return NULL;
-			}
-
-			ucl_object_insert_key (top, elm, keystr, 0, true);
-		}
-
-		return top;
-	}
-	else if (PySequence_Check(obj)) {
-		PyObject *value;
-		Py_ssize_t len, pos;
-		ucl_object_t *top, *elm;
-
-		len  = PySequence_Length(obj);
-		top = ucl_object_typed_new (UCL_ARRAY);
-
-		for (pos = 0; pos < len; pos++) {
-			value = PySequence_GetItem(obj, pos);
-			elm = _iterate_python(value);
-			ucl_array_append(top, elm);
-		}
-
-		return top;
-	}
-	else {
-		PyErr_SetString(PyExc_TypeError, "Unhandled object type");
-		return NULL;
-	}
-
-	return NULL;
-}
-
-static PyObject *
-ucl_dump (PyObject *self, PyObject *args)
-{
-	PyObject *obj;
-	ucl_emitter_t emitter;
-	ucl_object_t *root = NULL;
-
-	emitter = UCL_EMIT_CONFIG;
-
-	if (!PyArg_ParseTuple(args, "O|i", &obj, &emitter)) {
-		PyErr_SetString(PyExc_TypeError, "Unhandled object type");
-		return NULL;
-	}
-
-	if (emitter >= UCL_EMIT_MAX) {
-		PyErr_SetString(PyExc_TypeError, "Invalid emitter type");
-		return NULL;
-	}
-
-	if (obj == Py_None) {
-		Py_RETURN_NONE;
-	}
-
-	root = _iterate_python(obj);
-	if (root) {
-		PyObject *ret;
-		char *buf;
-
-		buf = (char *) ucl_object_emit (root, emitter);
-		ucl_object_unref (root);
-#if PY_MAJOR_VERSION < 3
-		ret = PyString_FromString (buf);
-#else
-		ret = PyUnicode_FromString (buf);
-#endif
-		free(buf);
-
-		return ret;
-	}
-
-	return NULL;
-}
-
-static PyObject *
-ucl_validate (PyObject *self, PyObject *args)
-{
-	PyObject *dataobj, *schemaobj;
-	ucl_object_t *data, *schema;
-	bool r;
-	struct ucl_schema_error err;
-
-	if (!PyArg_ParseTuple (args, "OO", &schemaobj, &dataobj)) {
-		PyErr_SetString (PyExc_TypeError, "Unhandled object type");
-		return NULL;
-	}
-
-	schema = _iterate_python(schemaobj);
-	if (!schema)
-		return NULL;
-
-	data = _iterate_python(dataobj);
-	if (!data)
-		return NULL;
-
-	// validation
-	r = ucl_object_validate (schema, data, &err);
-	ucl_object_unref (schema);
-	ucl_object_unref (data);
-
-	if (!r) {
-		PyErr_SetString (SchemaError, err.msg);
-		return NULL;
-	}
-
-	Py_RETURN_TRUE;
-}
-
-static PyMethodDef uclMethods[] = {
-	{"load", ucl_load, METH_VARARGS, "Load UCL from stream"},
-	{"dump", ucl_dump, METH_VARARGS, "Dump UCL to stream"},
-	{"validate", ucl_validate, METH_VARARGS, "Validate ucl stream against schema"},
-	{NULL, NULL, 0, NULL}
-};
-
-static void
-init_macros(PyObject *mod)
-{
-	PyModule_AddIntMacro(mod, UCL_EMIT_JSON);
-	PyModule_AddIntMacro(mod, UCL_EMIT_JSON_COMPACT);
-	PyModule_AddIntMacro(mod, UCL_EMIT_CONFIG);
-	PyModule_AddIntMacro(mod, UCL_EMIT_YAML);
-	PyModule_AddIntMacro(mod, UCL_EMIT_MSGPACK);
-
-	SchemaError = PyErr_NewException("ucl.SchemaError", NULL, NULL);
-	Py_INCREF(SchemaError);
-	PyModule_AddObject(mod, "SchemaError", SchemaError);
-}
-
-#if PY_MAJOR_VERSION >= 3
-static struct PyModuleDef uclmodule = {
-	PyModuleDef_HEAD_INIT,
-	"ucl",
-	NULL,
-	-1,
-	uclMethods
-};
-
-PyMODINIT_FUNC
-PyInit_ucl (void)
-{
-	PyObject *mod = PyModule_Create (&uclmodule);
-	init_macros (mod);
-
-	return mod;
-}
-#else
-void initucl (void)
-{
-	PyObject *mod = Py_InitModule ("ucl", uclMethods);
-	init_macros (mod);
-}
-#endif
diff --git a/contrib/libucl/python/tests/__init__.py b/contrib/libucl/python/tests/__init__.py
deleted file mode 100644
index e69de29bb2d1..000000000000
--- a/contrib/libucl/python/tests/__init__.py
+++ /dev/null
diff --git a/contrib/libucl/python/tests/compat.py b/contrib/libucl/python/tests/compat.py
deleted file mode 100644
index 50138262e9b7..000000000000
--- a/contrib/libucl/python/tests/compat.py
+++ /dev/null
@@ -1,8 +0,0 @@
-try: 
-     import unittest2 as unittest 
-except ImportError: 
-     import unittest 
-
-# Python 2.7 - 3.1
-if not hasattr(unittest.TestCase, 'assertRaisesRegex'):
-    unittest.TestCase.assertRaisesRegex = unittest.TestCase.assertRaisesRegexp
diff --git a/contrib/libucl/python/tests/test_dump.py b/contrib/libucl/python/tests/test_dump.py
deleted file mode 100644
index 369241468509..000000000000
--- a/contrib/libucl/python/tests/test_dump.py
+++ /dev/null
@@ -1,66 +0,0 @@
-from .compat import unittest
-import ucl
-import sys
-
-class DumpTest(unittest.TestCase):
-    def test_no_args(self):
-        with self.assertRaises(TypeError):
-            ucl.dump()
-
-    def test_none(self):
-        self.assertEqual(ucl.dump(None), None)
-
-    def test_null(self):
-        data = { "a" : None }
-        valid = "a = null;\n"
-        self.assertEqual(ucl.dump(data), valid)
-
-    def test_int(self):
-        data = { "a" : 1 }
-        valid = "a = 1;\n"
-        self.assertEqual(ucl.dump(data), valid)
-
-    def test_nested_int(self):
-        data = { "a" : { "b" : 1 } }
-        valid = "a {\n    b = 1;\n}\n"
-        self.assertEqual(ucl.dump(data), valid)
-
-    def test_int_array(self):
-        data = { "a" : [1,2,3,4] }
-        valid = "a [\n    1,\n    2,\n    3,\n    4,\n]\n"
-        self.assertEqual(ucl.dump(data), valid)
-
-    def test_str(self):
-        data = { "a" : "b" }
-        valid = "a = \"b\";\n"
-        self.assertEqual(ucl.dump(data), valid)
-
-    @unittest.skipIf(sys.version_info[0] > 2, "Python3 uses unicode only")
-    def test_unicode(self):
-        data = { unicode("a") : unicode("b") }
-        valid = unicode("a = \"b\";\n")
-        self.assertEqual(ucl.dump(data), valid)
-
-    def test_float(self):
-        data = { "a" : 1.1 }
-        valid = "a = 1.100000;\n"
-        self.assertEqual(ucl.dump(data), valid)
-
-    def test_boolean(self):
-        data = { "a" : True, "b" : False }
-        valid = [
-            "a = true;\nb = false;\n",
-            "b = false;\na = true;\n"
-            ]
-        self.assertIn(ucl.dump(data), valid)
-
-    def test_empty_ucl(self):
-        self.assertEqual(ucl.dump({}), "")
-
-    def test_json(self):
-        data = { "a" : 1, "b": "bleh;" }
-        valid = [
-            '{\n    "a": 1,\n    "b": "bleh;"\n}',
-            '{\n    "b": "bleh;",\n    "a": 1\n}'
-            ]
-        self.assertIn(ucl.dump(data, ucl.UCL_EMIT_JSON), valid)
diff --git a/contrib/libucl/python/tests/test_example.py b/contrib/libucl/python/tests/test_example.py
deleted file mode 100644
index f0785531f4e2..000000000000
--- a/contrib/libucl/python/tests/test_example.py
+++ /dev/null
@@ -1,59 +0,0 @@
-from .compat import unittest
-import json
-import ucl
-
-_ucl_inp = '''
-param = value;
-section {
-    param = value;
-    param1 = value1;
-    flag = true;
-    number = 10k;
-    time = 0.2s;
-    string = "something";
-    subsection {
-        host = {
-            host = "hostname";
-            port = 900;
-        }
-        host = {
-            host = "hostname";
-            port = 901;
-        }
-    }
-}
-'''
-
-_json_res = {
-	'param': 'value',
-	'section': {
-		'param': 'value',
-		'param1': 'value1',
-		'flag': True,
-		'number': 10000,
-		'time': '0.2s',
-		'string': 'something',
-		'subsection': {
-			'host': [
-				{
-					'host': 'hostname',
-					'port': 900,
-				},
-				{
-					'host': 'hostname',
-					'port': 901,
-				}
-			]
-		}
-	}
-}
-
-class TestExample(unittest.TestCase):
-	def test_example(self):
-		# load in sample UCL
-		u = ucl.load(_ucl_inp)
-
-		# Output and read back the JSON
-		uj = json.loads(json.dumps(u))
-
-		self.assertEqual(uj, _json_res)
diff --git a/contrib/libucl/python/tests/test_load.py b/contrib/libucl/python/tests/test_load.py
deleted file mode 100644
index 73d43188f3d5..000000000000
--- a/contrib/libucl/python/tests/test_load.py
+++ /dev/null
@@ -1,122 +0,0 @@
-from .compat import unittest
-import ucl
-
-class LoadTest(unittest.TestCase):
-    def test_no_args(self):
-        with self.assertRaises(TypeError):
-            ucl.load()
-
-    def test_multi_args(self):
-        with self.assertRaises(TypeError):
-            ucl.load(0,0)
-
-    def test_none(self):
-        self.assertEqual(ucl.load(None), None)
-
-    def test_null(self):
-        data  = "a: null"
-        valid = { "a" : None }
-        self.assertEqual(ucl.load(data), valid)
-
-    def test_int(self):
-        data  = "a : 1"
-        valid = { "a" : 1 }
-        self.assertEqual(ucl.load(data), valid)
-
-    def test_braced_int(self):
-        data  = "{a : 1}"
-        valid = { "a" : 1 }
-        self.assertEqual(ucl.load(data), valid)
-
-    def test_nested_int(self):
-        data  = "a : { b : 1 }"
-        valid = { "a" : { "b" : 1 } }
-        self.assertEqual(ucl.load(data), valid)
-
-    def test_str(self):
-        data  = "a : b"
-        valid = { "a" : "b" }
-        self.assertEqual(ucl.load(data), valid)
-
-    def test_float(self):
-        data  = "a : 1.1"
-        valid = {"a" : 1.1}
-        self.assertEqual(ucl.load(data), valid)
-
-    def test_boolean(self):
-        data = (
-            "a : True;" \
-            "b : False"
-        )
-        valid = { "a" : True, "b" : False }
-        self.assertEqual(ucl.load(data), valid)
-
-    def test_empty_ucl(self):
-        self.assertEqual(ucl.load("{}"), {})
-
-    def test_single_brace(self):
-        self.assertEqual(ucl.load("{"), {})
-
-    def test_single_back_brace(self):
-        self.assertEqual(ucl.load("}"), {})
-
-    def test_single_square_forward(self):
-        self.assertEqual(ucl.load("["), [])
-
-    def test_invalid_ucl(self):
-        with self.assertRaisesRegex(ValueError, "unfinished key$"):
-            ucl.load('{ "var"')
-
-    def test_comment_ignored(self):
-        self.assertEqual(ucl.load("{/*1*/}"), {})
-
-    def test_1_in(self):
-        valid = {
-            'key1': [
-                'value',
-                'value2',
-                'value;',
-                1.0,
-                -0xdeadbeef,
-                '0xdeadbeef.1',
-                '0xreadbeef',
-                -1e-10,
-                1,
-                True,
-                False,
-                True,
-            ]
-        }
-        with open("../tests/basic/1.in", "r") as in1:
-            self.assertEqual(ucl.load(in1.read()), valid)
-
-    def test_every_type(self):
-        data = ("""{
-            "key1": value;
-            "key2": value2;
-            "key3": "value;"
-            "key4": 1.0,
-            "key5": -0xdeadbeef
-            "key6": 0xdeadbeef.1
-            "key7": 0xreadbeef
-            "key8": -1e-10,
-            "key9": 1
-            "key10": true
-            "key11": no
-            "key12": yes
-        }""")
-        valid = {
-            'key1': 'value',
-            'key2': 'value2',
-            'key3': 'value;',
-            'key4': 1.0,
-            'key5': -3735928559,
-            'key6': '0xdeadbeef.1',
-            'key7': '0xreadbeef',
-            'key8': -1e-10,
-            'key9': 1,
-            'key10': True,
-            'key11': False,
-            'key12': True,
-            }
-        self.assertEqual(ucl.load(data), valid)
diff --git a/contrib/libucl/python/tests/test_validation.py b/contrib/libucl/python/tests/test_validation.py
deleted file mode 100644
index f7c853ad69a7..000000000000
--- a/contrib/libucl/python/tests/test_validation.py
+++ /dev/null
@@ -1,50 +0,0 @@
-from .compat import unittest
-import ucl
-import json
-import os.path
-import glob
-import re
-
-TESTS_SCHEMA_FOLDER = '../tests/schema/*.json'
-
-comment_re = re.compile('\/\*((?!\*\/).)*?\*\/', re.DOTALL | re.MULTILINE)
-def json_remove_comments(content):
-    return comment_re.sub('', content)
-
-class ValidationTest(unittest.TestCase):
-    def validate(self, jsonfile):
-        def perform_test(schema, data, valid, description):
-            msg = '%s (valid=%r)' % (description, valid)
-            if valid:
-                self.assertTrue(ucl.validate(schema, data), msg)
-            else:
-                with self.assertRaises(ucl.SchemaError):
-                    ucl.validate(schema, data)
-                    self.fail(msg) # fail() will be called only if SchemaError is not raised
-
-        with open(jsonfile) as f:
-            try:
-                # data = json.load(f)
-                data = json.loads(json_remove_comments(f.read()))
-            except ValueError as e:
-                raise self.skipTest('Failed to load JSON: %s' % str(e))
-
-            for testgroup in data:
-                for test in testgroup['tests']:
-                    perform_test(testgroup['schema'], test['data'],
-                        test['valid'], test['description'])
-
-    @classmethod
-    def setupValidationTests(cls):
-        """Creates each test dynamically from a folder"""
-        def test_gen(filename):
-            def run_test(self):
-                self.validate(filename)
-            return run_test
-
-        for jsonfile in glob.glob(TESTS_SCHEMA_FOLDER):
-            testname = os.path.splitext(os.path.basename(jsonfile))[0]
-            setattr(cls, 'test_%s' % testname, test_gen(jsonfile))
-
-
-ValidationTest.setupValidationTests()
diff --git a/contrib/libucl/python/ucl.pyi b/contrib/libucl/python/ucl.pyi
deleted file mode 100644
index 79fa2901ba9f..000000000000
--- a/contrib/libucl/python/ucl.pyi
+++ /dev/null
@@ -1,15 +0,0 @@
-# Stubs for ucl (Python 3.6)
-#
-# NOTE: This dynamically typed stub was automatically generated by stubgen.
-
-UCL_EMIT_CONFIG = ... # type: int
-UCL_EMIT_JSON = ... # type: int
-UCL_EMIT_JSON_COMPACT = ... # type: int
-UCL_EMIT_MSGPACK = ... # type: int
-UCL_EMIT_YAML = ... # type: int
-
-def dump(*args, **kwargs): ...
-def load(*args, **kwargs): ...
-def validate(*args, **kwargs): ...
-
-class SchemaError(Exception): ...
diff --git a/contrib/libucl/src/Makefile.am b/contrib/libucl/src/Makefile.am
deleted file mode 100644
index 80ce5b185b83..000000000000
--- a/contrib/libucl/src/Makefile.am
+++ /dev/null
@@ -1,30 +0,0 @@
-libucl_common_cflags=	-I$(top_srcdir)/src \
-			-I$(top_srcdir)/include \
-			-I$(top_srcdir)/uthash \
-			-I$(top_srcdir)/klib \
-			-Wall -W -Wno-unused-parameter -Wno-pointer-sign
-lib_LTLIBRARIES=	libucl.la
-libucl_la_SOURCES=	ucl_emitter.c \
-					ucl_emitter_streamline.c \
-					ucl_emitter_utils.c \
-					ucl_hash.c \
-					ucl_parser.c \
-					ucl_schema.c \
-					ucl_util.c \
-					ucl_msgpack.c \
-					ucl_sexp.c
-libucl_la_CFLAGS=	$(libucl_common_cflags) \
-					@CURL_CFLAGS@
-libucl_la_LDFLAGS = -version-info @SO_VERSION@
-libucl_la_LIBADD=	@LIBFETCH_LIBS@ \
-					@LIBCRYPTO_LIB@ \
-					@LIBREGEX_LIB@ \
-					@CURL_LIBS@
-
-include_HEADERS=	$(top_srcdir)/include/ucl.h \
-					$(top_srcdir)/include/ucl++.h
-noinst_HEADERS=	ucl_internal.h \
-				mum.h \
-				ucl_hash.h \
-				ucl_chartable.h \
-				tree.h
diff --git a/contrib/libucl/src/mum.h b/contrib/libucl/src/mum.h
index 148161a3ec58..318efea50268 100644
--- a/contrib/libucl/src/mum.h
+++ b/contrib/libucl/src/mum.h
@@ -69,11 +69,9 @@ typedef unsigned __int64 uint64_t;
 #endif
 #endif
 
-#if 0
 #if defined(__GNUC__) && ((__GNUC__ == 4) &&  (__GNUC_MINOR__ >= 9) || (__GNUC__ > 4))
 #define _MUM_FRESH_GCC
 #endif
-#endif
 
 #if defined(__GNUC__) && !defined(__llvm__) && defined(_MUM_FRESH_GCC)
 #define _MUM_ATTRIBUTE_UNUSED  __attribute__((unused))
diff --git a/contrib/libucl/src/ucl_emitter.c b/contrib/libucl/src/ucl_emitter.c
index 4f4465dfbf4a..97d8f618021f 100644
--- a/contrib/libucl/src/ucl_emitter.c
+++ b/contrib/libucl/src/ucl_emitter.c
@@ -47,9 +47,9 @@ static void ucl_emitter_common_elt (struct ucl_emitter_context *ctx,
 	static void ucl_emit_ ## type ## _elt (struct ucl_emitter_context *ctx,	\
 		const ucl_object_t *obj, bool first, bool print_key);	\
 	static void ucl_emit_ ## type ## _start_obj (struct ucl_emitter_context *ctx,	\
-		const ucl_object_t *obj, bool print_key);	\
+		const ucl_object_t *obj, bool first, bool print_key);	\
 	static void ucl_emit_ ## type## _start_array (struct ucl_emitter_context *ctx,	\
-		const ucl_object_t *obj, bool print_key);	\
+		const ucl_object_t *obj, bool first, bool print_key);	\
 	static void ucl_emit_ ##type## _end_object (struct ucl_emitter_context *ctx,	\
 		const ucl_object_t *obj);	\
 	static void ucl_emit_ ##type## _end_array (struct ucl_emitter_context *ctx,	\
@@ -248,12 +248,26 @@ ucl_emitter_common_end_array (struct ucl_emitter_context *ctx,
  */
 static void
 ucl_emitter_common_start_array (struct ucl_emitter_context *ctx,
-		const ucl_object_t *obj, bool print_key, bool compact)
+		const ucl_object_t *obj, bool first, bool print_key, bool compact)
 {
 	const ucl_object_t *cur;
 	ucl_object_iter_t iter = NULL;
 	const struct ucl_emitter_functions *func = ctx->func;
-	bool first = true;
+	bool first_key = true;
+
+	if (ctx->id != UCL_EMIT_CONFIG && !first) {
+		if (compact) {
+			func->ucl_emitter_append_character (',', 1, func->ud);
+		}
+		else {
+			if (ctx->id == UCL_EMIT_YAML && ctx->indent == 0) {
+				func->ucl_emitter_append_len ("\n", 1, func->ud);
+			} else {
+				func->ucl_emitter_append_len (",\n", 2, func->ud);
+			}
+		}
+		ucl_add_tabs (func, ctx->indent, compact);
+	}
 
 	ucl_emitter_print_key (print_key, ctx, obj, compact);
 
@@ -269,16 +283,16 @@ ucl_emitter_common_start_array (struct ucl_emitter_context *ctx,
 	if (obj->type == UCL_ARRAY) {
 		/* explicit array */
 		while ((cur = ucl_object_iterate (obj, &iter, true)) != NULL) {
-			ucl_emitter_common_elt (ctx, cur, first, false, compact);
-			first = false;
+			ucl_emitter_common_elt (ctx, cur, first_key, false, compact);
+			first_key = false;
 		}
 	}
 	else {
 		/* implicit array */
 		cur = obj;
 		while (cur) {
-			ucl_emitter_common_elt (ctx, cur, first, false, compact);
-			first = false;
+			ucl_emitter_common_elt (ctx, cur, first_key, false, compact);
+			first_key = false;
 			cur = cur->next;
 		}
 	}
@@ -294,12 +308,26 @@ ucl_emitter_common_start_array (struct ucl_emitter_context *ctx,
  */
 static void
 ucl_emitter_common_start_object (struct ucl_emitter_context *ctx,
-		const ucl_object_t *obj, bool print_key, bool compact)
+		const ucl_object_t *obj, bool first, bool print_key, bool compact)
 {
 	ucl_hash_iter_t it = NULL;
 	const ucl_object_t *cur, *elt;
 	const struct ucl_emitter_functions *func = ctx->func;
-	bool first = true;
+	bool first_key = true;
+
+	if (ctx->id != UCL_EMIT_CONFIG && !first) {
+		if (compact) {
+			func->ucl_emitter_append_character (',', 1, func->ud);
+		}
+		else {
+			if (ctx->id == UCL_EMIT_YAML && ctx->indent == 0) {
+				func->ucl_emitter_append_len ("\n", 1, func->ud);
+			} else {
+				func->ucl_emitter_append_len (",\n", 2, func->ud);
+			}
+		}
+		ucl_add_tabs (func, ctx->indent, compact);
+	}
 
 	ucl_emitter_print_key (print_key, ctx, obj, compact);
 	/*
@@ -320,13 +348,13 @@ ucl_emitter_common_start_object (struct ucl_emitter_context *ctx,
 
 		if (ctx->id == UCL_EMIT_CONFIG) {
 			LL_FOREACH (cur, elt) {
-				ucl_emitter_common_elt (ctx, elt, first, true, compact);
+				ucl_emitter_common_elt (ctx, elt, first_key, true, compact);
 			}
 		}
 		else {
 			/* Expand implicit arrays */
 			if (cur->next != NULL) {
-				if (!first) {
+				if (!first_key) {
 					if (compact) {
 						func->ucl_emitter_append_character (',', 1, func->ud);
 					}
@@ -335,15 +363,15 @@ ucl_emitter_common_start_object (struct ucl_emitter_context *ctx,
 					}
 				}
 				ucl_add_tabs (func, ctx->indent, compact);
-				ucl_emitter_common_start_array (ctx, cur, true, compact);
+				ucl_emitter_common_start_array (ctx, cur, first_key, true, compact);
 				ucl_emitter_common_end_array (ctx, cur, compact);
 			}
 			else {
-				ucl_emitter_common_elt (ctx, cur, first, true, compact);
+				ucl_emitter_common_elt (ctx, cur, first_key, true, compact);
 			}
 		}
 
-		first = false;
+		first_key = false;
 	}
 }
 
@@ -446,11 +474,11 @@ ucl_emitter_common_elt (struct ucl_emitter_context *ctx,
 		ucl_emitter_finish_object (ctx, obj, compact, !print_key);
 		break;
 	case UCL_OBJECT:
-		ucl_emitter_common_start_object (ctx, obj, print_key, compact);
+		ucl_emitter_common_start_object (ctx, obj, true, print_key, compact);
 		ucl_emitter_common_end_object (ctx, obj, compact);
 		break;
 	case UCL_ARRAY:
-		ucl_emitter_common_start_array (ctx, obj, print_key, compact);
+		ucl_emitter_common_start_array (ctx, obj, true, print_key, compact);
 		ucl_emitter_common_end_array (ctx, obj, compact);
 		break;
 	case UCL_USERDATA:
@@ -490,12 +518,12 @@ ucl_emitter_common_elt (struct ucl_emitter_context *ctx,
 		ucl_emitter_common_elt (ctx, obj, first, print_key, (compact));	\
 	}	\
 	static void ucl_emit_ ## type ## _start_obj (struct ucl_emitter_context *ctx,	\
-		const ucl_object_t *obj, bool print_key) {	\
-		ucl_emitter_common_start_object (ctx, obj, print_key, (compact));	\
+		const ucl_object_t *obj, bool first, bool print_key) {	\
+		ucl_emitter_common_start_object (ctx, obj, first, print_key, (compact));	\
 	}	\
 	static void ucl_emit_ ## type## _start_array (struct ucl_emitter_context *ctx,	\
-		const ucl_object_t *obj, bool print_key) {	\
-		ucl_emitter_common_start_array (ctx, obj, print_key, (compact));	\
+		const ucl_object_t *obj, bool first, bool print_key) {	\
+		ucl_emitter_common_start_array (ctx, obj, first, print_key, (compact));	\
 	}	\
 	static void ucl_emit_ ##type## _end_object (struct ucl_emitter_context *ctx,	\
 		const ucl_object_t *obj) {	\
@@ -513,7 +541,7 @@ UCL_EMIT_TYPE_IMPL(yaml, false)
 
 static void
 ucl_emit_msgpack_elt (struct ucl_emitter_context *ctx,
-		const ucl_object_t *obj, bool first, bool print_key)
+		const ucl_object_t *obj, bool _first, bool print_key)
 {
 	ucl_object_iter_t it;
 	struct ucl_object_userdata *ud;
@@ -556,7 +584,7 @@ ucl_emit_msgpack_elt (struct ucl_emitter_context *ctx,
 
 	case UCL_OBJECT:
 		ucl_emitter_print_key_msgpack (print_key, ctx, obj);
-		ucl_emit_msgpack_start_obj (ctx, obj, print_key);
+		ucl_emit_msgpack_start_obj (ctx, obj, false, print_key);
 		it = NULL;
 
 		while ((cur = ucl_object_iterate (obj, &it, true)) != NULL) {
@@ -575,7 +603,7 @@ ucl_emit_msgpack_elt (struct ucl_emitter_context *ctx,
 
 	case UCL_ARRAY:
 		ucl_emitter_print_key_msgpack (print_key, ctx, obj);
-		ucl_emit_msgpack_start_array (ctx, obj, print_key);
+		ucl_emit_msgpack_start_array (ctx, obj, false, print_key);
 		it = NULL;
 
 		while ((cur = ucl_object_iterate (obj, &it, true)) != NULL) {
@@ -601,14 +629,14 @@ ucl_emit_msgpack_elt (struct ucl_emitter_context *ctx,
 
 static void
 ucl_emit_msgpack_start_obj (struct ucl_emitter_context *ctx,
-		const ucl_object_t *obj, bool print_key)
+		const ucl_object_t *obj, bool _first, bool _print_key)
 {
 	ucl_emitter_print_object_msgpack (ctx, obj->len);
 }
 
 static void
 ucl_emit_msgpack_start_array (struct ucl_emitter_context *ctx,
-		const ucl_object_t *obj, bool print_key)
+		const ucl_object_t *obj, bool _first, bool _print_key)
 {
 	ucl_emitter_print_array_msgpack (ctx, obj->len);
 }
diff --git a/contrib/libucl/src/ucl_emitter_streamline.c b/contrib/libucl/src/ucl_emitter_streamline.c
index a7178c5d74b0..8ca86fa081c9 100644
--- a/contrib/libucl/src/ucl_emitter_streamline.c
+++ b/contrib/libucl/src/ucl_emitter_streamline.c
@@ -103,18 +103,19 @@ ucl_object_emit_streamline_start_container (struct ucl_emitter_context *ctx,
 	top = sctx->containers;
 	st = malloc (sizeof (*st));
 	if (st != NULL) {
-		if (top != NULL && !top->is_array) {
+		st->empty = true;
+		if (top && !top->is_array) {
 			print_key = true;
 		}
-		st->empty = true;
+
 		st->obj = obj;
 		if (obj != NULL && obj->type == UCL_ARRAY) {
 			st->is_array = true;
-			sctx->ops->ucl_emitter_start_array (ctx, obj, print_key);
+			sctx->ops->ucl_emitter_start_array (ctx, obj, top == NULL, print_key);
 		}
 		else {
 			st->is_array = false;
-			sctx->ops->ucl_emitter_start_object (ctx, obj, print_key);
+			sctx->ops->ucl_emitter_start_object (ctx, obj, top == NULL, print_key);
 		}
 		LL_PREPEND (sctx->containers, st);
 	}
diff --git a/contrib/libucl/src/ucl_hash.c b/contrib/libucl/src/ucl_hash.c
index a74dfcdee68e..0208cfd29c9a 100644
--- a/contrib/libucl/src/ucl_hash.c
+++ b/contrib/libucl/src/ucl_hash.c
@@ -32,12 +32,12 @@
 
 struct ucl_hash_elt {
 	const ucl_object_t *obj;
-	size_t ar_idx;
+	struct ucl_hash_elt *prev, *next;
 };
 
 struct ucl_hash_struct {
 	void *hash;
-	kvec_t(const ucl_object_t *) ar;
+	struct ucl_hash_elt *head;
 	bool caseless;
 };
 
@@ -45,7 +45,6 @@ static uint64_t
 ucl_hash_seed (void)
 {
 	static uint64_t seed;
-
 	if (seed == 0) {
 #ifdef UCL_RANDOM_FUNCTION
 		seed = UCL_RANDOM_FUNCTION;
@@ -115,7 +114,7 @@ ucl_hash_equal (const ucl_object_t *k1, const ucl_object_t *k2)
 	return 0;
 }
 
-KHASH_INIT (ucl_hash_node, const ucl_object_t *, struct ucl_hash_elt, 1,
+KHASH_INIT (ucl_hash_node, const ucl_object_t *, struct ucl_hash_elt *, 1,
 		ucl_hash_func, ucl_hash_equal)
 
 static inline uint32_t
@@ -227,7 +226,7 @@ ucl_hash_caseless_equal (const ucl_object_t *k1, const ucl_object_t *k2)
 	return 0;
 }
 
-KHASH_INIT (ucl_hash_caseless_node, const ucl_object_t *, struct ucl_hash_elt, 1,
+KHASH_INIT (ucl_hash_caseless_node, const ucl_object_t *, struct ucl_hash_elt *, 1,
 		ucl_hash_caseless_func, ucl_hash_caseless_equal)
 
 ucl_hash_t*
@@ -238,8 +237,7 @@ ucl_hash_create (bool ignore_case)
 	new = UCL_ALLOC (sizeof (ucl_hash_t));
 	if (new != NULL) {
 		void *h;
-		kv_init (new->ar);
-
+		new->head = NULL;
 		new->caseless = ignore_case;
 		if (ignore_case) {
 			h = (void *)kh_init (ucl_hash_caseless_node);
@@ -258,7 +256,6 @@ ucl_hash_create (bool ignore_case)
 
 void ucl_hash_destroy (ucl_hash_t* hashlin, ucl_hash_free_func func)
 {
-	const ucl_object_t *cur, *tmp;
 
 	if (hashlin == NULL) {
 		return;
@@ -269,10 +266,11 @@ void ucl_hash_destroy (ucl_hash_t* hashlin, ucl_hash_free_func func)
 		khash_t(ucl_hash_node) *h = (khash_t(ucl_hash_node) *)
 				hashlin->hash;
 		khiter_t k;
+		const ucl_object_t *cur, *tmp;
 
 		for (k = kh_begin (h); k != kh_end (h); ++k) {
 			if (kh_exist (h, k)) {
-				cur = (kh_value (h, k)).obj;
+				cur = (kh_value (h, k))->obj;
 				while (cur != NULL) {
 					tmp = cur->next;
 					func (__DECONST (ucl_object_t *, cur));
@@ -293,7 +291,12 @@ void ucl_hash_destroy (ucl_hash_t* hashlin, ucl_hash_free_func func)
 		kh_destroy (ucl_hash_node, h);
 	}
 
-	kv_destroy (hashlin->ar);
+	struct ucl_hash_elt *cur, *tmp;
+
+	DL_FOREACH_SAFE(hashlin->head, cur, tmp) {
+		UCL_FREE(sizeof(*cur), cur);
+	}
+
 	UCL_FREE (sizeof (*hashlin), hashlin);
 }
 
@@ -303,7 +306,7 @@ ucl_hash_insert (ucl_hash_t* hashlin, const ucl_object_t *obj,
 {
 	khiter_t k;
 	int ret;
-	struct ucl_hash_elt *elt;
+	struct ucl_hash_elt **pelt, *elt;
 
 	if (hashlin == NULL) {
 		return false;
@@ -314,10 +317,14 @@ ucl_hash_insert (ucl_hash_t* hashlin, const ucl_object_t *obj,
 				hashlin->hash;
 		k = kh_put (ucl_hash_caseless_node, h, obj, &ret);
 		if (ret > 0) {
-			elt = &kh_value (h, k);
-			kv_push_safe (const ucl_object_t *, hashlin->ar, obj, e0);
+			elt = UCL_ALLOC(sizeof(*elt));
+			pelt = &kh_value (h, k);
+			*pelt = elt;
+			DL_APPEND(hashlin->head, elt);
 			elt->obj = obj;
-			elt->ar_idx = kv_size (hashlin->ar) - 1;
+		}
+		else if (ret < 0) {
+			goto e0;
 		}
 	}
 	else {
@@ -325,10 +332,11 @@ ucl_hash_insert (ucl_hash_t* hashlin, const ucl_object_t *obj,
 				hashlin->hash;
 		k = kh_put (ucl_hash_node, h, obj, &ret);
 		if (ret > 0) {
-			elt = &kh_value (h, k);
-			kv_push_safe (const ucl_object_t *, hashlin->ar, obj, e0);
+			elt = UCL_ALLOC(sizeof(*elt));
+			pelt = &kh_value (h, k);
+			*pelt = elt;
+			DL_APPEND(hashlin->head, elt);
 			elt->obj = obj;
-			elt->ar_idx = kv_size (hashlin->ar) - 1;
 		} else if (ret < 0) {
 			goto e0;
 		}
@@ -343,7 +351,7 @@ void ucl_hash_replace (ucl_hash_t* hashlin, const ucl_object_t *old,
 {
 	khiter_t k;
 	int ret;
-	struct ucl_hash_elt elt, *pelt;
+	struct ucl_hash_elt *elt, *nelt;
 
 	if (hashlin == NULL) {
 		return;
@@ -354,13 +362,14 @@ void ucl_hash_replace (ucl_hash_t* hashlin, const ucl_object_t *old,
 				hashlin->hash;
 		k = kh_put (ucl_hash_caseless_node, h, old, &ret);
 		if (ret == 0) {
-			elt = kh_value (h, k);
+			elt = kh_value(h, k);
 			kh_del (ucl_hash_caseless_node, h, k);
 			k = kh_put (ucl_hash_caseless_node, h, new, &ret);
-			pelt = &kh_value (h, k);
-			pelt->obj = new;
-			pelt->ar_idx = elt.ar_idx;
-			kv_A (hashlin->ar, elt.ar_idx) = new;
+			nelt = UCL_ALLOC(sizeof(*nelt));
+			nelt->obj = new;
+			kh_value(h, k) = nelt;
+			DL_REPLACE_ELEM(hashlin->head, elt, nelt);
+			UCL_FREE(sizeof(*elt), elt);
 		}
 	}
 	else {
@@ -371,17 +380,17 @@ void ucl_hash_replace (ucl_hash_t* hashlin, const ucl_object_t *old,
 			elt = kh_value (h, k);
 			kh_del (ucl_hash_node, h, k);
 			k = kh_put (ucl_hash_node, h, new, &ret);
-			pelt = &kh_value (h, k);
-			pelt->obj = new;
-			pelt->ar_idx = elt.ar_idx;
-			kv_A (hashlin->ar, elt.ar_idx) = new;
+			nelt = UCL_ALLOC(sizeof(*nelt));
+			nelt->obj = new;
+			kh_value(h, k) = nelt;
+			DL_REPLACE_ELEM(hashlin->head, elt, nelt);
+			UCL_FREE(sizeof(*elt), elt);
 		}
 	}
 }
 
 struct ucl_hash_real_iter {
-	const ucl_object_t **cur;
-	const ucl_object_t **end;
+	const struct ucl_hash_elt *cur;
 };
 
 #define UHI_SETERR(ep, ern) {if (ep != NULL) *ep = (ern);}
@@ -405,13 +414,13 @@ ucl_hash_iterate2 (ucl_hash_t *hashlin, ucl_hash_iter_t *iter, int *ep)
 			return NULL;
 		}
 
-		it->cur = &hashlin->ar.a[0];
-		it->end = it->cur + hashlin->ar.n;
+		it->cur = hashlin->head;
 	}
 
 	UHI_SETERR(ep, 0);
-	if (it->cur < it->end) {
-		ret = *it->cur++;
+	if (it->cur) {
+		ret = it->cur->obj;
+		it->cur = it->cur->next;
 	}
 	else {
 		UCL_FREE (sizeof (*it), it);
@@ -429,7 +438,7 @@ ucl_hash_iter_has_next (ucl_hash_t *hashlin, ucl_hash_iter_t iter)
 {
 	struct ucl_hash_real_iter *it = (struct ucl_hash_real_iter *)(iter);
 
-	return it->cur < it->end - 1;
+	return it->cur != NULL;
 }
 
 
@@ -454,7 +463,7 @@ ucl_hash_search (ucl_hash_t* hashlin, const char *key, unsigned keylen)
 
 		k = kh_get (ucl_hash_caseless_node, h, &search);
 		if (k != kh_end (h)) {
-			elt = &kh_value (h, k);
+			elt = kh_value (h, k);
 			ret = elt->obj;
 		}
 	}
@@ -463,7 +472,7 @@ ucl_hash_search (ucl_hash_t* hashlin, const char *key, unsigned keylen)
 						hashlin->hash;
 		k = kh_get (ucl_hash_node, h, &search);
 		if (k != kh_end (h)) {
-			elt = &kh_value (h, k);
+			elt = kh_value (h, k);
 			ret = elt->obj;
 		}
 	}
@@ -476,7 +485,6 @@ ucl_hash_delete (ucl_hash_t* hashlin, const ucl_object_t *obj)
 {
 	khiter_t k;
 	struct ucl_hash_elt *elt;
-	size_t i;
 
 	if (hashlin == NULL) {
 		return;
@@ -488,16 +496,10 @@ ucl_hash_delete (ucl_hash_t* hashlin, const ucl_object_t *obj)
 
 		k = kh_get (ucl_hash_caseless_node, h, obj);
 		if (k != kh_end (h)) {
-			elt = &kh_value (h, k);
-			i = elt->ar_idx;
-			kv_del (const ucl_object_t *, hashlin->ar, elt->ar_idx);
+			elt = kh_value (h, k);
+			DL_DELETE(hashlin->head, elt);
 			kh_del (ucl_hash_caseless_node, h, k);
-
-			/* Update subsequent elts */
-			for (; i < hashlin->ar.n; i ++) {
-				elt = &kh_value (h, i);
-				elt->ar_idx --;
-			}
+			UCL_FREE(sizeof(*elt), elt);
 		}
 	}
 	else {
@@ -505,16 +507,10 @@ ucl_hash_delete (ucl_hash_t* hashlin, const ucl_object_t *obj)
 			hashlin->hash;
 		k = kh_get (ucl_hash_node, h, obj);
 		if (k != kh_end (h)) {
-			elt = &kh_value (h, k);
-			i = elt->ar_idx;
-			kv_del (const ucl_object_t *, hashlin->ar, elt->ar_idx);
+			elt = kh_value (h, k);
+			DL_DELETE(hashlin->head, elt);
 			kh_del (ucl_hash_node, h, k);
-
-			/* Update subsequent elts */
-			for (; i < hashlin->ar.n; i ++) {
-				elt = &kh_value (h, i);
-				elt->ar_idx --;
-			}
+			UCL_FREE(sizeof(*elt), elt);
 		}
 	}
 }
@@ -525,9 +521,7 @@ bool ucl_hash_reserve (ucl_hash_t *hashlin, size_t sz)
 		return false;
 	}
 
-	if (sz > hashlin->ar.m) {
-		kv_resize_safe (const ucl_object_t *, hashlin->ar, sz, e0);
-
+	if (sz > kh_size((khash_t(ucl_hash_node) *)hashlin->hash)) {
 		if (hashlin->caseless) {
 			khash_t(ucl_hash_caseless_node) *h = (khash_t(
 					ucl_hash_caseless_node) *)
@@ -540,8 +534,6 @@ bool ucl_hash_reserve (ucl_hash_t *hashlin, size_t sz)
 		}
 	}
 	return true;
-e0:
-	return false;
 }
 
 static int
@@ -591,27 +583,27 @@ ucl_lc_cmp (const char *s, const char *d, size_t l)
 static int
 ucl_hash_cmp_icase (const void *a, const void *b)
 {
-	const ucl_object_t *oa = *(const ucl_object_t **)a,
-			*ob = *(const ucl_object_t **)b;
+	const struct ucl_hash_elt *oa = (const struct ucl_hash_elt *)a,
+		*ob = (const struct ucl_hash_elt *)b;
 
-	if (oa->keylen == ob->keylen) {
-		return ucl_lc_cmp (oa->key, ob->key, oa->keylen);
+	if (oa->obj->keylen == ob->obj->keylen) {
+		return ucl_lc_cmp (oa->obj->key, ob->obj->key, oa->obj->keylen);
 	}
 
-	return ((int)(oa->keylen)) - ob->keylen;
+	return ((int)(oa->obj->keylen)) - ob->obj->keylen;
 }
 
 static int
 ucl_hash_cmp_case_sens (const void *a, const void *b)
 {
-	const ucl_object_t *oa = *(const ucl_object_t **)a,
-			*ob = *(const ucl_object_t **)b;
+	const struct ucl_hash_elt *oa = (const struct ucl_hash_elt *)a,
+			*ob = (const struct ucl_hash_elt *)b;
 
-	if (oa->keylen == ob->keylen) {
-		return memcmp (oa->key, ob->key, oa->keylen);
+	if (oa->obj->keylen == ob->obj->keylen) {
+		return memcmp (oa->obj->key, ob->obj->key, oa->obj->keylen);
 	}
 
-	return ((int)(oa->keylen)) - ob->keylen;
+	return ((int)(oa->obj->keylen)) - ob->obj->keylen;
 }
 
 void
@@ -619,18 +611,18 @@ ucl_hash_sort (ucl_hash_t *hashlin, enum ucl_object_keys_sort_flags fl)
 {
 
 	if (fl & UCL_SORT_KEYS_ICASE) {
-		qsort (hashlin->ar.a, hashlin->ar.n, sizeof (ucl_object_t *),
-				ucl_hash_cmp_icase);
+		DL_SORT(hashlin->head, ucl_hash_cmp_icase);
 	}
 	else {
-		qsort (hashlin->ar.a, hashlin->ar.n, sizeof (ucl_object_t *),
-				ucl_hash_cmp_case_sens);
+		DL_SORT(hashlin->head, ucl_hash_cmp_case_sens);
 	}
 
 	if (fl & UCL_SORT_KEYS_RECURSIVE) {
-		for (size_t i = 0; i < hashlin->ar.n; i ++) {
-			if (ucl_object_type (hashlin->ar.a[i]) == UCL_OBJECT) {
-				ucl_hash_sort (hashlin->ar.a[i]->value.ov, fl);
+		struct ucl_hash_elt *elt;
+
+		DL_FOREACH(hashlin->head, elt) {
+			if (ucl_object_type (elt->obj) == UCL_OBJECT) {
+				ucl_hash_sort (elt->obj->value.ov, fl);
 			}
 		}
 	}
diff --git a/contrib/libucl/src/ucl_msgpack.c b/contrib/libucl/src/ucl_msgpack.c
index 08e690a4728a..628ed2be993d 100644
--- a/contrib/libucl/src/ucl_msgpack.c
+++ b/contrib/libucl/src/ucl_msgpack.c
@@ -1246,8 +1246,8 @@ ucl_msgpack_consume (struct ucl_parser *parser)
 		/* Empty container at the end */
 		if (len != 0) {
 			ucl_create_err (&parser->err,
-					"invalid non-empty container at the end; len=%zu",
-					(size_t)len);
+					"invalid non-empty container at the end; len=%ju",
+					(uintmax_t)len);
 
 			return false;
 		}
diff --git a/contrib/libucl/src/ucl_parser.c b/contrib/libucl/src/ucl_parser.c
index 23f5bce3056f..728cd6381056 100644
--- a/contrib/libucl/src/ucl_parser.c
+++ b/contrib/libucl/src/ucl_parser.c
@@ -47,6 +47,9 @@ struct ucl_parser_saved_state {
  */
 #define ucl_chunk_skipc(chunk, p)    \
 do {                                 \
+	if (p == chunk->end) {       \
+		break;                   \
+	}                            \
 	if (*(p) == '\n') {          \
 		(chunk)->line ++;    \
 		(chunk)->column = 0; \
@@ -161,51 +164,50 @@ start:
 			}
 		}
 	}
-	else if (chunk->remain >= 2 && *p == '/') {
-		if (p[1] == '*') {
-			beg = p;
-			ucl_chunk_skipc (chunk, p);
-			comments_nested ++;
-			ucl_chunk_skipc (chunk, p);
-
-			while (p < chunk->end) {
-				if (*p == '"' && *(p - 1) != '\\') {
-					quoted = !quoted;
-				}
-
-				if (!quoted) {
-					if (*p == '*') {
-						ucl_chunk_skipc (chunk, p);
-						if (*p == '/') {
-							comments_nested --;
-							if (comments_nested == 0) {
-								if (parser->flags & UCL_PARSER_SAVE_COMMENTS) {
-									ucl_save_comment (parser, beg, p - beg + 1);
-									beg = NULL;
-								}
-
-								ucl_chunk_skipc (chunk, p);
-								goto start;
-							}
-						}
-						ucl_chunk_skipc (chunk, p);
-					}
-					else if (p[0] == '/' && chunk->remain >= 2 && p[1] == '*') {
-						comments_nested ++;
-						ucl_chunk_skipc (chunk, p);
-						ucl_chunk_skipc (chunk, p);
-						continue;
+	else if (chunk->remain >= 2 && *p == '/' && p[1] == '*') {
+		beg = p;
+		comments_nested ++;
+		ucl_chunk_skipc (chunk, p);
+		ucl_chunk_skipc (chunk, p);
+		while (p < chunk->end) {
+			if (*p == '"' && *(p - 1) != '\\') {
+				/* begin or end double-quoted string */
+				quoted = !quoted;
+				ucl_chunk_skipc (chunk, p);
+			}
+			else if (quoted) {
+				/* quoted character */
+				ucl_chunk_skipc (chunk, p);
+			}
+			else if (chunk->remain >= 2 && *p == '*' && p[1] == '/') {
+				/* end of comment */
+				ucl_chunk_skipc (chunk, p);
+				ucl_chunk_skipc (chunk, p);
+				comments_nested --;
+				if (comments_nested == 0) {
+					if (parser->flags & UCL_PARSER_SAVE_COMMENTS) {
+						ucl_save_comment (parser, beg, p - beg + 1);
+						beg = NULL;
 					}
+					goto start;
 				}
-
+			}
+			else if (chunk->remain >= 2 && *p == '/' && p[1] == '*') {
+				/* start of nested comment */
+				comments_nested ++;
+				ucl_chunk_skipc (chunk, p);
 				ucl_chunk_skipc (chunk, p);
 			}
-			if (comments_nested != 0) {
-				ucl_set_err (parser, UCL_ENESTED,
-						"unfinished multiline comment", &parser->err);
-				return false;
+			else {
+				/* anything else */
+				ucl_chunk_skipc (chunk, p);
 			}
 		}
+		if (comments_nested != 0) {
+			ucl_set_err (parser, UCL_ENESTED,
+			    "unfinished multiline comment", &parser->err);
+			return false;
+		}
 	}
 
 	if (beg && p > beg && (parser->flags & UCL_PARSER_SAVE_COMMENTS)) {
@@ -345,8 +347,9 @@ ucl_check_variable_safe (struct ucl_parser *parser, const char *ptr, size_t rema
 		/* Call generic handler */
 		if (parser->var_handler (ptr, remain, &dst, &dstlen, &need_free,
 				parser->var_data)) {
-			*out_len = dstlen;
 			*found = true;
+			*out_len = dstlen;
+
 			if (need_free) {
 				free (dst);
 			}
@@ -395,6 +398,9 @@ ucl_check_variable (struct ucl_parser *parser, const char *ptr,
 			}
 			p ++;
 		}
+		if(p == end) {
+			(*out_len) ++;
+		}
 	}
 	else if (*ptr != '$') {
 		/* Not count escaped dollar sign */
@@ -418,13 +424,14 @@ ucl_check_variable (struct ucl_parser *parser, const char *ptr,
  * Expand a single variable
  * @param parser
  * @param ptr
- * @param remain
+ * @param in_len
  * @param dest
+ * @param out_len
  * @return
  */
 static const char *
 ucl_expand_single_variable (struct ucl_parser *parser, const char *ptr,
-		size_t remain, unsigned char **dest)
+		size_t in_len, unsigned char **dest, size_t out_len)
 {
 	unsigned char *d = *dest, *dst;
 	const char *p = ptr + 1, *ret;
@@ -435,7 +442,8 @@ ucl_expand_single_variable (struct ucl_parser *parser, const char *ptr,
 	bool strict = false;
 
 	ret = ptr + 1;
-	remain --;
+	/* For the $ sign */
+	in_len --;
 
 	if (*p == '$') {
 		*d++ = *p++;
@@ -444,39 +452,53 @@ ucl_expand_single_variable (struct ucl_parser *parser, const char *ptr,
 	}
 	else if (*p == '{') {
 		p ++;
+		in_len --;
 		strict = true;
 		ret += 2;
-		remain -= 2;
 	}
 
 	LL_FOREACH (parser->variables, var) {
-		if (remain >= var->var_len) {
+		if (out_len >= var->value_len && in_len >= (var->var_len + (strict ? 1 : 0))) {
 			if (memcmp (p, var->var, var->var_len) == 0) {
-				memcpy (d, var->value, var->value_len);
-				ret += var->var_len;
-				d += var->value_len;
-				found = true;
-				break;
+				if (!strict || p[var->var_len] == '}') {
+					memcpy (d, var->value, var->value_len);
+					ret += var->var_len;
+					d += var->value_len;
+					found = true;
+					break;
+				}
 			}
 		}
 	}
+
 	if (!found) {
 		if (strict && parser->var_handler != NULL) {
-			if (parser->var_handler (p, remain, &dst, &dstlen, &need_free,
+			dstlen = out_len;
+
+			if (parser->var_handler (p, in_len, &dst, &dstlen, &need_free,
 							parser->var_data)) {
-				memcpy (d, dst, dstlen);
-				ret += remain;
-				d += dstlen;
-				found = true;
-				if (need_free) {
-					free (dst);
+				if (dstlen > out_len) {
+					/* We do not have enough space! */
+					if (need_free) {
+						free (dst);
+					}
+				}
+				else {
+					memcpy(d, dst, dstlen);
+					ret += in_len;
+					d += dstlen;
+					found = true;
+
+					if (need_free) {
+						free(dst);
+					}
 				}
 			}
 		}
 
-		/* Leave variable as is */
+		/* Leave variable as is, in this case we use dest */
 		if (!found) {
-			if (strict) {
+			if (strict && out_len >= 2) {
 				/* Copy '${' */
 				memcpy (d, ptr, 2);
 				d += 2;
@@ -506,7 +528,7 @@ ucl_expand_variable (struct ucl_parser *parser, unsigned char **dst,
 		const char *src, size_t in_len)
 {
 	const char *p, *end = src + in_len;
-	unsigned char *d;
+	unsigned char *d, *d_end;
 	size_t out_len = 0;
 	bool vars_found = false;
 
@@ -517,7 +539,7 @@ ucl_expand_variable (struct ucl_parser *parser, unsigned char **dst,
 
 	p = src;
 	while (p != end) {
-		if (*p == '$') {
+		if (*p == '$' && p + 1 != end) {
 			p = ucl_check_variable (parser, p + 1, end - p - 1, &out_len, &vars_found);
 		}
 		else {
@@ -538,10 +560,11 @@ ucl_expand_variable (struct ucl_parser *parser, unsigned char **dst,
 	}
 
 	d = *dst;
+	d_end = d + out_len;
 	p = src;
-	while (p != end) {
-		if (*p == '$') {
-			p = ucl_expand_single_variable (parser, p, end - p, &d);
+	while (p != end && d != d_end) {
+		if (*p == '$' && p + 1 != end) {
+			p = ucl_expand_single_variable (parser, p, end - p, &d, d_end - d);
 		}
 		else {
 			*d++ = *p++;
@@ -686,6 +709,8 @@ ucl_parser_add_container (ucl_object_t *obj, struct ucl_parser *parser,
 			ucl_object_unref (obj);
 		}
 
+		UCL_FREE(sizeof (struct ucl_stack), st);
+
 		return NULL;
 	}
 
@@ -722,13 +747,13 @@ ucl_maybe_parse_number (ucl_object_t *obj,
 	const char *p = start, *c = start;
 	char *endptr;
 	bool got_dot = false, got_exp = false, need_double = false,
-			is_time = false, valid_start = false, is_hex = false,
-			is_neg = false;
+			is_time = false, valid_start = false, is_hex = false;
+	int is_neg = 0;
 	double dv = 0;
 	int64_t lv = 0;
 
 	if (*p == '-') {
-		is_neg = true;
+		is_neg = 1;
 		c ++;
 		p ++;
 	}
@@ -744,6 +769,7 @@ ucl_maybe_parse_number (ucl_object_t *obj,
 			is_hex = true;
 			allow_double = false;
 			c = p + 1;
+			p ++;
 		}
 		else if (allow_double) {
 			if (p == c) {
@@ -792,26 +818,46 @@ ucl_maybe_parse_number (ucl_object_t *obj,
 				break;
 			}
 		}
+		else if (!allow_double && *p == '.') {
+			/* Unexpected dot */
+			*pos = start;
+			return EINVAL;
+		}
 		else {
 			break;
 		}
 	}
 
-	if (!valid_start) {
+	if (!valid_start || p == c) {
 		*pos = start;
 		return EINVAL;
 	}
 
+	char numbuf[128];
+
+	if ((size_t)(p - c + 1) >= sizeof(numbuf)) {
+		*pos = start;
+		return EINVAL;
+	}
+
+	if (is_neg) {
+		numbuf[0] = '-';
+		ucl_strlcpy (&numbuf[1], c, p - c + 1);
+	}
+	else {
+		ucl_strlcpy (numbuf, c, p - c + 1);
+	}
+
 	errno = 0;
 	if (need_double) {
-		dv = strtod (c, &endptr);
+		dv = strtod (numbuf, &endptr);
 	}
 	else {
 		if (is_hex) {
-			lv = strtoimax (c, &endptr, 16);
+			lv = strtoimax (numbuf, &endptr, 16);
 		}
 		else {
-			lv = strtoimax (c, &endptr, 10);
+			lv = strtoimax (numbuf, &endptr, 10);
 		}
 	}
 	if (errno == ERANGE) {
@@ -819,7 +865,15 @@ ucl_maybe_parse_number (ucl_object_t *obj,
 		return ERANGE;
 	}
 
-	/* Now check endptr */
+	/* Now check endptr and move it from numbuf to the real ending */
+	if (endptr != NULL) {
+		long shift = endptr - numbuf - is_neg;
+		endptr = (char *)c + shift;
+	}
+	if (endptr >= end) {
+		p = end;
+		goto set_obj;
+	}
 	if (endptr == NULL || ucl_lex_is_atom_end (*endptr) || *endptr == '\0') {
 		p = endptr;
 		goto set_obj;
@@ -849,6 +903,10 @@ ucl_maybe_parse_number (ucl_object_t *obj,
 						dv *= ucl_lex_num_multiplier (*p, false);
 					}
 					p += 2;
+					if (end - p > 0 && !ucl_lex_is_atom_end (*p)) {
+						*pos = start;
+						return EINVAL;
+					}
 					goto set_obj;
 				}
 				else if (number_bytes || (p[1] == 'b' || p[1] == 'B')) {
@@ -859,6 +917,10 @@ ucl_maybe_parse_number (ucl_object_t *obj,
 					}
 					lv *= ucl_lex_num_multiplier (*p, true);
 					p += 2;
+					if (end - p > 0 && !ucl_lex_is_atom_end (*p)) {
+						*pos = start;
+						return EINVAL;
+					}
 					goto set_obj;
 				}
 				else if (ucl_lex_is_atom_end (p[1])) {
@@ -883,6 +945,10 @@ ucl_maybe_parse_number (ucl_object_t *obj,
 						is_time = true;
 						dv *= 60.;
 						p += 3;
+						if (end - p > 0 && !ucl_lex_is_atom_end (*p)) {
+							*pos = start;
+							return EINVAL;
+						}
 						goto set_obj;
 					}
 				}
@@ -895,6 +961,10 @@ ucl_maybe_parse_number (ucl_object_t *obj,
 					lv *= ucl_lex_num_multiplier (*p, number_bytes);
 				}
 				p ++;
+				if (end - p > 0 && !ucl_lex_is_atom_end (*p)) {
+					*pos = start;
+					return EINVAL;
+				}
 				goto set_obj;
 			}
 			break;
@@ -943,7 +1013,7 @@ ucl_maybe_parse_number (ucl_object_t *obj,
 	}
 	else if (endptr == end) {
 		/* Just a number at the end of chunk */
-		p = endptr;
+		p = end;
 		goto set_obj;
 	}
 
@@ -959,11 +1029,11 @@ set_obj:
 			else {
 				obj->type = UCL_TIME;
 			}
-			obj->value.dv = is_neg ? (-dv) : dv;
+			obj->value.dv = dv;
 		}
 		else {
 			obj->type = UCL_INT;
-			obj->value.iv = is_neg ? (-lv) : lv;
+			obj->value.iv = lv;
 		}
 	}
 	*pos = p;
@@ -1037,13 +1107,13 @@ ucl_lex_json_string (struct ucl_parser *parser,
 		}
 		else if (c == '\\') {
 			ucl_chunk_skipc (chunk, p);
-			c = *p;
 			if (p >= chunk->end) {
 				ucl_set_err (parser, UCL_ESYNTAX, "unfinished escape character",
 						&parser->err);
 				return false;
 			}
-			else if (ucl_test_character (c, UCL_CHARACTER_ESCAPE)) {
+			c = *p;
+			if (ucl_test_character (c, UCL_CHARACTER_ESCAPE)) {
 				if (c == 'u') {
 					ucl_chunk_skipc (chunk, p);
 					for (i = 0; i < 4 && p < chunk->end; i ++) {
@@ -1289,24 +1359,20 @@ ucl_parser_process_object_element (struct ucl_parser *parser, ucl_object_t *nobj
  */
 static bool
 ucl_parse_key (struct ucl_parser *parser, struct ucl_chunk *chunk,
-		bool *next_key, bool *end_of_object)
+		bool *next_key, bool *end_of_object, bool *got_content)
 {
 	const unsigned char *p, *c = NULL, *end, *t;
 	const char *key = NULL;
 	bool got_quote = false, got_eq = false, got_semicolon = false,
 			need_unescape = false, ucl_escape = false, var_expand = false,
-			got_content = false, got_sep = false;
+			got_sep = false;
 	ucl_object_t *nobj;
 	ssize_t keylen;
 
 	p = chunk->pos;
 
-	if (*p == '.') {
-		/* It is macro actually */
-		if (!(parser->flags & UCL_PARSER_DISABLE_MACRO)) {
-			ucl_chunk_skipc (chunk, p);
-		}
-
+	if (*p == '.' && !(parser->flags & UCL_PARSER_DISABLE_MACRO)) {
+		ucl_chunk_skipc (chunk, p);
 		parser->prev_state = parser->state;
 		parser->state = UCL_STATE_MACRO_NAME;
 		*end_of_object = false;
@@ -1330,13 +1396,13 @@ ucl_parse_key (struct ucl_parser *parser, struct ucl_chunk *chunk,
 				/* The first symbol */
 				c = p;
 				ucl_chunk_skipc (chunk, p);
-				got_content = true;
+				*got_content = true;
 			}
 			else if (*p == '"') {
 				/* JSON style key */
 				c = p + 1;
 				got_quote = true;
-				got_content = true;
+				*got_content = true;
 				ucl_chunk_skipc (chunk, p);
 			}
 			else if (*p == '}') {
@@ -1344,7 +1410,7 @@ ucl_parse_key (struct ucl_parser *parser, struct ucl_chunk *chunk,
 				*end_of_object = true;
 				return true;
 			}
-			else if (*p == '.') {
+			else if (*p == '.' && !(parser->flags & UCL_PARSER_DISABLE_MACRO)) {
 				ucl_chunk_skipc (chunk, p);
 				parser->prev_state = parser->state;
 				parser->state = UCL_STATE_MACRO_NAME;
@@ -1361,7 +1427,7 @@ ucl_parse_key (struct ucl_parser *parser, struct ucl_chunk *chunk,
 			/* Parse the body of a key */
 			if (!got_quote) {
 				if (ucl_test_character (*p, UCL_CHARACTER_KEY)) {
-					got_content = true;
+					*got_content = true;
 					ucl_chunk_skipc (chunk, p);
 				}
 				else if (ucl_test_character (*p, UCL_CHARACTER_KEY_SEP)) {
@@ -1387,11 +1453,11 @@ ucl_parse_key (struct ucl_parser *parser, struct ucl_chunk *chunk,
 		}
 	}
 
-	if (p >= chunk->end && got_content) {
+	if (p >= chunk->end && *got_content) {
 		ucl_set_err (parser, UCL_ESYNTAX, "unfinished key", &parser->err);
 		return false;
 	}
-	else if (!got_content) {
+	else if (!*got_content) {
 		return true;
 	}
 	*end_of_object = false;
@@ -1752,6 +1818,9 @@ ucl_parse_value (struct ucl_parser *parser, struct ucl_chunk *chunk)
 		case '{':
 			obj = ucl_parser_get_container (parser);
 			if (obj == NULL) {
+				parser->state = UCL_STATE_ERROR;
+				ucl_set_err(parser, UCL_ESYNTAX, "object value must be a part of an object",
+					&parser->err);
 				return false;
 			}
 			/* We have a new object */
@@ -1773,6 +1842,9 @@ ucl_parse_value (struct ucl_parser *parser, struct ucl_chunk *chunk)
 		case '[':
 			obj = ucl_parser_get_container (parser);
 			if (obj == NULL) {
+				parser->state = UCL_STATE_ERROR;
+				ucl_set_err(parser, UCL_ESYNTAX, "array value must be a part of an object",
+					&parser->err);
 				return false;
 			}
 			/* We have a new array */
@@ -1804,6 +1876,12 @@ ucl_parse_value (struct ucl_parser *parser, struct ucl_chunk *chunk)
 			break;
 		case '<':
 			obj = ucl_parser_get_container (parser);
+			if (obj == NULL) {
+				parser->state = UCL_STATE_ERROR;
+				ucl_set_err(parser, UCL_ESYNTAX, "multiline value must be a part of an object",
+						&parser->err);
+				return false;
+			}
 			/* We have something like multiline value, which must be <<[A-Z]+\n */
 			if (chunk->end - p > 3) {
 				if (memcmp (p, "<<", 2) == 0) {
@@ -1812,6 +1890,11 @@ ucl_parse_value (struct ucl_parser *parser, struct ucl_chunk *chunk)
 					while (p < chunk->end && *p >= 'A' && *p <= 'Z') {
 						p ++;
 					}
+					if(p == chunk->end) {
+						ucl_set_err (parser, UCL_ESYNTAX,
+								"unterminated multiline value", &parser->err);
+						return false;
+					}
 					if (*p =='\n') {
 						/* Set chunk positions and start multiline parsing */
 						chunk->remain -= p - c + 1;
@@ -1850,6 +1933,13 @@ parse_string:
 				obj = ucl_parser_get_container (parser);
 			}
 
+			if (obj == NULL) {
+				parser->state = UCL_STATE_ERROR;
+				ucl_set_err(parser, UCL_ESYNTAX, "value must be a part of an object",
+					&parser->err);
+				return false;
+			}
+
 			/* Parse atom */
 			if (ucl_test_character (*p, UCL_CHARACTER_VALUE_DIGIT_START)) {
 				if (!ucl_lex_number (parser, chunk, obj)) {
@@ -2339,7 +2429,7 @@ ucl_state_machine (struct ucl_parser *parser)
 	unsigned char *macro_escaped;
 	size_t macro_len = 0;
 	struct ucl_macro *macro = NULL;
-	bool next_key = false, end_of_object = false, ret;
+	bool next_key = false, end_of_object = false, got_content = false, ret;
 
 	if (parser->top_obj == NULL) {
 		parser->state = UCL_STATE_INIT;
@@ -2428,7 +2518,10 @@ ucl_state_machine (struct ucl_parser *parser)
 				parser->state = UCL_STATE_ERROR;
 				return false;
 			}
-			if (!ucl_parse_key (parser, chunk, &next_key, &end_of_object)) {
+
+			got_content = false;
+
+			if (!ucl_parse_key (parser, chunk, &next_key, &end_of_object, &got_content)) {
 				parser->prev_state = parser->state;
 				parser->state = UCL_STATE_ERROR;
 				return false;
@@ -2451,7 +2544,8 @@ ucl_state_machine (struct ucl_parser *parser)
 						return false;
 					}
 				}
-				else {
+				else if (got_content) {
+					/* Do not switch state if we have not read any content */
 					parser->state = UCL_STATE_VALUE;
 				}
 			}
@@ -2617,6 +2711,9 @@ ucl_state_machine (struct ucl_parser *parser)
 				return false;
 			}
 			break;
+		case UCL_STATE_ERROR:
+			/* Already in the error state */
+			return false;
 		default:
 			ucl_set_err (parser, UCL_EINTERNAL,
 					"internal error: parser is in an unknown state", &parser->err);
@@ -2889,7 +2986,9 @@ ucl_parser_add_chunk_full (struct ucl_parser *parser, const unsigned char *data,
 
 				if (!special_handler->handler (parser, data, len, &ndata, &nlen,
 						special_handler->user_data)) {
+					UCL_FREE(sizeof (struct ucl_chunk), chunk);
 					ucl_create_err (&parser->err, "call for external handler failed");
+
 					return false;
 				}
 
@@ -2909,7 +3008,7 @@ ucl_parser_add_chunk_full (struct ucl_parser *parser, const unsigned char *data,
 
 		if (parse_type == UCL_PARSE_AUTO && len > 0) {
 			/* We need to detect parse type by the first symbol */
-			if ((*data & 0x80) == 0x80 && (*data >= 0xdc && *data <= 0xdf)) {
+			if ((*data & 0x80) == 0x80) {
 				parse_type = UCL_PARSE_MSGPACK;
 			}
 			else if (*data == '(') {
diff --git a/contrib/libucl/src/ucl_schema.c b/contrib/libucl/src/ucl_schema.c
index 68f01187e375..f4ec0ed3284a 100644
--- a/contrib/libucl/src/ucl_schema.c
+++ b/contrib/libucl/src/ucl_schema.c
@@ -39,6 +39,7 @@
 #ifdef HAVE_MATH_H
 #include <math.h>
 #endif
+#include <inttypes.h>
 
 static bool ucl_schema_validate (const ucl_object_t *schema,
 		const ucl_object_t *obj, bool try_array,
diff --git a/contrib/libucl/src/ucl_util.c b/contrib/libucl/src/ucl_util.c
index b00a34787e5a..8f97c20db503 100644
--- a/contrib/libucl/src/ucl_util.c
+++ b/contrib/libucl/src/ucl_util.c
@@ -67,7 +67,7 @@ typedef kvec_t(ucl_object_t *) ucl_array_t;
 #include <fetch.h>
 #endif
 
-#if defined(_MSC_VER)
+#if defined(_WIN32)
 #include <windows.h>
 #include <io.h>
 #include <direct.h>
@@ -889,44 +889,49 @@ ucl_fetch_file (const unsigned char *filename, unsigned char **buf, size_t *bufl
 {
 	int fd;
 	struct stat st;
+	if ((fd = open (filename, O_RDONLY)) == -1) {
+		ucl_create_err (err, "cannot open file %s: %s",
+				filename, strerror (errno));
+		return false;
+	}
 
-	if (stat (filename, &st) == -1) {
+	if (fstat (fd, &st) == -1) {
 		if (must_exist || errno == EPERM) {
 			ucl_create_err (err, "cannot stat file %s: %s",
 					filename, strerror (errno));
 		}
+		close (fd);
+
 		return false;
 	}
 	if (!S_ISREG (st.st_mode)) {
 		if (must_exist) {
 			ucl_create_err (err, "file %s is not a regular file", filename);
 		}
+		close (fd);
 
 		return false;
 	}
+
 	if (st.st_size == 0) {
 		/* Do not map empty files */
 		*buf = NULL;
 		*buflen = 0;
 	}
 	else {
-		if ((fd = open (filename, O_RDONLY)) == -1) {
-			ucl_create_err (err, "cannot open file %s: %s",
-					filename, strerror (errno));
-			return false;
-		}
-		if ((*buf = ucl_mmap (NULL, st.st_size, PROT_READ, MAP_SHARED, fd, 0)) == MAP_FAILED) {
-			close (fd);
-			ucl_create_err (err, "cannot mmap file %s: %s",
-					filename, strerror (errno));
+		if ((*buf = ucl_mmap(NULL, st.st_size, PROT_READ, MAP_SHARED, fd, 0)) == MAP_FAILED) {
+			close(fd);
+			ucl_create_err(err, "cannot mmap file %s: %s",
+					filename, strerror(errno));
 			*buf = NULL;
 
 			return false;
 		}
 		*buflen = st.st_size;
-		close (fd);
 	}
 
+	close (fd);
+
 	return true;
 }
 
@@ -1017,6 +1022,9 @@ ucl_include_url (const unsigned char *data, size_t len,
 	snprintf (urlbuf, sizeof (urlbuf), "%.*s", (int)len, data);
 
 	if (!ucl_fetch_url (urlbuf, &buf, &buflen, &parser->err, params->must_exist)) {
+		if (!params->must_exist) {
+			ucl_parser_clear_error (parser);
+		}
 		return !params->must_exist;
 	}
 
@@ -1092,6 +1100,11 @@ ucl_include_file_single (const unsigned char *data, size_t len,
 	ucl_hash_t *container = NULL;
 	struct ucl_stack *st = NULL;
 
+	if (parser->state == UCL_STATE_ERROR) {
+		/* Return immediately if we are in the error state... */
+		return false;
+	}
+
 	snprintf (filebuf, sizeof (filebuf), "%.*s", (int)len, data);
 	if (ucl_realpath (filebuf, realbuf) == NULL) {
 		if (params->soft_fail) {
@@ -1128,6 +1141,8 @@ ucl_include_file_single (const unsigned char *data, size_t len,
 			return false;
 		}
 
+		ucl_parser_clear_error (parser);
+
 		return true;
 	}
 
@@ -1138,6 +1153,10 @@ ucl_include_file_single (const unsigned char *data, size_t len,
 		/* We need to check signature first */
 		snprintf (filebuf, sizeof (filebuf), "%s.sig", realbuf);
 		if (!ucl_fetch_file (filebuf, &sigbuf, &siglen, &parser->err, true)) {
+			if (buf) {
+				ucl_munmap (buf, buflen);
+			}
+
 			return false;
 		}
 		if (!ucl_sig_check (buf, buflen, sigbuf, siglen, parser)) {
@@ -1147,8 +1166,13 @@ ucl_include_file_single (const unsigned char *data, size_t len,
 			if (sigbuf) {
 				ucl_munmap (sigbuf, siglen);
 			}
+			if (buf) {
+				ucl_munmap (buf, buflen);
+			}
+
 			return false;
 		}
+
 		if (sigbuf) {
 			ucl_munmap (sigbuf, siglen);
 		}
@@ -1257,6 +1281,8 @@ ucl_include_file_single (const unsigned char *data, size_t len,
 							ucl_munmap (buf, buflen);
 						}
 
+						ucl_object_unref (new_obj);
+
 						return false;
 					}
 					nest_obj->prev = nest_obj;
@@ -1576,11 +1602,6 @@ ucl_include_common (const unsigned char *data, size_t len,
 			else if (param->type == UCL_INT) {
 				if (strncmp (param->key, "priority", param->keylen) == 0) {
 					params.priority = ucl_object_toint (param);
-					if (params.priority > UCL_PRIORITY_MAX) {
-						ucl_create_err (&parser->err, "Invalid priority value in macro: %d",
-							params.priority);
-						return false;
-					}
 				}
 			}
 		}
@@ -1719,9 +1740,8 @@ ucl_priority_handler (const unsigned char *data, size_t len,
 	if (len > 0) {
 		value = malloc(len + 1);
 		ucl_strlcpy(value, (const char *)data, len + 1);
-		errno = 0;
-		priority = strtoul(value, &leftover, 10);
-		if (errno != 0 || *leftover != '\0' || priority > UCL_PRIORITY_MAX) {
+		priority = strtol(value, &leftover, 10);
+		if (*leftover != '\0') {
 			ucl_create_err (&parser->err, "Invalid priority value in macro: %s",
 				value);
 			free(value);
@@ -1842,6 +1862,10 @@ ucl_load_handler (const unsigned char *data, size_t len,
 				!try_load)) {
 			free (load_file);
 
+			if (try_load) {
+				ucl_parser_clear_error (parser);
+			}
+
 			return (try_load || false);
 		}
 
@@ -1919,7 +1943,7 @@ ucl_inherit_handler (const unsigned char *data, size_t len,
 
 	/* Some sanity checks */
 	if (parent == NULL || ucl_object_type (parent) != UCL_OBJECT) {
-		ucl_create_err (&parser->err, "Unable to find inherited object %*.s",
+		ucl_create_err (&parser->err, "Unable to find inherited object %.*s",
 				(int)len, data);
 		return false;
 	}
@@ -2177,7 +2201,7 @@ ucl_strnstr (const char *s, const char *find, int len)
 		mlen = strlen (find);
 		do {
 			do {
-				if ((sc = *s++) == 0 || len-- == 0)
+				if ((sc = *s++) == 0 || len-- < mlen)
 					return (NULL);
 			} while (sc != c);
 		} while (strncmp (s, find, mlen) != 0);
@@ -2596,6 +2620,7 @@ ucl_object_merge (ucl_object_t *top, ucl_object_t *elt, bool copy)
 						if (!ucl_object_merge (found, cp, copy)) {
 							return false;
 						}
+						ucl_object_unref (cp);
 					}
 					else {
 						ucl_hash_replace (top->value.ov, found, cp);
@@ -2627,6 +2652,7 @@ ucl_object_merge (ucl_object_t *top, ucl_object_t *elt, bool copy)
 					if (!ucl_object_merge (found, cp, copy)) {
 						return false;
 					}
+					ucl_object_unref (cp);
 				}
 				else {
 					ucl_hash_replace (top->value.ov, found, cp);
@@ -3068,13 +3094,13 @@ ucl_object_type (const ucl_object_t *obj)
 ucl_object_t*
 ucl_object_fromstring (const char *str)
 {
-	return ucl_object_fromstring_common (str, 0, UCL_STRING_ESCAPE);
+	return ucl_object_fromstring_common (str, 0, UCL_STRING_RAW);
 }
 
 ucl_object_t *
 ucl_object_fromlstring (const char *str, size_t len)
 {
-	return ucl_object_fromstring_common (str, len, UCL_STRING_ESCAPE);
+	return ucl_object_fromstring_common (str, len, UCL_STRING_RAW);
 }
 
 ucl_object_t *
@@ -3594,9 +3620,11 @@ ucl_object_copy_internal (const ucl_object_t *other, bool allow_array)
 
 		/* deep copy of values stored */
 		if (other->trash_stack[UCL_TRASH_KEY] != NULL) {
-			new->trash_stack[UCL_TRASH_KEY] =
-					strdup (other->trash_stack[UCL_TRASH_KEY]);
+			new->trash_stack[UCL_TRASH_KEY] = NULL;
 			if (other->key == (const char *)other->trash_stack[UCL_TRASH_KEY]) {
+				new->trash_stack[UCL_TRASH_KEY] = malloc(other->keylen + 1);
+				memcpy(new->trash_stack[UCL_TRASH_KEY], other->trash_stack[UCL_TRASH_KEY], other->keylen);
+				new->trash_stack[UCL_TRASH_KEY][other->keylen] = '\0';
 				new->key = new->trash_stack[UCL_TRASH_KEY];
 			}
 		}
@@ -3666,13 +3694,6 @@ ucl_object_compare (const ucl_object_t *o1, const ucl_object_t *o2)
 	ucl_object_iter_t iter = NULL;
 	int ret = 0;
 
-    // Must check for NULL or code will segfault
-    if ((o1 == NULL) || (o2 == NULL))
-    {
-        // The only way this could be true is of both are NULL
-        return (o1 == NULL) && (o2 == NULL);
-    }
-    
 	if (o1->type != o2->type) {
 		return (o1->type) - (o2->type);
 	}
diff --git a/contrib/libucl/stamp-h.in b/contrib/libucl/stamp-h.in
deleted file mode 100644
index 9788f70238c9..000000000000
--- a/contrib/libucl/stamp-h.in
+++ /dev/null
@@ -1 +0,0 @@
-timestamp
diff --git a/contrib/libucl/tests/.gitignore b/contrib/libucl/tests/.gitignore
new file mode 100644
index 000000000000..464482434f22
--- /dev/null
+++ b/contrib/libucl/tests/.gitignore
@@ -0,0 +1,10 @@
+*.log
+*.trs
+*.plist
+
+test_basic
+test_generate
+test_msgpack
+test_schema
+test_speed
+test_streamline
diff --git a/contrib/libucl/tests/Makefile.am b/contrib/libucl/tests/Makefile.am
deleted file mode 100644
index 055eb8bd85b0..000000000000
--- a/contrib/libucl/tests/Makefile.am
+++ /dev/null
@@ -1,45 +0,0 @@
-EXTRA_DIST = $(TESTS) basic schema generate.res \
-	streamline.res rcl_test.json.xz
-
-TESTS = basic.test \
-		generate.test \
-		schema.test \
-		msgpack.test \
-		speed.test \
-		msgpack.test
-TESTS_ENVIRONMENT = $(SH) \
-			TEST_DIR=$(top_srcdir)/tests \
-			TEST_OUT_DIR=$(top_builddir)/tests \
-			TEST_BINARY_DIR=$(top_builddir)/tests
-
-common_test_cflags = -I$(top_srcdir)/include \
-					-I$(top_srcdir)/src \
-					-I$(top_srcdir)/uthash
-common_test_ldadd = $(top_builddir)/src/libucl.la
-
-test_basic_SOURCES = test_basic.c
-test_basic_LDADD = $(common_test_ldadd)
-test_basic_CFLAGS = $(common_test_cflags)
-
-test_speed_SOURCES = test_speed.c
-test_speed_LDADD = $(common_test_ldadd)
-test_speed_CFLAGS = $(common_test_cflags)
-
-test_generate_SOURCES = test_generate.c
-test_generate_LDADD = $(common_test_ldadd)
-test_generate_CFLAGS = $(common_test_cflags)
-
-test_schema_SOURCES = test_schema.c
-test_schema_LDADD = $(common_test_ldadd)
-test_schema_CFLAGS = $(common_test_cflags)
-
-test_streamline_SOURCES = test_streamline.c
-test_streamline_LDADD = $(common_test_ldadd)
-test_streamline_CFLAGS = $(common_test_cflags)
-
-test_msgpack_SOURCES = test_msgpack.c
-test_msgpack_LDADD = $(common_test_ldadd)
-test_msgpack_CFLAGS = $(common_test_cflags)
-
-check_PROGRAMS = test_basic test_speed test_generate test_schema test_streamline \
-	test_msgpack
\ No newline at end of file
diff --git a/contrib/libucl/tests/schema/definitions.json b/contrib/libucl/tests/schema/definitions.json
deleted file mode 100644
index 1ab9b2163c44..000000000000
--- a/contrib/libucl/tests/schema/definitions.json
+++ /dev/null
@@ -1,32 +0,0 @@
-[
-    {
-        "description": "valid definition",
-        "schema": {"$ref": "http://highsecure.ru/ucl-schema/schema#"},
-        "tests": [
-            {
-                "description": "valid definition schema",
-                "data": {
-                    "definitions": {
-                        "foo": {"type": "integer"}
-                    }
-                },
-                "valid": true
-            }
-        ]
-    },
-    {
-        "description": "invalid definition",
-        "schema": {"$ref": "http://highsecure.ru/ucl-schema/schema#"},
-        "tests": [
-            {
-                "description": "invalid definition schema",
-                "data": {
-                    "definitions": {
-                        "foo": {"type": 1}
-                    }
-                },
-                "valid": false
-            }
-        ]
-    }
-]
diff --git a/contrib/libucl/tests/schema/ref.json b/contrib/libucl/tests/schema/ref.json
index 1767769cd845..d8214bc2b30c 100644
--- a/contrib/libucl/tests/schema/ref.json
+++ b/contrib/libucl/tests/schema/ref.json
@@ -124,21 +124,5 @@
                 "valid": false
             }
         ]
-    },
-    {
-        "description": "remote ref, containing refs itself",
-        "schema": {"$ref": "http://highsecure.ru/ucl-schema/schema#"},
-        "tests": [
-            {
-                "description": "remote ref valid",
-                "data": {"minLength": 1},
-                "valid": true
-            },
-            {
-                "description": "remote ref invalid",
-                "data": {"minLength": -1},
-                "valid": false
-            }
-        ]
     }
 ]
diff --git a/contrib/libucl/tests/schema/refRemote.json b/contrib/libucl/tests/schema/refRemote.json
deleted file mode 100644
index 067c666b0ec8..000000000000
--- a/contrib/libucl/tests/schema/refRemote.json
+++ /dev/null
@@ -1,76 +0,0 @@
-[
-    {
-        "description": "remote ref",
-        "schema": {"$ref": "http://highsecure.ru/ucl-schema/remotes/integer.json"},
-        "tests": [
-            {
-                "description": "remote ref valid",
-                "data": 1,
-                "valid": true
-            },
-            {
-                "description": "remote ref invalid",
-                "data": "a",
-                "valid": false
-            }
-        ]
-    },
-    {
-        "description": "fragment within remote ref",
-        "schema": {"$ref": "http://highsecure.ru/ucl-schema/remotes/subSchemas.json#/integer"},
-        "tests": [
-            {
-                "description": "remote fragment valid",
-                "data": 1,
-                "valid": true
-            },
-            {
-                "description": "remote fragment invalid",
-                "data": "a",
-                "valid": false
-            }
-        ]
-    },
-    {
-        "description": "ref within remote ref",
-        "schema": {
-            "$ref": "http://highsecure.ru/ucl-schema/remotes/subSchemas.json#/refToInteger"
-        },
-        "tests": [
-            {
-                "description": "ref within ref valid",
-                "data": 1,
-                "valid": true
-            },
-            {
-                "description": "ref within ref invalid",
-                "data": "a",
-                "valid": false
-            }
-        ]
-    }
-/*
-    {
-        "description": "change resolution scope",
-        "schema": {
-            "id": "http://highsecure.ru/ucl-schema/remotes/",
-            "items": {
-                "id": "folder/",
-                "items": {"$ref": "folderInteger.json"}
-            }
-        },
-        "tests": [
-            {
-                "description": "changed scope ref valid",
-                "data": [[1]],
-                "valid": true
-            },
-            {
-                "description": "changed scope ref invalid",
-                "data": [["a"]],
-                "valid": false
-            }
-        ]
-    }
-*/
-]
diff --git a/contrib/libucl/tests/test_speed.c b/contrib/libucl/tests/test_speed.c
index 56f2e5abc6c7..51476c94940b 100644
--- a/contrib/libucl/tests/test_speed.c
+++ b/contrib/libucl/tests/test_speed.c
@@ -44,7 +44,7 @@ get_ticks (void)
 {
 	double res;
 
-#ifdef __APPLE__
+#if defined(__APPLE__) && defined(HAVE_MACH_MACH_TIME_H)
 	res = mach_absolute_time () / 1000000000.;
 #else
 	struct timespec ts;
diff --git a/contrib/libucl/tests/test_streamline.c b/contrib/libucl/tests/test_streamline.c
index 4c56c4cdcffd..37fe14f9fb97 100644
--- a/contrib/libucl/tests/test_streamline.c
+++ b/contrib/libucl/tests/test_streamline.c
@@ -26,6 +26,10 @@
 #include <assert.h>
 #include "ucl.h"
 
+#include <sys/types.h>
+#include <fcntl.h>
+#include <unistd.h>
+
 int
 main (int argc, char **argv)
 {
@@ -34,7 +38,28 @@ main (int argc, char **argv)
 	const char *fname_out = NULL;
 	struct ucl_emitter_context *ctx;
 	struct ucl_emitter_functions *f;
-	int ret = 0;
+	int ret = 0, opt, json = 0, compact = 0, yaml = 0;
+
+	while ((opt = getopt(argc, argv, "jcy")) != -1) {
+		switch (opt) {
+		case 'j':
+			json = 1;
+			break;
+		case 'c':
+			compact = 1;
+			break;
+		case 'y':
+			yaml = 1;
+			break;
+		default: /* '?' */
+			fprintf (stderr, "Usage: %s [-jcy] [out]\n",
+				argv[0]);
+			exit (EXIT_FAILURE);
+		}
+	}
+
+	argc -= optind;
+	argv += optind;
 
 	switch (argc) {
 	case 2:
@@ -63,7 +88,21 @@ main (int argc, char **argv)
 	ucl_object_insert_key (obj, cur, "key3", 0, false);
 
 	f = ucl_object_emit_file_funcs (out);
-	ctx = ucl_object_emit_streamline_new (obj, UCL_EMIT_CONFIG, f);
+
+	if (yaml) {
+		ctx = ucl_object_emit_streamline_new (obj, UCL_EMIT_YAML, f);
+	}
+	else if (json) {
+		if (compact) {
+			ctx = ucl_object_emit_streamline_new (obj, UCL_EMIT_JSON_COMPACT, f);
+		}
+		else {
+			ctx = ucl_object_emit_streamline_new (obj, UCL_EMIT_JSON, f);
+		}
+	}
+	else {
+		ctx = ucl_object_emit_streamline_new (obj, UCL_EMIT_CONFIG, f);
+	}
 
 	assert (ctx != NULL);
 
diff --git a/contrib/libucl/uthash/utlist.h b/contrib/libucl/uthash/utlist.h
index c82dd916e2ed..7cda1ca0ecac 100644
--- a/contrib/libucl/uthash/utlist.h
+++ b/contrib/libucl/uthash/utlist.h
@@ -1,5 +1,5 @@
 /*
-Copyright (c) 2007-2013, Troy D. Hanson   http://troydhanson.github.com/uthash/
+Copyright (c) 2007-2022, Troy D. Hanson  https://troydhanson.github.io/uthash/
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
@@ -24,11 +24,11 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #ifndef UTLIST_H
 #define UTLIST_H
 
-#define UTLIST_VERSION 1.9.8
+#define UTLIST_VERSION 2.3.0
 
 #include <assert.h>
 
-/* 
+/*
  * This file contains macros to manipulate singly and doubly-linked lists.
  *
  * 1. LL_ macros:  singly-linked lists.
@@ -38,7 +38,7 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  * To use singly-linked lists, your structure must have a "next" pointer.
  * To use doubly-linked lists, your structure must "prev" and "next" pointers.
  * Either way, the pointer to the head of the list must be initialized to NULL.
- * 
+ *
  * ----------------.EXAMPLE -------------------------
  * struct item {
  *      int id;
@@ -61,41 +61,46 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 /* These macros use decltype or the earlier __typeof GNU extension.
    As decltype is only available in newer compilers (VS2010 or gcc 4.3+
-   when compiling c++ code), this code uses whatever method is needed
+   when compiling c++ source) this code uses whatever method is needed
    or, for VS2008 where neither is available, uses casting workarounds. */
-#ifdef _MSC_VER            /* MS compiler */
+#if !defined(LDECLTYPE) && !defined(NO_DECLTYPE)
+#if defined(_MSC_VER)   /* MS compiler */
 #if _MSC_VER >= 1600 && defined(__cplusplus)  /* VS2010 or newer in C++ mode */
 #define LDECLTYPE(x) decltype(x)
-#else                     /* VS2008 or older (or VS2010 in C mode) */
+#else                   /* VS2008 or older (or VS2010 in C mode) */
 #define NO_DECLTYPE
-#define LDECLTYPE(x) char*
 #endif
-#elif defined(__ICCARM__)
+#elif defined(__MCST__)  /* Elbrus C Compiler */
+#define LDECLTYPE(x) __typeof(x)
+#elif defined(__BORLANDC__) || defined(__ICCARM__) || defined(__LCC__) || defined(__WATCOMC__)
 #define NO_DECLTYPE
-#define LDECLTYPE(x) char*
-#else                      /* GNU, Sun and other compilers */
+#else                   /* GNU, Sun and other compilers */
 #define LDECLTYPE(x) __typeof(x)
 #endif
+#endif
 
 /* for VS2008 we use some workarounds to get around the lack of decltype,
  * namely, we always reassign our tmp variable to the list head if we need
  * to dereference its prev/next pointers, and save/restore the real head.*/
 #ifdef NO_DECLTYPE
-#define _SV(elt,list) _tmp = (char*)(list); {char **_alias = (char**)&(list); *_alias = (elt); }
-#define _NEXT(elt,list,next) ((char*)((list)->next))
-#define _NEXTASGN(elt,list,to,next) { char **_alias = (char**)&((list)->next); *_alias=(char*)(to); }
-/* #define _PREV(elt,list,prev) ((char*)((list)->prev)) */
-#define _PREVASGN(elt,list,to,prev) { char **_alias = (char**)&((list)->prev); *_alias=(char*)(to); }
-#define _RS(list) { char **_alias = (char**)&(list); *_alias=_tmp; }
-#define _CASTASGN(a,b) { char **_alias = (char**)&(a); *_alias=(char*)(b); }
-#else 
-#define _SV(elt,list)
-#define _NEXT(elt,list,next) ((elt)->next)
-#define _NEXTASGN(elt,list,to,next) ((elt)->next)=(to)
-/* #define _PREV(elt,list,prev) ((elt)->prev) */
-#define _PREVASGN(elt,list,to,prev) ((elt)->prev)=(to)
-#define _RS(list)
-#define _CASTASGN(a,b) (a)=(b)
+#define IF_NO_DECLTYPE(x) x
+#define LDECLTYPE(x) char*
+#define UTLIST_SV(elt,list) _tmp = (char*)(list); {char **_alias = (char**)&(list); *_alias = (elt); }
+#define UTLIST_NEXT(elt,list,next) ((char*)((list)->next))
+#define UTLIST_NEXTASGN(elt,list,to,next) { char **_alias = (char**)&((list)->next); *_alias=(char*)(to); }
+/* #define UTLIST_PREV(elt,list,prev) ((char*)((list)->prev)) */
+#define UTLIST_PREVASGN(elt,list,to,prev) { char **_alias = (char**)&((list)->prev); *_alias=(char*)(to); }
+#define UTLIST_RS(list) { char **_alias = (char**)&(list); *_alias=_tmp; }
+#define UTLIST_CASTASGN(a,b) { char **_alias = (char**)&(a); *_alias=(char*)(b); }
+#else
+#define IF_NO_DECLTYPE(x)
+#define UTLIST_SV(elt,list)
+#define UTLIST_NEXT(elt,list,next) ((elt)->next)
+#define UTLIST_NEXTASGN(elt,list,to,next) ((elt)->next)=(to)
+/* #define UTLIST_PREV(elt,list,prev) ((elt)->prev) */
+#define UTLIST_PREVASGN(elt,list,to,prev) ((elt)->prev)=(to)
+#define UTLIST_RS(list)
+#define UTLIST_CASTASGN(a,b) (a)=(b)
 #endif
 
 /******************************************************************************
@@ -111,13 +116,14 @@ do {
   LDECLTYPE(list) _ls_q;                                                                       \
   LDECLTYPE(list) _ls_e;                                                                       \
   LDECLTYPE(list) _ls_tail;                                                                    \
+  IF_NO_DECLTYPE(LDECLTYPE(list) _tmp;)                                                        \
   int _ls_insize, _ls_nmerges, _ls_psize, _ls_qsize, _ls_i, _ls_looping;                       \
   if (list) {                                                                                  \
     _ls_insize = 1;                                                                            \
     _ls_looping = 1;                                                                           \
     while (_ls_looping) {                                                                      \
-      _CASTASGN(_ls_p,list);                                                                   \
-      list = NULL;                                                                             \
+      UTLIST_CASTASGN(_ls_p,list);                                                             \
+      (list) = NULL;                                                                           \
       _ls_tail = NULL;                                                                         \
       _ls_nmerges = 0;                                                                         \
       while (_ls_p) {                                                                          \
@@ -126,35 +132,35 @@ do {
         _ls_psize = 0;                                                                         \
         for (_ls_i = 0; _ls_i < _ls_insize; _ls_i++) {                                         \
           _ls_psize++;                                                                         \
-          _SV(_ls_q,list); _ls_q = _NEXT(_ls_q,list,next); _RS(list);                          \
+	  UTLIST_SV(_ls_q,list); _ls_q = UTLIST_NEXT(_ls_q,list,next); UTLIST_RS(list);        \
           if (!_ls_q) break;                                                                   \
         }                                                                                      \
         _ls_qsize = _ls_insize;                                                                \
         while (_ls_psize > 0 || (_ls_qsize > 0 && _ls_q)) {                                    \
           if (_ls_psize == 0) {                                                                \
-            _ls_e = _ls_q; _SV(_ls_q,list); _ls_q =                                            \
-              _NEXT(_ls_q,list,next); _RS(list); _ls_qsize--;                                  \
+	    _ls_e = _ls_q; UTLIST_SV(_ls_q,list); _ls_q =                                      \
+	      UTLIST_NEXT(_ls_q,list,next); UTLIST_RS(list); _ls_qsize--;                      \
           } else if (_ls_qsize == 0 || !_ls_q) {                                               \
-            _ls_e = _ls_p; _SV(_ls_p,list); _ls_p =                                            \
-              _NEXT(_ls_p,list,next); _RS(list); _ls_psize--;                                  \
+	    _ls_e = _ls_p; UTLIST_SV(_ls_p,list); _ls_p =                                      \
+	      UTLIST_NEXT(_ls_p,list,next); UTLIST_RS(list); _ls_psize--;                      \
           } else if (cmp(_ls_p,_ls_q) <= 0) {                                                  \
-            _ls_e = _ls_p; _SV(_ls_p,list); _ls_p =                                            \
-              _NEXT(_ls_p,list,next); _RS(list); _ls_psize--;                                  \
+	    _ls_e = _ls_p; UTLIST_SV(_ls_p,list); _ls_p =                                      \
+	      UTLIST_NEXT(_ls_p,list,next); UTLIST_RS(list); _ls_psize--;                      \
           } else {                                                                             \
-            _ls_e = _ls_q; _SV(_ls_q,list); _ls_q =                                            \
-              _NEXT(_ls_q,list,next); _RS(list); _ls_qsize--;                                  \
+	    _ls_e = _ls_q; UTLIST_SV(_ls_q,list); _ls_q =                                      \
+	      UTLIST_NEXT(_ls_q,list,next); UTLIST_RS(list); _ls_qsize--;                      \
           }                                                                                    \
           if (_ls_tail) {                                                                      \
-            _SV(_ls_tail,list); _NEXTASGN(_ls_tail,list,_ls_e,next); _RS(list);                \
+	    UTLIST_SV(_ls_tail,list); UTLIST_NEXTASGN(_ls_tail,list,_ls_e,next); UTLIST_RS(list); \
           } else {                                                                             \
-            _CASTASGN(list,_ls_e);                                                             \
+	    UTLIST_CASTASGN(list,_ls_e);                                                       \
           }                                                                                    \
           _ls_tail = _ls_e;                                                                    \
         }                                                                                      \
         _ls_p = _ls_q;                                                                         \
       }                                                                                        \
       if (_ls_tail) {                                                                          \
-        _SV(_ls_tail,list); _NEXTASGN(_ls_tail,list,NULL,next); _RS(list);                     \
+	UTLIST_SV(_ls_tail,list); UTLIST_NEXTASGN(_ls_tail,list,NULL,next); UTLIST_RS(list);   \
       }                                                                                        \
       if (_ls_nmerges <= 1) {                                                                  \
         _ls_looping=0;                                                                         \
@@ -174,13 +180,14 @@ do {
   LDECLTYPE(list) _ls_q;                                                                       \
   LDECLTYPE(list) _ls_e;                                                                       \
   LDECLTYPE(list) _ls_tail;                                                                    \
+  IF_NO_DECLTYPE(LDECLTYPE(list) _tmp;)                                                        \
   int _ls_insize, _ls_nmerges, _ls_psize, _ls_qsize, _ls_i, _ls_looping;                       \
   if (list) {                                                                                  \
     _ls_insize = 1;                                                                            \
     _ls_looping = 1;                                                                           \
     while (_ls_looping) {                                                                      \
-      _CASTASGN(_ls_p,list);                                                                   \
-      list = NULL;                                                                             \
+      UTLIST_CASTASGN(_ls_p,list);                                                             \
+      (list) = NULL;                                                                           \
       _ls_tail = NULL;                                                                         \
       _ls_nmerges = 0;                                                                         \
       while (_ls_p) {                                                                          \
@@ -189,36 +196,36 @@ do {
         _ls_psize = 0;                                                                         \
         for (_ls_i = 0; _ls_i < _ls_insize; _ls_i++) {                                         \
           _ls_psize++;                                                                         \
-          _SV(_ls_q,list); _ls_q = _NEXT(_ls_q,list,next); _RS(list);                          \
+	  UTLIST_SV(_ls_q,list); _ls_q = UTLIST_NEXT(_ls_q,list,next); UTLIST_RS(list);        \
           if (!_ls_q) break;                                                                   \
         }                                                                                      \
         _ls_qsize = _ls_insize;                                                                \
-        while (_ls_psize > 0 || (_ls_qsize > 0 && _ls_q)) {                                    \
+	while ((_ls_psize > 0) || ((_ls_qsize > 0) && _ls_q)) {                                \
           if (_ls_psize == 0) {                                                                \
-            _ls_e = _ls_q; _SV(_ls_q,list); _ls_q =                                            \
-              _NEXT(_ls_q,list,next); _RS(list); _ls_qsize--;                                  \
-          } else if (_ls_qsize == 0 || !_ls_q) {                                               \
-            _ls_e = _ls_p; _SV(_ls_p,list); _ls_p =                                            \
-              _NEXT(_ls_p,list,next); _RS(list); _ls_psize--;                                  \
+	    _ls_e = _ls_q; UTLIST_SV(_ls_q,list); _ls_q =                                      \
+	      UTLIST_NEXT(_ls_q,list,next); UTLIST_RS(list); _ls_qsize--;                      \
+	  } else if ((_ls_qsize == 0) || (!_ls_q)) {                                           \
+	    _ls_e = _ls_p; UTLIST_SV(_ls_p,list); _ls_p =                                      \
+	      UTLIST_NEXT(_ls_p,list,next); UTLIST_RS(list); _ls_psize--;                      \
           } else if (cmp(_ls_p,_ls_q) <= 0) {                                                  \
-            _ls_e = _ls_p; _SV(_ls_p,list); _ls_p =                                            \
-              _NEXT(_ls_p,list,next); _RS(list); _ls_psize--;                                  \
+	    _ls_e = _ls_p; UTLIST_SV(_ls_p,list); _ls_p =                                      \
+	      UTLIST_NEXT(_ls_p,list,next); UTLIST_RS(list); _ls_psize--;                      \
           } else {                                                                             \
-            _ls_e = _ls_q; _SV(_ls_q,list); _ls_q =                                            \
-              _NEXT(_ls_q,list,next); _RS(list); _ls_qsize--;                                  \
+	    _ls_e = _ls_q; UTLIST_SV(_ls_q,list); _ls_q =                                      \
+	      UTLIST_NEXT(_ls_q,list,next); UTLIST_RS(list); _ls_qsize--;                      \
           }                                                                                    \
           if (_ls_tail) {                                                                      \
-            _SV(_ls_tail,list); _NEXTASGN(_ls_tail,list,_ls_e,next); _RS(list);                \
+	    UTLIST_SV(_ls_tail,list); UTLIST_NEXTASGN(_ls_tail,list,_ls_e,next); UTLIST_RS(list); \
           } else {                                                                             \
-            _CASTASGN(list,_ls_e);                                                             \
+	    UTLIST_CASTASGN(list,_ls_e);                                                       \
           }                                                                                    \
-          _SV(_ls_e,list); _PREVASGN(_ls_e,list,_ls_tail,prev); _RS(list);                     \
+	  UTLIST_SV(_ls_e,list); UTLIST_PREVASGN(_ls_e,list,_ls_tail,prev); UTLIST_RS(list);   \
           _ls_tail = _ls_e;                                                                    \
         }                                                                                      \
         _ls_p = _ls_q;                                                                         \
       }                                                                                        \
-      _CASTASGN(list->prev, _ls_tail);                                                         \
-      _SV(_ls_tail,list); _NEXTASGN(_ls_tail,list,NULL,next); _RS(list);                       \
+      UTLIST_CASTASGN((list)->prev, _ls_tail);                                                 \
+      UTLIST_SV(_ls_tail,list); UTLIST_NEXTASGN(_ls_tail,list,NULL,next); UTLIST_RS(list);     \
       if (_ls_nmerges <= 1) {                                                                  \
         _ls_looping=0;                                                                         \
       }                                                                                        \
@@ -243,9 +250,9 @@ do {
     _ls_insize = 1;                                                                            \
     _ls_looping = 1;                                                                           \
     while (_ls_looping) {                                                                      \
-      _CASTASGN(_ls_p,list);                                                                   \
-      _CASTASGN(_ls_oldhead,list);                                                             \
-      list = NULL;                                                                             \
+      UTLIST_CASTASGN(_ls_p,list);                                                             \
+      UTLIST_CASTASGN(_ls_oldhead,list);                                                       \
+      (list) = NULL;                                                                           \
       _ls_tail = NULL;                                                                         \
       _ls_nmerges = 0;                                                                         \
       while (_ls_p) {                                                                          \
@@ -254,47 +261,47 @@ do {
         _ls_psize = 0;                                                                         \
         for (_ls_i = 0; _ls_i < _ls_insize; _ls_i++) {                                         \
           _ls_psize++;                                                                         \
-          _SV(_ls_q,list);                                                                     \
-          if (_NEXT(_ls_q,list,next) == _ls_oldhead) {                                         \
+	  UTLIST_SV(_ls_q,list);                                                               \
+	  if (UTLIST_NEXT(_ls_q,list,next) == _ls_oldhead) {                                   \
             _ls_q = NULL;                                                                      \
           } else {                                                                             \
-            _ls_q = _NEXT(_ls_q,list,next);                                                    \
+	    _ls_q = UTLIST_NEXT(_ls_q,list,next);                                              \
           }                                                                                    \
-          _RS(list);                                                                           \
+	  UTLIST_RS(list);                                                                     \
           if (!_ls_q) break;                                                                   \
         }                                                                                      \
         _ls_qsize = _ls_insize;                                                                \
         while (_ls_psize > 0 || (_ls_qsize > 0 && _ls_q)) {                                    \
           if (_ls_psize == 0) {                                                                \
-            _ls_e = _ls_q; _SV(_ls_q,list); _ls_q =                                            \
-              _NEXT(_ls_q,list,next); _RS(list); _ls_qsize--;                                  \
+	    _ls_e = _ls_q; UTLIST_SV(_ls_q,list); _ls_q =                                      \
+	      UTLIST_NEXT(_ls_q,list,next); UTLIST_RS(list); _ls_qsize--;                      \
             if (_ls_q == _ls_oldhead) { _ls_q = NULL; }                                        \
           } else if (_ls_qsize == 0 || !_ls_q) {                                               \
-            _ls_e = _ls_p; _SV(_ls_p,list); _ls_p =                                            \
-              _NEXT(_ls_p,list,next); _RS(list); _ls_psize--;                                  \
+	    _ls_e = _ls_p; UTLIST_SV(_ls_p,list); _ls_p =                                      \
+	      UTLIST_NEXT(_ls_p,list,next); UTLIST_RS(list); _ls_psize--;                      \
             if (_ls_p == _ls_oldhead) { _ls_p = NULL; }                                        \
           } else if (cmp(_ls_p,_ls_q) <= 0) {                                                  \
-            _ls_e = _ls_p; _SV(_ls_p,list); _ls_p =                                            \
-              _NEXT(_ls_p,list,next); _RS(list); _ls_psize--;                                  \
+	    _ls_e = _ls_p; UTLIST_SV(_ls_p,list); _ls_p =                                      \
+	      UTLIST_NEXT(_ls_p,list,next); UTLIST_RS(list); _ls_psize--;                      \
             if (_ls_p == _ls_oldhead) { _ls_p = NULL; }                                        \
           } else {                                                                             \
-            _ls_e = _ls_q; _SV(_ls_q,list); _ls_q =                                            \
-              _NEXT(_ls_q,list,next); _RS(list); _ls_qsize--;                                  \
+	    _ls_e = _ls_q; UTLIST_SV(_ls_q,list); _ls_q =                                      \
+	      UTLIST_NEXT(_ls_q,list,next); UTLIST_RS(list); _ls_qsize--;                      \
             if (_ls_q == _ls_oldhead) { _ls_q = NULL; }                                        \
           }                                                                                    \
           if (_ls_tail) {                                                                      \
-            _SV(_ls_tail,list); _NEXTASGN(_ls_tail,list,_ls_e,next); _RS(list);                \
+	    UTLIST_SV(_ls_tail,list); UTLIST_NEXTASGN(_ls_tail,list,_ls_e,next); UTLIST_RS(list); \
           } else {                                                                             \
-            _CASTASGN(list,_ls_e);                                                             \
+	    UTLIST_CASTASGN(list,_ls_e);                                                       \
           }                                                                                    \
-          _SV(_ls_e,list); _PREVASGN(_ls_e,list,_ls_tail,prev); _RS(list);                     \
+	  UTLIST_SV(_ls_e,list); UTLIST_PREVASGN(_ls_e,list,_ls_tail,prev); UTLIST_RS(list);   \
           _ls_tail = _ls_e;                                                                    \
         }                                                                                      \
         _ls_p = _ls_q;                                                                         \
       }                                                                                        \
-      _CASTASGN(list->prev,_ls_tail);                                                          \
-      _CASTASGN(_tmp,list);                                                                    \
-      _SV(_ls_tail,list); _NEXTASGN(_ls_tail,list,_tmp,next); _RS(list);                       \
+      UTLIST_CASTASGN((list)->prev,_ls_tail);                                                  \
+      UTLIST_CASTASGN(_tmp,list);                                                              \
+      UTLIST_SV(_ls_tail,list); UTLIST_NEXTASGN(_ls_tail,list,_tmp,next); UTLIST_RS(list);     \
       if (_ls_nmerges <= 1) {                                                                  \
         _ls_looping=0;                                                                         \
       }                                                                                        \
@@ -311,8 +318,8 @@ do {
 
 #define LL_PREPEND2(head,add,next)                                                             \
 do {                                                                                           \
-  (add)->next = head;                                                                          \
-  head = add;                                                                                  \
+  (add)->next = (head);                                                                        \
+  (head) = (add);                                                                              \
 } while (0)
 
 #define LL_CONCAT(head1,head2)                                                                 \
@@ -322,7 +329,7 @@ do {
 do {                                                                                           \
   LDECLTYPE(head1) _tmp;                                                                       \
   if (head1) {                                                                                 \
-    _tmp = head1;                                                                              \
+    _tmp = (head1);                                                                            \
     while (_tmp->next) { _tmp = _tmp->next; }                                                  \
     _tmp->next=(head2);                                                                        \
   } else {                                                                                     \
@@ -338,7 +345,7 @@ do {
   LDECLTYPE(head) _tmp;                                                                        \
   (add)->next=NULL;                                                                            \
   if (head) {                                                                                  \
-    _tmp = head;                                                                               \
+    _tmp = (head);                                                                             \
     while (_tmp->next) { _tmp = _tmp->next; }                                                  \
     _tmp->next=(add);                                                                          \
   } else {                                                                                     \
@@ -346,96 +353,76 @@ do {
   }                                                                                            \
 } while (0)
 
-#define LL_DELETE(head,del)                                                                    \
-    LL_DELETE2(head,del,next)
+#define LL_INSERT_INORDER(head,add,cmp)                                                        \
+    LL_INSERT_INORDER2(head,add,cmp,next)
 
-#define LL_DELETE2(head,del,next)                                                              \
+#define LL_INSERT_INORDER2(head,add,cmp,next)                                                  \
 do {                                                                                           \
   LDECLTYPE(head) _tmp;                                                                        \
-  if ((head) == (del)) {                                                                       \
-    (head)=(head)->next;                                                                       \
+  if (head) {                                                                                  \
+    LL_LOWER_BOUND2(head, _tmp, add, cmp, next);                                               \
+    LL_APPEND_ELEM2(head, _tmp, add, next);                                                    \
   } else {                                                                                     \
-    _tmp = head;                                                                               \
-    while (_tmp->next && (_tmp->next != (del))) {                                              \
-      _tmp = _tmp->next;                                                                       \
-    }                                                                                          \
-    if (_tmp->next) {                                                                          \
-      _tmp->next = ((del)->next);                                                              \
-    }                                                                                          \
+    (head) = (add);                                                                            \
+    (head)->next = NULL;                                                                       \
   }                                                                                            \
 } while (0)
 
-/* Here are VS2008 replacements for LL_APPEND and LL_DELETE */
-#define LL_APPEND_VS2008(head,add)                                                             \
-    LL_APPEND2_VS2008(head,add,next)
+#define LL_LOWER_BOUND(head,elt,like,cmp)                                                      \
+    LL_LOWER_BOUND2(head,elt,like,cmp,next)
 
-#define LL_APPEND2_VS2008(head,add,next)                                                       \
-do {                                                                                           \
-  if (head) {                                                                                  \
-    (add)->next = head;     /* use add->next as a temp variable */                             \
-    while ((add)->next->next) { (add)->next = (add)->next->next; }                             \
-    (add)->next->next=(add);                                                                   \
-  } else {                                                                                     \
-    (head)=(add);                                                                              \
-  }                                                                                            \
-  (add)->next=NULL;                                                                            \
-} while (0)
+#define LL_LOWER_BOUND2(head,elt,like,cmp,next)                                                \
+  do {                                                                                         \
+    if ((head) == NULL || (cmp(head, like)) >= 0) {                                            \
+      (elt) = NULL;                                                                            \
+    } else {                                                                                   \
+      for ((elt) = (head); (elt)->next != NULL; (elt) = (elt)->next) {                         \
+	if (cmp((elt)->next, like) >= 0) {                                                     \
+	  break;                                                                               \
+	}                                                                                      \
+      }                                                                                        \
+    }                                                                                          \
+  } while (0)
 
-#define LL_DELETE_VS2008(head,del)                                                             \
-    LL_DELETE2_VS2008(head,del,next)
+#define LL_DELETE(head,del)                                                                    \
+    LL_DELETE2(head,del,next)
 
-#define LL_DELETE2_VS2008(head,del,next)                                                       \
+#define LL_DELETE2(head,del,next)                                                              \
 do {                                                                                           \
+  LDECLTYPE(head) _tmp;                                                                        \
   if ((head) == (del)) {                                                                       \
     (head)=(head)->next;                                                                       \
   } else {                                                                                     \
-    char *_tmp = (char*)(head);                                                                \
-    while ((head)->next && ((head)->next != (del))) {                                          \
-      head = (head)->next;                                                                     \
-    }                                                                                          \
-    if ((head)->next) {                                                                        \
-      (head)->next = ((del)->next);                                                            \
+    _tmp = (head);                                                                             \
+    while (_tmp->next && (_tmp->next != (del))) {                                              \
+      _tmp = _tmp->next;                                                                       \
     }                                                                                          \
-    {                                                                                          \
-      char **_head_alias = (char**)&(head);                                                    \
-      *_head_alias = _tmp;                                                                     \
+    if (_tmp->next) {                                                                          \
+      _tmp->next = (del)->next;                                                                \
     }                                                                                          \
   }                                                                                            \
 } while (0)
-#ifdef NO_DECLTYPE
-#undef LL_APPEND
-#define LL_APPEND LL_APPEND_VS2008
-#undef LL_DELETE
-#define LL_DELETE LL_DELETE_VS2008
-#undef LL_DELETE2
-#define LL_DELETE2 LL_DELETE2_VS2008
-#undef LL_APPEND2
-#define LL_APPEND2 LL_APPEND2_VS2008
-#undef LL_CONCAT /* no LL_CONCAT_VS2008 */
-#undef DL_CONCAT /* no DL_CONCAT_VS2008 */
-#endif
-/* end VS2008 replacements */
 
 #define LL_COUNT(head,el,counter)                                                              \
     LL_COUNT2(head,el,counter,next)                                                            \
 
 #define LL_COUNT2(head,el,counter,next)                                                        \
-{                                                                                              \
-    counter = 0;                                                                               \
-    LL_FOREACH2(head,el,next){ ++counter; }                                                    \
-}
+do {                                                                                           \
+  (counter) = 0;                                                                               \
+  LL_FOREACH2(head,el,next) { ++(counter); }                                                   \
+} while (0)
 
 #define LL_FOREACH(head,el)                                                                    \
     LL_FOREACH2(head,el,next)
 
 #define LL_FOREACH2(head,el,next)                                                              \
-    for(el=head;el;el=(el)->next)
+    for ((el) = (head); el; (el) = (el)->next)
 
 #define LL_FOREACH_SAFE(head,el,tmp)                                                           \
     LL_FOREACH_SAFE2(head,el,tmp,next)
 
 #define LL_FOREACH_SAFE2(head,el,tmp,next)                                                     \
-  for((el)=(head);(el) && (tmp = (el)->next, 1); (el) = tmp)
+  for ((el) = (head); (el) && ((tmp) = (el)->next, 1); (el) = (tmp))
 
 #define LL_SEARCH_SCALAR(head,out,field,val)                                                   \
     LL_SEARCH_SCALAR2(head,out,field,val,next)
@@ -445,7 +432,7 @@ do {
     LL_FOREACH2(head,out,next) {                                                               \
       if ((out)->field == (val)) break;                                                        \
     }                                                                                          \
-} while(0) 
+} while (0)
 
 #define LL_SEARCH(head,out,elt,cmp)                                                            \
     LL_SEARCH2(head,out,elt,cmp,next)
@@ -455,19 +442,19 @@ do {
     LL_FOREACH2(head,out,next) {                                                               \
       if ((cmp(out,elt))==0) break;                                                            \
     }                                                                                          \
-} while(0) 
+} while (0)
 
-#define LL_REPLACE_ELEM(head, el, add)                                                         \
+#define LL_REPLACE_ELEM2(head, el, add, next)                                                  \
 do {                                                                                           \
  LDECLTYPE(head) _tmp;                                                                         \
- assert(head != NULL);                                                                         \
- assert(el != NULL);                                                                           \
- assert(add != NULL);                                                                          \
+ assert((head) != NULL);                                                                       \
+ assert((el) != NULL);                                                                         \
+ assert((add) != NULL);                                                                        \
  (add)->next = (el)->next;                                                                     \
  if ((head) == (el)) {                                                                         \
   (head) = (add);                                                                              \
  } else {                                                                                      \
-  _tmp = head;                                                                                 \
+  _tmp = (head);                                                                               \
   while (_tmp->next && (_tmp->next != (el))) {                                                 \
    _tmp = _tmp->next;                                                                          \
   }                                                                                            \
@@ -477,26 +464,158 @@ do {
  }                                                                                             \
 } while (0)
 
+#define LL_REPLACE_ELEM(head, el, add)                                                         \
+    LL_REPLACE_ELEM2(head, el, add, next)
+
+#define LL_PREPEND_ELEM2(head, el, add, next)                                                  \
+do {                                                                                           \
+ if (el) {                                                                                     \
+  LDECLTYPE(head) _tmp;                                                                        \
+  assert((head) != NULL);                                                                      \
+  assert((add) != NULL);                                                                       \
+  (add)->next = (el);                                                                          \
+  if ((head) == (el)) {                                                                        \
+   (head) = (add);                                                                             \
+  } else {                                                                                     \
+   _tmp = (head);                                                                              \
+   while (_tmp->next && (_tmp->next != (el))) {                                                \
+    _tmp = _tmp->next;                                                                         \
+   }                                                                                           \
+   if (_tmp->next) {                                                                           \
+     _tmp->next = (add);                                                                       \
+   }                                                                                           \
+  }                                                                                            \
+ } else {                                                                                      \
+  LL_APPEND2(head, add, next);                                                                 \
+ }                                                                                             \
+} while (0)                                                                                    \
+
 #define LL_PREPEND_ELEM(head, el, add)                                                         \
+    LL_PREPEND_ELEM2(head, el, add, next)
+
+#define LL_APPEND_ELEM2(head, el, add, next)                                                   \
 do {                                                                                           \
- LDECLTYPE(head) _tmp;                                                                         \
- assert(head != NULL);                                                                         \
- assert(el != NULL);                                                                           \
- assert(add != NULL);                                                                          \
- (add)->next = (el);                                                                           \
- if ((head) == (el)) {                                                                         \
-  (head) = (add);                                                                              \
+ if (el) {                                                                                     \
+  assert((head) != NULL);                                                                      \
+  assert((add) != NULL);                                                                       \
+  (add)->next = (el)->next;                                                                    \
+  (el)->next = (add);                                                                          \
  } else {                                                                                      \
-  _tmp = head;                                                                                 \
-  while (_tmp->next && (_tmp->next != (el))) {                                                 \
-   _tmp = _tmp->next;                                                                          \
+  LL_PREPEND2(head, add, next);                                                                \
+ }                                                                                             \
+} while (0)                                                                                    \
+
+#define LL_APPEND_ELEM(head, el, add)                                                          \
+    LL_APPEND_ELEM2(head, el, add, next)
+
+#ifdef NO_DECLTYPE
+/* Here are VS2008 / NO_DECLTYPE replacements for a few functions */
+
+#undef LL_CONCAT2
+#define LL_CONCAT2(head1,head2,next)                                                           \
+do {                                                                                           \
+  char *_tmp;                                                                                  \
+  if (head1) {                                                                                 \
+    _tmp = (char*)(head1);                                                                     \
+    while ((head1)->next) { (head1) = (head1)->next; }                                         \
+    (head1)->next = (head2);                                                                   \
+    UTLIST_RS(head1);                                                                          \
+  } else {                                                                                     \
+    (head1)=(head2);                                                                           \
   }                                                                                            \
-  if (_tmp->next) {                                                                            \
-    _tmp->next = (add);                                                                        \
+} while (0)
+
+#undef LL_APPEND2
+#define LL_APPEND2(head,add,next)                                                              \
+do {                                                                                           \
+  if (head) {                                                                                  \
+    (add)->next = head;     /* use add->next as a temp variable */                             \
+    while ((add)->next->next) { (add)->next = (add)->next->next; }                             \
+    (add)->next->next=(add);                                                                   \
+  } else {                                                                                     \
+    (head)=(add);                                                                              \
+  }                                                                                            \
+  (add)->next=NULL;                                                                            \
+} while (0)
+
+#undef LL_INSERT_INORDER2
+#define LL_INSERT_INORDER2(head,add,cmp,next)                                                  \
+do {                                                                                           \
+  if ((head) == NULL || (cmp(head, add)) >= 0) {                                               \
+    (add)->next = (head);                                                                      \
+    (head) = (add);                                                                            \
+  } else {                                                                                     \
+    char *_tmp = (char*)(head);                                                                \
+    while ((head)->next != NULL && (cmp((head)->next, add)) < 0) {                             \
+      (head) = (head)->next;                                                                   \
+    }                                                                                          \
+    (add)->next = (head)->next;                                                                \
+    (head)->next = (add);                                                                      \
+    UTLIST_RS(head);                                                                           \
+  }                                                                                            \
+} while (0)
+
+#undef LL_DELETE2
+#define LL_DELETE2(head,del,next)                                                              \
+do {                                                                                           \
+  if ((head) == (del)) {                                                                       \
+    (head)=(head)->next;                                                                       \
+  } else {                                                                                     \
+    char *_tmp = (char*)(head);                                                                \
+    while ((head)->next && ((head)->next != (del))) {                                          \
+      (head) = (head)->next;                                                                   \
+    }                                                                                          \
+    if ((head)->next) {                                                                        \
+      (head)->next = ((del)->next);                                                            \
+    }                                                                                          \
+    UTLIST_RS(head);                                                                           \
+  }                                                                                            \
+} while (0)
+
+#undef LL_REPLACE_ELEM2
+#define LL_REPLACE_ELEM2(head, el, add, next)                                                  \
+do {                                                                                           \
+  assert((head) != NULL);                                                                      \
+  assert((el) != NULL);                                                                        \
+  assert((add) != NULL);                                                                       \
+  if ((head) == (el)) {                                                                        \
+    (head) = (add);                                                                            \
+  } else {                                                                                     \
+    (add)->next = head;                                                                        \
+    while ((add)->next->next && ((add)->next->next != (el))) {                                 \
+      (add)->next = (add)->next->next;                                                         \
+    }                                                                                          \
+    if ((add)->next->next) {                                                                   \
+      (add)->next->next = (add);                                                               \
+    }                                                                                          \
+  }                                                                                            \
+  (add)->next = (el)->next;                                                                    \
+} while (0)
+
+#undef LL_PREPEND_ELEM2
+#define LL_PREPEND_ELEM2(head, el, add, next)                                                  \
+do {                                                                                           \
+  if (el) {                                                                                    \
+    assert((head) != NULL);                                                                    \
+    assert((add) != NULL);                                                                     \
+    if ((head) == (el)) {                                                                      \
+      (head) = (add);                                                                          \
+    } else {                                                                                   \
+      (add)->next = (head);                                                                    \
+      while ((add)->next->next && ((add)->next->next != (el))) {                               \
+	(add)->next = (add)->next->next;                                                       \
+      }                                                                                        \
+      if ((add)->next->next) {                                                                 \
+	(add)->next->next = (add);                                                             \
+      }                                                                                        \
+    }                                                                                          \
+    (add)->next = (el);                                                                        \
+  } else {                                                                                     \
+    LL_APPEND2(head, add, next);                                                               \
   }                                                                                            \
- }                                                                                             \
 } while (0)                                                                                    \
 
+#endif /* NO_DECLTYPE */
 
 /******************************************************************************
  * doubly linked list macros (non-circular)                                   *
@@ -506,7 +625,7 @@ do {
 
 #define DL_PREPEND2(head,add,prev,next)                                                        \
 do {                                                                                           \
- (add)->next = head;                                                                           \
+ (add)->next = (head);                                                                         \
  if (head) {                                                                                   \
    (add)->prev = (head)->prev;                                                                 \
    (head)->prev = (add);                                                                       \
@@ -531,7 +650,39 @@ do {
       (head)->prev = (head);                                                                   \
       (head)->next = NULL;                                                                     \
   }                                                                                            \
-} while (0) 
+} while (0)
+
+#define DL_INSERT_INORDER(head,add,cmp)                                                        \
+    DL_INSERT_INORDER2(head,add,cmp,prev,next)
+
+#define DL_INSERT_INORDER2(head,add,cmp,prev,next)                                             \
+do {                                                                                           \
+  LDECLTYPE(head) _tmp;                                                                        \
+  if (head) {                                                                                  \
+    DL_LOWER_BOUND2(head, _tmp, add, cmp, next);                                               \
+    DL_APPEND_ELEM2(head, _tmp, add, prev, next);                                              \
+  } else {                                                                                     \
+    (head) = (add);                                                                            \
+    (head)->prev = (head);                                                                     \
+    (head)->next = NULL;                                                                       \
+  }                                                                                            \
+} while (0)
+
+#define DL_LOWER_BOUND(head,elt,like,cmp)                                                      \
+    DL_LOWER_BOUND2(head,elt,like,cmp,next)
+
+#define DL_LOWER_BOUND2(head,elt,like,cmp,next)                                                \
+do {                                                                                           \
+  if ((head) == NULL || (cmp(head, like)) >= 0) {                                              \
+    (elt) = NULL;                                                                              \
+  } else {                                                                                     \
+    for ((elt) = (head); (elt)->next != NULL; (elt) = (elt)->next) {                           \
+      if ((cmp((elt)->next, like)) >= 0) {                                                     \
+	break;                                                                                 \
+      }                                                                                        \
+    }                                                                                          \
+  }                                                                                            \
+} while (0)
 
 #define DL_CONCAT(head1,head2)                                                                 \
     DL_CONCAT2(head1,head2,prev,next)
@@ -541,25 +692,27 @@ do {
   LDECLTYPE(head1) _tmp;                                                                       \
   if (head2) {                                                                                 \
     if (head1) {                                                                               \
-        _tmp = (head2)->prev;                                                                  \
+	UTLIST_CASTASGN(_tmp, (head2)->prev);                                                  \
         (head2)->prev = (head1)->prev;                                                         \
         (head1)->prev->next = (head2);                                                         \
-        (head1)->prev = _tmp;                                                                  \
+	UTLIST_CASTASGN((head1)->prev, _tmp);                                                  \
     } else {                                                                                   \
         (head1)=(head2);                                                                       \
     }                                                                                          \
   }                                                                                            \
-} while (0) 
+} while (0)
 
 #define DL_DELETE(head,del)                                                                    \
     DL_DELETE2(head,del,prev,next)
 
 #define DL_DELETE2(head,del,prev,next)                                                         \
 do {                                                                                           \
+  assert((head) != NULL);                                                                      \
   assert((del)->prev != NULL);                                                                 \
   if ((del)->prev == (del)) {                                                                  \
       (head)=NULL;                                                                             \
-  } else if ((del)==(head)) {                                                                  \
+  } else if ((del) == (head)) {                                                                \
+      assert((del)->next != NULL);                                                             \
       (del)->next->prev = (del)->prev;                                                         \
       (head) = (del)->next;                                                                    \
   } else {                                                                                     \
@@ -570,29 +723,29 @@ do {
           (head)->prev = (del)->prev;                                                          \
       }                                                                                        \
   }                                                                                            \
-} while (0) 
+} while (0)
 
 #define DL_COUNT(head,el,counter)                                                              \
     DL_COUNT2(head,el,counter,next)                                                            \
 
 #define DL_COUNT2(head,el,counter,next)                                                        \
-{                                                                                              \
-    counter = 0;                                                                               \
-    DL_FOREACH2(head,el,next){ ++counter; }                                                    \
-}
+do {                                                                                           \
+  (counter) = 0;                                                                               \
+  DL_FOREACH2(head,el,next) { ++(counter); }                                                   \
+} while (0)
 
 #define DL_FOREACH(head,el)                                                                    \
     DL_FOREACH2(head,el,next)
 
 #define DL_FOREACH2(head,el,next)                                                              \
-    for(el=head;el;el=(el)->next)
+    for ((el) = (head); el; (el) = (el)->next)
 
 /* this version is safe for deleting the elements during iteration */
 #define DL_FOREACH_SAFE(head,el,tmp)                                                           \
     DL_FOREACH_SAFE2(head,el,tmp,next)
 
 #define DL_FOREACH_SAFE2(head,el,tmp,next)                                                     \
-  for((el)=(head);(el) && (tmp = (el)->next, 1); (el) = tmp)
+  for ((el) = (head); (el) && ((tmp) = (el)->next, 1); (el) = (tmp))
 
 /* these are identical to their singly-linked list counterparts */
 #define DL_SEARCH_SCALAR LL_SEARCH_SCALAR
@@ -600,11 +753,11 @@ do {
 #define DL_SEARCH_SCALAR2 LL_SEARCH_SCALAR2
 #define DL_SEARCH2 LL_SEARCH2
 
-#define DL_REPLACE_ELEM(head, el, add)                                                         \
+#define DL_REPLACE_ELEM2(head, el, add, prev, next)                                            \
 do {                                                                                           \
- assert(head != NULL);                                                                         \
- assert(el != NULL);                                                                           \
- assert(add != NULL);                                                                          \
+ assert((head) != NULL);                                                                       \
+ assert((el) != NULL);                                                                         \
+ assert((add) != NULL);                                                                        \
  if ((head) == (el)) {                                                                         \
   (head) = (add);                                                                              \
   (add)->next = (el)->next;                                                                    \
@@ -626,25 +779,104 @@ do {
  }                                                                                             \
 } while (0)
 
+#define DL_REPLACE_ELEM(head, el, add)                                                         \
+    DL_REPLACE_ELEM2(head, el, add, prev, next)
+
+#define DL_PREPEND_ELEM2(head, el, add, prev, next)                                            \
+do {                                                                                           \
+ if (el) {                                                                                     \
+  assert((head) != NULL);                                                                      \
+  assert((add) != NULL);                                                                       \
+  (add)->next = (el);                                                                          \
+  (add)->prev = (el)->prev;                                                                    \
+  (el)->prev = (add);                                                                          \
+  if ((head) == (el)) {                                                                        \
+   (head) = (add);                                                                             \
+  } else {                                                                                     \
+   (add)->prev->next = (add);                                                                  \
+  }                                                                                            \
+ } else {                                                                                      \
+  DL_APPEND2(head, add, prev, next);                                                           \
+ }                                                                                             \
+} while (0)                                                                                    \
+
 #define DL_PREPEND_ELEM(head, el, add)                                                         \
+    DL_PREPEND_ELEM2(head, el, add, prev, next)
+
+#define DL_APPEND_ELEM2(head, el, add, prev, next)                                             \
 do {                                                                                           \
- assert(head != NULL);                                                                         \
- assert(el != NULL);                                                                           \
- assert(add != NULL);                                                                          \
- (add)->next = (el);                                                                           \
- (add)->prev = (el)->prev;                                                                     \
- (el)->prev = (add);                                                                           \
- if ((head) == (el)) {                                                                         \
-  (head) = (add);                                                                              \
+ if (el) {                                                                                     \
+  assert((head) != NULL);                                                                      \
+  assert((add) != NULL);                                                                       \
+  (add)->next = (el)->next;                                                                    \
+  (add)->prev = (el);                                                                          \
+  (el)->next = (add);                                                                          \
+  if ((add)->next) {                                                                           \
+   (add)->next->prev = (add);                                                                  \
+  } else {                                                                                     \
+   (head)->prev = (add);                                                                       \
+  }                                                                                            \
  } else {                                                                                      \
-  (add)->prev->next = (add);                                                                   \
+  DL_PREPEND2(head, add, prev, next);                                                          \
  }                                                                                             \
 } while (0)                                                                                    \
 
+#define DL_APPEND_ELEM(head, el, add)                                                          \
+   DL_APPEND_ELEM2(head, el, add, prev, next)
+
+#ifdef NO_DECLTYPE
+/* Here are VS2008 / NO_DECLTYPE replacements for a few functions */
+
+#undef DL_INSERT_INORDER2
+#define DL_INSERT_INORDER2(head,add,cmp,prev,next)                                             \
+do {                                                                                           \
+  if ((head) == NULL) {                                                                        \
+    (add)->prev = (add);                                                                       \
+    (add)->next = NULL;                                                                        \
+    (head) = (add);                                                                            \
+  } else if ((cmp(head, add)) >= 0) {                                                          \
+    (add)->prev = (head)->prev;                                                                \
+    (add)->next = (head);                                                                      \
+    (head)->prev = (add);                                                                      \
+    (head) = (add);                                                                            \
+  } else {                                                                                     \
+    char *_tmp = (char*)(head);                                                                \
+    while ((head)->next && (cmp((head)->next, add)) < 0) {                                     \
+      (head) = (head)->next;                                                                   \
+    }                                                                                          \
+    (add)->prev = (head);                                                                      \
+    (add)->next = (head)->next;                                                                \
+    (head)->next = (add);                                                                      \
+    UTLIST_RS(head);                                                                           \
+    if ((add)->next) {                                                                         \
+      (add)->next->prev = (add);                                                               \
+    } else {                                                                                   \
+      (head)->prev = (add);                                                                    \
+    }                                                                                          \
+  }                                                                                            \
+} while (0)
+#endif /* NO_DECLTYPE */
 
 /******************************************************************************
  * circular doubly linked list macros                                         *
  *****************************************************************************/
+#define CDL_APPEND(head,add)                                                                   \
+    CDL_APPEND2(head,add,prev,next)
+
+#define CDL_APPEND2(head,add,prev,next)                                                        \
+do {                                                                                           \
+ if (head) {                                                                                   \
+   (add)->prev = (head)->prev;                                                                 \
+   (add)->next = (head);                                                                       \
+   (head)->prev = (add);                                                                       \
+   (add)->prev->next = (add);                                                                  \
+ } else {                                                                                      \
+   (add)->prev = (add);                                                                        \
+   (add)->next = (add);                                                                        \
+   (head) = (add);                                                                             \
+ }                                                                                             \
+} while (0)
+
 #define CDL_PREPEND(head,add)                                                                  \
     CDL_PREPEND2(head,add,prev,next)
 
@@ -659,7 +891,39 @@ do {
    (add)->prev = (add);                                                                        \
    (add)->next = (add);                                                                        \
  }                                                                                             \
-(head)=(add);                                                                                  \
+ (head) = (add);                                                                               \
+} while (0)
+
+#define CDL_INSERT_INORDER(head,add,cmp)                                                       \
+    CDL_INSERT_INORDER2(head,add,cmp,prev,next)
+
+#define CDL_INSERT_INORDER2(head,add,cmp,prev,next)                                            \
+do {                                                                                           \
+  LDECLTYPE(head) _tmp;                                                                        \
+  if (head) {                                                                                  \
+    CDL_LOWER_BOUND2(head, _tmp, add, cmp, next);                                              \
+    CDL_APPEND_ELEM2(head, _tmp, add, prev, next);                                             \
+  } else {                                                                                     \
+    (head) = (add);                                                                            \
+    (head)->next = (head);                                                                     \
+    (head)->prev = (head);                                                                     \
+  }                                                                                            \
+} while (0)
+
+#define CDL_LOWER_BOUND(head,elt,like,cmp)                                                     \
+    CDL_LOWER_BOUND2(head,elt,like,cmp,next)
+
+#define CDL_LOWER_BOUND2(head,elt,like,cmp,next)                                               \
+do {                                                                                           \
+  if ((head) == NULL || (cmp(head, like)) >= 0) {                                              \
+    (elt) = NULL;                                                                              \
+  } else {                                                                                     \
+    for ((elt) = (head); (elt)->next != (head); (elt) = (elt)->next) {                         \
+      if ((cmp((elt)->next, like)) >= 0) {                                                     \
+	break;                                                                                 \
+      }                                                                                        \
+    }                                                                                          \
+  }                                                                                            \
 } while (0)
 
 #define CDL_DELETE(head,del)                                                                   \
@@ -667,37 +931,37 @@ do {
 
 #define CDL_DELETE2(head,del,prev,next)                                                        \
 do {                                                                                           \
-  if ( ((head)==(del)) && ((head)->next == (head))) {                                          \
-      (head) = 0L;                                                                             \
+  if (((head)==(del)) && ((head)->next == (head))) {                                           \
+      (head) = NULL;                                                                           \
   } else {                                                                                     \
      (del)->next->prev = (del)->prev;                                                          \
      (del)->prev->next = (del)->next;                                                          \
      if ((del) == (head)) (head)=(del)->next;                                                  \
   }                                                                                            \
-} while (0) 
+} while (0)
 
 #define CDL_COUNT(head,el,counter)                                                             \
     CDL_COUNT2(head,el,counter,next)                                                           \
 
 #define CDL_COUNT2(head, el, counter,next)                                                     \
-{                                                                                              \
-    counter = 0;                                                                               \
-    CDL_FOREACH2(head,el,next){ ++counter; }                                                   \
-}
+do {                                                                                           \
+  (counter) = 0;                                                                               \
+  CDL_FOREACH2(head,el,next) { ++(counter); }                                                  \
+} while (0)
 
 #define CDL_FOREACH(head,el)                                                                   \
     CDL_FOREACH2(head,el,next)
 
 #define CDL_FOREACH2(head,el,next)                                                             \
-    for(el=head;el;el=((el)->next==head ? 0L : (el)->next)) 
+    for ((el)=(head);el;(el)=(((el)->next==(head)) ? NULL : (el)->next))
 
 #define CDL_FOREACH_SAFE(head,el,tmp1,tmp2)                                                    \
     CDL_FOREACH_SAFE2(head,el,tmp1,tmp2,prev,next)
 
 #define CDL_FOREACH_SAFE2(head,el,tmp1,tmp2,prev,next)                                         \
-  for((el)=(head), ((tmp1)=(head)?((head)->prev):NULL);                                        \
-      (el) && ((tmp2)=(el)->next, 1);                                                          \
-      ((el) = (((el)==(tmp1)) ? 0L : (tmp2))))
+  for ((el) = (head), (tmp1) = (head) ? (head)->prev : NULL;                                   \
+       (el) && ((tmp2) = (el)->next, 1);                                                       \
+       (el) = ((el) == (tmp1) ? NULL : (tmp2)))
 
 #define CDL_SEARCH_SCALAR(head,out,field,val)                                                  \
     CDL_SEARCH_SCALAR2(head,out,field,val,next)
@@ -707,7 +971,7 @@ do {
     CDL_FOREACH2(head,out,next) {                                                              \
       if ((out)->field == (val)) break;                                                        \
     }                                                                                          \
-} while(0) 
+} while (0)
 
 #define CDL_SEARCH(head,out,elt,cmp)                                                           \
     CDL_SEARCH2(head,out,elt,cmp,next)
@@ -717,13 +981,13 @@ do {
     CDL_FOREACH2(head,out,next) {                                                              \
       if ((cmp(out,elt))==0) break;                                                            \
     }                                                                                          \
-} while(0) 
+} while (0)
 
-#define CDL_REPLACE_ELEM(head, el, add)                                                        \
+#define CDL_REPLACE_ELEM2(head, el, add, prev, next)                                           \
 do {                                                                                           \
- assert(head != NULL);                                                                         \
- assert(el != NULL);                                                                           \
- assert(add != NULL);                                                                          \
+ assert((head) != NULL);                                                                       \
+ assert((el) != NULL);                                                                         \
+ assert((add) != NULL);                                                                        \
  if ((el)->next == (el)) {                                                                     \
   (add)->next = (add);                                                                         \
   (add)->prev = (add);                                                                         \
@@ -739,19 +1003,74 @@ do {
  }                                                                                             \
 } while (0)
 
+#define CDL_REPLACE_ELEM(head, el, add)                                                        \
+    CDL_REPLACE_ELEM2(head, el, add, prev, next)
+
+#define CDL_PREPEND_ELEM2(head, el, add, prev, next)                                           \
+do {                                                                                           \
+  if (el) {                                                                                    \
+    assert((head) != NULL);                                                                    \
+    assert((add) != NULL);                                                                     \
+    (add)->next = (el);                                                                        \
+    (add)->prev = (el)->prev;                                                                  \
+    (el)->prev = (add);                                                                        \
+    (add)->prev->next = (add);                                                                 \
+    if ((head) == (el)) {                                                                      \
+      (head) = (add);                                                                          \
+    }                                                                                          \
+  } else {                                                                                     \
+    CDL_APPEND2(head, add, prev, next);                                                        \
+  }                                                                                            \
+} while (0)
+
 #define CDL_PREPEND_ELEM(head, el, add)                                                        \
+    CDL_PREPEND_ELEM2(head, el, add, prev, next)
+
+#define CDL_APPEND_ELEM2(head, el, add, prev, next)                                            \
 do {                                                                                           \
- assert(head != NULL);                                                                         \
- assert(el != NULL);                                                                           \
- assert(add != NULL);                                                                          \
- (add)->next = (el);                                                                           \
- (add)->prev = (el)->prev;                                                                     \
- (el)->prev = (add);                                                                           \
- (add)->prev->next = (add);                                                                    \
- if ((head) == (el)) {                                                                         \
-  (head) = (add);                                                                              \
+ if (el) {                                                                                     \
+  assert((head) != NULL);                                                                      \
+  assert((add) != NULL);                                                                       \
+  (add)->next = (el)->next;                                                                    \
+  (add)->prev = (el);                                                                          \
+  (el)->next = (add);                                                                          \
+  (add)->next->prev = (add);                                                                   \
+ } else {                                                                                      \
+  CDL_PREPEND2(head, add, prev, next);                                                         \
  }                                                                                             \
-} while (0)                                                                                    \
+} while (0)
 
-#endif /* UTLIST_H */
+#define CDL_APPEND_ELEM(head, el, add)                                                         \
+    CDL_APPEND_ELEM2(head, el, add, prev, next)
+
+#ifdef NO_DECLTYPE
+/* Here are VS2008 / NO_DECLTYPE replacements for a few functions */
 
+#undef CDL_INSERT_INORDER2
+#define CDL_INSERT_INORDER2(head,add,cmp,prev,next)                                            \
+do {                                                                                           \
+  if ((head) == NULL) {                                                                        \
+    (add)->prev = (add);                                                                       \
+    (add)->next = (add);                                                                       \
+    (head) = (add);                                                                            \
+  } else if ((cmp(head, add)) >= 0) {                                                          \
+    (add)->prev = (head)->prev;                                                                \
+    (add)->next = (head);                                                                      \
+    (add)->prev->next = (add);                                                                 \
+    (head)->prev = (add);                                                                      \
+    (head) = (add);                                                                            \
+  } else {                                                                                     \
+    char *_tmp = (char*)(head);                                                                \
+    while ((char*)(head)->next != _tmp && (cmp((head)->next, add)) < 0) {                      \
+      (head) = (head)->next;                                                                   \
+    }                                                                                          \
+    (add)->prev = (head);                                                                      \
+    (add)->next = (head)->next;                                                                \
+    (add)->next->prev = (add);                                                                 \
+    (head)->next = (add);                                                                      \
+    UTLIST_RS(head);                                                                           \
+  }                                                                                            \
+} while (0)
+#endif /* NO_DECLTYPE */
+
+#endif /* UTLIST_H */
diff --git a/contrib/libucl/utils/CMakeLists.txt b/contrib/libucl/utils/CMakeLists.txt
deleted file mode 100644
index 4de95fd7b4b0..000000000000
--- a/contrib/libucl/utils/CMakeLists.txt
+++ /dev/null
@@ -1,12 +0,0 @@
-
-PROJECT(libucl-utils C)
-
-FUNCTION(MAKE_UTIL UTIL_NAME UTIL_SRCS)
-    ADD_EXECUTABLE(${UTIL_NAME} ${UTIL_SRCS})
-    TARGET_LINK_LIBRARIES(${UTIL_NAME} ucl)
-    INSTALL(TARGETS ${UTIL_NAME} DESTINATION bin)
-ENDFUNCTION()
-
-MAKE_UTIL(ucl_chargen chargen.c)
-MAKE_UTIL(ucl_objdump objdump.c)
-MAKE_UTIL(ucl_tool ucl-tool.c)
diff --git a/contrib/libucl/utils/Makefile.am b/contrib/libucl/utils/Makefile.am
deleted file mode 100644
index ec85aaa5e372..000000000000
--- a/contrib/libucl/utils/Makefile.am
+++ /dev/null
@@ -1,23 +0,0 @@
-common_utils_cflags = -I$(top_srcdir)/include \
-					-I$(top_srcdir)/src \
-					-I$(top_srcdir)/uthash
-common_utils_ldadd = $(top_builddir)/src/libucl.la
-
-ucl_chargen_SOURCES = chargen.c
-ucl_chargen_LDADD = $(common_utils_ldadd)
-ucl_chargen_CFLAGS = $(common_utils_cflags)
-
-ucl_objdump_SOURCES = objdump.c
-ucl_objdump_LDADD = $(common_utils_ldadd)
-ucl_objdump_CFLAGS = $(common_utils_cflags)
-
-ucl_tool_SOURCES = ucl-tool.c
-ucl_tool_LDADD = $(common_utils_ldadd)
-ucl_tool_CFLAGS = $(common_utils_cflags)
-
-if UTILS
-UTL = ucl_chargen ucl_objdump ucl_tool
-else
-UTL =
-endif
-bin_PROGRAMS = $(UTL)
diff --git a/contrib/libucl/utils/chargen.c b/contrib/libucl/utils/chargen.c
deleted file mode 100644
index 398134054c21..000000000000
--- a/contrib/libucl/utils/chargen.c
+++ /dev/null
@@ -1,128 +0,0 @@
-/* Copyright (c) 2013, Vsevolod Stakhov
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *       * Redistributions of source code must retain the above copyright
- *         notice, this list of conditions and the following disclaimer.
- *       * Redistributions in binary form must reproduce the above copyright
- *         notice, this list of conditions and the following disclaimer in the
- *         documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED ''AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL AUTHOR BE LIABLE FOR ANY
- * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * @file this utility generates character table for ucl
- */
-
-#include <stdio.h>
-#include <ctype.h>
-#include <stdbool.h>
-
-static inline int
-print_flag (const char *flag, bool *need_or, char *val)
-{
-	int res;
-	res = sprintf (val, "%s%s", *need_or ? "|" : "", flag);
-
-	*need_or |= true;
-
-	return res;
-}
-
-int
-main (int argc, char **argv)
-{
-	int i, col, r;
-	const char *name = "ucl_chartable";
-	bool need_or;
-	char valbuf[2048];
-
-	col = 0;
-
-	if (argc > 1) {
-		name = argv[1];
-	}
-
-	printf ("static const unsigned int %s[256] = {\n", name);
-
-	for (i = 0; i < 256; i ++) {
-		need_or = false;
-		r = 0;
-		/* UCL_CHARACTER_VALUE_END */
-
-		if (i == ' ' || i == '\t') {
-			r += print_flag ("UCL_CHARACTER_WHITESPACE", &need_or, valbuf + r);
-		}
-		if (isspace (i)) {
-			r += print_flag ("UCL_CHARACTER_WHITESPACE_UNSAFE", &need_or, valbuf + r);
-		}
-		if (isalnum (i) || i >= 0x80 || i == '/' || i == '_') {
-			r += print_flag ("UCL_CHARACTER_KEY_START", &need_or, valbuf + r);
-		}
-		if (isalnum (i) || i == '-' || i == '_' || i == '/' || i == '.' || i >= 0x80) {
-			r += print_flag ("UCL_CHARACTER_KEY", &need_or, valbuf + r);
-		}
-		if (i == 0 || i == '\r' || i == '\n' || i == ']' || i == '}' || i == ';' || i == ',' || i == '#') {
-			r += print_flag ("UCL_CHARACTER_VALUE_END", &need_or, valbuf + r);
-		}
-		else {
-			if (isprint (i) || i >= 0x80) {
-				r += print_flag ("UCL_CHARACTER_VALUE_STR", &need_or, valbuf + r);
-			}
-			if (isdigit (i) || i == '-') {
-				r += print_flag ("UCL_CHARACTER_VALUE_DIGIT_START", &need_or, valbuf + r);
-			}
-			if (isalnum (i) || i == '.' || i == '-' || i == '+') {
-				r += print_flag ("UCL_CHARACTER_VALUE_DIGIT", &need_or, valbuf + r);
-			}
-		}
-		if (i == '"' || i == '\\' || i == '/' || i == 'b' ||
-			i == 'f' || i == 'n' || i == 'r' || i == 't' || i == 'u') {
-			r += print_flag ("UCL_CHARACTER_ESCAPE", &need_or, valbuf + r);
-		}
-		if (i == ' ' || i == '\t' || i == ':' || i == '=') {
-			r += print_flag ("UCL_CHARACTER_KEY_SEP", &need_or, valbuf + r);
-		}
-		if (i == '\n' || i == '\r' || i == '\\' || i == '\b' || i == '\t' ||
-				i == '"' || i == '\f') {
-			r += print_flag ("UCL_CHARACTER_JSON_UNSAFE", &need_or, valbuf + r);
-		}
-		if (i == '\n' || i == '\r' || i == '\\' || i == '\b' || i == '\t' ||
-				i == '"' || i == '\f' || i == '=' || i == ':' || i == '{' || i == '[' || i == ' ') {
-			r += print_flag ("UCL_CHARACTER_UCL_UNSAFE", &need_or, valbuf + r);
-		}
-
-		if (!need_or) {
-			r += print_flag ("UCL_CHARACTER_DENIED", &need_or, valbuf + r);
-		}
-
-		if (isprint (i)) {
-			r += sprintf (valbuf + r, " /* %c */", i);
-		}
-		if (i != 255) {
-			r += sprintf (valbuf + r, ", ");
-		}
-		col += r;
-		if (col > 80) {
-			printf ("\n%s", valbuf);
-			col = r;
-		}
-		else {
-			printf ("%s", valbuf);
-		}
-	}
-	printf ("\n}\n");
-
-	return 0;
-}
diff --git a/contrib/libucl/utils/objdump.c b/contrib/libucl/utils/objdump.c
deleted file mode 100644
index 416eca7c87e0..000000000000
--- a/contrib/libucl/utils/objdump.c
+++ /dev/null
@@ -1,185 +0,0 @@
-/* Copyright (c) 2013, Dmitriy V. Reshetnikov
- * Copyright (c) 2013, Vsevolod Stakhov
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *       * Redistributions of source code must retain the above copyright
- *         notice, this list of conditions and the following disclaimer.
- *       * Redistributions in binary form must reproduce the above copyright
- *         notice, this list of conditions and the following disclaimer in the
- *         documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED ''AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL AUTHOR BE LIABLE FOR ANY
- * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#if defined(_MSC_VER)
-    #include <BaseTsd.h>
-
-    typedef SSIZE_T ssize_t;
-#endif
-
-#include "ucl.h"
-
-void
-ucl_obj_dump (const ucl_object_t *obj, unsigned int shift)
-{
-	int num = shift * 4 + 5;
-	char *pre = (char *) malloc (num * sizeof(char));
-	const ucl_object_t *cur, *tmp;
-	ucl_object_iter_t it = NULL, it_obj = NULL;
-
-	pre[--num] = 0x00;
-	while (num--)
-		pre[num] = 0x20;
-
-	tmp = obj;
-
-	while ((obj = ucl_object_iterate (tmp, &it, false))) {
-		printf ("%sucl object address: %p\n", pre + 4, obj);
-		if (obj->key != NULL) {
-			printf ("%skey: \"%s\"\n", pre, ucl_object_key (obj));
-		}
-		printf ("%sref: %u\n", pre, obj->ref);
-		printf ("%slen: %u\n", pre, obj->len);
-		printf ("%sprev: %p\n", pre, obj->prev);
-		printf ("%snext: %p\n", pre, obj->next);
-		if (obj->type == UCL_OBJECT) {
-			printf ("%stype: UCL_OBJECT\n", pre);
-			printf ("%svalue: %p\n", pre, obj->value.ov);
-			it_obj = NULL;
-			while ((cur = ucl_object_iterate (obj, &it_obj, true))) {
-				ucl_obj_dump (cur, shift + 2);
-			}
-		}
-		else if (obj->type == UCL_ARRAY) {
-			printf ("%stype: UCL_ARRAY\n", pre);
-			printf ("%svalue: %p\n", pre, obj->value.av);
-			it_obj = NULL;
-			while ((cur = ucl_object_iterate (obj, &it_obj, true))) {
-				ucl_obj_dump (cur, shift + 2);
-			}
-		}
-		else if (obj->type == UCL_INT) {
-			printf ("%stype: UCL_INT\n", pre);
-			printf ("%svalue: %jd\n", pre, (intmax_t)ucl_object_toint (obj));
-		}
-		else if (obj->type == UCL_FLOAT) {
-			printf ("%stype: UCL_FLOAT\n", pre);
-			printf ("%svalue: %f\n", pre, ucl_object_todouble (obj));
-		}
-		else if (obj->type == UCL_STRING) {
-			printf ("%stype: UCL_STRING\n", pre);
-			printf ("%svalue: \"%s\"\n", pre, ucl_object_tostring (obj));
-		}
-		else if (obj->type == UCL_BOOLEAN) {
-			printf ("%stype: UCL_BOOLEAN\n", pre);
-			printf ("%svalue: %s\n", pre, ucl_object_tostring_forced (obj));
-		}
-		else if (obj->type == UCL_TIME) {
-			printf ("%stype: UCL_TIME\n", pre);
-			printf ("%svalue: %f\n", pre, ucl_object_todouble (obj));
-		}
-		else if (obj->type == UCL_USERDATA) {
-			printf ("%stype: UCL_USERDATA\n", pre);
-			printf ("%svalue: %p\n", pre, obj->value.ud);
-		}
-	}
-
-	free (pre);
-}
-
-int
-main(int argc, char **argv)
-{
-	const char *fn = NULL;
-	unsigned char *inbuf;
-	struct ucl_parser *parser;
-	int k, ret = 0;
-	ssize_t bufsize, r = 0;
-	ucl_object_t *obj = NULL;
-	const ucl_object_t *par;
-	FILE *in;
-
-	if (argc > 1) {
-		fn = argv[1];
-	}
-
-	if (fn != NULL) {
-		in = fopen (fn, "r");
-		if (in == NULL) {
-			exit (EXIT_FAILURE);
-		}
-	}
-	else {
-		in = stdin;
-	}
-
-	parser = ucl_parser_new (0);
-	inbuf = malloc (BUFSIZ);
-	bufsize = BUFSIZ;
-	r = 0;
-
-	while (!feof (in) && !ferror (in)) {
-		if (r == bufsize) {
-			inbuf = realloc (inbuf, bufsize * 2);
-			bufsize *= 2;
-			if (inbuf == NULL) {
-				perror ("realloc");
-				exit (EXIT_FAILURE);
-			}
-		}
-		r += fread (inbuf + r, 1, bufsize - r, in);
-	}
-
-	if (ferror (in)) {
-		fprintf (stderr, "Failed to read the input file.\n");
-		exit (EXIT_FAILURE);
-	}
-
-	ucl_parser_add_chunk (parser, inbuf, r);
-	fclose (in);
-	if (ucl_parser_get_error(parser)) {
-		printf ("Error occurred: %s\n", ucl_parser_get_error(parser));
-		ret = 1;
-		goto end;
-	}
-
-	obj = ucl_parser_get_object (parser);
-	if (ucl_parser_get_error (parser)) {
-		printf ("Error occurred: %s\n", ucl_parser_get_error(parser));
-		ret = 1;
-		goto end;
-	}
-
-	if (argc > 2) {
-		for (k = 2; k < argc; k++) {
-			printf ("search for \"%s\"... ", argv[k]);
-			par = ucl_object_lookup (obj, argv[k]);
-			printf ("%sfound\n", (par == NULL )?"not ":"");
-			ucl_obj_dump (par, 0);
-		}
-	}
-	else {
-		ucl_obj_dump (obj, 0);
-	}
-
-end:
-	if (parser != NULL) {
-		ucl_parser_free (parser);
-	}
-	if (obj != NULL) {
-		ucl_object_unref (obj);
-	}
-
-	return ret;
-}
diff --git a/contrib/libucl/utils/ucl-tool.c b/contrib/libucl/utils/ucl-tool.c
deleted file mode 100644
index 9b807d35c092..000000000000
--- a/contrib/libucl/utils/ucl-tool.c
+++ /dev/null
@@ -1,170 +0,0 @@
-/* Copyright (c) 2015, Cesanta Software
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *       * Redistributions of source code must retain the above copyright
- *         notice, this list of conditions and the following disclaimer.
- *       * Redistributions in binary form must reproduce the above copyright
- *         notice, this list of conditions and the following disclaimer in the
- *         documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED ''AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL AUTHOR BE LIABLE FOR ANY
- * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "ucl.h"
-
-void usage(const char *name, FILE *out) {
-  fprintf(out, "Usage: %s [--help] [-i|--in file] [-o|--out file]\n", name);
-  fprintf(out, "    [-s|--schema file] [-f|--format format]\n\n");
-  fprintf(out, "  --help   - print this message and exit\n");
-  fprintf(out, "  --in     - specify input filename "
-          "(default: standard input)\n");
-  fprintf(out, "  --out    - specify output filename "
-          "(default: standard output)\n");
-  fprintf(out, "  --schema - specify schema file for validation\n");
-  fprintf(out, "  --format - output format. Options: ucl (default), "
-          "json, compact_json, yaml, msgpack\n");
-}
-
-int main(int argc, char **argv) {
-  int i;
-  char ch;
-  FILE *in = stdin, *out = stdout;
-  const char *schema = NULL, *parm, *val;
-  unsigned char *buf = NULL;
-  size_t size = 0, r = 0;
-  struct ucl_parser *parser = NULL;
-  ucl_object_t *obj = NULL;
-  ucl_emitter_t emitter = UCL_EMIT_CONFIG;
-
-  for (i = 1; i < argc; ++i) {
-    parm = argv[i];
-    val = ((i + 1) < argc) ? argv[++i] : NULL;
-
-    if ((strcmp(parm, "--help") == 0) || (strcmp(parm, "-h") == 0)) {
-      usage(argv[0], stdout);
-      exit(0);
-
-    } else if ((strcmp(parm, "--in") == 0) || (strcmp(parm, "-i") == 0)) {
-      if (!val)
-        goto err_val;
-
-      in = fopen(val, "r");
-      if (in == NULL) {
-        perror("fopen on input file");
-        exit(EXIT_FAILURE);
-      }
-    } else if ((strcmp(parm, "--out") == 0) || (strcmp(parm, "-o") == 0)) {
-      if (!val)
-        goto err_val;
-
-      out = fopen(val, "w");
-      if (out == NULL) {
-        perror("fopen on output file");
-        exit(EXIT_FAILURE);
-      }
-    } else if ((strcmp(parm, "--schema") == 0) || (strcmp(parm, "-s") == 0)) {
-      if (!val)
-        goto err_val;
-      schema = val;
-
-    } else if ((strcmp(parm, "--format") == 0) || (strcmp(parm, "-f") == 0)) {
-        if (!val)
-          goto err_val;
-
-        if (strcmp(val, "ucl") == 0) {
-          emitter = UCL_EMIT_CONFIG;
-        } else if (strcmp(val, "json") == 0) {
-          emitter = UCL_EMIT_JSON;
-        } else if (strcmp(val, "yaml") == 0) {
-          emitter = UCL_EMIT_YAML;
-        } else if (strcmp(val, "compact_json") == 0) {
-          emitter = UCL_EMIT_JSON_COMPACT;
-        } else if (strcmp(val, "msgpack") == 0) {
-          emitter = UCL_EMIT_MSGPACK;
-        } else {
-          fprintf(stderr, "Unknown output format: %s\n", val);
-          exit(EXIT_FAILURE);
-        }
-    } else {
-      usage(argv[0], stderr);
-      exit(EXIT_FAILURE);
-    }
-  }
-
-  parser = ucl_parser_new(0);
-  buf = malloc(BUFSIZ);
-  size = BUFSIZ;
-  while (!feof(in) && !ferror(in)) {
-    if (r == size) {
-      buf = realloc(buf, size*2);
-      size *= 2;
-      if (buf == NULL) {
-        perror("realloc");
-        exit(EXIT_FAILURE);
-      }
-    }
-    r += fread(buf + r, 1, size - r, in);
-  }
-  if (ferror(in)) {
-    fprintf(stderr, "Failed to read the input file.\n");
-    exit(EXIT_FAILURE);
-  }
-  fclose(in);
-  if (!ucl_parser_add_chunk(parser, buf, r)) {
-    fprintf(stderr, "Failed to parse input file: %s\n",
-            ucl_parser_get_error(parser));
-    exit(EXIT_FAILURE);
-  }
-  if ((obj = ucl_parser_get_object(parser)) == NULL) {
-    fprintf(stderr, "Failed to get root object: %s\n",
-            ucl_parser_get_error(parser));
-    exit(EXIT_FAILURE);
-  }
-  if (schema != NULL) {
-    struct ucl_parser *schema_parser = ucl_parser_new(0);
-    ucl_object_t *schema_obj = NULL;
-    struct ucl_schema_error error;
-
-    if (!ucl_parser_add_file(schema_parser, schema)) {
-      fprintf(stderr, "Failed to parse schema file: %s\n",
-              ucl_parser_get_error(schema_parser));
-      exit(EXIT_FAILURE);
-    }
-    if ((schema_obj = ucl_parser_get_object(schema_parser)) == NULL) {
-      fprintf(stderr, "Failed to get root object: %s\n",
-              ucl_parser_get_error(schema_parser));
-      exit(EXIT_FAILURE);
-    }
-    if (!ucl_object_validate(schema_obj, obj, &error)) {
-      fprintf(stderr, "Validation failed: %s\n", error.msg);
-      exit(EXIT_FAILURE);
-    }
-  }
-
-  if (emitter != UCL_EMIT_MSGPACK) {
-    fprintf(out, "%s\n", ucl_object_emit(obj, emitter));
-  } else {
-    size_t len;
-    unsigned char *res;
-
-    res = ucl_object_emit_len(obj, emitter, &len);
-    fwrite(res, 1, len, out);
-  }
-
-  return 0;
-
-err_val:
-    fprintf(stderr, "Parameter %s is missing mandatory value\n", parm);
-    usage(argv[0], stderr);
-    exit(EXIT_FAILURE);
-}
diff --git a/contrib/libxo/libxo/xo.h b/contrib/libxo/libxo/xo.h
index 6a61a16c7cae..7f37b469b54e 100644
--- a/contrib/libxo/libxo/xo.h
+++ b/contrib/libxo/libxo/xo.h
@@ -27,6 +27,10 @@
 #include <stdlib.h>
 #include <errno.h>
 
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
 #ifdef __dead2
 #define NORETURN __dead2
 #else
@@ -699,4 +703,8 @@ xo_retain_clear_all (void);
 void
 xo_retain_clear (const char *fmt);
 
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
 #endif /* INCLUDE_XO_H */
diff --git a/contrib/libxo/libxo/xo_encoder.h b/contrib/libxo/libxo/xo_encoder.h
index 099248ae13a6..bb57194ab030 100644
--- a/contrib/libxo/libxo/xo_encoder.h
+++ b/contrib/libxo/libxo/xo_encoder.h
@@ -20,6 +20,10 @@
 
 #include <string.h>
 
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
 /*
  * Expose libxo's memory allocation functions
  */
@@ -167,4 +171,8 @@ xo_encoder_op_name (xo_encoder_op_t op);
 void
 xo_failure (xo_handle_t *xop, const char *fmt, ...);
 
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
 #endif /* XO_ENCODER_H */
diff --git a/contrib/llvm-project/libcxx/include/__functional/binary_function.h b/contrib/llvm-project/libcxx/include/__functional/binary_function.h
index ddee3b170311..18879f65112b 100644
--- a/contrib/llvm-project/libcxx/include/__functional/binary_function.h
+++ b/contrib/llvm-project/libcxx/include/__functional/binary_function.h
@@ -39,11 +39,10 @@ struct __binary_function_keep_layout_base {
 };
 
 #if _LIBCPP_STD_VER <= 14 || defined(_LIBCPP_ENABLE_CXX17_REMOVED_UNARY_BINARY_FUNCTION)
-_LIBCPP_DIAGNOSTIC_PUSH
-_LIBCPP_CLANG_DIAGNOSTIC_IGNORED("-Wdeprecated-declarations")
+_LIBCPP_SUPPRESS_DEPRECATED_PUSH
 template <class _Arg1, class _Arg2, class _Result>
 using __binary_function = binary_function<_Arg1, _Arg2, _Result>;
-_LIBCPP_DIAGNOSTIC_POP
+_LIBCPP_SUPPRESS_DEPRECATED_POP
 #else
 template <class _Arg1, class _Arg2, class _Result>
 using __binary_function = __binary_function_keep_layout_base<_Arg1, _Arg2, _Result>;
diff --git a/contrib/llvm-project/libcxx/include/__functional/unary_function.h b/contrib/llvm-project/libcxx/include/__functional/unary_function.h
index 69b1bc94220a..d46df2e86fbd 100644
--- a/contrib/llvm-project/libcxx/include/__functional/unary_function.h
+++ b/contrib/llvm-project/libcxx/include/__functional/unary_function.h
@@ -36,11 +36,10 @@ struct __unary_function_keep_layout_base {
 };
 
 #if _LIBCPP_STD_VER <= 14 || defined(_LIBCPP_ENABLE_CXX17_REMOVED_UNARY_BINARY_FUNCTION)
-_LIBCPP_DIAGNOSTIC_PUSH
-_LIBCPP_CLANG_DIAGNOSTIC_IGNORED("-Wdeprecated-declarations")
+_LIBCPP_SUPPRESS_DEPRECATED_PUSH
 template <class _Arg, class _Result>
 using __unary_function = unary_function<_Arg, _Result>;
-_LIBCPP_DIAGNOSTIC_POP
+_LIBCPP_SUPPRESS_DEPRECATED_POP
 #else
 template <class _Arg, class _Result>
 using __unary_function = __unary_function_keep_layout_base<_Arg, _Result>;
diff --git a/contrib/llvm-project/libcxx/include/__functional/weak_result_type.h b/contrib/llvm-project/libcxx/include/__functional/weak_result_type.h
index ad7a8395186c..488fec9dac21 100644
--- a/contrib/llvm-project/libcxx/include/__functional/weak_result_type.h
+++ b/contrib/llvm-project/libcxx/include/__functional/weak_result_type.h
@@ -77,6 +77,7 @@ struct __maybe_derive_from_unary_function // bool is true
 template <class _Tp>
 struct __maybe_derive_from_unary_function<_Tp, false> {};
 
+_LIBCPP_SUPPRESS_DEPRECATED_PUSH
 template <class _Tp, bool = __derives_from_binary_function<_Tp>::value>
 struct __maybe_derive_from_binary_function // bool is true
     : public __derives_from_binary_function<_Tp>::type {};
@@ -99,6 +100,7 @@ struct __weak_result_type_imp<_Tp, false>
 
 template <class _Tp>
 struct __weak_result_type : public __weak_result_type_imp<_Tp> {};
+_LIBCPP_SUPPRESS_DEPRECATED_POP
 
 // 0 argument case
 
diff --git a/contrib/llvm-project/libcxx/include/__memory/allocator_traits.h b/contrib/llvm-project/libcxx/include/__memory/allocator_traits.h
index c5fcc89327b8..f3e327edda12 100644
--- a/contrib/llvm-project/libcxx/include/__memory/allocator_traits.h
+++ b/contrib/llvm-project/libcxx/include/__memory/allocator_traits.h
@@ -40,6 +40,7 @@ _LIBCPP_BEGIN_NAMESPACE_STD
   template <class _Tp>                                                                                                 \
   struct NAME<_Tp, __void_t<typename _Tp::PROPERTY > > : true_type {}
 
+_LIBCPP_SUPPRESS_DEPRECATED_PUSH
 // __pointer
 template <class _Tp,
           class _Alloc,
@@ -67,6 +68,7 @@ struct __const_pointer<_Tp, _Ptr, _Alloc, false> {
   using type _LIBCPP_NODEBUG = typename pointer_traits<_Ptr>::template rebind<const _Tp>;
 #endif
 };
+_LIBCPP_SUPPRESS_DEPRECATED_POP
 
 // __void_pointer
 _LIBCPP_ALLOCATOR_TRAITS_HAS_XXX(__has_void_pointer, void_pointer);
diff --git a/contrib/llvm-project/libcxx/include/__memory/uninitialized_algorithms.h b/contrib/llvm-project/libcxx/include/__memory/uninitialized_algorithms.h
index 7475ef5cf85d..79cab80dcf73 100644
--- a/contrib/llvm-project/libcxx/include/__memory/uninitialized_algorithms.h
+++ b/contrib/llvm-project/libcxx/include/__memory/uninitialized_algorithms.h
@@ -642,7 +642,8 @@ __uninitialized_allocator_relocate(_Alloc& __alloc, _Tp* __first, _Tp* __last, _
     __guard.__complete();
     std::__allocator_destroy(__alloc, __first, __last);
   } else {
-    __builtin_memcpy(const_cast<__remove_const_t<_Tp>*>(__result), __first, sizeof(_Tp) * (__last - __first));
+    // Casting to void* to suppress clang complaining that this is technically UB.
+    __builtin_memcpy(static_cast<void*>(const_cast<__remove_const_t<_Tp>*>(__result)), __first, sizeof(_Tp) * (__last - __first));
   }
 }
 
diff --git a/contrib/llvm-project/libcxx/include/__type_traits/is_trivially_relocatable.h b/contrib/llvm-project/libcxx/include/__type_traits/is_trivially_relocatable.h
index c0871731cc00..9b0e240de55f 100644
--- a/contrib/llvm-project/libcxx/include/__type_traits/is_trivially_relocatable.h
+++ b/contrib/llvm-project/libcxx/include/__type_traits/is_trivially_relocatable.h
@@ -11,7 +11,6 @@
 
 #include <__config>
 #include <__type_traits/enable_if.h>
-#include <__type_traits/integral_constant.h>
 #include <__type_traits/is_same.h>
 #include <__type_traits/is_trivially_copyable.h>
 
@@ -23,8 +22,11 @@ _LIBCPP_BEGIN_NAMESPACE_STD
 
 // A type is trivially relocatable if a move construct + destroy of the original object is equivalent to
 // `memcpy(dst, src, sizeof(T))`.
-
-#if __has_builtin(__is_trivially_relocatable)
+//
+// Note that we don't use the __is_trivially_relocatable Clang builtin right now because it does not
+// implement the semantics of any current or future trivial relocation proposal and it can lead to
+// incorrect optimizations on some platforms (Windows) and supported compilers (AppleClang).
+#if __has_builtin(__is_trivially_relocatable) && 0
 template <class _Tp, class = void>
 struct __libcpp_is_trivially_relocatable : integral_constant<bool, __is_trivially_relocatable(_Tp)> {};
 #else
diff --git a/contrib/llvm-project/libcxx/include/tuple b/contrib/llvm-project/libcxx/include/tuple
index 081b90c7bbec..1d39974d5a6b 100644
--- a/contrib/llvm-project/libcxx/include/tuple
+++ b/contrib/llvm-project/libcxx/include/tuple
@@ -302,7 +302,9 @@ class __tuple_leaf {
 
   template <class _Tp>
   static _LIBCPP_HIDE_FROM_ABI constexpr bool __can_bind_reference() {
-#  if __has_keyword(__reference_binds_to_temporary)
+#  if __has_keyword(__reference_constructs_from_temporary)
+    return !__reference_constructs_from_temporary(_Hp, _Tp);
+#  elif __has_keyword(__reference_binds_to_temporary)
     return !__reference_binds_to_temporary(_Hp, _Tp);
 #  else
     return true;
diff --git a/contrib/llvm-project/llvm/lib/ObjCopy/ELF/ELFObjcopy.cpp b/contrib/llvm-project/llvm/lib/ObjCopy/ELF/ELFObjcopy.cpp
index 075455c03415..7de9b4dd2ea1 100644
--- a/contrib/llvm-project/llvm/lib/ObjCopy/ELF/ELFObjcopy.cpp
+++ b/contrib/llvm-project/llvm/lib/ObjCopy/ELF/ELFObjcopy.cpp
@@ -368,7 +368,7 @@ static Error updateAndRemoveSymbols(const CommonConfig &Config,
   // (like GroupSection or RelocationSection). This way, we know which
   // symbols are still 'needed' and which are not.
   if (Config.StripUnneeded || !Config.UnneededSymbolsToRemove.empty() ||
-      !Config.OnlySection.empty()) {
+      !Config.OnlySection.empty() || Config.DiscardMode != DiscardType::None) {
     for (SectionBase &Sec : Obj.sections())
       Sec.markSymbols();
   }
@@ -390,22 +390,23 @@ static Error updateAndRemoveSymbols(const CommonConfig &Config,
     if (Config.StripDebug && Sym.Type == STT_FILE)
       return true;
 
-    if ((Config.DiscardMode == DiscardType::All ||
-         (Config.DiscardMode == DiscardType::Locals &&
-          StringRef(Sym.Name).starts_with(".L"))) &&
-        Sym.Binding == STB_LOCAL && Sym.getShndx() != SHN_UNDEF &&
-        Sym.Type != STT_FILE && Sym.Type != STT_SECTION)
-      return true;
-
     if ((Config.StripUnneeded ||
          Config.UnneededSymbolsToRemove.matches(Sym.Name)) &&
         (!Obj.isRelocatable() || isUnneededSymbol(Sym)))
       return true;
 
-    // We want to remove undefined symbols if all references have been stripped.
-    if (!Config.OnlySection.empty() && !Sym.Referenced &&
-        Sym.getShndx() == SHN_UNDEF)
-      return true;
+    if (!Sym.Referenced) {
+      if ((Config.DiscardMode == DiscardType::All ||
+           (Config.DiscardMode == DiscardType::Locals &&
+            StringRef(Sym.Name).starts_with(".L"))) &&
+          Sym.Binding == STB_LOCAL && Sym.getShndx() != SHN_UNDEF &&
+          Sym.Type != STT_FILE && Sym.Type != STT_SECTION)
+        return true;
+      // We want to remove undefined symbols if all references have been
+      // stripped.
+      if (!Config.OnlySection.empty() && Sym.getShndx() == SHN_UNDEF)
+        return true;
+    }
 
     return false;
   };
diff --git a/contrib/llvm-project/llvm/lib/Target/PowerPC/PPCMergeStringPool.cpp b/contrib/llvm-project/llvm/lib/Target/PowerPC/PPCMergeStringPool.cpp
index 309938accdf4..daf6a0e65d54 100644
--- a/contrib/llvm-project/llvm/lib/Target/PowerPC/PPCMergeStringPool.cpp
+++ b/contrib/llvm-project/llvm/lib/Target/PowerPC/PPCMergeStringPool.cpp
@@ -170,8 +170,9 @@ void PPCMergeStringPool::collectCandidateConstants(Module &M) {
     LLVM_DEBUG(dbgs() << "hasInitializer() " << Global.hasInitializer()
                       << "\n");
 
-    // We can only pool constants.
-    if (!Global.isConstant() || !Global.hasInitializer())
+    // We can only pool non-thread-local constants.
+    if (!Global.isConstant() || !Global.hasInitializer() ||
+        Global.isThreadLocal())
       continue;
 
     // If a global constant has a section we do not try to pool it because
diff --git a/contrib/lua/Makefile b/contrib/lua/Makefile
index 8efa2eb3fdd6..6e21588476df 100644
--- a/contrib/lua/Makefile
+++ b/contrib/lua/Makefile
@@ -46,7 +46,7 @@ TO_MAN= lua.1 luac.1
 
 # Lua version and release.
 V= 5.4
-R= $V.6
+R= $V.8
 
 # Targets start here.
 all:	$(PLAT)
diff --git a/contrib/lua/README b/contrib/lua/README
index 1ae97165babe..b251d296f687 100644
--- a/contrib/lua/README
+++ b/contrib/lua/README
@@ -1,5 +1,5 @@
 
-This is Lua 5.4.6, released on 02 May 2023.
+This is Lua 5.4.8, released on 21 May 2025.
 
 For installation instructions, license details, and
 further information about Lua, see doc/readme.html.
diff --git a/contrib/lua/doc/contents.html b/contrib/lua/doc/contents.html
index 1231e6d2481d..18b677dbac8f 100644
--- a/contrib/lua/doc/contents.html
+++ b/contrib/lua/doc/contents.html
@@ -10,7 +10,7 @@
 <BODY>
 
 <H1>
-<A HREF="http://www.lua.org/"><IMG SRC="logo.gif" ALT="Lua"></A>
+<A HREF="https://www.lua.org/"><IMG SRC="logo.gif" ALT="Lua"></A>
 Lua 5.4 Reference Manual
 </H1>
 
@@ -18,7 +18,7 @@ Lua 5.4 Reference Manual
 The reference manual is the official definition of the Lua language.
 <BR>
 For a complete introduction to Lua programming, see the book
-<A HREF="http://www.lua.org/pil/">Programming in Lua</A>.
+<A HREF="https://www.lua.org/pil/">Programming in Lua</A>.
 
 <DIV CLASS="menubar">
 <A HREF="manual.html">start</A>
@@ -27,14 +27,14 @@ For a complete introduction to Lua programming, see the book
 &middot;
 <A HREF="#index">index</A>
 &middot;
-<A HREF="http://www.lua.org/manual/">other versions</A>
+<A HREF="https://www.lua.org/manual/">other versions</A>
 </DIV>
 
 <P>
 <SMALL>
-Copyright &copy; 2020&ndash;2023 Lua.org, PUC-Rio.
+Copyright &copy; 2020&ndash;2025 Lua.org, PUC-Rio.
 Freely available under the terms of the
-<A HREF="http://www.lua.org/license.html">Lua license</A>.
+<A HREF="https://www.lua.org/license.html">Lua license</A>.
 </SMALL>
 
 <H2><A NAME="contents">Contents</A></H2>
@@ -668,10 +668,10 @@ Freely available under the terms of the
 
 <P CLASS="footer">
 Last update:
-Sat Apr  1 17:57:05 UTC 2023
+Wed May 21 21:11:33 UTC 2025
 </P>
 <!--
-Last change: revised for Lua 5.4.5
+Last change: revised for Lua 5.4.8
 -->
 
 </BODY>
diff --git a/contrib/lua/doc/lua.1 b/contrib/lua/doc/lua.1
index 3f472fd81f62..3c9e000234e3 100644
--- a/contrib/lua/doc/lua.1
+++ b/contrib/lua/doc/lua.1
@@ -1,5 +1,5 @@
-.\" $Id: lua.man,v 1.14 2022/09/23 09:06:36 lhf Exp $
-.TH LUA 1 "$Date: 2022/09/23 09:06:36 $"
+.\" $Id: lua.man,v 1.14 2024/05/08 18:48:27 lhf Exp $
+.TH LUA 1 "$Date: 2024/05/08 18:48:27 $"
 .SH NAME
 lua \- Lua interpreter
 .SH SYNOPSIS
@@ -123,7 +123,7 @@ and the version-neutral variants are ignored.
 Code to be executed before command line options and scripts.
 .TP
 .B LUA_PATH, LUA_PATH_5_4
-Initial value of package.cpath,
+Initial value of package.path,
 the path used by require to search for Lua loaders.
 .TP
 .B LUA_CPATH, LUA_CPATH_5_4
diff --git a/contrib/lua/doc/lua.css b/contrib/lua/doc/lua.css
index cbd0799d1525..9013b445c654 100644
--- a/contrib/lua/doc/lua.css
+++ b/contrib/lua/doc/lua.css
@@ -143,6 +143,7 @@ table.book td.cover {
 
 table.book img {
 	border: solid #000080 1px ;
+	border-radius: 2px ;
 }
 
 table.book span {
diff --git a/contrib/lua/doc/manual.html b/contrib/lua/doc/manual.html
index 0af688b343c7..8239bc2a964f 100644
--- a/contrib/lua/doc/manual.html
+++ b/contrib/lua/doc/manual.html
@@ -10,7 +10,7 @@
 <BODY>
 
 <H1>
-<A HREF="http://www.lua.org/"><IMG SRC="logo.gif" ALT="Lua"></A>
+<A HREF="https://www.lua.org/"><IMG SRC="logo.gif" ALT="Lua"></A>
 Lua 5.4 Reference Manual
 </H1>
 
@@ -19,9 +19,9 @@ by Roberto Ierusalimschy, Luiz Henrique de Figueiredo, Waldemar Celes
 
 <P>
 <SMALL>
-Copyright &copy; 2020&ndash;2023 Lua.org, PUC-Rio.
+Copyright &copy; 2020&ndash;2025 Lua.org, PUC-Rio.
 Freely available under the terms of the
-<a href="http://www.lua.org/license.html">Lua license</a>.
+<a href="https://www.lua.org/license.html">Lua license</a>.
 </SMALL>
 
 <DIV CLASS="menubar">
@@ -29,7 +29,7 @@ Freely available under the terms of the
 &middot;
 <A HREF="contents.html#index">index</A>
 &middot;
-<A HREF="http://www.lua.org/manual/">other versions</A>
+<A HREF="https://www.lua.org/manual/">other versions</A>
 </DIV>
 
 <!-- ====================================================================== -->
@@ -391,7 +391,7 @@ Whenever there is an error,
 an <em>error object</em>
 is propagated with information about the error.
 Lua itself only generates errors whose error object is a string,
-but programs may generate errors with
+but programs can generate errors with
 any value as the error object.
 It is up to the Lua program or its host to handle such error objects.
 For historical reasons,
@@ -401,7 +401,7 @@ even though it does not have to be a string.
 
 <p>
 When you use <a href="#pdf-xpcall"><code>xpcall</code></a> (or <a href="#lua_pcall"><code>lua_pcall</code></a>, in C)
-you may give a <em>message handler</em>
+you can give a <em>message handler</em>
 to be called in case of errors.
 This function is called with the original error object
 and returns a new error object.
@@ -453,7 +453,7 @@ which is then called a <em>metamethod</em>.
 In the previous example, the key is the string "<code>__add</code>"
 and the metamethod is the function that performs the addition.
 Unless stated otherwise,
-a metamethod may in fact be any callable value,
+a metamethod can in fact be any callable value,
 which is either a function or a value with a <code>__call</code> metamethod.
 
 
@@ -1725,7 +1725,7 @@ labels in Lua are considered statements too:
 <p>
 A label is visible in the entire block where it is defined,
 except inside nested functions.
-A goto may jump to any visible label as long as it does not
+A goto can jump to any visible label as long as it does not
 enter into the scope of a local variable.
 A label should not be declared
 where a label with the same name is visible,
@@ -5571,7 +5571,7 @@ otherwise, returns <code>NULL</code>.
 
 
 <hr><h3><a name="lua_toclose"><code>lua_toclose</code></a></h3><p>
-<span class="apii">[-0, +0, <em>m</em>]</span>
+<span class="apii">[-0, +0, <em>v</em>]</span>
 <pre>void lua_toclose (lua_State *L, int index);</pre>
 
 <p>
@@ -5592,6 +5592,11 @@ unless previously deactivated by <a href="#lua_closeslot"><code>lua_closeslot</c
 
 
 <p>
+This function raises an error if the value at the given slot
+neither has a <code>__close</code> metamethod nor is a false value.
+
+
+<p>
 This function should not be called for an index
 that is equal to or below an active to-be-closed slot.
 
@@ -5664,6 +5669,12 @@ after its last character (as in&nbsp;C),
 but can contain other zeros in its body.
 
 
+<p>
+This function can raise memory errors only
+when converting a number to a string
+(as then it may create a new string).
+
+
 
 
 
@@ -11276,13 +11287,13 @@ The returned table can contain all the fields returned by <a href="#lua_getinfo"
 with the string <code>what</code> describing which fields to fill in.
 The default for <code>what</code> is to get all information available,
 except the table of valid lines.
-If present,
-the option '<code>f</code>'
+The option '<code>f</code>'
 adds a field named <code>func</code> with the function itself.
-If present,
-the option '<code>L</code>'
-adds a field named <code>activelines</code> with the table of
-valid lines.
+The option '<code>L</code>' adds a field named <code>activelines</code>
+with the table of valid lines,
+provided the function is a Lua function.
+If the function has no debug information,
+the table is empty.
 
 
 <p>
@@ -11619,6 +11630,10 @@ Lua does not consult any environment variables.
 In particular,
 the values of <a href="#pdf-package.path"><code>package.path</code></a> and <a href="#pdf-package.cpath"><code>package.cpath</code></a>
 are set with the default paths defined in <code>luaconf.h</code>.
+To signal to the libraries that this option is on,
+the stand-alone interpreter sets the field
+<code>"LUA_NOENV"</code> in the registry to a true value.
+Other libraries may consult this field for the same purpose.
 
 
 <p>
@@ -12033,13 +12048,12 @@ and LiteralString, see <a href="#3.1">&sect;3.1</a>.)
 
 
 
-
 <P CLASS="footer">
 Last update:
-Tue May  2 20:09:38 UTC 2023
+Wed May 21 21:09:59 UTC 2025
 </P>
 <!--
-Last change: revised for Lua 5.4.6
+Last change: revised for Lua 5.4.8
 -->
 
 </body></html>
diff --git a/contrib/lua/doc/readme.html b/contrib/lua/doc/readme.html
index 918ec8ed9378..a4eb59dd38c6 100644
--- a/contrib/lua/doc/readme.html
+++ b/contrib/lua/doc/readme.html
@@ -29,7 +29,7 @@ tt, kbd, code {
 <BODY>
 
 <H1>
-<A HREF="http://www.lua.org/"><IMG SRC="logo.gif" ALT="Lua"></A>
+<A HREF="https://www.lua.org/"><IMG SRC="logo.gif" ALT="Lua"></A>
 Welcome to Lua 5.4
 </H1>
 
@@ -49,29 +49,31 @@ Welcome to Lua 5.4
 <P>
 Lua is a powerful, efficient, lightweight, embeddable scripting language
 developed by a
-<A HREF="http://www.lua.org/authors.html">team</A>
+<A HREF="https://www.lua.org/authors.html">team</A>
 at
-<A HREF="http://www.puc-rio.br/">PUC-Rio</A>,
+<A HREF="https://www.puc-rio.br/">PUC-Rio</A>,
 the Pontifical Catholic University of Rio de Janeiro in Brazil.
 Lua is
 <A HREF="#license">free software</A>
 used in
-<A HREF="http://www.lua.org/uses.html">many products and projects</A>
+<A HREF="https://www.lua.org/uses.html">many products and projects</A>
 around the world.
 
 <P>
 Lua's
-<A HREF="http://www.lua.org/">official web site</A>
+<A HREF="https://www.lua.org/">official website</A>
 provides complete information
 about Lua,
 including
 an
-<A HREF="http://www.lua.org/about.html">executive summary</A>
+<A HREF="https://www.lua.org/about.html">executive summary</A>,
+tips on
+<A HREF="https://www.lua.org/start.html">getting started</A>,
 and
 updated
-<A HREF="http://www.lua.org/docs.html">documentation</A>,
+<A HREF="https://www.lua.org/docs.html">documentation</A>,
 especially the
-<A HREF="http://www.lua.org/manual/5.4/">reference manual</A>,
+<A HREF="https://www.lua.org/manual/5.4/">reference manual</A>,
 which may differ slightly from the
 <A HREF="contents.html">local copy</A>
 distributed in this package.
@@ -79,7 +81,7 @@ distributed in this package.
 <H2><A NAME="install">Installing Lua</A></H2>
 <P>
 Lua is distributed in
-<A HREF="http://www.lua.org/ftp/">source</A>
+<A HREF="https://www.lua.org/ftp/">source</A>
 form.
 You need to build it before using it.
 Building Lua should be straightforward
@@ -88,7 +90,7 @@ Lua is implemented in pure ANSI C and compiles unmodified in all known
 platforms that have an ANSI C compiler.
 Lua also compiles unmodified as C++.
 The instructions given below for building Lua are for Unix-like platforms,
-such as Linux and Mac OS X.
+such as Linux and macOS.
 See also
 <A HREF="#other">instructions for other systems</A>
 and
@@ -97,7 +99,7 @@ and
 <P>
 If you don't have the time or the inclination to compile Lua yourself,
 get a binary from
-<A HREF="http://lua-users.org/wiki/LuaBinaries">LuaBinaries</A>.
+<A HREF="https://luabinaries.sourceforge.net">LuaBinaries</A>.
 
 <H3>Building Lua</H3>
 <P>
@@ -107,7 +109,7 @@ Here are the details.
 <OL>
 <LI>
 Open a terminal window and move to
-the top-level directory, which is named <TT>lua-5.4.6</TT>.
+the top-level directory, which is named <TT>lua-5.4.8</TT>.
 The <TT>Makefile</TT> there controls both the build process and the installation process.
 <P>
 <LI>
@@ -211,8 +213,8 @@ then try "<KBD>make linux-readline MYLIBS=-ltermcap</KBD>".
   record the changes you've made.
 
 <P>
-  On the other hand, if you need to customize some Lua features, you'll need
-  to edit <TT>src/luaconf.h</TT> before building and installing Lua.
+  On the other hand, if you need to customize some Lua features,
+  edit <TT>src/luaconf.h</TT> before building and installing Lua.
   The edited file will be the one installed, and
   it will be used by any Lua clients that you build, to ensure consistency.
   Further customization is available to experts by editing the Lua sources.
@@ -241,7 +243,7 @@ compiler:
 </DL>
 
 <P>
-  To use Lua as a library in your own programs, you'll need to know how to
+  To use Lua as a library in your own programs, you need to know how to
   create and use libraries with your compiler. Moreover, to dynamically load
   C libraries for Lua, you'll need to know how to create dynamic libraries
   and you'll need to make sure that the Lua API functions are accessible to
@@ -284,11 +286,11 @@ lists the
 
 <H2><A NAME="license">License</A></H2>
 <P>
-<A HREF="http://www.opensource.org/docs/definition.php">
-<IMG SRC="osi-certified-72x60.png" ALIGN="right" ALT="[osi certified]" STYLE="padding-left: 30px ;">
+<A HREF="https://opensource.org/osd">
+<IMG SRC="OSIApproved_100X125.png" ALIGN="right" ALT="[Open Source Initiative Approved License]" STYLE="padding-left: 1em" WIDTH=50>
 </A>
 Lua is free software distributed under the terms of the
-<A HREF="http://www.opensource.org/licenses/mit-license.html">MIT license</A>
+<A HREF="https://opensource.org/license/mit">MIT license</A>
 reproduced below;
 it may be used for any purpose, including commercial purposes,
 at absolutely no cost without having to ask us.
@@ -296,11 +298,11 @@ at absolutely no cost without having to ask us.
 The only requirement is that if you do use Lua,
 then you should give us credit by including the appropriate copyright notice somewhere in your product or its documentation.
 
-For details, see
-<A HREF="http://www.lua.org/license.html">this</A>.
+For details, see the
+<A HREF="https://www.lua.org/license.html">license page</A>.
 
 <BLOCKQUOTE STYLE="padding-bottom: 0em">
-Copyright &copy; 1994&ndash;2023 Lua.org, PUC-Rio.
+Copyright &copy; 1994&ndash;2025 Lua.org, PUC-Rio.
 
 <P>
 Permission is hereby granted, free of charge, to any person obtaining a copy
@@ -327,10 +329,10 @@ THE SOFTWARE.
 
 <P CLASS="footer">
 Last update:
-Tue May  2 20:08:55 UTC 2023
+Wed May 21 21:12:01 UTC 2025
 </P>
 <!--
-Last change: revised for Lua 5.4.6
+Last change: revised for Lua 5.4.8
 -->
 
 </BODY>
diff --git a/contrib/lua/src/lapi.c b/contrib/lua/src/lapi.c
index 34e64af1428c..04e09cff7e0d 100644
--- a/contrib/lua/src/lapi.c
+++ b/contrib/lua/src/lapi.c
@@ -417,9 +417,9 @@ LUA_API const char *lua_tolstring (lua_State *L, int idx, size_t *len) {
     o = index2value(L, idx);  /* previous call may reallocate the stack */
   }
   if (len != NULL)
-    *len = vslen(o);
+    *len = tsslen(tsvalue(o));
   lua_unlock(L);
-  return svalue(o);
+  return getstr(tsvalue(o));
 }
 
 
@@ -1343,7 +1343,7 @@ void lua_warning (lua_State *L, const char *msg, int tocont) {
 LUA_API void *lua_newuserdatauv (lua_State *L, size_t size, int nuvalue) {
   Udata *u;
   lua_lock(L);
-  api_check(L, 0 <= nuvalue && nuvalue < USHRT_MAX, "invalid value");
+  api_check(L, 0 <= nuvalue && nuvalue < SHRT_MAX, "invalid value");
   u = luaS_newudata(L, size, nuvalue);
   setuvalue(L, s2v(L->top.p), u);
   api_incr_top(L);
diff --git a/contrib/lua/src/lauxlib.c b/contrib/lua/src/lauxlib.c
index 4ca6c6548899..923105ed3176 100644
--- a/contrib/lua/src/lauxlib.c
+++ b/contrib/lua/src/lauxlib.c
@@ -80,6 +80,7 @@ static int pushglobalfuncname (lua_State *L, lua_Debug *ar) {
   int top = lua_gettop(L);
   lua_getinfo(L, "f", ar);  /* push function */
   lua_getfield(L, LUA_REGISTRYINDEX, LUA_LOADED_TABLE);
+  luaL_checkstack(L, 6, "not enough stack");  /* slots for 'findfield' */
   if (findfield(L, top + 1, 2)) {
     const char *name = lua_tostring(L, -1);
     if (strncmp(name, LUA_GNAME ".", 3) == 0) {  /* name start with '_G.'? */
@@ -249,11 +250,13 @@ LUALIB_API int luaL_fileresult (lua_State *L, int stat, const char *fname) {
     return 1;
   }
   else {
+    const char *msg;
     luaL_pushfail(L);
+    msg = (en != 0) ? strerror(en) : "(no extra info)";
     if (fname)
-      lua_pushfstring(L, "%s: %s", fname, strerror(en));
+      lua_pushfstring(L, "%s: %s", fname, msg);
     else
-      lua_pushstring(L, strerror(en));
+      lua_pushstring(L, msg);
     lua_pushinteger(L, en);
     return 3;
   }
@@ -732,9 +735,12 @@ static const char *getF (lua_State *L, void *ud, size_t *size) {
 
 
 static int errfile (lua_State *L, const char *what, int fnameindex) {
-  const char *serr = strerror(errno);
+  int err = errno;
   const char *filename = lua_tostring(L, fnameindex) + 1;
-  lua_pushfstring(L, "cannot %s %s: %s", what, filename, serr);
+  if (err != 0)
+    lua_pushfstring(L, "cannot %s %s: %s", what, filename, strerror(err));
+  else
+    lua_pushfstring(L, "cannot %s %s", what, filename);
   lua_remove(L, fnameindex);
   return LUA_ERRFILE;
 }
@@ -787,6 +793,7 @@ LUALIB_API int luaL_loadfilex (lua_State *L, const char *filename,
   }
   else {
     lua_pushfstring(L, "@%s", filename);
+    errno = 0;
     lf.f = fopen(filename, "r");
     if (lf.f == NULL) return errfile(L, "open", fnameindex);
   }
@@ -796,6 +803,7 @@ LUALIB_API int luaL_loadfilex (lua_State *L, const char *filename,
   if (c == LUA_SIGNATURE[0]) {  /* binary file? */
     lf.n = 0;  /* remove possible newline */
     if (filename) {  /* "real" file? */
+      errno = 0;
       lf.f = freopen(filename, "rb", lf.f);  /* reopen in binary mode */
       if (lf.f == NULL) return errfile(L, "reopen", fnameindex);
       skipcomment(lf.f, &c);  /* re-read initial portion */
@@ -803,6 +811,7 @@ LUALIB_API int luaL_loadfilex (lua_State *L, const char *filename,
   }
   if (c != EOF)
     lf.buff[lf.n++] = c;  /* 'c' is the first character of the stream */
+  errno = 0;
   status = lua_load(L, getF, &lf, lua_tostring(L, -1), mode);
   readstatus = ferror(lf.f);
   if (filename) fclose(lf.f);  /* close file (even in case of errors) */
@@ -933,7 +942,7 @@ LUALIB_API const char *luaL_tolstring (lua_State *L, int idx, size_t *len) {
 LUALIB_API void luaL_setfuncs (lua_State *L, const luaL_Reg *l, int nup) {
   luaL_checkstack(L, nup, "too many upvalues");
   for (; l->name != NULL; l++) {  /* fill the table with given functions */
-    if (l->func == NULL)  /* place holder? */
+    if (l->func == NULL)  /* placeholder? */
       lua_pushboolean(L, 0);
     else {
       int i;
@@ -1025,9 +1034,14 @@ static void *l_alloc (void *ud, void *ptr, size_t osize, size_t nsize) {
 }
 
 
+/*
+** Standard panic funcion just prints an error message. The test
+** with 'lua_type' avoids possible memory errors in 'lua_tostring'.
+*/
 static int panic (lua_State *L) {
-  const char *msg = lua_tostring(L, -1);
-  if (msg == NULL) msg = "error object is not a string";
+  const char *msg = (lua_type(L, -1) == LUA_TSTRING)
+                  ? lua_tostring(L, -1)
+                  : "error object is not a string";
   lua_writestringerror("PANIC: unprotected error in call to Lua API (%s)\n",
                         msg);
   return 0;  /* return to Lua to abort */
diff --git a/contrib/lua/src/lcode.c b/contrib/lua/src/lcode.c
index 8d6ce8c08bd2..85466a82ee1d 100644
--- a/contrib/lua/src/lcode.c
+++ b/contrib/lua/src/lcode.c
@@ -35,6 +35,7 @@
 #define MAXREGS		255
 
 
+/* (note that expressions VJMP also have jumps.) */
 #define hasjumps(e)	((e)->t != (e)->f)
 
 
@@ -415,7 +416,7 @@ int luaK_codeABx (FuncState *fs, OpCode o, int a, unsigned int bc) {
 /*
 ** Format and emit an 'iAsBx' instruction.
 */
-int luaK_codeAsBx (FuncState *fs, OpCode o, int a, int bc) {
+static int codeAsBx (FuncState *fs, OpCode o, int a, int bc) {
   unsigned int b = bc + OFFSET_sBx;
   lua_assert(getOpMode(o) == iAsBx);
   lua_assert(a <= MAXARG_A && b <= MAXARG_Bx);
@@ -678,7 +679,7 @@ static int fitsBx (lua_Integer i) {
 
 void luaK_int (FuncState *fs, int reg, lua_Integer i) {
   if (fitsBx(i))
-    luaK_codeAsBx(fs, OP_LOADI, reg, cast_int(i));
+    codeAsBx(fs, OP_LOADI, reg, cast_int(i));
   else
     luaK_codek(fs, reg, luaK_intK(fs, i));
 }
@@ -687,7 +688,7 @@ void luaK_int (FuncState *fs, int reg, lua_Integer i) {
 static void luaK_float (FuncState *fs, int reg, lua_Number f) {
   lua_Integer fi;
   if (luaV_flttointeger(f, &fi, F2Ieq) && fitsBx(fi))
-    luaK_codeAsBx(fs, OP_LOADF, reg, cast_int(fi));
+    codeAsBx(fs, OP_LOADF, reg, cast_int(fi));
   else
     luaK_codek(fs, reg, luaK_numberK(fs, f));
 }
@@ -783,7 +784,8 @@ void luaK_dischargevars (FuncState *fs, expdesc *e) {
       break;
     }
     case VLOCAL: {  /* already in a register */
-      e->u.info = e->u.var.ridx;
+      int temp = e->u.var.ridx;
+      e->u.info = temp;  /* (can't do a direct assignment; values overlap) */
       e->k = VNONRELOC;  /* becomes a non-relocatable value */
       break;
     }
@@ -991,7 +993,7 @@ void luaK_exp2anyregup (FuncState *fs, expdesc *e) {
 ** or it is a constant.
 */
 void luaK_exp2val (FuncState *fs, expdesc *e) {
-  if (hasjumps(e))
+  if (e->k == VJMP || hasjumps(e))
     luaK_exp2anyreg(fs, e);
   else
     luaK_dischargevars(fs, e);
@@ -1032,7 +1034,7 @@ static int luaK_exp2K (FuncState *fs, expdesc *e) {
 ** in the range of R/K indices).
 ** Returns 1 iff expression is K.
 */
-int luaK_exp2RK (FuncState *fs, expdesc *e) {
+static int exp2RK (FuncState *fs, expdesc *e) {
   if (luaK_exp2K(fs, e))
     return 1;
   else {  /* not a constant in the right range: put it in a register */
@@ -1044,7 +1046,7 @@ int luaK_exp2RK (FuncState *fs, expdesc *e) {
 
 static void codeABRK (FuncState *fs, OpCode o, int a, int b,
                       expdesc *ec) {
-  int k = luaK_exp2RK(fs, ec);
+  int k = exp2RK(fs, ec);
   luaK_codeABCk(fs, o, a, b, ec->u.info, k);
 }
 
@@ -1222,7 +1224,7 @@ static void codenot (FuncState *fs, expdesc *e) {
 
 
 /*
-** Check whether expression 'e' is a small literal string
+** Check whether expression 'e' is a short literal string
 */
 static int isKstr (FuncState *fs, expdesc *e) {
   return (e->k == VK && !hasjumps(e) && e->u.info <= MAXARG_B &&
@@ -1232,7 +1234,7 @@ static int isKstr (FuncState *fs, expdesc *e) {
 /*
 ** Check whether expression 'e' is a literal integer.
 */
-int luaK_isKint (expdesc *e) {
+static int isKint (expdesc *e) {
   return (e->k == VKINT && !hasjumps(e));
 }
 
@@ -1242,7 +1244,7 @@ int luaK_isKint (expdesc *e) {
 ** proper range to fit in register C
 */
 static int isCint (expdesc *e) {
-  return luaK_isKint(e) && (l_castS2U(e->u.ival) <= l_castS2U(MAXARG_C));
+  return isKint(e) && (l_castS2U(e->u.ival) <= l_castS2U(MAXARG_C));
 }
 
 
@@ -1251,7 +1253,7 @@ static int isCint (expdesc *e) {
 ** proper range to fit in register sC
 */
 static int isSCint (expdesc *e) {
-  return luaK_isKint(e) && fitsC(e->u.ival);
+  return isKint(e) && fitsC(e->u.ival);
 }
 
 
@@ -1290,15 +1292,17 @@ void luaK_indexed (FuncState *fs, expdesc *t, expdesc *k) {
   if (t->k == VUPVAL && !isKstr(fs, k))  /* upvalue indexed by non 'Kstr'? */
     luaK_exp2anyreg(fs, t);  /* put it in a register */
   if (t->k == VUPVAL) {
-    t->u.ind.t = t->u.info;  /* upvalue index */
-    t->u.ind.idx = k->u.info;  /* literal string */
+    int temp = t->u.info;  /* upvalue index */
+    lua_assert(isKstr(fs, k));
+    t->u.ind.t = temp;  /* (can't do a direct assignment; values overlap) */
+    t->u.ind.idx = k->u.info;  /* literal short string */
     t->k = VINDEXUP;
   }
   else {
     /* register index of the table */
     t->u.ind.t = (t->k == VLOCAL) ? t->u.var.ridx: t->u.info;
     if (isKstr(fs, k)) {
-      t->u.ind.idx = k->u.info;  /* literal string */
+      t->u.ind.idx = k->u.info;  /* literal short string */
       t->k = VINDEXSTR;
     }
     else if (isCint(k)) {
@@ -1466,7 +1470,7 @@ static void codebinK (FuncState *fs, BinOpr opr,
 */
 static int finishbinexpneg (FuncState *fs, expdesc *e1, expdesc *e2,
                              OpCode op, int line, TMS event) {
-  if (!luaK_isKint(e2))
+  if (!isKint(e2))
     return 0;  /* not an integer constant */
   else {
     lua_Integer i2 = e2->u.ival;
@@ -1599,7 +1603,7 @@ static void codeeq (FuncState *fs, BinOpr opr, expdesc *e1, expdesc *e2) {
     op = OP_EQI;
     r2 = im;  /* immediate operand */
   }
-  else if (luaK_exp2RK(fs, e2)) {  /* 2nd expression is constant? */
+  else if (exp2RK(fs, e2)) {  /* 2nd expression is constant? */
     op = OP_EQK;
     r2 = e2->u.info;  /* constant index */
   }
@@ -1665,7 +1669,7 @@ void luaK_infix (FuncState *fs, BinOpr op, expdesc *v) {
     }
     case OPR_EQ: case OPR_NE: {
       if (!tonumeral(v, NULL))
-        luaK_exp2RK(fs, v);
+        exp2RK(fs, v);
       /* else keep numeral, which may be an immediate operand */
       break;
     }
diff --git a/contrib/lua/src/lcode.h b/contrib/lua/src/lcode.h
index 326582445263..0b971fc4359b 100644
--- a/contrib/lua/src/lcode.h
+++ b/contrib/lua/src/lcode.h
@@ -61,10 +61,8 @@ typedef enum UnOpr { OPR_MINUS, OPR_BNOT, OPR_NOT, OPR_LEN, OPR_NOUNOPR } UnOpr;
 
 LUAI_FUNC int luaK_code (FuncState *fs, Instruction i);
 LUAI_FUNC int luaK_codeABx (FuncState *fs, OpCode o, int A, unsigned int Bx);
-LUAI_FUNC int luaK_codeAsBx (FuncState *fs, OpCode o, int A, int Bx);
 LUAI_FUNC int luaK_codeABCk (FuncState *fs, OpCode o, int A,
                                             int B, int C, int k);
-LUAI_FUNC int luaK_isKint (expdesc *e);
 LUAI_FUNC int luaK_exp2const (FuncState *fs, const expdesc *e, TValue *v);
 LUAI_FUNC void luaK_fixline (FuncState *fs, int line);
 LUAI_FUNC void luaK_nil (FuncState *fs, int from, int n);
@@ -76,7 +74,6 @@ LUAI_FUNC int luaK_exp2anyreg (FuncState *fs, expdesc *e);
 LUAI_FUNC void luaK_exp2anyregup (FuncState *fs, expdesc *e);
 LUAI_FUNC void luaK_exp2nextreg (FuncState *fs, expdesc *e);
 LUAI_FUNC void luaK_exp2val (FuncState *fs, expdesc *e);
-LUAI_FUNC int luaK_exp2RK (FuncState *fs, expdesc *e);
 LUAI_FUNC void luaK_self (FuncState *fs, expdesc *e, expdesc *key);
 LUAI_FUNC void luaK_indexed (FuncState *fs, expdesc *t, expdesc *k);
 LUAI_FUNC void luaK_goiftrue (FuncState *fs, expdesc *e);
diff --git a/contrib/lua/src/ldebug.c b/contrib/lua/src/ldebug.c
index 28b1caabf77e..7264fce8a55c 100644
--- a/contrib/lua/src/ldebug.c
+++ b/contrib/lua/src/ldebug.c
@@ -31,12 +31,15 @@
 
 
 
-#define noLuaClosure(f)		((f) == NULL || (f)->c.tt == LUA_VCCL)
+#define LuaClosure(f)		((f) != NULL && (f)->c.tt == LUA_VLCL)
 
 
 static const char *funcnamefromcall (lua_State *L, CallInfo *ci,
                                                    const char **name);
 
+static const char strlocal[] = "local";
+static const char strupval[] = "upvalue";
+
 
 static int currentpc (CallInfo *ci) {
   lua_assert(isLua(ci));
@@ -254,7 +257,7 @@ LUA_API const char *lua_setlocal (lua_State *L, const lua_Debug *ar, int n) {
 
 
 static void funcinfo (lua_Debug *ar, Closure *cl) {
-  if (noLuaClosure(cl)) {
+  if (!LuaClosure(cl)) {
     ar->source = "=[C]";
     ar->srclen = LL("=[C]");
     ar->linedefined = -1;
@@ -288,29 +291,31 @@ static int nextline (const Proto *p, int currentline, int pc) {
 
 
 static void collectvalidlines (lua_State *L, Closure *f) {
-  if (noLuaClosure(f)) {
+  if (!LuaClosure(f)) {
     setnilvalue(s2v(L->top.p));
     api_incr_top(L);
   }
   else {
-    int i;
-    TValue v;
     const Proto *p = f->l.p;
     int currentline = p->linedefined;
     Table *t = luaH_new(L);  /* new table to store active lines */
     sethvalue2s(L, L->top.p, t);  /* push it on stack */
     api_incr_top(L);
-    setbtvalue(&v);  /* boolean 'true' to be the value of all indices */
-    if (!p->is_vararg)  /* regular function? */
-      i = 0;  /* consider all instructions */
-    else {  /* vararg function */
-      lua_assert(GET_OPCODE(p->code[0]) == OP_VARARGPREP);
-      currentline = nextline(p, currentline, 0);
-      i = 1;  /* skip first instruction (OP_VARARGPREP) */
-    }
-    for (; i < p->sizelineinfo; i++) {  /* for each instruction */
-      currentline = nextline(p, currentline, i);  /* get its line */
-      luaH_setint(L, t, currentline, &v);  /* table[line] = true */
+    if (p->lineinfo != NULL) {  /* proto with debug information? */
+      int i;
+      TValue v;
+      setbtvalue(&v);  /* boolean 'true' to be the value of all indices */
+      if (!p->is_vararg)  /* regular function? */
+        i = 0;  /* consider all instructions */
+      else {  /* vararg function */
+        lua_assert(GET_OPCODE(p->code[0]) == OP_VARARGPREP);
+        currentline = nextline(p, currentline, 0);
+        i = 1;  /* skip first instruction (OP_VARARGPREP) */
+      }
+      for (; i < p->sizelineinfo; i++) {  /* for each instruction */
+        currentline = nextline(p, currentline, i);  /* get its line */
+        luaH_setint(L, t, currentline, &v);  /* table[line] = true */
+      }
     }
   }
 }
@@ -339,7 +344,7 @@ static int auxgetinfo (lua_State *L, const char *what, lua_Debug *ar,
       }
       case 'u': {
         ar->nups = (f == NULL) ? 0 : f->c.nupvalues;
-        if (noLuaClosure(f)) {
+        if (!LuaClosure(f)) {
           ar->isvararg = 1;
           ar->nparams = 0;
         }
@@ -417,40 +422,6 @@ LUA_API int lua_getinfo (lua_State *L, const char *what, lua_Debug *ar) {
 ** =======================================================
 */
 
-static const char *getobjname (const Proto *p, int lastpc, int reg,
-                               const char **name);
-
-
-/*
-** Find a "name" for the constant 'c'.
-*/
-static void kname (const Proto *p, int c, const char **name) {
-  TValue *kvalue = &p->k[c];
-  *name = (ttisstring(kvalue)) ? svalue(kvalue) : "?";
-}
-
-
-/*
-** Find a "name" for the register 'c'.
-*/
-static void rname (const Proto *p, int pc, int c, const char **name) {
-  const char *what = getobjname(p, pc, c, name); /* search for 'c' */
-  if (!(what && *what == 'c'))  /* did not find a constant name? */
-    *name = "?";
-}
-
-
-/*
-** Find a "name" for a 'C' value in an RK instruction.
-*/
-static void rkname (const Proto *p, int pc, Instruction i, const char **name) {
-  int c = GETARG_C(i);  /* key index */
-  if (GETARG_k(i))  /* is 'c' a constant? */
-    kname(p, c, name);
-  else  /* 'c' is a register */
-    rname(p, pc, c, name);
-}
-
 
 static int filterpc (int pc, int jmptarget) {
   if (pc < jmptarget)  /* is code conditional (inside a jump)? */
@@ -509,28 +480,29 @@ static int findsetreg (const Proto *p, int lastpc, int reg) {
 
 
 /*
-** Check whether table being indexed by instruction 'i' is the
-** environment '_ENV'
+** Find a "name" for the constant 'c'.
 */
-static const char *gxf (const Proto *p, int pc, Instruction i, int isup) {
-  int t = GETARG_B(i);  /* table index */
-  const char *name;  /* name of indexed variable */
-  if (isup)  /* is an upvalue? */
-    name = upvalname(p, t);
-  else
-    getobjname(p, pc, t, &name);
-  return (name && strcmp(name, LUA_ENV) == 0) ? "global" : "field";
+static const char *kname (const Proto *p, int index, const char **name) {
+  TValue *kvalue = &p->k[index];
+  if (ttisstring(kvalue)) {
+    *name = getstr(tsvalue(kvalue));
+    return "constant";
+  }
+  else {
+    *name = "?";
+    return NULL;
+  }
 }
 
 
-static const char *getobjname (const Proto *p, int lastpc, int reg,
-                               const char **name) {
-  int pc;
-  *name = luaF_getlocalname(p, reg + 1, lastpc);
+static const char *basicgetobjname (const Proto *p, int *ppc, int reg,
+                                    const char **name) {
+  int pc = *ppc;
+  *name = luaF_getlocalname(p, reg + 1, pc);
   if (*name)  /* is a local? */
-    return "local";
+    return strlocal;
   /* else try symbolic execution */
-  pc = findsetreg(p, lastpc, reg);
+  *ppc = pc = findsetreg(p, pc, reg);
   if (pc != -1) {  /* could find instruction? */
     Instruction i = p->code[pc];
     OpCode op = GET_OPCODE(i);
@@ -538,18 +510,86 @@ static const char *getobjname (const Proto *p, int lastpc, int reg,
       case OP_MOVE: {
         int b = GETARG_B(i);  /* move from 'b' to 'a' */
         if (b < GETARG_A(i))
-          return getobjname(p, pc, b, name);  /* get name for 'b' */
+          return basicgetobjname(p, ppc, b, name);  /* get name for 'b' */
         break;
       }
+      case OP_GETUPVAL: {
+        *name = upvalname(p, GETARG_B(i));
+        return strupval;
+      }
+      case OP_LOADK: return kname(p, GETARG_Bx(i), name);
+      case OP_LOADKX: return kname(p, GETARG_Ax(p->code[pc + 1]), name);
+      default: break;
+    }
+  }
+  return NULL;  /* could not find reasonable name */
+}
+
+
+/*
+** Find a "name" for the register 'c'.
+*/
+static void rname (const Proto *p, int pc, int c, const char **name) {
+  const char *what = basicgetobjname(p, &pc, c, name); /* search for 'c' */
+  if (!(what && *what == 'c'))  /* did not find a constant name? */
+    *name = "?";
+}
+
+
+/*
+** Find a "name" for a 'C' value in an RK instruction.
+*/
+static void rkname (const Proto *p, int pc, Instruction i, const char **name) {
+  int c = GETARG_C(i);  /* key index */
+  if (GETARG_k(i))  /* is 'c' a constant? */
+    kname(p, c, name);
+  else  /* 'c' is a register */
+    rname(p, pc, c, name);
+}
+
+
+/*
+** Check whether table being indexed by instruction 'i' is the
+** environment '_ENV'. If the table is an upvalue, get its name;
+** otherwise, find some "name" for the table and check whether
+** that name is the name of a local variable (and not, for instance,
+** a string). Then check that, if there is a name, it is '_ENV'.
+*/
+static const char *isEnv (const Proto *p, int pc, Instruction i, int isup) {
+  int t = GETARG_B(i);  /* table index */
+  const char *name;  /* name of indexed variable */
+  if (isup)  /* is 't' an upvalue? */
+    name = upvalname(p, t);
+  else {  /* 't' is a register */
+    const char *what = basicgetobjname(p, &pc, t, &name);
+    if (what != strlocal && what != strupval)
+      name = NULL;  /* cannot be the variable _ENV */
+  }
+  return (name && strcmp(name, LUA_ENV) == 0) ? "global" : "field";
+}
+
+
+/*
+** Extend 'basicgetobjname' to handle table accesses
+*/
+static const char *getobjname (const Proto *p, int lastpc, int reg,
+                               const char **name) {
+  const char *kind = basicgetobjname(p, &lastpc, reg, name);
+  if (kind != NULL)
+    return kind;
+  else if (lastpc != -1) {  /* could find instruction? */
+    Instruction i = p->code[lastpc];
+    OpCode op = GET_OPCODE(i);
+    switch (op) {
       case OP_GETTABUP: {
         int k = GETARG_C(i);  /* key index */
         kname(p, k, name);
-        return gxf(p, pc, i, 1);
+        return isEnv(p, lastpc, i, 1);
       }
       case OP_GETTABLE: {
         int k = GETARG_C(i);  /* key index */
-        rname(p, pc, k, name);
-        return gxf(p, pc, i, 0);
+        rname(p, lastpc, k, name);
+        return isEnv(p, lastpc, i, 0);
       }
       case OP_GETI: {
         *name = "integer index";
@@ -558,24 +598,10 @@ static const char *getobjname (const Proto *p, int lastpc, int reg,
       case OP_GETFIELD: {
         int k = GETARG_C(i);  /* key index */
         kname(p, k, name);
-        return gxf(p, pc, i, 0);
-      }
-      case OP_GETUPVAL: {
-        *name = upvalname(p, GETARG_B(i));
-        return "upvalue";
-      }
-      case OP_LOADK:
-      case OP_LOADKX: {
-        int b = (op == OP_LOADK) ? GETARG_Bx(i)
-                                 : GETARG_Ax(p->code[pc + 1]);
-        if (ttisstring(&p->k[b])) {
-          *name = svalue(&p->k[b]);
-          return "constant";
-        }
-        break;
+        return isEnv(p, lastpc, i, 0);
       }
       case OP_SELF: {
-        rkname(p, pc, i, name);
+        rkname(p, lastpc, i, name);
         return "method";
       }
       default: break;  /* go through to return NULL */
@@ -627,7 +653,7 @@ static const char *funcnamefromcode (lua_State *L, const Proto *p,
     default:
       return NULL;  /* cannot find a reasonable name */
   }
-  *name = getstr(G(L)->tmname[tm]) + 2;
+  *name = getshrstr(G(L)->tmname[tm]) + 2;
   return "metamethod";
 }
 
@@ -684,7 +710,7 @@ static const char *getupvalname (CallInfo *ci, const TValue *o,
   for (i = 0; i < c->nupvalues; i++) {
     if (c->upvals[i]->v.p == o) {
       *name = upvalname(c->p, i);
-      return "upvalue";
+      return strupval;
     }
   }
   return NULL;
@@ -866,6 +892,28 @@ static int changedline (const Proto *p, int oldpc, int newpc) {
 
 
 /*
+** Traces Lua calls. If code is running the first instruction of a function,
+** and function is not vararg, and it is not coming from an yield,
+** calls 'luaD_hookcall'. (Vararg functions will call 'luaD_hookcall'
+** after adjusting its variable arguments; otherwise, they could call
+** a line/count hook before the call hook. Functions coming from
+** an yield already called 'luaD_hookcall' before yielding.)
+*/
+int luaG_tracecall (lua_State *L) {
+  CallInfo *ci = L->ci;
+  Proto *p = ci_func(ci)->p;
+  ci->u.l.trap = 1;  /* ensure hooks will be checked */
+  if (ci->u.l.savedpc == p->code) {  /* first instruction (not resuming)? */
+    if (p->is_vararg)
+      return 0;  /* hooks will start at VARARGPREP instruction */
+    else if (!(ci->callstatus & CIST_HOOKYIELD))  /* not yieded? */
+      luaD_hookcall(L, ci);  /* check 'call' hook */
+  }
+  return 1;  /* keep 'trap' on */
+}
+
+
+/*
 ** Traces the execution of a Lua function. Called before the execution
 ** of each opcode, when debug is on. 'L->oldpc' stores the last
 ** instruction traced, to detect line changes. When entering a new
@@ -888,12 +936,12 @@ int luaG_traceexec (lua_State *L, const Instruction *pc) {
   }
   pc++;  /* reference is always next instruction */
   ci->u.l.savedpc = pc;  /* save 'pc' */
-  counthook = (--L->hookcount == 0 && (mask & LUA_MASKCOUNT));
+  counthook = (mask & LUA_MASKCOUNT) && (--L->hookcount == 0);
   if (counthook)
     resethookcount(L);  /* reset count */
   else if (!(mask & LUA_MASKLINE))
     return 1;  /* no line hook and count != 0; nothing to be done now */
-  if (ci->callstatus & CIST_HOOKYIELD) {  /* called hook last time? */
+  if (ci->callstatus & CIST_HOOKYIELD) {  /* hook yielded last time? */
     ci->callstatus &= ~CIST_HOOKYIELD;  /* erase mark */
     return 1;  /* do not call hook again (VM yielded, so it did not move) */
   }
@@ -915,7 +963,6 @@ int luaG_traceexec (lua_State *L, const Instruction *pc) {
   if (L->status == LUA_YIELD) {  /* did hook yield? */
     if (counthook)
       L->hookcount = 1;  /* undo decrement to zero */
-    ci->u.l.savedpc--;  /* undo increment (resume will increment it again) */
     ci->callstatus |= CIST_HOOKYIELD;  /* mark that it yielded */
     luaD_throw(L, LUA_YIELD);
   }
diff --git a/contrib/lua/src/ldebug.h b/contrib/lua/src/ldebug.h
index 2c3074c61b6f..2bfce3cb5e77 100644
--- a/contrib/lua/src/ldebug.h
+++ b/contrib/lua/src/ldebug.h
@@ -58,6 +58,7 @@ LUAI_FUNC const char *luaG_addinfo (lua_State *L, const char *msg,
                                                   TString *src, int line);
 LUAI_FUNC l_noret luaG_errormsg (lua_State *L);
 LUAI_FUNC int luaG_traceexec (lua_State *L, const Instruction *pc);
+LUAI_FUNC int luaG_tracecall (lua_State *L);
 
 
 #endif
diff --git a/contrib/lua/src/ldo.c b/contrib/lua/src/ldo.c
index 2a0017ca62a3..c92573d6e699 100644
--- a/contrib/lua/src/ldo.c
+++ b/contrib/lua/src/ldo.c
@@ -94,10 +94,6 @@ void luaD_seterrorobj (lua_State *L, int errcode, StkId oldtop) {
       setsvalue2s(L, oldtop, G(L)->memerrmsg); /* reuse preregistered msg. */
       break;
     }
-    case LUA_ERRERR: {
-      setsvalue2s(L, oldtop, luaS_newliteral(L, "error in error handling"));
-      break;
-    }
     case LUA_OK: {  /* special case only for closing upvalues */
       setnilvalue(s2v(oldtop));  /* no error message */
       break;
@@ -120,6 +116,7 @@ l_noret luaD_throw (lua_State *L, int errcode) {
   else {  /* thread has no error handler */
     global_State *g = G(L);
     errcode = luaE_resetthread(L, errcode);  /* close all upvalues */
+    L->status = errcode;
     if (g->mainthread->errorJmp) {  /* main thread has a handler? */
       setobjs2s(L, g->mainthread->top.p++, L->top.p - 1);  /* copy error obj. */
       luaD_throw(g->mainthread, errcode);  /* re-throw in main thread */
@@ -198,6 +195,16 @@ static void correctstack (lua_State *L) {
 /* some space for error handling */
 #define ERRORSTACKSIZE	(LUAI_MAXSTACK + 200)
 
+
+/* raise an error while running the message handler */
+l_noret luaD_errerr (lua_State *L) {
+  TString *msg = luaS_newliteral(L, "error in error handling");
+  setsvalue2s(L, L->top.p, msg);
+  L->top.p++;  /* assume EXTRA_STACK */
+  luaD_throw(L, LUA_ERRERR);
+}
+
+
 /*
 ** Reallocate the stack to a new size, correcting all pointers into it.
 ** In ISO C, any pointer use after the pointer has been deallocated is
@@ -247,7 +254,7 @@ int luaD_growstack (lua_State *L, int n, int raiseerror) {
        a stack error; cannot grow further than that. */
     lua_assert(stacksize(L) == ERRORSTACKSIZE);
     if (raiseerror)
-      luaD_throw(L, LUA_ERRERR);  /* error inside message handler */
+      luaD_errerr(L);  /* error inside message handler */
     return 0;  /* if not 'raiseerror', just signal it */
   }
   else if (n < LUAI_MAXSTACK) {  /* avoids arithmetic overflows */
@@ -409,7 +416,7 @@ static void rethook (lua_State *L, CallInfo *ci, int nres) {
 ** stack, below original 'func', so that 'luaD_precall' can call it. Raise
 ** an error if there is no '__call' metafield.
 */
-StkId luaD_tryfuncTM (lua_State *L, StkId func) {
+static StkId tryfuncTM (lua_State *L, StkId func) {
   const TValue *tm;
   StkId p;
   checkstackGCp(L, 1, func);  /* space for metamethod */
@@ -568,7 +575,7 @@ int luaD_pretailcall (lua_State *L, CallInfo *ci, StkId func,
       return -1;
     }
     default: {  /* not a function */
-      func = luaD_tryfuncTM(L, func);  /* try to get '__call' metamethod */
+      func = tryfuncTM(L, func);  /* try to get '__call' metamethod */
       /* return luaD_pretailcall(L, ci, func, narg1 + 1, delta); */
       narg1++;
       goto retry;  /* try again */
@@ -609,7 +616,7 @@ CallInfo *luaD_precall (lua_State *L, StkId func, int nresults) {
       return ci;
     }
     default: {  /* not a function */
-      func = luaD_tryfuncTM(L, func);  /* try to get '__call' metamethod */
+      func = tryfuncTM(L, func);  /* try to get '__call' metamethod */
       /* return luaD_precall(L, func, nresults); */
       goto retry;  /* try again with metamethod */
     }
@@ -792,6 +799,10 @@ static void resume (lua_State *L, void *ud) {
     lua_assert(L->status == LUA_YIELD);
     L->status = LUA_OK;  /* mark that it is running (again) */
     if (isLua(ci)) {  /* yielded inside a hook? */
+      /* undo increment made by 'luaG_traceexec': instruction was not
+         executed yet */
+      lua_assert(ci->callstatus & CIST_HOOKYIELD);
+      ci->u.l.savedpc--;
       L->top.p = firstArg;  /* discard arguments */
       luaV_execute(L, ci);  /* just continue running Lua code */
     }
diff --git a/contrib/lua/src/ldo.h b/contrib/lua/src/ldo.h
index 1aa446ad09e9..4de9540ec807 100644
--- a/contrib/lua/src/ldo.h
+++ b/contrib/lua/src/ldo.h
@@ -60,6 +60,7 @@
 /* type of protected functions, to be ran by 'runprotected' */
 typedef void (*Pfunc) (lua_State *L, void *ud);
 
+LUAI_FUNC l_noret luaD_errerr (lua_State *L);
 LUAI_FUNC void luaD_seterrorobj (lua_State *L, int errcode, StkId oldtop);
 LUAI_FUNC int luaD_protectedparser (lua_State *L, ZIO *z, const char *name,
                                                   const char *mode);
@@ -71,7 +72,6 @@ LUAI_FUNC int luaD_pretailcall (lua_State *L, CallInfo *ci, StkId func,
 LUAI_FUNC CallInfo *luaD_precall (lua_State *L, StkId func, int nResults);
 LUAI_FUNC void luaD_call (lua_State *L, StkId func, int nResults);
 LUAI_FUNC void luaD_callnoyield (lua_State *L, StkId func, int nResults);
-LUAI_FUNC StkId luaD_tryfuncTM (lua_State *L, StkId func);
 LUAI_FUNC int luaD_closeprotected (lua_State *L, ptrdiff_t level, int status);
 LUAI_FUNC int luaD_pcall (lua_State *L, Pfunc func, void *u,
                                         ptrdiff_t oldtop, ptrdiff_t ef);
diff --git a/contrib/lua/src/lgc.c b/contrib/lua/src/lgc.c
index a3094ff57126..5817f9eec35a 100644
--- a/contrib/lua/src/lgc.c
+++ b/contrib/lua/src/lgc.c
@@ -542,10 +542,12 @@ static void traversestrongtable (global_State *g, Table *h) {
 static lu_mem traversetable (global_State *g, Table *h) {
   const char *weakkey, *weakvalue;
   const TValue *mode = gfasttm(g, h->metatable, TM_MODE);
+  TString *smode;
   markobjectN(g, h->metatable);
-  if (mode && ttisstring(mode) &&  /* is there a weak mode? */
-      (cast_void(weakkey = strchr(svalue(mode), 'k')),
-       cast_void(weakvalue = strchr(svalue(mode), 'v')),
+  if (mode && ttisshrstring(mode) &&  /* is there a weak mode? */
+      (cast_void(smode = tsvalue(mode)),
+       cast_void(weakkey = strchr(getshrstr(smode), 'k')),
+       cast_void(weakvalue = strchr(getshrstr(smode), 'v')),
        (weakkey || weakvalue))) {  /* is really weak? */
     if (!weakkey)  /* strong keys? */
       traverseweakvalue(g, h);
@@ -638,7 +640,9 @@ static int traversethread (global_State *g, lua_State *th) {
   for (uv = th->openupval; uv != NULL; uv = uv->u.open.next)
     markobject(g, uv);  /* open upvalues cannot be collected */
   if (g->gcstate == GCSatomic) {  /* final traversal? */
-    for (; o < th->stack_last.p + EXTRA_STACK; o++)
+    if (!g->gcemergency)
+      luaD_shrinkstack(th); /* do not change stack in emergency cycle */
+    for (o = th->top.p; o < th->stack_last.p + EXTRA_STACK; o++)
       setnilvalue(s2v(o));  /* clear dead stack slice */
     /* 'remarkupvals' may have removed thread from 'twups' list */
     if (!isintwups(th) && th->openupval != NULL) {
@@ -646,8 +650,6 @@ static int traversethread (global_State *g, lua_State *th) {
       g->twups = th;
     }
   }
-  else if (!g->gcemergency)
-    luaD_shrinkstack(th); /* do not change stack in emergency cycle */
   return 1 + stacksize(th);
 }
 
@@ -1409,7 +1411,7 @@ static void stepgenfull (lua_State *L, global_State *g) {
     setminordebt(g);
   }
   else {  /* another bad collection; stay in incremental mode */
-    g->GCestimate = gettotalbytes(g);  /* first estimate */;
+    g->GCestimate = gettotalbytes(g);  /* first estimate */
     entersweep(L);
     luaC_runtilstate(L, bitmask(GCSpause));  /* finish collection */
     setpause(g);
@@ -1604,7 +1606,7 @@ static lu_mem singlestep (lua_State *L) {
     case GCSenteratomic: {
       work = atomic(L);  /* work is what was traversed by 'atomic' */
       entersweep(L);
-      g->GCestimate = gettotalbytes(g);  /* first estimate */;
+      g->GCestimate = gettotalbytes(g);  /* first estimate */
       break;
     }
     case GCSswpallgc: {  /* sweep "regular" objects */
@@ -1710,6 +1712,8 @@ static void fullinc (lua_State *L, global_State *g) {
     entersweep(L); /* sweep everything to turn them back to white */
   /* finish any pending sweep phase to start a new cycle */
   luaC_runtilstate(L, bitmask(GCSpause));
+  luaC_runtilstate(L, bitmask(GCSpropagate));  /* start new cycle */
+  g->gcstate = GCSenteratomic;  /* go straight to atomic phase */
   luaC_runtilstate(L, bitmask(GCScallfin));  /* run up to finalizers */
   /* estimate must be correct after a full GC cycle */
   lua_assert(g->GCestimate == gettotalbytes(g));
diff --git a/contrib/lua/src/liolib.c b/contrib/lua/src/liolib.c
index b08397da45da..c5075f3e78a9 100644
--- a/contrib/lua/src/liolib.c
+++ b/contrib/lua/src/liolib.c
@@ -245,8 +245,8 @@ static int f_gc (lua_State *L) {
 */
 static int io_fclose (lua_State *L) {
   LStream *p = tolstream(L);
-  int res = fclose(p->f);
-  return luaL_fileresult(L, (res == 0), NULL);
+  errno = 0;
+  return luaL_fileresult(L, (fclose(p->f) == 0), NULL);
 }
 
 
@@ -272,6 +272,7 @@ static int io_open (lua_State *L) {
   LStream *p = newfile(L);
   const char *md = mode;  /* to traverse/check mode */
   luaL_argcheck(L, l_checkmode(md), 2, "invalid mode");
+  errno = 0;
   p->f = fopen(filename, mode);
   return (p->f == NULL) ? luaL_fileresult(L, 0, filename) : 1;
 }
@@ -292,6 +293,7 @@ static int io_popen (lua_State *L) {
   const char *mode = luaL_optstring(L, 2, "r");
   LStream *p = newprefile(L);
   luaL_argcheck(L, l_checkmodep(mode), 2, "invalid mode");
+  errno = 0;
   p->f = l_popen(L, filename, mode);
   p->closef = &io_pclose;
   return (p->f == NULL) ? luaL_fileresult(L, 0, filename) : 1;
@@ -300,6 +302,7 @@ static int io_popen (lua_State *L) {
 
 static int io_tmpfile (lua_State *L) {
   LStream *p = newfile(L);
+  errno = 0;
   p->f = tmpfile();
   return (p->f == NULL) ? luaL_fileresult(L, 0, NULL) : 1;
 }
@@ -567,6 +570,7 @@ static int g_read (lua_State *L, FILE *f, int first) {
   int nargs = lua_gettop(L) - 1;
   int n, success;
   clearerr(f);
+  errno = 0;
   if (nargs == 0) {  /* no arguments? */
     success = read_line(L, f, 1);
     n = first + 1;  /* to return 1 result */
@@ -660,6 +664,7 @@ static int io_readline (lua_State *L) {
 static int g_write (lua_State *L, FILE *f, int arg) {
   int nargs = lua_gettop(L) - arg;
   int status = 1;
+  errno = 0;
   for (; nargs--; arg++) {
     if (lua_type(L, arg) == LUA_TNUMBER) {
       /* optimization: could be done exactly as for strings */
@@ -678,7 +683,8 @@ static int g_write (lua_State *L, FILE *f, int arg) {
   }
   if (l_likely(status))
     return 1;  /* file handle already on stack top */
-  else return luaL_fileresult(L, status, NULL);
+  else
+    return luaL_fileresult(L, status, NULL);
 }
 
 
@@ -703,6 +709,7 @@ static int f_seek (lua_State *L) {
   l_seeknum offset = (l_seeknum)p3;
   luaL_argcheck(L, (lua_Integer)offset == p3, 3,
                   "not an integer in proper range");
+  errno = 0;
   op = l_fseek(f, offset, mode[op]);
   if (l_unlikely(op))
     return luaL_fileresult(L, 0, NULL);  /* error */
@@ -719,19 +726,25 @@ static int f_setvbuf (lua_State *L) {
   FILE *f = tofile(L);
   int op = luaL_checkoption(L, 2, NULL, modenames);
   lua_Integer sz = luaL_optinteger(L, 3, LUAL_BUFFERSIZE);
-  int res = setvbuf(f, NULL, mode[op], (size_t)sz);
+  int res;
+  errno = 0;
+  res = setvbuf(f, NULL, mode[op], (size_t)sz);
   return luaL_fileresult(L, res == 0, NULL);
 }
 
 
 
 static int io_flush (lua_State *L) {
-  return luaL_fileresult(L, fflush(getiofile(L, IO_OUTPUT)) == 0, NULL);
+  FILE *f = getiofile(L, IO_OUTPUT);
+  errno = 0;
+  return luaL_fileresult(L, fflush(f) == 0, NULL);
 }
 
 
 static int f_flush (lua_State *L) {
-  return luaL_fileresult(L, fflush(tofile(L)) == 0, NULL);
+  FILE *f = tofile(L);
+  errno = 0;
+  return luaL_fileresult(L, fflush(f) == 0, NULL);
 }
 
 
@@ -773,7 +786,7 @@ static const luaL_Reg meth[] = {
 ** metamethods for file handles
 */
 static const luaL_Reg metameth[] = {
-  {"__index", NULL},  /* place holder */
+  {"__index", NULL},  /* placeholder */
   {"__gc", f_gc},
   {"__close", f_gc},
   {"__tostring", f_tostring},
diff --git a/contrib/lua/src/lmathlib.c b/contrib/lua/src/lmathlib.c
index d0b1e1e5d6f5..438106348084 100644
--- a/contrib/lua/src/lmathlib.c
+++ b/contrib/lua/src/lmathlib.c
@@ -249,6 +249,15 @@ static int math_type (lua_State *L) {
 ** ===================================================================
 */
 
+/*
+** This code uses lots of shifts. ANSI C does not allow shifts greater
+** than or equal to the width of the type being shifted, so some shifts
+** are written in convoluted ways to match that restriction. For
+** preprocessor tests, it assumes a width of 32 bits, so the maximum
+** shift there is 31 bits.
+*/
+
+
 /* number of binary digits in the mantissa of a float */
 #define FIGS	l_floatatt(MANT_DIG)
 
@@ -271,16 +280,19 @@ static int math_type (lua_State *L) {
 
 /* 'long' has at least 64 bits */
 #define Rand64		unsigned long
+#define SRand64		long
 
 #elif !defined(LUA_USE_C89) && defined(LLONG_MAX)
 
 /* there is a 'long long' type (which must have at least 64 bits) */
 #define Rand64		unsigned long long
+#define SRand64		long long
 
 #elif ((LUA_MAXUNSIGNED >> 31) >> 31) >= 3
 
 /* 'lua_Unsigned' has at least 64 bits */
 #define Rand64		lua_Unsigned
+#define SRand64		lua_Integer
 
 #endif
 
@@ -319,23 +331,30 @@ static Rand64 nextrand (Rand64 *state) {
 }
 
 
-/* must take care to not shift stuff by more than 63 slots */
-
-
 /*
 ** Convert bits from a random integer into a float in the
 ** interval [0,1), getting the higher FIG bits from the
 ** random unsigned integer and converting that to a float.
+** Some old Microsoft compilers cannot cast an unsigned long
+** to a floating-point number, so we use a signed long as an
+** intermediary. When lua_Number is float or double, the shift ensures
+** that 'sx' is non negative; in that case, a good compiler will remove
+** the correction.
 */
 
 /* must throw out the extra (64 - FIGS) bits */
 #define shift64_FIG	(64 - FIGS)
 
-/* to scale to [0, 1), multiply by scaleFIG = 2^(-FIGS) */
+/* 2^(-FIGS) == 2^-1 / 2^(FIGS-1) */
 #define scaleFIG	(l_mathop(0.5) / ((Rand64)1 << (FIGS - 1)))
 
 static lua_Number I2d (Rand64 x) {
-  return (lua_Number)(trim64(x) >> shift64_FIG) * scaleFIG;
+  SRand64 sx = (SRand64)(trim64(x) >> shift64_FIG);
+  lua_Number res = (lua_Number)(sx) * scaleFIG;
+  if (sx < 0)
+    res += l_mathop(1.0);  /* correct the two's complement if negative */
+  lua_assert(0 <= res && res < 1);
+  return res;
 }
 
 /* convert a 'Rand64' to a 'lua_Unsigned' */
@@ -471,8 +490,6 @@ static lua_Number I2d (Rand64 x) {
 
 #else	/* 32 < FIGS <= 64 */
 
-/* must take care to not shift stuff by more than 31 slots */
-
 /* 2^(-FIGS) = 1.0 / 2^30 / 2^3 / 2^(FIGS-33) */
 #define scaleFIG  \
     (l_mathop(1.0) / (UONE << 30) / l_mathop(8.0) / (UONE << (FIGS - 33)))
diff --git a/contrib/lua/src/loadlib.c b/contrib/lua/src/loadlib.c
index d792dffaa03b..6d289fcebb8c 100644
--- a/contrib/lua/src/loadlib.c
+++ b/contrib/lua/src/loadlib.c
@@ -25,15 +25,6 @@
 
 
 /*
-** LUA_IGMARK is a mark to ignore all before it when building the
-** luaopen_ function name.
-*/
-#if !defined (LUA_IGMARK)
-#define LUA_IGMARK		"-"
-#endif
-
-
-/*
 ** LUA_CSUBSEP is the character that replaces dots in submodule names
 ** when searching for a C loader.
 ** LUA_LSUBSEP is the character that replaces dots in submodule names
diff --git a/contrib/lua/src/lobject.c b/contrib/lua/src/lobject.c
index f73ffc6d92bd..9cfa5227eb46 100644
--- a/contrib/lua/src/lobject.c
+++ b/contrib/lua/src/lobject.c
@@ -542,7 +542,7 @@ const char *luaO_pushvfstring (lua_State *L, const char *fmt, va_list argp) {
   addstr2buff(&buff, fmt, strlen(fmt));  /* rest of 'fmt' */
   clearbuff(&buff);  /* empty buffer into the stack */
   lua_assert(buff.pushed == 1);
-  return svalue(s2v(L->top.p - 1));
+  return getstr(tsvalue(s2v(L->top.p - 1)));
 }
 
 
diff --git a/contrib/lua/src/lobject.h b/contrib/lua/src/lobject.h
index 556608e4aa21..980e42f8c27a 100644
--- a/contrib/lua/src/lobject.h
+++ b/contrib/lua/src/lobject.h
@@ -386,7 +386,7 @@ typedef struct GCObject {
 typedef struct TString {
   CommonHeader;
   lu_byte extra;  /* reserved words for short strings; "has hash" for longs */
-  lu_byte shrlen;  /* length for short strings */
+  lu_byte shrlen;  /* length for short strings, 0xFF for long strings */
   unsigned int hash;
   union {
     size_t lnglen;  /* length for long strings */
@@ -398,19 +398,17 @@ typedef struct TString {
 
 
 /*
-** Get the actual string (array of bytes) from a 'TString'.
+** Get the actual string (array of bytes) from a 'TString'. (Generic
+** version and specialized versions for long and short strings.)
 */
-#define getstr(ts)  ((ts)->contents)
+#define getstr(ts)	((ts)->contents)
+#define getlngstr(ts)	check_exp((ts)->shrlen == 0xFF, (ts)->contents)
+#define getshrstr(ts)	check_exp((ts)->shrlen != 0xFF, (ts)->contents)
 
 
-/* get the actual string (array of bytes) from a Lua value */
-#define svalue(o)       getstr(tsvalue(o))
-
 /* get string length from 'TString *s' */
-#define tsslen(s)	((s)->tt == LUA_VSHRSTR ? (s)->shrlen : (s)->u.lnglen)
-
-/* get string length from 'TValue *o' */
-#define vslen(o)	tsslen(tsvalue(o))
+#define tsslen(s)  \
+	((s)->shrlen != 0xFF ? (s)->shrlen : (s)->u.lnglen)
 
 /* }================================================================== */
 
diff --git a/contrib/lua/src/lopcodes.h b/contrib/lua/src/lopcodes.h
index 4c55145399ff..46911cac14e0 100644
--- a/contrib/lua/src/lopcodes.h
+++ b/contrib/lua/src/lopcodes.h
@@ -210,15 +210,15 @@ OP_LOADNIL,/*	A B	R[A], R[A+1], ..., R[A+B] := nil		*/
 OP_GETUPVAL,/*	A B	R[A] := UpValue[B]				*/
 OP_SETUPVAL,/*	A B	UpValue[B] := R[A]				*/
 
-OP_GETTABUP,/*	A B C	R[A] := UpValue[B][K[C]:string]			*/
+OP_GETTABUP,/*	A B C	R[A] := UpValue[B][K[C]:shortstring]		*/
 OP_GETTABLE,/*	A B C	R[A] := R[B][R[C]]				*/
 OP_GETI,/*	A B C	R[A] := R[B][C]					*/
-OP_GETFIELD,/*	A B C	R[A] := R[B][K[C]:string]			*/
+OP_GETFIELD,/*	A B C	R[A] := R[B][K[C]:shortstring]			*/
 
-OP_SETTABUP,/*	A B C	UpValue[A][K[B]:string] := RK(C)		*/
+OP_SETTABUP,/*	A B C	UpValue[A][K[B]:shortstring] := RK(C)		*/
 OP_SETTABLE,/*	A B C	R[A][R[B]] := RK(C)				*/
 OP_SETI,/*	A B C	R[A][B] := RK(C)				*/
-OP_SETFIELD,/*	A B C	R[A][K[B]:string] := RK(C)			*/
+OP_SETFIELD,/*	A B C	R[A][K[B]:shortstring] := RK(C)			*/
 
 OP_NEWTABLE,/*	A B C k	R[A] := {}					*/
 
diff --git a/contrib/lua/src/loslib.c b/contrib/lua/src/loslib.c
index ad5a92768852..ba80d72c4575 100644
--- a/contrib/lua/src/loslib.c
+++ b/contrib/lua/src/loslib.c
@@ -155,6 +155,7 @@ static int os_execute (lua_State *L) {
 
 static int os_remove (lua_State *L) {
   const char *filename = luaL_checkstring(L, 1);
+  errno = 0;
   return luaL_fileresult(L, remove(filename) == 0, filename);
 }
 
@@ -162,6 +163,7 @@ static int os_remove (lua_State *L) {
 static int os_rename (lua_State *L) {
   const char *fromname = luaL_checkstring(L, 1);
   const char *toname = luaL_checkstring(L, 2);
+  errno = 0;
   return luaL_fileresult(L, rename(fromname, toname) == 0, NULL);
 }
 
diff --git a/contrib/lua/src/lparser.c b/contrib/lua/src/lparser.c
index b745f236f068..1ac82990e0c3 100644
--- a/contrib/lua/src/lparser.c
+++ b/contrib/lua/src/lparser.c
@@ -198,7 +198,7 @@ static int new_localvar (LexState *ls, TString *name) {
   checklimit(fs, dyd->actvar.n + 1 - fs->firstlocal,
                  MAXVARS, "local variables");
   luaM_growvector(L, dyd->actvar.arr, dyd->actvar.n + 1,
-                  dyd->actvar.size, Vardesc, USHRT_MAX, "local variables");
+                  dyd->actvar.size, Vardesc, SHRT_MAX, "local variables");
   var = &dyd->actvar.arr[dyd->actvar.n++];
   var->vd.kind = VDKREG;  /* default */
   var->vd.name = name;
@@ -849,12 +849,11 @@ static void recfield (LexState *ls, ConsControl *cc) {
   FuncState *fs = ls->fs;
   int reg = ls->fs->freereg;
   expdesc tab, key, val;
-  if (ls->t.token == TK_NAME) {
-    checklimit(fs, cc->nh, MAX_INT, "items in a constructor");
+  if (ls->t.token == TK_NAME)
     codename(ls, &key);
-  }
   else  /* ls->t.token == '[' */
     yindex(ls, &key);
+  checklimit(fs, cc->nh, MAX_INT, "items in a constructor");
   cc->nh++;
   checknext(ls, '=');
   tab = *cc->t;
@@ -1022,10 +1021,11 @@ static int explist (LexState *ls, expdesc *v) {
 }
 
 
-static void funcargs (LexState *ls, expdesc *f, int line) {
+static void funcargs (LexState *ls, expdesc *f) {
   FuncState *fs = ls->fs;
   expdesc args;
   int base, nparams;
+  int line = ls->linenumber;
   switch (ls->t.token) {
     case '(': {  /* funcargs -> '(' [ explist ] ')' */
       luaX_next(ls);
@@ -1063,8 +1063,8 @@ static void funcargs (LexState *ls, expdesc *f, int line) {
   }
   init_exp(f, VCALL, luaK_codeABC(fs, OP_CALL, base, nparams+1, 2));
   luaK_fixline(fs, line);
-  fs->freereg = base+1;  /* call remove function and arguments and leaves
-                            (unless changed) one result */
+  fs->freereg = base+1;  /* call removes function and arguments and leaves
+                            one result (unless changed later) */
 }
 
 
@@ -1103,7 +1103,6 @@ static void suffixedexp (LexState *ls, expdesc *v) {
   /* suffixedexp ->
        primaryexp { '.' NAME | '[' exp ']' | ':' NAME funcargs | funcargs } */
   FuncState *fs = ls->fs;
-  int line = ls->linenumber;
   primaryexp(ls, v);
   for (;;) {
     switch (ls->t.token) {
@@ -1123,12 +1122,12 @@ static void suffixedexp (LexState *ls, expdesc *v) {
         luaX_next(ls);
         codename(ls, &key);
         luaK_self(fs, v, &key);
-        funcargs(ls, v, line);
+        funcargs(ls, v);
         break;
       }
       case '(': case TK_STRING: case '{': {  /* funcargs */
         luaK_exp2nextreg(fs, v);
-        funcargs(ls, v, line);
+        funcargs(ls, v);
         break;
       }
       default: return;
diff --git a/contrib/lua/src/lstate.c b/contrib/lua/src/lstate.c
index 1e925e5ad4cb..f3f2ccfdd5fb 100644
--- a/contrib/lua/src/lstate.c
+++ b/contrib/lua/src/lstate.c
@@ -119,7 +119,7 @@ CallInfo *luaE_extendCI (lua_State *L) {
 /*
 ** free all CallInfo structures not in use by a thread
 */
-void luaE_freeCI (lua_State *L) {
+static void freeCI (lua_State *L) {
   CallInfo *ci = L->ci;
   CallInfo *next = ci->next;
   ci->next = NULL;
@@ -166,7 +166,7 @@ void luaE_checkcstack (lua_State *L) {
   if (getCcalls(L) == LUAI_MAXCCALLS)
     luaG_runerror(L, "C stack overflow");
   else if (getCcalls(L) >= (LUAI_MAXCCALLS / 10 * 11))
-    luaD_throw(L, LUA_ERRERR);  /* error while handling stack error */
+    luaD_errerr(L);  /* error while handling stack error */
 }
 
 
@@ -204,7 +204,7 @@ static void freestack (lua_State *L) {
   if (L->stack.p == NULL)
     return;  /* stack not completely built yet */
   L->ci = &L->base_ci;  /* free the entire 'ci' list */
-  luaE_freeCI(L);
+  freeCI(L);
   lua_assert(L->nci == 0);
   luaM_freearray(L, L->stack.p, stacksize(L) + EXTRA_STACK);  /* free stack */
 }
@@ -272,7 +272,9 @@ static void close_state (lua_State *L) {
     luaC_freeallobjects(L);  /* just collect its objects */
   else {  /* closing a fully built state */
     L->ci = &L->base_ci;  /* unwind CallInfo list */
+    L->errfunc = 0;   /* stack unwind can "throw away" the error function */
     luaD_closeprotected(L, 1, LUA_OK);  /* close all upvalues */
+    L->top.p = L->stack.p + 1;  /* empty the stack to run finalizers */
     luaC_freeallobjects(L);  /* collect all objects */
     luai_userstateclose(L);
   }
@@ -328,6 +330,7 @@ int luaE_resetthread (lua_State *L, int status) {
   if (status == LUA_YIELD)
     status = LUA_OK;
   L->status = LUA_OK;  /* so it can run __close metamethods */
+  L->errfunc = 0;   /* stack unwind can "throw away" the error function */
   status = luaD_closeprotected(L, 1, status);
   if (status != LUA_OK)  /* errors? */
     luaD_seterrorobj(L, status, L->stack.p + 1);
@@ -433,7 +436,7 @@ void luaE_warning (lua_State *L, const char *msg, int tocont) {
 void luaE_warnerror (lua_State *L, const char *where) {
   TValue *errobj = s2v(L->top.p - 1);  /* error object */
   const char *msg = (ttisstring(errobj))
-                  ? svalue(errobj)
+                  ? getstr(tsvalue(errobj))
                   : "error object is not a string";
   /* produce warning "error in %s (%s)" (where, msg) */
   luaE_warning(L, "error in ", 1);
diff --git a/contrib/lua/src/lstate.h b/contrib/lua/src/lstate.h
index 8bf6600e3441..007704c826be 100644
--- a/contrib/lua/src/lstate.h
+++ b/contrib/lua/src/lstate.h
@@ -181,7 +181,7 @@ struct CallInfo {
   union {
     struct {  /* only for Lua functions */
       const Instruction *savedpc;
-      volatile l_signalT trap;
+      volatile l_signalT trap;  /* function is tracing lines/counts */
       int nextraargs;  /* # of extra arguments in vararg functions */
     } l;
     struct {  /* only for C functions */
@@ -396,7 +396,6 @@ union GCUnion {
 LUAI_FUNC void luaE_setdebt (global_State *g, l_mem debt);
 LUAI_FUNC void luaE_freethread (lua_State *L, lua_State *L1);
 LUAI_FUNC CallInfo *luaE_extendCI (lua_State *L);
-LUAI_FUNC void luaE_freeCI (lua_State *L);
 LUAI_FUNC void luaE_shrinkCI (lua_State *L);
 LUAI_FUNC void luaE_checkcstack (lua_State *L);
 LUAI_FUNC void luaE_incCstack (lua_State *L);
diff --git a/contrib/lua/src/lstring.c b/contrib/lua/src/lstring.c
index 13dcaf4259bc..97757355c0b6 100644
--- a/contrib/lua/src/lstring.c
+++ b/contrib/lua/src/lstring.c
@@ -36,7 +36,7 @@ int luaS_eqlngstr (TString *a, TString *b) {
   lua_assert(a->tt == LUA_VLNGSTR && b->tt == LUA_VLNGSTR);
   return (a == b) ||  /* same instance or... */
     ((len == b->u.lnglen) &&  /* equal length and ... */
-     (memcmp(getstr(a), getstr(b), len) == 0));  /* equal contents */
+     (memcmp(getlngstr(a), getlngstr(b), len) == 0));  /* equal contents */
 }
 
 
@@ -52,7 +52,7 @@ unsigned int luaS_hashlongstr (TString *ts) {
   lua_assert(ts->tt == LUA_VLNGSTR);
   if (ts->extra == 0) {  /* no hash? */
     size_t len = ts->u.lnglen;
-    ts->hash = luaS_hash(getstr(ts), len, ts->hash);
+    ts->hash = luaS_hash(getlngstr(ts), len, ts->hash);
     ts->extra = 1;  /* now it has its hash */
   }
   return ts->hash;
@@ -157,6 +157,7 @@ static TString *createstrobj (lua_State *L, size_t l, int tag, unsigned int h) {
 TString *luaS_createlngstrobj (lua_State *L, size_t l) {
   TString *ts = createstrobj(L, l, LUA_VLNGSTR, G(L)->seed);
   ts->u.lnglen = l;
+  ts->shrlen = 0xFF;  /* signals that it is a long string */
   return ts;
 }
 
@@ -193,7 +194,7 @@ static TString *internshrstr (lua_State *L, const char *str, size_t l) {
   TString **list = &tb->hash[lmod(h, tb->size)];
   lua_assert(str != NULL);  /* otherwise 'memcmp'/'memcpy' are undefined */
   for (ts = *list; ts != NULL; ts = ts->u.hnext) {
-    if (l == ts->shrlen && (memcmp(str, getstr(ts), l * sizeof(char)) == 0)) {
+    if (l == ts->shrlen && (memcmp(str, getshrstr(ts), l * sizeof(char)) == 0)) {
       /* found! */
       if (isdead(g, ts))  /* dead (but not collected yet)? */
         changewhite(ts);  /* resurrect it */
@@ -206,8 +207,8 @@ static TString *internshrstr (lua_State *L, const char *str, size_t l) {
     list = &tb->hash[lmod(h, tb->size)];  /* rehash with new size */
   }
   ts = createstrobj(L, l, LUA_VSHRSTR, h);
-  memcpy(getstr(ts), str, l * sizeof(char));
   ts->shrlen = cast_byte(l);
+  memcpy(getshrstr(ts), str, l * sizeof(char));
   ts->u.hnext = *list;
   *list = ts;
   tb->nuse++;
@@ -223,10 +224,10 @@ TString *luaS_newlstr (lua_State *L, const char *str, size_t l) {
     return internshrstr(L, str, l);
   else {
     TString *ts;
-    if (l_unlikely(l >= (MAX_SIZE - sizeof(TString))/sizeof(char)))
+    if (l_unlikely(l * sizeof(char) >= (MAX_SIZE - sizeof(TString))))
       luaM_toobig(L);
     ts = luaS_createlngstrobj(L, l);
-    memcpy(getstr(ts), str, l * sizeof(char));
+    memcpy(getlngstr(ts), str, l * sizeof(char));
     return ts;
   }
 }
diff --git a/contrib/lua/src/ltable.c b/contrib/lua/src/ltable.c
index 3c690c5f1751..3353c047939a 100644
--- a/contrib/lua/src/ltable.c
+++ b/contrib/lua/src/ltable.c
@@ -252,7 +252,7 @@ LUAI_FUNC unsigned int luaH_realasize (const Table *t) {
     return t->alimit;  /* this is the size */
   else {
     unsigned int size = t->alimit;
-    /* compute the smallest power of 2 not smaller than 'n' */
+    /* compute the smallest power of 2 not smaller than 'size' */
     size |= (size >> 1);
     size |= (size >> 2);
     size |= (size >> 4);
@@ -662,7 +662,8 @@ static Node *getfreepos (Table *t) {
 ** put new key in its main position; otherwise (colliding node is in its main
 ** position), new key goes to an empty position.
 */
-void luaH_newkey (lua_State *L, Table *t, const TValue *key, TValue *value) {
+static void luaH_newkey (lua_State *L, Table *t, const TValue *key,
+                                                 TValue *value) {
   Node *mp;
   TValue aux;
   if (l_unlikely(ttisnil(key)))
@@ -721,22 +722,36 @@ void luaH_newkey (lua_State *L, Table *t, const TValue *key, TValue *value) {
 
 /*
 ** Search function for integers. If integer is inside 'alimit', get it
-** directly from the array part. Otherwise, if 'alimit' is not equal to
-** the real size of the array, key still can be in the array part. In
-** this case, try to avoid a call to 'luaH_realasize' when key is just
-** one more than the limit (so that it can be incremented without
-** changing the real size of the array).
+** directly from the array part. Otherwise, if 'alimit' is not
+** the real size of the array, the key still can be in the array part.
+** In this case, do the "Xmilia trick" to check whether 'key-1' is
+** smaller than the real size.
+** The trick works as follow: let 'p' be an integer such that
+**   '2^(p+1) >= alimit > 2^p', or  '2^(p+1) > alimit-1 >= 2^p'.
+** That is, 2^(p+1) is the real size of the array, and 'p' is the highest
+** bit on in 'alimit-1'. What we have to check becomes 'key-1 < 2^(p+1)'.
+** We compute '(key-1) & ~(alimit-1)', which we call 'res'; it will
+** have the 'p' bit cleared. If the key is outside the array, that is,
+** 'key-1 >= 2^(p+1)', then 'res' will have some bit on higher than 'p',
+** therefore it will be larger or equal to 'alimit', and the check
+** will fail. If 'key-1 < 2^(p+1)', then 'res' has no bit on higher than
+** 'p', and as the bit 'p' itself was cleared, 'res' will be smaller
+** than 2^p, therefore smaller than 'alimit', and the check succeeds.
+** As special cases, when 'alimit' is 0 the condition is trivially false,
+** and when 'alimit' is 1 the condition simplifies to 'key-1 < alimit'.
+** If key is 0 or negative, 'res' will have its higher bit on, so that
+** if cannot be smaller than alimit.
 */
 const TValue *luaH_getint (Table *t, lua_Integer key) {
-  if (l_castS2U(key) - 1u < t->alimit)  /* 'key' in [1, t->alimit]? */
+  lua_Unsigned alimit = t->alimit;
+  if (l_castS2U(key) - 1u < alimit)  /* 'key' in [1, t->alimit]? */
     return &t->array[key - 1];
-  else if (!limitequalsasize(t) &&  /* key still may be in the array part? */
-           (l_castS2U(key) == t->alimit + 1 ||
-            l_castS2U(key) - 1u < luaH_realasize(t))) {
+  else if (!isrealasize(t) &&  /* key still may be in the array part? */
+           (((l_castS2U(key) - 1u) & ~(alimit - 1u)) < alimit)) {
     t->alimit = cast_uint(key);  /* probably '#t' is here now */
     return &t->array[key - 1];
   }
-  else {
+  else {  /* key is not in the array part; check the hash */
     Node *n = hashint(t, key);
     for (;;) {  /* check whether 'key' is somewhere in the chain */
       if (keyisinteger(n) && keyival(n) == key)
diff --git a/contrib/lua/src/ltable.h b/contrib/lua/src/ltable.h
index 75dd9e26e015..8e6890342348 100644
--- a/contrib/lua/src/ltable.h
+++ b/contrib/lua/src/ltable.h
@@ -41,8 +41,6 @@ LUAI_FUNC void luaH_setint (lua_State *L, Table *t, lua_Integer key,
 LUAI_FUNC const TValue *luaH_getshortstr (Table *t, TString *key);
 LUAI_FUNC const TValue *luaH_getstr (Table *t, TString *key);
 LUAI_FUNC const TValue *luaH_get (Table *t, const TValue *key);
-LUAI_FUNC void luaH_newkey (lua_State *L, Table *t, const TValue *key,
-                                                    TValue *value);
 LUAI_FUNC void luaH_set (lua_State *L, Table *t, const TValue *key,
                                                  TValue *value);
 LUAI_FUNC void luaH_finishset (lua_State *L, Table *t, const TValue *key,
diff --git a/contrib/lua/src/ltm.h b/contrib/lua/src/ltm.h
index c309e2ae10e3..73b833c605da 100644
--- a/contrib/lua/src/ltm.h
+++ b/contrib/lua/src/ltm.h
@@ -9,7 +9,6 @@
 
 
 #include "lobject.h"
-#include "lstate.h"
 
 
 /*
@@ -96,8 +95,8 @@ LUAI_FUNC int luaT_callorderiTM (lua_State *L, const TValue *p1, int v2,
                                  int inv, int isfloat, TMS event);
 
 LUAI_FUNC void luaT_adjustvarargs (lua_State *L, int nfixparams,
-                                   CallInfo *ci, const Proto *p);
-LUAI_FUNC void luaT_getvarargs (lua_State *L, CallInfo *ci,
+                                   struct CallInfo *ci, const Proto *p);
+LUAI_FUNC void luaT_getvarargs (lua_State *L, struct CallInfo *ci,
                                               StkId where, int wanted);
 
 
diff --git a/contrib/lua/src/lua.c b/contrib/lua/src/lua.c
index 0ff884545304..4a90e55dd94b 100644
--- a/contrib/lua/src/lua.c
+++ b/contrib/lua/src/lua.c
@@ -115,12 +115,13 @@ static void l_message (const char *pname, const char *msg) {
 
 /*
 ** Check whether 'status' is not OK and, if so, prints the error
-** message on the top of the stack. It assumes that the error object
-** is a string, as it was either generated by Lua or by 'msghandler'.
+** message on the top of the stack.
 */
 static int report (lua_State *L, int status) {
   if (status != LUA_OK) {
     const char *msg = lua_tostring(L, -1);
+    if (msg == NULL)
+      msg = "(error message not a string)";
     l_message(progname, msg);
     lua_pop(L, 1);  /* remove message */
   }
@@ -210,12 +211,17 @@ static int dostring (lua_State *L, const char *s, const char *name) {
 
 /*
 ** Receives 'globname[=modname]' and runs 'globname = require(modname)'.
+** If there is no explicit modname and globname contains a '-', cut
+** the suffix after '-' (the "version") to make the global name.
 */
 static int dolibrary (lua_State *L, char *globname) {
   int status;
+  char *suffix = NULL;
   char *modname = strchr(globname, '=');
-  if (modname == NULL)  /* no explicit name? */
+  if (modname == NULL) {  /* no explicit name? */
     modname = globname;  /* module name is equal to global name */
+    suffix = strchr(modname, *LUA_IGMARK);  /* look for a suffix mark */
+  }
   else {
     *modname = '\0';  /* global name ends here */
     modname++;  /* module name starts after the '=' */
@@ -223,8 +229,11 @@ static int dolibrary (lua_State *L, char *globname) {
   lua_getglobal(L, "require");
   lua_pushstring(L, modname);
   status = docall(L, 1, 1);  /* call 'require(modname)' */
-  if (status == LUA_OK)
+  if (status == LUA_OK) {
+    if (suffix != NULL)  /* is there a suffix mark? */
+      *suffix = '\0';  /* remove suffix from global name */
     lua_setglobal(L, globname);  /* globname = require(modname) */
+  }
   return report(L, status);
 }
 
@@ -481,10 +490,8 @@ static int incomplete (lua_State *L, int status) {
   if (status == LUA_ERRSYNTAX) {
     size_t lmsg;
     const char *msg = lua_tolstring(L, -1, &lmsg);
-    if (lmsg >= marklen && strcmp(msg + lmsg - marklen, EOFMARK) == 0) {
-      lua_pop(L, 1);
+    if (lmsg >= marklen && strcmp(msg + lmsg - marklen, EOFMARK) == 0)
       return 1;
-    }
   }
   return 0;  /* else... */
 }
@@ -499,9 +506,9 @@ static int pushline (lua_State *L, int firstline) {
   size_t l;
   const char *prmt = get_prompt(L, firstline);
   int readstatus = lua_readline(L, b, prmt);
-  if (readstatus == 0)
-    return 0;  /* no input (prompt will be popped by caller) */
   lua_pop(L, 1);  /* remove prompt */
+  if (readstatus == 0)
+    return 0;  /* no input */
   l = strlen(b);
   if (l > 0 && b[l-1] == '\n')  /* line ends with newline? */
     b[--l] = '\0';  /* remove it */
@@ -543,8 +550,9 @@ static int multiline (lua_State *L) {
     int status = luaL_loadbuffer(L, line, len, "=stdin");  /* try it */
     if (!incomplete(L, status) || !pushline(L, 0)) {
       lua_saveline(L, line);  /* keep history */
-      return status;  /* cannot or should not try to add continuation line */
+      return status;  /* should not or cannot try to add continuation line */
     }
+    lua_remove(L, -2);  /* remove error message (from incomplete line) */
     lua_pushliteral(L, "\n");  /* add newline... */
     lua_insert(L, -2);  /* ...between the two lines */
     lua_concat(L, 3);  /* join them */
diff --git a/contrib/lua/src/lua.h b/contrib/lua/src/lua.h
index fd16cf8050b8..f3ea590d9cd6 100644
--- a/contrib/lua/src/lua.h
+++ b/contrib/lua/src/lua.h
@@ -18,14 +18,14 @@
 
 #define LUA_VERSION_MAJOR	"5"
 #define LUA_VERSION_MINOR	"4"
-#define LUA_VERSION_RELEASE	"6"
+#define LUA_VERSION_RELEASE	"8"
 
 #define LUA_VERSION_NUM			504
-#define LUA_VERSION_RELEASE_NUM		(LUA_VERSION_NUM * 100 + 6)
+#define LUA_VERSION_RELEASE_NUM		(LUA_VERSION_NUM * 100 + 8)
 
 #define LUA_VERSION	"Lua " LUA_VERSION_MAJOR "." LUA_VERSION_MINOR
 #define LUA_RELEASE	LUA_VERSION "." LUA_VERSION_RELEASE
-#define LUA_COPYRIGHT	LUA_RELEASE "  Copyright (C) 1994-2023 Lua.org, PUC-Rio"
+#define LUA_COPYRIGHT	LUA_RELEASE "  Copyright (C) 1994-2025 Lua.org, PUC-Rio"
 #define LUA_AUTHORS	"R. Ierusalimschy, L. H. de Figueiredo, W. Celes"
 
 
@@ -497,7 +497,7 @@ struct lua_Debug {
 
 
 /******************************************************************************
-* Copyright (C) 1994-2023 Lua.org, PUC-Rio.
+* Copyright (C) 1994-2025 Lua.org, PUC-Rio.
 *
 * Permission is hereby granted, free of charge, to any person obtaining
 * a copy of this software and associated documentation files (the
diff --git a/contrib/lua/src/luaconf.h b/contrib/lua/src/luaconf.h
index e517fb4d2e75..c7ca969e321f 100644
--- a/contrib/lua/src/luaconf.h
+++ b/contrib/lua/src/luaconf.h
@@ -257,6 +257,15 @@
 
 #endif
 
+
+/*
+** LUA_IGMARK is a mark to ignore all after it when building the
+** module name (e.g., used to build the luaopen_ function name).
+** Typically, the suffix after the mark is the module version,
+** as in "mod-v1.2.so".
+*/
+#define LUA_IGMARK		"-"
+
 /* }================================================================== */
 
 
diff --git a/contrib/lua/src/lundump.c b/contrib/lua/src/lundump.c
index 02aed64fb622..e8d92a8534ff 100644
--- a/contrib/lua/src/lundump.c
+++ b/contrib/lua/src/lundump.c
@@ -81,7 +81,7 @@ static size_t loadUnsigned (LoadState *S, size_t limit) {
 
 
 static size_t loadSize (LoadState *S) {
-  return loadUnsigned(S, ~(size_t)0);
+  return loadUnsigned(S, MAX_SIZET);
 }
 
 
@@ -122,7 +122,7 @@ static TString *loadStringN (LoadState *S, Proto *p) {
     ts = luaS_createlngstrobj(L, size);  /* create string */
     setsvalue2s(L, L->top.p, ts);  /* anchor it ('loadVector' can GC) */
     luaD_inctop(L);
-    loadVector(S, getstr(ts), size);  /* load directly in final place */
+    loadVector(S, getlngstr(ts), size);  /* load directly in final place */
     L->top.p--;  /* pop string */
   }
   luaC_objbarrier(L, p, ts);
diff --git a/contrib/lua/src/lundump.h b/contrib/lua/src/lundump.h
index f3748a998075..a97676ca1852 100644
--- a/contrib/lua/src/lundump.h
+++ b/contrib/lua/src/lundump.h
@@ -21,8 +21,7 @@
 /*
 ** Encode major-minor version in one byte, one nibble for each
 */
-#define MYINT(s)	(s[0]-'0')  /* assume one-digit numerals */
-#define LUAC_VERSION	(MYINT(LUA_VERSION_MAJOR)*16+MYINT(LUA_VERSION_MINOR))
+#define LUAC_VERSION  (((LUA_VERSION_NUM / 100) * 16) + LUA_VERSION_NUM % 100)
 
 #define LUAC_FORMAT	0	/* this is the official format */
 
diff --git a/contrib/lua/src/lvm.c b/contrib/lua/src/lvm.c
index 9d1bdfb0bd6e..45b47e7c8793 100644
--- a/contrib/lua/src/lvm.c
+++ b/contrib/lua/src/lvm.c
@@ -95,8 +95,10 @@ static int l_strton (const TValue *obj, TValue *result) {
   lua_assert(obj != result);
   if (!cvt2num(obj))  /* is object not a string? */
     return 0;
-  else
-    return (luaO_str2num(svalue(obj), result) == vslen(obj) + 1);
+  else {
+    TString *st = tsvalue(obj);
+    return (luaO_str2num(getstr(st), result) == tsslen(st) + 1);
+  }
 }
 
 
@@ -341,7 +343,10 @@ void luaV_finishset (lua_State *L, const TValue *t, TValue *key,
       lua_assert(isempty(slot));  /* slot must be empty */
       tm = fasttm(L, h->metatable, TM_NEWINDEX);  /* get metamethod */
       if (tm == NULL) {  /* no metamethod? */
+        sethvalue2s(L, L->top.p, h);  /* anchor 't' */
+        L->top.p++;  /* assume EXTRA_STACK */
         luaH_finishset(L, h, key, slot, val);  /* set new value */
+        L->top.p--;
         invalidateTMcache(h);
         luaC_barrierback(L, obj2gco(h), val);
         return;
@@ -370,30 +375,32 @@ void luaV_finishset (lua_State *L, const TValue *t, TValue *key,
 
 
 /*
-** Compare two strings 'ls' x 'rs', returning an integer less-equal-
-** -greater than zero if 'ls' is less-equal-greater than 'rs'.
+** Compare two strings 'ts1' x 'ts2', returning an integer less-equal-
+** -greater than zero if 'ts1' is less-equal-greater than 'ts2'.
 ** The code is a little tricky because it allows '\0' in the strings
-** and it uses 'strcoll' (to respect locales) for each segments
-** of the strings.
+** and it uses 'strcoll' (to respect locales) for each segment
+** of the strings. Note that segments can compare equal but still
+** have different lengths.
 */
-static int l_strcmp (const TString *ls, const TString *rs) {
-  const char *l = getstr(ls);
-  size_t ll = tsslen(ls);
-  const char *r = getstr(rs);
-  size_t lr = tsslen(rs);
+static int l_strcmp (const TString *ts1, const TString *ts2) {
+  const char *s1 = getstr(ts1);
+  size_t rl1 = tsslen(ts1);  /* real length */
+  const char *s2 = getstr(ts2);
+  size_t rl2 = tsslen(ts2);
   for (;;) {  /* for each segment */
-    int temp = strcoll(l, r);
+    int temp = strcoll(s1, s2);
     if (temp != 0)  /* not equal? */
       return temp;  /* done */
     else {  /* strings are equal up to a '\0' */
-      size_t len = strlen(l);  /* index of first '\0' in both strings */
-      if (len == lr)  /* 'rs' is finished? */
-        return (len == ll) ? 0 : 1;  /* check 'ls' */
-      else if (len == ll)  /* 'ls' is finished? */
-        return -1;  /* 'ls' is less than 'rs' ('rs' is not finished) */
-      /* both strings longer than 'len'; go on comparing after the '\0' */
-      len++;
-      l += len; ll -= len; r += len; lr -= len;
+      size_t zl1 = strlen(s1);  /* index of first '\0' in 's1' */
+      size_t zl2 = strlen(s2);  /* index of first '\0' in 's2' */
+      if (zl2 == rl2)  /* 's2' is finished? */
+        return (zl1 == rl1) ? 0 : 1;  /* check 's1' */
+      else if (zl1 == rl1)  /* 's1' is finished? */
+        return -1;  /* 's1' is less than 's2' ('s2' is not finished) */
+      /* both strings longer than 'zl'; go on comparing after the '\0' */
+      zl1++; zl2++;
+      s1 += zl1; rl1 -= zl1; s2 += zl2; rl2 -= zl2;
     }
   }
 }
@@ -628,8 +635,9 @@ int luaV_equalobj (lua_State *L, const TValue *t1, const TValue *t2) {
 static void copy2buff (StkId top, int n, char *buff) {
   size_t tl = 0;  /* size already copied */
   do {
-    size_t l = vslen(s2v(top - n));  /* length of string being copied */
-    memcpy(buff + tl, svalue(s2v(top - n)), l * sizeof(char));
+    TString *st = tsvalue(s2v(top - n));
+    size_t l = tsslen(st);  /* length of string being copied */
+    memcpy(buff + tl, getstr(st), l * sizeof(char));
     tl += l;
   } while (--n > 0);
 }
@@ -655,12 +663,12 @@ void luaV_concat (lua_State *L, int total) {
     }
     else {
       /* at least two non-empty string values; get as many as possible */
-      size_t tl = vslen(s2v(top - 1));
+      size_t tl = tsslen(tsvalue(s2v(top - 1)));
       TString *ts;
       /* collect total length and number of strings */
       for (n = 1; n < total && tostring(L, s2v(top - n - 1)); n++) {
-        size_t l = vslen(s2v(top - n - 1));
-        if (l_unlikely(l >= (MAX_SIZE/sizeof(char)) - tl)) {
+        size_t l = tsslen(tsvalue(s2v(top - n - 1)));
+        if (l_unlikely(l >= MAX_SIZE - sizeof(TString) - tl)) {
           L->top.p = top - total;  /* pop strings to avoid wasting stack */
           luaG_runerror(L, "string length overflow");
         }
@@ -673,7 +681,7 @@ void luaV_concat (lua_State *L, int total) {
       }
       else {  /* long string; copy strings directly to final result */
         ts = luaS_createlngstrobj(L, tl);
-        copy2buff(top, n, getstr(ts));
+        copy2buff(top, n, getlngstr(ts));
       }
       setsvalue2s(L, top - n, ts);  /* create result */
     }
@@ -1159,18 +1167,11 @@ void luaV_execute (lua_State *L, CallInfo *ci) {
  startfunc:
   trap = L->hookmask;
  returning:  /* trap already set */
-  cl = clLvalue(s2v(ci->func.p));
+  cl = ci_func(ci);
   k = cl->p->k;
   pc = ci->u.l.savedpc;
-  if (l_unlikely(trap)) {
-    if (pc == cl->p->code) {  /* first instruction (not resuming)? */
-      if (cl->p->is_vararg)
-        trap = 0;  /* hooks will start after VARARGPREP instruction */
-      else  /* check 'call' hook */
-        luaD_hookcall(L, ci);
-    }
-    ci->u.l.trap = 1;  /* assume trap is on, for now */
-  }
+  if (l_unlikely(trap))
+    trap = luaG_tracecall(L);
   base = ci->func.p + 1;
   /* main loop of interpreter */
   for (;;) {
@@ -1257,7 +1258,7 @@ void luaV_execute (lua_State *L, CallInfo *ci) {
         const TValue *slot;
         TValue *upval = cl->upvals[GETARG_B(i)]->v.p;
         TValue *rc = KC(i);
-        TString *key = tsvalue(rc);  /* key must be a string */
+        TString *key = tsvalue(rc);  /* key must be a short string */
         if (luaV_fastget(L, upval, key, slot, luaH_getshortstr)) {
           setobj2s(L, ra, slot);
         }
@@ -1300,7 +1301,7 @@ void luaV_execute (lua_State *L, CallInfo *ci) {
         const TValue *slot;
         TValue *rb = vRB(i);
         TValue *rc = KC(i);
-        TString *key = tsvalue(rc);  /* key must be a string */
+        TString *key = tsvalue(rc);  /* key must be a short string */
         if (luaV_fastget(L, rb, key, slot, luaH_getshortstr)) {
           setobj2s(L, ra, slot);
         }
@@ -1313,7 +1314,7 @@ void luaV_execute (lua_State *L, CallInfo *ci) {
         TValue *upval = cl->upvals[GETARG_A(i)]->v.p;
         TValue *rb = KB(i);
         TValue *rc = RKC(i);
-        TString *key = tsvalue(rb);  /* key must be a string */
+        TString *key = tsvalue(rb);  /* key must be a short string */
         if (luaV_fastget(L, upval, key, slot, luaH_getshortstr)) {
           luaV_finishfastset(L, upval, slot, rc);
         }
@@ -1356,7 +1357,7 @@ void luaV_execute (lua_State *L, CallInfo *ci) {
         const TValue *slot;
         TValue *rb = KB(i);
         TValue *rc = RKC(i);
-        TString *key = tsvalue(rb);  /* key must be a string */
+        TString *key = tsvalue(rb);  /* key must be a short string */
         if (luaV_fastget(L, s2v(ra), key, slot, luaH_getshortstr)) {
           luaV_finishfastset(L, s2v(ra), slot, rc);
         }
diff --git a/contrib/lyaml/ext/yaml/yaml.c b/contrib/lyaml/ext/yaml/yaml.c
index 54478610134f..6a5ddc605e0f 100644
--- a/contrib/lyaml/ext/yaml/yaml.c
+++ b/contrib/lyaml/ext/yaml/yaml.c
@@ -35,6 +35,8 @@
 
 #include "lyaml.h"
 
+#include "bootstrap.h"
+
 #define MYNAME		"yaml"
 #define MYVERSION	MYNAME " library for " LUA_VERSION " / " VERSION
 
@@ -64,3 +66,5 @@ luaopen_yaml (lua_State *L)
 
    return 1;
 }
+
+FLUA_MODULE(yaml);
diff --git a/contrib/mandoc/Makefile b/contrib/mandoc/Makefile
index 0830c9f289a3..d4a2c794b437 100644
--- a/contrib/mandoc/Makefile
+++ b/contrib/mandoc/Makefile
@@ -15,7 +15,7 @@
 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-VERSION = 1.14.6s20250727
+VERSION = 1.14.6s20250926
 
 # === LIST OF FILES ====================================================
 
diff --git a/contrib/mandoc/dba.c b/contrib/mandoc/dba.c
index ee43933de3bf..ab40798e8eed 100644
--- a/contrib/mandoc/dba.c
+++ b/contrib/mandoc/dba.c
@@ -1,6 +1,6 @@
-/*	$Id: dba.c,v 1.10 2017/02/17 14:43:54 schwarze Exp $ */
+/* $Id: dba.c,v 1.11 2025/09/24 13:13:30 schwarze Exp $ */
 /*
- * Copyright (c) 2016, 2017 Ingo Schwarze <schwarze@openbsd.org>
+ * Copyright (c) 2016, 2017, 2025 Ingo Schwarze <schwarze@openbsd.org>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -318,7 +318,8 @@ compare_names(const void *vp1, const void *vp2)
 	cp1 = *(const char * const *)vp1;
 	cp2 = *(const char * const *)vp2;
 	return (diff = *cp2 - *cp1) ? diff :
-	    strcasecmp(cp1 + 1, cp2 + 1);
+	    (diff = strcasecmp(cp1 + 1, cp2 + 1)) ? diff :
+	    strcmp(cp1 + 1, cp2 + 1);
 }
 
 static int
diff --git a/contrib/mandoc/main.c b/contrib/mandoc/main.c
index 57b06c9b9e66..d70ff1ce77b4 100644
--- a/contrib/mandoc/main.c
+++ b/contrib/mandoc/main.c
@@ -1,6 +1,6 @@
-/* $Id: main.c,v 1.361 2022/04/14 16:43:43 schwarze Exp $ */
+/* $Id: main.c,v 1.364 2025/09/24 21:30:20 schwarze Exp $ */
 /*
- * Copyright (c) 2010-2012, 2014-2021 Ingo Schwarze <schwarze@openbsd.org>
+ * Copyright (c) 2010-2012,2014-2021,2025 Ingo Schwarze <schwarze@openbsd.org>
  * Copyright (c) 2008-2012 Kristaps Dzonsons <kristaps@bsd.lv>
  * Copyright (c) 2010 Joerg Sonnenberger <joerg@netbsd.org>
  *
@@ -109,7 +109,7 @@ static	void		  parse(struct mparse *, int, const char *,
 				struct outstate *, struct manconf *);
 static	void		  passthrough(int, int);
 static	void		  process_onefile(struct mparse *, struct manpage *,
-				int, struct outstate *, struct manconf *);
+				struct outstate *, struct manconf *);
 static	void		  run_pager(struct outstate *, char *);
 static	pid_t		  spawn_pager(struct outstate *, char *);
 static	void		  usage(enum argmode) __attribute__((__noreturn__));
@@ -144,7 +144,6 @@ main(int argc, char *argv[])
 	int		 options;	/* Parser options. */
 	int		 show_usage;	/* Invalid argument: give up. */
 	int		 prio, best_prio;
-	int		 startdir;
 	int		 c;
 	enum mandoc_os	 os_e;		/* Check base system conventions. */
 	enum outmode	 outmode;	/* According to command line. */
@@ -514,7 +513,7 @@ main(int argc, char *argv[])
 			if (resnsz == 0)
 				(void)fs_search(&search, &conf.manpath,
 				    *argv, &resn, &resnsz);
-			if (resnsz == 0 && strchr(*argv, '/') == NULL) {
+			if (resnsz == 0) {
 				if (search.arch != NULL &&
 				    arch_valid(search.arch, OSENUM) == 0)
 					warnx("Unknown architecture \"%s\".",
@@ -529,20 +528,6 @@ main(int argc, char *argv[])
 				mandoc_msg_setrc(MANDOCLEVEL_BADARG);
 				continue;
 			}
-			if (resnsz == 0) {
-				if (access(*argv, R_OK) == -1) {
-					mandoc_msg_setinfilename(*argv);
-					mandoc_msg(MANDOCERR_BADARG_BAD,
-					    0, 0, "%s", strerror(errno));
-					mandoc_msg_setinfilename(NULL);
-					continue;
-				}
-				resnsz = 1;
-				resn = mandoc_calloc(resnsz, sizeof(*res));
-				resn->file = mandoc_strdup(*argv);
-				resn->ipath = SIZE_MAX;
-				resn->form = FORM_SRC;
-			}
 			if (outmode != OUTMODE_ONE || resnsz == 1) {
 				res = mandoc_reallocarray(res,
 				    ressz + resnsz, sizeof(*res));
@@ -559,7 +544,8 @@ main(int argc, char *argv[])
 
 			best_prio = 40;
 			for (ib = i = 0; i < resnsz; i++) {
-				sec = resn[i].file;
+				sec = resn[i].file +
+				    strlen(conf.manpath.paths[resn[i].ipath]);
 				sec += strcspn(sec, "123456789");
 				if (sec[0] == '\0')
 					continue; /* No section at all. */
@@ -647,23 +633,13 @@ main(int argc, char *argv[])
 	mchars_alloc();
 	mp = mparse_alloc(options, os_e, os_s);
 
-	/*
-	 * Remember the original working directory, if possible.
-	 * This will be needed if some names on the command line
-	 * are page names and some are relative file names.
-	 * Do not error out if the current directory is not
-	 * readable: Maybe it won't be needed after all.
-	 */
-	startdir = open(".", O_RDONLY | O_DIRECTORY);
 	for (i = 0; i < ressz; i++) {
-		process_onefile(mp, res + i, startdir, &outst, &conf);
+		if (i > 0)
+			mparse_reset(mp);
+		process_onefile(mp, res + i, &outst, &conf);
 		if (outst.wstop && mandoc_msg_getrc() != MANDOCLEVEL_OK)
 			break;
 	}
-	if (startdir != -1) {
-		(void)fchdir(startdir);
-		close(startdir);
-	}
 	if (conf.output.tag != NULL && conf.output.tag_found == 0) {
 		mandoc_msg(MANDOCERR_TAG, 0, 0, "%s", conf.output.tag);
 		conf.output.tag = NULL;
@@ -909,7 +885,7 @@ fs_search(const struct mansearch *cfg, const struct manpaths *paths,
 }
 
 static void
-process_onefile(struct mparse *mp, struct manpage *resp, int startdir,
+process_onefile(struct mparse *mp, struct manpage *resp,
     struct outstate *outst, struct manconf *conf)
 {
 	int	 fd;
@@ -921,8 +897,6 @@ process_onefile(struct mparse *mp, struct manpage *resp, int startdir,
 	 */
 	if (resp->ipath != SIZE_MAX)
 		(void)chdir(conf->manpath.paths[resp->ipath]);
-	else if (startdir != -1)
-		(void)fchdir(startdir);
 
 	mandoc_msg_setinfilename(resp->file);
 	if (resp->file != NULL) {
@@ -982,18 +956,12 @@ parse(struct mparse *mp, int fd, const char *file,
     struct outstate *outst, struct manconf *conf)
 {
 	static struct manpaths	 basepaths;
-	static int		 previous;
 	struct roff_meta	*meta;
 
 	assert(fd >= 0);
 	if (file == NULL)
 		file = "<stdin>";
 
-	if (previous)
-		mparse_reset(mp);
-	else
-		previous = 1;
-
 	mparse_readfd(mp, fd, file);
 	if (fd != STDIN_FILENO)
 		close(fd);
diff --git a/contrib/mandoc/man.c b/contrib/mandoc/man.c
index f651efe3de8b..26846f1cf243 100644
--- a/contrib/mandoc/man.c
+++ b/contrib/mandoc/man.c
@@ -1,4 +1,4 @@
-/* $Id: man.c,v 1.189 2022/08/16 23:01:09 schwarze Exp $ */
+/* $Id: man.c,v 1.190 2025/08/22 13:17:06 schwarze Exp $ */
 /*
  * Copyright (c) 2013-2015,2017-2019,2022 Ingo Schwarze <schwarze@openbsd.org>
  * Copyright (c) 2008, 2009, 2010, 2011 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -134,6 +134,7 @@ man_ptext(struct roff_man *man, int line, char *buf, int offs)
 			*ep = '\0';
 			return 1;
 		}
+		mandoc_msg(MANDOCERR_FI_BLANK, line, i, NULL);
 		roff_elem_alloc(man, line, offs, ROFF_sp);
 		man->next = ROFF_NEXT_SIBLING;
 		return 1;
diff --git a/contrib/mandoc/man.options.1 b/contrib/mandoc/man.options.1
index be65ad98fddc..be101d4b5b62 100644
--- a/contrib/mandoc/man.options.1
+++ b/contrib/mandoc/man.options.1
@@ -1,4 +1,4 @@
-.\" $Id: man.options.1,v 1.8 2025/06/30 00:11:06 schwarze Exp $
+.\" $Id: man.options.1,v 1.9 2025/08/28 13:46:57 schwarze Exp $
 .\"
 .\" Copyright (c) 2017, 2025 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: June 30 2025 $
+.Dd $Mdocdate: August 28 2025 $
 .Dt MAN.OPTIONS 1
 .Os
 .Sh NAME
@@ -39,9 +39,18 @@
 .de At5
 .At V Pq January 1983 \\$1
 ..
+.de At8
+.No Version 8 At Pq February 1985 \\$1
+..
 .de Bx43
 .Bx 4.3 Pq June 1986 \\$1
 ..
+.de At9
+.No Version 9 At Pq September 1986 \\$1
+..
+.de At10
+.No Version 10 At Pq October 1989 \\$1
+..
 .\" option was present in groff-1.01 as contained in 4.3BSD-Net/2
 .\" and no mention of it could be found in the ChangeLog,
 .\" so it's probably older than groff-0.4, where the log started
@@ -49,7 +58,7 @@
 .No probably before groff-0.4 Pq before July 14, 1990 \\$1
 ..
 .de Eaton
-.No Eaton Pq before July 7, 1993; 1990/91? \\$1
+.No Eaton Pq before July 7, 1993; 1990/91?\& \\$1
 ..
 .\" man-1.5e was released on July 11, 1998.
 .de man15e
@@ -399,6 +408,12 @@ do not feed out paper nor stop phototypesetter
 .br
 .Nm troff :
 .At7
+.Pp
+.Bq superseded by Fl l
+interpret arguments as file names
+.br
+.Nm man :
+.At10
 .It Fl G
 preprocess with
 .Xr grap 1
@@ -549,6 +564,7 @@ mode
 .br
 .Nm man :
 .Bx4 ,
+.At10 ,
 .Eaton ;
 .No POSIX , Ox , Fx , Nx , No man-db , man-1.6 , illumos , Solaris 9-11
 .br
@@ -720,7 +736,9 @@ specify a page number for the first page
 output mode
 .br
 .Nm man :
-.At7
+.At7 ,
+.At8 ,
+.At10
 .Pp
 do not create the
 .Xr whatis 1
@@ -852,6 +870,12 @@ invoke the simultaneous input-output mode of the .rd request
 .Nm nroff , troff :
 .At7
 .Pp
+quick mode: prefer preformatted page if available
+.br
+.Nm man :
+.At8 ,
+.At10
+.Pp
 issue no warnings
 .br
 .Nm manpath :
@@ -1046,6 +1070,8 @@ output mode
 .Bx 2 Pq May 10, 1979 ,
 .At3 ,
 .At5 ,
+.At8 ,
+.At10 ,
 .Eaton ;
 .Fx , No man-db , man-1.6 , illumos , Solaris 9-11
 .br
@@ -1162,6 +1188,7 @@ list pathnames
 .At7 ,
 .At3 ,
 .At5 ,
+.At8 ,
 .Eaton ;
 .Ox , Fx , Nx , No man-db , man-1.6
 .br
diff --git a/contrib/mandoc/mandoc.1 b/contrib/mandoc/mandoc.1
index 8b6fe7d19b1e..0f83bcd53f1b 100644
--- a/contrib/mandoc/mandoc.1
+++ b/contrib/mandoc/mandoc.1
@@ -1,4 +1,4 @@
-.\" $Id: mandoc.1,v 1.272 2025/07/09 13:46:05 schwarze Exp $
+.\" $Id: mandoc.1,v 1.273 2025/08/22 13:17:06 schwarze Exp $
 .\"
 .\" Copyright (c) 2012, 2014-2023, 2025 Ingo Schwarze <schwarze@openbsd.org>
 .\" Copyright (c) 2009, 2010, 2011 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -15,7 +15,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: July 9 2025 $
+.Dd $Mdocdate: August 22 2025 $
 .Dt MANDOC 1
 .Os
 .Sh NAME
@@ -1002,14 +1002,14 @@ macro that could be represented using
 or
 .Ic \&Dx .
 .It Sy "errnos out of order"
-.Pq mdoc, Nx
+.Pq mdoc , Nx
 The
 .Ic \&Er
 items in a
 .Ic \&Bl
 list are not in alphabetical order.
 .It Sy "duplicate errno"
-.Pq mdoc, Nx
+.Pq mdoc , Nx
 A
 .Ic \&Bl
 list contains two consecutive
@@ -1150,7 +1150,7 @@ The
 argument is used as provided anyway.
 Consider checking whether the file name or the argument need a correction.
 .It Sy "missing date, using \(dq\(dq"
-.Pq mdoc, man
+.Pq mdoc , man
 The document was parsed as
 .Xr mdoc 7
 and it has no
@@ -1732,7 +1732,7 @@ or
 macro contains an opening or closing parenthesis; that's probably wrong,
 parentheses are added automatically.
 .It Sy "unknown library name"
-.Pq mdoc, not on Ox
+.Pq mdoc , not on Ox
 An
 .Ic \&Lb
 macro has an unknown name argument and will be rendered as
@@ -1790,7 +1790,7 @@ The last character is mapped to the blank character.
 .Ss "Warnings related to plain text"
 .Bl -ohang
 .It Sy "blank line in fill mode, using .sp"
-.Pq mdoc
+.Pq mdoc , man
 The meaning of blank input lines is only well-defined in non-fill mode:
 In fill mode, line breaks of text input lines are not supposed to be
 significant.
@@ -1800,6 +1800,8 @@ are formatted like
 requests.
 To request a paragraph break, use
 .Ic \&Pp
+or
+.Ic \&PP
 instead of a blank line.
 .It Sy "tab in filled text"
 .Pq mdoc , man
diff --git a/contrib/mandoc/mdoc.7 b/contrib/mandoc/mdoc.7
index 55cc7fae688d..6c2d3568baa6 100644
--- a/contrib/mandoc/mdoc.7
+++ b/contrib/mandoc/mdoc.7
@@ -1,4 +1,4 @@
-.\" $Id: mdoc.7,v 1.299 2025/06/13 16:18:28 schwarze Exp $
+.\" $Id: mdoc.7,v 1.300 2025/08/19 14:08:59 schwarze Exp $
 .\"
 .\" Copyright (c) 2010-2021, 2024, 2025 Ingo Schwarze <schwarze@openbsd.org>
 .\" Copyright (c) 2009, 2010, 2011 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -15,7 +15,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: June 13 2025 $
+.Dd $Mdocdate: August 19 2025 $
 .Dt MDOC 7
 .Os
 .Sh NAME
@@ -979,7 +979,7 @@ Unless the
 .Fl compact
 argument is specified, list entries are separated by vertical space.
 .Pp
-A list must specify one of the following list types:
+The following list types are commonly used:
 .Bl -tag -width 12n -offset indent
 .It Fl bullet
 No item heads can be specified, but a bullet will be printed at the head
@@ -994,7 +994,14 @@ The
 .Fl width
 argument has no effect; instead, the string length of each argument
 specifies the width of one column.
-If the first line of the body of a
+The width specification for the last column does not affect formatting.
+.Pp
+For two-column lists, using
+.Fl tag
+often results in simpler code, identical terminal output, and better HTML
+output, especially when the first column contains short identifiers.
+.Pp
+For compatibility with legacy documents, if the first line of the body of a
 .Fl column
 list is not an
 .Ic \&It
@@ -1016,7 +1023,7 @@ Like
 except that item heads are not parsed for macro invocations.
 Most often used in the
 .Em DIAGNOSTICS
-section with error constants in the item heads.
+section with error messages in the item heads.
 .It Fl enum
 A numbered list.
 No item heads can be specified.
@@ -1024,6 +1031,17 @@ Formatted like
 .Fl bullet ,
 except that ordinal numbers are used in place of bullets,
 starting at 1.
+.It Fl tag
+Item bodies are indented according to the
+.Fl width
+argument.
+When an item head fits inside the indentation, the item body follows
+this head on the same output line.
+Otherwise, the body starts on the output line following the head.
+.El
+.Pp
+The following list types are rarely useful:
+.Bl -tag -width 12n -offset indent
 .It Fl hang
 Like
 .Fl tag ,
@@ -1050,13 +1068,6 @@ Item bodies start on the line following item heads and are not indented.
 The
 .Fl width
 argument is ignored.
-.It Fl tag
-Item bodies are indented according to the
-.Fl width
-argument.
-When an item head fits inside the indentation, the item body follows
-this head on the same output line.
-Otherwise, the body starts on the output line following the head.
 .El
 .Pp
 Lists may be nested within lists and displays.
diff --git a/contrib/mandoc/roff_term.c b/contrib/mandoc/roff_term.c
index 8f95aa920790..38321c830013 100644
--- a/contrib/mandoc/roff_term.c
+++ b/contrib/mandoc/roff_term.c
@@ -1,4 +1,4 @@
-/* $Id: roff_term.c,v 1.26 2025/07/16 14:33:08 schwarze Exp $ */
+/* $Id: roff_term.c,v 1.27 2025/08/21 15:38:51 schwarze Exp $ */
 /*
  * Copyright (c) 2010, 2014, 2015, 2017-2021, 2025
  *               Ingo Schwarze <schwarze@openbsd.org>
@@ -165,6 +165,7 @@ roff_term_pre_po(ROFF_TERM_ARGS)
 	static int	 polast;  /* Previously requested. */
 	static int	 po;      /* Currently requested. */
 	static int	 pouse;   /* Currently used. */
+	int		 pomin;   /* Minimum to be used. */
 	int		 pomax;   /* Maximum to be used. */
 	int		 ponew;   /* Newly requested. */
 
@@ -186,9 +187,9 @@ roff_term_pre_po(ROFF_TERM_ARGS)
 	po = ponew;
 
 	/* Truncate to the range [-offset, 60], remember, and apply it. */
+	pomin = -p->tcol->offset;
 	pomax = term_len(p, 60);
-	pouse = po >= pomax ? pomax :
-	    po < -(int)p->tcol->offset ? -p->tcol->offset : po;
+	pouse = po > pomax ? pomax : po < pomin ? pomin : po;
 	p->tcol->offset += pouse;
 }
 
diff --git a/contrib/mandoc/term_ps.c b/contrib/mandoc/term_ps.c
index 4c6368ca1d1f..91124152d55a 100644
--- a/contrib/mandoc/term_ps.c
+++ b/contrib/mandoc/term_ps.c
@@ -1,4 +1,4 @@
-/* $Id: term_ps.c,v 1.94 2025/07/18 15:47:18 schwarze Exp $ */
+/* $Id: term_ps.c,v 1.95 2025/09/26 12:17:12 schwarze Exp $ */
 /*
  * Copyright (c) 2014-2017, 2020, 2025 Ingo Schwarze <schwarze@openbsd.org>
  * Copyright (c) 2010, 2011 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -1222,6 +1222,8 @@ ps_endline(struct termp *p)
 
 	ps_plast(p);
 	ps_pclose(p);
+	p->viscol = 0;
+	p->minbl = 0;
 
 	/*
 	 * If we're in the margin, don't try to recalculate our current
@@ -1235,8 +1237,6 @@ ps_endline(struct termp *p)
 	/* Left-justify. */
 
 	p->ps->pscol = p->ps->left;
-	p->viscol = 0;
-	p->minbl = 0;
 
 	/* If we haven't printed anything, return. */
 
diff --git a/contrib/ofed/libcxgb4/dev.c b/contrib/ofed/libcxgb4/dev.c
index d3c289dad9f2..db728f5627da 100644
--- a/contrib/ofed/libcxgb4/dev.c
+++ b/contrib/ofed/libcxgb4/dev.c
@@ -144,6 +144,8 @@ static struct ibv_context *c4iw_alloc_context(struct ibv_device *ibdev,
 	context->ibv_ctx.ops = c4iw_ctx_ops;
 
 	switch (rhp->chip_version) {
+	case CHELSIO_T7:
+		PDBG("%s T7/T6/T5/T4 device\n", __FUNCTION__);
 	case CHELSIO_T6:
 		PDBG("%s T6/T5/T4 device\n", __FUNCTION__);
 	case CHELSIO_T5:
@@ -429,6 +431,8 @@ static struct verbs_device *cxgb4_driver_init(const char *uverbs_sys_path,
 	    strstr(&ibdev[2], "nex") && devnum >= 0) {
 		snprintf(dev_str, sizeof(dev_str), "/dev/t%cnex/%d", ibdev[1],
 		    devnum);
+	} else if (strstr(&ibdev[0], "chnex") && devnum >= 0) {
+		snprintf(dev_str, sizeof(dev_str), "/dev/chnex/%d", devnum);
 	} else
 		return NULL;
 
@@ -523,7 +527,10 @@ found:
 		goto err;
 
 	dev->ibv_dev.ops = &c4iw_dev_ops;
-	dev->chip_version = CHELSIO_CHIP_VERSION(hca_table[i].device >> 8);
+	if (hca_table[i].device == 0xd000)
+		dev->chip_version = CHELSIO_T7;
+	else
+		dev->chip_version = CHELSIO_CHIP_VERSION(hca_table[i].device >> 8);
 	dev->abi_version = abi_version;
 
 	PDBG("%s device claimed\n", __FUNCTION__);
diff --git a/contrib/ofed/libcxgb4/libcxgb4.h b/contrib/ofed/libcxgb4/libcxgb4.h
index b891e8b1df97..216eee05a9d8 100644
--- a/contrib/ofed/libcxgb4/libcxgb4.h
+++ b/contrib/ofed/libcxgb4/libcxgb4.h
@@ -64,6 +64,11 @@ struct c4iw_dev {
 	int abi_version;
 };
 
+static inline int dev_is_t7(struct c4iw_dev *dev)
+{
+	return dev->chip_version == CHELSIO_T7;
+}
+
 static inline int dev_is_t6(struct c4iw_dev *dev)
 {
 	return dev->chip_version == CHELSIO_T6;
diff --git a/contrib/ofed/libcxgb4/t4_chip_type.h b/contrib/ofed/libcxgb4/t4_chip_type.h
index 54b718111e3f..ae3b760c51a1 100644
--- a/contrib/ofed/libcxgb4/t4_chip_type.h
+++ b/contrib/ofed/libcxgb4/t4_chip_type.h
@@ -37,6 +37,7 @@
 #define CHELSIO_T4		0x4
 #define CHELSIO_T5		0x5
 #define CHELSIO_T6		0x6
+#define CHELSIO_T7		0x7
 
 /* We code the Chelsio T4 Family "Chip Code" as a tuple:
  *
@@ -65,6 +66,10 @@ enum chip_type {
 	T6_A0 = CHELSIO_CHIP_CODE(CHELSIO_T6, 0),
 	T6_FIRST_REV	= T6_A0,
 	T6_LAST_REV	= T6_A0,
+
+	T7_A1 = CHELSIO_CHIP_CODE(CHELSIO_T7, 1),
+	T7_FIRST_REV	= T7_A1,
+	T7_LAST_REV	= T7_A1,
 };
 
 static inline int is_t4(enum chip_type chip)
@@ -82,4 +87,9 @@ static inline int is_t6(enum chip_type chip)
 	return (CHELSIO_CHIP_VERSION(chip) == CHELSIO_T6);
 }
 
+static inline int is_t7(enum chip_type chip)
+{
+	return (CHELSIO_CHIP_VERSION(chip) == CHELSIO_T7);
+}
+
 #endif /* __T4_CHIP_TYPE_H__ */
diff --git a/contrib/ofed/libcxgb4/t4_pci_id_tbl.h b/contrib/ofed/libcxgb4/t4_pci_id_tbl.h
index 50812a1d67bd..0ff7e689dc84 100644
--- a/contrib/ofed/libcxgb4/t4_pci_id_tbl.h
+++ b/contrib/ofed/libcxgb4/t4_pci_id_tbl.h
@@ -92,8 +92,7 @@
 #endif
 
 CH_PCI_DEVICE_ID_TABLE_DEFINE_BEGIN
-	/* T4 adapters:
-	 */
+	/* T4 adapters */
 	CH_PCI_ID_TABLE_FENTRY(0x4000),	/* T440-dbg */
 	CH_PCI_ID_TABLE_FENTRY(0x4001),	/* T420-cr */
 	CH_PCI_ID_TABLE_FENTRY(0x4002),	/* T422-cr */
@@ -119,8 +118,7 @@ CH_PCI_DEVICE_ID_TABLE_DEFINE_BEGIN
 	CH_PCI_ID_TABLE_FENTRY(0x4087),	/* Custom T440-cr */
 	CH_PCI_ID_TABLE_FENTRY(0x4088),	/* Custom T440 2-xaui, 2-xfi */
 
-	/* T5 adapters:
-	 */
+	/* T5 adapters */
 	CH_PCI_ID_TABLE_FENTRY(0x5000),	/* T580-dbg */
 	CH_PCI_ID_TABLE_FENTRY(0x5001),	/* T520-cr */
 	CH_PCI_ID_TABLE_FENTRY(0x5002),	/* T522-cr */
@@ -169,8 +167,7 @@ CH_PCI_DEVICE_ID_TABLE_DEFINE_BEGIN
 	CH_PCI_ID_TABLE_FENTRY(0x509b),	/* Custom T540-CR LOM */
 	CH_PCI_ID_TABLE_FENTRY(0x509c),	/* Custom T520-CR*/
 
-	/* T6 adapters:
-	 */
+	/* T6 adapters */
 	CH_PCI_ID_TABLE_FENTRY(0x6001),
 	CH_PCI_ID_TABLE_FENTRY(0x6002),
 	CH_PCI_ID_TABLE_FENTRY(0x6003),
@@ -184,6 +181,24 @@ CH_PCI_DEVICE_ID_TABLE_DEFINE_BEGIN
 	CH_PCI_ID_TABLE_FENTRY(0x6011),
 	CH_PCI_ID_TABLE_FENTRY(0x6014),
 	CH_PCI_ID_TABLE_FENTRY(0x6015),
+	CH_PCI_ID_TABLE_FENTRY(0x6081),
+
+	/* T7 adapters */
+	{ .vendor = 0x1425, .device = 0xd000 }, /* T7 FPGA */
+	CH_PCI_ID_TABLE_FENTRY(0x7000),	/* T7-DBG */
+	CH_PCI_ID_TABLE_FENTRY(0x7001),	/* T7250 */
+	CH_PCI_ID_TABLE_FENTRY(0x7002),	/* S7250 */
+	CH_PCI_ID_TABLE_FENTRY(0x7003),	/* T7450 */
+	CH_PCI_ID_TABLE_FENTRY(0x7004),	/* S7450 */
+	CH_PCI_ID_TABLE_FENTRY(0x7005),	/* T72200 */
+	CH_PCI_ID_TABLE_FENTRY(0x7006),	/* S72200 */
+	CH_PCI_ID_TABLE_FENTRY(0x7007),	/* T72200-FH */
+	CH_PCI_ID_TABLE_FENTRY(0x7008),	/* T71400 */
+	CH_PCI_ID_TABLE_FENTRY(0x7009),	/* S7210-BT */
+	CH_PCI_ID_TABLE_FENTRY(0x700a),	/* T7450-RC */
+	CH_PCI_ID_TABLE_FENTRY(0x700b),	/* T72200-RC */
+	CH_PCI_ID_TABLE_FENTRY(0x700c),	/* T72200-FH-RC */
+	CH_PCI_ID_TABLE_FENTRY(0x7080), /* Custom */
 CH_PCI_DEVICE_ID_TABLE_DEFINE_END;
 
 #endif /* __T4_PCI_ID_TBL_H__ */
diff --git a/contrib/one-true-awk/FIXES b/contrib/one-true-awk/FIXES
index b3bf38f0aa1c..b876b9ec5ec9 100644
--- a/contrib/one-true-awk/FIXES
+++ b/contrib/one-true-awk/FIXES
@@ -25,6 +25,14 @@ THIS SOFTWARE.
 This file lists all bug fixes, changes, etc., made since the 
 second edition of the AWK book was published in September 2023.
 
+Aug 04, 2025
+	Fix incorrect divisor in rand() - it was returning
+	even random numbers only. Thanks to Ozan Yigit.
+
+	Fix a syntax issue with /= that caused constants to
+	turn into variables [eg. 42 /= 7]. Thanks to Arnold
+	Robbins.
+
 Jan 14, 2025
 	Fix incorrect error line number issues. unput has
 	no business managing lineno. Thanks to Ozan Yigit.
diff --git a/contrib/one-true-awk/main.c b/contrib/one-true-awk/main.c
index 361c23e70861..b8053af34b05 100644
--- a/contrib/one-true-awk/main.c
+++ b/contrib/one-true-awk/main.c
@@ -22,7 +22,7 @@ ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF
 THIS SOFTWARE.
 ****************************************************************/
 
-const char	*version = "version 20250116";
+const char	*version = "version 20250804";
 
 #define DEBUG
 #include <stdio.h>
diff --git a/contrib/one-true-awk/run.c b/contrib/one-true-awk/run.c
index eaddfdecbdd3..9bc07a517372 100644
--- a/contrib/one-true-awk/run.c
+++ b/contrib/one-true-awk/run.c
@@ -1567,6 +1567,8 @@ Cell *assign(Node **a, int n)	/* a[0] = a[1], a[0] += a[1], etc. */
 		xf *= yf;
 		break;
 	case DIVEQ:
+		if ((x->tval & CON) != 0)
+			FATAL("non-constant required for left side of /=");
 		if (yf == 0)
 			FATAL("division by zero in /=");
 		xf /= yf;
@@ -2188,7 +2190,7 @@ Cell *bltin(Node **a, int n)	/* builtin functions. a[0] is type, a[1] is arg lis
 		/* random() returns numbers in [0..2^31-1]
 		 * in order to get a number in [0, 1), divide it by 2^31
 		 */
-		u = (Awkfloat) random() / (0x7fffffffL + 0x1UL);
+		u = (Awkfloat) random() / RAND_MAX;
 		break;
 	case FSRAND:
 		if (isrec(x))	/* no argument provided */
diff --git a/contrib/sendmail/src/newaliases.1 b/contrib/sendmail/src/newaliases.1
index 59dc0de20cf7..cdb6eef67416 100644
--- a/contrib/sendmail/src/newaliases.1
+++ b/contrib/sendmail/src/newaliases.1
@@ -14,7 +14,7 @@
 .TH NEWALIASES 1 "$Date: 2013-11-22 20:51:56 $"
 .SH NAME
 newaliases
-\- rebuild the data base for the mail aliases file
+\- rebuild the data base for the sendmail aliases file
 .SH SYNOPSIS
 .B newaliases
 .SH DESCRIPTION
diff --git a/contrib/tcpdump/print-pfsync.c b/contrib/tcpdump/print-pfsync.c
index 6bf9abaf3903..e7885c4a9e00 100644
--- a/contrib/tcpdump/print-pfsync.c
+++ b/contrib/tcpdump/print-pfsync.c
@@ -53,8 +53,8 @@
 static void	pfsync_print(netdissect_options *, struct pfsync_header *,
 		    const u_char *, u_int);
 static void	print_src_dst(netdissect_options *,
-		    const struct pfsync_state_peer *,
-		    const struct pfsync_state_peer *, uint8_t);
+		    const struct pf_state_peer_export *,
+		    const struct pf_state_peer_export *, uint8_t);
 static void	print_state(netdissect_options *, union pfsync_state_union *, int);
 
 void
@@ -102,6 +102,7 @@ struct pfsync_actions {
 static void	pfsync_print_clr(netdissect_options *, const void *);
 static void	pfsync_print_state_1301(netdissect_options *, const void *);
 static void	pfsync_print_state_1400(netdissect_options *, const void *);
+static void	pfsync_print_state_1500(netdissect_options *, const void *);
 static void	pfsync_print_ins_ack(netdissect_options *, const void *);
 static void	pfsync_print_upd_c(netdissect_options *, const void *);
 static void	pfsync_print_upd_req(netdissect_options *, const void *);
@@ -131,6 +132,8 @@ struct pfsync_actions actions[] = {
 	{ "eof", 0,					NULL },
 	{ "insert", sizeof(struct pfsync_state_1400),	pfsync_print_state_1400 },
 	{ "update", sizeof(struct pfsync_state_1400),	pfsync_print_state_1400 },
+	{ "insert", sizeof(struct pfsync_state_1500),	pfsync_print_state_1500 },
+	{ "update", sizeof(struct pfsync_state_1500),	pfsync_print_state_1500 },
 };
 
 static void
@@ -228,13 +231,22 @@ pfsync_print_state_1301(netdissect_options *ndo, const void *bp)
 static void
 pfsync_print_state_1400(netdissect_options *ndo, const void *bp)
 {
-	struct pfsync_state_1301 *st = (struct pfsync_state_1301 *)bp;
+	struct pfsync_state_1400 *st = (struct pfsync_state_1400 *)bp;
 
 	fn_print_char(ndo, '\n');
 	print_state(ndo, (union pfsync_state_union *)st, PFSYNC_MSG_VERSION_1400);
 }
 
 static void
+pfsync_print_state_1500(netdissect_options *ndo, const void *bp)
+{
+	struct pfsync_state_1500 *st = (struct pfsync_state_1500 *)bp;
+
+	fn_print_char(ndo, '\n');
+	print_state(ndo, (union pfsync_state_union *)st, PFSYNC_MSG_VERSION_1500);
+}
+
+static void
 pfsync_print_ins_ack(netdissect_options *ndo, const void *bp)
 {
 	const struct pfsync_ins_ack *iack = bp;
@@ -330,7 +342,7 @@ print_host(netdissect_options *ndo, struct pf_addr *addr, uint16_t port,
 }
 
 static void
-print_seq(netdissect_options *ndo, const struct pfsync_state_peer *p)
+print_seq(netdissect_options *ndo, const struct pf_state_peer_export *p)
 {
 	if (p->seqdiff)
 		ND_PRINT("[%u + %u](+%u)", ntohl(p->seqlo),
@@ -341,8 +353,8 @@ print_seq(netdissect_options *ndo, const struct pfsync_state_peer *p)
 }
 
 static void
-print_src_dst(netdissect_options *ndo, const struct pfsync_state_peer *src,
-    const struct pfsync_state_peer *dst, uint8_t proto)
+print_src_dst(netdissect_options *ndo, const struct pf_state_peer_export *src,
+    const struct pf_state_peer_export *dst, uint8_t proto)
 {
 
 	if (proto == IPPROTO_TCP) {
@@ -390,7 +402,7 @@ print_src_dst(netdissect_options *ndo, const struct pfsync_state_peer *src,
 static void
 print_state(netdissect_options *ndo, union pfsync_state_union *s, int version)
 {
-	struct pfsync_state_peer *src, *dst;
+	struct pf_state_peer_export *src, *dst;
 	struct pfsync_state_key *sk, *nk;
 	int min, sec;
 
diff --git a/contrib/tnftp/src/ftp.1 b/contrib/tnftp/src/ftp.1
index 34a88c23520b..e9f09ddca8cc 100644
--- a/contrib/tnftp/src/ftp.1
+++ b/contrib/tnftp/src/ftp.1
@@ -58,7 +58,7 @@
 .\"
 .\"	@(#)ftp.1	8.3 (Berkeley) 10/9/94
 .\"
-.Dd May 10, 2008
+.Dd September 25, 2025
 .Dt FTP 1
 .Os
 .Sh NAME
@@ -2325,8 +2325,7 @@ for an example of how to make this automatic.
 .Sh SEE ALSO
 .Xr getservbyname 3 ,
 .Xr editrc 5 ,
-.Xr services 5 ,
-.Xr ftpd 8
+.Xr services 5
 .Sh STANDARDS
 .Nm
 attempts to be compliant with:
diff --git a/contrib/tzcode/Makefile b/contrib/tzcode/Makefile
index 0087b4596515..2130582c2deb 100644
--- a/contrib/tzcode/Makefile
+++ b/contrib/tzcode/Makefile
@@ -137,7 +137,7 @@ TIME_T_ALTERNATIVES_TAIL = int_least32_t.ck uint_least32_t.ck \
   uint_least64_t.ck
 
 # What kind of TZif data files to generate.  (TZif is the binary time
-# zone data format that zic generates; see Internet RFC 8536.)
+# zone data format that zic generates; see Internet RFC 9636.)
 # If you want only POSIX time, with time values interpreted as
 # seconds since the epoch (not counting leap seconds), use
 #	REDO=		posix_only
@@ -255,6 +255,7 @@ LDLIBS=
 #  -DHAVE_UNISTD_H=0 if <unistd.h> does not work*
 #  -DHAVE_UTMPX_H=0 if <utmpx.h> does not work*
 #  -Dlocale_t=XXX if your system uses XXX instead of locale_t
+#  -DMKTIME_MIGHT_OVERFLOW if mktime might fail due to time_t overflow
 #  -DPORT_TO_C89 if tzcode should also run on mostly-C89 platforms+
 #	Typically it is better to use a later standard.  For example,
 #	with GCC 4.9.4 (2016), prefer '-std=gnu11' to '-DPORT_TO_C89'.
@@ -262,7 +263,7 @@ LDLIBS=
 #	feature (integers at least 64 bits wide) and maybe more.
 #  -DRESERVE_STD_EXT_IDS if your platform reserves standard identifiers
 #	with external linkage, e.g., applications cannot define 'localtime'.
-#  -Dssize_t=long on hosts like MS-Windows that lack ssize_t
+#  -Dssize_t=int on hosts like MS-Windows that lack ssize_t
 #  -DSUPPORT_C89=0 if the tzcode library should not support C89 callers
 #	Although -DSUPPORT_C89=0 might work around latent bugs in callers,
 #	it does not conform to POSIX.
@@ -285,7 +286,7 @@ LDLIBS=
 #	This mishandles some past timestamps, as US DST rules have changed.
 #	It also mishandles settings like TZ='EET-2EEST' for eastern Europe,
 #	as Europe and US DST rules differ.
-#  -DTZNAME_MAXIMUM=N to limit time zone abbreviations to N bytes (default 255)
+#  -DTZNAME_MAXIMUM=N to limit time zone abbreviations to N bytes (default 254)
 #  -DUNINIT_TRAP if reading uninitialized storage can cause problems
 #	other than simply getting garbage data
 #  -DUSE_LTZ=0 to build zdump with the system time zone library
@@ -319,7 +320,8 @@ GCC_DEBUG_FLAGS = -DGCC_LINT -g3 -O3 \
   $(GCC_INSTRUMENT) \
   -Wall -Wextra \
   -Walloc-size-larger-than=100000 -Warray-bounds=2 \
-  -Wbad-function-cast -Wbidi-chars=any,ucn -Wcast-align=strict -Wdate-time \
+  -Wbad-function-cast -Wbidi-chars=any,ucn -Wcast-align=strict -Wcast-qual \
+  -Wdate-time \
   -Wdeclaration-after-statement -Wdouble-promotion \
   -Wduplicated-branches -Wduplicated-cond -Wflex-array-member-not-at-end \
   -Wformat=2 -Wformat-overflow=2 -Wformat-signedness -Wformat-truncation \
@@ -336,7 +338,7 @@ GCC_DEBUG_FLAGS = -DGCC_LINT -g3 -O3 \
   -Wsuggest-attribute=noreturn -Wsuggest-attribute=pure \
   -Wtrampolines -Wundef -Wunused-macros -Wuse-after-free=3 \
   -Wvariadic-macros -Wvla -Wwrite-strings \
-  -Wno-format-nonliteral -Wno-sign-compare
+  -Wno-format-nonliteral -Wno-sign-compare -Wno-type-limits
 #
 # If your system has a "GMT offset" field in its "struct tm"s
 # (or if you decide to add such a field in your system's "time.h" file),
@@ -614,8 +616,8 @@ TZS_YEAR=	2050
 TZS_CUTOFF_FLAG=	-c $(TZS_YEAR)
 TZS=		to$(TZS_YEAR).tzs
 TZS_NEW=	to$(TZS_YEAR)new.tzs
-TZS_DEPS=	$(YDATA) asctime.c localtime.c \
-			private.h tzfile.h zdump.c zic.c
+TZS_DEPS=	$(YDATA) localtime.c private.h \
+			strftime.c tzfile.h zdump.c zic.c
 TZDATA_DIST = $(COMMON) $(DATA) $(MISC)
 # EIGHT_YARDS is just a yard short of the whole ENCHILADA.
 EIGHT_YARDS = $(TZDATA_DIST) $(DOCS) $(SOURCES) tzdata.zi
@@ -855,10 +857,10 @@ tzselect:	tzselect.ksh version
 		chmod +x $@.out
 		mv $@.out $@
 
-check: check_mild back.ck
+check: check_mild back.ck now.ck
 check_mild: check_web check_zishrink \
   character-set.ck white-space.ck links.ck mainguard.ck \
-  name-lengths.ck now.ck slashed-abbrs.ck sorted.ck \
+  name-lengths.ck slashed-abbrs.ck sorted.ck \
   tables.ck ziguard.ck tzs.ck
 
 # True if UTF8_LOCALE does not work;
@@ -1103,7 +1105,7 @@ set-timestamps.out: $(EIGHT_YARDS)
 		   touch -md @1 test.out; then \
 		  rm -f test.out && \
 		  for file in $$files; do \
-		    if git diff --quiet $$file; then \
+		    if git diff --quiet HEAD $$file; then \
 		      time=$$(TZ=UTC0 git log -1 \
 			--format='tformat:%cd' \
 			--date='format:%Y-%m-%dT%H:%M:%SZ' \
@@ -1354,13 +1356,13 @@ long-long.ck unsigned.ck: $(VERSION_DEPS)
 zonenames:	tzdata.zi
 		@$(AWK) '/^Z/ { print $$2 } /^L/ { print $$3 }' tzdata.zi
 
-asctime.o:	private.h tzfile.h
+asctime.o:	private.h
 date.o:		private.h
 difftime.o:	private.h
-localtime.o:	private.h tzfile.h tzdir.h
-strftime.o:	private.h tzfile.h
-zdump.o:	version.h
-zic.o:		private.h tzfile.h tzdir.h version.h
+localtime.o:	private.h tzdir.h tzfile.h
+strftime.o:	localtime.c private.h tzdir.h tzfile.h
+zdump.o:	private.h version.h
+zic.o:		private.h tzdir.h tzfile.h version.h
 
 .PHONY: ALL INSTALL all
 .PHONY: check check_mild check_time_t_alternatives
diff --git a/contrib/tzcode/NEWS b/contrib/tzcode/NEWS
index 83b8b8c8d39c..8c0771641ef0 100644
--- a/contrib/tzcode/NEWS
+++ b/contrib/tzcode/NEWS
@@ -1,5 +1,108 @@
 News for the tz database
 
+Release 2025b - 2025-03-22 13:40:46 -0700
+
+  Briefly:
+    New zone for Aysén Region in Chile which moves from -04/-03 to -03.
+
+  Changes to future timestamps
+
+    Chile's Aysén Region moves from -04/-03 to -03 year-round, joining
+    Magallanes Region.  The region will not change its clocks on
+    2025-04-05 at 24:00, diverging from America/Santiago and creating a
+    new zone America/Coyhaique.  (Thanks to Yonathan Dossow.)  Model
+    this as a change to standard offset effective 2025-03-20.
+
+  Changes to past timestamps
+
+    Iran switched from +04 to +0330 on 1978-11-10 at 24:00, not at
+    year end.  (Thanks to Roozbeh Pournader.)
+
+  Changes to code
+
+    'zic -l TIMEZONE -d . -l /some/other/file/system' no longer
+    attempts to create an incorrect symlink, and no longer has a
+    read buffer underflow.  (Problem reported by Evgeniy Gorbanev.)
+
+
+Release 2025a - 2025-01-15 10:47:24 -0800
+
+  Briefly:
+    Paraguay adopted permanent -03 starting spring 2024.
+    Improve pre-1991 data for the Philippines.
+    Etc/Unknown is now reserved.
+
+  Changes to future timestamps
+
+    Paraguay stopped changing its clocks after the spring-forward
+    transition on 2024-10-06, so it is now permanently at -03.
+    (Thanks to Heitor David Pinto and Even Scharning.)
+    This affects timestamps starting 2025-03-22, as well as the
+    obsolescent tm_isdst flags starting 2024-10-15.
+
+  Changes to past timestamps
+
+    Correct timestamps for the Philippines before 1900, and from 1937
+    through 1990.  (Thanks to P Chan for the heads-up and citations.)
+    This includes adjusting local mean time before 1899; fixing
+    transitions in September 1899, January 1937, and June 1954; adding
+    transitions in December 1941, November 1945, March and September
+    1977, and May and July 1990; and removing incorrect transitions in
+    March and September 1978.
+
+  Changes to data
+
+    Add zone1970.tab lines for the Concordia and Eyre Bird Observatory
+    research stations.  (Thanks to Derick Rethans and Jule Dabars.)
+
+  Changes to code
+
+    strftime %s now generates the correct numeric string even when the
+    represented number does not fit into time_t.  This is better than
+    generating the numeric equivalent of (time_t) -1, as strftime did
+    in TZDB releases 96a (when %s was introduced) through 2020a and in
+    releases 2022b through 2024b.  It is also better than failing and
+    returning 0, as strftime did in releases 2020b through 2022a.
+
+    strftime now outputs an invalid conversion specifier as-is,
+    instead of eliding the leading '%', which confused debugging.
+
+    An invalid TZ now generates the time zone abbreviation "-00", not
+    "UTC", to help the user see that an error has occurred.  (Thanks
+    to Arthur David Olson for suggesting a "wrong result".)
+
+    mktime and timeoff no longer incorrectly fail merely because a
+    struct tm component near INT_MIN or INT_MAX overflows when a
+    lower-order component carries into it.
+
+    TZNAME_MAXIMUM, the maximum number of bytes in a proleptic TZ
+    string's time zone abbreviation, now defaults to 254 not 255.
+    This helps reduce the size of internal state from 25480 to 21384
+    on common platforms.  This change should not be a problem, as
+    nobody uses such long "abbreviations" and the longstanding tzcode
+    maximum was 16 until release 2023a.  For those who prefer no
+    arbitrary limits, you can now specify TZNAME_MAXIMUM values up to
+    PTRDIFF_MAX, a limit forced by C anyway; formerly tzcode silently
+    misbehaved unless TZNAME_MAXIMUM was less than INT_MAX.
+
+    tzset and related functions no longer leak a file descriptor if
+    another thread forks or execs at about the same time and if the
+    platform has O_CLOFORK and O_CLOEXEC respectively.  Also, the
+    functions no longer let a TZif file become a controlling terminal.
+
+    'zdump -' now reads TZif data from /dev/stdin.
+    (From a question by Arthur David Olson.)
+
+  Changes to documentation
+
+    The name Etc/Unknown is now reserved: it will not be used by TZDB.
+    This is for compatibility with CLDR, which uses the string
+    "Etc/Unknown" for an unknown or invalid timezone.  (Thanks to
+    Justin Grant, Mark Davis, and Guy Harris.)
+
+    Cite Internet RFC 9636, which obsoletes RFC 8536 for TZif format.
+
+
 Release 2024b - 2024-09-04 12:27:47 -0700
 
   Briefly:
@@ -116,7 +219,7 @@ Release 2024b - 2024-09-04 12:27:47 -0700
   Changes to commentary
 
     Commentary about historical transitions in Portugal and her former
-    colonies has been expanded with links to many relevant legislation.
+    colonies has been expanded with links to relevant legislation.
     (Thanks to Tim Parenti.)
 
 
@@ -204,10 +307,10 @@ Release 2023d - 2023-12-21 20:02:24 -0800
     changing its time zone from -01/+00 to -02/-01 at the same moment
     as the spring-forward transition.  Its clocks will therefore not
     spring forward as previously scheduled.  The time zone change
-    reverts to its common practice before 1981.
+    reverts to its common practice before 1981.  (Thanks to Jule Dabars.)
 
     Fix predictions for DST transitions in Palestine in 2072-2075,
-    correcting a typo introduced in 2023a.
+    correcting a typo introduced in 2023a.  (Thanks to Jule Dabars.)
 
   Changes to past and future timestamps
 
diff --git a/contrib/tzcode/asctime.c b/contrib/tzcode/asctime.c
index ebb90a1cc84d..491d23bf73ac 100644
--- a/contrib/tzcode/asctime.c
+++ b/contrib/tzcode/asctime.c
@@ -7,38 +7,16 @@
 
 /*
 ** Avoid the temptation to punt entirely to strftime;
+** strftime can behave badly when tm components are out of range, and
 ** the output of strftime is supposed to be locale specific
 ** whereas the output of asctime is supposed to be constant.
 */
 
 /*LINTLIBRARY*/
 
-#include "namespace.h"
 #include "private.h"
-#include "un-namespace.h"
 #include <stdio.h>
 
-/*
-** All years associated with 32-bit time_t values are exactly four digits long;
-** some years associated with 64-bit time_t values are not.
-** Vintage programs are coded for years that are always four digits long
-** and may assume that the newline always lands in the same place.
-** For years that are less than four digits, we pad the output with
-** leading zeroes to get the newline in the traditional place.
-** The -4 ensures that we get four characters of output even if
-** we call a strftime variant that produces fewer characters for some years.
-** This conforms to recent ISO C and POSIX standards, which say behavior
-** is undefined when the year is less than 1000 or greater than 9999.
-*/
-static char const ASCTIME_FMT[] = "%s %s%3d %.2d:%.2d:%.2d %-4s\n";
-/*
-** For years that are more than four digits we put extra spaces before the year
-** so that code trying to overwrite the newline won't end up overwriting
-** a digit within a year and truncating the year (operating on the assumption
-** that no output is better than wrong output).
-*/
-static char const ASCTIME_FMT_B[] = "%s %s%3d %.2d:%.2d:%.2d     %s\n";
-
 enum { STD_ASCTIME_BUF_SIZE = 26 };
 /*
 ** Big enough for something such as
@@ -52,14 +30,24 @@ enum { STD_ASCTIME_BUF_SIZE = 26 };
 */
 static char buf_asctime[2*3 + 5*INT_STRLEN_MAXIMUM(int) + 7 + 2 + 1 + 1];
 
-/* A similar buffer for ctime.
-   C89 requires that they be the same buffer.
-   This requirement was removed in C99, so support it only if requested,
-   as support is more likely to lead to bugs in badly written programs.  */
-#if SUPPORT_C89
-# define buf_ctime buf_asctime
-#else
-static char buf_ctime[sizeof buf_asctime];
+/* On pre-C99 platforms, a snprintf substitute good enough for us.  */
+#if !HAVE_SNPRINTF
+# include <stdarg.h>
+ATTRIBUTE_FORMAT((printf, 3, 4)) static int
+my_snprintf(char *s, size_t size, char const *format, ...)
+{
+  int n;
+  va_list args;
+  char stackbuf[sizeof buf_asctime];
+  va_start(args, format);
+  n = vsprintf(stackbuf, format, args);
+  va_end (args);
+  if (0 <= n && n < size)
+    memcpy (s, stackbuf, n + 1);
+  return n;
+}
+# undef snprintf
+# define snprintf my_snprintf
 #endif
 
 /* Publish asctime_r and ctime_r only when supporting older POSIX.  */
@@ -84,14 +72,19 @@ asctime_r(struct tm const *restrict timeptr, char *restrict buf)
 		"Jan", "Feb", "Mar", "Apr", "May", "Jun",
 		"Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
 	};
-	const char *	wn;
-	const char *	mn;
-	char			year[INT_STRLEN_MAXIMUM(int) + 2];
-	char result[sizeof buf_asctime];
+	register const char *	wn;
+	register const char *	mn;
+	int year, mday, hour, min, sec;
+	long long_TM_YEAR_BASE = TM_YEAR_BASE;
+	size_t bufsize = (buf == buf_asctime
+			  ? sizeof buf_asctime : STD_ASCTIME_BUF_SIZE);
 
 	if (timeptr == NULL) {
+		strcpy(buf, "??? ??? ?? ??:??:?? ????\n");
+		/* Set errno now, since strcpy might change it in
+		   POSIX.1-2017 and earlier.  */
 		errno = EINVAL;
-		return strcpy(buf, "??? ??? ?? ??:??:?? ????\n");
+		return buf;
 	}
 	if (timeptr->tm_wday < 0 || timeptr->tm_wday >= DAYSPERWEEK)
 		wn = "???";
@@ -99,25 +92,41 @@ asctime_r(struct tm const *restrict timeptr, char *restrict buf)
 	if (timeptr->tm_mon < 0 || timeptr->tm_mon >= MONSPERYEAR)
 		mn = "???";
 	else	mn = mon_name[timeptr->tm_mon];
-	/*
-	** Use strftime's %Y to generate the year, to avoid overflow problems
-	** when computing timeptr->tm_year + TM_YEAR_BASE.
-	** Assume that strftime is unaffected by other out-of-range members
-	** (e.g., timeptr->tm_mday) when processing "%Y".
-	*/
-	strftime(year, sizeof year, "%Y", timeptr);
-	/*
-	** We avoid using snprintf since it's not available on all systems.
-	*/
-	sprintf(result,
-		((strlen(year) <= 4) ? ASCTIME_FMT : ASCTIME_FMT_B),
-		wn, mn,
-		timeptr->tm_mday, timeptr->tm_hour,
-		timeptr->tm_min, timeptr->tm_sec,
-		year);
-	if (strlen(result) < STD_ASCTIME_BUF_SIZE
-	    || buf == buf_ctime || buf == buf_asctime)
-		return strcpy(buf, result);
+
+	year = timeptr->tm_year;
+	mday = timeptr->tm_mday;
+	hour = timeptr->tm_hour;
+	min = timeptr->tm_min;
+	sec = timeptr->tm_sec;
+
+	/* Vintage programs are coded for years that are always four bytes long
+	   and may assume that the newline always lands in the same place.
+	   For years that are less than four bytes, pad the output with
+	   leading zeroes to get the newline in the traditional place.
+	   For years longer than four bytes, put extra spaces before the year
+	   so that vintage code trying to overwrite the newline
+	   won't overwrite a digit within a year and truncate the year,
+	   using the principle that no output is better than wrong output.
+	   This conforms to ISO C and POSIX standards, which say behavior
+	   is undefined when the year is less than 1000 or greater than 9999.
+
+	   Also, avoid overflow when formatting tm_year + TM_YEAR_BASE.  */
+
+	if ((year <= LONG_MAX - TM_YEAR_BASE
+	     ? snprintf (buf, bufsize,
+			 ((-999 - TM_YEAR_BASE <= year
+			   && year <= 9999 - TM_YEAR_BASE)
+			  ? "%s %s%3d %.2d:%.2d:%.2d %04ld\n"
+			  : "%s %s%3d %.2d:%.2d:%.2d     %ld\n"),
+			 wn, mn, mday, hour, min, sec,
+			 year + long_TM_YEAR_BASE)
+	     : snprintf (buf, bufsize,
+			 "%s %s%3d %.2d:%.2d:%.2d     %d%d\n",
+			 wn, mn, mday, hour, min, sec,
+			 year / 10 + TM_YEAR_BASE / 10,
+			 year % 10))
+	    < bufsize)
+		return buf;
 	else {
 		errno = EOVERFLOW;
 		return NULL;
@@ -142,5 +151,8 @@ ctime_r(const time_t *timep, char *buf)
 char *
 ctime(const time_t *timep)
 {
-  return ctime_r(timep, buf_ctime);
+  /* Do not call localtime_r, as C23 requires ctime to initialize the
+     static storage that localtime updates.  */
+  struct tm *tmp = localtime(timep);
+  return tmp ? asctime(tmp) : NULL;
 }
diff --git a/contrib/tzcode/date.1 b/contrib/tzcode/date.1
index 01907bc76e2c..3a02e7c2e08a 100644
--- a/contrib/tzcode/date.1
+++ b/contrib/tzcode/date.1
@@ -6,15 +6,13 @@ date \- show and set date and time
 .SH SYNOPSIS
 .if n .nh
 .if n .na
-.ie \n(.g .ds - \f(CR-\fP
-.el .ds - \-
 .B date
 [
-.B \*-u
+.B \-u
 ] [
-.B \*-c
+.B \-c
 ] [
-.B \*-r
+.B \-r
 .I seconds
 ] [
 .BI + format
@@ -35,7 +33,7 @@ command
 without arguments writes the date and time to the standard output in
 the form
 .ce 1
-Wed Mar  8 14:54:40 EST 1989
+Sat Mar  8 14:54:40 EST 2025
 .br
 with
 .B EST
@@ -49,99 +47,24 @@ If a command-line argument starts with a plus sign (\c
 .q "\fB+\fP" ),
 the rest of the argument is used as a
 .I format
-that controls what appears in the output.
-In the format, when a percent sign (\c
-.q "\fB%\fP"
-appears,
-it and the character after it are not output,
-but rather identify part of the date or time
-to be output in a particular way
-(or identify a special character to output):
-.nf
-.sp
-.if t .in +.5i
-.if n .in +2
-.ta \w'%M\0\0'u +\w'Wed Mar  8 14:54:40 EST 1989\0\0'u
-	Sample output	Explanation
-%a	Wed	Abbreviated weekday name*
-%A	Wednesday	Full weekday name*
-%b	Mar	Abbreviated month name*
-%B	March	Full month name*
-%c	Wed Mar 08 14:54:40 1989	Date and time*
-%C	19	Century
-%d	08	Day of month (always two digits)
-%D	03/08/89	Month/day/year (eight characters)
-%e	 8	Day of month (leading zero blanked)
-%h	Mar	Abbreviated month name*
-%H	14	24-hour-clock hour (two digits)
-%I	02	12-hour-clock hour (two digits)
-%j	067	Julian day number (three digits)
-%k	 2	12-hour-clock hour (leading zero blanked)
-%l	14	24-hour-clock hour (leading zero blanked)
-%m	03	Month number (two digits)
-%M	54	Minute (two digits)
-%n	\\n	newline character
-%p	PM	AM/PM designation
-%r	02:54:40 PM	Hour:minute:second AM/PM designation
-%R	14:54	Hour:minute
-%S	40	Second (two digits)
-%t	\\t	tab character
-%T	14:54:40	Hour:minute:second
-%U	10	Sunday-based week number (two digits)
-%w	3	Day number (one digit, Sunday is 0)
-%W	10	Monday-based week number (two digits)
-%x	03/08/89	Date*
-%X	14:54:40	Time*
-%y	89	Last two digits of year
-%Y	1989	Year in full
-%z	-0500	Numeric time zone
-%Z	EST	Time zone abbreviation
-%+	Wed Mar  8 14:54:40 EST 1989	Default output format*
-.if t .in -.5i
-.if n .in -2
-* The exact output depends on the locale.
-.sp
-.fi
-If a character other than one of those shown above appears after
-a percent sign in the format,
-that following character is output.
-All other characters in the format are copied unchanged to the output;
-a newline character is always added at the end of the output.
-.PP
-In Sunday-based week numbering,
-the first Sunday of the year begins week 1;
-days preceding it are part of
-.q "week 0" .
-In Monday-based week numbering,
-the first Monday of the year begins week 1.
-.PP
-To set the date, use a command line argument with one of the following forms:
-.nf
-.if t .in +.5i
-.if n .in +2
-.ta \w'198903081454\0'u
-1454	24-hour-clock hours (first two digits) and minutes
-081454	Month day (first two digits), hours, and minutes
-03081454	Month (two digits, January is 01), month day, hours, minutes
-8903081454	Year, month, month day, hours, minutes
-0308145489	Month, month day, hours, minutes, year
-	(on System V-compatible systems)
-030814541989	Month, month day, hours, minutes, four-digit year
-198903081454	Four-digit year, month, month day, hours, minutes
-.if t .in -.5i
-.if n .in -2
-.fi
-If the century, year, month, or month day is not given,
-the current value is used.
-Any of the above forms may be followed by a period and two digits that give
-the seconds part of the new time; if no seconds are given, zero is assumed.
+that is processed by
+.BR strftime (3)
+to determine what to output;
+a newline character is appended.
+For example, the shell command:
+.ce 1
+date +"%Y\-%m\-%d %H:%M:%S %z"
+.br
+outputs a line like
+.q "2025\-03\-08 14:54:40 \-0500"
+instead.
 .PP
 These options are available:
 .TP
-.BR \*-u " or " \*-c
+.BR \-u " or " \-c
 Use Universal Time when setting and showing the date and time.
 .TP
-.BI "\*-r " seconds
+.BI "\-r " seconds
 Output the date that corresponds to
 .I seconds
 past the epoch of 1970-01-01 00:00:00 UTC, where
@@ -149,16 +72,13 @@ past the epoch of 1970-01-01 00:00:00 UTC, where
 should be an integer, either decimal, octal (leading 0), or
 hexadecimal (leading 0x), preceded by an optional sign.
 .SH FILES
-.ta \w'/usr/share/zoneinfo/posixrules\0\0'u
+.ta \w'/usr/share/zoneinfo/Etc/UTC\0\0'u
 /etc/localtime	local timezone file
 .br
 /usr/lib/locale/\f2L\fP/LC_TIME	description of time locale \f2L\fP
 .br
 /usr/share/zoneinfo	timezone directory
 .br
-/usr/share/zoneinfo/posixrules	default DST rules (obsolete)
-.br
-/usr/share/zoneinfo/GMT	for UTC leap seconds
-.PP
-If /usr/share/zoneinfo/GMT is absent,
-UTC leap seconds are loaded from /usr/share/zoneinfo/GMT0 if present.
+/usr/share/zoneinfo/Etc/UTC	for UTC leap seconds
+.SH SEE ALSO
+.BR strftime (3).
diff --git a/contrib/tzcode/difftime.c b/contrib/tzcode/difftime.c
index 43af402cdc12..ff78f03c5705 100644
--- a/contrib/tzcode/difftime.c
+++ b/contrib/tzcode/difftime.c
@@ -7,9 +7,7 @@
 
 /*LINTLIBRARY*/
 
-#include "namespace.h"
 #include "private.h"	/* for time_t and TYPE_SIGNED */
-#include "un-namespace.h"
 
 /* Return -X as a double.  Using this avoids casting to 'double'.  */
 static double
diff --git a/contrib/tzcode/localtime.c b/contrib/tzcode/localtime.c
index a6ec3d8e4e21..1668475ea646 100644
--- a/contrib/tzcode/localtime.c
+++ b/contrib/tzcode/localtime.c
@@ -13,42 +13,114 @@
 /*LINTLIBRARY*/
 
 #define LOCALTIME_IMPLEMENTATION
-#include "namespace.h"
+#ifdef __FreeBSD__
+#include <pthread.h>
+#endif /* __FreeBSD__ */
 #ifdef DETECT_TZ_CHANGES
-#ifndef DETECT_TZ_CHANGES_INTERVAL
-#define DETECT_TZ_CHANGES_INTERVAL 61
-#endif
+# ifndef DETECT_TZ_CHANGES_INTERVAL
+#  define DETECT_TZ_CHANGES_INTERVAL 61
+# endif
 int __tz_change_interval = DETECT_TZ_CHANGES_INTERVAL;
-#include <sys/stat.h>
-#endif
-#include <fcntl.h>
-#if THREAD_SAFE
-#include <pthread.h>
-#endif
+# include <sys/stat.h>
+#endif /* DETECT_TZ_CHANGES */
 #include "private.h"
-#include "un-namespace.h"
 
 #include "tzdir.h"
 #include "tzfile.h"
-
+#include <fcntl.h>
+#ifdef __FreeBSD__
 #include "libc_private.h"
+#endif /* __FreeBSD__ */
+
+#if HAVE_SYS_STAT_H
+# include <sys/stat.h>
+#endif
+#if !defined S_ISREG && defined S_IFREG
+/* Ancient UNIX or recent MS-Windows.  */
+# define S_ISREG(mode) (((mode) & S_IFMT) == S_IFREG)
+#endif
 
 #if defined THREAD_SAFE && THREAD_SAFE
+# include <pthread.h>
+#ifdef __FreeBSD__
+# define pthread_mutex_lock(l) (__isthreaded ? pthread_mutex_lock(l) : 0)
+# define pthread_mutex_unlock(l) (__isthreaded ? pthread_mutex_unlock(l) : 0)
+#endif /* __FreeBSD__ */
 static pthread_mutex_t locallock = PTHREAD_MUTEX_INITIALIZER;
-static int lock(void) {
-	if (__isthreaded)
-		return _pthread_mutex_lock(&locallock);
-	return 0;
-}
-static void unlock(void) {
-	if (__isthreaded)
-		_pthread_mutex_unlock(&locallock);
-}
+static int lock(void) { return pthread_mutex_lock(&locallock); }
+static void unlock(void) { pthread_mutex_unlock(&locallock); }
 #else
 static int lock(void) { return 0; }
 static void unlock(void) { }
 #endif
 
+/* Unless intptr_t is missing, pacify gcc -Wcast-qual on char const * exprs.
+   Use this carefully, as the casts disable type checking.
+   This is a macro so that it can be used in static initializers.  */
+#ifdef INTPTR_MAX
+# define UNCONST(a) ((char *) (intptr_t) (a))
+#else
+# define UNCONST(a) ((char *) (a))
+#endif
+
+/* A signed type wider than int, so that we can add 1900 + tm_mon/12 to tm_year
+   without overflow.  The static_assert checks that it is indeed wider
+   than int; if this fails on your platform please let us know.  */
+#if INT_MAX < LONG_MAX
+typedef long iinntt;
+# define IINNTT_MIN LONG_MIN
+# define IINNTT_MAX LONG_MAX
+#elif INT_MAX < LLONG_MAX
+typedef long long iinntt;
+# define IINNTT_MIN LLONG_MIN
+# define IINNTT_MAX LLONG_MAX
+#else
+typedef intmax_t iinntt;
+# define IINNTT_MIN INTMAX_MIN
+# define IINNTT_MAX INTMAX_MAX
+#endif
+static_assert(IINNTT_MIN < INT_MIN && INT_MAX < IINNTT_MAX);
+
+/* On platforms where offtime or mktime might overflow,
+   strftime.c defines USE_TIMEX_T to be true and includes us.
+   This tells us to #define time_t to an internal type timex_t that is
+   wide enough so that strftime %s never suffers from integer overflow,
+   and to #define offtime (if TM_GMTOFF is defined) or mktime (otherwise)
+   to a static function that returns the redefined time_t.
+   It also tells us to define only data and code needed
+   to support the offtime or mktime variant.  */
+#ifndef USE_TIMEX_T
+# define USE_TIMEX_T false
+#endif
+#if USE_TIMEX_T
+# undef TIME_T_MIN
+# undef TIME_T_MAX
+# undef time_t
+# define time_t timex_t
+# if MKTIME_FITS_IN(LONG_MIN, LONG_MAX)
+typedef long timex_t;
+# define TIME_T_MIN LONG_MIN
+# define TIME_T_MAX LONG_MAX
+# elif MKTIME_FITS_IN(LLONG_MIN, LLONG_MAX)
+typedef long long timex_t;
+# define TIME_T_MIN LLONG_MIN
+# define TIME_T_MAX LLONG_MAX
+# else
+typedef intmax_t timex_t;
+# define TIME_T_MIN INTMAX_MIN
+# define TIME_T_MAX INTMAX_MAX
+# endif
+
+# ifdef TM_GMTOFF
+#  undef timeoff
+#  define timeoff timex_timeoff
+#  undef EXTERN_TIMEOFF
+# else
+#  undef mktime
+#  define mktime timex_mktime
+# endif
+#endif
+
 #ifndef TZ_ABBR_CHAR_SET
 # define TZ_ABBR_CHAR_SET \
 	"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 :+-._"
@@ -58,12 +130,23 @@ static void unlock(void) { }
 # define TZ_ABBR_ERR_CHAR '_'
 #endif /* !defined TZ_ABBR_ERR_CHAR */
 
-/*
-** Support non-POSIX platforms that distinguish between text and binary files.
-*/
+/* Port to platforms that lack some O_* flags.  Unless otherwise
+   specified, the flags are standardized by POSIX.  */
 
 #ifndef O_BINARY
-# define O_BINARY 0
+# define O_BINARY 0 /* MS-Windows */
+#endif
+#ifndef O_CLOEXEC
+# define O_CLOEXEC 0
+#endif
+#ifndef O_CLOFORK
+# define O_CLOFORK 0
+#endif
+#ifndef O_IGNORE_CTTY
+# define O_IGNORE_CTTY 0 /* GNU/Hurd */
+#endif
+#ifndef O_NOCTTY
+# define O_NOCTTY 0
 #endif
 
 #ifndef WILDABBR
@@ -92,7 +175,10 @@ static void unlock(void) { }
 static const char	wildabbr[] = WILDABBR;
 
 static char const etc_utc[] = "Etc/UTC";
+
+#if !USE_TIMEX_T || defined TM_ZONE || !defined TM_GMTOFF
 static char const *utc = etc_utc + sizeof "Etc/" - 1;
+#endif
 
 /*
 ** The DST rules to use if TZ has no rules and we can't load TZDEFRULES.
@@ -104,10 +190,31 @@ static char const *utc = etc_utc + sizeof "Etc/" - 1;
 # define TZDEFRULESTRING ",M3.2.0,M11.1.0"
 #endif
 
+/* Limit to time zone abbreviation length in proleptic TZ strings.
+   This is distinct from TZ_MAX_CHARS, which limits TZif file contents.
+   It defaults to 254, not 255, so that desigidx_type can be an unsigned char.
+   unsigned char suffices for TZif files, so the only reason to increase
+   TZNAME_MAXIMUM is to support TZ strings specifying abbreviations
+   longer than 254 bytes.  There is little reason to do that, though,
+   as strings that long are hardly "abbreviations".  */
+#ifndef TZNAME_MAXIMUM
+# define TZNAME_MAXIMUM 254
+#endif
+
+#if TZNAME_MAXIMUM < UCHAR_MAX
+typedef unsigned char desigidx_type;
+#elif TZNAME_MAXIMUM < INT_MAX
+typedef int desigidx_type;
+#elif TZNAME_MAXIMUM < PTRDIFF_MAX
+typedef ptrdiff_t desigidx_type;
+#else
+# error "TZNAME_MAXIMUM too large"
+#endif
+
 struct ttinfo {				/* time type information */
-	int_fast32_t	tt_utoff;	/* UT offset in seconds */
+	int_least32_t	tt_utoff;	/* UT offset in seconds */
+	desigidx_type	tt_desigidx;	/* abbreviation list index */
 	bool		tt_isdst;	/* used to set tm_isdst */
-	int		tt_desigidx;	/* abbreviation list index */
 	bool		tt_ttisstd;	/* transition is std time */
 	bool		tt_ttisut;	/* transition is UT */
 };
@@ -126,12 +233,6 @@ static char const UNSPEC[] = "-00";
    for ttunspecified to work without crashing.  */
 enum { CHARS_EXTRA = max(sizeof UNSPEC, 2) - 1 };
 
-/* Limit to time zone abbreviation length in proleptic TZ strings.
-   This is distinct from TZ_MAX_CHARS, which limits TZif file contents.  */
-#ifndef TZNAME_MAXIMUM
-# define TZNAME_MAXIMUM 255
-#endif
-
 /* A representation of the contents of a TZif file.  Ideally this
    would have no size limits; the following sizes should suffice for
    practical use.  This struct should not be too large, as instances
@@ -166,12 +267,14 @@ struct rule {
 	int_fast32_t	r_time;		/* transition time of rule */
 };
 
+#ifdef __FreeBSD__
+static void tzset_unlocked_name(char const *);
+#endif /* __FreeBSD__ */
 static struct tm *gmtsub(struct state const *, time_t const *, int_fast32_t,
 			 struct tm *);
 static bool increment_overflow(int *, int);
 static bool increment_overflow_time(time_t *, int_fast32_t);
 static int_fast32_t leapcorr(struct state const *, time_t);
-static bool normalize_overflow32(int_fast32_t *, int *, int);
 static struct tm *timesub(time_t const *, int_fast32_t, struct state const *,
 			  struct tm *);
 static bool tzparse(char const *, struct state *, struct state const *);
@@ -192,9 +295,11 @@ static struct state *const gmtptr = &gmtmem;
 # define TZ_STRLEN_MAX 255
 #endif /* !defined TZ_STRLEN_MAX */
 
+#if !USE_TIMEX_T || !defined TM_GMTOFF
 static char		lcl_TZname[TZ_STRLEN_MAX + 1];
 static int		lcl_is_set;
-
+#endif
+#ifdef __FreeBSD__
 static pthread_once_t	gmt_once = PTHREAD_ONCE_INIT;
 static pthread_once_t	gmtime_once = PTHREAD_ONCE_INIT;
 static pthread_key_t	gmtime_key;
@@ -205,6 +310,7 @@ static int		offtime_key_error;
 static pthread_once_t	localtime_once = PTHREAD_ONCE_INIT;
 static pthread_key_t	localtime_key;
 static int		localtime_key_error;
+#endif /* __FreeBSD__ */
 
 /*
 ** Section 4.12.3 of X3.159-1989 requires that
@@ -218,27 +324,29 @@ static int		localtime_key_error;
 ** trigger latent bugs in programs.
 */
 
-#if SUPPORT_C89
+#if !USE_TIMEX_T
+
+# if SUPPORT_C89
 static struct tm	tm;
 #endif
 
-#if 2 <= HAVE_TZNAME + TZ_TIME_T
-char *			tzname[2] = {
-	(char *) wildabbr,
-	(char *) wildabbr
-};
-#endif
-#if 2 <= USG_COMPAT + TZ_TIME_T
+# if 2 <= HAVE_TZNAME + TZ_TIME_T
+char *tzname[2] = { UNCONST(wildabbr), UNCONST(wildabbr) };
+# endif
+# if 2 <= USG_COMPAT + TZ_TIME_T
 long			timezone;
 int			daylight;
-#endif
-#if 2 <= ALTZONE + TZ_TIME_T
+# endif
+# if 2 <= ALTZONE + TZ_TIME_T
 long			altzone;
+# endif
+
 #endif
 
 /* Initialize *S to a value based on UTOFF, ISDST, and DESIGIDX.  */
 static void
-init_ttinfo(struct ttinfo *s, int_fast32_t utoff, bool isdst, int desigidx)
+init_ttinfo(struct ttinfo *s, int_fast32_t utoff, bool isdst,
+	    desigidx_type desigidx)
 {
   s->tt_utoff = utoff;
   s->tt_isdst = isdst;
@@ -302,20 +410,22 @@ detzcode64(const char *const codep)
 	return result;
 }
 
+#if !USE_TIMEX_T || !defined TM_GMTOFF
+
 static void
 update_tzname_etc(struct state const *sp, struct ttinfo const *ttisp)
 {
-#if HAVE_TZNAME
-  tzname[ttisp->tt_isdst] = (char *) &sp->chars[ttisp->tt_desigidx];
-#endif
-#if USG_COMPAT
+# if HAVE_TZNAME
+  tzname[ttisp->tt_isdst] = UNCONST(&sp->chars[ttisp->tt_desigidx]);
+# endif
+# if USG_COMPAT
   if (!ttisp->tt_isdst)
     timezone = - ttisp->tt_utoff;
-#endif
-#if ALTZONE
+# endif
+# if ALTZONE
   if (ttisp->tt_isdst)
     altzone = - ttisp->tt_utoff;
-#endif
+# endif
 }
 
 /* If STDDST_MASK indicates that SP's TYPE provides useful info,
@@ -346,18 +456,18 @@ settzname(void)
 	   When STDDST_MASK becomes zero we can stop looking.  */
 	int stddst_mask = 0;
 
-#if HAVE_TZNAME
-	tzname[0] = tzname[1] = (char *) (sp ? wildabbr : utc);
+# if HAVE_TZNAME
+	tzname[0] = tzname[1] = UNCONST(sp ? wildabbr : utc);
 	stddst_mask = 3;
-#endif
-#if USG_COMPAT
+# endif
+# if USG_COMPAT
 	timezone = 0;
 	stddst_mask = 3;
-#endif
-#if ALTZONE
+# endif
+# if ALTZONE
 	altzone = 0;
 	stddst_mask |= 2;
-#endif
+# endif
 	/*
 	** And to get the latest time zone abbreviations into tzname. . .
 	*/
@@ -367,9 +477,9 @@ settzname(void)
 	  for (i = sp->typecnt - 1; stddst_mask && 0 <= i; i--)
 	    stddst_mask = may_update_tzname_etc(stddst_mask, sp, i);
 	}
-#if USG_COMPAT
+# if USG_COMPAT
 	daylight = stddst_mask >> 1 ^ 1;
-#endif
+# endif
 }
 
 /* Replace bogus characters in time zone abbreviations.
@@ -396,21 +506,24 @@ scrub_abbrs(struct state *sp)
 	return 0;
 }
 
+#endif
+
 #ifdef DETECT_TZ_CHANGES
 /*
- * Determine if there's a change in the timezone since the last time we checked.
+ * Check whether either the time zone name or the file it refers to has
+ * changed since the last time we checked.
  * Returns: -1 on error
- * 	     0 if the timezone has not changed
- *	     1 if the timezone has changed
+ * 	     0 if the time zone has not changed
+ *	     1 if the time zone has changed
  */
 static int
-change_in_tz(const char *name)
+tzfile_changed(const char *name, int fd)
 {
 	static char old_name[PATH_MAX];
 	static struct stat old_sb;
 	struct stat sb;
 
-	if (stat(name, &sb) != 0)
+	if (fstat(fd, &sb) != 0)
 		return -1;
 
 	if (strcmp(name, old_name) != 0) {
@@ -429,9 +542,7 @@ change_in_tz(const char *name)
 
 	return 0;
 }
-#else /* !DETECT_TZ_CHANGES */
-#define	change_in_tz(X)	1
-#endif /* !DETECT_TZ_CHANGES */
+#endif /* DETECT_TZ_CHANGES */
 
 /* Input buffer for data read from a compiled tz file.  */
 union input_buffer {
@@ -444,8 +555,10 @@ union input_buffer {
 	   + 4 * TZ_MAX_TIMES];
 };
 
+#ifndef __FreeBSD__
 /* TZDIR with a trailing '/' rather than a trailing '\0'.  */
 static char const tzdirslash[sizeof TZDIR] = TZDIR "/";
+#endif /* !__FreeBSD__ */
 
 /* Local storage needed for 'tzloadbody'.  */
 union local_storage {
@@ -458,6 +571,7 @@ union local_storage {
     struct state st;
   } u;
 
+#ifndef __FreeBSD__
   /* The name of the file to be opened.  Ideally this would have no
      size limits, to support arbitrarily long Zone names.
      Limiting Zone names to 1024 bytes should suffice for practical use.
@@ -465,19 +579,31 @@ union local_storage {
      file_analysis as that struct is allocated anyway, as the other
      union member.  */
   char fullname[max(sizeof(struct file_analysis), sizeof tzdirslash + 1024)];
+#endif /* !__FreeBSD__ */
 };
 
-/* Load tz data from the file named NAME into *SP.  Read extended
-   format if DOEXTEND.  Use *LSP for temporary storage.  Return 0 on
+/* These tzload flags can be ORed together, and fit into 'char'.  */
+enum { TZLOAD_FROMENV = 1 }; /* The TZ string came from the environment.  */
+enum { TZLOAD_TZSTRING = 2 }; /* Read any newline-surrounded TZ string.  */
+
+/* Load tz data from the file named NAME into *SP.  Respect TZLOADFLAGS.
+   Use *LSP for temporary storage.  Return 0 on
    success, an errno value on failure.  */
 static int
-tzloadbody(char const *name, struct state *sp, bool doextend,
+tzloadbody(char const *name, struct state *sp, char tzloadflags,
 	   union local_storage *lsp)
 {
 	register int			i;
 	register int			fid;
 	register int			stored;
 	register ssize_t		nread;
+#ifdef __FreeBSD__
+	struct stat sb;
+	const char *relname;
+	int dd, serrno;
+#else /* !__FreeBSD__ */
+	register bool doaccess;
+#endif /* !__FreeBSD__ */
 	register union input_buffer *up = &lsp->u.u;
 	register int tzheadsize = sizeof(struct tzhead);
 
@@ -487,11 +613,21 @@ tzloadbody(char const *name, struct state *sp, bool doextend,
 		name = TZDEFAULT;
 		if (! name)
 		  return EINVAL;
+		tzloadflags &= ~TZLOAD_FROMENV;
 	}
 
 	if (name[0] == ':')
 		++name;
-	if (name[0] != '/') {
+#ifndef __FreeBSD__
+#ifdef SUPPRESS_TZDIR
+	/* Do not prepend TZDIR.  This is intended for specialized
+	   applications only, due to its security implications.  */
+	doaccess = true;
+#else
+	doaccess = name[0] == '/';
+#endif
+	if (!doaccess) {
+		char const *dot;
 		if (sizeof lsp->fullname - sizeof tzdirslash <= strlen(name))
 		  return ENAMETOOLONG;
 
@@ -501,34 +637,101 @@ tzloadbody(char const *name, struct state *sp, bool doextend,
 		memcpy(lsp->fullname, tzdirslash, sizeof tzdirslash);
 		strcpy(lsp->fullname + sizeof tzdirslash, name);
 
+		/* Set doaccess if NAME contains a ".." file name
+		   component, as such a name could read a file outside
+		   the TZDIR virtual subtree.  */
+		for (dot = name; (dot = strchr(dot, '.')); dot++)
+		  if ((dot == name || dot[-1] == '/') && dot[1] == '.'
+		      && (dot[2] == '/' || !dot[2])) {
+		    doaccess = true;
+		    break;
+		  }
+
 		name = lsp->fullname;
 	}
-	if (doextend) {
-		/*
-		 * Detect if the timezone file has changed.  Check
-		 * 'doextend' to ignore TZDEFRULES; the change_in_tz()
-		 * function can only keep state for a single file.
-		 */
-		switch (change_in_tz(name)) {
-		case -1:
-			return errno;
-		case 0:
-			return 0;
-		case 1:
-			break;
-		}
+	if (doaccess && (tzloadflags & TZLOAD_FROMENV)) {
+	  /* Check for security violations and for devices whose mere
+	     opening could have unwanted side effects.  Although these
+	     checks are racy, they're better than nothing and there is
+	     no portable way to fix the races.  */
+	  if (access(name, R_OK) < 0)
+	    return errno;
+#ifdef S_ISREG
+	  {
+	    struct stat st;
+	    if (stat(name, &st) < 0)
+	      return errno;
+	    if (!S_ISREG(st.st_mode))
+	      return EINVAL;
+	  }
+#endif
+	}
+	fid = open(name, (O_RDONLY | O_BINARY | O_CLOEXEC | O_CLOFORK
+			  | O_IGNORE_CTTY | O_NOCTTY));
+#else /* __FreeBSD__ */
+	if ((tzloadflags & TZLOAD_FROMENV) && strcmp(name, TZDEFAULT) == 0)
+          tzloadflags &= ~TZLOAD_FROMENV;
+	relname = name;
+	if (strncmp(relname, TZDIR "/", strlen(TZDIR) + 1) == 0) {
+	  relname += strlen(TZDIR) + 1;
+	  while (*relname == '/')
+	    relname++;
+	}
+	dd = open(TZDIR, O_DIRECTORY | O_SEARCH | O_CLOEXEC);
+	if ((tzloadflags & TZLOAD_FROMENV) && issetugid()) {
+	  if (dd < 0)
+	    return errno;
+	  if (fstatat(dd, relname, &sb, AT_RESOLVE_BENEATH) < 0) {
+	    fid = -1;
+	  } else if (!S_ISREG(sb.st_mode)) {
+	    fid = -1;
+	    errno = EINVAL;
+	  } else {
+	    fid = openat(dd, relname, O_RDONLY | O_CLOEXEC | O_RESOLVE_BENEATH);
+	  }
+	} else {
+	  if (dd < 0) {
+	    relname = name;
+	    dd = AT_FDCWD;
+	  }
+	  fid = openat(dd, relname, O_RDONLY | O_CLOEXEC);
 	}
-	fid = _open(name, O_RDONLY | O_BINARY);
+	if (dd != AT_FDCWD && dd >= 0) {
+	  serrno = errno;
+	  close(dd);
+	  errno = serrno;
+	}
+#endif /* __FreeBSD__ */
 	if (fid < 0)
 	  return errno;
 
-	nread = _read(fid, up->buf, sizeof up->buf);
+#ifdef DETECT_TZ_CHANGES
+	if (tzloadflags) {
+	  /*
+	   * Detect if the timezone file has changed.  Check tzloadflags
+	   * to ignore TZDEFRULES; the tzfile_changed() function can only
+	   * keep state for a single file.
+	   */
+	  switch (tzfile_changed(name, fid)) {
+	  case -1:
+	    serrno = errno;
+	    close(fid);
+	    return serrno;
+	  case 0:
+	    close(fid);
+	    return 0;
+	  case 1:
+	    break;
+	  }
+	}
+#endif /* DETECT_TZ_CHANGES */
+	nread = read(fid, up->buf, sizeof up->buf);
 	if (nread < tzheadsize) {
 	  int err = nread < 0 ? errno : EINVAL;
-	  _close(fid);
+	  close(fid);
 	  return err;
 	}
-	if (_close(fid) < 0)
+	if (close(fid) < 0)
 	  return errno;
 	for (stored = 4; stored <= 8; stored *= 2) {
 	    char version = up->tzhead.tzh_version[0];
@@ -645,7 +848,7 @@ tzloadbody(char const *name, struct state *sp, bool doextend,
 		     correction must differ from the previous one's by 1
 		     second or less, except that the first correction can be
 		     any value; these requirements are more generous than
-		     RFC 8536, to allow future RFC extensions.  */
+		     RFC 9636, to allow future RFC extensions.  */
 		  if (! (i == 0
 			 || (prevcorr < corr
 			     ? corr == prevcorr + 1
@@ -696,7 +899,7 @@ tzloadbody(char const *name, struct state *sp, bool doextend,
 	    if (!version)
 	      break;
 	}
-	if (doextend && nread > 2 &&
+	if ((tzloadflags & TZLOAD_TZSTRING) && nread > 2 &&
 		up->buf[0] == '\n' && up->buf[nread - 1] == '\n' &&
 		sp->typecnt + 2 <= TZ_MAX_TYPES) {
 			struct state	*ts = &lsp->u.st;
@@ -771,23 +974,23 @@ tzloadbody(char const *name, struct state *sp, bool doextend,
 	return 0;
 }
 
-/* Load tz data from the file named NAME into *SP.  Read extended
-   format if DOEXTEND.  Return 0 on success, an errno value on failure.  */
+/* Load tz data from the file named NAME into *SP.  Respect TZLOADFLAGS.
+   Return 0 on success, an errno value on failure.  */
 static int
-tzload(char const *name, struct state *sp, bool doextend)
+tzload(char const *name, struct state *sp, char tzloadflags)
 {
 #ifdef ALL_STATE
   union local_storage *lsp = malloc(sizeof *lsp);
   if (!lsp) {
     return HAVE_MALLOC_ERRNO ? errno : ENOMEM;
   } else {
-    int err = tzloadbody(name, sp, doextend, lsp);
+    int err = tzloadbody(name, sp, tzloadflags, lsp);
     free(lsp);
     return err;
   }
 #else
   union local_storage ls;
-  return tzloadbody(name, sp, doextend, &ls);
+  return tzloadbody(name, sp, tzloadflags, &ls);
 #endif
 }
 
@@ -1128,7 +1331,7 @@ tzparse(const char *name, struct state *sp, struct state const *basep)
 	  sp->leapcnt = basep->leapcnt;
 	  memcpy(sp->lsis, basep->lsis, sp->leapcnt * sizeof *sp->lsis);
 	} else {
-	  load_ok = tzload(TZDEFRULES, sp, false) == 0;
+	  load_ok = tzload(TZDEFRULES, sp, 0) == 0;
 	  if (!load_ok)
 	    sp->leapcnt = 0;	/* So, we're off a little.  */
 	}
@@ -1365,13 +1568,16 @@ tzparse(const char *name, struct state *sp, struct state const *basep)
 static void
 gmtload(struct state *const sp)
 {
-	if (tzload(etc_utc, sp, true) != 0)
+	if (tzload(etc_utc, sp, TZLOAD_TZSTRING) != 0)
 	  tzparse("UTC0", sp, NULL);
 }
 
 #ifdef DETECT_TZ_CHANGES
+/*
+ * Check if the time zone data we have is still fresh.
+ */
 static int
-recheck_tzdata()
+tzdata_is_fresh(void)
 {
 	static time_t last_checked;
 	struct timespec now;
@@ -1387,14 +1593,15 @@ recheck_tzdata()
 
 	return 0;
 }
-#else /* !DETECT_TZ_CHANGES */
-#define	recheck_tzdata()	0
-#endif /* !DETECT_TZ_CHANGES */
+#endif /* DETECT_TZ_CHANGES */
+
+#if !USE_TIMEX_T || !defined TM_GMTOFF
 
 /* Initialize *SP to a value appropriate for the TZ setting NAME.
+   Respect TZLOADFLAGS.
    Return 0 on success, an errno value on failure.  */
 static int
-zoneinit(struct state *sp, char const *name)
+zoneinit(struct state *sp, char const *name, char tzloadflags)
 {
   if (name && ! name[0]) {
     /*
@@ -1409,7 +1616,7 @@ zoneinit(struct state *sp, char const *name)
     strcpy(sp->chars, utc);
     return 0;
   } else {
-    int err = tzload(name, sp, true);
+    int err = tzload(name, sp, tzloadflags);
     if (err != 0 && name && name[0] != ':' && tzparse(name, sp, NULL))
       err = 0;
     if (err == 0)
@@ -1419,22 +1626,38 @@ zoneinit(struct state *sp, char const *name)
 }
 
 static void
+tzset_unlocked(void)
+{
+  char const *name = getenv("TZ");
+#ifdef __FreeBSD__
+  tzset_unlocked_name(name);
+}
+static void
 tzset_unlocked_name(char const *name)
 {
+#endif
   struct state *sp = lclptr;
   int lcl = name ? strlen(name) < sizeof lcl_TZname : -1;
   if (lcl < 0
       ? lcl_is_set < 0
       : 0 < lcl_is_set && strcmp(lcl_TZname, name) == 0)
-    if (recheck_tzdata() == 0)
-      return;
-#ifdef ALL_STATE
+#ifdef DETECT_TZ_CHANGES
+    if (tzdata_is_fresh() == 0)
+#endif /* DETECT_TZ_CHANGES */
+    return;
+# ifdef ALL_STATE
   if (! sp)
     lclptr = sp = malloc(sizeof *lclptr);
-#endif /* defined ALL_STATE */
+# endif
   if (sp) {
-    if (zoneinit(sp, name) != 0)
-      zoneinit(sp, "");
+    int err = zoneinit(sp, name, TZLOAD_FROMENV | TZLOAD_TZSTRING);
+    if (err != 0) {
+      zoneinit(sp, "", 0);
+      /* Abbreviate with "-00" if there was an error.
+	 Do not treat a missing TZDEFAULT file as an error.  */
+      if (name || err != ENOENT)
+	strcpy(sp->chars, UNSPEC);
+    }
     if (0 < lcl)
       strcpy(lcl_TZname, name);
   }
@@ -1442,12 +1665,9 @@ tzset_unlocked_name(char const *name)
   lcl_is_set = lcl;
 }
 
-static void
-tzset_unlocked(void)
-{
-  tzset_unlocked_name(getenv("TZ"));
-}
+#endif
 
+#if !USE_TIMEX_T
 void
 tzset(void)
 {
@@ -1456,7 +1676,9 @@ tzset(void)
   tzset_unlocked();
   unlock();
 }
+#endif
 
+#ifdef __FreeBSD__
 void
 freebsd13_tzsetwall(void)
 {
@@ -1468,7 +1690,7 @@ freebsd13_tzsetwall(void)
 __sym_compat(tzsetwall, freebsd13_tzsetwall, FBSD_1.0);
 __warn_references(tzsetwall,
     "warning: tzsetwall() is deprecated, use tzset() instead.");
-
+#endif /* __FreeBSD__ */
 static void
 gmtcheck(void)
 {
@@ -1485,15 +1707,18 @@ gmtcheck(void)
   }
   unlock();
 }
+#ifdef __FreeBSD__
+#define gmtcheck() _once(&gmt_once, gmtcheck)
+#endif
 
-#if NETBSD_INSPIRED
+#if NETBSD_INSPIRED && !USE_TIMEX_T
 
 timezone_t
 tzalloc(char const *name)
 {
   timezone_t sp = malloc(sizeof *sp);
   if (sp) {
-    int err = zoneinit(sp, name);
+    int err = zoneinit(sp, name, TZLOAD_TZSTRING);
     if (err != 0) {
       free(sp);
       errno = err;
@@ -1522,6 +1747,8 @@ tzfree(timezone_t sp)
 
 #endif
 
+#if !USE_TIMEX_T || !defined TM_GMTOFF
+
 /*
 ** The easy way to behave "as if no library function calls" localtime
 ** is to not call it, so we drop its guts into "localsub", which can be
@@ -1576,14 +1803,14 @@ localsub(struct state const *sp, time_t const *timep, int_fast32_t setname,
 					return NULL;	/* "cannot happen" */
 			result = localsub(sp, &newt, setname, tmp);
 			if (result) {
-#if defined ckd_add && defined ckd_sub
+# if defined ckd_add && defined ckd_sub
 				if (t < sp->ats[0]
 				    ? ckd_sub(&result->tm_year,
 					      result->tm_year, years)
 				    : ckd_add(&result->tm_year,
 					      result->tm_year, years))
 				  return NULL;
-#else
+# else
 				register int_fast64_t newy;
 
 				newy = result->tm_year;
@@ -1593,7 +1820,7 @@ localsub(struct state const *sp, time_t const *timep, int_fast32_t setname,
 				if (! (INT_MIN <= newy && newy <= INT_MAX))
 					return NULL;
 				result->tm_year = newy;
-#endif
+# endif
 			}
 			return result;
 	}
@@ -1622,25 +1849,26 @@ localsub(struct state const *sp, time_t const *timep, int_fast32_t setname,
 	result = timesub(&t, ttisp->tt_utoff, sp, tmp);
 	if (result) {
 	  result->tm_isdst = ttisp->tt_isdst;
-#ifdef TM_ZONE
-	  result->TM_ZONE = (char *) &sp->chars[ttisp->tt_desigidx];
-#endif /* defined TM_ZONE */
+# ifdef TM_ZONE
+	  result->TM_ZONE = UNCONST(&sp->chars[ttisp->tt_desigidx]);
+# endif
 	  if (setname)
 	    update_tzname_etc(sp, ttisp);
 	}
 	return result;
 }
+#endif
 
-#if NETBSD_INSPIRED
+#if !USE_TIMEX_T
 
+# if NETBSD_INSPIRED
 struct tm *
 localtime_rz(struct state *restrict sp, time_t const *restrict timep,
 	     struct tm *restrict tmp)
 {
   return localsub(sp, timep, 0, tmp);
 }
-
-#endif
+# endif
 
 static struct tm *
 localtime_tzset(time_t const *timep, struct tm *tmp, bool setname)
@@ -1652,45 +1880,47 @@ localtime_tzset(time_t const *timep, struct tm *tmp, bool setname)
   }
 #ifndef DETECT_TZ_CHANGES
   if (setname || !lcl_is_set)
-#endif
+#endif /* DETECT_TZ_CHANGES */
     tzset_unlocked();
   tmp = localsub(lclptr, timep, setname, tmp);
   unlock();
   return tmp;
 }
 
+#ifdef __FreeBSD__
 static void
 localtime_key_init(void)
 {
-
-	localtime_key_error = _pthread_key_create(&localtime_key, free);
+  localtime_key_error = pthread_key_create(&localtime_key, free);
 }
-
+#endif /* __FreeBSD__ */
 struct tm *
 localtime(const time_t *timep)
 {
-#if !SUPPORT_C89
-	static struct tm tm;
-#endif
-	struct tm *p_tm = &tm;
-
-	if (__isthreaded != 0) {
-		_pthread_once(&localtime_once, localtime_key_init);
-		if (localtime_key_error != 0) {
-			errno = localtime_key_error;
-			return (NULL);
-		}
-		if ((p_tm = _pthread_getspecific(localtime_key)) == NULL) {
-			if ((p_tm = malloc(sizeof(*p_tm))) == NULL) {
-				return (NULL);
-			}
-			if (_pthread_setspecific(localtime_key, p_tm) != 0) {
-				free(p_tm);
-				return (NULL);
-			}
-		}
-	}
-	return localtime_tzset(timep, p_tm, true);
+# if !SUPPORT_C89
+  static struct tm tm;
+# endif
+#ifdef __FreeBSD__
+  struct tm *p_tm = &tm;
+
+  if (__isthreaded != 0) {
+    pthread_once(&localtime_once, localtime_key_init);
+    if (localtime_key_error != 0) {
+      errno = localtime_key_error;
+      return (NULL);
+    }
+    if ((p_tm = pthread_getspecific(localtime_key)) == NULL) {
+      if ((p_tm = malloc(sizeof(*p_tm))) == NULL) {
+	return (NULL);
+      }
+      if (pthread_setspecific(localtime_key, p_tm) != 0) {
+	free(p_tm);
+	return (NULL);
+      }
+    }
+  }
+#endif /* __FreeBSD__ */
+  return localtime_tzset(timep, p_tm, true);
 }
 
 struct tm *
@@ -1698,6 +1928,7 @@ localtime_r(const time_t *restrict timep, struct tm *restrict tmp)
 {
   return localtime_tzset(timep, tmp, false);
 }
+#endif
 
 /*
 ** gmtsub is to gmtime as localsub is to localtime.
@@ -1716,12 +1947,14 @@ gmtsub(ATTRIBUTE_MAYBE_UNUSED struct state const *sp, time_t const *timep,
 	** "+xx" or "-xx" if offset is non-zero,
 	** but this is no time for a treasure hunt.
 	*/
-	tmp->TM_ZONE = ((char *)
-			(offset ? wildabbr : gmtptr ? gmtptr->chars : utc));
+	tmp->TM_ZONE = UNCONST(offset ? wildabbr
+			       : gmtptr ? gmtptr->chars : utc);
 #endif /* defined TM_ZONE */
 	return result;
 }
 
+#if !USE_TIMEX_T
+
 /*
 * Re-entrant version of gmtime.
 */
@@ -1729,45 +1962,47 @@ gmtsub(ATTRIBUTE_MAYBE_UNUSED struct state const *sp, time_t const *timep,
 struct tm *
 gmtime_r(time_t const *restrict timep, struct tm *restrict tmp)
 {
-	_once(&gmt_once, gmtcheck);
-	return gmtsub(gmtptr, timep, 0, tmp);
+  gmtcheck();
+  return gmtsub(gmtptr, timep, 0, tmp);
 }
 
+#ifdef __FreeBSD__
 static void
 gmtime_key_init(void)
 {
-
-	gmtime_key_error = _pthread_key_create(&gmtime_key, free);
+  gmtime_key_error = pthread_key_create(&gmtime_key, free);
 }
-
+#endif /* __FreeBSD__ */
 struct tm *
 gmtime(const time_t *timep)
 {
-#if !SUPPORT_C89
-	static struct tm tm;
-#endif
-	struct tm *p_tm = &tm;
-
-	if (__isthreaded != 0) {
-		_pthread_once(&gmtime_once, gmtime_key_init);
-		if (gmtime_key_error != 0) {
-			errno = gmtime_key_error;
-			return (NULL);
-		}
-		if ((p_tm = _pthread_getspecific(gmtime_key)) == NULL) {
-			if ((p_tm = malloc(sizeof(*p_tm))) == NULL) {
-				return (NULL);
-			}
-			if (_pthread_setspecific(gmtime_key, p_tm) != 0) {
-				free(p_tm);
-				return (NULL);
-			}
-		}
-	}
-	return gmtime_r(timep, p_tm);
+# if !SUPPORT_C89
+  static struct tm tm;
+# endif
+#ifdef __FreeBSD__
+  struct tm *p_tm = &tm;
+
+  if (__isthreaded != 0) {
+    pthread_once(&gmtime_once, gmtime_key_init);
+    if (gmtime_key_error != 0) {
+      errno = gmtime_key_error;
+      return (NULL);
+    }
+    if ((p_tm = pthread_getspecific(gmtime_key)) == NULL) {
+      if ((p_tm = malloc(sizeof(*p_tm))) == NULL) {
+	return (NULL);
+      }
+      if (pthread_setspecific(gmtime_key, p_tm) != 0) {
+	free(p_tm);
+	return (NULL);
+      }
+    }
+  }
+#endif /* __FreeBSD__ */
+  return gmtime_r(timep, p_tm);
 }
 
-#if STD_INSPIRED
+# if STD_INSPIRED
 
 /* This function is obsolescent and may disappear in future releases.
    Callers can instead use localtime_rz with a fixed-offset zone.  */
@@ -1775,44 +2010,47 @@ gmtime(const time_t *timep)
 struct tm *
 offtime_r(time_t const *restrict timep, long offset, struct tm *restrict tmp)
 {
-	_once(&gmt_once, gmtcheck);
-	return gmtsub(gmtptr, timep, offset, tmp);
+  gmtcheck();
+  return gmtsub(gmtptr, timep, offset, tmp);
 }
 
+#ifdef __FreeBSD__
 static void
 offtime_key_init(void)
 {
-
-	offtime_key_error = _pthread_key_create(&offtime_key, free);
+  offtime_key_error = pthread_key_create(&offtime_key, free);
 }
-
+#endif /* __FreeBSD__ */
 struct tm *
-offtime(const time_t *timep, long offset)
-{
-#if !SUPPORT_C89
-	static struct tm tm;
+offtime(time_t const *timep, long offset)
+{
+#  if !SUPPORT_C89
+  static struct tm tm;
+#  endif
+#ifdef __FreeBSD__
+  struct tm *p_tm = &tm;
+
+  if (__isthreaded != 0) {
+    pthread_once(&offtime_once, offtime_key_init);
+    if (offtime_key_error != 0) {
+      errno = offtime_key_error;
+      return (NULL);
+    }
+    if ((p_tm = pthread_getspecific(offtime_key)) == NULL) {
+      if ((p_tm = malloc(sizeof(*p_tm))) == NULL) {
+	return (NULL);
+      }
+      if (pthread_setspecific(offtime_key, p_tm) != 0) {
+	free(p_tm);
+	return (NULL);
+      }
+    }
+  }
 #endif
-	struct tm *p_tm = &tm;
-
-	if (__isthreaded != 0) {
-		_pthread_once(&offtime_once, offtime_key_init);
-		if (offtime_key_error != 0) {
-			errno = offtime_key_error;
-			return (NULL);
-		}
-		if ((p_tm = _pthread_getspecific(offtime_key)) == NULL) {
-			if ((p_tm = malloc(sizeof(*p_tm))) == NULL) {
-				return (NULL);
-			}
-			if (_pthread_setspecific(offtime_key, p_tm) != 0) {
-				free(p_tm);
-				return (NULL);
-			}
-		}
-	}
-	return offtime_r(timep, offset, p_tm);
+  return offtime_r(timep, offset, p_tm);
 }
 
+# endif
 #endif
 
 /*
@@ -1871,7 +2109,7 @@ timesub(const time_t *timep, int_fast32_t offset,
 	dayoff = offset / SECSPERDAY - corr / SECSPERDAY + rem / SECSPERDAY - 3;
 	rem %= SECSPERDAY;
 	/* y = (EPOCH_YEAR
-	        + floor((tdays + dayoff) / DAYSPERREPEAT) * YEARSPERREPEAT),
+		+ floor((tdays + dayoff) / DAYSPERREPEAT) * YEARSPERREPEAT),
 	   sans overflow.  But calculate against 1570 (EPOCH_YEAR -
 	   YEARSPERREPEAT) instead of against 1970 so that things work
 	   for localtime values before 1970 when time_t is unsigned.  */
@@ -1988,17 +2226,17 @@ increment_overflow(int *ip, int j)
 }
 
 static bool
-increment_overflow32(int_fast32_t *const lp, int const m)
+increment_overflow_time_iinntt(time_t *tp, iinntt j)
 {
 #ifdef ckd_add
-	return ckd_add(lp, *lp, m);
+  return ckd_add(tp, *tp, j);
 #else
-	register int_fast32_t const	l = *lp;
-
-	if ((l >= 0) ? (m > INT_FAST32_MAX - l) : (m < INT_FAST32_MIN - l))
-		return true;
-	*lp += m;
-	return false;
+  if (j < 0
+      ? (TYPE_SIGNED(time_t) ? *tp < TIME_T_MIN - j : *tp <= -1 - j)
+      : TIME_T_MAX - j < *tp)
+    return true;
+  *tp += j;
+  return false;
 #endif
 }
 
@@ -2022,30 +2260,6 @@ increment_overflow_time(time_t *tp, int_fast32_t j)
 #endif
 }
 
-static bool
-normalize_overflow(int *const tensptr, int *const unitsptr, const int base)
-{
-	register int	tensdelta;
-
-	tensdelta = (*unitsptr >= 0) ?
-		(*unitsptr / base) :
-		(-1 - (-1 - *unitsptr) / base);
-	*unitsptr -= tensdelta * base;
-	return increment_overflow(tensptr, tensdelta);
-}
-
-static bool
-normalize_overflow32(int_fast32_t *tensptr, int *unitsptr, int base)
-{
-	register int	tensdelta;
-
-	tensdelta = (*unitsptr >= 0) ?
-		(*unitsptr / base) :
-		(-1 - (-1 - *unitsptr) / base);
-	*unitsptr -= tensdelta * base;
-	return increment_overflow32(tensptr, tensdelta);
-}
-
 static int
 tmcomp(register const struct tm *const atmp,
        register const struct tm *const btmp)
@@ -2090,11 +2304,9 @@ time2sub(struct tm *const tmp,
 {
 	register int			dir;
 	register int			i, j;
-	register int			saved_seconds;
-	register int_fast32_t		li;
 	register time_t			lo;
 	register time_t			hi;
-	int_fast32_t			y;
+	iinntt y, mday, hour, min, saved_seconds;
 	time_t				newt;
 	time_t				t;
 	struct tm			yourtm, mytm;
@@ -2102,36 +2314,57 @@ time2sub(struct tm *const tmp,
 	*okayp = false;
 	mktmcpy(&yourtm, tmp);
 
+	min = yourtm.tm_min;
 	if (do_norm_secs) {
-		if (normalize_overflow(&yourtm.tm_min, &yourtm.tm_sec,
-			SECSPERMIN))
-				return WRONG;
+	  min += yourtm.tm_sec / SECSPERMIN;
+	  yourtm.tm_sec %= SECSPERMIN;
+	  if (yourtm.tm_sec < 0) {
+	    yourtm.tm_sec += SECSPERMIN;
+	    min--;
+	  }
 	}
-	if (normalize_overflow(&yourtm.tm_hour, &yourtm.tm_min, MINSPERHOUR))
-		return WRONG;
-	if (normalize_overflow(&yourtm.tm_mday, &yourtm.tm_hour, HOURSPERDAY))
-		return WRONG;
+
+	hour = yourtm.tm_hour;
+	hour += min / MINSPERHOUR;
+	yourtm.tm_min = min % MINSPERHOUR;
+	if (yourtm.tm_min < 0) {
+	  yourtm.tm_min += MINSPERHOUR;
+	  hour--;
+	}
+
+	mday = yourtm.tm_mday;
+	mday += hour / HOURSPERDAY;
+	yourtm.tm_hour = hour % HOURSPERDAY;
+	if (yourtm.tm_hour < 0) {
+	  yourtm.tm_hour += HOURSPERDAY;
+	  mday--;
+	}
+
 	y = yourtm.tm_year;
-	if (normalize_overflow32(&y, &yourtm.tm_mon, MONSPERYEAR))
-		return WRONG;
+	y += yourtm.tm_mon / MONSPERYEAR;
+	yourtm.tm_mon %= MONSPERYEAR;
+	if (yourtm.tm_mon < 0) {
+	  yourtm.tm_mon += MONSPERYEAR;
+	  y--;
+	}
+
 	/*
 	** Turn y into an actual year number for now.
 	** It is converted back to an offset from TM_YEAR_BASE later.
 	*/
-	if (increment_overflow32(&y, TM_YEAR_BASE))
-		return WRONG;
-	while (yourtm.tm_mday <= 0) {
-		if (increment_overflow32(&y, -1))
-			return WRONG;
-		li = y + (1 < yourtm.tm_mon);
-		yourtm.tm_mday += year_lengths[isleap(li)];
+	y += TM_YEAR_BASE;
+
+	while (mday <= 0) {
+	  iinntt li = y - (yourtm.tm_mon <= 1);
+	  mday += year_lengths[isleap(li)];
+	  y--;
 	}
-	while (yourtm.tm_mday > DAYSPERLYEAR) {
-		li = y + (1 < yourtm.tm_mon);
-		yourtm.tm_mday -= year_lengths[isleap(li)];
-		if (increment_overflow32(&y, 1))
-			return WRONG;
+	while (DAYSPERLYEAR < mday) {
+	  iinntt li = y + (1 < yourtm.tm_mon);
+	  mday -= year_lengths[isleap(li)];
+	  y++;
 	}
+	yourtm.tm_mday = mday;
 	for ( ; ; ) {
 		i = mon_lengths[isleap(y)][yourtm.tm_mon];
 		if (yourtm.tm_mday <= i)
@@ -2139,16 +2372,14 @@ time2sub(struct tm *const tmp,
 		yourtm.tm_mday -= i;
 		if (++yourtm.tm_mon >= MONSPERYEAR) {
 			yourtm.tm_mon = 0;
-			if (increment_overflow32(&y, 1))
-				return WRONG;
+			y++;
 		}
 	}
 #ifdef ckd_add
 	if (ckd_add(&yourtm.tm_year, y, -TM_YEAR_BASE))
 	  return WRONG;
 #else
-	if (increment_overflow32(&y, -TM_YEAR_BASE))
-		return WRONG;
+	y -= TM_YEAR_BASE;
 	if (! (INT_MIN <= y && y <= INT_MAX))
 		return WRONG;
 	yourtm.tm_year = y;
@@ -2164,9 +2395,8 @@ time2sub(struct tm *const tmp,
 		** not in the same minute that a leap second was deleted from,
 		** which is a safer assumption than using 58 would be.
 		*/
-		if (increment_overflow(&yourtm.tm_sec, 1 - SECSPERMIN))
-			return WRONG;
 		saved_seconds = yourtm.tm_sec;
+		saved_seconds -= SECSPERMIN - 1;
 		yourtm.tm_sec = SECSPERMIN - 1;
 	} else {
 		saved_seconds = yourtm.tm_sec;
@@ -2275,10 +2505,8 @@ time2sub(struct tm *const tmp,
 		return WRONG;
 	}
 label:
-	newt = t + saved_seconds;
-	if ((newt < t) != (saved_seconds < 0))
+	if (increment_overflow_time_iinntt(&t, saved_seconds))
 		return WRONG;
-	t = newt;
 	if (funcp(sp, &t, offset, tmp))
 		*okayp = true;
 	return t;
@@ -2323,7 +2551,6 @@ time1(struct tm *const tmp,
 		errno = EINVAL;
 		return WRONG;
 	}
-
 	if (tmp->tm_isdst > 1)
 		tmp->tm_isdst = 1;
 	t = time2(tmp, funcp, sp, offset, &okay);
@@ -2376,27 +2603,22 @@ time1(struct tm *const tmp,
 	return WRONG;
 }
 
+#if !defined TM_GMTOFF || !USE_TIMEX_T
+
 static time_t
 mktime_tzname(struct state *sp, struct tm *tmp, bool setname)
 {
   if (sp)
     return time1(tmp, localsub, sp, setname);
   else {
-    _once(&gmt_once, gmtcheck);
+    gmtcheck();
     return time1(tmp, gmtsub, gmtptr, 0);
   }
 }
 
-#if NETBSD_INSPIRED
-
-time_t
-mktime_z(struct state *restrict sp, struct tm *restrict tmp)
-{
-  return mktime_tzname(sp, tmp, false);
-}
-
-#endif
-
+# if USE_TIMEX_T
+static
+# endif
 time_t
 mktime(struct tm *tmp)
 {
@@ -2412,7 +2634,17 @@ mktime(struct tm *tmp)
   return t;
 }
 
-#if STD_INSPIRED
+#endif
+
+#if NETBSD_INSPIRED && !USE_TIMEX_T
+time_t
+mktime_z(struct state *restrict sp, struct tm *restrict tmp)
+{
+  return mktime_tzname(sp, tmp, false);
+}
+#endif
+
+#if STD_INSPIRED && !USE_TIMEX_T
 /* This function is obsolescent and may disappear in future releases.
    Callers can instead use mktime.  */
 time_t
@@ -2424,12 +2656,14 @@ timelocal(struct tm *tmp)
 }
 #endif
 
-#ifndef EXTERN_TIMEOFF
-# ifndef timeoff
-#  define timeoff my_timeoff /* Don't collide with OpenBSD 7.4 <time.h>.  */
+#if defined TM_GMTOFF || !USE_TIMEX_T
+
+# ifndef EXTERN_TIMEOFF
+#  ifndef timeoff
+#   define timeoff my_timeoff /* Don't collide with OpenBSD 7.4 <time.h>.  */
+#  endif
+#  define EXTERN_TIMEOFF static
 # endif
-# define EXTERN_TIMEOFF static
-#endif
 
 /* This function is obsolescent and may disappear in future releases.
    Callers can instead use mktime_z with a fixed-offset zone.  */
@@ -2438,10 +2672,12 @@ timeoff(struct tm *tmp, long offset)
 {
   if (tmp)
     tmp->tm_isdst = 0;
-  _once(&gmt_once, gmtcheck);
+  gmtcheck();
   return time1(tmp, gmtsub, gmtptr, offset);
 }
+#endif
 
+#if !USE_TIMEX_T
 time_t
 timegm(struct tm *tmp)
 {
@@ -2454,6 +2690,7 @@ timegm(struct tm *tmp)
     *tmp = tmcpy;
   return t;
 }
+#endif
 
 static int_fast32_t
 leapcorr(struct state const *sp, time_t t)
@@ -2474,15 +2711,16 @@ leapcorr(struct state const *sp, time_t t)
 ** XXX--is the below the right way to conditionalize??
 */
 
-#if STD_INSPIRED
+#if !USE_TIMEX_T
+# if STD_INSPIRED
 
 /* NETBSD_INSPIRED_EXTERN functions are exported to callers if
    NETBSD_INSPIRED is defined, and are private otherwise.  */
-# if NETBSD_INSPIRED
-#  define NETBSD_INSPIRED_EXTERN
-# else
-#  define NETBSD_INSPIRED_EXTERN static
-# endif
+#  if NETBSD_INSPIRED
+#   define NETBSD_INSPIRED_EXTERN
+#  else
+#   define NETBSD_INSPIRED_EXTERN static
+#  endif
 
 /*
 ** IEEE Std 1003.1 (POSIX) says that 536457599
@@ -2508,7 +2746,7 @@ time2posix(time_t t)
   }
 #ifndef DETECT_TZ_CHANGES
   if (!lcl_is_set)
-#endif
+#endif /* DETECT_TZ_CHANGES */
     tzset_unlocked();
   if (lclptr)
     t = time2posix_z(lclptr, t);
@@ -2555,7 +2793,7 @@ posix2time(time_t t)
   }
 #ifndef DETECT_TZ_CHANGES
   if (!lcl_is_set)
-#endif
+#endif /* DETECT_TZ_CHANGES */
     tzset_unlocked();
   if (lclptr)
     t = posix2time_z(lclptr, t);
@@ -2563,17 +2801,13 @@ posix2time(time_t t)
   return t;
 }
 
-#endif /* STD_INSPIRED */
+# endif /* STD_INSPIRED */
 
-#if TZ_TIME_T
+# if TZ_TIME_T
 
-# if !USG_COMPAT
-#  define daylight 0
-#  define timezone 0
-# endif
-# if !ALTZONE
-#  define altzone 0
-# endif
+#  if !USG_COMPAT
+#   define timezone 0
+#  endif
 
 /* Convert from the underlying system's time_t to the ersatz time_tz,
    which is called 'time_t' in this file.  Typically, this merely
@@ -2591,9 +2825,9 @@ time(time_t *p)
 {
   time_t r = sys_time(0);
   if (r != (time_t) -1) {
-    int_fast32_t offset = EPOCH_LOCAL ? (daylight ? timezone : altzone) : 0;
-    if (increment_overflow32(&offset, -EPOCH_OFFSET)
-	|| increment_overflow_time(&r, offset)) {
+    iinntt offset = EPOCH_LOCAL ? timezone : 0;
+    if (offset < IINNTT_MIN + EPOCH_OFFSET
+	|| increment_overflow_time_iinntt(&r, offset - EPOCH_OFFSET)) {
       errno = EOVERFLOW;
       r = -1;
     }
@@ -2603,4 +2837,5 @@ time(time_t *p)
   return r;
 }
 
+# endif
 #endif
diff --git a/contrib/tzcode/newctime.3 b/contrib/tzcode/newctime.3
index d19fd25b7926..9d09e5a55bd9 100644
--- a/contrib/tzcode/newctime.3
+++ b/contrib/tzcode/newctime.3
@@ -5,43 +5,34 @@
 asctime, ctime, difftime, gmtime, localtime, mktime \- convert date and time
 .SH SYNOPSIS
 .nf
-.ie \n(.g .ds - \f(CR-\fP
-.el .ds - \-
 .B #include <time.h>
 .PP
-.B [[deprecated]] char *ctime(time_t const *clock);
-.PP
-/* Only in POSIX.1-2017 and earlier.  */
-.B char *ctime_r(time_t const *clock, char *buf);
-.PP
-.B double difftime(time_t time1, time_t time0);
-.PP
-.B [[deprecated]] char *asctime(struct tm const *tm);
-.PP
-/* Only in POSIX.1-2017 and earlier.  */
-.B "char *asctime_r(struct tm const *restrict tm,"
-.B "    char *restrict result);"
-.PP
 .B struct tm *localtime(time_t const *clock);
-.PP
 .B "struct tm *localtime_r(time_t const *restrict clock,"
 .B "    struct tm *restrict result);"
-.PP
 .B "struct tm *localtime_rz(timezone_t restrict zone,"
 .B "    time_t const *restrict clock,"
 .B "    struct tm *restrict result);"
 .PP
 .B struct tm *gmtime(time_t const *clock);
-.PP
 .B "struct tm *gmtime_r(time_t const *restrict clock,"
 .B "    struct tm *restrict result);"
 .PP
 .B time_t mktime(struct tm *tm);
-.PP
 .B "time_t mktime_z(timezone_t restrict zone,"
 .B "    struct tm *restrict tm);"
 .PP
-.B cc ... \*-ltz
+.B double difftime(time_t time1, time_t time0);
+.PP
+.B [[deprecated]] char *asctime(struct tm const *tm);
+.B [[deprecated]] char *ctime(time_t const *clock);
+.PP
+/* Only in POSIX.1-2017 and earlier.  */
+.B char *ctime_r(time_t const *clock, char *buf);
+.B "char *asctime_r(struct tm const *restrict tm,"
+.B "    char *restrict result);"
+.PP
+.B cc ... \-ltz
 .fi
 .SH DESCRIPTION
 .ie '\(en'' .ds en \-
@@ -54,82 +45,37 @@ asctime, ctime, difftime, gmtime, localtime, mktime \- convert date and time
 \\$3\*(lq\\$1\*(rq\\$2
 ..
 The
-.B ctime
-function
-converts a long integer, pointed to by
-.IR clock ,
-and returns a pointer to a
-string of the form
-.br
-.ce
-.eo
-Thu Nov 24 18:22:48 1986\n\0
-.br
-.ec
-Years requiring fewer than four characters are padded with leading zeroes.
-For years longer than four characters, the string is of the form
-.br
-.ce
-.eo
-Thu Nov 24 18:22:48     81986\n\0
-.ec
-.br
-with five spaces before the year.
-These unusual formats are designed to make it less likely that older
-software that expects exactly 26 bytes of output will mistakenly output
-misleading values for out-of-range years.
-.PP
-The
-.BI * clock
-timestamp represents the time in seconds since 1970-01-01 00:00:00
-Coordinated Universal Time (UTC).
-The POSIX standard says that timestamps must be nonnegative
-and must ignore leap seconds.
-Many implementations extend POSIX by allowing negative timestamps,
-and can therefore represent timestamps that predate the
-introduction of UTC and are some other flavor of Universal Time (UT).
-Some implementations support leap seconds, in contradiction to POSIX.
-.PP
-The
-.B ctime
-function is deprecated starting in C23.
-Callers can use
-.B localtime_r
-and
-.B strftime
-instead.
-.PP
-The
 .B localtime
 and
 .B gmtime
 functions
+convert an integer, pointed to by
+.IR clock ,
+and
 return pointers to
 .q "tm"
 structures, described below.
+If the integer is out of range for conversion,
+these functions return a null pointer.
 The
 .B localtime
 function
 corrects for the time zone and any time zone adjustments
 (such as Daylight Saving Time in the United States).
-.PP
 The
 .B gmtime
-function
-converts to Coordinated Universal Time.
+function converts to Coordinated Universal Time.
 .PP
 The
-.B asctime
-function
-converts a time value contained in a
-.q "tm"
-structure to a string,
-as shown in the above example,
-and returns a pointer to the string.
-This function is deprecated starting in C23.
-Callers can use
-.B strftime
-instead.
+.BI * clock
+timestamp represents the time in seconds since 1970-01-01 00:00:00
+Coordinated Universal Time (UTC).
+The POSIX standard says that timestamps must be nonnegative
+and must ignore leap seconds.
+Many implementations extend POSIX by allowing negative timestamps,
+and can therefore represent timestamps that predate the
+introduction of UTC and are some other flavor of Universal Time (UT).
+Some implementations support leap seconds, in contradiction to POSIX.
 .PP
 The
 .B mktime
@@ -204,6 +150,52 @@ returns the difference between two calendar times,
 expressed in seconds.
 .PP
 The
+.B asctime
+function
+converts a time value contained in a
+.q "tm"
+structure to a pointer to a
+string of the form
+.br
+.ce
+.eo
+Thu Nov 24 18:22:48 1986\n\0
+.br
+.ec
+Years requiring fewer than four characters are padded with leading zeroes.
+For years longer than four characters, the string is of the form
+.br
+.ce
+.eo
+Thu Nov 24 18:22:48     81986\n\0
+.ec
+.br
+with five spaces before the year.
+This unusual format is designed to make it less likely that older
+software that expects exactly 26 bytes of output will mistakenly output
+misleading values for out-of-range years.
+This function is deprecated starting in C23.
+Callers can use
+.B strftime
+instead.
+.PP
+The
+.B ctime
+function is equivalent to calliing
+.B localtime
+and then calling
+.B asctime
+on the result.
+Like
+.BR asctime ,
+this function is deprecated starting in C23.
+Callers can use
+.B localtime
+and
+.B strftime
+instead.
+.PP
+The
 .BR ctime_r ,
 .BR localtime_r ,
 .BR gmtime_r ,
diff --git a/contrib/tzcode/newstrftime.3 b/contrib/tzcode/newstrftime.3
index a9997a092d0a..e9a382240ed2 100644
--- a/contrib/tzcode/newstrftime.3
+++ b/contrib/tzcode/newstrftime.3
@@ -40,8 +40,6 @@
 strftime \- format date and time
 .SH SYNOPSIS
 .nf
-.ie \n(.g .ds - \f(CR-\fP
-.el .ds - \-
 .B #include <time.h>
 .PP
 .B "size_t strftime(char *restrict buf, size_t maxsize,"
@@ -93,7 +91,7 @@ If a bracketed member name is followed by
 .B strftime
 can use the named member even though POSIX.1-2024 does not list it;
 if the name is followed by
-.q \*- ,
+.q \- ,
 .B strftime
 ignores the member even though POSIX.1-2024 lists it
 which means portable code should set it.
@@ -139,11 +137,14 @@ is replaced by the locale's appropriate date and time representation.
 .IR tm_sec ,
 .IR tm_gmtoff ,
 .IR tm_zone ,
-.IR tm_isdst \*-].
+.IR tm_isdst \-].
 .TP
 %D
 is equivalent to
 .c %m/%d/%y .
+Although used in the United States for current dates,
+this format is ambiguous elsewhere
+and for dates that might involve other centuries.
 .RI [ tm_year ,
 .IR tm_mon ,
 .IR tm_mday ]
@@ -167,6 +168,8 @@ is equivalent to
 .TP
 %G
 is replaced by the ISO 8601 year with century as a decimal number.
+This is the year that includes the greater part of the week.
+(Monday as the first day of a week).
 See also the
 .c %V
 conversion specification.
@@ -176,11 +179,7 @@ conversion specification.
 .TP
 %g
 is replaced by the ISO 8601 year without century as a decimal number [00,99].
-This is the year that includes the greater part of the week.
-(Monday as the first day of a week).
-See also the
-.c %V
-conversion specification.
+Since it omits the century, it is ambiguous for dates.
 .RI [ tm_year ,
 .IR tm_yday ,
 .IR tm_wday ]
@@ -249,9 +248,22 @@ of leap seconds.
 is replaced by the number of seconds since the Epoch (see
 .BR ctime (3)).
 Although %s is reliable in this implementation,
-it can have glitches on other platforms (notably platforms lacking
-.IR tm_gmtoff ),
-so portable code should format a
+it can have glitches on other platforms
+(notably obsolescent platforms lacking
+.I tm_gmtoff
+or where
+.B time_t
+is no wider than int), and POSIX allows
+.B strftime
+to set
+.B errno
+to
+.B EINVAL
+or
+.B EOVERFLOW
+and return 0 if the number of seconds would be negative or out of range for
+.BR time_t .
+Portable code should therefore format a
 .B time_t
 value directly via something like
 .B sprintf
@@ -267,7 +279,7 @@ with "%s".
 .IR tm_min ,
 .IR tm_sec ,
 .IR tm_gmtoff +,
-.IR tm_isdst \*-].
+.IR tm_isdst \-].
 .TP
 %T
 is replaced by the time in the format
@@ -284,7 +296,7 @@ is replaced by the week number of the year (Sunday as the first day of
 the week) as a decimal number [00,53].
 .RI [ tm_wday ,
 .IR tm_yday ,
-.IR tm_year \*-]
+.IR tm_year \-]
 .TP
 %u
 is replaced by the weekday (Monday as the first day of the week)
@@ -318,31 +330,33 @@ as a decimal number [0,6].
 .TP
 %X
 is replaced by the locale's appropriate time representation.
-.RI [ tm_year \*-,
-.IR tm_yday \*-,
-.IR tm_mon \*-,
-.IR tm_mday \*-,
-.IR tm_wday \*-,
+.RI [ tm_year \-,
+.IR tm_yday \-,
+.IR tm_mon \-,
+.IR tm_mday \-,
+.IR tm_wday \-,
 .IR tm_hour ,
 .IR tm_min ,
 .IR tm_sec ,
 .IR tm_gmtoff ,
 .IR tm_zone ,
-.IR tm_isdst \*-].
+.IR tm_isdst \-].
 .TP
 %x
 is replaced by the locale's appropriate date representation.
+This format can be ambiguous for dates, e.g.,
+it can generate "01/02/03" in the C locale.
 .RI [ tm_year ,
 .IR tm_yday ,
 .IR tm_mon ,
 .IR tm_mday ,
 .IR tm_wday ,
-.IR tm_hour \*-,
-.IR tm_min \*-,
-.IR tm_sec \*-,
-.IR tm_gmtoff \*-,
-.IR tm_zone \*-,
-.IR tm_isdst \*-].
+.IR tm_hour \-,
+.IR tm_min \-,
+.IR tm_sec \-,
+.IR tm_gmtoff \-,
+.IR tm_zone \-,
+.IR tm_isdst \-].
 .TP
 %Y
 is replaced by the year with century as a decimal number.
@@ -350,28 +364,29 @@ is replaced by the year with century as a decimal number.
 .TP
 %y
 is replaced by the year without century as a decimal number [00,99].
+Since it omits the century, it is ambiguous for dates.
 .RI [ tm_year ]
 .TP
 %Z
 is replaced by the time zone abbreviation,
 or by the empty string if this is not determinable.
 .RI [ tm_zone ,
-.IR tm_isdst \*-]
+.IR tm_isdst \-]
 .TP
 %z
 is replaced by the offset from the Prime Meridian
-in the format +HHMM or \*-HHMM (ISO 8601) as appropriate,
+in the format +HHMM or \-HHMM (ISO 8601) as appropriate,
 with positive values representing locations east of Greenwich,
 or by the empty string if this is not determinable.
-The numeric time zone abbreviation \*-0000 is used when the time is
+The numeric time zone abbreviation \-0000 is used when the time is
 Universal Time
 but local time is indeterminate; by convention this is used for
 locations while uninhabited, and corresponds to a zero offset when the
 time zone abbreviation begins with
-.q "\*-" .
+.q "\-" .
 .RI [ tm_gmtoff ,
 .IR tm_zone +,
-.IR tm_isdst \*-]
+.IR tm_isdst \-]
 .TP
 %%
 is replaced by a single %.
@@ -418,15 +433,6 @@ This function fails if:
 The total number of resulting bytes, including the terminating
 NUL character, is more than
 .IR maxsize .
-.PP
-This function may fail if:
-.TP
-[EOVERFLOW]
-The format includes an
-.c %s
-conversion and the number of seconds since the Epoch cannot be represented
-in a
-.c time_t .
 .SH SEE ALSO
 .BR date (1),
 .BR getenv (3),
diff --git a/contrib/tzcode/newtzset.3 b/contrib/tzcode/newtzset.3
index 661fb25be098..db6bfa7fa64c 100644
--- a/contrib/tzcode/newtzset.3
+++ b/contrib/tzcode/newtzset.3
@@ -5,8 +5,6 @@
 tzset \- initialize time conversion information
 .SH SYNOPSIS
 .nf
-.ie \n(.g .ds - \f(CR-\fP
-.el .ds - \-
 .B #include <time.h>
 .PP
 .BI "timezone_t tzalloc(char const *" TZ );
@@ -23,7 +21,7 @@ tzset \- initialize time conversion information
 .br
 .B extern int daylight;
 .PP
-.B cc ... \*-ltz
+.B cc ... \-ltz
 .fi
 .SH DESCRIPTION
 .ie '\(en'' .ds en \-
@@ -110,7 +108,7 @@ except a leading colon
 digits, comma
 .RB ( , ),
 ASCII minus
-.RB ( \*- ),
+.RB ( \- ),
 ASCII plus
 .RB ( + ),
 and NUL bytes are allowed.
@@ -150,7 +148,7 @@ daylight saving time is assumed to be one hour ahead of standard time.  One or
 more digits may be used; the value is always interpreted as a decimal
 number.  The hour must be between zero and 24, and the minutes (and
 seconds) \*(en if present \*(en between zero and 59.  If preceded by a
-.q "\*-" ,
+.q "\-" ,
 the time zone shall be east of the Prime Meridian; otherwise it shall be
 west (which may be indicated by an optional preceding
 .q "+" .
@@ -239,7 +237,7 @@ values that directly specify the timezone.
 stands for US Eastern Standard
 Time (EST), 5 hours behind UT, without daylight saving.
 .TP
-.B <+12>\*-12<+13>,M11.1.0,M1.2.1/147
+.B <+12>\-12<+13>,M11.1.0,M1.2.1/147
 stands for Fiji time, 12 hours ahead
 of UT, springing forward on November's first Sunday at 02:00, and
 falling back on January's second Monday at 147:00 (i.e., 03:00 on the
@@ -249,34 +247,34 @@ and daylight saving time are
 and
 .q "+13".
 .TP
-.B IST\*-2IDT,M3.4.4/26,M10.5.0
+.B IST\-2IDT,M3.4.4/26,M10.5.0
 stands for Israel Standard Time (IST) and Israel Daylight Time (IDT),
 2 hours ahead of UT, springing forward on March's fourth
 Thursday at 26:00 (i.e., 02:00 on the first Friday on or after March
 23), and falling back on October's last Sunday at 02:00.
 .TP
-.B <\*-04>4<\*-03>,J1/0,J365/25
+.B <\-04>4<\-03>,J1/0,J365/25
 stands for permanent daylight saving time, 3 hours behind UT with
 abbreviation
-.q "\*-03".
+.q "\-03".
 There is a dummy fall-back transition on December 31 at 25:00 daylight
 saving time (i.e., 24:00 standard time, equivalent to January 1 at
 00:00 standard time), and a simultaneous spring-forward transition on
 January 1 at 00:00 standard time, so daylight saving time is in effect
 all year and the initial
-.B <\*-04>
+.B <\-04>
 is a placeholder.
 .TP
-.B <\*-03>3<\*-02>,M3.5.0/\*-2,M10.5.0/\*-1
+.B <\-03>3<\-02>,M3.5.0/\-2,M10.5.0/\-1
 stands for time in western Greenland, 3 hours behind UT, where clocks
 follow the EU rules of
 springing forward on March's last Sunday at 01:00 UT (\-02:00 local
 time, i.e., 22:00 the previous day) and falling back on October's last
 Sunday at 01:00 UT (\-01:00 local time, i.e., 23:00 the previous day).
 The abbreviations for standard and daylight saving time are
-.q "\*-03"
+.q "\-03"
 and
-.q "\*-02".
+.q "\-02".
 .PP
 If
 .I TZ
diff --git a/contrib/tzcode/private.h b/contrib/tzcode/private.h
index 9c5edff252fd..e6b206690b73 100644
--- a/contrib/tzcode/private.h
+++ b/contrib/tzcode/private.h
@@ -37,6 +37,38 @@
 # define SUPPORT_C89 1
 #endif
 
+
+/* The following feature-test macros should be defined before
+   any #include of a system header.  */
+
+/* Enable tm_gmtoff, tm_zone, and environ on GNUish systems.  */
+#define _GNU_SOURCE 1
+/* Fix asctime_r on Solaris 11.  */
+#define _POSIX_PTHREAD_SEMANTICS 1
+/* Enable strtoimax on pre-C99 Solaris 11.  */
+#define __EXTENSIONS__ 1
+/* Cause MS-Windows headers to define POSIX names.  */
+#define _CRT_DECLARE_NONSTDC_NAMES 1
+/* Prevent MS-Windows headers from defining min and max.  */
+#define NOMINMAX 1
+
+/* On GNUish systems where time_t might be 32 or 64 bits, use 64.
+   On these platforms _FILE_OFFSET_BITS must also be 64; otherwise
+   setting _TIME_BITS to 64 does not work.  The code does not
+   otherwise rely on _FILE_OFFSET_BITS being 64, since it does not
+   use off_t or functions like 'stat' that depend on off_t.  */
+#ifndef _TIME_BITS
+# ifndef _FILE_OFFSET_BITS
+#  define _FILE_OFFSET_BITS 64
+# endif
+# if _FILE_OFFSET_BITS == 64
+#  define _TIME_BITS 64
+# endif
+#endif
+
+/* End of feature-test macro definitions.  */
+
+
 #ifndef __STDC_VERSION__
 # define __STDC_VERSION__ 0
 #endif
@@ -51,6 +83,7 @@
 #endif
 
 #if __STDC_VERSION__ < 202311
+# undef static_assert
 # define static_assert(cond) extern int static_assert_check[(cond) ? 1 : -1]
 #endif
 
@@ -87,11 +120,11 @@
 
 #if !defined HAVE_GETTEXT && defined __has_include
 # if __has_include(<libintl.h>)
-#  define HAVE_GETTEXT true
+#  define HAVE_GETTEXT 1
 # endif
 #endif
 #ifndef HAVE_GETTEXT
-# define HAVE_GETTEXT false
+# define HAVE_GETTEXT 0
 #endif
 
 #ifndef HAVE_INCOMPATIBLE_CTIME_R
@@ -124,20 +157,20 @@
 
 #if !defined HAVE_SYS_STAT_H && defined __has_include
 # if !__has_include(<sys/stat.h>)
-#  define HAVE_SYS_STAT_H false
+#  define HAVE_SYS_STAT_H 0
 # endif
 #endif
 #ifndef HAVE_SYS_STAT_H
-# define HAVE_SYS_STAT_H true
+# define HAVE_SYS_STAT_H 1
 #endif
 
 #if !defined HAVE_UNISTD_H && defined __has_include
 # if !__has_include(<unistd.h>)
-#  define HAVE_UNISTD_H false
+#  define HAVE_UNISTD_H 0
 # endif
 #endif
 #ifndef HAVE_UNISTD_H
-# define HAVE_UNISTD_H true
+# define HAVE_UNISTD_H 1
 #endif
 
 #ifndef NETBSD_INSPIRED
@@ -149,25 +182,6 @@
 # define ctime_r _incompatible_ctime_r
 #endif /* HAVE_INCOMPATIBLE_CTIME_R */
 
-/* Enable tm_gmtoff, tm_zone, and environ on GNUish systems.  */
-#define _GNU_SOURCE 1
-/* Fix asctime_r on Solaris 11.  */
-#define _POSIX_PTHREAD_SEMANTICS 1
-/* Enable strtoimax on pre-C99 Solaris 11.  */
-#define __EXTENSIONS__ 1
-
-/* On GNUish systems where time_t might be 32 or 64 bits, use 64.
-   On these platforms _FILE_OFFSET_BITS must also be 64; otherwise
-   setting _TIME_BITS to 64 does not work.  The code does not
-   otherwise rely on _FILE_OFFSET_BITS being 64, since it does not
-   use off_t or functions like 'stat' that depend on off_t.  */
-#ifndef _FILE_OFFSET_BITS
-# define _FILE_OFFSET_BITS 64
-#endif
-#if !defined _TIME_BITS && _FILE_OFFSET_BITS == 64
-# define _TIME_BITS 64
-#endif
-
 /*
 ** Nested includes
 */
@@ -260,6 +274,10 @@
 # endif
 #endif
 
+#ifndef HAVE_SNPRINTF
+# define HAVE_SNPRINTF (!PORT_TO_C89 || 199901 <= __STDC_VERSION__)
+#endif
+
 #ifndef HAVE_STRFTIME_L
 # if _POSIX_VERSION < 200809
 #  define HAVE_STRFTIME_L 0
@@ -305,7 +323,7 @@
 ** stdint.h, even with pre-C99 compilers.
 */
 #if !defined HAVE_STDINT_H && defined __has_include
-# define HAVE_STDINT_H true /* C23 __has_include implies C99 stdint.h.  */
+# define HAVE_STDINT_H 1 /* C23 __has_include implies C99 stdint.h.  */
 #endif
 #ifndef HAVE_STDINT_H
 # define HAVE_STDINT_H \
@@ -375,11 +393,15 @@ typedef int int_fast32_t;
 # endif
 #endif
 
+#ifndef INT_LEAST32_MAX
+typedef int_fast32_t int_least32_t;
+#endif
+
 #ifndef INTMAX_MAX
 # ifdef LLONG_MAX
 typedef long long intmax_t;
 #  ifndef HAVE_STRTOLL
-#   define HAVE_STRTOLL true
+#   define HAVE_STRTOLL 1
 #  endif
 #  if HAVE_STRTOLL
 #   define strtoimax strtoll
@@ -459,7 +481,7 @@ typedef unsigned long uintmax_t;
    hosts, unless compiled with -DHAVE_STDCKDINT_H=0 or with pre-C23 EDG.  */
 #if !defined HAVE_STDCKDINT_H && defined __has_include
 # if __has_include(<stdckdint.h>)
-#  define HAVE_STDCKDINT_H true
+#  define HAVE_STDCKDINT_H 1
 # endif
 #endif
 #ifdef HAVE_STDCKDINT_H
@@ -554,13 +576,26 @@ typedef unsigned long uintmax_t;
 # define ATTRIBUTE_REPRODUCIBLE /* empty */
 #endif
 
+#if HAVE___HAS_C_ATTRIBUTE
+# if __has_c_attribute(unsequenced)
+#  define ATTRIBUTE_UNSEQUENCED [[unsequenced]]
+# endif
+#endif
+#ifndef ATTRIBUTE_UNSEQUENCED
+# define ATTRIBUTE_UNSEQUENCED /* empty */
+#endif
+
 /* GCC attributes that are useful in tzcode.
+   __attribute__((const)) is stricter than [[unsequenced]],
+   so the latter is an adequate substitute in non-GCC C23 platforms.
    __attribute__((pure)) is stricter than [[reproducible]],
    so the latter is an adequate substitute in non-GCC C23 platforms.  */
 #if __GNUC__ < 3
+# define ATTRIBUTE_CONST ATTRIBUTE_UNSEQUENCED
 # define ATTRIBUTE_FORMAT(spec) /* empty */
 # define ATTRIBUTE_PURE ATTRIBUTE_REPRODUCIBLE
 #else
+# define ATTRIBUTE_CONST __attribute__((const))
 # define ATTRIBUTE_FORMAT(spec) __attribute__((format spec))
 # define ATTRIBUTE_PURE __attribute__((pure))
 #endif
@@ -593,6 +628,12 @@ typedef unsigned long uintmax_t;
 # define RESERVE_STD_EXT_IDS 0
 #endif
 
+#ifdef time_tz
+# define defined_time_tz true
+#else
+# define defined_time_tz false
+#endif
+
 /* If standard C identifiers with external linkage (e.g., localtime)
    are reserved and are not already being renamed anyway, rename them
    as if compiling with '-Dtime_tz=time_t'.  */
@@ -608,9 +649,9 @@ typedef unsigned long uintmax_t;
 ** typical platforms.
 */
 #if defined time_tz || EPOCH_LOCAL || EPOCH_OFFSET != 0
-# define TZ_TIME_T 1
+# define TZ_TIME_T true
 #else
-# define TZ_TIME_T 0
+# define TZ_TIME_T false
 #endif
 
 #if defined LOCALTIME_IMPLEMENTATION && TZ_TIME_T
@@ -707,7 +748,7 @@ DEPRECATED_IN_C23 char *ctime(time_t const *);
 char *asctime_r(struct tm const *restrict, char *restrict);
 char *ctime_r(time_t const *, char *);
 #endif
-double difftime(time_t, time_t);
+ATTRIBUTE_CONST double difftime(time_t, time_t);
 size_t strftime(char *restrict, size_t, char const *restrict,
 		struct tm const *restrict);
 # if HAVE_STRFTIME_L
@@ -729,9 +770,9 @@ void tzset(void);
       || defined __GLIBC__ || defined __tm_zone /* musl */ \
       || defined __FreeBSD__ || defined __NetBSD__ || defined __OpenBSD__ \
       || (defined __APPLE__ && defined __MACH__))
-#  define HAVE_DECL_TIMEGM true
+#  define HAVE_DECL_TIMEGM 1
 # else
-#  define HAVE_DECL_TIMEGM false
+#  define HAVE_DECL_TIMEGM 0
 # endif
 #endif
 #if !HAVE_DECL_TIMEGM && !defined timegm
@@ -771,14 +812,18 @@ extern long altzone;
 */
 
 #ifndef STD_INSPIRED
-# define STD_INSPIRED 0
+# ifdef __NetBSD__
+#  define STD_INSPIRED 1
+# else
+#  define STD_INSPIRED 0
+# endif
 #endif
 #if STD_INSPIRED
 # if TZ_TIME_T || !defined offtime
 struct tm *offtime(time_t const *, long);
 # endif
 # if TZ_TIME_T || !defined offtime_r
-struct tm *offtime_r(time_t const *, long, struct tm *);
+struct tm *offtime_r(time_t const *restrict, long, struct tm *restrict);
 # endif
 # if TZ_TIME_T || !defined timelocal
 time_t timelocal(struct tm *);
@@ -880,7 +925,7 @@ ATTRIBUTE_PURE time_t time2posix_z(timezone_t, time_t);
 		default: TIME_T_MAX_NO_PADDING)			    \
      : (time_t) -1)
 enum { SIGNED_PADDING_CHECK_NEEDED
-         = _Generic((time_t) 0,
+	 = _Generic((time_t) 0,
 		    signed char: false, short: false,
 		    int: false, long: false, long long: false,
 		    default: true) };
@@ -927,8 +972,8 @@ static_assert(! TYPE_SIGNED(time_t) || ! SIGNED_PADDING_CHECK_NEEDED
 # define UNINIT_TRAP 0
 #endif
 
-/* localtime.c sometimes needs access to timeoff if it is not already public.
-   tz_private_timeoff should be used only by localtime.c.  */
+/* strftime.c sometimes needs access to timeoff if it is not already public.
+   tz_private_timeoff should be used only by localtime.c and strftime.c.  */
 #if (!defined EXTERN_TIMEOFF \
      && defined TM_GMTOFF && (200809 < _POSIX_VERSION || ! UNINIT_TRAP))
 # ifndef timeoff
diff --git a/contrib/tzcode/strftime.c b/contrib/tzcode/strftime.c
index 755d341fa6d9..487a5234cbc5 100644
--- a/contrib/tzcode/strftime.c
+++ b/contrib/tzcode/strftime.c
@@ -39,8 +39,63 @@
 #include <locale.h>
 #include <stdio.h>
 
+/* If true, the value returned by an idealized unlimited-range mktime
+   always fits into an integer type with bounds MIN and MAX.
+   If false, the value might not fit.
+   This macro is usable in #if if its arguments are.
+   Add or subtract 2**31 - 1 for the maximum UT offset allowed in a TZif file,
+   divide by the maximum number of non-leap seconds in a year,
+   divide again by two just to be safe,
+   and account for the tm_year origin (1900) and time_t origin (1970).  */
+#define MKTIME_FITS_IN(min, max) \
+  ((min) < 0 \
+   && ((min) + 0x7fffffff) / 366 / 24 / 60 / 60 / 2 + 1970 - 1900 < INT_MIN \
+   && INT_MAX < ((max) - 0x7fffffff) / 366 / 24 / 60 / 60 / 2 + 1970 - 1900)
+
+/* MKTIME_MIGHT_OVERFLOW is true if mktime can fail due to time_t overflow
+   or if it is not known whether mktime can fail,
+   and is false if mktime definitely cannot fail.
+   This macro is usable in #if, and so does not use TIME_T_MAX or sizeof.
+   If the builder has not configured this macro, guess based on what
+   known platforms do.  When in doubt, guess true.  */
+#ifndef MKTIME_MIGHT_OVERFLOW
+# if defined __FreeBSD__ || defined __NetBSD__ || defined __OpenBSD__
+#  include <sys/param.h>
+# endif
+# if ((/* The following heuristics assume native time_t.  */ \
+       defined_time_tz) \
+      || ((/* Traditional time_t is 'long', so if 'long' is not wide enough \
+	      assume overflow unless we're on a known-safe host.  */ \
+	   !MKTIME_FITS_IN(LONG_MIN, LONG_MAX)) \
+	  && (/* GNU C Library 2.29 (2019-02-01) and later has 64-bit time_t \
+		 if __TIMESIZE is 64.  */ \
+	      !defined __TIMESIZE || __TIMESIZE < 64) \
+	  && (/* FreeBSD 12 r320347 (__FreeBSD_version 1200036; 2017-06-26), \
+		 and later has 64-bit time_t on all platforms but i386 which \
+		 is currently scheduled for end-of-life on 2028-11-30.  */ \
+	      !defined __FreeBSD_version || __FreeBSD_version < 1200036 \
+	      || defined __i386) \
+	  && (/* NetBSD 6.0 (2012-10-17) and later has 64-bit time_t.  */ \
+	      !defined __NetBSD_Version__ || __NetBSD_Version__ < 600000000) \
+	  && (/* OpenBSD 5.5 (2014-05-01) and later has 64-bit time_t.  */ \
+	      !defined OpenBSD || OpenBSD < 201405)))
+#  define MKTIME_MIGHT_OVERFLOW 1
+# else
+#  define MKTIME_MIGHT_OVERFLOW 0
+# endif
+#endif
+/* Check that MKTIME_MIGHT_OVERFLOW is consistent with time_t's range.  */
+static_assert(MKTIME_MIGHT_OVERFLOW
+	      || MKTIME_FITS_IN(TIME_T_MIN, TIME_T_MAX));
+
+#if MKTIME_MIGHT_OVERFLOW
+/* Do this after system includes as it redefines time_t, mktime, timeoff.  */
+# define USE_TIMEX_T true
+# include "localtime.c"
+#endif
+
 #ifndef DEPRECATE_TWO_DIGIT_YEARS
-# define DEPRECATE_TWO_DIGIT_YEARS false
+# define DEPRECATE_TWO_DIGIT_YEARS 0
 #endif
 
 struct lc_time_T {
@@ -135,10 +190,6 @@ strftime(char *restrict s, size_t maxsize, char const *restrict format,
 
 	tzset();
 	p = _fmt(format, t, s, s + maxsize, &warn);
-	if (!p) {
-	  errno = EOVERFLOW;
-	  return 0;
-	}
 	if (DEPRECATE_TWO_DIGIT_YEARS
 	    && warn != IN_NONE && getenv(YEAR_2000_NAME)) {
 		fprintf(stderr, "\n");
@@ -170,7 +221,12 @@ _fmt(const char *format, const struct tm *t, char *pt,
 		if (*format == '%') {
 label:
 			switch (*++format) {
-			case '\0':
+			default:
+				/* Output unknown conversion specifiers as-is,
+				   to aid debugging.  This includes '%' at
+				   format end.  This conforms to C23 section
+				   7.29.3.5 paragraph 6, which says behavior
+				   is undefined here.  */
 				--format;
 				break;
 			case 'A':
@@ -327,16 +383,17 @@ label:
 					tm.tm_mday = t->tm_mday;
 					tm.tm_mon = t->tm_mon;
 					tm.tm_year = t->tm_year;
+
+					/* Get the time_t value for TM.
+					   Native time_t, or its redefinition
+					   by localtime.c above, is wide enough
+					   so that this cannot overflow.  */
 #ifdef TM_GMTOFF
 					mkt = timeoff(&tm, t->TM_GMTOFF);
 #else
 					tm.tm_isdst = t->tm_isdst;
 					mkt = mktime(&tm);
 #endif
-					/* If mktime fails, %s expands to the
-					   value of (time_t) -1 as a failure
-					   marker; this is better in practice
-					   than strftime failing.  */
 					if (TYPE_SIGNED(time_t)) {
 					  intmax_t n = mkt;
 					  sprintf(buf, "%"PRIdMAX, n);
@@ -590,12 +647,6 @@ label:
 					warnp);
 				continue;
 			case '%':
-			/*
-			** X311J/88-090 (4.12.3.5): if conversion char is
-			** undefined, behavior is undefined. Print out the
-			** character itself as printf(3) also does.
-			*/
-			default:
 				break;
 			}
 		}
diff --git a/contrib/tzcode/theory.html b/contrib/tzcode/theory.html
index d3573ede0dfb..352a3d87078f 100644
--- a/contrib/tzcode/theory.html
+++ b/contrib/tzcode/theory.html
@@ -123,8 +123,9 @@ If geolocation information is available, a selection interface can
 locate the user on a timezone map or prioritize names that are
 geographically close. For an example selection interface, see the
 <code>tzselect</code> program in the <code><abbr>tz</abbr></code> code.
-The <a href="https://cldr.unicode.org">Unicode Common Locale Data
-Repository</a> contains data that may be useful for other selection
+Unicode's <a href="https://cldr.unicode.org">Common Locale Data
+Repository (<abbr>CLDR</abbr>)</a>
+contains data that may be useful for other selection
 interfaces; it maps timezone names like <code>Europe/Prague</code> to
 locale-dependent strings like "Prague", "Praha", "Прага", and "布拉格".
 </p>
@@ -200,6 +201,8 @@ in decreasing order of importance:
   <li>
     A name must not be empty, or contain '<code>//</code>', or
     start or end with '<code>/</code>'.
+    Also, a name must not be '<code>Etc/Unknown</code>', as
+    <abbr>CLDR</abbr> uses that string for an unknown or invalid timezone.
   </li>
   <li>
     Do not use names that differ only in case.
@@ -220,10 +223,18 @@ in decreasing order of importance:
     do not need locations, since local time is not defined there.
   </li>
   <li>
-    If all the clocks in a timezone have agreed since 1970,
-    do not bother to include more than one timezone
-    even if some of the clocks disagreed before 1970.
+    If all clocks in a region have agreed since 1970,
+    give them just one name even if some of the clocks disagreed before 1970,
+    or reside in different countries or in notable or faraway locations.
     Otherwise these tables would become annoyingly large.
+    For example, do not create a name <code>Indian/Crozet</code>
+    as a near-duplicate or alias of <code>Asia/Dubai</code>
+    merely because they are different countries or territories,
+    or their clocks disagreed before 1970, or the
+    <a href="https://en.wikipedia.org/wiki/Crozet_Islands">Crozet Islands</a>
+    are notable in their own right,
+    or the Crozet Islands are not adjacent to other locations
+    that use <code>Asia/Dubai</code>.
   </li>
   <li>
     If boundaries between regions are fluid, such as during a war or
@@ -579,10 +590,10 @@ in decreasing order of importance:
     locations while uninhabited.
     The leading '<code>-</code>' is a flag that the <abbr>UT</abbr> offset is in
     some sense undefined; this notation is derived
-    from <a href="https://datatracker.ietf.org/doc/html/rfc3339">Internet
+    from <a href="https://www.rfc-editor.org/rfc/rfc3339">Internet
     <abbr title="Request For Comments">RFC</abbr> 3339</a>.
     (The abbreviation 'Z' that
-    <a href="https://datatracker.ietf.org/doc/html/rfc9557">Internet
+    <a href="https://www.rfc-editor.org/rfc/rfc9557">Internet
     <abbr>RFC</abbr> 9557</a> uses for this concept
     would violate the POSIX requirement
     of at least three characters in an abbreviation.)
@@ -1115,8 +1126,8 @@ However POSIX.1-2024, like earlier POSIX editions, has some limitations:
     the name of a file from which time-related information is read.
     The file's format is <dfn><abbr>TZif</abbr></dfn>,
     a timezone information format that contains binary data; see
-    <a href="https://datatracker.ietf.org/doc/html/8536">Internet
-    <abbr>RFC</abbr> 8536</a>.
+    <a href="https://www.rfc-editor.org/rfc/9636">Internet
+    <abbr>RFC</abbr> 9636</a>.
     The daylight saving time rules to be used for a
     particular timezone are encoded in the
     <abbr>TZif</abbr> file; the format of the file allows <abbr>US</abbr>,
@@ -1201,12 +1212,15 @@ The vestigial <abbr>API</abbr>s are:
     The <code>tm_isdst</code> member is almost never needed and most of
     its uses should be discouraged in favor of the abovementioned
     <abbr>API</abbr>s.
+    It was intended as an index into the <code>tzname</code> variable,
+    but as mentioned previously that usage is obsolete.
     Although it can still be used in arguments to
     <code>mktime</code> to disambiguate timestamps near
     a <abbr>DST</abbr> transition when the clock jumps back on
     platforms lacking <code>tm_gmtoff</code>, this
-    disambiguation does not work when standard time itself jumps back,
-    which can occur when a location changes to a time zone with a
+    disambiguation works only for proleptic <code>TZ</code> strings;
+    it does not work in general for geographical timezones,
+    such as when a location changes to a time zone with a
     lesser <abbr>UT</abbr> offset.
   </li>
 </ul>
@@ -1223,8 +1237,8 @@ The vestigial <abbr>API</abbr>s are:
     Programs that in the past used the <code>timezone</code> function
     may now examine <code>localtime(&amp;clock)-&gt;tm_zone</code>
     (if <code>TM_ZONE</code> is defined) or
-    <code>tzname[localtime(&amp;clock)-&gt;tm_isdst]</code>
-    (if <code>HAVE_TZNAME</code> is nonzero) to learn the correct time
+    use <code>strftime</code> with a <code>%Z</code> conversion specification
+    to learn the correct time
     zone abbreviation to use.
   </li>
   <li>
diff --git a/contrib/tzcode/tz-link.html b/contrib/tzcode/tz-link.html
index be2aae5489d6..ad2cc972a4f9 100644
--- a/contrib/tzcode/tz-link.html
+++ b/contrib/tzcode/tz-link.html
@@ -194,9 +194,9 @@ After obtaining the code and data files, see the
 The code lets you compile the <code><abbr>tz</abbr></code> source files into
 machine-readable binary files, one for each location. The binary files
 are in a special format specified by
-<a href="https://datatracker.ietf.org/doc/html/8536">The
+<a href="https://www.rfc-editor.org/rfc/9636">The
 Time Zone Information Format (<abbr>TZif</abbr>)</a>
-(Internet <abbr title="Request For Comments">RFC</abbr> 8536).
+(Internet <abbr title="Request For Comments">RFC</abbr> 9636).
 The code also lets
 you read a <abbr>TZif</abbr> file and interpret timestamps for that
 location.</p>
@@ -260,7 +260,7 @@ Studio Code</a>.
 </p>
 <p>
 For further information about updates, please see
-<a href="https://datatracker.ietf.org/doc/html/rfc6557">Procedures for
+<a href="https://www.rfc-editor.org/rfc/rfc6557">Procedures for
 Maintaining the Time Zone Database</a> (Internet <abbr>RFC</abbr> 6557).
 More detail can be
 found in <a href="theory.html">Theory and pragmatics of the
@@ -379,26 +379,26 @@ calculates the current time difference between locations.</li>
 <li>The <a href="https://www.ietf.org">Internet Engineering Task Force</a>'s
 <a href="https://datatracker.ietf.org/wg/tzdist/charter/">Time Zone Data
 Distribution Service (tzdist) working group</a> defined <a
-href="https://datatracker.ietf.org/doc/html/rfc7808">TZDIST</a>
+href="https://www.rfc-editor.org/rfc/rfc7808">TZDIST</a>
 (Internet <abbr>RFC</abbr> 7808), a time zone data distribution service,
-along with <a href="https://datatracker.ietf.org/doc/html/rfc7809">CalDAV</a>
+along with <a href="https://www.rfc-editor.org/rfc/rfc7809">CalDAV</a>
 (Internet <abbr>RFC</abbr> 7809), a calendar access protocol for
 transferring time zone data by reference.
 <a href="https://devguide.calconnect.org/Time-Zones/TZDS/">TZDIST
 implementations</a> are available.
 The <a href="https://www.ietf.org/mailman/listinfo/tzdist-bis">tzdist-bis
 mailing list</a> discusses possible extensions.</li>
-<li>The <a href="https://datatracker.ietf.org/doc/html/rfc5545">
+<li>The <a href="https://www.rfc-editor.org/rfc/rfc5545">
 Internet Calendaring and Scheduling Core Object Specification
 (iCalendar)</a> (Internet <abbr>RFC</abbr> 5445)
 covers time zone
 data; see its VTIMEZONE calendar component.
 The iCalendar format requires specialized parsers and generators; a
-variant <a href="https://datatracker.ietf.org/doc/html/rfc6321">xCal</a>
+variant <a href="https://www.rfc-editor.org/rfc/rfc6321">xCal</a>
 (Internet <abbr>RFC</abbr> 6321) uses
 <a href="https://www.w3.org/XML/"><abbr
 title="Extensible Markup Language">XML</abbr></a> format, and a variant
-<a href="https://datatracker.ietf.org/doc/html/rfc7265">jCal</a>
+<a href="https://www.rfc-editor.org/rfc/rfc7265">jCal</a>
 (Internet <abbr>RFC</abbr> 7265)
 uses <a href="https://www.json.org/json-en.html"><abbr
 title="JavaScript Object Notation">JSON</abbr></a> format.</li>
@@ -935,7 +935,13 @@ with perhaps the best-documented history of clock adjustments.</dd>
 <dt>United States</dt>
 <dd>The Department of Transportation's <a
 href="https://www.transportation.gov/regulations/recent-time-zone-proceedings">Recent
-Time Zone Proceedings</a> lists changes to time zone boundaries.</dd>
+Time Zone Proceedings</a> lists changes to
+official written time zone boundaries, and its <a
+href="https://geodata.bts.gov/datasets/usdot::time-zones/about">Time
+Zones dataset</a> maps current boundaries.
+These boundaries are only for standard time, so the current map puts
+all of Arizona in one time zone even though part of Arizona
+observes <abbr>DST</abbr> and part does not.</dd>
 <dt>Uruguay</dt>
 <dd>The Oceanography, Hydrography, and Meteorology Service of the Uruguayan
 Navy (SOHMA) publishes an annual <a
@@ -979,6 +985,14 @@ a Sleep Research Society position statement</a>.
 doi:<a href="https://doi.org/10.1093/sleep/zsac236">10.1093/sleep/zsac236</a>.
 After reviewing the scientific literature, the Sleep Research Society
 advocates permanent standard time due to its health benefits.
+<li>Neumann P, von Blanckenburg K. <a
+href="https://journals.sagepub.com/doi/full/10.1177/0961463X241310562">What
+time will it be? A comprehensive literature review on daylight saving time</a>.
+<em>Time Soc</em>. 2025-01-21.
+doi:<a href="https://doi.org/10.1177/0961463X241310562">10.1177/0961463X241310562</a>.
+This reviews DST's effects on electricity, health, crime, road safety,
+and the economy, focusing on research since 2010, and concludes that
+year-round standard time is preferable overall.
 <li>Rishi MA, Cheng JY, Strang AR <em>et al</em>.
 <a href="https://jcsm.aasm.org/doi/10.5664/jcsm.10898">Permanent standard time
 is the optimal choice for health and safety:
@@ -994,7 +1008,8 @@ should we abolish Daylight Saving Time?</a>
 <em>J Biol Rhythms.</em> 2019;34(3):227&ndash;230.
 doi:<a href="https://doi.org/10.1177/0748730419854197">10.1177/0748730419854197</a>.
 The Society for Research on Biological Rhythms
-opposes DST changes and permanent DST, and advocates that governments adopt
+opposes <abbr>DST</abbr> changes and permanent <abbr>DST</abbr>,
+and advocates that governments adopt
 "permanent Standard Time for the health and safety of their citizens".</li>
 </ul>
 </section>
@@ -1023,7 +1038,7 @@ title="Institute of Electrical and Electronics Engineers">IEEE</abbr> 1588)
 can achieve submicrosecond clock accuracy on a local area network
 with special-purpose hardware.</li>
 <li><a
-href="https://datatracker.ietf.org/doc/html/rfc4833">Timezone
+href="https://www.rfc-editor.org/rfc/rfc4833">Timezone
 Options for <abbr title="Dynamic Host Configuration Protocol">DHCP</abbr></a>
 (Internet <abbr>RFC</abbr> 4833)
 specifies a <a
@@ -1105,7 +1120,7 @@ the abovementioned <abbr>NTP</abbr> implementations, <a
 href="https://github.com/google/unsmear">supports</a> conversion between
 <abbr>UTC</abbr> and smeared <abbr>POSIX</abbr> timestamps, and is used by major
 cloud service providers. However, according to
-<a href="https://datatracker.ietf.org/doc/html/rfc8633#section-3.7.1">&sect;3.7.1 of
+<a href="https://www.rfc-editor.org/rfc/rfc8633#section-3.7.1">&sect;3.7.1 of
 Network Time Protocol Best Current Practices</a>
 (Internet <abbr>RFC</abbr> 8633), leap smearing is not suitable for
 applications requiring accurate <abbr>UTC</abbr> or civil time,
@@ -1165,16 +1180,16 @@ interchange &ndash; Part 1: Basic rules</em></a>.</li>
 <a href="https://www.w3.org/TR/xmlschema/#dateTime"><abbr>XML</abbr>
 Schema: Datatypes &ndash; dateTime</a> specifies a format inspired by
 <abbr>ISO</abbr> 8601 that is in common use in <abbr>XML</abbr> data.</li>
-<li><a href="https://datatracker.ietf.org/doc/html/rfc5322#section-3.3">&sect;3.3 of
+<li><a href="https://www.rfc-editor.org/rfc/rfc5322#section-3.3">&sect;3.3 of
 Internet Message Format</a> (Internet <abbr>RFC</abbr> 5322)
 specifies the time notation used in email and <a
 href="https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol"><abbr>HTTP</abbr></a>
 headers.</li>
 <li>
-<a href="https://datatracker.ietf.org/doc/html/rfc3339">Date and Time
+<a href="https://www.rfc-editor.org/rfc/rfc3339">Date and Time
 on the Internet: Timestamps</a> (Internet <abbr>RFC</abbr> 3339)
 specifies an <abbr>ISO</abbr> 8601 profile for use in new Internet protocols.
-An extension, <a href="https://datatracker.ietf.org/doc/html/rfc9557">Date
+An extension, <a href="https://www.rfc-editor.org/rfc/rfc9557">Date
 and Time on the Internet: Timestamps with Additional Information</a>
 (Internet <abbr>RFC</abbr> 9557) extends this profile
 to let you specify the <code><abbr>tzdb</abbr></code> timezone of a timestamp
diff --git a/contrib/tzcode/tzfile.5 b/contrib/tzcode/tzfile.5
index 63bda4114388..66d169fc5302 100644
--- a/contrib/tzcode/tzfile.5
+++ b/contrib/tzcode/tzfile.5
@@ -11,7 +11,7 @@ The timezone information files used by
 .Xr tzset 3
 are found under
 .Pa /usr/share/zoneinfo .
-These files use the format described in Internet RFC 8536.
+These files use the format described in Internet RFC 9636.
 Each file is a sequence of 8-bit bytes.
 In a file, a binary integer is represented by a sequence of one or
 more bytes in network order (bigendian, or high-order byte first),
@@ -107,7 +107,7 @@ and
 serves as an index into the array of time zone abbreviation bytes
 that follow the
 .Vt ttinfo
-entries in the file; if the designated string is "\*-00", the
+entries in the file; if the designated string is "\-00", the
 .Vt ttinfo
 entry is a placeholder indicating that local time is unspecified.
 The
@@ -128,7 +128,7 @@ The byte strings can overlap if one is a suffix of the other.
 The encoding of these strings is not specified.
 .It Va tzh_leapcnt
 pairs of four-byte values, written in network byte order;
-the first value of each pair gives the nonnegative time
+the first value of each pair gives the non-negative time
 (as returned by
 .Xr time 3 )
 at which a leap second occurs or at which the leap second table expires;
@@ -141,7 +141,7 @@ Each pair denotes one leap second, either positive or negative,
 except that if the last pair has the same correction as the previous one,
 the last pair denotes the leap second table's expiration time.
 Each leap second is at the end of a UTC calendar month.
-The first leap second has a nonnegative occurrence time,
+The first leap second has a non-negative occurrence time,
 and is a positive leap second if and only if its correction is positive;
 the correction for each leap second after the first differs
 from the previous leap second by either 1 for a positive leap second,
@@ -168,7 +168,7 @@ The standard/wall and UT/local indicators were designed for
 transforming a TZif file's transition times into transitions appropriate
 for another time zone specified via
 a proleptic TZ string that lacks rules.
-For example, when TZ="EET\*-2EEST" and there is no TZif file "EET\*-2EEST",
+For example, when TZ="EET\-2EEST" and there is no TZif file "EET\-2EEST",
 the idea was to adapt the transition times from a TZif file with the
 well-known name "posixrules" that is present only for this purpose and
 is a copy of the file "Europe/Brussels", a file with a different UT offset.
@@ -177,7 +177,7 @@ the default rules are installation-dependent, and no implementation
 is known to support this feature for timestamps past 2037,
 so users desiring (say) Greek time should instead specify
 TZ="Europe/Athens" for better historical coverage, falling back on
-TZ="EET\*-2EEST,M3.5.0/3,M10.5.0/4" if POSIX conformance is required
+TZ="EET\-2EEST,M3.5.0/3,M10.5.0/4" if POSIX conformance is required
 and older timestamps need not be handled accurately.
 .Pp
 The
@@ -203,7 +203,7 @@ after the last transition time stored in the file
 or for all instants if the file has no transitions.
 The TZ string is empty (i.e., nothing between the newlines)
 if there is no proleptic representation for such instants.
-If nonempty, the TZ string must agree with the local time
+If non-empty, the TZ string must agree with the local time
 type after the last transition time if present in the eight-byte data;
 for example, given the string
 .Dq "WET0WEST,M3.5.0/1,M10.5.0"
@@ -218,7 +218,7 @@ the earliest transition time.
 For version-3-format timezone files, a TZ string (see
 .Xr newtzset 3 )
 may use the following POSIX.1-2024 extensions to POSIX.1-2017:
-First, as in TZ="<\*-02>2<\*-01>,M3.5.0/\*-1,M10.5.0/0",
+First, as in TZ="<\-02>2<\-01>,M3.5.0/\-1,M10.5.0/0",
 the hours part of its transition times may be signed and range from
 \-167 through 167 instead of being limited to unsigned values
 from 0 through 24.
@@ -275,7 +275,7 @@ time did not exist (possibly with an error indication).
 Time zone designations should consist of at least three (3)
 and no more than six (6) ASCII characters from the set of
 alphanumerics,
-.Dq "\*-" ,
+.Dq "\-" ,
 and
 .Dq "+" .
 This is for compatibility with POSIX requirements for
@@ -300,16 +300,16 @@ through 60 instead of the usual 59; the UTC offset is unaffected.
 This section documents common problems in reading or writing TZif files.
 Most of these are problems in generating TZif files for use by
 older readers.
-The goals of this section are:
+The goals of this section are to help:
 .Bl -bullet
 .It
-to help TZif writers output files that avoid common
+TZif writers output files that avoid common
 pitfalls in older or buggy TZif readers,
 .It
-to help TZif readers avoid common pitfalls when reading
+TZif readers avoid common pitfalls when reading
 files generated by future TZif writers, and
 .It
-to help any future specification authors see what sort of
+any future specification authors see what sort of
 problems arise when the TZif format is changed.
 .El
 .Pp
@@ -320,9 +320,9 @@ reader was designed for.
 When complete compatibility was not achieved, an attempt was
 made to limit glitches to rarely used timestamps and allow
 simple partial workarounds in writers designed to generate
-new-version data useful even for older-version readers.
+newer-version data useful even for older-version readers.
 This section attempts to document these compatibility issues and
-workarounds, as well as to document other common bugs in
+workarounds as well as documenting other common bugs in
 readers.
 .Pp
 Interoperability problems with TZif include the following:
@@ -355,15 +355,15 @@ for two time zones east, e.g.,
 for a time zone with a never-used standard time (XXX, \-03)
 and negative daylight saving time (EDT, \-04) all year.
 Alternatively,
-as a partial workaround a writer can substitute standard time
+as a partial workaround, a writer can substitute standard time
 for the next time zone east \(en e.g.,
 .Dq "AST4"
 for permanent
 Atlantic Standard Time (\-04).
 .It
-Some readers designed for version 2 or 3, and that require strict
-conformance to RFC 8536, reject version 4 files whose leap second
-tables are truncated at the start or that end in expiration times.
+Some readers designed for version 2 or 3 and that require strict
+conformance to RFC 9636 reject version 4 files whose leap second
+tables are truncated at the start or end in expiration times.
 .It
 Some readers ignore the footer, and instead predict future
 timestamps from the time type of the last transition.
@@ -378,7 +378,7 @@ and even for current timestamps it can fail for settings like
 TZ="Africa/Casablanca".  This corresponds to a TZif file
 containing explicit transitions through the year 2087,
 followed by a footer containing the TZ string
-.Dq <+01>\*-1 ,
+.Dq <+01>\-1 ,
 which should be used only for timestamps after the last
 explicit transition.
 .It
@@ -389,7 +389,7 @@ As a partial workaround, a writer can output a dummy (no-op)
 first transition at an early time.
 .It
 Some readers mishandle timestamps before the first
-transition that has a timestamp not less than \-2**31.
+transition that has a timestamp that is not less than \-2**31.
 Readers that support only 32-bit timestamps are likely to be
 more prone to this problem, for example, when they process
 64-bit transitions only some of which are representable in 32
@@ -401,7 +401,7 @@ Some readers mishandle a transition if its timestamp has
 the minimum possible signed 64-bit value.
 Timestamps less than \-2**59 are not recommended.
 .It
-Some readers mishandle TZ strings that
+Some readers mishandle proleptic TZ strings that
 contain
 .Dq "<"
 or
@@ -418,9 +418,9 @@ non-ASCII characters.
 These characters are not recommended.
 .It
 Some readers may mishandle time zone abbreviations that
-contain fewer than 3 or more than 6 characters, or that
+contain fewer than 3 or more than 6 characters or that
 contain ASCII characters other than alphanumerics,
-.Dq "\*-",
+.Dq "\-",
 and
 .Dq "+".
 These abbreviations are not recommended.
@@ -430,7 +430,7 @@ daylight-saving time UT offsets that are less than the UT
 offsets for the corresponding standard time.
 These readers do not support locations like Ireland, which
 uses the equivalent of the TZ string
-.Dq "IST\*-1GMT0,M10.5.0,M3.5.0/1",
+.Dq "IST\-1GMT0,M10.5.0,M3.5.0/1",
 observing standard time
 (IST, +01) in summer and daylight saving time (GMT, +00) in winter.
 As a partial workaround, a writer can output data for the
@@ -443,7 +443,7 @@ abbreviations correctly.
 .It
 Some readers generate ambiguous timestamps for positive leap seconds
 that occur when the UTC offset is not a multiple of 60 seconds.
-For example, in a timezone with UTC offset +01:23:45 and with
+For example, with UTC offset +01:23:45 and
 a positive leap second 78796801 (1972-06-30 23:59:60 UTC), some readers will
 map both 78796800 and 78796801 to 01:23:45 local time the next day
 instead of mapping the latter to 01:23:46, and they will map 78796815 to
@@ -462,15 +462,15 @@ Developers of distributed applications should keep this
 in mind if they need to deal with pre-1970 data.
 .It
 Some readers mishandle timestamps before the first
-transition that has a nonnegative timestamp.
+transition that has a non-negative timestamp.
 Readers that do not support negative timestamps are likely to
 be more prone to this problem.
 .It
 Some readers mishandle time zone abbreviations like
-.Dq "\*-08"
+.Dq "\-08"
 that contain
-.Dq "+" ,
-.Dq "\*-" ,
+.Dq "+",
+.Dq "\-",
 or digits.
 .It
 Some readers mishandle UT offsets that are out of the
@@ -479,7 +479,7 @@ support locations like Kiritimati that are outside this
 range.
 .It
 Some readers mishandle UT offsets in the range [\-3599, \-1]
-seconds from UT, because they integer-divide the offset by
+seconds from UT because they integer-divide the offset by
 3600 to get 0 and then display the hour part as
 .Dq "+00" .
 .It
@@ -498,8 +498,8 @@ of one hour, or of 15 minutes, or of 1 minute.
 .%A P. Eggert
 .%A K. Murchison
 .%T "The Time Zone Information Format (TZif)"
-.%R RFC 8536
-.%D February 2019
-.%U https://datatracker.ietf.org/doc/html/rfc8536
-.%U https://doi.org/10.17487/RFC8536
+.%R RFC 9636
+.%D October 2024
+.%U https://datatracker.ietf.org/doc/html/rfc9636
+.%U https://doi.org/10.17487/RFC9636
 .Re
diff --git a/contrib/tzcode/tzfile.h b/contrib/tzcode/tzfile.h
index c09f39465914..55867b5c260c 100644
--- a/contrib/tzcode/tzfile.h
+++ b/contrib/tzcode/tzfile.h
@@ -28,7 +28,7 @@
 #endif /* !defined TZDEFRULES */
 
 
-/* See Internet RFC 8536 for more details about the following format.  */
+/* See Internet RFC 9636 for more details about the following format.  */
 
 /*
 ** Each file begins with. . .
diff --git a/contrib/tzcode/tzselect.8 b/contrib/tzcode/tzselect.8
index ee031614f3ed..b83f702d5e0d 100644
--- a/contrib/tzcode/tzselect.8
+++ b/contrib/tzcode/tzselect.8
@@ -4,8 +4,6 @@
 .SH NAME
 tzselect \- select a timezone
 .SH SYNOPSIS
-.ie \n(.g .ds - \f(CR-\fP
-.el .ds - \-
 .ds d " degrees
 .ds m " minutes
 .ds s " seconds
@@ -20,15 +18,15 @@ tzselect \- select a timezone
 .\}
 .B tzselect
 [
-.B \*-c
+.B \-c
 .I coord
 ] [
-.B \*-n
+.B \-n
 .I limit
 ] [
-.B \*-\*-help
+.B \-\-help
 ] [
-.B \*-\*-version
+.B \-\-version
 ]
 .SH DESCRIPTION
 The
@@ -40,7 +38,7 @@ The output is suitable as a value for the TZ environment variable.
 All interaction with the user is done via standard input and standard error.
 .SH OPTIONS
 .TP
-.BI "\*-c " coord
+.BI "\-c " coord
 Instead of asking for continent and then country and then city,
 ask for selection from time zones whose largest cities
 are closest to the location with geographical coordinates
@@ -70,27 +68,27 @@ seconds, with any trailing fractions represent fractional minutes or
 .I SS
 is present) seconds.  The decimal point is that of the current locale.
 For example, in the (default) C locale,
-.B "\*-c\ +40.689\*-074.045"
+.B "\-c\ +40.689\-074.045"
 specifies 40.689\*d\*_N, 74.045\*d\*_W,
-.B "\*-c\ +4041.4\*-07402.7"
+.B "\-c\ +4041.4\-07402.7"
 specifies 40\*d\*_41.4\*m\*_N, 74\*d\*_2.7\*m\*_W, and
-.B "\*-c\ +404121\*-0740240"
+.B "\-c\ +404121\-0740240"
 specifies 40\*d\*_41\*m\*_21\*s\*_N, 74\*d\*_2\*m\*_40\*s\*_W.
 If
 .I coord
 is not one of the documented forms, the resulting behavior is unspecified.
 .TP
-.BI "\*-n " limit
+.BI "\-n " limit
 When
-.B \*-c
+.B \-c
 is used, display the closest
 .I limit
 locations (default 10).
 .TP
-.B "\*-\*-help"
+.B "\-\-help"
 Output help information and exit.
 .TP
-.B "\*-\*-version"
+.B "\-\-version"
 Output version information and exit.
 .SH "ENVIRONMENT VARIABLES"
 .TP
diff --git a/contrib/tzcode/version b/contrib/tzcode/version
index 699e50d4d38e..ef468adcecf9 100644
--- a/contrib/tzcode/version
+++ b/contrib/tzcode/version
@@ -1 +1 @@
-2024b
+2025b
diff --git a/contrib/tzcode/zdump.8 b/contrib/tzcode/zdump.8
index 7a78f6b9c040..c5cb092db16f 100644
--- a/contrib/tzcode/zdump.8
+++ b/contrib/tzcode/zdump.8
@@ -28,6 +28,14 @@ The
 program prints the current time in each
 .Ar timezone
 named on the command line.
+A
+.Ar timezone
+of
+.Li -
+is treated as if it were
+.Pa /dev/stdin ;
+this can be used to pipe TZif data into
+.Nm .
 .Pp
 The following options are available:
 .Bl -tag -width indent
@@ -106,7 +114,7 @@ then a line
 where
 .Ar string
 is a double-quoted string giving the timezone, a second line
-.Dq "\*- \*- \fIinterval\fP"
+.Dq "\- \- \fIinterval\fP"
 describing the time interval before the first transition if any, and
 zero or more following lines
 .Dq "\fIdate time interval\fP",
@@ -138,11 +146,11 @@ the seconds are omitted if they are zero, and
 the minutes are also omitted if they are also zero.
 Positive UT
 offsets are east of Greenwich.
-The UT offset \*-00 denotes a UT
+The UT offset \-00 denotes a UT
 placeholder in areas where the actual offset is unspecified; by
 convention, this occurs when the UT offset is zero and the time zone
 abbreviation begins with
-.Dq "-"
+.Dq "\-"
 or is
 .Dq "zzz".
 .Pp
diff --git a/contrib/tzcode/zdump.c b/contrib/tzcode/zdump.c
index a42c337e6d44..a8a8f5aa42ca 100644
--- a/contrib/tzcode/zdump.c
+++ b/contrib/tzcode/zdump.c
@@ -14,10 +14,6 @@
 #include "private.h"
 #include <stdio.h>
 
-#ifndef HAVE_SNPRINTF
-# define HAVE_SNPRINTF (!PORT_TO_C89 || 199901 <= __STDC_VERSION__)
-#endif
-
 #ifndef HAVE_LOCALTIME_R
 # define HAVE_LOCALTIME_R 1
 #endif
@@ -148,17 +144,6 @@ sumsize(ptrdiff_t a, ptrdiff_t b)
   size_overflow();
 }
 
-/* Return the size of of the string STR, including its trailing NUL.
-   Report an error and exit if this would exceed INDEX_MAX which means
-   pointer subtraction wouldn't work.  */
-static ptrdiff_t
-xstrsize(char const *str)
-{
-  size_t len = strlen(str);
-  if (len < INDEX_MAX)
-    return len + 1;
-  size_overflow();
-}
 
 /* Return a pointer to a newly allocated buffer of size SIZE, exiting
    on failure.  SIZE should be positive.  */
@@ -266,7 +251,7 @@ tzalloc(char const *val)
   static ptrdiff_t fakeenv0size;
   void *freeable = NULL;
   char **env = fakeenv, **initial_environ;
-  ptrdiff_t valsize = xstrsize(val);
+  ptrdiff_t valsize = strlen(val) + 1;
   if (fakeenv0size < valsize) {
     char **e = environ, **to;
     ptrdiff_t initial_nenvptrs = 1;  /* Counting the trailing NULL pointer.  */
@@ -427,7 +412,7 @@ saveabbr(char **buf, ptrdiff_t *bufalloc, struct tm const *tmp)
   if (HAVE_LOCALTIME_RZ)
     return ab;
   else {
-    ptrdiff_t absize = xstrsize(ab);
+    ptrdiff_t absize = strlen(ab) + 1;
     if (*bufalloc < absize) {
       free(*buf);
 
@@ -489,6 +474,7 @@ main(int argc, char *argv[])
 	register time_t		cuthitime;
 	time_t			now;
 	bool iflag = false;
+	size_t arglenmax = 0;
 
 	cutlotime = absolute_min_time;
 	cuthitime = absolute_max_time;
@@ -588,15 +574,21 @@ main(int argc, char *argv[])
 	  now = time(NULL);
 	  now |= !now;
 	}
-	longest = 0;
 	for (i = optind; i < argc; i++) {
 	  size_t arglen = strlen(argv[i]);
-	  if (longest < arglen)
-	    longest = min(arglen, INT_MAX);
+	  if (arglenmax < arglen)
+	    arglenmax = arglen;
 	}
+	if (!HAVE_SETENV && INDEX_MAX <= arglenmax)
+	  size_overflow();
+	longest = min(arglenmax, INT_MAX - 2);
 
 	for (i = optind; i < argc; ++i) {
-		timezone_t tz = tzalloc(argv[i]);
+		/* Treat "-" as standard input on platforms with /dev/stdin.
+		   It's not worth the bother of supporting "-" on other
+		   platforms, as that would need temp files.  */
+		timezone_t tz = tzalloc(strcmp(argv[i], "-") == 0
+					? "/dev/stdin" : argv[i]);
 		char const *ab;
 		time_t t;
 		struct tm tm, newtm;
@@ -697,7 +689,7 @@ yeartot(intmax_t y)
 				return absolute_max_time;
 			seconds = diff400 * SECSPER400YEARS;
 			years = diff400 * 400;
-                } else {
+		} else {
 			seconds = isleap(myy) ? SECSPERLYEAR : SECSPERNYEAR;
 			years = 1;
 		}
@@ -928,13 +920,10 @@ showextrema(timezone_t tz, char *zone, time_t lo, struct tm *lotmp, time_t hi)
   }
 }
 
-#if HAVE_SNPRINTF
-# define my_snprintf snprintf
-#else
+/* On pre-C99 platforms, a snprintf substitute good enough for us.  */
+#if !HAVE_SNPRINTF
 # include <stdarg.h>
-
-/* A substitute for snprintf that is good enough for zdump.  */
-static int
+ATTRIBUTE_FORMAT((printf, 3, 4)) static int
 my_snprintf(char *s, size_t size, char const *format, ...)
 {
   int n;
@@ -962,6 +951,7 @@ my_snprintf(char *s, size_t size, char const *format, ...)
   va_end(args);
   return n;
 }
+# define snprintf my_snprintf
 #endif
 
 /* Store into BUF, of size SIZE, a formatted local time taken from *TM.
@@ -976,10 +966,10 @@ format_local_time(char *buf, ptrdiff_t size, struct tm const *tm)
 {
   int ss = tm->tm_sec, mm = tm->tm_min, hh = tm->tm_hour;
   return (ss
-	  ? my_snprintf(buf, size, "%02d:%02d:%02d", hh, mm, ss)
+	  ? snprintf(buf, size, "%02d:%02d:%02d", hh, mm, ss)
 	  : mm
-	  ? my_snprintf(buf, size, "%02d:%02d", hh, mm)
-	  : my_snprintf(buf, size, "%02d", hh));
+	  ? snprintf(buf, size, "%02d:%02d", hh, mm)
+	  : snprintf(buf, size, "%02d", hh));
 }
 
 /* Store into BUF, of size SIZE, a formatted UT offset for the
@@ -1014,10 +1004,10 @@ format_utc_offset(char *buf, ptrdiff_t size, struct tm const *tm, time_t t)
   mm = off / 60 % 60;
   hh = off / 60 / 60;
   return (ss || 100 <= hh
-	  ? my_snprintf(buf, size, "%c%02ld%02d%02d", sign, hh, mm, ss)
+	  ? snprintf(buf, size, "%c%02ld%02d%02d", sign, hh, mm, ss)
 	  : mm
-	  ? my_snprintf(buf, size, "%c%02ld%02d", sign, hh, mm)
-	  : my_snprintf(buf, size, "%c%02ld", sign, hh));
+	  ? snprintf(buf, size, "%c%02ld%02d", sign, hh, mm)
+	  : snprintf(buf, size, "%c%02ld", sign, hh));
 }
 
 /* Store into BUF (of size SIZE) a quoted string representation of P.
@@ -1120,7 +1110,7 @@ istrftime(char *buf, ptrdiff_t size, char const *time_fmt,
 	    for (abp = ab; is_alpha(*abp); abp++)
 	      continue;
 	    len = (!*abp && *ab
-		   ? my_snprintf(b, s, "%s", ab)
+		   ? snprintf(b, s, "%s", ab)
 		   : format_quoted_string(b, s, ab));
 	    if (s <= len)
 	      return false;
@@ -1128,7 +1118,7 @@ istrftime(char *buf, ptrdiff_t size, char const *time_fmt,
 	  }
 	  formatted_len
 	    = (tm->tm_isdst
-	       ? my_snprintf(b, s, &"\t\t%d"[show_abbr], tm->tm_isdst)
+	       ? snprintf(b, s, &"\t\t%d"[show_abbr], tm->tm_isdst)
 	       : 0);
 	}
 	break;
diff --git a/contrib/tzcode/zic.8 b/contrib/tzcode/zic.8
index 3804096dd6f6..d83ff7c4a0b1 100644
--- a/contrib/tzcode/zic.8
+++ b/contrib/tzcode/zic.8
@@ -112,13 +112,13 @@ Link	\fItimezone\fP		posixrules
 If
 .Ar timezone
 is
-.Dq "\*-"
+.Dq "\-"
 (the default), any already-existing link is removed.
 .Pp
 Unless
 .Ar timezone
 is
-.Dq "\*-" ,
+.Dq "\-" ,
 this option is obsolete and poorly supported.
 Among other things it should not be used for timestamps after the year 2037,
 and it should not be combined with
@@ -148,6 +148,10 @@ omits data intended for negative timestamps (i.e., before the Epoch), and
 .Fl r @0/@2147483648
 outputs data intended only for nonnegative timestamps that fit into
 31-bit signed integers.
+On platforms with GNU
+.Nm date ,
+.Dq "zic \-r @$(date +%s)"
+omits data intended for past timestamps.
 Although this option typically reduces the output file's size,
 the size can increase due to the need to represent the timestamp range
 boundaries, particularly if
@@ -366,7 +370,15 @@ separate script to further restrict in which
 of years the rule would apply.
 .It IN
 Names the month in which the rule takes effect.
-Month names may be abbreviated.
+Month names may be abbreviated as mentioned previously;
+for example, January can appear as
+.Dq January ,
+.Dq JANU
+or
+.Dq Ja ,
+but not as
+.Dq j
+which would be ambiguous with both June and July.
 .It ON
 Gives the day on which the rule takes effect.
 Recognized forms include:
@@ -389,7 +401,12 @@ or a weekday name preceded by
 .Dq "last"
 (e.g.,
 .Ql "lastSunday" )
-may be abbreviated or spelled out in full.
+may be abbreviated as mentioned previously,
+e.g.,
+.Dq Su
+for Sunday and
+.Dq lastsa
+for the last Saturday.
 There must be no white space characters within the
 .Ar ON
 field.
@@ -540,7 +557,7 @@ field,
 giving the amount of time to be added to local standard time
 and whether the resulting time is standard or daylight saving.
 Standard time applies if this field is
-.Ql \*-
+.Ql \-
 or for timestamps occurring before any rule takes effect.
 When an amount of time is given, only the sum of standard time and
 this amount matters.
diff --git a/contrib/tzcode/zic.c b/contrib/tzcode/zic.c
index 2605f65dcd23..80902ce534a1 100644
--- a/contrib/tzcode/zic.c
+++ b/contrib/tzcode/zic.c
@@ -526,19 +526,19 @@ memcheck(void *ptr)
 }
 
 static void *
-emalloc(size_t size)
+xmalloc(size_t size)
 {
   return memcheck(malloc(size));
 }
 
 static void *
-erealloc(void *ptr, size_t size)
+xrealloc(void *ptr, size_t size)
 {
   return memcheck(realloc(ptr, size));
 }
 
 static char *
-estrdup(char const *str)
+xstrdup(char const *str)
 {
   return memcheck(strdup(str));
 }
@@ -567,7 +567,7 @@ growalloc(void *ptr, ptrdiff_t itemsize, ptrdiff_t nitems,
 {
   return (nitems < *nitems_alloc
 	  ? ptr
-	  : erealloc(ptr, grow_nitems_alloc(nitems_alloc, itemsize)));
+	  : xrealloc(ptr, grow_nitems_alloc(nitems_alloc, itemsize)));
 }
 
 /*
@@ -654,6 +654,8 @@ close_file(FILE *stream, char const *dir, char const *name,
   char const *e = (ferror(stream) ? _("I/O error")
 		   : fclose(stream) != 0 ? strerror(errno) : NULL);
   if (e) {
+    if (name && *name == '/')
+      dir = NULL;
     fprintf(stderr, "%s: %s%s%s%s%s\n", progname,
 	    dir ? dir : "", dir ? "/" : "",
 	    name ? name : "", name ? ": " : "",
@@ -961,6 +963,9 @@ static mode_t		mflag = (S_IRUSR | S_IRGRP | S_IROTH
 				 | S_IWUSR);
 static const char *	tzdefault;
 
+/* True if DIRECTORY ends in '/'.  */
+static bool directory_ends_in_slash;
+
 /* -1 if the TZif output file should be slim, 0 if default, 1 if the
    output should be fat for backward compatibility.  ZIC_BLOAT_DEFAULT
    determines the default.  */
@@ -1166,6 +1171,7 @@ _("invalid file mode"));
 		return EXIT_FAILURE;
 	associate();
 	change_directory(directory);
+	directory_ends_in_slash = directory[strlen(directory) - 1] == '/';
 	catch_signals();
 	for (i = 0; i < nzones; i = j) {
 		/*
@@ -1353,7 +1359,7 @@ random_dirent(char const **name, char **namealloc)
   uint_fast64_t unfair_min = - ((UINTMAX_MAX % base__6 + 1) % base__6);
 
   if (!dst) {
-    dst = emalloc(size_sum(dirlen, prefixlen + suffixlen + 1));
+    dst = xmalloc(size_sum(dirlen, prefixlen + suffixlen + 1));
     memcpy(dst, src, dirlen);
     memcpy(dst + dirlen, prefix, prefixlen);
     dst[dirlen + prefixlen + suffixlen] = '\0';
@@ -1370,6 +1376,20 @@ random_dirent(char const **name, char **namealloc)
   }
 }
 
+/* For diagnostics the directory, and file name relative to that
+   directory, respectively.  A diagnostic routine can name FILENAME by
+   outputting diagdir(FILENAME), then diagslash(FILENAME), then FILENAME.  */
+static char const *
+diagdir(char const *filename)
+{
+  return *filename == '/' ? "" : directory;
+}
+static char const *
+diagslash(char const *filename)
+{
+  return &"/"[*filename == '/' || directory_ends_in_slash];
+}
+
 /* Prepare to write to the file *OUTNAME, using *TEMPNAME to store the
    name of the temporary file that will eventually be renamed to
    *OUTNAME.  Assign the temporary file's name to both *OUTNAME and
@@ -1406,8 +1426,9 @@ open_outfile(char const **outname, char **tempname)
     } else if (fopen_errno == EEXIST)
       random_dirent(outname, tempname);
     else {
-      fprintf(stderr, _("%s: Can't create %s/%s: %s\n"),
-	      progname, directory, *outname, strerror(fopen_errno));
+      fprintf(stderr, _("%s: Can't create %s%s%s: %s\n"),
+	      progname, diagdir(*outname), diagslash(*outname), *outname,
+	      strerror(fopen_errno));
       exit(EXIT_FAILURE);
     }
   }
@@ -1424,9 +1445,10 @@ rename_dest(char *tempname, char const *name)
   if (tempname) {
     if (rename(tempname, name) != 0) {
       int rename_errno = errno;
-      (void)remove(tempname);
-      fprintf(stderr, _("%s: rename to %s/%s: %s\n"),
-	      progname, directory, name, strerror(rename_errno));
+      remove(tempname);
+      fprintf(stderr, _("%s: rename to %s%s%s: %s\n"),
+	      progname, diagdir(name), diagslash(name), name,
+	      strerror(rename_errno));
       exit(EXIT_FAILURE);
     }
     free(tempname);
@@ -1436,7 +1458,8 @@ rename_dest(char *tempname, char const *name)
 /* Create symlink contents suitable for symlinking TARGET to LINKNAME, as a
    freshly allocated string.  TARGET should be a relative file name, and
    is relative to the global variable DIRECTORY.  LINKNAME can be either
-   relative or absolute.  */
+   relative or absolute.  Return a null pointer if the symlink contents
+   was not computed because LINKNAME is absolute but DIRECTORY is not.  */
 static char *
 relname(char const *target, char const *linkname)
 {
@@ -1449,8 +1472,10 @@ relname(char const *target, char const *linkname)
     size_t len = strlen(directory);
     size_t lenslash = len + (len && directory[len - 1] != '/');
     size_t targetsize = strlen(target) + 1;
+    if (*directory != '/')
+      return NULL;
     linksize = size_sum(lenslash, targetsize);
-    f = result = emalloc(linksize);
+    f = result = xmalloc(linksize);
     memcpy(result, directory, len);
     result[len] = '/';
     memcpy(result + lenslash, target, targetsize);
@@ -1464,7 +1489,7 @@ relname(char const *target, char const *linkname)
   dotdotetcsize = size_sum(size_product(dotdots, 3), taillen + 1);
   if (dotdotetcsize <= linksize) {
     if (!result)
-      result = emalloc(dotdotetcsize);
+      result = xmalloc(dotdotetcsize);
     for (i = 0; i < dotdots; i++)
       memcpy(result + 3 * i, "../", 3);
     memmove(result + 3 * dotdots, f + dir_len, taillen + 1);
@@ -1500,8 +1525,9 @@ dolink(char const *target, char const *linkname, bool staysymlink)
 	    return;
 	  else {
 	    char const *e = strerror(errno);
-	    fprintf(stderr, _("%s: Can't remove %s/%s: %s\n"),
-		    progname, directory, linkname, e);
+	    fprintf(stderr, _("%s: Can't remove %s%s%s: %s\n"),
+		    progname, diagdir(linkname), diagslash(linkname), linkname,
+		    e);
 	    exit(EXIT_FAILURE);
 	  }
 	}
@@ -1544,8 +1570,9 @@ dolink(char const *target, char const *linkname, bool staysymlink)
 	    mkdirs(linkname, true);
 	    linkdirs_made = true;
 	  } else {
-	    fprintf(stderr, _("%s: Can't link %s/%s to %s/%s: %s\n"),
-		    progname, directory, target, directory, outname,
+	    fprintf(stderr, _("%s: Can't link %s%s%s to %s%s%s: %s\n"),
+		    progname, diagdir(target), diagslash(target), target,
+		    diagdir(outname), diagslash(outname), outname,
 		    strerror(link_errno));
 	    exit(EXIT_FAILURE);
 	  }
@@ -1554,21 +1581,23 @@ dolink(char const *target, char const *linkname, bool staysymlink)
 	  bool absolute = *target == '/';
 	  char *linkalloc = absolute ? NULL : relname(target, linkname);
 	  char const *contents = absolute ? target : linkalloc;
-	  int symlink_errno;
+	  int symlink_errno = -1;
 
-	  while (true) {
-	    if (symlink(contents, outname) == 0) {
-	      symlink_errno = 0;
-	      break;
+	  if (contents) {
+	    while (true) {
+	      if (symlink(contents, outname) == 0) {
+		symlink_errno = 0;
+		break;
+	      }
+	      symlink_errno = errno;
+	      if (symlink_errno == EEXIST)
+		random_dirent(&outname, &tempname);
+	      else if (symlink_errno == ENOENT && !linkdirs_made) {
+		mkdirs(linkname, true);
+		linkdirs_made = true;
+	      } else
+		break;
 	    }
-	    symlink_errno = errno;
-	    if (symlink_errno == EEXIST)
-	      random_dirent(&outname, &tempname);
-	    else if (symlink_errno == ENOENT && !linkdirs_made) {
-	      mkdirs(linkname, true);
-	      linkdirs_made = true;
-	    } else
-	      break;
 	  }
 	  free(linkalloc);
 	  if (symlink_errno == 0) {
@@ -1581,8 +1610,8 @@ dolink(char const *target, char const *linkname, bool staysymlink)
 	    fp = fopen(target, "rb");
 	    if (!fp) {
 	      char const *e = strerror(errno);
-	      fprintf(stderr, _("%s: Can't read %s/%s: %s\n"),
-		      progname, directory, target, e);
+	      fprintf(stderr, _("%s: Can't read %s%s%s: %s\n"),
+		      progname, diagdir(target), diagslash(target), target, e);
 	      exit(EXIT_FAILURE);
 	    }
 	    tp = open_outfile(&outname, &tempname);
@@ -1593,6 +1622,8 @@ dolink(char const *target, char const *linkname, bool staysymlink)
 	    if (link_errno != ENOTSUP)
 	      warning(_("copy used because hard link failed: %s"),
 		      strerror(link_errno));
+	    else if (symlink_errno < 0)
+	      warning(_("copy used because symbolic link not obvious"));
 	    else if (symlink_errno != ENOTSUP)
 	      warning(_("copy used because symbolic link failed: %s"),
 		      strerror(symlink_errno));
@@ -1906,8 +1937,8 @@ inrule(char **fields, int nfields)
 		     fields[RF_COMMAND], fields[RF_MONTH], fields[RF_DAY],
 		     fields[RF_TOD]))
 	  return;
-	r.r_name = estrdup(fields[RF_NAME]);
-	r.r_abbrvar = estrdup(fields[RF_ABBRVAR]);
+	r.r_name = xstrdup(fields[RF_NAME]);
+	r.r_abbrvar = xstrdup(fields[RF_ABBRVAR]);
 	if (max_abbrvar_len < strlen(r.r_abbrvar))
 		max_abbrvar_len = strlen(r.r_abbrvar);
 	rules = growalloc(rules, sizeof *rules, nrules, &nrules_alloc);
@@ -1990,7 +2021,8 @@ inzsub(char **fields, int nfields, bool iscont)
 	z.z_filenum = filenum;
 	z.z_linenum = linenum;
 	z.z_stdoff = gethms(fields[i_stdoff], _("invalid UT offset"));
-	if ((cp = strchr(fields[i_format], '%')) != 0) {
+	cp = strchr(fields[i_format], '%');
+	if (cp) {
 		if ((*++cp != 's' && *cp != 'z') || strchr(cp, '%')
 		    || strchr(fields[i_format], '/')) {
 			error(_("invalid abbreviation format"));
@@ -2028,9 +2060,9 @@ inzsub(char **fields, int nfields, bool iscont)
 		  return false;
 		}
 	}
-	z.z_name = iscont ? NULL : estrdup(fields[ZF_NAME]);
-	z.z_rule = estrdup(fields[i_rule]);
-	z.z_format = cp1 = estrdup(fields[i_format]);
+	z.z_name = iscont ? NULL : xstrdup(fields[ZF_NAME]);
+	z.z_rule = xstrdup(fields[i_rule]);
+	z.z_format = cp1 = xstrdup(fields[i_format]);
 	if (z.z_format_specifier == 'z') {
 	  cp1[cp - fields[i_format]] = 's';
 	  if (noise)
@@ -2173,8 +2205,8 @@ inlink(char **fields, int nfields)
 	  return;
 	l.l_filenum = filenum;
 	l.l_linenum = linenum;
-	l.l_target = estrdup(fields[LF_TARGET]);
-	l.l_linkname = estrdup(fields[LF_LINKNAME]);
+	l.l_target = xstrdup(fields[LF_TARGET]);
+	l.l_linkname = xstrdup(fields[LF_LINKNAME]);
 	links = growalloc(links, sizeof *links, nlinks, &nlinks_alloc);
 	links[nlinks++] = l;
 }
@@ -2197,7 +2229,7 @@ rulesub(struct rule *rp, const char *loyearp, const char *hiyearp,
 	rp->r_month = lp->l_value;
 	rp->r_todisstd = false;
 	rp->r_todisut = false;
-	dp = estrdup(timep);
+	dp = xstrdup(timep);
 	if (*dp != '\0') {
 		ep = dp + strlen(dp) - 1;
 		switch (lowerit(*ep)) {
@@ -2272,19 +2304,23 @@ rulesub(struct rule *rp, const char *loyearp, const char *hiyearp,
 	**	Sun<=20
 	**	Sun>=7
 	*/
-	dp = estrdup(dayp);
+	dp = xstrdup(dayp);
 	if ((lp = byword(dp, lasts)) != NULL) {
 		rp->r_dycode = DC_DOWLEQ;
 		rp->r_wday = lp->l_value;
 		rp->r_dayofmonth = len_months[1][rp->r_month];
 	} else {
-		if ((ep = strchr(dp, '<')) != 0)
-			rp->r_dycode = DC_DOWLEQ;
-		else if ((ep = strchr(dp, '>')) != 0)
-			rp->r_dycode = DC_DOWGEQ;
+		ep = strchr(dp, '<');
+		if (ep)
+		    rp->r_dycode = DC_DOWLEQ;
 		else {
+		    ep = strchr(dp, '>');
+		    if (ep)
+			rp->r_dycode = DC_DOWGEQ;
+		    else {
 			ep = dp;
 			rp->r_dycode = DC_DOM;
+		    }
 		}
 		if (rp->r_dycode != DC_DOM) {
 			*ep++ = 0;
@@ -2427,7 +2463,7 @@ writezone(const char *const name, const char *const string, char version,
 	/* Allocate the ATS and TYPES arrays via a single malloc,
 	   as this is a bit faster.  Do not malloc(0) if !timecnt,
 	   as that might return NULL even on success.  */
-	zic_t *ats = emalloc(align_to(size_product(timecnt + !timecnt,
+	zic_t *ats = xmalloc(align_to(size_product(timecnt + !timecnt,
 						   sizeof *ats + 1),
 				      alignof(zic_t)));
 	void *typesptr = ats + timecnt;
@@ -2802,7 +2838,7 @@ writezone(const char *const name, const char *const string, char version,
 		if (thisleapexpiry) {
 		  /* Append a no-op leap correction indicating when the leap
 		     second table expires.  Although this does not conform to
-		     Internet RFC 8536, most clients seem to accept this and
+		     Internet RFC 9636, most clients seem to accept this and
 		     the plan is to amend the RFC to allow this in version 4
 		     TZif files.  */
 		  puttzcodepass(leapexpires, fp, pass);
@@ -3059,7 +3095,7 @@ stringzone(char *result, struct zone const *zpfirst, ptrdiff_t zonecount)
 
 	result[0] = '\0';
 
-	/* Internet RFC 8536 section 5.1 says to use an empty TZ string if
+	/* Internet RFC 9636 section 6.1 says to use an empty TZ string if
 	   future timestamps are truncated.  */
 	if (hi_time < max_time)
 	  return -1;
@@ -3187,9 +3223,9 @@ outzone(const struct zone *zpfirst, ptrdiff_t zonecount)
 	max_abbr_len = 2 + max_format_len + max_abbrvar_len;
 	max_envvar_len = 2 * max_abbr_len + 5 * 9;
 
-	startbuf = emalloc(max_abbr_len + 1);
-	ab = emalloc(max_abbr_len + 1);
-	envvar = emalloc(max_envvar_len + 1);
+	startbuf = xmalloc(max_abbr_len + 1);
+	ab = xmalloc(max_abbr_len + 1);
+	envvar = xmalloc(max_envvar_len + 1);
 	INITIALIZE(untiltime);
 	INITIALIZE(starttime);
 	/*
@@ -3972,7 +4008,7 @@ mkdirs(char const *argname, bool ancestors)
 	if (Dflag)
 		return;
 
-	char *name = estrdup(argname);
+	char *name = xstrdup(argname);
 	char *cp = name;
 
 	/* On MS-Windows systems, do not worry about drive letters or
diff --git a/contrib/unbound/Makefile.in b/contrib/unbound/Makefile.in
index 463cdac286e1..b28ed34ae77e 100644
--- a/contrib/unbound/Makefile.in
+++ b/contrib/unbound/Makefile.in
@@ -449,9 +449,13 @@ dnstap.lo dnstap.o: $(srcdir)/dnstap/dnstap.c config.h dnstap/dnstap_config.h \
 	$(srcdir)/util/netevent.h $(srcdir)/util/net_help.h \
 	$(srcdir)/util/locks.h
 
-dnstap/dnstap.pb-c.c dnstap/dnstap.pb-c.h: $(srcdir)/dnstap/dnstap.proto
+# Builds both dnstap/dnstap.pb-c.c and dnstap/dnstap.pb-c.h.
+# To avoid double-building we split one target out.
+dnstap/dnstap.pb-c.c: $(srcdir)/dnstap/dnstap.proto
 	@-if test ! -d dnstap; then $(INSTALL) -d dnstap; fi
 	$(PROTOC_C) --c_out=. --proto_path=$(srcdir) $(srcdir)/dnstap/dnstap.proto
+dnstap/dnstap.pb-c.h: dnstap/dnstap.pb-c.c
+	touch $@
 
 unbound-dnstap-socket$(EXEEXT):	$(DNSTAP_SOCKET_OBJ_LINK)
 	$(LINK) -o $@ $(DNSTAP_SOCKET_OBJ_LINK) $(SSLLIB) $(LIBS)
@@ -722,299 +726,338 @@ unitdoq.lo unitdoq.o: $(srcdir)/testcode/unitdoq.c
 dns.lo dns.o: $(srcdir)/services/cache/dns.c config.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/util/log.h \
  $(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_resptype.h $(srcdir)/validator/val_nsec.h \
  $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
- $(srcdir)/validator/val_utils.h $(srcdir)/sldns/pkthdr.h $(srcdir)/services/cache/dns.h \
+ $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_utils.h $(srcdir)/sldns/pkthdr.h $(srcdir)/services/cache/dns.h \
  $(srcdir)/util/data/msgreply.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \
- $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/dname.h $(srcdir)/util/module.h \
- $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h
+ $(srcdir)/util/data/msgparse.h $(srcdir)/util/data/dname.h $(srcdir)/util/module.h $(srcdir)/util/net_help.h \
+ $(srcdir)/util/random.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h
 infra.lo infra.o: $(srcdir)/services/cache/infra.c config.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h \
  $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/services/cache/infra.h \
  $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/dnstree.h \
  $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
-  $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
- $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/data/dname.h \
- $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/iterator/iterator.h \
- $(srcdir)/services/outbound_list.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h \
- $(srcdir)/sldns/pkthdr.h
+  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/slabhash.h \
+ $(srcdir)/util/storage/lookup3.h $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h \
+ $(srcdir)/util/config_file.h $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h \
+ $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h
 rrset.lo rrset.o: $(srcdir)/services/cache/rrset.c config.h $(srcdir)/services/cache/rrset.h \
  $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/slabhash.h \
  $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/config_file.h \
- $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/regional.h \
- $(srcdir)/util/alloc.h $(srcdir)/util/net_help.h
+ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
+ $(srcdir)/util/data/dname.h $(srcdir)/util/regional.h $(srcdir)/util/alloc.h $(srcdir)/util/net_help.h \
+ $(srcdir)/util/random.h
 as112.lo as112.o: $(srcdir)/util/as112.c $(srcdir)/util/as112.h
 dname.lo dname.o: $(srcdir)/util/data/dname.c config.h $(srcdir)/util/data/dname.h \
  $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgparse.h \
  $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/storage/lookup3.h $(srcdir)/sldns/sbuffer.h
 msgencode.lo msgencode.o: $(srcdir)/util/data/msgencode.c config.h $(srcdir)/util/data/msgencode.h \
  $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
- $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
- $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/dname.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \
- $(srcdir)/sldns/sbuffer.h $(srcdir)/services/localzone.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/util/data/dname.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \
+ $(srcdir)/util/random.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/localzone.h $(srcdir)/util/rbtree.h \
  $(srcdir)/util/storage/dnstree.h $(srcdir)/util/module.h $(srcdir)/services/view.h
-msgparse.lo msgparse.o: $(srcdir)/util/data/msgparse.c config.h $(srcdir)/util/data/msgparse.h \
- $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/sldns/pkthdr.h \
- $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
- $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/sldns/sbuffer.h \
- $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h
+msgparse.lo msgparse.o: $(srcdir)/util/data/msgparse.c config.h $(srcdir)/util/config_file.h \
+ $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
+ $(srcdir)/util/log.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
+ $(srcdir)/util/data/dname.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
+  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/storage/lookup3.h $(srcdir)/util/regional.h $(srcdir)/util/rfc_1982.h $(srcdir)/util/edns.h \
+ $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h \
+ $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h
 msgreply.lo msgreply.o: $(srcdir)/util/data/msgreply.c config.h $(srcdir)/util/data/msgreply.h \
  $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h \
- $(srcdir)/util/storage/lookup3.h $(srcdir)/util/alloc.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
-  $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h \
- $(srcdir)/util/regional.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
- $(srcdir)/util/data/msgencode.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/util/module.h \
- $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
- $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
- $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/util/config_file.h \
- $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
- $(srcdir)/respip/respip.h
+ $(srcdir)/sldns/rrdef.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/alloc.h $(srcdir)/util/netevent.h \
+ $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/data/dname.h $(srcdir)/util/regional.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/data/msgencode.h \
+ $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/util/module.h $(srcdir)/util/fptr_wlist.h \
+ $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \
+ $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \
+ $(srcdir)/services/view.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \
+ $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h
 packed_rrset.lo packed_rrset.o: $(srcdir)/util/data/packed_rrset.c config.h $(srcdir)/util/data/msgparse.h \
  $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/sldns/pkthdr.h \
  $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/dname.h \
  $(srcdir)/util/storage/lookup3.h $(srcdir)/util/alloc.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \
- $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h
+ $(srcdir)/util/random.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h
 iterator.lo iterator.o: $(srcdir)/iterator/iterator.c config.h $(srcdir)/iterator/iterator.h \
  $(srcdir)/services/outbound_list.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \
- $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h \
- $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/iterator/iter_utils.h \
+ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/iterator/iter_utils.h \
  $(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iter_hints.h $(srcdir)/util/storage/dnstree.h \
  $(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_donotq.h \
  $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_scrub.h $(srcdir)/iterator/iter_priv.h \
- $(srcdir)/validator/val_neg.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/infra.h \
- $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
-  $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \
- $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h \
- $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
- $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \
- $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \
- $(srcdir)/util/random.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/parseutil.h
+ $(srcdir)/validator/val_neg.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h \
+ $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
+ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
+ $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \
+ $(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h \
+ $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \
+ $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/regional.h $(srcdir)/util/data/dname.h \
+ $(srcdir)/util/data/msgencode.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/sldns/wire2str.h \
+ $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/parseutil.h
 iter_delegpt.lo iter_delegpt.o: $(srcdir)/iterator/iter_delegpt.c config.h $(srcdir)/iterator/iter_delegpt.h \
  $(srcdir)/util/log.h $(srcdir)/services/cache/dns.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
- $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/regional.h \
- $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h
+ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/util/regional.h $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h \
+ $(srcdir)/sldns/sbuffer.h
 iter_donotq.lo iter_donotq.o: $(srcdir)/iterator/iter_donotq.c config.h $(srcdir)/iterator/iter_donotq.h \
  $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/regional.h $(srcdir)/util/log.h \
- $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h
+ $(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h
 iter_fwd.lo iter_fwd.o: $(srcdir)/iterator/iter_fwd.c config.h $(srcdir)/iterator/iter_fwd.h \
- $(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/util/log.h $(srcdir)/util/config_file.h \
- $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
- $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h
+ $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/iterator/iter_delegpt.h \
+ $(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h \
+ $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/str2wire.h
 iter_hints.lo iter_hints.o: $(srcdir)/iterator/iter_hints.c config.h $(srcdir)/iterator/iter_hints.h \
- $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/util/log.h \
- $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h \
- $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h \
+ $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
+ $(srcdir)/iterator/iter_delegpt.h $(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/net_help.h \
+ $(srcdir)/util/random.h $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/str2wire.h \
  $(srcdir)/sldns/wire2str.h
 iter_priv.lo iter_priv.o: $(srcdir)/iterator/iter_priv.c config.h $(srcdir)/iterator/iter_priv.h \
  $(srcdir)/util/rbtree.h $(srcdir)/util/regional.h $(srcdir)/util/log.h $(srcdir)/util/config_file.h \
- $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
- $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/net_help.h \
+ $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h \
  $(srcdir)/util/storage/dnstree.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/sbuffer.h
 iter_resptype.lo iter_resptype.o: $(srcdir)/iterator/iter_resptype.c config.h \
- $(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iterator.h $(srcdir)/util/log.h \
- $(srcdir)/services/cache/dns.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
- $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/net_help.h \
- $(srcdir)/util/data/dname.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h
+ $(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/util/log.h \
+ $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/util/data/msgreply.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/data/packed_rrset.h \
+ $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
+ $(srcdir)/services/cache/dns.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/data/dname.h
 iter_scrub.lo iter_scrub.o: $(srcdir)/iterator/iter_scrub.c config.h $(srcdir)/iterator/iter_scrub.h \
  $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/util/data/msgreply.h \
  $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h \
- $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
  $(srcdir)/iterator/iter_priv.h $(srcdir)/util/rbtree.h $(srcdir)/services/cache/rrset.h \
- $(srcdir)/util/storage/slabhash.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \
+ $(srcdir)/util/storage/slabhash.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/regional.h \
  $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h $(srcdir)/util/alloc.h $(srcdir)/sldns/sbuffer.h
 iter_utils.lo iter_utils.o: $(srcdir)/iterator/iter_utils.c config.h $(srcdir)/iterator/iter_utils.h \
  $(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h \
  $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
- $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h \
- $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/iterator/iter_hints.h \
+ $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/iterator/iter_hints.h \
  $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_fwd.h \
  $(srcdir)/iterator/iter_donotq.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_priv.h \
  $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
-  $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h \
- $(srcdir)/util/storage/slabhash.h $(srcdir)/services/outside_network.h \
-  $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h \
- $(srcdir)/util/regional.h $(srcdir)/util/data/dname.h $(srcdir)/util/random.h $(srcdir)/util/fptr_wlist.h \
- $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \
- $(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h \
- $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \
- $(srcdir)/validator/val_anchor.h $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_kentry.h \
- $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_sigcrypt.h $(srcdir)/sldns/str2wire.h
+  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \
+ $(srcdir)/services/outside_network.h $(srcdir)/util/alloc.h $(srcdir)/util/regional.h \
+  $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/config_file.h \
+ $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \
+ $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h \
+ $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
+ $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/validator/val_anchor.h \
+ $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_utils.h \
+ $(srcdir)/validator/val_sigcrypt.h $(srcdir)/sldns/str2wire.h
 listen_dnsport.lo listen_dnsport.o: $(srcdir)/services/listen_dnsport.c config.h \
  $(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
-  $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h \
-  $(srcdir)/util/log.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \
- $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h $(srcdir)/services/mesh.h $(srcdir)/util/data/msgparse.h \
- $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
- $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
- $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
- $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/services/authzone.h \
- $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \
- $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h
+  $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \
+ $(srcdir)/services/outside_network.h $(srcdir)/util/alloc.h $(srcdir)/util/regional.h \
+  $(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/net_help.h \
+ $(srcdir)/util/random.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h \
+ $(srcdir)/services/mesh.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
+ $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \
+ $(srcdir)/services/localzone.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
+ $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \
+ $(srcdir)/util/timeval_func.h \
+ 
 localzone.lo localzone.o: $(srcdir)/services/localzone.c config.h $(srcdir)/services/localzone.h \
  $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/dnstree.h \
  $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h \
- $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
- $(srcdir)/sldns/rrdef.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h \
+ $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h \
  $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h \
- $(srcdir)/util/data/msgencode.h $(srcdir)/util/net_help.h $(srcdir)/util/netevent.h \
- $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/util/as112.h
+ $(srcdir)/util/data/msgencode.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/netevent.h \
+ $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/as112.h
 mesh.lo mesh.o: $(srcdir)/services/mesh.c config.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
  $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
- $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
- $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
- $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \
- $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \
- $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \
- $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \
- $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h \
- $(srcdir)/util/storage/slabhash.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \
- $(srcdir)/util/data/msgencode.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/alloc.h \
- $(srcdir)/util/edns.h $(srcdir)/sldns/wire2str.h $(srcdir)/util/data/dname.h $(srcdir)/services/listen_dnsport.h
-modstack.lo modstack.o: $(srcdir)/services/modstack.c config.h $(srcdir)/services/modstack.h \
- $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
- $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
- $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \
- $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/util/tube.h \
- $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
+ $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
+ $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
  $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \
  $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
- $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/dns64/dns64.h $(srcdir)/iterator/iterator.h \
- $(srcdir)/services/outbound_list.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h
+ $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/services/outbound_list.h \
+ $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \
+ $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h \
+ $(srcdir)/util/regional.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \
+ $(srcdir)/util/alloc.h $(srcdir)/util/edns.h $(srcdir)/sldns/wire2str.h $(srcdir)/util/data/dname.h \
+ $(srcdir)/services/listen_dnsport.h $(srcdir)/daemon/acl_list.h \
+ $(srcdir)/util/timeval_func.h $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/edns-subnet/addrtree.h \
+ $(srcdir)/edns-subnet/edns-subnet.h
+modstack.lo modstack.o: $(srcdir)/services/modstack.c config.h $(srcdir)/services/modstack.h \
+ $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
+ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \
+ $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/rpz.h \
+ $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \
+ $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \
+ $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/dns64/dns64.h \
+ $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/validator/validator.h \
+ $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_nsec3.h $(PYTHONMOD_HEADER) \
+ $(DYNLIBMOD_HEADER) $(srcdir)/cachedb/cachedb.h $(srcdir)/ipsecmod/ipsecmod.h \
+ $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/util/alloc.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h \
+ $(srcdir)/util/storage/slabhash.h $(srcdir)/util/data/dname.h $(srcdir)/edns-subnet/addrtree.h \
+ $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/ipset/ipset.h
 view.lo view.o: $(srcdir)/services/view.c config.h $(srcdir)/services/view.h $(srcdir)/util/rbtree.h \
  $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \
  $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h \
- $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
- $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/respip/respip.h
+ $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/respip/respip.h
 rpz.lo rpz.o: $(srcdir)/services/rpz.c config.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
  $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/dnstree.h \
  $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h \
- $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
- $(srcdir)/sldns/rrdef.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h \
+ $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h \
  $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
-  $(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound.h \
- $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/respip/respip.h $(srcdir)/sldns/wire2str.h \
- $(srcdir)/sldns/str2wire.h $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h
+  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
+ $(srcdir)/respip/respip.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/util/data/dname.h \
+ $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/regional.h $(srcdir)/util/data/msgencode.h \
+ $(srcdir)/services/cache/dns.h $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h \
+ $(srcdir)/iterator/iter_delegpt.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/util/alloc.h \
+ $(srcdir)/dnstap/dnstap.h 
+rfc_1982.lo rfc_1982.o: $(srcdir)/util/rfc_1982.c config.h $(srcdir)/util/rfc_1982.h
 outbound_list.lo outbound_list.o: $(srcdir)/services/outbound_list.c config.h \
- $(srcdir)/services/outbound_list.h $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h \
- $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
-
+ $(srcdir)/services/outbound_list.h $(srcdir)/services/outside_network.h $(srcdir)/util/alloc.h \
+ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h $(srcdir)/util/regional.h $(srcdir)/util/netevent.h \
+ $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/dnscrypt/cert.h \
+ 
 outside_network.lo outside_network.o: $(srcdir)/services/outside_network.c config.h \
- $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h $(srcdir)/util/netevent.h \
- $(srcdir)/dnscrypt/dnscrypt.h   \
- $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/lruhash.h \
- $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h \
- $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/iterator/iterator.h \
- $(srcdir)/services/outbound_list.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h \
- $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h \
- $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \
- $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
- $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h \
- $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \
- $(srcdir)/util/edns.h $(srcdir)/dnstap/dnstap.h
+ $(srcdir)/services/outside_network.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util/regional.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
+  $(srcdir)/dnscrypt/cert.h \
+  $(srcdir)/services/listen_dnsport.h $(srcdir)/daemon/acl_list.h \
+ $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \
+ $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/rtt.h \
+ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/util/module.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/data/msgencode.h \
+ $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/fptr_wlist.h \
+ $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \
+ $(srcdir)/services/localzone.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h \
+ $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
+ $(srcdir)/respip/respip.h $(srcdir)/util/edns.h $(srcdir)/dnstap/dnstap.h \
+ 
 alloc.lo alloc.o: $(srcdir)/util/alloc.c config.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
  $(srcdir)/util/regional.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
  $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
-  $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
- $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \
- $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \
- $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \
- $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \
- $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h
+  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
+ $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \
+ $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
+ $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h
 config_file.lo config_file.o: $(srcdir)/util/config_file.c config.h $(srcdir)/util/log.h \
- $(srcdir)/util/configyyrename.h $(srcdir)/util/config_file.h util/configparser.h \
- $(srcdir)/util/net_help.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
- $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
- $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/regional.h $(srcdir)/util/fptr_wlist.h \
- $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
+ $(srcdir)/util/configyyrename.h $(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h \
+ util/configparser.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/data/msgparse.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/module.h \
+ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/regional.h \
+ $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
+  $(srcdir)/dnscrypt/cert.h \
  $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \
  $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \
  $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \
  $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/data/dname.h \
  $(srcdir)/util/rtt.h $(srcdir)/services/cache/infra.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h \
- $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/util/iana_ports.inc
+ $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/edns-subnet/edns-subnet.h \
+ $(srcdir)/util/iana_ports.inc
 configlexer.lo configlexer.o: util/configlexer.c config.h $(srcdir)/util/configyyrename.h \
- $(srcdir)/util/config_file.h util/configparser.h
+ $(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h util/configparser.h
 configparser.lo configparser.o: util/configparser.c config.h $(srcdir)/util/configyyrename.h \
- $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/sldns/str2wire.h \
- $(srcdir)/sldns/rrdef.h
+ $(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \
+ $(srcdir)/util/random.h $(srcdir)/sldns/str2wire.h util/configparser.h
 shm_main.lo shm_main.o: $(srcdir)/util/shm_side/shm_main.c config.h $(srcdir)/util/shm_side/shm_main.h \
  $(srcdir)/libunbound/unbound.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
  $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h  \
   $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \
  $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
- $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/data/msgreply.h \
- $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h \
- $(srcdir)/util/timehist.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/services/mesh.h \
- $(srcdir)/util/rbtree.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \
- $(srcdir)/services/view.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/respip/respip.h \
- $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h \
- $(srcdir)/util/rtt.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/util/fptr_wlist.h \
- $(srcdir)/util/tube.h $(srcdir)/util/timeval_func.h
+ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/data/msgreply.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
+ $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \
+ $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
+ $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/util/config_file.h \
+ $(srcdir)/services/authzone.h $(srcdir)/respip/respip.h $(srcdir)/services/cache/rrset.h \
+ $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
+ $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_nsec3.h \
+ $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h
 authzone.lo authzone.o: $(srcdir)/services/authzone.c config.h $(srcdir)/services/authzone.h \
  $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h \
- $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/util/data/msgparse.h \
- $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h \
- $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/modstack.h \
- $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \
- $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/daemon/stats.h \
- $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/data/dname.h \
- $(srcdir)/util/data/msgencode.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h \
- $(srcdir)/services/cache/dns.h $(srcdir)/services/outside_network.h  \
- $(srcdir)/services/listen_dnsport.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h \
- $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/keyraw.h $(srcdir)/validator/val_nsec3.h \
- $(srcdir)/validator/val_nsec.h $(srcdir)/validator/val_secalgo.h $(srcdir)/validator/val_sigcrypt.h \
- $(srcdir)/validator/val_anchor.h $(srcdir)/validator/val_utils.h
+ $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
+ $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
+ $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \
+ $(srcdir)/util/config_file.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
+ $(srcdir)/respip/respip.h $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/regional.h \
+ $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/services/cache/dns.h \
+ $(srcdir)/services/outside_network.h $(srcdir)/util/alloc.h  \
+ $(srcdir)/services/listen_dnsport.h $(srcdir)/daemon/acl_list.h \
+ $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/keyraw.h \
+ $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_nsec.h $(srcdir)/validator/val_secalgo.h \
+ $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_anchor.h $(srcdir)/validator/val_utils.h
 fptr_wlist.lo fptr_wlist.o: $(srcdir)/util/fptr_wlist.c config.h $(srcdir)/util/fptr_wlist.h \
  $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
- $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/module.h \
- $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
- $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
+ $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
  $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
  $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \
  $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
- $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \
- $(srcdir)/services/outside_network.h  $(srcdir)/services/cache/infra.h \
- $(srcdir)/util/rtt.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/dns64/dns64.h \
- $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h \
- $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_anchor.h \
- $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_kentry.h \
- $(srcdir)/validator/val_neg.h $(srcdir)/validator/autotrust.h $(srcdir)/libunbound/libworker.h \
- $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/libunbound/unbound-event.h \
- $(srcdir)/libunbound/worker.h $(srcdir)/daemon/remote.h
+ $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/mini_event.h \
+ $(srcdir)/services/outside_network.h $(srcdir)/util/alloc.h $(srcdir)/util/regional.h \
+  $(srcdir)/services/listen_dnsport.h $(srcdir)/daemon/acl_list.h \
+ $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/cache/rrset.h \
+ $(srcdir)/util/storage/slabhash.h $(srcdir)/dns64/dns64.h $(srcdir)/iterator/iterator.h \
+ $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/validator/validator.h \
+ $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_anchor.h \
+ $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_neg.h \
+ $(srcdir)/validator/autotrust.h $(srcdir)/libunbound/libworker.h $(srcdir)/libunbound/context.h \
+ $(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/worker.h $(srcdir)/daemon/remote.h \
+ $(PYTHONMOD_HEADER) $(DYNLIBMOD_HEADER) $(srcdir)/cachedb/cachedb.h \
+ $(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/util/net_help.h \
+ $(srcdir)/util/random.h $(srcdir)/util/data/dname.h $(srcdir)/edns-subnet/addrtree.h \
+ $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/ipset/ipset.h $(srcdir)/dnstap/dtstream.h
 locks.lo locks.o: $(srcdir)/util/locks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h
 log.lo log.o: $(srcdir)/util/log.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/sldns/sbuffer.h
-mini_event.lo mini_event.o: $(srcdir)/util/mini_event.c config.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \
- $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
-  $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
- $(srcdir)/util/log.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
- $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \
- $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \
- $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \
- $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \
- $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h
+mini_event.lo mini_event.o: $(srcdir)/util/mini_event.c config.h $(srcdir)/util/mini_event.h
 module.lo module.o: $(srcdir)/util/module.c config.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \
  $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
- $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h
+ $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/wire2str.h \
+ $(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h \
+ $(srcdir)/util/random.h
 netevent.lo netevent.o: $(srcdir)/util/netevent.c config.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
-  $(srcdir)/util/ub_event.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \
- $(srcdir)/util/tcp_conn_limit.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h \
- $(srcdir)/util/fptr_wlist.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h \
- $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
- $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \
- $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h \
- $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \
- $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/sldns/str2wire.h \
- $(srcdir)/dnstap/dnstap.h  $(srcdir)/services/listen_dnsport.h $(srcdir)/util/timeval_func.h
-proxy_protocol.lo proxy_protocol.o: $(srcdir)/util/proxy_protocol.c config.h \
- $(srcdir)/util/proxy_protocol.h $(srcdir)/sldns/sbuffer.h
+  $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
+ $(srcdir)/util/ub_event.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/tcp_conn_limit.h \
+ $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/fptr_wlist.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
+ $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h \
+ $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \
+ $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
+ $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/proxy_protocol.h \
+ $(srcdir)/util/timeval_func.h $(srcdir)/sldns/str2wire.h $(srcdir)/dnstap/dnstap.h \
+  $(srcdir)/services/listen_dnsport.h $(srcdir)/daemon/acl_list.h \
+ 
 net_help.lo net_help.o: $(srcdir)/util/net_help.c config.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \
- $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/module.h \
- $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
- $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h \
- $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h
+ $(srcdir)/util/random.h $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
+ $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
+ $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/regional.h \
+ $(srcdir)/util/config_file.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h \
+ 
 random.lo random.o: $(srcdir)/util/random.c config.h $(srcdir)/util/random.h $(srcdir)/util/log.h
 rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c config.h $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h \
  $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
- $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/module.h \
- $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
- $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
+ $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
  $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
  $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \
  $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
@@ -1022,442 +1065,609 @@ rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c config.h $(srcdir)/util/log.h $(srcd
 regional.lo regional.o: $(srcdir)/util/regional.c config.h $(srcdir)/util/log.h $(srcdir)/util/regional.h
 rtt.lo rtt.o: $(srcdir)/util/rtt.c config.h $(srcdir)/util/rtt.h $(srcdir)/iterator/iterator.h \
  $(srcdir)/services/outbound_list.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \
- $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h \
- $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h
-siphash.lo siphash.o: $(srcdir)/util/siphash.c
-rfc_1982.lo rfc_1982.o: $(srcdir)/util/rfc_1982.c
+ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h
+siphash.lo siphash.o: $(srcdir)/util/siphash.c config.h $(srcdir)/util/siphash.h
 edns.lo edns.o: $(srcdir)/util/edns.c config.h $(srcdir)/util/edns.h $(srcdir)/util/storage/dnstree.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/config_file.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
-  $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/regional.h \
- $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h \
- $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h
+ $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
+ $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/regional.h $(srcdir)/util/rfc_1982.h \
+ $(srcdir)/util/siphash.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
+ $(srcdir)/sldns/sbuffer.h
 dnstree.lo dnstree.o: $(srcdir)/util/storage/dnstree.c config.h $(srcdir)/util/storage/dnstree.h \
  $(srcdir)/util/rbtree.h $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
- $(srcdir)/util/log.h $(srcdir)/util/net_help.h
+ $(srcdir)/util/log.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h
 lookup3.lo lookup3.o: $(srcdir)/util/storage/lookup3.c config.h $(srcdir)/util/storage/lookup3.h
 lruhash.lo lruhash.o: $(srcdir)/util/storage/lruhash.c config.h $(srcdir)/util/storage/lruhash.h \
  $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \
- $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/util/module.h \
- $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
- $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
- $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
- $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \
- $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
- $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h
+ $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
+ $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/tube.h \
+ $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \
+ $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \
+ $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \
+ $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h
 slabhash.lo slabhash.o: $(srcdir)/util/storage/slabhash.c config.h $(srcdir)/util/storage/slabhash.h \
  $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h
 tcp_conn_limit.lo tcp_conn_limit.o: $(srcdir)/util/tcp_conn_limit.c config.h $(srcdir)/util/regional.h \
- $(srcdir)/util/log.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/tcp_conn_limit.h \
- $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/services/localzone.h \
- $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h \
- $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
- $(srcdir)/sldns/rrdef.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h
-timehist.lo timehist.o: $(srcdir)/util/timehist.c config.h $(srcdir)/util/timehist.h $(srcdir)/util/log.h
-tube.lo tube.o: $(srcdir)/util/tube.c config.h $(srcdir)/util/tube.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \
- $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
- $(srcdir)/util/fptr_wlist.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/module.h \
+ $(srcdir)/util/log.h $(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/net_help.h \
+ $(srcdir)/util/random.h $(srcdir)/util/tcp_conn_limit.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/util/locks.h $(srcdir)/services/localzone.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \
  $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
- $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h
+timehist.lo timehist.o: $(srcdir)/util/timehist.c config.h $(srcdir)/util/timehist.h $(srcdir)/util/log.h \
+ $(srcdir)/util/timeval_func.h
+tube.lo tube.o: $(srcdir)/util/tube.c config.h $(srcdir)/util/tube.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \
+ $(srcdir)/util/random.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
+  $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h \
+ $(srcdir)/util/fptr_wlist.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h \
+ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
  $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
  $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \
  $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
  $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/ub_event.h
+proxy_protocol.lo proxy_protocol.o: $(srcdir)/util/proxy_protocol.c $(srcdir)/util/proxy_protocol.h config.h
+timeval_func.lo timeval_func.o: $(srcdir)/util/timeval_func.c config.h $(srcdir)/util/timeval_func.h
 ub_event.lo ub_event.o: $(srcdir)/util/ub_event.c config.h $(srcdir)/util/ub_event.h $(srcdir)/util/log.h \
  $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
- $(srcdir)/util/tube.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h $(srcdir)/daemon/remote.h
+ $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h \
+ $(srcdir)/util/tube.h $(srcdir)/daemon/remote.h \
+ $(srcdir)/dnstap/dtstream.h
 ub_event_pluggable.lo ub_event_pluggable.o: $(srcdir)/util/ub_event_pluggable.c config.h $(srcdir)/util/ub_event.h \
  $(srcdir)/libunbound/unbound-event.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
-  $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h \
- $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
- $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
- $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
- $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
+  $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
+ $(srcdir)/util/fptr_wlist.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h \
+ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
  $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \
  $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
- $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h
+ $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h
 winsock_event.lo winsock_event.o: $(srcdir)/util/winsock_event.c config.h
 autotrust.lo autotrust.o: $(srcdir)/validator/autotrust.c config.h $(srcdir)/validator/autotrust.h \
  $(srcdir)/util/rbtree.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
  $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_anchor.h $(srcdir)/validator/val_utils.h \
- $(srcdir)/sldns/pkthdr.h $(srcdir)/validator/val_sigcrypt.h $(srcdir)/util/data/dname.h $(srcdir)/util/module.h \
- $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/net_help.h \
- $(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/random.h $(srcdir)/services/mesh.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_sigcrypt.h $(srcdir)/util/data/dname.h \
+ $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/net_help.h \
+ $(srcdir)/util/random.h $(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/services/mesh.h \
  $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
+ $(srcdir)/dnscrypt/cert.h \
  $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
  $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \
  $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
  $(srcdir)/respip/respip.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \
- $(srcdir)/validator/val_kcache.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/keyraw.h
+ $(srcdir)/validator/val_kcache.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/keyraw.h \
+ 
 val_anchor.lo val_anchor.o: $(srcdir)/validator/val_anchor.c config.h $(srcdir)/validator/val_anchor.h \
  $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_sigcrypt.h \
  $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h \
- $(srcdir)/validator/autotrust.h $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h \
- $(srcdir)/util/config_file.h $(srcdir)/util/as112.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/sldns/rrdef.h $(srcdir)/validator/autotrust.h $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h \
+ $(srcdir)/util/random.h $(srcdir)/util/config_file.h $(srcdir)/util/as112.h $(srcdir)/sldns/sbuffer.h \
  $(srcdir)/sldns/str2wire.h
 validator.lo validator.o: $(srcdir)/validator/validator.c config.h $(srcdir)/validator/validator.h \
  $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
- $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
- $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_utils.h \
- $(srcdir)/validator/val_anchor.h $(srcdir)/util/rbtree.h $(srcdir)/validator/val_kcache.h \
- $(srcdir)/util/storage/slabhash.h $(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_nsec.h \
- $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_neg.h $(srcdir)/validator/val_sigcrypt.h \
+ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/validator/val_utils.h \
+ $(srcdir)/validator/val_nsec3.h $(srcdir)/util/rbtree.h $(srcdir)/validator/val_anchor.h \
+ $(srcdir)/validator/val_kcache.h $(srcdir)/util/storage/slabhash.h $(srcdir)/validator/val_kentry.h \
+ $(srcdir)/validator/val_nsec.h $(srcdir)/validator/val_neg.h $(srcdir)/validator/val_sigcrypt.h \
  $(srcdir)/validator/autotrust.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h \
- $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h \
- $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
-  $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \
- $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
- $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \
- $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
- $(srcdir)/respip/respip.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h
+ $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/regional.h \
+ $(srcdir)/util/config_file.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
+  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \
+ $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \
+ $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
+ $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h
 val_kcache.lo val_kcache.o: $(srcdir)/validator/val_kcache.c config.h $(srcdir)/validator/val_kcache.h \
  $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
- $(srcdir)/validator/val_kentry.h $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h \
- $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
- $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h
+ $(srcdir)/validator/val_kentry.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/config_file.h \
+ $(srcdir)/util/data/dname.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
+ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h
 val_kentry.lo val_kentry.o: $(srcdir)/validator/val_kentry.c config.h $(srcdir)/validator/val_kentry.h \
- $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h \
- $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \
- $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h
-val_neg.lo val_neg.o: $(srcdir)/validator/val_neg.c config.h $(srcdir)/validator/val_neg.h $(srcdir)/util/locks.h \
- $(srcdir)/util/log.h $(srcdir)/util/rbtree.h $(srcdir)/validator/val_nsec.h $(srcdir)/util/data/packed_rrset.h \
- $(srcdir)/util/storage/lruhash.h $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_utils.h \
- $(srcdir)/sldns/pkthdr.h $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/net_help.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lookup3.h \
+ $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/sldns/keyraw.h \
+ 
+val_neg.lo val_neg.o: $(srcdir)/validator/val_neg.c config.h \
+ $(srcdir)/validator/val_neg.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/validator/val_nsec.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
+ $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_utils.h $(srcdir)/sldns/pkthdr.h \
+ $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h \
  $(srcdir)/util/config_file.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \
- $(srcdir)/services/cache/dns.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h
+ $(srcdir)/services/cache/dns.h $(srcdir)/sldns/sbuffer.h
 val_nsec3.lo val_nsec3.o: $(srcdir)/validator/val_nsec3.c config.h $(srcdir)/validator/val_nsec3.h \
  $(srcdir)/util/rbtree.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
- $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_secalgo.h $(srcdir)/validator/validator.h \
- $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
- $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_kentry.h \
- $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/regional.h \
- $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/validator/val_nsec.h $(srcdir)/sldns/sbuffer.h
+ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_secalgo.h \
+ $(srcdir)/validator/validator.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/validator/val_utils.h \
+ $(srcdir)/validator/val_kentry.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \
+ $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/data/dname.h \
+ $(srcdir)/validator/val_nsec.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h
 val_nsec.lo val_nsec.o: $(srcdir)/validator/val_nsec.c config.h $(srcdir)/validator/val_nsec.h \
  $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
- $(srcdir)/validator/val_utils.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/data/msgreply.h \
- $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h \
- $(srcdir)/sldns/rrdef.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h
+ $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_utils.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/data/msgreply.h \
+ $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/module.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h
 val_secalgo.lo val_secalgo.o: $(srcdir)/validator/val_secalgo.c config.h $(srcdir)/util/data/packed_rrset.h \
  $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_secalgo.h \
  $(srcdir)/validator/val_nsec3.h $(srcdir)/util/rbtree.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \
- $(srcdir)/sldns/sbuffer.h
+ $(srcdir)/sldns/sbuffer.h \
+ 
 val_sigcrypt.lo val_sigcrypt.o: $(srcdir)/validator/val_sigcrypt.c config.h \
  $(srcdir)/validator/val_sigcrypt.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
- $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/sldns/pkthdr.h $(srcdir)/validator/val_secalgo.h \
- $(srcdir)/validator/validator.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
- $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_utils.h \
- $(srcdir)/util/data/dname.h $(srcdir)/util/rbtree.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \
- $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h \
- $(srcdir)/sldns/wire2str.h
+ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/validator/val_secalgo.h $(srcdir)/validator/validator.h $(srcdir)/util/module.h \
+ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/validator/val_utils.h \
+ $(srcdir)/validator/val_nsec3.h $(srcdir)/util/rbtree.h $(srcdir)/util/data/dname.h $(srcdir)/util/rfc_1982.h \
+ $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h \
+ $(srcdir)/sldns/keyraw.h \
+ $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h $(srcdir)/services/mesh.h \
+ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
+ $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
+ $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/services/authzone.h \
+ $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \
+ 
 val_utils.lo val_utils.o: $(srcdir)/validator/val_utils.c config.h $(srcdir)/validator/val_utils.h \
  $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
- $(srcdir)/sldns/pkthdr.h $(srcdir)/validator/validator.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
- $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_kentry.h \
- $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_anchor.h $(srcdir)/util/rbtree.h \
- $(srcdir)/validator/val_nsec.h $(srcdir)/validator/val_neg.h $(srcdir)/services/cache/rrset.h \
- $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/dns.h $(srcdir)/util/data/dname.h \
- $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/wire2str.h \
- $(srcdir)/sldns/parseutil.h
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/validator/validator.h $(srcdir)/util/module.h \
+ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/validator/val_nsec3.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_sigcrypt.h \
+ $(srcdir)/validator/val_anchor.h $(srcdir)/validator/val_nsec.h $(srcdir)/validator/val_neg.h \
+ $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/dns.h \
+ $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/regional.h \
+ $(srcdir)/util/config_file.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h
 dns64.lo dns64.o: $(srcdir)/dns64/dns64.c config.h $(srcdir)/dns64/dns64.h $(srcdir)/util/module.h \
  $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \
- $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
- $(srcdir)/sldns/rrdef.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h \
+ $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h \
  $(srcdir)/util/storage/slabhash.h $(srcdir)/util/config_file.h $(srcdir)/util/fptr_wlist.h \
  $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
+ $(srcdir)/dnscrypt/cert.h \
  $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \
  $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \
  $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \
  $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/net_help.h \
- $(srcdir)/util/regional.h $(srcdir)/util/data/dname.h $(srcdir)/sldns/str2wire.h
-edns-subnet.lo edns-subnet.o: $(srcdir)/edns-subnet/edns-subnet.c config.h
-subnetmod.lo subnetmod.o: $(srcdir)/edns-subnet/subnetmod.c config.h
+ $(srcdir)/util/random.h $(srcdir)/util/regional.h $(srcdir)/util/data/dname.h $(srcdir)/sldns/str2wire.h
+edns-subnet.lo edns-subnet.o: $(srcdir)/edns-subnet/edns-subnet.c config.h \
+ $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/random.h
+subnetmod.lo subnetmod.o: $(srcdir)/edns-subnet/subnetmod.c config.h $(srcdir)/edns-subnet/subnetmod.h \
+ $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
+ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/services/outbound_list.h \
+ $(srcdir)/util/alloc.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/storage/slabhash.h \
+ $(srcdir)/util/data/dname.h $(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h \
+ $(srcdir)/edns-subnet/subnet-whitelist.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
+  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h \
+ $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \
+ $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \
+ $(srcdir)/services/cache/dns.h $(srcdir)/util/regional.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \
+ $(srcdir)/sldns/wire2str.h $(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_resptype.h \
+ $(srcdir)/cachedb/cachedb.h
 addrtree.lo addrtree.o: $(srcdir)/edns-subnet/addrtree.c config.h $(srcdir)/util/log.h \
  $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
- $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h \
- $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/edns-subnet/addrtree.h
-subnet-whitelist.lo subnet-whitelist.o: $(srcdir)/edns-subnet/subnet-whitelist.c config.h
+ $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/edns-subnet/addrtree.h
+subnet-whitelist.lo subnet-whitelist.o: $(srcdir)/edns-subnet/subnet-whitelist.c config.h \
+ $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/random.h \
+ $(srcdir)/edns-subnet/subnet-whitelist.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h \
+ $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h
+cachedb.lo cachedb.o: $(srcdir)/cachedb/cachedb.c config.h $(srcdir)/cachedb/cachedb.h $(srcdir)/util/module.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \
+ $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/cachedb/redis.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \
+ $(srcdir)/util/random.h $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h \
+ $(srcdir)/services/cache/dns.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/util/netevent.h \
+ $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
+ $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \
+ $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
+ $(srcdir)/respip/respip.h $(srcdir)/validator/val_neg.h $(srcdir)/validator/val_secalgo.h \
+ $(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_resptype.h $(srcdir)/sldns/parseutil.h \
+ $(srcdir)/sldns/wire2str.h
+redis.lo redis.o: $(srcdir)/cachedb/redis.c config.h $(srcdir)/cachedb/redis.h $(srcdir)/cachedb/cachedb.h \
+ $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
+ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/alloc.h $(srcdir)/util/config_file.h \
+ $(srcdir)/util/timeval_func.h $(srcdir)/sldns/sbuffer.h
 respip.lo respip.o: $(srcdir)/respip/respip.c config.h $(srcdir)/services/localzone.h $(srcdir)/util/rbtree.h \
  $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/module.h \
  $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
- $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/view.h \
+ $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/services/view.h \
  $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h \
- $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/services/modstack.h \
- $(srcdir)/services/rpz.h $(srcdir)/util/config_file.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
- $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/services/cache/dns.h \
- $(srcdir)/sldns/str2wire.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h \
- $(srcdir)/util/regional.h
+ $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/util/config_file.h $(srcdir)/daemon/stats.h \
+ $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \
+ $(srcdir)/services/cache/dns.h $(srcdir)/sldns/str2wire.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \
+ $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/regional.h $(srcdir)/util/data/dname.h
 checklocks.lo checklocks.o: $(srcdir)/testcode/checklocks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
  $(srcdir)/testcode/checklocks.h
-ipsecmod.lo ipsecmod.o: $(srcdir)/ipsecmod/ipsecmod.c config.h
-ipsecmod-whitelist.lo ipsecmod-whitelist.o: $(srcdir)/ipsecmod/ipsecmod-whitelist.c config.h
+dnstap.lo dnstap.o: $(srcdir)/dnstap/dnstap.c  config.h $(srcdir)/sldns/sbuffer.h \
+ $(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \
+ $(srcdir)/util/random.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
+  $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h \
+ $(srcdir)/dnstap/dnstap.h $(srcdir)/dnstap/dtstream.h dnstap/dnstap.pb-c.h
+dnstap.pb-c.lo dnstap.pb-c.o: dnstap/dnstap.pb-c.c dnstap/dnstap.pb-c.h
+dnstap_fstrm.lo dnstap_fstrm.o: $(srcdir)/dnstap/dnstap_fstrm.c config.h $(srcdir)/dnstap/dnstap_fstrm.h \
+ $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h
+dtstream.lo dtstream.o: $(srcdir)/dnstap/dtstream.c config.h $(srcdir)/dnstap/dtstream.h $(srcdir)/util/locks.h \
+ $(srcdir)/util/log.h $(srcdir)/dnstap/dnstap_fstrm.h $(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/util/ub_event.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/services/outside_network.h \
+ $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/util/regional.h $(srcdir)/util/netevent.h \
+ $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/dnscrypt/cert.h \
+  $(srcdir)/sldns/sbuffer.h \
+ 
+dnscrypt.lo dnscrypt.o: $(srcdir)/dnscrypt/dnscrypt.c config.h $(srcdir)/sldns/sbuffer.h \
+ $(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \
+ $(srcdir)/util/random.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
+  $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h \
+ $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/storage/lookup3.h
+ipsecmod.lo ipsecmod.o: $(srcdir)/ipsecmod/ipsecmod.c config.h $(srcdir)/ipsecmod/ipsecmod.h \
+ $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
+ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/ipsecmod/ipsecmod-whitelist.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/fptr_wlist.h \
+ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
+ $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \
+ $(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h \
+ $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
+ $(srcdir)/respip/respip.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h \
+ $(srcdir)/services/cache/dns.h $(srcdir)/sldns/wire2str.h
+ipsecmod-whitelist.lo ipsecmod-whitelist.o: $(srcdir)/ipsecmod/ipsecmod-whitelist.c config.h \
+ $(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
+ $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/ipsecmod/ipsecmod-whitelist.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/regional.h \
+ $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h $(srcdir)/sldns/str2wire.h
+ipset.lo ipset.o: $(srcdir)/ipset/ipset.c config.h $(srcdir)/ipset/ipset.h $(srcdir)/util/module.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \
+ $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h \
+ $(srcdir)/util/config_file.h $(srcdir)/services/cache/dns.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h \
+ $(srcdir)/sldns/parseutil.h
 unitanchor.lo unitanchor.o: $(srcdir)/testcode/unitanchor.c config.h $(srcdir)/util/log.h $(srcdir)/util/data/dname.h \
  $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/testcode/unitmain.h \
  $(srcdir)/validator/val_anchor.h $(srcdir)/util/rbtree.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h
 unitdname.lo unitdname.o: $(srcdir)/testcode/unitdname.c config.h $(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h \
  $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/sldns/sbuffer.h \
- $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h
+ $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h
 unitlruhash.lo unitlruhash.o: $(srcdir)/testcode/unitlruhash.c config.h $(srcdir)/testcode/unitmain.h \
  $(srcdir)/util/log.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/storage/slabhash.h
-unitmain.lo unitmain.o: $(srcdir)/testcode/unitmain.c config.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \
- $(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \
- $(srcdir)/util/config_file.h $(srcdir)/util/rtt.h $(srcdir)/util/timehist.h $(srcdir)/iterator/iterator.h \
- $(srcdir)/services/outbound_list.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \
- $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h \
- $(srcdir)/sldns/pkthdr.h $(srcdir)/libunbound/unbound.h $(srcdir)/services/cache/infra.h \
- $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
-  $(srcdir)/util/random.h $(srcdir)/respip/respip.h \
- $(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \
- $(srcdir)/services/outside_network.h
+unitmain.lo unitmain.o: $(srcdir)/testcode/unitmain.c config.h \
+ $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \
+ $(srcdir)/util/log.h \
+ $(srcdir)/testcode/unitmain.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \
+ $(srcdir)/util/random.h $(srcdir)/util/config_file.h $(srcdir)/util/rtt.h $(srcdir)/util/timehist.h \
+ $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/util/data/msgreply.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/edns.h \
+ $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/respip/respip.h \
+ $(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/regional.h \
+ $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h $(srcdir)/sldns/str2wire.h
 unitmsgparse.lo unitmsgparse.o: $(srcdir)/testcode/unitmsgparse.c config.h $(srcdir)/util/log.h \
  $(srcdir)/testcode/unitmain.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h \
  $(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \
  $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h \
- $(srcdir)/util/alloc.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/testcode/readhex.h \
- $(srcdir)/testcode/testpkts.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h
+ $(srcdir)/util/alloc.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h \
+ $(srcdir)/testcode/readhex.h $(srcdir)/testcode/testpkts.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h \
+ $(srcdir)/sldns/wire2str.h
 unitneg.lo unitneg.o: $(srcdir)/testcode/unitneg.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \
- $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
- $(srcdir)/util/data/dname.h $(srcdir)/testcode/unitmain.h $(srcdir)/validator/val_neg.h $(srcdir)/util/rbtree.h \
- $(srcdir)/sldns/rrdef.h
+ $(srcdir)/util/random.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
+ $(srcdir)/util/locks.h $(srcdir)/util/data/dname.h $(srcdir)/testcode/unitmain.h $(srcdir)/validator/val_neg.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/sldns/rrdef.h
 unitregional.lo unitregional.o: $(srcdir)/testcode/unitregional.c config.h $(srcdir)/testcode/unitmain.h \
  $(srcdir)/util/log.h $(srcdir)/util/regional.h
 unitslabhash.lo unitslabhash.o: $(srcdir)/testcode/unitslabhash.c config.h $(srcdir)/testcode/unitmain.h \
  $(srcdir)/util/log.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h
 unitverify.lo unitverify.o: $(srcdir)/testcode/unitverify.c config.h $(srcdir)/util/log.h \
  $(srcdir)/testcode/unitmain.h $(srcdir)/validator/val_sigcrypt.h $(srcdir)/util/data/packed_rrset.h \
- $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
  $(srcdir)/validator/val_secalgo.h $(srcdir)/validator/val_nsec.h $(srcdir)/validator/val_nsec3.h \
  $(srcdir)/util/rbtree.h $(srcdir)/validator/validator.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
- $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_utils.h \
- $(srcdir)/testcode/testpkts.h $(srcdir)/util/data/dname.h $(srcdir)/util/regional.h $(srcdir)/util/alloc.h \
- $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/keyraw.h \
- $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h
+ $(srcdir)/util/data/msgparse.h $(srcdir)/validator/val_utils.h $(srcdir)/testcode/testpkts.h \
+ $(srcdir)/util/data/dname.h $(srcdir)/util/regional.h $(srcdir)/util/alloc.h $(srcdir)/util/net_help.h \
+ $(srcdir)/util/random.h $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/keyraw.h \
+ $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h \
+ 
 readhex.lo readhex.o: $(srcdir)/testcode/readhex.c config.h $(srcdir)/testcode/readhex.h $(srcdir)/util/log.h \
  $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h
 testpkts.lo testpkts.o: $(srcdir)/testcode/testpkts.c config.h $(srcdir)/testcode/testpkts.h \
- $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h \
- $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h
+ $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/random.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h
 unitldns.lo unitldns.o: $(srcdir)/testcode/unitldns.c config.h $(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h \
  $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h \
  $(srcdir)/sldns/parseutil.h
-unitecs.lo unitecs.o: $(srcdir)/testcode/unitecs.c config.h
+unitecs.lo unitecs.o: $(srcdir)/testcode/unitecs.c config.h $(srcdir)/util/log.h $(srcdir)/util/module.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/data/msgreply.h \
+ $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/testcode/unitmain.h $(srcdir)/edns-subnet/addrtree.h \
+ $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/services/outbound_list.h $(srcdir)/util/alloc.h \
+ $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/data/dname.h \
+ $(srcdir)/edns-subnet/edns-subnet.h
 unitauth.lo unitauth.o: $(srcdir)/testcode/unitauth.c config.h $(srcdir)/services/authzone.h \
  $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h \
- $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/util/data/msgparse.h \
- $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h \
- $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/modstack.h \
- $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \
- $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/daemon/stats.h \
- $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/testcode/unitmain.h \
- $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/services/cache/dns.h $(srcdir)/sldns/str2wire.h \
- $(srcdir)/sldns/wire2str.h
+ $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
+ $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
+ $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \
+ $(srcdir)/util/config_file.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
+ $(srcdir)/respip/respip.h $(srcdir)/testcode/unitmain.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \
+ $(srcdir)/util/random.h $(srcdir)/services/cache/dns.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h
 unitzonemd.lo unitzonemd.o: $(srcdir)/testcode/unitzonemd.c config.h $(srcdir)/util/log.h \
  $(srcdir)/testcode/unitmain.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/authzone.h \
  $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h \
- $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/util/data/msgparse.h \
- $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
- $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \
- $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \
- $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
- $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/data/dname.h $(srcdir)/util/regional.h \
- $(srcdir)/validator/val_anchor.h
-unittcpreuse.lo unittcpreuse.o: $(srcdir)/testcode/unittcpreuse.c config.h $(srcdir)/services/outside_network.h \
-$(srcdir)/util/random.h
-unitinfra.lo unitinfra.o: $(srcdir)/testcode/unitinfra.c config.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/iterator/iterator.h
+ $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/module.h \
+ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/modstack.h \
+ $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \
+ $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/daemon/stats.h \
+ $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/data/dname.h \
+ $(srcdir)/util/regional.h $(srcdir)/validator/val_anchor.h
+unittcpreuse.lo unittcpreuse.o: $(srcdir)/testcode/unittcpreuse.c config.h $(srcdir)/testcode/unitmain.h \
+ $(srcdir)/util/log.h $(srcdir)/util/random.h $(srcdir)/services/outside_network.h $(srcdir)/util/alloc.h \
+ $(srcdir)/util/locks.h $(srcdir)/util/rbtree.h $(srcdir)/util/regional.h $(srcdir)/util/netevent.h \
+ $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/dnscrypt/cert.h \
+ 
+unitdoq.lo unitdoq.o: $(srcdir)/testcode/unitdoq.c config.h $(srcdir)/util/netevent.h \
+ $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/locks.h $(srcdir)/util/log.h \
+ $(srcdir)/services/listen_dnsport.h $(srcdir)/util/rbtree.h $(srcdir)/daemon/acl_list.h \
+ $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \
+ $(srcdir)/testcode/unitmain.h
+unitinfra.lo unitinfra.o: $(srcdir)/testcode/unitinfra.c config.h $(srcdir)/testcode/unitmain.h $(srcdir)/util/log.h \
+ $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/util/data/msgreply.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/data/packed_rrset.h \
+ $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
+ $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h \
+ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
+ $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h
 acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/acl_list.h \
  $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/locks.h \
- $(srcdir)/util/log.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \
- $(srcdir)/services/localzone.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \
- $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
- $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h
-cachedump.lo cachedump.o: $(srcdir)/daemon/cachedump.c config.h $(srcdir)/daemon/cachedump.h \
- $(srcdir)/daemon/remote.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
- $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
- $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
- $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
- $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
+ $(srcdir)/util/log.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/services/localzone.h $(srcdir)/util/module.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/sbuffer.h \
+ $(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
+  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/sldns/str2wire.h
+cachedump.lo cachedump.o: $(srcdir)/daemon/cachedump.c config.h \
+ $(srcdir)/daemon/cachedump.h $(srcdir)/daemon/remote.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
+ $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
+ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h \
+ $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
  $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h  \
  $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/dns.h \
  $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h \
- $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/iterator/iterator.h \
+ $(srcdir)/services/outside_network.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h \
+ $(srcdir)/util/data/dname.h $(srcdir)/util/config_file.h $(srcdir)/iterator/iterator.h \
  $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_utils.h \
  $(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \
- $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/util/config_file.h $(srcdir)/services/outside_network.h
-daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h \
- $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h  \
-  $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \
- $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
- $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/data/msgreply.h \
- $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h \
- $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \
- $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \
- $(srcdir)/services/view.h $(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h \
- $(srcdir)/util/storage/lookup3.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/tcp_conn_limit.h \
- $(srcdir)/util/edns.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \
- $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/localzone.h \
- $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h $(srcdir)/respip/respip.h \
- $(srcdir)/util/random.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/sldns/keyraw.h \
- $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h
-remote.lo remote.o: $(srcdir)/daemon/remote.c config.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/worker.h \
+ $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h
+daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h \
+ $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
+   $(srcdir)/daemon/worker.h \
  $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \
- $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h \
- $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/util/alloc.h \
- $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
+ $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/data/msgreply.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
  $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h \
- $(srcdir)/dnstap/dnstap.h  $(srcdir)/daemon/daemon.h \
+ $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \
+ $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \
+ $(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h $(srcdir)/util/storage/lookup3.h \
+ $(srcdir)/util/storage/slabhash.h $(srcdir)/util/tcp_conn_limit.h $(srcdir)/util/edns.h \
+ $(srcdir)/services/listen_dnsport.h \
+ $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
+ $(srcdir)/services/localzone.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h \
+ $(srcdir)/respip/respip.h $(srcdir)/util/random.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/sldns/keyraw.h \
+ $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/cachedb/cachedb.h
+remote.lo remote.o: $(srcdir)/daemon/remote.c config.h \
+ $(srcdir)/daemon/remote.h \
+ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \
+ $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
+ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
+ $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
+ $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h  $(srcdir)/daemon/daemon.h \
  $(srcdir)/services/modstack.h $(srcdir)/daemon/cachedump.h $(srcdir)/util/config_file.h \
- $(srcdir)/util/net_help.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \
- $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h \
- $(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/services/authzone.h $(srcdir)/respip/respip.h \
- $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/data/dname.h $(srcdir)/validator/validator.h \
- $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_kentry.h \
- $(srcdir)/validator/val_anchor.h $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h \
- $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/iterator/iter_delegpt.h \
- $(srcdir)/services/outside_network.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/parseutil.h \
- $(srcdir)/sldns/wire2str.h $(srcdir)/util/edns.h \
- $(srcdir)/util/locks.h $(srcdir)/util/ub_event.h \
- $(srcdir)/util/tcp_conn_limit.h $(srcdir)/util/edns.h $(srcdir)/validator/val_neg.h \
- $(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_donotq.h $(srcdir)/iterator/iter_priv.h
+ $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/ub_event.h $(srcdir)/services/listen_dnsport.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \
+ $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h \
+ $(srcdir)/util/rtt.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
+ $(srcdir)/services/authzone.h $(srcdir)/respip/respip.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \
+ $(srcdir)/util/data/dname.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \
+ $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_kentry.h \
+ $(srcdir)/validator/val_anchor.h $(srcdir)/validator/val_neg.h $(srcdir)/iterator/iterator.h \
+ $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \
+ $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_resptype.h \
+ $(srcdir)/iterator/iter_donotq.h $(srcdir)/iterator/iter_priv.h $(srcdir)/services/outside_network.h \
+ $(srcdir)/util/regional.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h \
+ $(srcdir)/util/timeval_func.h $(srcdir)/util/tcp_conn_limit.h $(srcdir)/util/edns.h $(srcdir)/cachedb/cachedb.h \
+ $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h
 stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
  $(srcdir)/libunbound/unbound.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
  $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
  $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
- $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
- $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h  \
+ $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h  \
  $(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
  $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \
  $(srcdir)/services/view.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/respip/respip.h \
- $(srcdir)/services/outside_network.h $(srcdir)/services/listen_dnsport.h $(srcdir)/util/tube.h \
- $(srcdir)/util/net_help.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \
- $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h \
- $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
- $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_neg.h
+ $(srcdir)/services/outside_network.h $(srcdir)/util/regional.h $(srcdir)/services/listen_dnsport.h \
+ $(srcdir)/daemon/acl_list.h \
+ $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/validator/validator.h \
+ $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_nsec3.h $(srcdir)/iterator/iterator.h \
+ $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \
+ $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/validator/val_kcache.h \
+ $(srcdir)/validator/val_neg.h $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/util/data/dname.h \
+ $(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h \
+ 
 unbound.lo unbound.o: $(srcdir)/daemon/unbound.c config.h $(srcdir)/util/log.h $(srcdir)/daemon/daemon.h \
  $(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h  \
-  $(srcdir)/daemon/remote.h $(srcdir)/util/config_file.h \
- $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h $(srcdir)/services/listen_dnsport.h \
- $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/services/cache/rrset.h \
- $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/fptr_wlist.h \
- $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
- $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
- $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \
- $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/net_help.h \
- $(srcdir)/util/ub_event.h
+  $(srcdir)/daemon/remote.h \
+ $(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/storage/slabhash.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h \
+ $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \
+ $(srcdir)/services/cache/rrset.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h \
+ $(srcdir)/util/rtt.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \
+ $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h \
+ $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \
+ $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/ub_event.h
 worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \
  $(srcdir)/util/random.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
  $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
- $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/timeval_func.h \
- $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
- $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
+ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
+ $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
  $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h  $(srcdir)/daemon/daemon.h \
- $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h \
- $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/config_file.h \
- $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h \
+ $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h \
+ $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \
+ $(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h \
+ $(srcdir)/services/listen_dnsport.h \
  $(srcdir)/services/outside_network.h $(srcdir)/services/outbound_list.h \
  $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
  $(srcdir)/services/cache/dns.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h \
  $(srcdir)/services/localzone.h $(srcdir)/respip/respip.h $(srcdir)/util/data/msgencode.h \
- $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/edns.h \
- $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/iterator/iter_utils.h \
- $(srcdir)/iterator/iter_resptype.h $(srcdir)/validator/autotrust.h $(srcdir)/validator/val_anchor.h \
- $(srcdir)/libunbound/context.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/libworker.h \
- $(srcdir)/sldns/wire2str.h $(srcdir)/util/shm_side/shm_main.h $(srcdir)/dnstap/dtstream.h
+ $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/proxy_protocol.h \
+ $(srcdir)/util/edns.h $(srcdir)/util/timeval_func.h $(srcdir)/iterator/iter_fwd.h \
+ $(srcdir)/iterator/iter_hints.h $(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_resptype.h \
+ $(srcdir)/validator/autotrust.h $(srcdir)/validator/val_anchor.h $(srcdir)/libunbound/context.h \
+ $(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/libworker.h $(srcdir)/sldns/wire2str.h \
+ $(srcdir)/util/shm_side/shm_main.h $(srcdir)/dnstap/dtstream.h
 testbound.lo testbound.o: $(srcdir)/testcode/testbound.c config.h $(srcdir)/testcode/testpkts.h \
  $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
-  $(srcdir)/util/rbtree.h $(srcdir)/testcode/fake_event.h \
- $(srcdir)/daemon/remote.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
- $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
- $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h $(srcdir)/daemon/unbound.c $(srcdir)/daemon/daemon.h \
- $(srcdir)/util/alloc.h $(srcdir)/util/timeval_func.h $(srcdir)/services/modstack.h  \
- $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \
- $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h \
- $(srcdir)/util/data/msgreply.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h \
- $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \
- $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h \
- $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
- $(srcdir)/respip/respip.h $(srcdir)/util/net_help.h $(srcdir)/util/ub_event.h $(srcdir)/daemon/worker.h
+  $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/testcode/fake_event.h $(srcdir)/daemon/remote.h \
+ $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/daemon/worker.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h \
+ $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/daemon/stats.h \
+ $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \
+  $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h \
+ $(srcdir)/daemon/unbound.c $(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h \
+ $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h $(srcdir)/daemon/acl_list.h \
+ $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \
+ $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
+ $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h \
+ $(srcdir)/services/localzone.h $(srcdir)/services/authzone.h $(srcdir)/respip/respip.h $(srcdir)/util/net_help.h \
+ $(srcdir)/util/random.h $(srcdir)/util/ub_event.h
 testpkts.lo testpkts.o: $(srcdir)/testcode/testpkts.c config.h $(srcdir)/testcode/testpkts.h \
- $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h \
- $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h
+ $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/random.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h
 worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \
  $(srcdir)/util/random.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
  $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
- $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/timeval_func.h \
- $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
- $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
+ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
+ $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \
  $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h  $(srcdir)/daemon/daemon.h \
- $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h \
- $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/config_file.h \
- $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h \
+ $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h \
+ $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \
+ $(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h \
+ $(srcdir)/services/listen_dnsport.h \
  $(srcdir)/services/outside_network.h $(srcdir)/services/outbound_list.h \
  $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
  $(srcdir)/services/cache/dns.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h \
  $(srcdir)/services/localzone.h $(srcdir)/respip/respip.h $(srcdir)/util/data/msgencode.h \
- $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/edns.h \
- $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/iterator/iter_utils.h \
- $(srcdir)/iterator/iter_resptype.h $(srcdir)/validator/autotrust.h $(srcdir)/validator/val_anchor.h \
- $(srcdir)/libunbound/context.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/libworker.h \
- $(srcdir)/sldns/wire2str.h $(srcdir)/util/shm_side/shm_main.h $(srcdir)/dnstap/dtstream.h
+ $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/proxy_protocol.h \
+ $(srcdir)/util/edns.h $(srcdir)/util/timeval_func.h $(srcdir)/iterator/iter_fwd.h \
+ $(srcdir)/iterator/iter_hints.h $(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_resptype.h \
+ $(srcdir)/validator/autotrust.h $(srcdir)/validator/val_anchor.h $(srcdir)/libunbound/context.h \
+ $(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/libworker.h $(srcdir)/sldns/wire2str.h \
+ $(srcdir)/util/shm_side/shm_main.h $(srcdir)/dnstap/dtstream.h
 acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/acl_list.h \
  $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/locks.h \
- $(srcdir)/util/log.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \
- $(srcdir)/services/localzone.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \
- $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
- $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h
-daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h \
- $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h  \
-  $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \
- $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
- $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/data/msgreply.h \
- $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h \
- $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \
- $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \
- $(srcdir)/services/view.h $(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h \
- $(srcdir)/util/storage/lookup3.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/tcp_conn_limit.h \
- $(srcdir)/util/edns.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \
- $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/localzone.h \
- $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h $(srcdir)/respip/respip.h \
- $(srcdir)/util/random.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/sldns/keyraw.h
+ $(srcdir)/util/log.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/services/localzone.h $(srcdir)/util/module.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/sbuffer.h \
+ $(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
+  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/sldns/str2wire.h
+daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h \
+ $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
+   $(srcdir)/daemon/worker.h \
+ $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
+ $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/data/msgreply.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
+ $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h \
+ $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \
+ $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \
+ $(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h $(srcdir)/util/storage/lookup3.h \
+ $(srcdir)/util/storage/slabhash.h $(srcdir)/util/tcp_conn_limit.h $(srcdir)/util/edns.h \
+ $(srcdir)/services/listen_dnsport.h \
+ $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
+ $(srcdir)/services/localzone.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h \
+ $(srcdir)/respip/respip.h $(srcdir)/util/random.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/sldns/keyraw.h \
+ $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/cachedb/cachedb.h
 stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
  $(srcdir)/libunbound/unbound.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
  $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
  $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
- $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
- $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h  \
+ $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h  \
  $(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
  $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \
  $(srcdir)/services/view.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/respip/respip.h \
- $(srcdir)/services/outside_network.h $(srcdir)/services/listen_dnsport.h $(srcdir)/util/tube.h \
- $(srcdir)/util/net_help.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \
- $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h \
- $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
- $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_neg.h
+ $(srcdir)/services/outside_network.h $(srcdir)/util/regional.h $(srcdir)/services/listen_dnsport.h \
+ $(srcdir)/daemon/acl_list.h \
+ $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/validator/validator.h \
+ $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_nsec3.h $(srcdir)/iterator/iterator.h \
+ $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \
+ $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/validator/val_kcache.h \
+ $(srcdir)/validator/val_neg.h $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/util/data/dname.h \
+ $(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h \
+ 
 replay.lo replay.o: $(srcdir)/testcode/replay.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \
- $(srcdir)/util/config_file.h $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
-  $(srcdir)/testcode/testpkts.h $(srcdir)/util/rbtree.h $(srcdir)/util/timeval_func.h \
- $(srcdir)/testcode/fake_event.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h
+ $(srcdir)/util/random.h $(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h $(srcdir)/testcode/replay.h \
+ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
+ $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h \
+ $(srcdir)/testcode/testpkts.h $(srcdir)/util/rbtree.h $(srcdir)/testcode/fake_event.h $(srcdir)/sldns/str2wire.h \
+ $(srcdir)/util/timeval_func.h
 fake_event.lo fake_event.o: $(srcdir)/testcode/fake_event.c config.h $(srcdir)/testcode/fake_event.h \
  $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
- $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h \
- $(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \
+ $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
+ $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/data/msgparse.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \
  $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h \
- $(srcdir)/util/edns.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/config_file.h \
- $(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h $(srcdir)/util/timeval_func.h \
+ $(srcdir)/util/storage/slabhash.h $(srcdir)/util/edns.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/util/config_file.h $(srcdir)/services/listen_dnsport.h $(srcdir)/daemon/acl_list.h \
+ $(srcdir)/services/view.h \
+ $(srcdir)/services/outside_network.h $(srcdir)/util/alloc.h $(srcdir)/util/regional.h \
   $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
  $(srcdir)/testcode/replay.h $(srcdir)/testcode/testpkts.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h \
  $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \
- $(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h \
- $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \
- $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/daemon/remote.h $(srcdir)/util/storage/slabhash.h $(srcdir)/daemon/daemon.h
+ $(srcdir)/services/localzone.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \
+ $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/sldns/wire2str.h \
+ $(srcdir)/sldns/str2wire.h $(srcdir)/daemon/remote.h \
+ $(srcdir)/daemon/daemon.h $(srcdir)/util/timeval_func.h
 lock_verify.lo lock_verify.o: $(srcdir)/testcode/lock_verify.c config.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h \
  $(srcdir)/util/locks.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
-  $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h \
- $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
- $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \
- $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
- $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \
- $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
- $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h
+  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
+ $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h \
+ $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \
+ $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h \
+ $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h
 pktview.lo pktview.o: $(srcdir)/testcode/pktview.c config.h $(srcdir)/util/log.h $(srcdir)/util/data/dname.h \
  $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
  $(srcdir)/sldns/rrdef.h $(srcdir)/testcode/unitmain.h $(srcdir)/testcode/readhex.h $(srcdir)/sldns/sbuffer.h \
@@ -1466,133 +1676,156 @@ readhex.lo readhex.o: $(srcdir)/testcode/readhex.c config.h $(srcdir)/testcode/r
  $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h
 memstats.lo memstats.o: $(srcdir)/testcode/memstats.c config.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h \
  $(srcdir)/util/locks.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
-  $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h \
- $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
- $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \
- $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
- $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \
- $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
- $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h
+  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
+ $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h \
+ $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \
+ $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h \
+ $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h
 unbound-checkconf.lo unbound-checkconf.o: $(srcdir)/smallapp/unbound-checkconf.c config.h $(srcdir)/util/log.h \
- $(srcdir)/util/config_file.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
- $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
- $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \
- $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h \
- $(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_hints.h $(srcdir)/util/storage/dnstree.h \
- $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/services/localzone.h \
- $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \
- $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
- $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
- $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/sldns/str2wire.h
+ $(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \
+ $(srcdir)/util/locks.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h \
+ $(srcdir)/util/regional.h $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h \
+ $(srcdir)/iterator/iter_fwd.h $(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_hints.h \
+ $(srcdir)/util/storage/dnstree.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \
+ $(srcdir)/validator/val_nsec3.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h \
+ $(srcdir)/sldns/sbuffer.h $(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h \
+ $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/daemon/acl_list.h \
+ $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \
+ $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \
+ $(srcdir)/sldns/str2wire.h $(PYTHONMOD_HEADER) $(srcdir)/edns-subnet/subnet-whitelist.h
 worker_cb.lo worker_cb.o: $(srcdir)/smallapp/worker_cb.c config.h $(srcdir)/libunbound/context.h \
  $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \
  $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/util/data/packed_rrset.h \
  $(srcdir)/util/storage/lruhash.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
  $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
-  $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
- $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \
- $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
- $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/util/config_file.h \
- $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/respip/respip.h
+  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h \
+ $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \
+ $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
+ $(srcdir)/respip/respip.h $(srcdir)/dnstap/dtstream.h
 context.lo context.o: $(srcdir)/libunbound/context.c config.h $(srcdir)/libunbound/context.h \
  $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \
  $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/util/data/packed_rrset.h \
- $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
- $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/config_file.h \
- $(srcdir)/util/net_help.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \
+ $(srcdir)/util/random.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \
  $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/cache/rrset.h \
  $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
  $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
+ $(srcdir)/dnscrypt/cert.h \
  $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h $(srcdir)/daemon/stats.h \
- $(srcdir)/util/timehist.h $(srcdir)/respip/respip.h $(srcdir)/util/edns.h \
- $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h
+ $(srcdir)/util/timehist.h $(srcdir)/respip/respip.h $(srcdir)/services/listen_dnsport.h \
+ $(srcdir)/daemon/acl_list.h \
+ $(srcdir)/util/edns.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h
 libunbound.lo libunbound.o: $(srcdir)/libunbound/libunbound.c $(srcdir)/libunbound/unbound.h \
  $(srcdir)/libunbound/unbound-event.h config.h $(srcdir)/libunbound/context.h $(srcdir)/util/locks.h \
  $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \
  $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/libunbound/libworker.h \
- $(srcdir)/util/config_file.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
- $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h \
- $(srcdir)/util/random.h $(srcdir)/util/net_help.h $(srcdir)/util/tube.h $(srcdir)/util/ub_event.h $(srcdir)/util/edns.h \
+ $(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/regional.h $(srcdir)/util/random.h \
+ $(srcdir)/util/net_help.h $(srcdir)/util/tube.h $(srcdir)/util/ub_event.h $(srcdir)/util/edns.h \
  $(srcdir)/util/storage/dnstree.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h \
  $(srcdir)/sldns/sbuffer.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h \
- $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/services/cache/rrset.h \
- $(srcdir)/util/storage/slabhash.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \
- $(srcdir)/services/rpz.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/respip/respip.h \
+ $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/authzone.h \
+ $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
+ $(srcdir)/respip/respip.h $(srcdir)/services/listen_dnsport.h $(srcdir)/daemon/acl_list.h \
  $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h
-libworker.lo libworker.o: $(srcdir)/libunbound/libworker.c config.h $(srcdir)/libunbound/libworker.h \
- $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
- $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \
- $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/worker.h \
- $(srcdir)/sldns/sbuffer.h $(srcdir)/services/outside_network.h $(srcdir)/util/netevent.h \
- $(srcdir)/dnscrypt/dnscrypt.h   \
- $(srcdir)/services/mesh.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
- $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
- $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/util/config_file.h \
- $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/respip/respip.h \
- $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/outbound_list.h \
- $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/regional.h $(srcdir)/util/random.h \
- $(srcdir)/util/storage/lookup3.h $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h \
- $(srcdir)/util/data/msgencode.h $(srcdir)/sldns/str2wire.h
+libworker.lo libworker.o: $(srcdir)/libunbound/libworker.c config.h \
+ $(srcdir)/libunbound/libworker.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
+ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h \
+ $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/outside_network.h \
+ $(srcdir)/util/regional.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
+  $(srcdir)/dnscrypt/cert.h \
+  $(srcdir)/services/mesh.h $(srcdir)/util/data/msgparse.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
+ $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \
+ $(srcdir)/services/view.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \
+ $(srcdir)/util/timehist.h $(srcdir)/respip/respip.h $(srcdir)/services/cache/rrset.h \
+ $(srcdir)/util/storage/slabhash.h $(srcdir)/services/outbound_list.h $(srcdir)/util/fptr_wlist.h \
+ $(srcdir)/util/tube.h $(srcdir)/util/random.h $(srcdir)/util/proxy_protocol.h $(srcdir)/util/storage/lookup3.h \
+ $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h $(srcdir)/sldns/str2wire.h \
+ $(srcdir)/dnstap/dtstream.h
 unbound-host.lo unbound-host.o: $(srcdir)/smallapp/unbound-host.c config.h $(srcdir)/libunbound/unbound.h \
- $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h
+ $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h \
+ 
 asynclook.lo asynclook.o: $(srcdir)/testcode/asynclook.c config.h $(srcdir)/libunbound/unbound.h \
  $(srcdir)/libunbound/context.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h \
  $(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/util/data/packed_rrset.h \
- $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/rrdef.h
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/rrdef.h \
+ 
 streamtcp.lo streamtcp.o: $(srcdir)/testcode/streamtcp.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
- $(srcdir)/util/net_help.h $(srcdir)/util/proxy_protocol.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgparse.h \
- $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \
+ $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/proxy_protocol.h \
+ $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \
  $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/dname.h $(srcdir)/sldns/sbuffer.h \
- $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h
+ $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h \
+ 
 perf.lo perf.o: $(srcdir)/testcode/perf.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \
- $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \
- $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
- $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h
+ $(srcdir)/util/random.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgreply.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h \
+ $(srcdir)/sldns/str2wire.h
 delayer.lo delayer.o: $(srcdir)/testcode/delayer.c config.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \
- $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h
-unbound-control.lo unbound-control.o: $(srcdir)/smallapp/unbound-control.c config.h $(srcdir)/util/log.h \
- $(srcdir)/util/config_file.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h $(srcdir)/util/shm_side/shm_main.h \
- $(srcdir)/libunbound/unbound.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/sldns/wire2str.h \
+ $(srcdir)/util/random.h $(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h
+unbound-control.lo unbound-control.o: $(srcdir)/smallapp/unbound-control.c config.h \
+ $(srcdir)/util/log.h $(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \
+ $(srcdir)/util/random.h $(srcdir)/util/shm_side/shm_main.h $(srcdir)/libunbound/unbound.h \
+ $(srcdir)/util/timeval_func.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/sldns/wire2str.h \
  $(srcdir)/sldns/pkthdr.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/util/rbtree.h \
  $(srcdir)/util/storage/dnstree.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \
  $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
- $(srcdir)/sldns/rrdef.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h \
- $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
-  $(srcdir)/services/modstack.h $(srcdir)/respip/respip.h \
- $(srcdir)/services/listen_dnsport.h
+ $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \
+ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
+ $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/services/modstack.h $(srcdir)/respip/respip.h $(srcdir)/services/listen_dnsport.h \
+ $(srcdir)/daemon/acl_list.h \
+ 
 unbound-anchor.lo unbound-anchor.o: $(srcdir)/smallapp/unbound-anchor.c config.h $(srcdir)/libunbound/unbound.h \
- $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/parseutil.h
-petal.lo petal.o: $(srcdir)/testcode/petal.c config.h
+ $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/parseutil.h \
+ 
+petal.lo petal.o: $(srcdir)/testcode/petal.c config.h \
+ 
 unbound-dnstap-socket.lo unbound-dnstap-socket.o: $(srcdir)/dnstap/unbound-dnstap-socket.c config.h \
  $(srcdir)/dnstap/dtstream.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/dnstap/dnstap_fstrm.h \
- $(srcdir)/util/ub_event.h $(srcdir)/util/net_help.h $(srcdir)/services/listen_dnsport.h \
+ $(srcdir)/util/ub_event.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/services/listen_dnsport.h \
  $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
- $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/util/config_file.h \
- $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/daemon/worker.h \
- $(srcdir)/libunbound/worker.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h \
- $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h \
- $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \
+ $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \
+ $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/pkthdr.h dnstap/dnstap.pb-c.h \
+ $(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/packed_rrset.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/util/alloc.h \
+ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
+ $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \
   $(srcdir)/daemon/remote.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \
- $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \
- $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \
+ $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \
  $(srcdir)/services/authzone.h $(srcdir)/respip/respip.h $(srcdir)/libunbound/context.h \
  $(srcdir)/libunbound/unbound-event.h
 pythonmod_utils.lo pythonmod_utils.o: $(srcdir)/pythonmod/pythonmod_utils.c config.h \
  $(srcdir)/pythonmod/pythonmod_utils.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \
  $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
- $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/netevent.h \
- $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/util/net_help.h \
- $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \
- $(srcdir)/util/regional.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/sldns/sbuffer.h
+ $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/netevent.h \
+ $(srcdir)/dnscrypt/dnscrypt.h  $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/services/cache/dns.h \
+ $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/regional.h \
+ $(srcdir)/iterator/iter_delegpt.h $(srcdir)/sldns/sbuffer.h \
+ 
 win_svc.lo win_svc.o: $(srcdir)/winrc/win_svc.c config.h $(srcdir)/winrc/win_svc.h $(srcdir)/winrc/w_inst.h \
  $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
    $(srcdir)/daemon/worker.h \
  $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \
  $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
- $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/data/msgreply.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \
  $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h \
- $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h $(srcdir)/util/config_file.h $(srcdir)/util/ub_event.h \
- $(srcdir)/util/net_help.h
+ $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \
+ $(srcdir)/util/config_file.h $(srcdir)/util/ub_event.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h
 w_inst.lo w_inst.o: $(srcdir)/winrc/w_inst.c config.h $(srcdir)/winrc/w_inst.h $(srcdir)/winrc/win_svc.h
 unbound-service-install.lo unbound-service-install.o: $(srcdir)/winrc/unbound-service-install.c config.h \
  $(srcdir)/winrc/w_inst.h
@@ -1600,12 +1833,14 @@ unbound-service-remove.lo unbound-service-remove.o: $(srcdir)/winrc/unbound-serv
  $(srcdir)/winrc/w_inst.h
 anchor-update.lo anchor-update.o: $(srcdir)/winrc/anchor-update.c config.h $(srcdir)/libunbound/unbound.h \
  $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/wire2str.h
-keyraw.lo keyraw.o: $(srcdir)/sldns/keyraw.c config.h $(srcdir)/sldns/keyraw.h $(srcdir)/sldns/rrdef.h
+keyraw.lo keyraw.o: $(srcdir)/sldns/keyraw.c config.h $(srcdir)/sldns/keyraw.h \
+ $(srcdir)/sldns/rrdef.h \
+ 
 sbuffer.lo sbuffer.o: $(srcdir)/sldns/sbuffer.c config.h $(srcdir)/sldns/sbuffer.h
 wire2str.lo wire2str.o: $(srcdir)/sldns/wire2str.c config.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h \
  $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/sbuffer.h \
- $(srcdir)/sldns/keyraw.h $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
- $(srcdir)/util/log.h
+ $(srcdir)/sldns/keyraw.h \
+ $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h
 parse.lo parse.o: $(srcdir)/sldns/parse.c config.h $(srcdir)/sldns/parse.h $(srcdir)/sldns/parseutil.h \
  $(srcdir)/sldns/sbuffer.h
 parseutil.lo parseutil.o: $(srcdir)/sldns/parseutil.c config.h $(srcdir)/sldns/parseutil.h
@@ -1616,8 +1851,23 @@ dohclient.lo dohclient.o: $(srcdir)/testcode/dohclient.c config.h $(srcdir)/sldn
  $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/parseutil.h \
  $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \
  $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
- $(srcdir)/sldns/pkthdr.h $(srcdir)/util/net_help.h
-readzone.lo readzone.o: $(srcdir)/testcode/readzone.c
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h \
+ 
+doqclient.lo doqclient.o: $(srcdir)/testcode/doqclient.c config.h \
+ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/sldns/sbuffer.h \
+ $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h $(srcdir)/util/data/msgreply.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/data/dname.h $(srcdir)/util/ub_event.h \
+ $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
+  $(srcdir)/dnscrypt/cert.h $(srcdir)/util/alloc.h $(srcdir)/daemon/stats.h \
+ $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \
+  $(srcdir)/daemon/remote.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \
+ $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \
+ $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \
+ $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/respip/respip.h \
+ $(srcdir)/libunbound/context.h $(srcdir)/libunbound/unbound-event.h
+readzone.lo readzone.o: $(srcdir)/testcode/readzone.c config.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/sldns/wire2str.h
 ctime_r.lo ctime_r.o: $(srcdir)/compat/ctime_r.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h
 fake-rfc2553.lo fake-rfc2553.o: $(srcdir)/compat/fake-rfc2553.c $(srcdir)/compat/fake-rfc2553.h config.h
 gmtime_r.lo gmtime_r.o: $(srcdir)/compat/gmtime_r.c config.h
@@ -1632,9 +1882,11 @@ strlcat.lo strlcat.o: $(srcdir)/compat/strlcat.c config.h
 strlcpy.lo strlcpy.o: $(srcdir)/compat/strlcpy.c config.h
 strptime.lo strptime.o: $(srcdir)/compat/strptime.c config.h
 getentropy_freebsd.lo getentropy_freebsd.o: $(srcdir)/compat/getentropy_freebsd.c
-getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c config.h
+getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c config.h \
+ 
 getentropy_osx.lo getentropy_osx.o: $(srcdir)/compat/getentropy_osx.c
-getentropy_solaris.lo getentropy_solaris.o: $(srcdir)/compat/getentropy_solaris.c config.h
+getentropy_solaris.lo getentropy_solaris.o: $(srcdir)/compat/getentropy_solaris.c config.h \
+ 
 getentropy_win.lo getentropy_win.o: $(srcdir)/compat/getentropy_win.c
 explicit_bzero.lo explicit_bzero.o: $(srcdir)/compat/explicit_bzero.c config.h
 arc4random.lo arc4random.o: $(srcdir)/compat/arc4random.c config.h $(srcdir)/compat/chacha_private.h
diff --git a/contrib/unbound/cachedb/redis.c b/contrib/unbound/cachedb/redis.c
index 3dfa95859eb8..9383f1c8576c 100644
--- a/contrib/unbound/cachedb/redis.c
+++ b/contrib/unbound/cachedb/redis.c
@@ -46,6 +46,8 @@
 #include "cachedb/cachedb.h"
 #include "util/alloc.h"
 #include "util/config_file.h"
+#include "util/locks.h"
+#include "util/timeval_func.h"
 #include "sldns/sbuffer.h"
 
 #ifdef USE_REDIS
@@ -75,6 +77,18 @@ struct redis_moddata {
 	/* timeout for connection setup */
 	struct timeval connect_timeout;
 	struct timeval replica_connect_timeout;
+	/* the reconnect interval time. */
+	struct timeval reconnect_interval;
+	struct timeval replica_reconnect_interval;
+	/* reconnect attempts, 0 if connected, counts up failed reconnects. */
+	int reconnect_attempts;
+	int replica_reconnect_attempts;
+	/* Lock on reconnect_wait time. */
+	lock_basic_type wait_lock;
+	lock_basic_type replica_wait_lock;
+	/* reconnect wait time, wait until it has passed before reconnect. */
+	struct timeval reconnect_wait;
+	struct timeval replica_reconnect_wait;
 	/* the redis logical database to use */
 	int logical_db;
 	int replica_logical_db;
@@ -82,6 +96,10 @@ struct redis_moddata {
 	int set_with_ex_available;
 };
 
+/** The limit on the number of redis connect attempts. After failure if
+ * the number is exceeded, the reconnects are throttled by the wait time. */
+#define REDIS_RECONNECT_ATTEMPT_LIMIT 3
+
 static redisReply* redis_command(struct module_env*, struct cachedb_env*,
 	const char*, const uint8_t*, size_t, int);
 
@@ -105,6 +123,8 @@ moddata_clean(struct redis_moddata** moddata) {
 		}
 		free((*moddata)->replica_ctxs);
 	}
+	lock_basic_destroy(&(*moddata)->wait_lock);
+	lock_basic_destroy(&(*moddata)->replica_wait_lock);
 	free(*moddata);
 	*moddata = NULL;
 }
@@ -113,10 +133,39 @@ static redisContext*
 redis_connect(const char* host, int port, const char* path,
 	const char* password, int logical_db,
 	const struct timeval connect_timeout,
-	const struct timeval command_timeout)
+	const struct timeval command_timeout,
+	const struct timeval* reconnect_interval,
+	int* reconnect_attempts,
+	struct timeval* reconnect_wait,
+	lock_basic_type* wait_lock,
+	struct timeval* now_tv,
+	const char* infostr)
 {
+	struct timeval now_val;
 	redisContext* ctx;
 
+	/* See if the redis server is down, and reconnect has to wait. */
+	if(*reconnect_attempts > REDIS_RECONNECT_ATTEMPT_LIMIT) {
+		/* Acquire lock to look at timeval, the integer has atomic
+		 * integrity. */
+		struct timeval wait_tv;
+		if(now_tv) {
+			now_val = *now_tv;
+		} else {
+			if(gettimeofday(&now_val, NULL) < 0)
+				log_err("redis: gettimeofday: %s",
+					strerror(errno));
+		}
+		lock_basic_lock(wait_lock);
+		wait_tv = *reconnect_wait;
+		lock_basic_unlock(wait_lock);
+		if(timeval_smaller(&now_val, &wait_tv)) {
+			verbose(VERB_ALGO, "redis %sdown, reconnect wait",
+				infostr);
+			return NULL;
+		}
+	}
+
 	if(path && path[0]!=0) {
 		ctx = redisConnectUnixWithTimeout(path, connect_timeout);
 	} else {
@@ -126,18 +175,18 @@ redis_connect(const char* host, int port, const char* path,
 		const char *errstr = "out of memory";
 		if(ctx)
 			errstr = ctx->errstr;
-		log_err("failed to connect to redis server: %s", errstr);
+		log_err("failed to connect to redis %sserver: %s", infostr, errstr);
 		goto fail;
 	}
 	if(redisSetTimeout(ctx, command_timeout) != REDIS_OK) {
-		log_err("failed to set redis timeout, %s", ctx->errstr);
+		log_err("failed to set redis %stimeout, %s", infostr, ctx->errstr);
 		goto fail;
 	}
 	if(password && password[0]!=0) {
 		redisReply* rep;
 		rep = redisCommand(ctx, "AUTH %s", password);
 		if(!rep || rep->type == REDIS_REPLY_ERROR) {
-			log_err("failed to authenticate with password");
+			log_err("failed to authenticate %swith password", infostr);
 			freeReplyObject(rep);
 			goto fail;
 		}
@@ -147,18 +196,20 @@ redis_connect(const char* host, int port, const char* path,
 		redisReply* rep;
 		rep = redisCommand(ctx, "SELECT %d", logical_db);
 		if(!rep || rep->type == REDIS_REPLY_ERROR) {
-			log_err("failed to set logical database (%d)",
-				logical_db);
+			log_err("failed %sto set logical database (%d)",
+				infostr, logical_db);
 			freeReplyObject(rep);
 			goto fail;
 		}
 		freeReplyObject(rep);
 	}
+	*reconnect_attempts = 0;
 	if(verbosity >= VERB_OPS) {
 		char port_str[6+1];
 		port_str[0] = ' ';
 		(void)snprintf(port_str+1, sizeof(port_str)-1, "%d", port);
-		verbose(VERB_OPS, "Connection to Redis established (%s%s)",
+		verbose(VERB_OPS, "Connection to Redis %sestablished (%s%s)",
+			infostr,
 			path&&path[0]!=0?path:host,
 			path&&path[0]!=0?"":port_str);
 	}
@@ -167,6 +218,25 @@ redis_connect(const char* host, int port, const char* path,
 fail:
 	if(ctx)
 		redisFree(ctx);
+	(*reconnect_attempts)++;
+	if(*reconnect_attempts > REDIS_RECONNECT_ATTEMPT_LIMIT) {
+		/* Wait for the reconnect interval before trying again. */
+		struct timeval tv;
+		if(now_tv) {
+			now_val = *now_tv;
+		} else {
+			if(gettimeofday(&now_val, NULL) < 0)
+				log_err("redis: gettimeofday: %s",
+					strerror(errno));
+		}
+		tv = now_val;
+		timeval_add(&tv, reconnect_interval);
+		lock_basic_lock(wait_lock);
+		*reconnect_wait = tv;
+		lock_basic_unlock(wait_lock);
+		verbose(VERB_ALGO, "redis %sreconnect wait until %d.%6.6d",
+			infostr, (int)tv.tv_sec, (int)tv.tv_usec);
+	}
 	return NULL;
 }
 
@@ -191,6 +261,13 @@ redis_init(struct module_env* env, struct cachedb_env* cachedb_env)
 		log_err("out of memory");
 		goto fail;
 	}
+	lock_basic_init(&moddata->wait_lock);
+	lock_protect(&moddata->wait_lock, &moddata->reconnect_wait,
+		sizeof(moddata->reconnect_wait));
+	lock_basic_init(&moddata->replica_wait_lock);
+	lock_protect(&moddata->replica_wait_lock,
+		&moddata->replica_reconnect_wait,
+		sizeof(moddata->replica_reconnect_wait));
 	moddata->numctxs = env->cfg->num_threads;
 	/* note: server_host and similar string configuration options are
 	 * shallow references to configured strings; we don't have to free them
@@ -219,6 +296,8 @@ redis_init(struct module_env* env, struct cachedb_env* cachedb_env)
 	set_timeout(&moddata->replica_connect_timeout,
 		env->cfg->redis_replica_timeout,
 		env->cfg->redis_replica_connect_timeout);
+	set_timeout(&moddata->reconnect_interval, 1000, 0);
+	set_timeout(&moddata->replica_reconnect_interval, 1000, 0);
 
 	moddata->logical_db = env->cfg->redis_logical_db;
 	moddata->replica_logical_db = env->cfg->redis_replica_logical_db;
@@ -245,7 +324,13 @@ redis_init(struct module_env* env, struct cachedb_env* cachedb_env)
 			moddata->server_password,
 			moddata->logical_db,
 			moddata->connect_timeout,
-			moddata->command_timeout);
+			moddata->command_timeout,
+			&moddata->reconnect_interval,
+			&moddata->reconnect_attempts,
+			&moddata->reconnect_wait,
+			&moddata->wait_lock,
+			env->now_tv,
+			"");
 		if(!ctx) {
 			log_err("redis_init: failed to init redis "
 				"(for thread %d)", i);
@@ -263,7 +348,13 @@ redis_init(struct module_env* env, struct cachedb_env* cachedb_env)
 				moddata->replica_server_password,
 				moddata->replica_logical_db,
 				moddata->replica_connect_timeout,
-				moddata->replica_command_timeout);
+				moddata->replica_command_timeout,
+				&moddata->replica_reconnect_interval,
+				&moddata->replica_reconnect_attempts,
+				&moddata->replica_reconnect_wait,
+				&moddata->replica_wait_lock,
+				env->now_tv,
+				"replica ");
 			if(!ctx) {
 				log_err("redis_init: failed to init redis "
 					"replica (for thread %d)", i);
@@ -301,7 +392,7 @@ redis_init(struct module_env* env, struct cachedb_env* cachedb_env)
 set_with_ex_fail:
 	log_err("redis_init: failure during redis_init, the "
 		"redis-expire-records option requires the SET with EX command "
-		"(redis >= 2.6.2)");
+		"(redis >= 2.6.12)");
 	return 1;
 fail:
 	moddata_clean(&moddata);
@@ -364,7 +455,13 @@ redis_command(struct module_env* env, struct cachedb_env* cachedb_env,
 				d->replica_server_password,
 				d->replica_logical_db,
 				d->replica_connect_timeout,
-				d->replica_command_timeout);
+				d->replica_command_timeout,
+				&d->replica_reconnect_interval,
+				&d->replica_reconnect_attempts,
+				&d->replica_reconnect_wait,
+				&d->replica_wait_lock,
+				env->now_tv,
+				"replica ");
 		} else {
 			ctx = redis_connect(
 				d->server_host,
@@ -373,7 +470,13 @@ redis_command(struct module_env* env, struct cachedb_env* cachedb_env,
 				d->server_password,
 				d->logical_db,
 				d->connect_timeout,
-				d->command_timeout);
+				d->command_timeout,
+				&d->reconnect_interval,
+				&d->reconnect_attempts,
+				&d->reconnect_wait,
+				&d->wait_lock,
+				env->now_tv,
+				"");
 		}
 		ctx_selector[env->alloc->thread_num] = ctx;
 	}
@@ -405,7 +508,14 @@ redis_lookup(struct module_env* env, struct cachedb_env* cachedb_env,
 	char* key, struct sldns_buffer* result_buffer)
 {
 	redisReply* rep;
-	char cmdbuf[4+(CACHEDB_HASHSIZE/8)*2+1]; /* "GET " + key */
+	/* Supported commands:
+	 * - "GET " + key
+	 */
+#define REDIS_LOOKUP_MAX_BUF_LEN			\
+	4				/* "GET " */	\
+	+(CACHEDB_HASHSIZE/8)*2		/* key hash */	\
+	+ 1				/* \0 */
+	char cmdbuf[REDIS_LOOKUP_MAX_BUF_LEN];
 	int n;
 	int ret = 0;
 
@@ -465,7 +575,13 @@ redis_store(struct module_env* env, struct cachedb_env* cachedb_env,
 	 *   older redis 2.0.0 was "SETEX " + key + " " + ttl + " %b"
 	 * - "EXPIRE " + key + " 0"
 	 */
-	char cmdbuf[6+(CACHEDB_HASHSIZE/8)*2+11+3+1];
+#define REDIS_STORE_MAX_BUF_LEN				\
+	7			/* "EXPIRE " */		\
+	+(CACHEDB_HASHSIZE/8)*2	/* key hash */		\
+	+ 7			/* " %b EX " */		\
+	+ 20			/* ttl (uint64_t) */	\
+	+ 1			/* \0 */
+	char cmdbuf[REDIS_STORE_MAX_BUF_LEN];
 
 	if (!set_ttl) {
 		verbose(VERB_ALGO, "redis_store %s (%d bytes)", key, (int)data_len);
diff --git a/contrib/unbound/compat/fake-rfc2553.c b/contrib/unbound/compat/fake-rfc2553.c
index 0f0f34f1fb2d..45b703f2bce8 100644
--- a/contrib/unbound/compat/fake-rfc2553.c
+++ b/contrib/unbound/compat/fake-rfc2553.c
@@ -57,7 +57,7 @@ int getnameinfo(const struct sockaddr *sa, size_t ATTR_UNUSED(salen), char *host
 	}
 
 	if (host != NULL) {
-		if (flags & NI_NUMERICHOST) {
+		if ((flags & NI_NUMERICHOST)) {
 			if (strlcpy(host, inet_ntoa(sin->sin_addr),
 			    hostlen) >= hostlen)
 				return (EAI_MEMORY);
@@ -168,7 +168,7 @@ getaddrinfo(const char *hostname, const char *servname,
 			port = 0;
 	}
 
-	if (hints && hints->ai_flags & AI_PASSIVE) {
+	if (hints && (hints->ai_flags & AI_PASSIVE)) {
 		addr = htonl(0x00000000);
 		if (hostname && inet_aton(hostname, &in) != 0)
 			addr = in.s_addr;
@@ -193,7 +193,7 @@ getaddrinfo(const char *hostname, const char *servname,
 	}
 	
 	/* Don't try DNS if AI_NUMERICHOST is set */
-	if (hints && hints->ai_flags & AI_NUMERICHOST)
+	if (hints && (hints->ai_flags & AI_NUMERICHOST))
 		return (EAI_NONAME);
 	
 	hp = gethostbyname(hostname);
diff --git a/contrib/unbound/config.guess b/contrib/unbound/config.guess
index 48a684601bd2..a9d01fde4617 100755
--- a/contrib/unbound/config.guess
+++ b/contrib/unbound/config.guess
@@ -1,10 +1,10 @@
 #! /bin/sh
 # Attempt to guess a canonical system name.
-#   Copyright 1992-2024 Free Software Foundation, Inc.
+#   Copyright 1992-2025 Free Software Foundation, Inc.
 
 # shellcheck disable=SC2006,SC2268 # see below for rationale
 
-timestamp='2024-07-27'
+timestamp='2025-07-10'
 
 # This file is free software; you can redistribute it and/or modify it
 # under the terms of the GNU General Public License as published by
@@ -60,7 +60,7 @@ version="\
 GNU config.guess ($timestamp)
 
 Originally written by Per Bothner.
-Copyright 1992-2024 Free Software Foundation, Inc.
+Copyright 1992-2025 Free Software Foundation, Inc.
 
 This is free software; see the source for copying conditions.  There is NO
 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
@@ -1597,8 +1597,11 @@ EOF
     *:Unleashed:*:*)
 	GUESS=$UNAME_MACHINE-unknown-unleashed$UNAME_RELEASE
 	;;
-    *:Ironclad:*:*)
-	GUESS=$UNAME_MACHINE-unknown-ironclad
+    x86_64:[Ii]ronclad:*:*|i?86:[Ii]ronclad:*:*)
+	GUESS=$UNAME_MACHINE-pc-ironclad-mlibc
+	;;
+    *:[Ii]ronclad:*:*)
+	GUESS=$UNAME_MACHINE-unknown-ironclad-mlibc
 	;;
 esac
 
@@ -1808,8 +1811,8 @@ fi
 exit 1
 
 # Local variables:
-# eval: (add-hook 'before-save-hook 'time-stamp)
+# eval: (add-hook 'before-save-hook 'time-stamp nil t)
 # time-stamp-start: "timestamp='"
-# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-format: "%Y-%02m-%02d"
 # time-stamp-end: "'"
 # End:
diff --git a/contrib/unbound/config.h.in b/contrib/unbound/config.h.in
index f2dc8c8b92b3..a2b3f33c32be 100644
--- a/contrib/unbound/config.h.in
+++ b/contrib/unbound/config.h.in
@@ -48,13 +48,13 @@
    internal symbols */
 #undef EXPORT_ALL_SYMBOLS
 
-/* Define to 1 if you have the `accept4' function. */
+/* Define to 1 if you have the 'accept4' function. */
 #undef HAVE_ACCEPT4
 
-/* Define to 1 if you have the `arc4random' function. */
+/* Define to 1 if you have the 'arc4random' function. */
 #undef HAVE_ARC4RANDOM
 
-/* Define to 1 if you have the `arc4random_uniform' function. */
+/* Define to 1 if you have the 'arc4random_uniform' function. */
 #undef HAVE_ARC4RANDOM_UNIFORM
 
 /* Define to 1 if you have the <arpa/inet.h> header file. */
@@ -78,7 +78,7 @@
 /* If we have be64toh */
 #undef HAVE_BE64TOH
 
-/* Define to 1 if you have the `BIO_set_callback_ex' function. */
+/* Define to 1 if you have the 'BIO_set_callback_ex' function. */
 #undef HAVE_BIO_SET_CALLBACK_EX
 
 /* Define to 1 if you have the <bsd/stdlib.h> header file. */
@@ -87,241 +87,245 @@
 /* Define to 1 if you have the <bsd/string.h> header file. */
 #undef HAVE_BSD_STRING_H
 
-/* Define to 1 if you have the `chown' function. */
+/* Define to 1 if you have the 'chown' function. */
 #undef HAVE_CHOWN
 
-/* Define to 1 if you have the `chroot' function. */
+/* Define to 1 if you have the 'chroot' function. */
 #undef HAVE_CHROOT
 
-/* Define to 1 if you have the `CRYPTO_cleanup_all_ex_data' function. */
+/* Define to 1 if you have the 'CRYPTO_cleanup_all_ex_data' function. */
 #undef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA
 
-/* Define to 1 if you have the `CRYPTO_THREADID_set_callback' function. */
+/* Define to 1 if you have the 'CRYPTO_THREADID_set_callback' function. */
 #undef HAVE_CRYPTO_THREADID_SET_CALLBACK
 
-/* Define to 1 if you have the `ctime_r' function. */
+/* Define to 1 if you have the 'ctime_r' function. */
 #undef HAVE_CTIME_R
 
-/* Define to 1 if you have the `daemon' function. */
+/* Define to 1 if you have the 'daemon' function. */
 #undef HAVE_DAEMON
 
-/* Define to 1 if you have the declaration of `arc4random', and to 0 if you
+/* Define to 1 if you have the declaration of 'arc4random', and to 0 if you
    don't. */
 #undef HAVE_DECL_ARC4RANDOM
 
-/* Define to 1 if you have the declaration of `arc4random_uniform', and to 0
+/* Define to 1 if you have the declaration of 'arc4random_uniform', and to 0
    if you don't. */
 #undef HAVE_DECL_ARC4RANDOM_UNIFORM
 
-/* Define to 1 if you have the declaration of `evsignal_assign', and to 0 if
+/* Define to 1 if you have the declaration of 'evsignal_assign', and to 0 if
    you don't. */
 #undef HAVE_DECL_EVSIGNAL_ASSIGN
 
-/* Define to 1 if you have the declaration of `inet_ntop', and to 0 if you
+/* Define to 1 if you have the declaration of 'inet_ntop', and to 0 if you
    don't. */
 #undef HAVE_DECL_INET_NTOP
 
-/* Define to 1 if you have the declaration of `inet_pton', and to 0 if you
+/* Define to 1 if you have the declaration of 'inet_pton', and to 0 if you
    don't. */
 #undef HAVE_DECL_INET_PTON
 
-/* Define to 1 if you have the declaration of `nghttp2_session_server_new',
+/* Define to 1 if you have the declaration of 'nghttp2_session_server_new',
    and to 0 if you don't. */
 #undef HAVE_DECL_NGHTTP2_SESSION_SERVER_NEW
 
-/* Define to 1 if you have the declaration of `ngtcp2_conn_server_new', and to
+/* Define to 1 if you have the declaration of 'ngtcp2_conn_server_new', and to
    0 if you don't. */
 #undef HAVE_DECL_NGTCP2_CONN_SERVER_NEW
 
-/* Define to 1 if you have the declaration of `ngtcp2_crypto_encrypt_cb', and
+/* Define to 1 if you have the declaration of 'ngtcp2_crypto_encrypt_cb', and
    to 0 if you don't. */
 #undef HAVE_DECL_NGTCP2_CRYPTO_ENCRYPT_CB
 
-/* Define to 1 if you have the declaration of `NID_ED25519', and to 0 if you
+/* Define to 1 if you have the declaration of 'NID_ED25519', and to 0 if you
    don't. */
 #undef HAVE_DECL_NID_ED25519
 
-/* Define to 1 if you have the declaration of `NID_ED448', and to 0 if you
+/* Define to 1 if you have the declaration of 'NID_ED448', and to 0 if you
    don't. */
 #undef HAVE_DECL_NID_ED448
 
-/* Define to 1 if you have the declaration of `NID_secp384r1', and to 0 if you
+/* Define to 1 if you have the declaration of 'NID_secp384r1', and to 0 if you
    don't. */
 #undef HAVE_DECL_NID_SECP384R1
 
-/* Define to 1 if you have the declaration of `NID_X9_62_prime256v1', and to 0
+/* Define to 1 if you have the declaration of 'NID_X9_62_prime256v1', and to 0
    if you don't. */
 #undef HAVE_DECL_NID_X9_62_PRIME256V1
 
-/* Define to 1 if you have the declaration of `reallocarray', and to 0 if you
+/* Define to 1 if you have the declaration of 'reallocarray', and to 0 if you
    don't. */
 #undef HAVE_DECL_REALLOCARRAY
 
-/* Define to 1 if you have the declaration of `redisConnect', and to 0 if you
+/* Define to 1 if you have the declaration of 'redisConnect', and to 0 if you
    don't. */
 #undef HAVE_DECL_REDISCONNECT
 
-/* Define to 1 if you have the declaration of `sk_SSL_COMP_pop_free', and to 0
+/* Define to 1 if you have the declaration of 'sk_SSL_COMP_pop_free', and to 0
    if you don't. */
 #undef HAVE_DECL_SK_SSL_COMP_POP_FREE
 
 /* Define to 1 if you have the declaration of
-   `SSL_COMP_get_compression_methods', and to 0 if you don't. */
+   'SSL_COMP_get_compression_methods', and to 0 if you don't. */
 #undef HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS
 
-/* Define to 1 if you have the declaration of `SSL_CTX_set_ecdh_auto', and to
+/* Define to 1 if you have the declaration of 'SSL_CTX_set_ecdh_auto', and to
    0 if you don't. */
 #undef HAVE_DECL_SSL_CTX_SET_ECDH_AUTO
 
+/* Define to 1 if you have the declaration of `SSL_CTX_set_tmp_ecdh', and to 0
+   if you don't. */
+#undef HAVE_DECL_SSL_CTX_SET_TMP_ECDH
+
 /* Define to 1 if you have the declaration of `strlcat', and to 0 if you
    don't. */
 #undef HAVE_DECL_STRLCAT
 
-/* Define to 1 if you have the declaration of `strlcpy', and to 0 if you
+/* Define to 1 if you have the declaration of 'strlcpy', and to 0 if you
    don't. */
 #undef HAVE_DECL_STRLCPY
 
-/* Define to 1 if you have the declaration of `XML_StopParser', and to 0 if
+/* Define to 1 if you have the declaration of 'XML_StopParser', and to 0 if
    you don't. */
 #undef HAVE_DECL_XML_STOPPARSER
 
 /* Define to 1 if you have the <dlfcn.h> header file. */
 #undef HAVE_DLFCN_H
 
-/* Define to 1 if you have the `DSA_SIG_set0' function. */
+/* Define to 1 if you have the 'DSA_SIG_set0' function. */
 #undef HAVE_DSA_SIG_SET0
 
 /* Define to 1 if you have the <endian.h> header file. */
 #undef HAVE_ENDIAN_H
 
-/* Define to 1 if you have the `endprotoent' function. */
+/* Define to 1 if you have the 'endprotoent' function. */
 #undef HAVE_ENDPROTOENT
 
-/* Define to 1 if you have the `endpwent' function. */
+/* Define to 1 if you have the 'endpwent' function. */
 #undef HAVE_ENDPWENT
 
-/* Define to 1 if you have the `endservent' function. */
+/* Define to 1 if you have the 'endservent' function. */
 #undef HAVE_ENDSERVENT
 
-/* Define to 1 if you have the `ENGINE_cleanup' function. */
+/* Define to 1 if you have the 'ENGINE_cleanup' function. */
 #undef HAVE_ENGINE_CLEANUP
 
-/* Define to 1 if you have the `ERR_free_strings' function. */
+/* Define to 1 if you have the 'ERR_free_strings' function. */
 #undef HAVE_ERR_FREE_STRINGS
 
-/* Define to 1 if you have the `ERR_load_crypto_strings' function. */
+/* Define to 1 if you have the 'ERR_load_crypto_strings' function. */
 #undef HAVE_ERR_LOAD_CRYPTO_STRINGS
 
-/* Define to 1 if you have the `event_assign' function. */
+/* Define to 1 if you have the 'event_assign' function. */
 #undef HAVE_EVENT_ASSIGN
 
-/* Define to 1 if you have the `event_base_free' function. */
+/* Define to 1 if you have the 'event_base_free' function. */
 #undef HAVE_EVENT_BASE_FREE
 
-/* Define to 1 if you have the `event_base_get_method' function. */
+/* Define to 1 if you have the 'event_base_get_method' function. */
 #undef HAVE_EVENT_BASE_GET_METHOD
 
-/* Define to 1 if you have the `event_base_new' function. */
+/* Define to 1 if you have the 'event_base_new' function. */
 #undef HAVE_EVENT_BASE_NEW
 
-/* Define to 1 if you have the `event_base_once' function. */
+/* Define to 1 if you have the 'event_base_once' function. */
 #undef HAVE_EVENT_BASE_ONCE
 
 /* Define to 1 if you have the <event.h> header file. */
 #undef HAVE_EVENT_H
 
-/* Define to 1 if you have the `EVP_aes_256_cbc' function. */
+/* Define to 1 if you have the 'EVP_aes_256_cbc' function. */
 #undef HAVE_EVP_AES_256_CBC
 
-/* Define to 1 if you have the `EVP_cleanup' function. */
+/* Define to 1 if you have the 'EVP_cleanup' function. */
 #undef HAVE_EVP_CLEANUP
 
-/* Define to 1 if you have the `EVP_default_properties_is_fips_enabled'
+/* Define to 1 if you have the 'EVP_default_properties_is_fips_enabled'
    function. */
 #undef HAVE_EVP_DEFAULT_PROPERTIES_IS_FIPS_ENABLED
 
-/* Define to 1 if you have the `EVP_DigestVerify' function. */
+/* Define to 1 if you have the 'EVP_DigestVerify' function. */
 #undef HAVE_EVP_DIGESTVERIFY
 
-/* Define to 1 if you have the `EVP_dss1' function. */
+/* Define to 1 if you have the 'EVP_dss1' function. */
 #undef HAVE_EVP_DSS1
 
-/* Define to 1 if you have the `EVP_EncryptInit_ex' function. */
+/* Define to 1 if you have the 'EVP_EncryptInit_ex' function. */
 #undef HAVE_EVP_ENCRYPTINIT_EX
 
-/* Define to 1 if you have the `EVP_MAC_CTX_set_params' function. */
+/* Define to 1 if you have the 'EVP_MAC_CTX_set_params' function. */
 #undef HAVE_EVP_MAC_CTX_SET_PARAMS
 
-/* Define to 1 if you have the `EVP_MD_CTX_new' function. */
+/* Define to 1 if you have the 'EVP_MD_CTX_new' function. */
 #undef HAVE_EVP_MD_CTX_NEW
 
-/* Define to 1 if you have the `EVP_sha1' function. */
+/* Define to 1 if you have the 'EVP_sha1' function. */
 #undef HAVE_EVP_SHA1
 
-/* Define to 1 if you have the `EVP_sha256' function. */
+/* Define to 1 if you have the 'EVP_sha256' function. */
 #undef HAVE_EVP_SHA256
 
-/* Define to 1 if you have the `EVP_sha512' function. */
+/* Define to 1 if you have the 'EVP_sha512' function. */
 #undef HAVE_EVP_SHA512
 
-/* Define to 1 if you have the `ev_default_loop' function. */
+/* Define to 1 if you have the 'ev_default_loop' function. */
 #undef HAVE_EV_DEFAULT_LOOP
 
-/* Define to 1 if you have the `ev_loop' function. */
+/* Define to 1 if you have the 'ev_loop' function. */
 #undef HAVE_EV_LOOP
 
 /* Define to 1 if you have the <expat.h> header file. */
 #undef HAVE_EXPAT_H
 
-/* Define to 1 if you have the `explicit_bzero' function. */
+/* Define to 1 if you have the 'explicit_bzero' function. */
 #undef HAVE_EXPLICIT_BZERO
 
-/* Define to 1 if you have the `fcntl' function. */
+/* Define to 1 if you have the 'fcntl' function. */
 #undef HAVE_FCNTL
 
-/* Define to 1 if you have the `FIPS_mode' function. */
+/* Define to 1 if you have the 'FIPS_mode' function. */
 #undef HAVE_FIPS_MODE
 
-/* Define to 1 if you have the `fork' function. */
+/* Define to 1 if you have the 'fork' function. */
 #undef HAVE_FORK
 
-/* Define to 1 if fseeko (and presumably ftello) exists and is declared. */
+/* Define to 1 if fseeko (and ftello) are declared in stdio.h. */
 #undef HAVE_FSEEKO
 
-/* Define to 1 if you have the `fsync' function. */
+/* Define to 1 if you have the 'fsync' function. */
 #undef HAVE_FSYNC
 
 /* Whether getaddrinfo is available */
 #undef HAVE_GETADDRINFO
 
-/* Define to 1 if you have the `getauxval' function. */
+/* Define to 1 if you have the 'getauxval' function. */
 #undef HAVE_GETAUXVAL
 
-/* Define to 1 if you have the `getentropy' function. */
+/* Define to 1 if you have the 'getentropy' function. */
 #undef HAVE_GETENTROPY
 
-/* Define to 1 if you have the `getifaddrs' function. */
+/* Define to 1 if you have the 'getifaddrs' function. */
 #undef HAVE_GETIFADDRS
 
 /* Define to 1 if you have the <getopt.h> header file. */
 #undef HAVE_GETOPT_H
 
-/* Define to 1 if you have the `getpwnam' function. */
+/* Define to 1 if you have the 'getpwnam' function. */
 #undef HAVE_GETPWNAM
 
-/* Define to 1 if you have the `getrlimit' function. */
+/* Define to 1 if you have the 'getrlimit' function. */
 #undef HAVE_GETRLIMIT
 
-/* Define to 1 if you have the `gettid' function. */
+/* Define to 1 if you have the 'gettid' function. */
 #undef HAVE_GETTID
 
-/* Define to 1 if you have the `glob' function. */
+/* Define to 1 if you have the 'glob' function. */
 #undef HAVE_GLOB
 
 /* Define to 1 if you have the <glob.h> header file. */
 #undef HAVE_GLOB_H
 
-/* Define to 1 if you have the `gmtime_r' function. */
+/* Define to 1 if you have the 'gmtime_r' function. */
 #undef HAVE_GMTIME_R
 
 /* Define to 1 if you have the <grp.h> header file. */
@@ -330,7 +334,7 @@
 /* Define to 1 if you have the <hiredis/hiredis.h> header file. */
 #undef HAVE_HIREDIS_HIREDIS_H
 
-/* Define to 1 if you have the `HMAC_Init_ex' function. */
+/* Define to 1 if you have the 'HMAC_Init_ex' function. */
 #undef HAVE_HMAC_INIT_EX
 
 /* If we have htobe64 */
@@ -339,19 +343,19 @@
 /* Define to 1 if you have the <ifaddrs.h> header file. */
 #undef HAVE_IFADDRS_H
 
-/* Define to 1 if you have the `if_nametoindex' function. */
+/* Define to 1 if you have the 'if_nametoindex' function. */
 #undef HAVE_IF_NAMETOINDEX
 
-/* Define to 1 if you have the `inet_aton' function. */
+/* Define to 1 if you have the 'inet_aton' function. */
 #undef HAVE_INET_ATON
 
-/* Define to 1 if you have the `inet_ntop' function. */
+/* Define to 1 if you have the 'inet_ntop' function. */
 #undef HAVE_INET_NTOP
 
-/* Define to 1 if you have the `inet_pton' function. */
+/* Define to 1 if you have the 'inet_pton' function. */
 #undef HAVE_INET_PTON
 
-/* Define to 1 if you have the `initgroups' function. */
+/* Define to 1 if you have the 'initgroups' function. */
 #undef HAVE_INITGROUPS
 
 /* Define to 1 if you have the <inttypes.h> header file. */
@@ -363,10 +367,10 @@
 /* Define to 1 if you have the <iphlpapi.h> header file. */
 #undef HAVE_IPHLPAPI_H
 
-/* Define to 1 if you have the `isblank' function. */
+/* Define to 1 if you have the 'isblank' function. */
 #undef HAVE_ISBLANK
 
-/* Define to 1 if you have the `kill' function. */
+/* Define to 1 if you have the 'kill' function. */
 #undef HAVE_KILL
 
 /* Use portable libbsd functions */
@@ -384,7 +388,7 @@
 /* Define to 1 if you have the <linux/net_tstamp.h> header file. */
 #undef HAVE_LINUX_NET_TSTAMP_H
 
-/* Define to 1 if you have the `localtime_r' function. */
+/* Define to 1 if you have the 'localtime_r' function. */
 #undef HAVE_LOCALTIME_R
 
 /* Define to 1 if you have the <login_cap.h> header file. */
@@ -393,7 +397,7 @@
 /* If have GNU libc compatible malloc */
 #undef HAVE_MALLOC
 
-/* Define to 1 if you have the `memmove' function. */
+/* Define to 1 if you have the 'memmove' function. */
 #undef HAVE_MEMMOVE
 
 /* Define to 1 if you have the <minix/config.h> header file. */
@@ -435,48 +439,51 @@
 /* Define this to use ngtcp2. */
 #undef HAVE_NGTCP2
 
-/* Define to 1 if you have the `ngtcp2_ccerr_default' function. */
+/* Define to 1 if you have the 'ngtcp2_ccerr_default' function. */
 #undef HAVE_NGTCP2_CCERR_DEFAULT
 
-/* Define to 1 if you have the `ngtcp2_conn_encode_0rtt_transport_params'
+/* Define to 1 if you have the 'ngtcp2_conn_encode_0rtt_transport_params'
    function. */
 #undef HAVE_NGTCP2_CONN_ENCODE_0RTT_TRANSPORT_PARAMS
 
-/* Define to 1 if you have the `ngtcp2_conn_get_max_local_streams_uni'
+/* Define to 1 if you have the 'ngtcp2_conn_get_max_local_streams_uni'
    function. */
 #undef HAVE_NGTCP2_CONN_GET_MAX_LOCAL_STREAMS_UNI
 
-/* Define to 1 if you have the `ngtcp2_conn_get_num_scid' function. */
+/* Define to 1 if you have the 'ngtcp2_conn_get_num_scid' function. */
 #undef HAVE_NGTCP2_CONN_GET_NUM_SCID
 
-/* Define to 1 if you have the `ngtcp2_conn_in_closing_period' function. */
+/* Define to 1 if you have the 'ngtcp2_conn_in_closing_period' function. */
 #undef HAVE_NGTCP2_CONN_IN_CLOSING_PERIOD
 
-/* Define to 1 if you have the `ngtcp2_conn_in_draining_period' function. */
+/* Define to 1 if you have the 'ngtcp2_conn_in_draining_period' function. */
 #undef HAVE_NGTCP2_CONN_IN_DRAINING_PERIOD
 
 /* Define if ngtcp2_conn_shutdown_stream has 4 arguments. */
 #undef HAVE_NGTCP2_CONN_SHUTDOWN_STREAM4
 
-/* Define to 1 if you have the `ngtcp2_conn_tls_early_data_rejected' function.
+/* Define to 1 if you have the 'ngtcp2_conn_tls_early_data_rejected' function.
    */
 #undef HAVE_NGTCP2_CONN_TLS_EARLY_DATA_REJECTED
 
-/* Define to 1 if you have the `ngtcp2_crypto_encrypt_cb' function. */
+/* Define to 1 if you have the 'ngtcp2_crypto_encrypt_cb' function. */
 #undef HAVE_NGTCP2_CRYPTO_ENCRYPT_CB
 
 /* Define to 1 if you have the
-   `ngtcp2_crypto_quictls_configure_client_context' function. */
+   'ngtcp2_crypto_quictls_configure_client_context' function. */
 #undef HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_CLIENT_CONTEXT
 
 /* Define to 1 if you have the
-   `ngtcp2_crypto_quictls_configure_server_context' function. */
+   'ngtcp2_crypto_quictls_configure_server_context' function. */
 #undef HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_SERVER_CONTEXT
 
 /* Define to 1 if you have the
-   `ngtcp2_crypto_quictls_from_ossl_encryption_level' function. */
+   'ngtcp2_crypto_quictls_from_ossl_encryption_level' function. */
 #undef HAVE_NGTCP2_CRYPTO_QUICTLS_FROM_OSSL_ENCRYPTION_LEVEL
 
+/* Define to 1 if you have the `ngtcp2_crypto_quictls_init' function. */
+#undef HAVE_NGTCP2_CRYPTO_QUICTLS_INIT
+
 /* Define to 1 if the system has the type `ngtcp2_encryption_level'. */
 #undef HAVE_NGTCP2_ENCRYPTION_LEVEL
 
@@ -484,6 +491,9 @@
    */
 #undef HAVE_NGTCP2_NGTCP2_CRYPTO_OPENSSL_H
 
+/* Define to 1 if you have the <ngtcp2/ngtcp2_crypto_ossl.h> header file. */
+#undef HAVE_NGTCP2_NGTCP2_CRYPTO_OSSL_H
+
 /* Define to 1 if you have the <ngtcp2/ngtcp2_crypto_quictls.h> header file.
    */
 #undef HAVE_NGTCP2_NGTCP2_CRYPTO_QUICTLS_H
@@ -494,13 +504,13 @@
 /* Use libnss for crypto */
 #undef HAVE_NSS
 
-/* Define to 1 if you have the `OpenSSL_add_all_digests' function. */
+/* Define to 1 if you have the 'OpenSSL_add_all_digests' function. */
 #undef HAVE_OPENSSL_ADD_ALL_DIGESTS
 
 /* Define to 1 if you have the <openssl/bn.h> header file. */
 #undef HAVE_OPENSSL_BN_H
 
-/* Define to 1 if you have the `OPENSSL_config' function. */
+/* Define to 1 if you have the 'OPENSSL_config' function. */
 #undef HAVE_OPENSSL_CONFIG
 
 /* Define to 1 if you have the <openssl/conf.h> header file. */
@@ -521,10 +531,10 @@
 /* Define to 1 if you have the <openssl/err.h> header file. */
 #undef HAVE_OPENSSL_ERR_H
 
-/* Define to 1 if you have the `OPENSSL_init_crypto' function. */
+/* Define to 1 if you have the 'OPENSSL_init_crypto' function. */
 #undef HAVE_OPENSSL_INIT_CRYPTO
 
-/* Define to 1 if you have the `OPENSSL_init_ssl' function. */
+/* Define to 1 if you have the 'OPENSSL_init_ssl' function. */
 #undef HAVE_OPENSSL_INIT_SSL
 
 /* Define to 1 if you have the <openssl/param_build.h> header file. */
@@ -539,10 +549,10 @@
 /* Define to 1 if you have the <openssl/ssl.h> header file. */
 #undef HAVE_OPENSSL_SSL_H
 
-/* Define to 1 if you have the `OSSL_PARAM_BLD_new' function. */
+/* Define to 1 if you have the 'OSSL_PARAM_BLD_new' function. */
 #undef HAVE_OSSL_PARAM_BLD_NEW
 
-/* Define to 1 if you have the `poll' function. */
+/* Define to 1 if you have the 'poll' function. */
 #undef HAVE_POLL
 
 /* Define to 1 if you have the <poll.h> header file. */
@@ -554,10 +564,10 @@
 /* Have PTHREAD_PRIO_INHERIT. */
 #undef HAVE_PTHREAD_PRIO_INHERIT
 
-/* Define to 1 if the system has the type `pthread_rwlock_t'. */
+/* Define to 1 if the system has the type 'pthread_rwlock_t'. */
 #undef HAVE_PTHREAD_RWLOCK_T
 
-/* Define to 1 if the system has the type `pthread_spinlock_t'. */
+/* Define to 1 if the system has the type 'pthread_spinlock_t'. */
 #undef HAVE_PTHREAD_SPINLOCK_T
 
 /* Define to 1 if you have the <pwd.h> header file. */
@@ -566,101 +576,98 @@
 /* Define if you have Python libraries and header files. */
 #undef HAVE_PYTHON
 
-/* Define to 1 if you have the `random' function. */
+/* Define to 1 if you have the 'random' function. */
 #undef HAVE_RANDOM
 
-/* Define to 1 if you have the `RAND_cleanup' function. */
+/* Define to 1 if you have the 'RAND_cleanup' function. */
 #undef HAVE_RAND_CLEANUP
 
 /* If we have reallocarray(3) */
 #undef HAVE_REALLOCARRAY
 
-/* Define to 1 if you have the `recvmsg' function. */
+/* Define to 1 if you have the 'recvmsg' function. */
 #undef HAVE_RECVMSG
 
-/* Define to 1 if you have the `sendmsg' function. */
+/* Define to 1 if you have the 'sendmsg' function. */
 #undef HAVE_SENDMSG
 
-/* Define to 1 if you have the `setregid' function. */
+/* Define to 1 if you have the 'setregid' function. */
 #undef HAVE_SETREGID
 
-/* Define to 1 if you have the `setresgid' function. */
+/* Define to 1 if you have the 'setresgid' function. */
 #undef HAVE_SETRESGID
 
-/* Define to 1 if you have the `setresuid' function. */
+/* Define to 1 if you have the 'setresuid' function. */
 #undef HAVE_SETRESUID
 
-/* Define to 1 if you have the `setreuid' function. */
+/* Define to 1 if you have the 'setreuid' function. */
 #undef HAVE_SETREUID
 
-/* Define to 1 if you have the `setrlimit' function. */
+/* Define to 1 if you have the 'setrlimit' function. */
 #undef HAVE_SETRLIMIT
 
-/* Define to 1 if you have the `setsid' function. */
+/* Define to 1 if you have the 'setsid' function. */
 #undef HAVE_SETSID
 
-/* Define to 1 if you have the `setusercontext' function. */
+/* Define to 1 if you have the 'setusercontext' function. */
 #undef HAVE_SETUSERCONTEXT
 
-/* Define to 1 if you have the `SHA512_Update' function. */
+/* Define to 1 if you have the 'SHA512_Update' function. */
 #undef HAVE_SHA512_UPDATE
 
-/* Define to 1 if you have the `shmget' function. */
+/* Define to 1 if you have the 'shmget' function. */
 #undef HAVE_SHMGET
 
-/* Define to 1 if you have the `sigprocmask' function. */
+/* Define to 1 if you have the 'sigprocmask' function. */
 #undef HAVE_SIGPROCMASK
 
-/* Define to 1 if you have the `sleep' function. */
+/* Define to 1 if you have the 'sleep' function. */
 #undef HAVE_SLEEP
 
-/* Define to 1 if you have the `snprintf' function. */
+/* Define to 1 if you have the 'snprintf' function. */
 #undef HAVE_SNPRINTF
 
-/* Define to 1 if you have the `socketpair' function. */
+/* Define to 1 if you have the 'socketpair' function. */
 #undef HAVE_SOCKETPAIR
 
 /* Using Solaris threads */
 #undef HAVE_SOLARIS_THREADS
 
-/* Define to 1 if you have the `srandom' function. */
+/* Define to 1 if you have the 'srandom' function. */
 #undef HAVE_SRANDOM
 
 /* Define if you have the SSL libraries installed. */
 #undef HAVE_SSL
 
-/* Define to 1 if you have the `SSL_CTX_set_alpn_protos' function. */
+/* Define to 1 if you have the 'SSL_CTX_set_alpn_protos' function. */
 #undef HAVE_SSL_CTX_SET_ALPN_PROTOS
 
-/* Define to 1 if you have the `SSL_CTX_set_alpn_select_cb' function. */
+/* Define to 1 if you have the 'SSL_CTX_set_alpn_select_cb' function. */
 #undef HAVE_SSL_CTX_SET_ALPN_SELECT_CB
 
-/* Define to 1 if you have the `SSL_CTX_set_ciphersuites' function. */
+/* Define to 1 if you have the 'SSL_CTX_set_ciphersuites' function. */
 #undef HAVE_SSL_CTX_SET_CIPHERSUITES
 
-/* Define to 1 if you have the `SSL_CTX_set_security_level' function. */
+/* Define to 1 if you have the 'SSL_CTX_set_security_level' function. */
 #undef HAVE_SSL_CTX_SET_SECURITY_LEVEL
 
-/* Define to 1 if you have the `SSL_CTX_set_tlsext_ticket_key_evp_cb'
+/* Define to 1 if you have the 'SSL_CTX_set_tlsext_ticket_key_evp_cb'
    function. */
 #undef HAVE_SSL_CTX_SET_TLSEXT_TICKET_KEY_EVP_CB
 
-/* Define to 1 if you have the `SSL_CTX_set_tmp_ecdh' function. */
-#undef HAVE_SSL_CTX_SET_TMP_ECDH
-
 /* Define to 1 if you have the `SSL_get0_alpn_selected' function. */
 #undef HAVE_SSL_GET0_ALPN_SELECTED
 
-/* Define to 1 if you have the `SSL_get0_peername' function. */
+/* Define to 1 if you have the 'SSL_get0_peername' function. */
 #undef HAVE_SSL_GET0_PEERNAME
 
-/* Define to 1 if you have the `SSL_get1_peer_certificate' function. */
+/* Define to 1 if you have the 'SSL_get1_peer_certificate' function. */
 #undef HAVE_SSL_GET1_PEER_CERTIFICATE
 
-/* Define to 1 if you have the `SSL_is_quic' function. */
+/* Define to 1 if you have the 'SSL_is_quic' function. */
 #undef HAVE_SSL_IS_QUIC
 
-/* Define to 1 if you have the `SSL_set1_host' function. */
+/* Define to 1 if you have the 'SSL_set1_host' function. */
 #undef HAVE_SSL_SET1_HOST
 
 /* Define to 1 if you have the <stdarg.h> header file. */
@@ -681,7 +688,7 @@
 /* Define to 1 if you have the <stdlib.h> header file. */
 #undef HAVE_STDLIB_H
 
-/* Define to 1 if you have the `strftime' function. */
+/* Define to 1 if you have the 'strftime' function. */
 #undef HAVE_STRFTIME
 
 /* Define to 1 if you have the <strings.h> header file. */
@@ -690,39 +697,39 @@
 /* Define to 1 if you have the <string.h> header file. */
 #undef HAVE_STRING_H
 
-/* Define to 1 if you have the `strlcat' function. */
+/* Define to 1 if you have the 'strlcat' function. */
 #undef HAVE_STRLCAT
 
-/* Define to 1 if you have the `strlcpy' function. */
+/* Define to 1 if you have the 'strlcpy' function. */
 #undef HAVE_STRLCPY
 
-/* Define to 1 if you have the `strptime' function. */
+/* Define to 1 if you have the 'strptime' function. */
 #undef HAVE_STRPTIME
 
-/* Define to 1 if you have the `strsep' function. */
+/* Define to 1 if you have the 'strsep' function. */
 #undef HAVE_STRSEP
 
-/* Define to 1 if `ipi_spec_dst' is a member of `struct in_pktinfo'. */
+/* Define to 1 if 'ipi_spec_dst' is a member of 'struct in_pktinfo'. */
 #undef HAVE_STRUCT_IN_PKTINFO_IPI_SPEC_DST
 
-/* Define to 1 if `tokenlen' is a member of `struct ngtcp2_pkt_hd'. */
+/* Define to 1 if 'tokenlen' is a member of 'struct ngtcp2_pkt_hd'. */
 #undef HAVE_STRUCT_NGTCP2_PKT_HD_TOKENLEN
 
-/* Define to 1 if `max_tx_udp_payload_size' is a member of `struct
+/* Define to 1 if 'max_tx_udp_payload_size' is a member of 'struct
    ngtcp2_settings'. */
 #undef HAVE_STRUCT_NGTCP2_SETTINGS_MAX_TX_UDP_PAYLOAD_SIZE
 
-/* Define to 1 if `tokenlen' is a member of `struct ngtcp2_settings'. */
+/* Define to 1 if 'tokenlen' is a member of 'struct ngtcp2_settings'. */
 #undef HAVE_STRUCT_NGTCP2_SETTINGS_TOKENLEN
 
-/* Define to 1 if `original_dcid_present' is a member of `struct
+/* Define to 1 if 'original_dcid_present' is a member of 'struct
    ngtcp2_transport_params'. */
 #undef HAVE_STRUCT_NGTCP2_TRANSPORT_PARAMS_ORIGINAL_DCID_PRESENT
 
-/* Define to 1 if the system has the type `struct ngtcp2_version_cid'. */
+/* Define to 1 if the system has the type 'struct ngtcp2_version_cid'. */
 #undef HAVE_STRUCT_NGTCP2_VERSION_CID
 
-/* Define to 1 if `sun_len' is a member of `struct sockaddr_un'. */
+/* Define to 1 if 'sun_len' is a member of 'struct sockaddr_un'. */
 #undef HAVE_STRUCT_SOCKADDR_UN_SUN_LEN
 
 /* Define if you have Swig libraries and header files. */
@@ -782,16 +789,16 @@
 /* Define to 1 if you have the <time.h> header file. */
 #undef HAVE_TIME_H
 
-/* Define to 1 if you have the `tzset' function. */
+/* Define to 1 if you have the 'tzset' function. */
 #undef HAVE_TZSET
 
 /* Define to 1 if you have the <unistd.h> header file. */
 #undef HAVE_UNISTD_H
 
-/* Define to 1 if you have the `usleep' function. */
+/* Define to 1 if you have the 'usleep' function. */
 #undef HAVE_USLEEP
 
-/* Define to 1 if you have the `vfork' function. */
+/* Define to 1 if you have the 'vfork' function. */
 #undef HAVE_VFORK
 
 /* Define to 1 if you have the <vfork.h> header file. */
@@ -809,22 +816,22 @@
 /* Define to 1 if you have the <winsock2.h> header file. */
 #undef HAVE_WINSOCK2_H
 
-/* Define to 1 if `fork' works. */
+/* Define to 1 if 'fork' works. */
 #undef HAVE_WORKING_FORK
 
-/* Define to 1 if `vfork' works. */
+/* Define to 1 if 'vfork' works. */
 #undef HAVE_WORKING_VFORK
 
-/* Define to 1 if you have the `writev' function. */
+/* Define to 1 if you have the 'writev' function. */
 #undef HAVE_WRITEV
 
 /* Define to 1 if you have the <ws2tcpip.h> header file. */
 #undef HAVE_WS2TCPIP_H
 
-/* Define to 1 if you have the `X509_VERIFY_PARAM_set1_host' function. */
+/* Define to 1 if you have the 'X509_VERIFY_PARAM_set1_host' function. */
 #undef HAVE_X509_VERIFY_PARAM_SET1_HOST
 
-/* Define to 1 if you have the `_beginthreadex' function. */
+/* Define to 1 if you have the '_beginthreadex' function. */
 #undef HAVE__BEGINTHREADEX
 
 /* If HMAC_Init_ex() returns void */
@@ -923,16 +930,16 @@
 /* Shared data */
 #undef SHARE_DIR
 
-/* The size of `pthread_t', as computed by sizeof. */
+/* The size of 'pthread_t', as computed by sizeof. */
 #undef SIZEOF_PTHREAD_T
 
-/* The size of `size_t', as computed by sizeof. */
+/* The size of 'size_t', as computed by sizeof. */
 #undef SIZEOF_SIZE_T
 
-/* The size of `time_t', as computed by sizeof. */
+/* The size of 'time_t', as computed by sizeof. */
 #undef SIZEOF_TIME_T
 
-/* The size of `unsigned long', as computed by sizeof. */
+/* The size of 'unsigned long', as computed by sizeof. */
 #undef SIZEOF_UNSIGNED_LONG
 
 /* define if (v)snprintf does not return length needed, (but length used) */
@@ -941,7 +948,7 @@
 /* Define to 1 if libsodium supports sodium_set_misuse_handler */
 #undef SODIUM_MISUSE_HANDLER
 
-/* Define to 1 if all of the C90 standard headers exist (not just the ones
+/* Define to 1 if all of the C89 standard headers exist (not just the ones
    required in a freestanding environment). This macro is provided for
    backward compatibility; new code need not use it. */
 #undef STDC_HEADERS
@@ -1023,6 +1030,9 @@
 /* Define this to enable client TCP Fast Open. */
 #undef USE_MSG_FASTOPEN
 
+/* Define this to use ngtcp2_crypto_ossl. */
+#undef USE_NGTCP2_CRYPTO_OSSL
+
 /* Define this to enable client TCP Fast Open. */
 #undef USE_OSX_MSG_FASTOPEN
 
@@ -1035,7 +1045,7 @@
 /* Define this to enable SHA256 and SHA512 support. */
 #undef USE_SHA2
 
-/* Enable extensions on AIX 3, Interix.  */
+/* Enable extensions on AIX, Interix, z/OS.  */
 #ifndef _ALL_SOURCE
 # undef _ALL_SOURCE
 #endif
@@ -1096,11 +1106,15 @@
 #ifndef __STDC_WANT_IEC_60559_DFP_EXT__
 # undef __STDC_WANT_IEC_60559_DFP_EXT__
 #endif
+/* Enable extensions specified by C23 Annex F.  */
+#ifndef __STDC_WANT_IEC_60559_EXT__
+# undef __STDC_WANT_IEC_60559_EXT__
+#endif
 /* Enable extensions specified by ISO/IEC TS 18661-4:2015.  */
 #ifndef __STDC_WANT_IEC_60559_FUNCS_EXT__
 # undef __STDC_WANT_IEC_60559_FUNCS_EXT__
 #endif
-/* Enable extensions specified by ISO/IEC TS 18661-3:2015.  */
+/* Enable extensions specified by C23 Annex H and ISO/IEC TS 18661-3:2015.  */
 #ifndef __STDC_WANT_IEC_60559_TYPES_EXT__
 # undef __STDC_WANT_IEC_60559_TYPES_EXT__
 #endif
@@ -1141,30 +1155,36 @@
 /* Define if you want PyUnbound. */
 #undef WITH_PYUNBOUND
 
-/* Define to 1 if `lex' declares `yytext' as a `char *' by default, not a
-   `char[]'. */
+/* Define to 1 if 'lex' declares 'yytext' as a 'char *' by default, not a
+   'char[]'. */
 #undef YYTEXT_POINTER
 
 /* Number of bits in a file offset, on hosts where this is settable. */
 #undef _FILE_OFFSET_BITS
 
-/* Define to 1 to make fseeko visible on some hosts (e.g. glibc 2.2). */
+/* Define to 1 if necessary to make fseeko visible. */
 #undef _LARGEFILE_SOURCE
 
-/* Define for large files, on AIX-style hosts. */
+/* Define to 1 on platforms where this makes off_t a 64-bit type. */
 #undef _LARGE_FILES
 
 /* Enable for compile on Minix */
 #undef _NETBSD_SOURCE
 
+/* Number of bits in time_t, on hosts where this is settable. */
+#undef _TIME_BITS
+
+/* Define to 1 on platforms where this makes time_t a 64-bit type. */
+#undef __MINGW_USE_VC2005_COMPAT
+
 /* defined to use gcc ansi snprintf and sscanf that understands %lld when
    compiled for windows. */
 #undef __USE_MINGW_ANSI_STDIO
 
-/* Define to empty if `const' does not conform to ANSI C. */
+/* Define to empty if 'const' does not conform to ANSI C. */
 #undef const
 
-/* Define to `int' if <sys/types.h> doesn't define. */
+/* Define as 'int' if <sys/types.h> doesn't define. */
 #undef gid_t
 
 /* in_addr_t */
@@ -1173,28 +1193,28 @@
 /* in_port_t */
 #undef in_port_t
 
-/* Define to `__inline__' or `__inline' if that's what the C compiler
+/* Define to '__inline__' or '__inline' if that's what the C compiler
    calls it, or to nothing if 'inline' is not supported under any name.  */
 #ifndef __cplusplus
 #undef inline
 #endif
 
-/* Define to `short' if <sys/types.h> does not define. */
+/* Define to 'short' if <sys/types.h> does not define. */
 #undef int16_t
 
-/* Define to `int' if <sys/types.h> does not define. */
+/* Define to 'int' if <sys/types.h> does not define. */
 #undef int32_t
 
-/* Define to `long long' if <sys/types.h> does not define. */
+/* Define to 'long long' if <sys/types.h> does not define. */
 #undef int64_t
 
-/* Define to `signed char' if <sys/types.h> does not define. */
+/* Define to 'signed char' if <sys/types.h> does not define. */
 #undef int8_t
 
 /* Define if replacement function should be used. */
 #undef malloc
 
-/* Define to `long int' if <sys/types.h> does not define. */
+/* Define to 'long int' if <sys/types.h> does not define. */
 #undef off_t
 
 /* Define as a signed integer type capable of holding a process identifier. */
@@ -1203,34 +1223,34 @@
 /* Define to 'int' if not defined */
 #undef rlim_t
 
-/* Define to `unsigned int' if <sys/types.h> does not define. */
+/* Define as 'unsigned int' if <stddef.h> doesn't define. */
 #undef size_t
 
 /* Define to 'int' if not defined */
 #undef socklen_t
 
-/* Define to `int' if <sys/types.h> does not define. */
+/* Define to 'int' if <sys/types.h> does not define. */
 #undef ssize_t
 
 /* Define to 'unsigned char if not defined */
 #undef u_char
 
-/* Define to `int' if <sys/types.h> doesn't define. */
+/* Define as 'int' if <sys/types.h> doesn't define. */
 #undef uid_t
 
-/* Define to `unsigned short' if <sys/types.h> does not define. */
+/* Define to 'unsigned short' if <sys/types.h> does not define. */
 #undef uint16_t
 
-/* Define to `unsigned int' if <sys/types.h> does not define. */
+/* Define to 'unsigned int' if <sys/types.h> does not define. */
 #undef uint32_t
 
-/* Define to `unsigned long long' if <sys/types.h> does not define. */
+/* Define to 'unsigned long long' if <sys/types.h> does not define. */
 #undef uint64_t
 
-/* Define to `unsigned char' if <sys/types.h> does not define. */
+/* Define to 'unsigned char' if <sys/types.h> does not define. */
 #undef uint8_t
 
-/* Define as `fork' if `vfork' does not work. */
+/* Define as 'fork' if 'vfork' does not work. */
 #undef vfork
 
 #if defined(OMITTED__D_GNU_SOURCE) && !defined(_GNU_SOURCE)
diff --git a/contrib/unbound/config.sub b/contrib/unbound/config.sub
index 4aaae46f6f74..3d35cde174de 100755
--- a/contrib/unbound/config.sub
+++ b/contrib/unbound/config.sub
@@ -1,10 +1,10 @@
 #! /bin/sh
 # Configuration validation subroutine script.
-#   Copyright 1992-2024 Free Software Foundation, Inc.
+#   Copyright 1992-2025 Free Software Foundation, Inc.
 
 # shellcheck disable=SC2006,SC2268,SC2162 # see below for rationale
 
-timestamp='2024-05-27'
+timestamp='2025-07-10'
 
 # This file is free software; you can redistribute it and/or modify it
 # under the terms of the GNU General Public License as published by
@@ -76,7 +76,7 @@ Report bugs and patches to <config-patches@gnu.org>."
 version="\
 GNU config.sub ($timestamp)
 
-Copyright 1992-2024 Free Software Foundation, Inc.
+Copyright 1992-2025 Free Software Foundation, Inc.
 
 This is free software; see the source for copying conditions.  There is NO
 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
@@ -145,6 +145,7 @@ case $1 in
 			| kfreebsd*-gnu* \
 			| knetbsd*-gnu* \
 			| kopensolaris*-gnu* \
+			| ironclad-* \
 			| linux-* \
 			| managarm-* \
 			| netbsd*-eabi* \
@@ -242,7 +243,6 @@ case $1 in
 					| rombug \
 					| semi \
 					| sequent* \
-					| siemens \
 					| sgi* \
 					| siemens \
 					| sim \
@@ -261,7 +261,7 @@ case $1 in
 						basic_machine=$field1-$field2
 						basic_os=
 						;;
-					zephyr*)
+					tock* | zephyr*)
 						basic_machine=$field1-unknown
 						basic_os=$field2
 						;;
@@ -1194,7 +1194,7 @@ case $cpu-$vendor in
 	xscale-* | xscalee[bl]-*)
 		cpu=`echo "$cpu" | sed 's/^xscale/arm/'`
 		;;
-	arm64-* | aarch64le-*)
+	arm64-* | aarch64le-* | arm64_32-*)
 		cpu=aarch64
 		;;
 
@@ -1321,6 +1321,7 @@ case $cpu-$vendor in
 			| i960 \
 			| ia16 \
 			| ia64 \
+			| intelgt \
 			| ip2k \
 			| iq2000 \
 			| javascript \
@@ -1522,6 +1523,10 @@ EOF
 		kernel=nto
 		os=`echo "$basic_os" | sed -e 's|nto|qnx|'`
 		;;
+	ironclad*)
+		kernel=ironclad
+		os=`echo "$basic_os" | sed -e 's|ironclad|mlibc|'`
+		;;
 	linux*)
 		kernel=linux
 		os=`echo "$basic_os" | sed -e 's|linux|gnu|'`
@@ -1976,6 +1981,7 @@ case $os in
 	| atheos* \
 	| auroraux* \
 	| aux* \
+	| banan_os* \
 	| beos* \
 	| bitrig* \
 	| bme* \
@@ -2022,7 +2028,6 @@ case $os in
 	| ios* \
 	| iris* \
 	| irix* \
-	| ironclad* \
 	| isc* \
 	| its* \
 	| l4re* \
@@ -2118,6 +2123,7 @@ case $os in
 	| sysv* \
 	| tenex* \
 	| tirtos* \
+	| tock* \
 	| toppers* \
 	| tops10* \
 	| tops20* \
@@ -2214,6 +2220,8 @@ case $kernel-$os-$obj in
 		;;
 	uclinux-uclibc*- | uclinux-gnu*- )
 		;;
+	ironclad-mlibc*-)
+		;;
 	managarm-mlibc*- | managarm-kernel*- )
 		;;
 	windows*-msvc*-)
@@ -2249,6 +2257,8 @@ case $kernel-$os-$obj in
 		;;
 	*-eabi*- | *-gnueabi*-)
 		;;
+	ios*-simulator- | tvos*-simulator- | watchos*-simulator- )
+		;;
 	none--*)
 		# None (no kernel, i.e. freestanding / bare metal),
 		# can be paired with an machine code file format
@@ -2347,8 +2357,8 @@ echo "$cpu-$vendor${kernel:+-$kernel}${os:+-$os}${obj:+-$obj}"
 exit
 
 # Local variables:
-# eval: (add-hook 'before-save-hook 'time-stamp)
+# eval: (add-hook 'before-save-hook 'time-stamp nil t)
 # time-stamp-start: "timestamp='"
-# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-format: "%Y-%02m-%02d"
 # time-stamp-end: "'"
 # End:
diff --git a/contrib/unbound/configure b/contrib/unbound/configure
index 0b78d97b16e9..6e401b685e3e 100755
--- a/contrib/unbound/configure
+++ b/contrib/unbound/configure
@@ -1,11 +1,11 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.71 for unbound 1.23.0.
+# Generated by GNU Autoconf 2.71 for unbound 1.24.0.
 #
 # Report bugs to <unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues>.
 #
 #
-# Copyright (C) 1992-1996, 1998-2017, 2020-2021 Free Software Foundation,
+# Copyright (C) 1992-1996, 1998-2017, 2020-2023 Free Software Foundation,
 # Inc.
 #
 #
@@ -17,7 +17,6 @@
 
 # Be more Bourne compatible
 DUALCASE=1; export DUALCASE # for MKS sh
-as_nop=:
 if test ${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1
 then :
   emulate sh
@@ -26,12 +25,13 @@ then :
   # is contrary to our usage.  Disable this feature.
   alias -g '${1+"$@"}'='"$@"'
   setopt NO_GLOB_SUBST
-else $as_nop
-  case `(set -o) 2>/dev/null` in #(
+else case e in #(
+  e) case `(set -o) 2>/dev/null` in #(
   *posix*) :
     set -o posix ;; #(
   *) :
      ;;
+esac ;;
 esac
 fi
 
@@ -103,7 +103,7 @@ IFS=$as_save_IFS
 
      ;;
 esac
-# We did not find ourselves, most probably we were run as `sh COMMAND'
+# We did not find ourselves, most probably we were run as 'sh COMMAND'
 # in which case we are not to be found in the path.
 if test "x$as_myself" = x; then
   as_myself=$0
@@ -133,15 +133,14 @@ case $- in # ((((
 esac
 exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
 # Admittedly, this is quite paranoid, since all the known shells bail
-# out after a failed `exec'.
+# out after a failed 'exec'.
 printf "%s\n" "$0: could not re-execute with $CONFIG_SHELL" >&2
 exit 255
   fi
   # We don't want this to propagate to other subprocesses.
           { _as_can_reexec=; unset _as_can_reexec;}
 if test "x$CONFIG_SHELL" = x; then
-  as_bourne_compatible="as_nop=:
-if test \${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1
+  as_bourne_compatible="if test \${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1
 then :
   emulate sh
   NULLCMD=:
@@ -149,12 +148,13 @@ then :
   # is contrary to our usage.  Disable this feature.
   alias -g '\${1+\"\$@\"}'='\"\$@\"'
   setopt NO_GLOB_SUBST
-else \$as_nop
-  case \`(set -o) 2>/dev/null\` in #(
+else case e in #(
+  e) case \`(set -o) 2>/dev/null\` in #(
   *posix*) :
     set -o posix ;; #(
   *) :
      ;;
+esac ;;
 esac
 fi
 "
@@ -172,8 +172,9 @@ as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; }
 if ( set x; as_fn_ret_success y && test x = \"\$1\" )
 then :
 
-else \$as_nop
-  exitcode=1; echo positional parameters were not saved.
+else case e in #(
+  e) exitcode=1; echo positional parameters were not saved. ;;
+esac
 fi
 test x\$exitcode = x0 || exit 1
 blah=\$(echo \$(echo blah))
@@ -195,14 +196,15 @@ test \$(( 1 + 1 )) = 2 || exit 1
   if (eval "$as_required") 2>/dev/null
 then :
   as_have_required=yes
-else $as_nop
-  as_have_required=no
+else case e in #(
+  e) as_have_required=no ;;
+esac
 fi
   if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null
 then :
 
-else $as_nop
-  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+else case e in #(
+  e) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
 as_found=false
 for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
 do
@@ -235,12 +237,13 @@ IFS=$as_save_IFS
 if $as_found
 then :
 
-else $as_nop
-  if { test -f "$SHELL" || test -f "$SHELL.exe"; } &&
+else case e in #(
+  e) if { test -f "$SHELL" || test -f "$SHELL.exe"; } &&
 	      as_run=a "$SHELL" -c "$as_bourne_compatible""$as_required" 2>/dev/null
 then :
   CONFIG_SHELL=$SHELL as_have_required=yes
-fi
+fi ;;
+esac
 fi
 
 
@@ -262,7 +265,7 @@ case $- in # ((((
 esac
 exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
 # Admittedly, this is quite paranoid, since all the known shells bail
-# out after a failed `exec'.
+# out after a failed 'exec'.
 printf "%s\n" "$0: could not re-execute with $CONFIG_SHELL" >&2
 exit 255
 fi
@@ -283,7 +286,8 @@ $0: message. Then install a modern shell, or manually run
 $0: the script under such a shell if you do have one."
   fi
   exit 1
-fi
+fi ;;
+esac
 fi
 fi
 SHELL=${CONFIG_SHELL-/bin/sh}
@@ -322,14 +326,6 @@ as_fn_exit ()
   as_fn_set_status $1
   exit $1
 } # as_fn_exit
-# as_fn_nop
-# ---------
-# Do nothing but, unlike ":", preserve the value of $?.
-as_fn_nop ()
-{
-  return $?
-}
-as_nop=as_fn_nop
 
 # as_fn_mkdir_p
 # -------------
@@ -398,11 +394,12 @@ then :
   {
     eval $1+=\$2
   }'
-else $as_nop
-  as_fn_append ()
+else case e in #(
+  e) as_fn_append ()
   {
     eval $1=\$$1\$2
-  }
+  } ;;
+esac
 fi # as_fn_append
 
 # as_fn_arith ARG...
@@ -416,21 +413,14 @@ then :
   {
     as_val=$(( $* ))
   }'
-else $as_nop
-  as_fn_arith ()
+else case e in #(
+  e) as_fn_arith ()
   {
     as_val=`expr "$@" || test $? -eq 1`
-  }
+  } ;;
+esac
 fi # as_fn_arith
 
-# as_fn_nop
-# ---------
-# Do nothing but, unlike ":", preserve the value of $?.
-as_fn_nop ()
-{
-  return $?
-}
-as_nop=as_fn_nop
 
 # as_fn_error STATUS ERROR [LINENO LOG_FD]
 # ----------------------------------------
@@ -504,6 +494,8 @@ as_cr_alnum=$as_cr_Letters$as_cr_digits
     /[$]LINENO/=
   ' <$as_myself |
     sed '
+      t clear
+      :clear
       s/[$]LINENO.*/&-/
       t lineno
       b
@@ -552,7 +544,6 @@ esac
 as_echo='printf %s\n'
 as_echo_n='printf %s'
 
-
 rm -f conf$$ conf$$.exe conf$$.file
 if test -d conf$$.dir; then
   rm -f conf$$.dir/conf$$.file
@@ -564,9 +555,9 @@ if (echo >conf$$.file) 2>/dev/null; then
   if ln -s conf$$.file conf$$ 2>/dev/null; then
     as_ln_s='ln -s'
     # ... but there are two gotchas:
-    # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
-    # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
-    # In both cases, we have to default to `cp -pR'.
+    # 1) On MSYS, both 'ln -s file dir' and 'ln file dir' fail.
+    # 2) DJGPP < 2.04 has no symlinks; 'ln -s' creates a wrapper executable.
+    # In both cases, we have to default to 'cp -pR'.
     ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
       as_ln_s='cp -pR'
   elif ln conf$$.file conf$$ 2>/dev/null; then
@@ -591,10 +582,12 @@ as_test_x='test -x'
 as_executable_p=as_fn_executable_p
 
 # Sed expression to map a string onto a valid CPP name.
-as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+as_sed_cpp="y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g"
+as_tr_cpp="eval sed '$as_sed_cpp'" # deprecated
 
 # Sed expression to map a string onto a valid variable name.
-as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+as_sed_sh="y%*+%pp%;s%[^_$as_cr_alnum]%_%g"
+as_tr_sh="eval sed '$as_sed_sh'" # deprecated
 
 SHELL=${CONFIG_SHELL-/bin/sh}
 
@@ -622,8 +615,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='unbound'
 PACKAGE_TARNAME='unbound'
-PACKAGE_VERSION='1.23.0'
-PACKAGE_STRING='unbound 1.23.0'
+PACKAGE_VERSION='1.24.0'
+PACKAGE_STRING='unbound 1.24.0'
 PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues'
 PACKAGE_URL=''
 
@@ -660,6 +653,7 @@ ac_includes_default="\
 
 ac_header_c_list=
 ac_func_c_list=
+enable_year2038=no
 ac_subst_vars='LTLIBOBJS
 date
 version
@@ -685,7 +679,9 @@ opt_dnstap_socket_path
 ENABLE_DNSTAP
 PROTOBUFC_LIBS
 PROTOBUFC_CFLAGS
+PROTOC_GEN_C
 PROTOC_C
+PROTOC
 UBSYMS
 EXTRALINK
 COMMON_OBJ_ALL_SYMBOLS
@@ -746,6 +742,7 @@ PTHREAD_LIBS
 PTHREAD_CXX
 PTHREAD_CC
 ax_pthread_config
+CPP
 ASYNCLOOK_ALLOCCHECK_EXTRA_OBJ
 SLDNS_ALLOCCHECK_EXTRA_OBJ
 USE_SYSTEMD_FALSE
@@ -756,7 +753,6 @@ SYSTEMD_LIBS
 SYSTEMD_CFLAGS
 RUNTIME_PATH
 LIBOBJS
-CPP
 PKG_CONFIG_LIBDIR
 PKG_CONFIG_PATH
 PKG_CONFIG
@@ -939,6 +935,7 @@ with_libmnl
 enable_explicit_port_randomisation
 enable_linux_ip_local_port_range
 with_libunbound_only
+enable_year2038
 '
       ac_precious_vars='build_alias
 host_alias
@@ -954,11 +951,11 @@ LT_SYS_LIBRARY_PATH
 PKG_CONFIG
 PKG_CONFIG_PATH
 PKG_CONFIG_LIBDIR
-CPP
 SYSTEMD_CFLAGS
 SYSTEMD_LIBS
 SYSTEMD_DAEMON_CFLAGS
 SYSTEMD_DAEMON_LIBS
+CPP
 PYTHON_VERSION
 SOURCE_DATE_EPOCH
 PROTOBUFC_CFLAGS
@@ -1071,7 +1068,7 @@ do
     ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
     # Reject names that are not valid shell variable names.
     expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
-      as_fn_error $? "invalid feature name: \`$ac_useropt'"
+      as_fn_error $? "invalid feature name: '$ac_useropt'"
     ac_useropt_orig=$ac_useropt
     ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
     case $ac_user_opts in
@@ -1097,7 +1094,7 @@ do
     ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
     # Reject names that are not valid shell variable names.
     expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
-      as_fn_error $? "invalid feature name: \`$ac_useropt'"
+      as_fn_error $? "invalid feature name: '$ac_useropt'"
     ac_useropt_orig=$ac_useropt
     ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
     case $ac_user_opts in
@@ -1310,7 +1307,7 @@ do
     ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
     # Reject names that are not valid shell variable names.
     expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
-      as_fn_error $? "invalid package name: \`$ac_useropt'"
+      as_fn_error $? "invalid package name: '$ac_useropt'"
     ac_useropt_orig=$ac_useropt
     ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
     case $ac_user_opts in
@@ -1326,7 +1323,7 @@ do
     ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'`
     # Reject names that are not valid shell variable names.
     expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
-      as_fn_error $? "invalid package name: \`$ac_useropt'"
+      as_fn_error $? "invalid package name: '$ac_useropt'"
     ac_useropt_orig=$ac_useropt
     ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
     case $ac_user_opts in
@@ -1356,8 +1353,8 @@ do
   | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
     x_libraries=$ac_optarg ;;
 
-  -*) as_fn_error $? "unrecognized option: \`$ac_option'
-Try \`$0 --help' for more information"
+  -*) as_fn_error $? "unrecognized option: '$ac_option'
+Try '$0 --help' for more information"
     ;;
 
   *=*)
@@ -1365,7 +1362,7 @@ Try \`$0 --help' for more information"
     # Reject names that are not valid shell variable names.
     case $ac_envvar in #(
       '' | [0-9]* | *[!_$as_cr_alnum]* )
-      as_fn_error $? "invalid variable name: \`$ac_envvar'" ;;
+      as_fn_error $? "invalid variable name: '$ac_envvar'" ;;
     esac
     eval $ac_envvar=\$ac_optarg
     export $ac_envvar ;;
@@ -1415,7 +1412,7 @@ do
   as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val"
 done
 
-# There might be people who depend on the old broken behavior: `$host'
+# There might be people who depend on the old broken behavior: '$host'
 # used to hold the argument of --host etc.
 # FIXME: To remove some day.
 build=$build_alias
@@ -1483,7 +1480,7 @@ if test ! -r "$srcdir/$ac_unique_file"; then
   test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .."
   as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir"
 fi
-ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work"
+ac_msg="sources are in $srcdir, but 'cd $srcdir' does not work"
 ac_abs_confdir=`(
 	cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg"
 	pwd)`
@@ -1511,7 +1508,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures unbound 1.23.0 to adapt to many kinds of systems.
+\`configure' configures unbound 1.24.0 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1525,11 +1522,11 @@ Configuration:
       --help=short        display options specific to this package
       --help=recursive    display the short help of all the included packages
   -V, --version           display version information and exit
-  -q, --quiet, --silent   do not print \`checking ...' messages
+  -q, --quiet, --silent   do not print 'checking ...' messages
       --cache-file=FILE   cache test results in FILE [disabled]
-  -C, --config-cache      alias for \`--cache-file=config.cache'
+  -C, --config-cache      alias for '--cache-file=config.cache'
   -n, --no-create         do not create output files
-      --srcdir=DIR        find the sources in DIR [configure dir or \`..']
+      --srcdir=DIR        find the sources in DIR [configure dir or '..']
 
 Installation directories:
   --prefix=PREFIX         install architecture-independent files in PREFIX
@@ -1537,10 +1534,10 @@ Installation directories:
   --exec-prefix=EPREFIX   install architecture-dependent files in EPREFIX
                           [PREFIX]
 
-By default, \`make install' will install all the files in
-\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc.  You can specify
-an installation prefix other than \`$ac_default_prefix' using \`--prefix',
-for instance \`--prefix=\$HOME'.
+By default, 'make install' will install all the files in
+'$ac_default_prefix/bin', '$ac_default_prefix/lib' etc.  You can specify
+an installation prefix other than '$ac_default_prefix' using '--prefix',
+for instance '--prefix=\$HOME'.
 
 For better control, use the options below.
 
@@ -1577,7 +1574,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of unbound 1.23.0:";;
+     short | recursive ) echo "Configuration of unbound 1.24.0:";;
    esac
   cat <<\_ACEOF
 
@@ -1653,6 +1650,7 @@ Optional Features:
                           randomness. Define this only when the target system
                           restricts (e.g. some of SELinux enabled
                           distributions) the use of non-ephemeral ports.
+  --enable-year2038       support timestamps after 2038
 
 Optional Packages:
   --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
@@ -1728,12 +1726,12 @@ Some influential environment variables:
   LIBS        libraries to pass to the linker, e.g. -l<library>
   CPPFLAGS    (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
               you have headers in a nonstandard directory <include dir>
-  YACC        The `Yet Another Compiler Compiler' implementation to use.
-              Defaults to the first program found out of: `bison -y', `byacc',
-              `yacc'.
+  YACC        The 'Yet Another Compiler Compiler' implementation to use.
+              Defaults to the first program found out of: 'bison -y', 'byacc',
+              'yacc'.
   YFLAGS      The list of arguments that will be passed by default to $YACC.
               This script will default YFLAGS to the empty string to avoid a
-              default value of `-d' given by some make applications.
+              default value of '-d' given by some make applications.
   LT_SYS_LIBRARY_PATH
               User-defined run-time library search path.
   PKG_CONFIG  path to pkg-config utility
@@ -1741,7 +1739,6 @@ Some influential environment variables:
               directories to add to pkg-config's search path
   PKG_CONFIG_LIBDIR
               path overriding pkg-config's built-in search path
-  CPP         C preprocessor
   SYSTEMD_CFLAGS
               C compiler flags for SYSTEMD, overriding pkg-config
   SYSTEMD_LIBS
@@ -1750,6 +1747,7 @@ Some influential environment variables:
               C compiler flags for SYSTEMD_DAEMON, overriding pkg-config
   SYSTEMD_DAEMON_LIBS
               linker flags for SYSTEMD_DAEMON, overriding pkg-config
+  CPP         C preprocessor
   PYTHON_VERSION
               The installed Python version to use, for example '2.3'. This
               string will be appended to the Python interpreter canonical
@@ -1763,7 +1761,7 @@ Some influential environment variables:
   PROTOBUFC_LIBS
               linker flags for PROTOBUFC, overriding pkg-config
 
-Use these variables to override the choices made by `configure' or to help
+Use these variables to override the choices made by 'configure' or to help
 it to find libraries and programs with nonstandard names/locations.
 
 Report bugs to <unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues>.
@@ -1830,10 +1828,10 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-unbound configure 1.23.0
+unbound configure 1.24.0
 generated by GNU Autoconf 2.71
 
-Copyright (C) 2021 Free Software Foundation, Inc.
+Copyright (C) 2023 Free Software Foundation, Inc.
 This configure script is free software; the Free Software Foundation
 gives unlimited permission to copy, distribute and modify it.
 _ACEOF
@@ -1872,11 +1870,12 @@ printf "%s\n" "$ac_try_echo"; } >&5
        } && test -s conftest.$ac_objext
 then :
   ac_retval=0
-else $as_nop
-  printf "%s\n" "$as_me: failed program was:" >&5
+else case e in #(
+  e) printf "%s\n" "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-	ac_retval=1
+	ac_retval=1 ;;
+esac
 fi
   eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
   as_fn_set_status $ac_retval
@@ -1895,8 +1894,8 @@ printf %s "checking for $2... " >&6; }
 if eval test \${$3+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else case e in #(
+  e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 $4
 #include <$2>
@@ -1904,10 +1903,12 @@ _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
   eval "$3=yes"
-else $as_nop
-  eval "$3=no"
+else case e in #(
+  e) eval "$3=no" ;;
+esac
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
+esac
 fi
 eval ac_res=\$$3
 	       { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
@@ -1947,11 +1948,12 @@ printf "%s\n" "$ac_try_echo"; } >&5
        }
 then :
   ac_retval=0
-else $as_nop
-  printf "%s\n" "$as_me: failed program was:" >&5
+else case e in #(
+  e) printf "%s\n" "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-	ac_retval=1
+	ac_retval=1 ;;
+esac
 fi
   # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information
   # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would
@@ -1974,15 +1976,15 @@ printf %s "checking for $2... " >&6; }
 if eval test \${$3+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else case e in #(
+  e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 /* Define $2 to an innocuous variant, in case <limits.h> declares $2.
    For example, HP-UX 11i <limits.h> declares gettimeofday.  */
 #define $2 innocuous_$2
 
 /* System header to define __stub macros and hopefully few prototypes,
-   which can conflict with char $2 (); below.  */
+   which can conflict with char $2 (void); below.  */
 
 #include <limits.h>
 #undef $2
@@ -1993,7 +1995,7 @@ else $as_nop
 #ifdef __cplusplus
 extern "C"
 #endif
-char $2 ();
+char $2 (void);
 /* The GNU C library defines this for functions which it implements
     to always fail with ENOSYS.  Some functions are actually named
     something starting with __ and the normal name is an alias.  */
@@ -2012,11 +2014,13 @@ _ACEOF
 if ac_fn_c_try_link "$LINENO"
 then :
   eval "$3=yes"
-else $as_nop
-  eval "$3=no"
+else case e in #(
+  e) eval "$3=no" ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
-    conftest$ac_exeext conftest.$ac_ext
+    conftest$ac_exeext conftest.$ac_ext ;;
+esac
 fi
 eval ac_res=\$$3
 	       { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
@@ -2037,8 +2041,8 @@ printf %s "checking for $2... " >&6; }
 if eval test \${$3+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  eval "$3=no"
+else case e in #(
+  e) eval "$3=no"
   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 $4
@@ -2068,12 +2072,14 @@ _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
 
-else $as_nop
-  eval "$3=yes"
+else case e in #(
+  e) eval "$3=yes" ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
+esac
 fi
 eval ac_res=\$$3
 	       { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
@@ -2082,44 +2088,6 @@ printf "%s\n" "$ac_res" >&6; }
 
 } # ac_fn_c_check_type
 
-# ac_fn_c_try_cpp LINENO
-# ----------------------
-# Try to preprocess conftest.$ac_ext, and return whether this succeeded.
-ac_fn_c_try_cpp ()
-{
-  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
-  if { { ac_try="$ac_cpp conftest.$ac_ext"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-printf "%s\n" "$ac_try_echo"; } >&5
-  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err
-  ac_status=$?
-  if test -s conftest.err; then
-    grep -v '^ *+' conftest.err >conftest.er1
-    cat conftest.er1 >&5
-    mv -f conftest.er1 conftest.err
-  fi
-  printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
-  test $ac_status = 0; } > conftest.i && {
-	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       }
-then :
-  ac_retval=0
-else $as_nop
-  printf "%s\n" "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-    ac_retval=1
-fi
-  eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
-  as_fn_set_status $ac_retval
-
-} # ac_fn_c_try_cpp
-
 # ac_fn_c_try_run LINENO
 # ----------------------
 # Try to run conftest.$ac_ext, and return whether this succeeded. Assumes that
@@ -2150,12 +2118,13 @@ printf "%s\n" "$ac_try_echo"; } >&5
   test $ac_status = 0; }; }
 then :
   ac_retval=0
-else $as_nop
-  printf "%s\n" "$as_me: program exited with status $ac_status" >&5
+else case e in #(
+  e) printf "%s\n" "$as_me: program exited with status $ac_status" >&5
        printf "%s\n" "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-       ac_retval=$ac_status
+       ac_retval=$ac_status ;;
+esac
 fi
   rm -rf conftest.dSYM conftest_ipa8_conftest.oo
   eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
@@ -2208,18 +2177,19 @@ _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
   ac_hi=$ac_mid; break
-else $as_nop
-  as_fn_arith $ac_mid + 1 && ac_lo=$as_val
+else case e in #(
+  e) as_fn_arith $ac_mid + 1 && ac_lo=$as_val
 			if test $ac_lo -le $ac_mid; then
 			  ac_lo= ac_hi=
 			  break
 			fi
-			as_fn_arith 2 '*' $ac_mid + 1 && ac_mid=$as_val
+			as_fn_arith 2 '*' $ac_mid + 1 && ac_mid=$as_val ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
   done
-else $as_nop
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else case e in #(
+  e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 $4
 int
@@ -2254,20 +2224,23 @@ _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
   ac_lo=$ac_mid; break
-else $as_nop
-  as_fn_arith '(' $ac_mid ')' - 1 && ac_hi=$as_val
+else case e in #(
+  e) as_fn_arith '(' $ac_mid ')' - 1 && ac_hi=$as_val
 			if test $ac_mid -le $ac_hi; then
 			  ac_lo= ac_hi=
 			  break
 			fi
-			as_fn_arith 2 '*' $ac_mid && ac_mid=$as_val
+			as_fn_arith 2 '*' $ac_mid && ac_mid=$as_val ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
   done
-else $as_nop
-  ac_lo= ac_hi=
+else case e in #(
+  e) ac_lo= ac_hi= ;;
+esac
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
 # Binary search between lo and hi bounds.
@@ -2290,8 +2263,9 @@ _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
   ac_hi=$ac_mid
-else $as_nop
-  as_fn_arith '(' $ac_mid ')' + 1 && ac_lo=$as_val
+else case e in #(
+  e) as_fn_arith '(' $ac_mid ')' + 1 && ac_lo=$as_val ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
 done
@@ -2339,8 +2313,9 @@ _ACEOF
 if ac_fn_c_try_run "$LINENO"
 then :
   echo >>conftest.val; read $3 <conftest.val; ac_retval=0
-else $as_nop
-  ac_retval=1
+else case e in #(
+  e) ac_retval=1 ;;
+esac
 fi
 rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
   conftest.$ac_objext conftest.beam conftest.$ac_ext
@@ -2352,6 +2327,45 @@ rm -f conftest.val
 
 } # ac_fn_c_compute_int
 
+# ac_fn_c_try_cpp LINENO
+# ----------------------
+# Try to preprocess conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_cpp ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  if { { ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+printf "%s\n" "$ac_try_echo"; } >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err
+  ac_status=$?
+  if test -s conftest.err; then
+    grep -v '^ *+' conftest.err >conftest.er1
+    cat conftest.er1 >&5
+    mv -f conftest.er1 conftest.err
+  fi
+  printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } > conftest.i && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }
+then :
+  ac_retval=0
+else case e in #(
+  e) printf "%s\n" "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+    ac_retval=1 ;;
+esac
+fi
+  eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+  as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_cpp
+
 # ac_fn_check_decl LINENO SYMBOL VAR INCLUDES EXTRA-OPTIONS FLAG-VAR
 # ------------------------------------------------------------------
 # Tests whether SYMBOL is declared in INCLUDES, setting cache variable VAR
@@ -2365,8 +2379,8 @@ printf %s "checking whether $as_decl_name is declared... " >&6; }
 if eval test \${$3+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  as_decl_use=`echo $2|sed -e 's/(/((/' -e 's/)/) 0&/' -e 's/,/) 0& (/g'`
+else case e in #(
+  e) as_decl_use=`echo $2|sed -e 's/(/((/' -e 's/)/) 0&/' -e 's/,/) 0& (/g'`
   eval ac_save_FLAGS=\$$6
   as_fn_append $6 " $5"
   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@@ -2390,12 +2404,14 @@ _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
   eval "$3=yes"
-else $as_nop
-  eval "$3=no"
+else case e in #(
+  e) eval "$3=no" ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
   eval $6=\$ac_save_FLAGS
-
+ ;;
+esac
 fi
 eval ac_res=\$$3
 	       { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
@@ -2416,8 +2432,8 @@ printf %s "checking for $2.$3... " >&6; }
 if eval test \${$4+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else case e in #(
+  e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 $5
 int
@@ -2433,8 +2449,8 @@ _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
   eval "$4=yes"
-else $as_nop
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else case e in #(
+  e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 $5
 int
@@ -2450,12 +2466,15 @@ _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
   eval "$4=yes"
-else $as_nop
-  eval "$4=no"
+else case e in #(
+  e) eval "$4=no" ;;
+esac
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
+esac
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
+esac
 fi
 eval ac_res=\$$4
 	       { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
@@ -2487,7 +2506,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by unbound $as_me 1.23.0, which was
+It was created by unbound $as_me 1.24.0, which was
 generated by GNU Autoconf 2.71.  Invocation command line was
 
   $ $0$ac_configure_args_raw
@@ -2734,10 +2753,10 @@ esac
 printf "%s\n" "$as_me: loading site script $ac_site_file" >&6;}
     sed 's/^/| /' "$ac_site_file" >&5
     . "$ac_site_file" \
-      || { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+      || { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;}
 as_fn_error $? "failed to load site script $ac_site_file
-See \`config.log' for more details" "$LINENO" 5; }
+See 'config.log' for more details" "$LINENO" 5; }
   fi
 done
 
@@ -2774,9 +2793,7 @@ struct stat;
 /* Most of the following tests are stolen from RCS 5.7 src/conf.sh.  */
 struct buf { int x; };
 struct buf * (*rcsopen) (struct buf *, struct stat *, int);
-static char *e (p, i)
-     char **p;
-     int i;
+static char *e (char **p, int i)
 {
   return p[i];
 }
@@ -2790,6 +2807,21 @@ static char *f (char * (*g) (char **, int), char **p, ...)
   return s;
 }
 
+/* C89 style stringification. */
+#define noexpand_stringify(a) #a
+const char *stringified = noexpand_stringify(arbitrary+token=sequence);
+
+/* C89 style token pasting.  Exercises some of the corner cases that
+   e.g. old MSVC gets wrong, but not very hard. */
+#define noexpand_concat(a,b) a##b
+#define expand_concat(a,b) noexpand_concat(a,b)
+extern int vA;
+extern int vbee;
+#define aye A
+#define bee B
+int *pvA = &expand_concat(v,aye);
+int *pvbee = &noexpand_concat(v,bee);
+
 /* OSF 4.0 Compaq cc is some sort of almost-ANSI by default.  It has
    function prototypes and stuff, but not \xHH hex character constants.
    These do not provoke an error unfortunately, instead are silently treated
@@ -2817,16 +2849,19 @@ ok |= (argc == 0 || f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]);
 
 # Test code for whether the C compiler supports C99 (global declarations)
 ac_c_conftest_c99_globals='
-// Does the compiler advertise C99 conformance?
+/* Does the compiler advertise C99 conformance? */
 #if !defined __STDC_VERSION__ || __STDC_VERSION__ < 199901L
 # error "Compiler does not advertise C99 conformance"
 #endif
 
+// See if C++-style comments work.
+
 #include <stdbool.h>
 extern int puts (const char *);
 extern int printf (const char *, ...);
 extern int dprintf (int, const char *, ...);
 extern void *malloc (size_t);
+extern void free (void *);
 
 // Check varargs macros.  These examples are taken from C99 6.10.3.5.
 // dprintf is used instead of fprintf to avoid needing to declare
@@ -2876,7 +2911,6 @@ typedef const char *ccp;
 static inline int
 test_restrict (ccp restrict text)
 {
-  // See if C++-style comments work.
   // Iterate through items via the restricted pointer.
   // Also check for declarations in for loops.
   for (unsigned int i = 0; *(text+i) != '\''\0'\''; ++i)
@@ -2942,6 +2976,8 @@ ac_c_conftest_c99_main='
   ia->datasize = 10;
   for (int i = 0; i < ia->datasize; ++i)
     ia->data[i] = i * 1.234;
+  // Work around memory leak warnings.
+  free (ia);
 
   // Check named initializers.
   struct named_init ni = {
@@ -2963,7 +2999,7 @@ ac_c_conftest_c99_main='
 
 # Test code for whether the C compiler supports C11 (global declarations)
 ac_c_conftest_c11_globals='
-// Does the compiler advertise C11 conformance?
+/* Does the compiler advertise C11 conformance? */
 #if !defined __STDC_VERSION__ || __STDC_VERSION__ < 201112L
 # error "Compiler does not advertise C11 conformance"
 #endif
@@ -3159,8 +3195,9 @@ IFS=$as_save_IFS
 if $as_found
 then :
 
-else $as_nop
-  as_fn_error $? "cannot find required auxiliary files:$ac_missing_aux_files" "$LINENO" 5
+else case e in #(
+  e) as_fn_error $? "cannot find required auxiliary files:$ac_missing_aux_files" "$LINENO" 5 ;;
+esac
 fi
 
 
@@ -3188,12 +3225,12 @@ for ac_var in $ac_precious_vars; do
   eval ac_new_val=\$ac_env_${ac_var}_value
   case $ac_old_set,$ac_new_set in
     set,)
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
-printf "%s\n" "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
+      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: '$ac_var' was set to '$ac_old_val' in the previous run" >&5
+printf "%s\n" "$as_me: error: '$ac_var' was set to '$ac_old_val' in the previous run" >&2;}
       ac_cache_corrupted=: ;;
     ,set)
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5
-printf "%s\n" "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
+      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: '$ac_var' was not set in the previous run" >&5
+printf "%s\n" "$as_me: error: '$ac_var' was not set in the previous run" >&2;}
       ac_cache_corrupted=: ;;
     ,);;
     *)
@@ -3202,18 +3239,18 @@ printf "%s\n" "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
 	ac_old_val_w=`echo x $ac_old_val`
 	ac_new_val_w=`echo x $ac_new_val`
 	if test "$ac_old_val_w" != "$ac_new_val_w"; then
-	  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5
-printf "%s\n" "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
+	  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: '$ac_var' has changed since the previous run:" >&5
+printf "%s\n" "$as_me: error: '$ac_var' has changed since the previous run:" >&2;}
 	  ac_cache_corrupted=:
 	else
-	  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5
-printf "%s\n" "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;}
+	  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in '$ac_var' since the previous run:" >&5
+printf "%s\n" "$as_me: warning: ignoring whitespace changes in '$ac_var' since the previous run:" >&2;}
 	  eval $ac_var=\$ac_old_val
 	fi
-	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}:   former value:  \`$ac_old_val'" >&5
-printf "%s\n" "$as_me:   former value:  \`$ac_old_val'" >&2;}
-	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}:   current value: \`$ac_new_val'" >&5
-printf "%s\n" "$as_me:   current value: \`$ac_new_val'" >&2;}
+	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}:   former value:  '$ac_old_val'" >&5
+printf "%s\n" "$as_me:   former value:  '$ac_old_val'" >&2;}
+	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}:   current value: '$ac_new_val'" >&5
+printf "%s\n" "$as_me:   current value: '$ac_new_val'" >&2;}
       fi;;
   esac
   # Pass precious variables to config.status.
@@ -3229,11 +3266,11 @@ printf "%s\n" "$as_me:   current value: \`$ac_new_val'" >&2;}
   fi
 done
 if $ac_cache_corrupted; then
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;}
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5
 printf "%s\n" "$as_me: error: changes in the environment can compromise the build" >&2;}
-  as_fn_error $? "run \`${MAKE-make} distclean' and/or \`rm $cache_file'
+  as_fn_error $? "run '${MAKE-make} distclean' and/or 'rm $cache_file'
 	    and start over" "$LINENO" 5
 fi
 ## -------------------- ##
@@ -3249,13 +3286,13 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
 
 UNBOUND_VERSION_MAJOR=1
 
-UNBOUND_VERSION_MINOR=23
+UNBOUND_VERSION_MINOR=24
 
-UNBOUND_VERSION_MICRO=0
+UNBOUND_VERSION_MICRO=1
 
 
 LIBUNBOUND_CURRENT=9
-LIBUNBOUND_REVISION=31
+LIBUNBOUND_REVISION=33
 LIBUNBOUND_AGE=1
 # 1.0.0 had 0:12:0
 # 1.0.1 had 0:13:0
@@ -3354,6 +3391,8 @@ LIBUNBOUND_AGE=1
 # 1.21.1 had 9:29:1
 # 1.22.0 had 9:30:1
 # 1.23.0 had 9:31:1
+# 1.23.1 had 9:32:1
+# 1.24.0 had 9:33:1
 
 #   Current  -- the number of the binary API that we're implementing
 #   Revision -- which iteration of the implementation of the binary
@@ -3406,8 +3445,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_CC+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$CC"; then
+else case e in #(
+  e) if test -n "$CC"; then
   ac_cv_prog_CC="$CC" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -3429,7 +3468,8 @@ done
   done
 IFS=$as_save_IFS
 
-fi
+fi ;;
+esac
 fi
 CC=$ac_cv_prog_CC
 if test -n "$CC"; then
@@ -3451,8 +3491,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_ac_ct_CC+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$ac_ct_CC"; then
+else case e in #(
+  e) if test -n "$ac_ct_CC"; then
   ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -3474,7 +3514,8 @@ done
   done
 IFS=$as_save_IFS
 
-fi
+fi ;;
+esac
 fi
 ac_ct_CC=$ac_cv_prog_ac_ct_CC
 if test -n "$ac_ct_CC"; then
@@ -3509,8 +3550,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_CC+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$CC"; then
+else case e in #(
+  e) if test -n "$CC"; then
   ac_cv_prog_CC="$CC" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -3532,7 +3573,8 @@ done
   done
 IFS=$as_save_IFS
 
-fi
+fi ;;
+esac
 fi
 CC=$ac_cv_prog_CC
 if test -n "$CC"; then
@@ -3554,8 +3596,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_CC+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$CC"; then
+else case e in #(
+  e) if test -n "$CC"; then
   ac_cv_prog_CC="$CC" # Let the user override the test.
 else
   ac_prog_rejected=no
@@ -3594,7 +3636,8 @@ if test $ac_prog_rejected = yes; then
     ac_cv_prog_CC="$as_dir$ac_word${1+' '}$@"
   fi
 fi
-fi
+fi ;;
+esac
 fi
 CC=$ac_cv_prog_CC
 if test -n "$CC"; then
@@ -3618,8 +3661,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_CC+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$CC"; then
+else case e in #(
+  e) if test -n "$CC"; then
   ac_cv_prog_CC="$CC" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -3641,7 +3684,8 @@ done
   done
 IFS=$as_save_IFS
 
-fi
+fi ;;
+esac
 fi
 CC=$ac_cv_prog_CC
 if test -n "$CC"; then
@@ -3667,8 +3711,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_ac_ct_CC+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$ac_ct_CC"; then
+else case e in #(
+  e) if test -n "$ac_ct_CC"; then
   ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -3690,7 +3734,8 @@ done
   done
 IFS=$as_save_IFS
 
-fi
+fi ;;
+esac
 fi
 ac_ct_CC=$ac_cv_prog_ac_ct_CC
 if test -n "$ac_ct_CC"; then
@@ -3728,8 +3773,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_CC+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$CC"; then
+else case e in #(
+  e) if test -n "$CC"; then
   ac_cv_prog_CC="$CC" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -3751,7 +3796,8 @@ done
   done
 IFS=$as_save_IFS
 
-fi
+fi ;;
+esac
 fi
 CC=$ac_cv_prog_CC
 if test -n "$CC"; then
@@ -3773,8 +3819,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_ac_ct_CC+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$ac_ct_CC"; then
+else case e in #(
+  e) if test -n "$ac_ct_CC"; then
   ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -3796,7 +3842,8 @@ done
   done
 IFS=$as_save_IFS
 
-fi
+fi ;;
+esac
 fi
 ac_ct_CC=$ac_cv_prog_ac_ct_CC
 if test -n "$ac_ct_CC"; then
@@ -3825,10 +3872,10 @@ fi
 fi
 
 
-test -z "$CC" && { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+test -z "$CC" && { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;}
 as_fn_error $? "no acceptable C compiler found in \$PATH
-See \`config.log' for more details" "$LINENO" 5; }
+See 'config.log' for more details" "$LINENO" 5; }
 
 # Provide some information about the compiler.
 printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5
@@ -3900,8 +3947,8 @@ printf "%s\n" "$ac_try_echo"; } >&5
   printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
   test $ac_status = 0; }
 then :
-  # Autoconf-2.13 could set the ac_cv_exeext variable to `no'.
-# So ignore a value of `no', otherwise this would lead to `EXEEXT = no'
+  # Autoconf-2.13 could set the ac_cv_exeext variable to 'no'.
+# So ignore a value of 'no', otherwise this would lead to 'EXEEXT = no'
 # in a Makefile.  We should not override ac_cv_exeext if it was cached,
 # so that the user can short-circuit this test for compilers unknown to
 # Autoconf.
@@ -3921,7 +3968,7 @@ do
 	   ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
 	fi
 	# We set ac_cv_exeext here because the later test for it is not
-	# safe: cross compilers may not add the suffix if given an `-o'
+	# safe: cross compilers may not add the suffix if given an '-o'
 	# argument, so we may need to know it at that point already.
 	# Even if this section looks crufty: it has the advantage of
 	# actually working.
@@ -3932,8 +3979,9 @@ do
 done
 test "$ac_cv_exeext" = no && ac_cv_exeext=
 
-else $as_nop
-  ac_file=''
+else case e in #(
+  e) ac_file='' ;;
+esac
 fi
 if test -z "$ac_file"
 then :
@@ -3942,13 +3990,14 @@ printf "%s\n" "no" >&6; }
 printf "%s\n" "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;}
 as_fn_error 77 "C compiler cannot create executables
-See \`config.log' for more details" "$LINENO" 5; }
-else $as_nop
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
+See 'config.log' for more details" "$LINENO" 5; }
+else case e in #(
+  e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; } ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5
 printf %s "checking for C compiler default output file name... " >&6; }
@@ -3972,10 +4021,10 @@ printf "%s\n" "$ac_try_echo"; } >&5
   printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
   test $ac_status = 0; }
 then :
-  # If both `conftest.exe' and `conftest' are `present' (well, observable)
-# catch `conftest.exe'.  For instance with Cygwin, `ls conftest' will
-# work properly (i.e., refer to `conftest.exe'), while it won't with
-# `rm'.
+  # If both 'conftest.exe' and 'conftest' are 'present' (well, observable)
+# catch 'conftest.exe'.  For instance with Cygwin, 'ls conftest' will
+# work properly (i.e., refer to 'conftest.exe'), while it won't with
+# 'rm'.
 for ac_file in conftest.exe conftest conftest.*; do
   test -f "$ac_file" || continue
   case $ac_file in
@@ -3985,11 +4034,12 @@ for ac_file in conftest.exe conftest conftest.*; do
     * ) break;;
   esac
 done
-else $as_nop
-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+else case e in #(
+  e) { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;}
 as_fn_error $? "cannot compute suffix of executables: cannot compile and link
-See \`config.log' for more details" "$LINENO" 5; }
+See 'config.log' for more details" "$LINENO" 5; } ;;
+esac
 fi
 rm -f conftest conftest$ac_cv_exeext
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5
@@ -4005,6 +4055,8 @@ int
 main (void)
 {
 FILE *f = fopen ("conftest.out", "w");
+ if (!f)
+  return 1;
  return ferror (f) || fclose (f) != 0;
 
   ;
@@ -4044,26 +4096,27 @@ printf "%s\n" "$ac_try_echo"; } >&5
     if test "$cross_compiling" = maybe; then
 	cross_compiling=yes
     else
-	{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+	{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;}
 as_fn_error 77 "cannot run C compiled programs.
-If you meant to cross compile, use \`--host'.
-See \`config.log' for more details" "$LINENO" 5; }
+If you meant to cross compile, use '--host'.
+See 'config.log' for more details" "$LINENO" 5; }
     fi
   fi
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5
 printf "%s\n" "$cross_compiling" >&6; }
 
-rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out
+rm -f conftest.$ac_ext conftest$ac_cv_exeext \
+  conftest.o conftest.obj conftest.out
 ac_clean_files=$ac_clean_files_save
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5
 printf %s "checking for suffix of object files... " >&6; }
 if test ${ac_cv_objext+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else case e in #(
+  e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 int
@@ -4095,16 +4148,18 @@ then :
        break;;
   esac
 done
-else $as_nop
-  printf "%s\n" "$as_me: failed program was:" >&5
+else case e in #(
+  e) printf "%s\n" "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;}
 as_fn_error $? "cannot compute suffix of object files: cannot compile
-See \`config.log' for more details" "$LINENO" 5; }
+See 'config.log' for more details" "$LINENO" 5; } ;;
+esac
 fi
-rm -f conftest.$ac_cv_objext conftest.$ac_ext
+rm -f conftest.$ac_cv_objext conftest.$ac_ext ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5
 printf "%s\n" "$ac_cv_objext" >&6; }
@@ -4115,8 +4170,8 @@ printf %s "checking whether the compiler supports GNU C... " >&6; }
 if test ${ac_cv_c_compiler_gnu+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else case e in #(
+  e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 int
@@ -4133,12 +4188,14 @@ _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
   ac_compiler_gnu=yes
-else $as_nop
-  ac_compiler_gnu=no
+else case e in #(
+  e) ac_compiler_gnu=no ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
 ac_cv_c_compiler_gnu=$ac_compiler_gnu
-
+ ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5
 printf "%s\n" "$ac_cv_c_compiler_gnu" >&6; }
@@ -4156,8 +4213,8 @@ printf %s "checking whether $CC accepts -g... " >&6; }
 if test ${ac_cv_prog_cc_g+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  ac_save_c_werror_flag=$ac_c_werror_flag
+else case e in #(
+  e) ac_save_c_werror_flag=$ac_c_werror_flag
    ac_c_werror_flag=yes
    ac_cv_prog_cc_g=no
    CFLAGS="-g"
@@ -4175,8 +4232,8 @@ _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
   ac_cv_prog_cc_g=yes
-else $as_nop
-  CFLAGS=""
+else case e in #(
+  e) CFLAGS=""
       cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
@@ -4191,8 +4248,8 @@ _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
 
-else $as_nop
-  ac_c_werror_flag=$ac_save_c_werror_flag
+else case e in #(
+  e) ac_c_werror_flag=$ac_save_c_werror_flag
 	 CFLAGS="-g"
 	 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
@@ -4209,12 +4266,15 @@ if ac_fn_c_try_compile "$LINENO"
 then :
   ac_cv_prog_cc_g=yes
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
+esac
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-   ac_c_werror_flag=$ac_save_c_werror_flag
+   ac_c_werror_flag=$ac_save_c_werror_flag ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5
 printf "%s\n" "$ac_cv_prog_cc_g" >&6; }
@@ -4241,8 +4301,8 @@ printf %s "checking for $CC option to enable C11 features... " >&6; }
 if test ${ac_cv_prog_cc_c11+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  ac_cv_prog_cc_c11=no
+else case e in #(
+  e) ac_cv_prog_cc_c11=no
 ac_save_CC=$CC
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
@@ -4259,25 +4319,28 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam
   test "x$ac_cv_prog_cc_c11" != "xno" && break
 done
 rm -f conftest.$ac_ext
-CC=$ac_save_CC
+CC=$ac_save_CC ;;
+esac
 fi
 
 if test "x$ac_cv_prog_cc_c11" = xno
 then :
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
 printf "%s\n" "unsupported" >&6; }
-else $as_nop
-  if test "x$ac_cv_prog_cc_c11" = x
+else case e in #(
+  e) if test "x$ac_cv_prog_cc_c11" = x
 then :
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
 printf "%s\n" "none needed" >&6; }
-else $as_nop
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c11" >&5
+else case e in #(
+  e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c11" >&5
 printf "%s\n" "$ac_cv_prog_cc_c11" >&6; }
-     CC="$CC $ac_cv_prog_cc_c11"
+     CC="$CC $ac_cv_prog_cc_c11" ;;
+esac
 fi
   ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c11
-  ac_prog_cc_stdc=c11
+  ac_prog_cc_stdc=c11 ;;
+esac
 fi
 fi
 if test x$ac_prog_cc_stdc = xno
@@ -4287,8 +4350,8 @@ printf %s "checking for $CC option to enable C99 features... " >&6; }
 if test ${ac_cv_prog_cc_c99+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  ac_cv_prog_cc_c99=no
+else case e in #(
+  e) ac_cv_prog_cc_c99=no
 ac_save_CC=$CC
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
@@ -4305,25 +4368,28 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam
   test "x$ac_cv_prog_cc_c99" != "xno" && break
 done
 rm -f conftest.$ac_ext
-CC=$ac_save_CC
+CC=$ac_save_CC ;;
+esac
 fi
 
 if test "x$ac_cv_prog_cc_c99" = xno
 then :
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
 printf "%s\n" "unsupported" >&6; }
-else $as_nop
-  if test "x$ac_cv_prog_cc_c99" = x
+else case e in #(
+  e) if test "x$ac_cv_prog_cc_c99" = x
 then :
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
 printf "%s\n" "none needed" >&6; }
-else $as_nop
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c99" >&5
+else case e in #(
+  e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c99" >&5
 printf "%s\n" "$ac_cv_prog_cc_c99" >&6; }
-     CC="$CC $ac_cv_prog_cc_c99"
+     CC="$CC $ac_cv_prog_cc_c99" ;;
+esac
 fi
   ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c99
-  ac_prog_cc_stdc=c99
+  ac_prog_cc_stdc=c99 ;;
+esac
 fi
 fi
 if test x$ac_prog_cc_stdc = xno
@@ -4333,8 +4399,8 @@ printf %s "checking for $CC option to enable C89 features... " >&6; }
 if test ${ac_cv_prog_cc_c89+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  ac_cv_prog_cc_c89=no
+else case e in #(
+  e) ac_cv_prog_cc_c89=no
 ac_save_CC=$CC
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
@@ -4351,25 +4417,28 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam
   test "x$ac_cv_prog_cc_c89" != "xno" && break
 done
 rm -f conftest.$ac_ext
-CC=$ac_save_CC
+CC=$ac_save_CC ;;
+esac
 fi
 
 if test "x$ac_cv_prog_cc_c89" = xno
 then :
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
 printf "%s\n" "unsupported" >&6; }
-else $as_nop
-  if test "x$ac_cv_prog_cc_c89" = x
+else case e in #(
+  e) if test "x$ac_cv_prog_cc_c89" = x
 then :
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
 printf "%s\n" "none needed" >&6; }
-else $as_nop
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5
+else case e in #(
+  e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5
 printf "%s\n" "$ac_cv_prog_cc_c89" >&6; }
-     CC="$CC $ac_cv_prog_cc_c89"
+     CC="$CC $ac_cv_prog_cc_c89" ;;
+esac
 fi
   ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c89
-  ac_prog_cc_stdc=c89
+  ac_prog_cc_stdc=c89 ;;
+esac
 fi
 fi
 
@@ -4420,8 +4489,8 @@ printf %s "checking whether it is safe to define __EXTENSIONS__... " >&6; }
 if test ${ac_cv_safe_to_define___extensions__+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else case e in #(
+  e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 #         define __EXTENSIONS__ 1
@@ -4437,10 +4506,12 @@ _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
   ac_cv_safe_to_define___extensions__=yes
-else $as_nop
-  ac_cv_safe_to_define___extensions__=no
+else case e in #(
+  e) ac_cv_safe_to_define___extensions__=no ;;
+esac
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_safe_to_define___extensions__" >&5
 printf "%s\n" "$ac_cv_safe_to_define___extensions__" >&6; }
@@ -4450,8 +4521,8 @@ printf %s "checking whether _XOPEN_SOURCE should be defined... " >&6; }
 if test ${ac_cv_should_define__xopen_source+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  ac_cv_should_define__xopen_source=no
+else case e in #(
+  e) ac_cv_should_define__xopen_source=no
     if test $ac_cv_header_wchar_h = yes
 then :
   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@@ -4470,8 +4541,8 @@ _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
 
-else $as_nop
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else case e in #(
+  e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
             #define _XOPEN_SOURCE 500
@@ -4489,10 +4560,12 @@ if ac_fn_c_try_compile "$LINENO"
 then :
   ac_cv_should_define__xopen_source=yes
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
+fi ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_should_define__xopen_source" >&5
 printf "%s\n" "$ac_cv_should_define__xopen_source" >&6; }
@@ -4517,6 +4590,8 @@ printf "%s\n" "$ac_cv_should_define__xopen_source" >&6; }
 
   printf "%s\n" "#define __STDC_WANT_IEC_60559_DFP_EXT__ 1" >>confdefs.h
 
+  printf "%s\n" "#define __STDC_WANT_IEC_60559_EXT__ 1" >>confdefs.h
+
   printf "%s\n" "#define __STDC_WANT_IEC_60559_FUNCS_EXT__ 1" >>confdefs.h
 
   printf "%s\n" "#define __STDC_WANT_IEC_60559_TYPES_EXT__ 1" >>confdefs.h
@@ -4536,8 +4611,9 @@ then :
 
     printf "%s\n" "#define _POSIX_1_SOURCE 2" >>confdefs.h
 
-else $as_nop
-  MINIX=
+else case e in #(
+  e) MINIX= ;;
+esac
 fi
   if test $ac_cv_safe_to_define___extensions__ = yes
 then :
@@ -4632,13 +4708,14 @@ printf "%s\n" X"$ub_conf_file" |
 if test ${with_run_dir+y}
 then :
   withval=$with_run_dir; UNBOUND_RUN_DIR="$withval"
-else $as_nop
-  if test $on_mingw = no; then
+else case e in #(
+  e) if test $on_mingw = no; then
     UNBOUND_RUN_DIR=`dirname "$ub_conf_file"`
 else
     UNBOUND_RUN_DIR=""
 fi
-
+ ;;
+esac
 fi
 
 
@@ -4653,13 +4730,14 @@ printf "%s\n" "#define RUN_DIR \"$hdr_run\"" >>confdefs.h
 if test ${with_chroot_dir+y}
 then :
   withval=$with_chroot_dir; UNBOUND_CHROOT_DIR="$withval"
-else $as_nop
-  if test $on_mingw = no; then
+else case e in #(
+  e) if test $on_mingw = no; then
     UNBOUND_CHROOT_DIR="$UNBOUND_RUN_DIR"
 else
     UNBOUND_CHROOT_DIR=""
 fi
-
+ ;;
+esac
 fi
 
 
@@ -4674,8 +4752,9 @@ printf "%s\n" "#define CHROOT_DIR \"$hdr_chroot\"" >>confdefs.h
 if test ${with_share_dir+y}
 then :
   withval=$with_share_dir; UNBOUND_SHARE_DIR="$withval"
-else $as_nop
-  UNBOUND_SHARE_DIR="$UNBOUND_RUN_DIR"
+else case e in #(
+  e) UNBOUND_SHARE_DIR="$UNBOUND_RUN_DIR" ;;
+esac
 fi
 
 
@@ -4688,13 +4767,14 @@ printf "%s\n" "#define SHARE_DIR \"$UNBOUND_SHARE_DIR\"" >>confdefs.h
 if test ${with_pidfile+y}
 then :
   withval=$with_pidfile; UNBOUND_PIDFILE="$withval"
-else $as_nop
-  if test $on_mingw = no; then
+else case e in #(
+  e) if test $on_mingw = no; then
     UNBOUND_PIDFILE="$UNBOUND_RUN_DIR/unbound.pid"
 else
     UNBOUND_PIDFILE=""
 fi
-
+ ;;
+esac
 fi
 
 
@@ -4709,13 +4789,14 @@ printf "%s\n" "#define PIDFILE \"$hdr_pid\"" >>confdefs.h
 if test ${with_rootkey_file+y}
 then :
   withval=$with_rootkey_file; UNBOUND_ROOTKEY_FILE="$withval"
-else $as_nop
-  if test $on_mingw = no; then
+else case e in #(
+  e) if test $on_mingw = no; then
     UNBOUND_ROOTKEY_FILE="$UNBOUND_RUN_DIR/root.key"
 else
     UNBOUND_ROOTKEY_FILE="C:\\Program Files\\Unbound\\root.key"
 fi
-
+ ;;
+esac
 fi
 
 
@@ -4730,13 +4811,14 @@ printf "%s\n" "#define ROOT_ANCHOR_FILE \"$hdr_rkey\"" >>confdefs.h
 if test ${with_rootcert_file+y}
 then :
   withval=$with_rootcert_file; UNBOUND_ROOTCERT_FILE="$withval"
-else $as_nop
-  if test $on_mingw = no; then
+else case e in #(
+  e) if test $on_mingw = no; then
     UNBOUND_ROOTCERT_FILE="$UNBOUND_RUN_DIR/icannbundle.pem"
 else
     UNBOUND_ROOTCERT_FILE="C:\\Program Files\\Unbound\\icannbundle.pem"
 fi
-
+ ;;
+esac
 fi
 
 
@@ -4751,8 +4833,9 @@ printf "%s\n" "#define ROOT_CERT_FILE \"$hdr_rpem\"" >>confdefs.h
 if test ${with_username+y}
 then :
   withval=$with_username; UNBOUND_USERNAME="$withval"
-else $as_nop
-  UNBOUND_USERNAME="unbound"
+else case e in #(
+  e) UNBOUND_USERNAME="unbound" ;;
+esac
 fi
 
 
@@ -4775,8 +4858,8 @@ printf %s "checking for grep that handles long lines and -e... " >&6; }
 if test ${ac_cv_path_GREP+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -z "$GREP"; then
+else case e in #(
+  e) if test -z "$GREP"; then
   ac_path_GREP_found=false
   # Loop through the user's path and test for each of PROGNAME-LIST
   as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -4795,9 +4878,10 @@ do
       as_fn_executable_p "$ac_path_GREP" || continue
 # Check for GNU ac_path_GREP and select it if it is found.
   # Check for GNU $ac_path_GREP
-case `"$ac_path_GREP" --version 2>&1` in
+case `"$ac_path_GREP" --version 2>&1` in #(
 *GNU*)
   ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;;
+#(
 *)
   ac_count=0
   printf %s 0123456789 >"conftest.in"
@@ -4832,7 +4916,8 @@ IFS=$as_save_IFS
 else
   ac_cv_path_GREP=$GREP
 fi
-
+ ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5
 printf "%s\n" "$ac_cv_path_GREP" >&6; }
@@ -4846,8 +4931,8 @@ printf %s "checking for an ANSI C-conforming const... " >&6; }
 if test ${ac_cv_c_const+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else case e in #(
+  e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 int
@@ -4911,10 +4996,12 @@ _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
   ac_cv_c_const=yes
-else $as_nop
-  ac_cv_c_const=no
+else case e in #(
+  e) ac_cv_c_const=no ;;
+esac
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5
 printf "%s\n" "$ac_cv_c_const" >&6; }
@@ -4941,8 +5028,8 @@ cache=`echo g | sed 'y%.=/+-%___p_%'`
 if eval test \${cv_prog_cc_flag_$cache+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-
+else case e in #(
+  e)
 echo 'void f(void){}' >conftest.c
 if test -z "`$CC $CPPFLAGS $CFLAGS -g -c conftest.c 2>&1`"; then
 eval "cv_prog_cc_flag_$cache=yes"
@@ -4950,7 +5037,8 @@ else
 eval "cv_prog_cc_flag_$cache=no"
 fi
 rm -f conftest conftest.o conftest.c
-
+ ;;
+esac
 fi
 
 if eval "test \"`echo '$cv_prog_cc_flag_'$cache`\" = yes"; then
@@ -4973,8 +5061,8 @@ cache=`echo O2 | sed 'y%.=/+-%___p_%'`
 if eval test \${cv_prog_cc_flag_$cache+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-
+else case e in #(
+  e)
 echo 'void f(void){}' >conftest.c
 if test -z "`$CC $CPPFLAGS $CFLAGS -O2 -c conftest.c 2>&1`"; then
 eval "cv_prog_cc_flag_$cache=yes"
@@ -4982,7 +5070,8 @@ else
 eval "cv_prog_cc_flag_$cache=no"
 fi
 rm -f conftest conftest.o conftest.c
-
+ ;;
+esac
 fi
 
 if eval "test \"`echo '$cv_prog_cc_flag_'$cache`\" = yes"; then
@@ -5012,8 +5101,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_CC+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$CC"; then
+else case e in #(
+  e) if test -n "$CC"; then
   ac_cv_prog_CC="$CC" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -5035,7 +5124,8 @@ done
   done
 IFS=$as_save_IFS
 
-fi
+fi ;;
+esac
 fi
 CC=$ac_cv_prog_CC
 if test -n "$CC"; then
@@ -5057,8 +5147,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_ac_ct_CC+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$ac_ct_CC"; then
+else case e in #(
+  e) if test -n "$ac_ct_CC"; then
   ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -5080,7 +5170,8 @@ done
   done
 IFS=$as_save_IFS
 
-fi
+fi ;;
+esac
 fi
 ac_ct_CC=$ac_cv_prog_ac_ct_CC
 if test -n "$ac_ct_CC"; then
@@ -5115,8 +5206,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_CC+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$CC"; then
+else case e in #(
+  e) if test -n "$CC"; then
   ac_cv_prog_CC="$CC" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -5138,7 +5229,8 @@ done
   done
 IFS=$as_save_IFS
 
-fi
+fi ;;
+esac
 fi
 CC=$ac_cv_prog_CC
 if test -n "$CC"; then
@@ -5160,8 +5252,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_CC+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$CC"; then
+else case e in #(
+  e) if test -n "$CC"; then
   ac_cv_prog_CC="$CC" # Let the user override the test.
 else
   ac_prog_rejected=no
@@ -5200,7 +5292,8 @@ if test $ac_prog_rejected = yes; then
     ac_cv_prog_CC="$as_dir$ac_word${1+' '}$@"
   fi
 fi
-fi
+fi ;;
+esac
 fi
 CC=$ac_cv_prog_CC
 if test -n "$CC"; then
@@ -5224,8 +5317,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_CC+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$CC"; then
+else case e in #(
+  e) if test -n "$CC"; then
   ac_cv_prog_CC="$CC" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -5247,7 +5340,8 @@ done
   done
 IFS=$as_save_IFS
 
-fi
+fi ;;
+esac
 fi
 CC=$ac_cv_prog_CC
 if test -n "$CC"; then
@@ -5273,8 +5367,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_ac_ct_CC+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$ac_ct_CC"; then
+else case e in #(
+  e) if test -n "$ac_ct_CC"; then
   ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -5296,7 +5390,8 @@ done
   done
 IFS=$as_save_IFS
 
-fi
+fi ;;
+esac
 fi
 ac_ct_CC=$ac_cv_prog_ac_ct_CC
 if test -n "$ac_ct_CC"; then
@@ -5334,8 +5429,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_CC+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$CC"; then
+else case e in #(
+  e) if test -n "$CC"; then
   ac_cv_prog_CC="$CC" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -5357,7 +5452,8 @@ done
   done
 IFS=$as_save_IFS
 
-fi
+fi ;;
+esac
 fi
 CC=$ac_cv_prog_CC
 if test -n "$CC"; then
@@ -5379,8 +5475,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_ac_ct_CC+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$ac_ct_CC"; then
+else case e in #(
+  e) if test -n "$ac_ct_CC"; then
   ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -5402,7 +5498,8 @@ done
   done
 IFS=$as_save_IFS
 
-fi
+fi ;;
+esac
 fi
 ac_ct_CC=$ac_cv_prog_ac_ct_CC
 if test -n "$ac_ct_CC"; then
@@ -5431,10 +5528,10 @@ fi
 fi
 
 
-test -z "$CC" && { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+test -z "$CC" && { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;}
 as_fn_error $? "no acceptable C compiler found in \$PATH
-See \`config.log' for more details" "$LINENO" 5; }
+See 'config.log' for more details" "$LINENO" 5; }
 
 # Provide some information about the compiler.
 printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5
@@ -5466,8 +5563,8 @@ printf %s "checking whether the compiler supports GNU C... " >&6; }
 if test ${ac_cv_c_compiler_gnu+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else case e in #(
+  e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 int
@@ -5484,12 +5581,14 @@ _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
   ac_compiler_gnu=yes
-else $as_nop
-  ac_compiler_gnu=no
+else case e in #(
+  e) ac_compiler_gnu=no ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
 ac_cv_c_compiler_gnu=$ac_compiler_gnu
-
+ ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5
 printf "%s\n" "$ac_cv_c_compiler_gnu" >&6; }
@@ -5507,8 +5606,8 @@ printf %s "checking whether $CC accepts -g... " >&6; }
 if test ${ac_cv_prog_cc_g+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  ac_save_c_werror_flag=$ac_c_werror_flag
+else case e in #(
+  e) ac_save_c_werror_flag=$ac_c_werror_flag
    ac_c_werror_flag=yes
    ac_cv_prog_cc_g=no
    CFLAGS="-g"
@@ -5526,8 +5625,8 @@ _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
   ac_cv_prog_cc_g=yes
-else $as_nop
-  CFLAGS=""
+else case e in #(
+  e) CFLAGS=""
       cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
@@ -5542,8 +5641,8 @@ _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
 
-else $as_nop
-  ac_c_werror_flag=$ac_save_c_werror_flag
+else case e in #(
+  e) ac_c_werror_flag=$ac_save_c_werror_flag
 	 CFLAGS="-g"
 	 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
@@ -5560,12 +5659,15 @@ if ac_fn_c_try_compile "$LINENO"
 then :
   ac_cv_prog_cc_g=yes
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
+esac
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-   ac_c_werror_flag=$ac_save_c_werror_flag
+   ac_c_werror_flag=$ac_save_c_werror_flag ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5
 printf "%s\n" "$ac_cv_prog_cc_g" >&6; }
@@ -5592,8 +5694,8 @@ printf %s "checking for $CC option to enable C11 features... " >&6; }
 if test ${ac_cv_prog_cc_c11+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  ac_cv_prog_cc_c11=no
+else case e in #(
+  e) ac_cv_prog_cc_c11=no
 ac_save_CC=$CC
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
@@ -5610,25 +5712,28 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam
   test "x$ac_cv_prog_cc_c11" != "xno" && break
 done
 rm -f conftest.$ac_ext
-CC=$ac_save_CC
+CC=$ac_save_CC ;;
+esac
 fi
 
 if test "x$ac_cv_prog_cc_c11" = xno
 then :
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
 printf "%s\n" "unsupported" >&6; }
-else $as_nop
-  if test "x$ac_cv_prog_cc_c11" = x
+else case e in #(
+  e) if test "x$ac_cv_prog_cc_c11" = x
 then :
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
 printf "%s\n" "none needed" >&6; }
-else $as_nop
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c11" >&5
+else case e in #(
+  e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c11" >&5
 printf "%s\n" "$ac_cv_prog_cc_c11" >&6; }
-     CC="$CC $ac_cv_prog_cc_c11"
+     CC="$CC $ac_cv_prog_cc_c11" ;;
+esac
 fi
   ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c11
-  ac_prog_cc_stdc=c11
+  ac_prog_cc_stdc=c11 ;;
+esac
 fi
 fi
 if test x$ac_prog_cc_stdc = xno
@@ -5638,8 +5743,8 @@ printf %s "checking for $CC option to enable C99 features... " >&6; }
 if test ${ac_cv_prog_cc_c99+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  ac_cv_prog_cc_c99=no
+else case e in #(
+  e) ac_cv_prog_cc_c99=no
 ac_save_CC=$CC
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
@@ -5656,25 +5761,28 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam
   test "x$ac_cv_prog_cc_c99" != "xno" && break
 done
 rm -f conftest.$ac_ext
-CC=$ac_save_CC
+CC=$ac_save_CC ;;
+esac
 fi
 
 if test "x$ac_cv_prog_cc_c99" = xno
 then :
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
 printf "%s\n" "unsupported" >&6; }
-else $as_nop
-  if test "x$ac_cv_prog_cc_c99" = x
+else case e in #(
+  e) if test "x$ac_cv_prog_cc_c99" = x
 then :
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
 printf "%s\n" "none needed" >&6; }
-else $as_nop
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c99" >&5
+else case e in #(
+  e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c99" >&5
 printf "%s\n" "$ac_cv_prog_cc_c99" >&6; }
-     CC="$CC $ac_cv_prog_cc_c99"
+     CC="$CC $ac_cv_prog_cc_c99" ;;
+esac
 fi
   ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c99
-  ac_prog_cc_stdc=c99
+  ac_prog_cc_stdc=c99 ;;
+esac
 fi
 fi
 if test x$ac_prog_cc_stdc = xno
@@ -5684,8 +5792,8 @@ printf %s "checking for $CC option to enable C89 features... " >&6; }
 if test ${ac_cv_prog_cc_c89+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  ac_cv_prog_cc_c89=no
+else case e in #(
+  e) ac_cv_prog_cc_c89=no
 ac_save_CC=$CC
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
@@ -5702,25 +5810,28 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam
   test "x$ac_cv_prog_cc_c89" != "xno" && break
 done
 rm -f conftest.$ac_ext
-CC=$ac_save_CC
+CC=$ac_save_CC ;;
+esac
 fi
 
 if test "x$ac_cv_prog_cc_c89" = xno
 then :
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
 printf "%s\n" "unsupported" >&6; }
-else $as_nop
-  if test "x$ac_cv_prog_cc_c89" = x
+else case e in #(
+  e) if test "x$ac_cv_prog_cc_c89" = x
 then :
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
 printf "%s\n" "none needed" >&6; }
-else $as_nop
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5
+else case e in #(
+  e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5
 printf "%s\n" "$ac_cv_prog_cc_c89" >&6; }
-     CC="$CC $ac_cv_prog_cc_c89"
+     CC="$CC $ac_cv_prog_cc_c89" ;;
+esac
 fi
   ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c89
-  ac_prog_cc_stdc=c89
+  ac_prog_cc_stdc=c89 ;;
+esac
 fi
 fi
 
@@ -5757,8 +5868,8 @@ cache=`echo Werror | sed 'y%.=/+-%___p_%'`
 if eval test \${cv_prog_cc_flag_$cache+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-
+else case e in #(
+  e)
 echo 'void f(void){}' >conftest.c
 if test -z "`$CC $CPPFLAGS $CFLAGS -Werror -c conftest.c 2>&1`"; then
 eval "cv_prog_cc_flag_$cache=yes"
@@ -5766,7 +5877,8 @@ else
 eval "cv_prog_cc_flag_$cache=no"
 fi
 rm -f conftest conftest.o conftest.c
-
+ ;;
+esac
 fi
 
 if eval "test \"`echo '$cv_prog_cc_flag_'$cache`\" = yes"; then
@@ -5789,8 +5901,8 @@ cache=`echo Wall | sed 'y%.=/+-%___p_%'`
 if eval test \${cv_prog_cc_flag_$cache+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-
+else case e in #(
+  e)
 echo 'void f(void){}' >conftest.c
 if test -z "`$CC $CPPFLAGS $CFLAGS -Wall -c conftest.c 2>&1`"; then
 eval "cv_prog_cc_flag_$cache=yes"
@@ -5798,7 +5910,8 @@ else
 eval "cv_prog_cc_flag_$cache=no"
 fi
 rm -f conftest conftest.o conftest.c
-
+ ;;
+esac
 fi
 
 if eval "test \"`echo '$cv_prog_cc_flag_'$cache`\" = yes"; then
@@ -5823,8 +5936,8 @@ cache=`echo std=c99 | sed 'y%.=/+-%___p_%'`
 if eval test \${cv_prog_cc_flag_$cache+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-
+else case e in #(
+  e)
 echo 'void f(void){}' >conftest.c
 if test -z "`$CC $CPPFLAGS $CFLAGS -std=c99 -c conftest.c 2>&1`"; then
 eval "cv_prog_cc_flag_$cache=yes"
@@ -5832,7 +5945,8 @@ else
 eval "cv_prog_cc_flag_$cache=no"
 fi
 rm -f conftest conftest.o conftest.c
-
+ ;;
+esac
 fi
 
 if eval "test \"`echo '$cv_prog_cc_flag_'$cache`\" = yes"; then
@@ -5855,8 +5969,8 @@ cache=`echo xc99 | sed 'y%.=/+-%___p_%'`
 if eval test \${cv_prog_cc_flag_$cache+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-
+else case e in #(
+  e)
 echo 'void f(void){}' >conftest.c
 if test -z "`$CC $CPPFLAGS $CFLAGS -xc99 -c conftest.c 2>&1`"; then
 eval "cv_prog_cc_flag_$cache=yes"
@@ -5864,7 +5978,8 @@ else
 eval "cv_prog_cc_flag_$cache=no"
 fi
 rm -f conftest conftest.o conftest.c
-
+ ;;
+esac
 fi
 
 if eval "test \"`echo '$cv_prog_cc_flag_'$cache`\" = yes"; then
@@ -5901,12 +6016,12 @@ fi
 
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether we need $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE as a flag for $CC" >&5
 printf %s "checking whether we need $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE as a flag for $CC... " >&6; }
-cache=`printf "%s\n" "$C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE" | $as_tr_sh`
+cache=`printf "%s\n" "$C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE" | sed "$as_sed_sh"`
 if eval test \${cv_prog_cc_flag_needed_$cache+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-
+else case e in #(
+  e)
 echo '
 #include "confdefs.h"
 #include <stdlib.h>
@@ -5960,7 +6075,8 @@ fi
 
 fi
 rm -f conftest conftest.c conftest.o
-
+ ;;
+esac
 fi
 
 if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = yes"; then
@@ -5993,12 +6109,12 @@ fi
 
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether we need $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE as a flag for $CC" >&5
 printf %s "checking whether we need $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE as a flag for $CC... " >&6; }
-cache=`printf "%s\n" "$C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE" | $as_tr_sh`
+cache=`printf "%s\n" "$C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE" | sed "$as_sed_sh"`
 if eval test \${cv_prog_cc_flag_needed_$cache+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-
+else case e in #(
+  e)
 echo '
 #include "confdefs.h"
 #include <stdlib.h>
@@ -6052,7 +6168,8 @@ fi
 
 fi
 rm -f conftest conftest.c conftest.o
-
+ ;;
+esac
 fi
 
 if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = yes"; then
@@ -6085,12 +6202,12 @@ fi
 
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether we need $C99FLAG as a flag for $CC" >&5
 printf %s "checking whether we need $C99FLAG as a flag for $CC... " >&6; }
-cache=`printf "%s\n" "$C99FLAG" | $as_tr_sh`
+cache=`printf "%s\n" "$C99FLAG" | sed "$as_sed_sh"`
 if eval test \${cv_prog_cc_flag_needed_$cache+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-
+else case e in #(
+  e)
 echo '
 #include <stdbool.h>
 #include <ctype.h>
@@ -6117,7 +6234,8 @@ fi
 
 fi
 rm -f conftest conftest.c conftest.o
-
+ ;;
+esac
 fi
 
 if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = yes"; then
@@ -6154,8 +6272,8 @@ cache=_D_BSD_SOURCE__D_DEFAULT_SOURCE
 if eval test \${cv_prog_cc_flag_needed_$cache+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-
+else case e in #(
+  e)
 echo '
 #include <ctype.h>
 
@@ -6183,7 +6301,8 @@ fi
 
 fi
 rm -f conftest conftest.c conftest.o
-
+ ;;
+esac
 fi
 
 if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = yes"; then
@@ -6220,8 +6339,8 @@ cache=_D_GNU_SOURCE
 if eval test \${cv_prog_cc_flag_needed_$cache+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-
+else case e in #(
+  e)
 echo '
 #include <netinet/in.h>
 
@@ -6249,7 +6368,8 @@ fi
 
 fi
 rm -f conftest conftest.c conftest.o
-
+ ;;
+esac
 fi
 
 if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = yes"; then
@@ -6289,8 +6409,8 @@ cache=_D_GNU_SOURCE__D_FRSRESGID
 if eval test \${cv_prog_cc_flag_needed_$cache+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-
+else case e in #(
+  e)
 echo '
 #include <unistd.h>
 
@@ -6318,7 +6438,8 @@ fi
 
 fi
 rm -f conftest conftest.c conftest.o
-
+ ;;
+esac
 fi
 
 if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = yes"; then
@@ -6355,8 +6476,8 @@ cache=_D_POSIX_C_SOURCE_200112
 if eval test \${cv_prog_cc_flag_needed_$cache+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-
+else case e in #(
+  e)
 echo '
 #include "confdefs.h"
 #ifdef HAVE_TIME_H
@@ -6395,7 +6516,8 @@ fi
 
 fi
 rm -f conftest conftest.c conftest.o
-
+ ;;
+esac
 fi
 
 if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = yes"; then
@@ -6432,8 +6554,8 @@ cache=_D__EXTENSIONS__
 if eval test \${cv_prog_cc_flag_needed_$cache+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-
+else case e in #(
+  e)
 echo '
 #include "confdefs.h"
 #include <stdlib.h>
@@ -6478,7 +6600,8 @@ fi
 
 fi
 rm -f conftest conftest.c conftest.o
-
+ ;;
+esac
 fi
 
 if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = yes"; then
@@ -6534,8 +6657,8 @@ cache=`echo W | sed 'y%.=/+-%___p_%'`
 if eval test \${cv_prog_cc_flag_$cache+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-
+else case e in #(
+  e)
 echo 'void f(void){}' >conftest.c
 if test -z "`$CC $CPPFLAGS $CFLAGS -W -c conftest.c 2>&1`"; then
 eval "cv_prog_cc_flag_$cache=yes"
@@ -6543,7 +6666,8 @@ else
 eval "cv_prog_cc_flag_$cache=no"
 fi
 rm -f conftest conftest.o conftest.c
-
+ ;;
+esac
 fi
 
 if eval "test \"`echo '$cv_prog_cc_flag_'$cache`\" = yes"; then
@@ -6566,8 +6690,8 @@ cache=`echo Wall | sed 'y%.=/+-%___p_%'`
 if eval test \${cv_prog_cc_flag_$cache+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-
+else case e in #(
+  e)
 echo 'void f(void){}' >conftest.c
 if test -z "`$CC $CPPFLAGS $CFLAGS -Wall -c conftest.c 2>&1`"; then
 eval "cv_prog_cc_flag_$cache=yes"
@@ -6575,7 +6699,8 @@ else
 eval "cv_prog_cc_flag_$cache=no"
 fi
 rm -f conftest conftest.o conftest.c
-
+ ;;
+esac
 fi
 
 if eval "test \"`echo '$cv_prog_cc_flag_'$cache`\" = yes"; then
@@ -6598,8 +6723,8 @@ cache=`echo Wextra | sed 'y%.=/+-%___p_%'`
 if eval test \${cv_prog_cc_flag_$cache+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-
+else case e in #(
+  e)
 echo 'void f(void){}' >conftest.c
 if test -z "`$CC $CPPFLAGS $CFLAGS -Wextra -c conftest.c 2>&1`"; then
 eval "cv_prog_cc_flag_$cache=yes"
@@ -6607,7 +6732,8 @@ else
 eval "cv_prog_cc_flag_$cache=no"
 fi
 rm -f conftest conftest.o conftest.c
-
+ ;;
+esac
 fi
 
 if eval "test \"`echo '$cv_prog_cc_flag_'$cache`\" = yes"; then
@@ -6630,8 +6756,8 @@ cache=`echo Wdeclaration-after-statement | sed 'y%.=/+-%___p_%'`
 if eval test \${cv_prog_cc_flag_$cache+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-
+else case e in #(
+  e)
 echo 'void f(void){}' >conftest.c
 if test -z "`$CC $CPPFLAGS $CFLAGS -Wdeclaration-after-statement -c conftest.c 2>&1`"; then
 eval "cv_prog_cc_flag_$cache=yes"
@@ -6639,7 +6765,8 @@ else
 eval "cv_prog_cc_flag_$cache=no"
 fi
 rm -f conftest conftest.o conftest.c
-
+ ;;
+esac
 fi
 
 if eval "test \"`echo '$cv_prog_cc_flag_'$cache`\" = yes"; then
@@ -6704,9 +6831,10 @@ printf "%s\n" "yes" >&6; }
             fi
             rm -f conftest conftest.c conftest.o
 
-else $as_nop
-  CFLAGS="$BAKCFLAGS" ; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
+else case e in #(
+  e) CFLAGS="$BAKCFLAGS" ; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; } ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
@@ -6753,9 +6881,10 @@ printf "%s\n" "yes" >&6; }
 	    fi
 	    rm -f conftest conftest.c conftest.o
 
-else $as_nop
-  LDFLAGS="$BAKLDFLAGS" ; CFLAGS="$BAKCFLAGS" ; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
+else case e in #(
+  e) LDFLAGS="$BAKLDFLAGS" ; CFLAGS="$BAKCFLAGS" ; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; } ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
@@ -6800,9 +6929,10 @@ printf "%s\n" "yes" >&6; }
 	    fi
 	    rm -f conftest conftest.c conftest.o
 
-else $as_nop
-  LDFLAGS="$BAKLDFLAGS" ; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
+else case e in #(
+  e) LDFLAGS="$BAKLDFLAGS" ; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; } ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
@@ -6816,8 +6946,8 @@ printf %s "checking for inline... " >&6; }
 if test ${ac_cv_c_inline+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  ac_cv_c_inline=no
+else case e in #(
+  e) ac_cv_c_inline=no
 for ac_kw in inline __inline__ __inline; do
   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
@@ -6835,7 +6965,8 @@ fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
   test "$ac_cv_c_inline" != no && break
 done
-
+ ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_inline" >&5
 printf "%s\n" "$ac_cv_c_inline" >&6; }
@@ -6861,8 +6992,8 @@ printf %s "checking whether the C compiler (${CC-cc}) accepts the \"format\" att
 if test ${ac_cv_c_format_attribute+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  ac_cv_c_format_attribute=no
+else case e in #(
+  e) ac_cv_c_format_attribute=no
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 #include <stdio.h>
@@ -6882,11 +7013,13 @@ _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
   ac_cv_c_format_attribute="yes"
-else $as_nop
-  ac_cv_c_format_attribute="no"
+else case e in #(
+  e) ac_cv_c_format_attribute="no" ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-
+ ;;
+esac
 fi
 
 
@@ -6904,8 +7037,8 @@ printf %s "checking whether the C compiler (${CC-cc}) accepts the \"unused\" att
 if test ${ac_cv_c_unused_attribute+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  ac_cv_c_unused_attribute=no
+else case e in #(
+  e) ac_cv_c_unused_attribute=no
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 #include <stdio.h>
@@ -6924,11 +7057,13 @@ _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
   ac_cv_c_unused_attribute="yes"
-else $as_nop
-  ac_cv_c_unused_attribute="no"
+else case e in #(
+  e) ac_cv_c_unused_attribute="no" ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-
+ ;;
+esac
 fi
 
 
@@ -6950,8 +7085,8 @@ printf %s "checking whether the C compiler (${CC-cc}) accepts the \"weak\" attri
 if test ${ac_cv_c_weak_attribute+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  ac_cv_c_weak_attribute=no
+else case e in #(
+  e) ac_cv_c_weak_attribute=no
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
  #include <stdio.h>
@@ -6970,11 +7105,13 @@ _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
   ac_cv_c_weak_attribute="yes"
-else $as_nop
-  ac_cv_c_weak_attribute="no"
+else case e in #(
+  e) ac_cv_c_weak_attribute="no" ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-
+ ;;
+esac
 fi
 
 
@@ -7001,8 +7138,8 @@ printf %s "checking whether the C compiler (${CC-cc}) accepts the \"noreturn\" a
 if test ${ac_cv_c_noreturn_attribute+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  ac_cv_c_noreturn_attribute=no
+else case e in #(
+  e) ac_cv_c_noreturn_attribute=no
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
  #include <stdio.h>
@@ -7021,11 +7158,13 @@ _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
   ac_cv_c_noreturn_attribute="yes"
-else $as_nop
-  ac_cv_c_noreturn_attribute="no"
+else case e in #(
+  e) ac_cv_c_noreturn_attribute="no" ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-
+ ;;
+esac
 fi
 
 
@@ -7054,8 +7193,8 @@ CFLAGS="$CFLAGS -Werror"
 if test ${ac_cv_c_fallthrough_attribute+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  ac_cv_c_fallthrough_attribute=no
+else case e in #(
+  e) ac_cv_c_fallthrough_attribute=no
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
  #include <stdio.h>
@@ -7089,11 +7228,13 @@ _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
   ac_cv_c_fallthrough_attribute="yes"
-else $as_nop
-  ac_cv_c_fallthrough_attribute="no"
+else case e in #(
+  e) ac_cv_c_fallthrough_attribute="no" ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-
+ ;;
+esac
 fi
 
 CFLAGS="$BAKCFLAGS"
@@ -7131,8 +7272,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_LEX+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$LEX"; then
+else case e in #(
+  e) if test -n "$LEX"; then
   ac_cv_prog_LEX="$LEX" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -7154,7 +7295,8 @@ done
   done
 IFS=$as_save_IFS
 
-fi
+fi ;;
+esac
 fi
 LEX=$ac_cv_prog_LEX
 if test -n "$LEX"; then
@@ -7212,8 +7354,8 @@ printf %s "checking for lex output file root... " >&6; }
 if test ${ac_cv_prog_lex_root+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-
+else case e in #(
+  e)
 ac_cv_prog_lex_root=unknown
 { { ac_try="$LEX conftest.l"
 case "(($ac_try" in
@@ -7230,7 +7372,8 @@ if test -f lex.yy.c; then
   ac_cv_prog_lex_root=lex.yy
 elif test -f lexyy.c; then
   ac_cv_prog_lex_root=lexyy
-fi
+fi ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_lex_root" >&5
 printf "%s\n" "$ac_cv_prog_lex_root" >&6; }
@@ -7245,15 +7388,15 @@ LEX_OUTPUT_ROOT=$ac_cv_prog_lex_root
 if test ${LEXLIB+y}
 then :
 
-else $as_nop
-
+else case e in #(
+  e)
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for lex library" >&5
 printf %s "checking for lex library... " >&6; }
 if test ${ac_cv_lib_lex+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-
+else case e in #(
+  e)
     ac_save_LIBS="$LIBS"
     ac_found=false
     for ac_cv_lib_lex in 'none needed' -lfl -ll 'not found'; do
@@ -7283,7 +7426,8 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam \
       fi
     done
     LIBS="$ac_save_LIBS"
-
+   ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lex" >&5
 printf "%s\n" "$ac_cv_lib_lex" >&6; }
@@ -7295,10 +7439,12 @@ printf "%s\n" "$as_me: WARNING: required lex library not found; giving up on $LE
 elif test "$ac_cv_lib_lex" = 'none needed'
 then :
   LEXLIB=''
-else $as_nop
-  LEXLIB=$ac_cv_lib_lex
+else case e in #(
+  e) LEXLIB=$ac_cv_lib_lex ;;
+esac
 fi
-
+   ;;
+esac
 fi
 
 
@@ -7310,8 +7456,8 @@ printf %s "checking whether yytext is a pointer... " >&6; }
 if test ${ac_cv_prog_lex_yytext_pointer+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  # POSIX says lex can declare yytext either as a pointer or an array; the
+else case e in #(
+  e) # POSIX says lex can declare yytext either as a pointer or an array; the
 # default is implementation-dependent.  Figure out which it is, since
 # not all implementations provide the %pointer and %array declarations.
 ac_cv_prog_lex_yytext_pointer=no
@@ -7326,7 +7472,8 @@ then :
   ac_cv_prog_lex_yytext_pointer=yes
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-
+ ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_lex_yytext_pointer" >&5
 printf "%s\n" "$ac_cv_prog_lex_yytext_pointer" >&6; }
@@ -7386,8 +7533,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_YACC+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$YACC"; then
+else case e in #(
+  e) if test -n "$YACC"; then
   ac_cv_prog_YACC="$YACC" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -7409,7 +7556,8 @@ done
   done
 IFS=$as_save_IFS
 
-fi
+fi ;;
+esac
 fi
 YACC=$ac_cv_prog_YACC
 if test -n "$YACC"; then
@@ -7437,8 +7585,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_doxygen+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$doxygen"; then
+else case e in #(
+  e) if test -n "$doxygen"; then
   ac_cv_prog_doxygen="$doxygen" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -7460,7 +7608,8 @@ done
   done
 IFS=$as_save_IFS
 
-fi
+fi ;;
+esac
 fi
 doxygen=$ac_cv_prog_doxygen
 if test -n "$doxygen"; then
@@ -7480,8 +7629,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_STRIP+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$STRIP"; then
+else case e in #(
+  e) if test -n "$STRIP"; then
   ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -7503,7 +7652,8 @@ done
   done
 IFS=$as_save_IFS
 
-fi
+fi ;;
+esac
 fi
 STRIP=$ac_cv_prog_STRIP
 if test -n "$STRIP"; then
@@ -7525,8 +7675,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_ac_ct_STRIP+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$ac_ct_STRIP"; then
+else case e in #(
+  e) if test -n "$ac_ct_STRIP"; then
   ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -7548,7 +7698,8 @@ done
   done
 IFS=$as_save_IFS
 
-fi
+fi ;;
+esac
 fi
 ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
 if test -n "$ac_ct_STRIP"; then
@@ -7586,15 +7737,16 @@ printf %s "checking build system type... " >&6; }
 if test ${ac_cv_build+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  ac_build_alias=$build_alias
+else case e in #(
+  e) ac_build_alias=$build_alias
 test "x$ac_build_alias" = x &&
   ac_build_alias=`$SHELL "${ac_aux_dir}config.guess"`
 test "x$ac_build_alias" = x &&
   as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5
 ac_cv_build=`$SHELL "${ac_aux_dir}config.sub" $ac_build_alias` ||
   as_fn_error $? "$SHELL ${ac_aux_dir}config.sub $ac_build_alias failed" "$LINENO" 5
-
+ ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5
 printf "%s\n" "$ac_cv_build" >&6; }
@@ -7621,14 +7773,15 @@ printf %s "checking host system type... " >&6; }
 if test ${ac_cv_host+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test "x$host_alias" = x; then
+else case e in #(
+  e) if test "x$host_alias" = x; then
   ac_cv_host=$ac_cv_build
 else
   ac_cv_host=`$SHELL "${ac_aux_dir}config.sub" $host_alias` ||
     as_fn_error $? "$SHELL ${ac_aux_dir}config.sub $host_alias failed" "$LINENO" 5
 fi
-
+ ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5
 printf "%s\n" "$ac_cv_host" >&6; }
@@ -7678,8 +7831,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_path_AR+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  case $AR in
+else case e in #(
+  e) case $AR in
   [\\/]* | ?:[\\/]*)
   ac_cv_path_AR="$AR" # Let the user override the test with a path.
   ;;
@@ -7704,6 +7857,7 @@ done
 IFS=$as_save_IFS
 
   ;;
+esac ;;
 esac
 fi
 AR=$ac_cv_path_AR
@@ -7726,8 +7880,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_path_ac_pt_AR+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  case $ac_pt_AR in
+else case e in #(
+  e) case $ac_pt_AR in
   [\\/]* | ?:[\\/]*)
   ac_cv_path_ac_pt_AR="$ac_pt_AR" # Let the user override the test with a path.
   ;;
@@ -7752,6 +7906,7 @@ done
 IFS=$as_save_IFS
 
   ;;
+esac ;;
 esac
 fi
 ac_pt_AR=$ac_cv_path_ac_pt_AR
@@ -7883,8 +8038,8 @@ printf %s "checking for a sed that does not truncate output... " >&6; }
 if test ${ac_cv_path_SED+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-            ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/
+else case e in #(
+  e)           ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/
      for ac_i in 1 2 3 4 5 6 7; do
        ac_script="$ac_script$as_nl$ac_script"
      done
@@ -7909,9 +8064,10 @@ do
       as_fn_executable_p "$ac_path_SED" || continue
 # Check for GNU ac_path_SED and select it if it is found.
   # Check for GNU $ac_path_SED
-case `"$ac_path_SED" --version 2>&1` in
+case `"$ac_path_SED" --version 2>&1` in #(
 *GNU*)
   ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;;
+#(
 *)
   ac_count=0
   printf %s 0123456789 >"conftest.in"
@@ -7946,7 +8102,8 @@ IFS=$as_save_IFS
 else
   ac_cv_path_SED=$SED
 fi
-
+ ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5
 printf "%s\n" "$ac_cv_path_SED" >&6; }
@@ -7971,8 +8128,8 @@ printf %s "checking for egrep... " >&6; }
 if test ${ac_cv_path_EGREP+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if echo a | $GREP -E '(a|b)' >/dev/null 2>&1
+else case e in #(
+  e) if echo a | $GREP -E '(a|b)' >/dev/null 2>&1
    then ac_cv_path_EGREP="$GREP -E"
    else
      if test -z "$EGREP"; then
@@ -7994,9 +8151,10 @@ do
       as_fn_executable_p "$ac_path_EGREP" || continue
 # Check for GNU ac_path_EGREP and select it if it is found.
   # Check for GNU $ac_path_EGREP
-case `"$ac_path_EGREP" --version 2>&1` in
+case `"$ac_path_EGREP" --version 2>&1` in #(
 *GNU*)
   ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;;
+#(
 *)
   ac_count=0
   printf %s 0123456789 >"conftest.in"
@@ -8032,20 +8190,23 @@ else
   ac_cv_path_EGREP=$EGREP
 fi
 
-   fi
+   fi ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5
 printf "%s\n" "$ac_cv_path_EGREP" >&6; }
  EGREP="$ac_cv_path_EGREP"
 
+         EGREP_TRADITIONAL=$EGREP
+ ac_cv_path_EGREP_TRADITIONAL=$EGREP
 
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for fgrep" >&5
 printf %s "checking for fgrep... " >&6; }
 if test ${ac_cv_path_FGREP+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if echo 'ab*c' | $GREP -F 'ab*c' >/dev/null 2>&1
+else case e in #(
+  e) if echo 'ab*c' | $GREP -F 'ab*c' >/dev/null 2>&1
    then ac_cv_path_FGREP="$GREP -F"
    else
      if test -z "$FGREP"; then
@@ -8067,9 +8228,10 @@ do
       as_fn_executable_p "$ac_path_FGREP" || continue
 # Check for GNU ac_path_FGREP and select it if it is found.
   # Check for GNU $ac_path_FGREP
-case `"$ac_path_FGREP" --version 2>&1` in
+case `"$ac_path_FGREP" --version 2>&1` in #(
 *GNU*)
   ac_cv_path_FGREP="$ac_path_FGREP" ac_path_FGREP_found=:;;
+#(
 *)
   ac_count=0
   printf %s 0123456789 >"conftest.in"
@@ -8105,7 +8267,8 @@ else
   ac_cv_path_FGREP=$FGREP
 fi
 
-   fi
+   fi ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_FGREP" >&5
 printf "%s\n" "$ac_cv_path_FGREP" >&6; }
@@ -8136,8 +8299,9 @@ test -z "$GREP" && GREP=grep
 if test ${with_gnu_ld+y}
 then :
   withval=$with_gnu_ld; test no = "$withval" || with_gnu_ld=yes
-else $as_nop
-  with_gnu_ld=no
+else case e in #(
+  e) with_gnu_ld=no ;;
+esac
 fi
 
 ac_prog=ld
@@ -8182,8 +8346,8 @@ fi
 if test ${lt_cv_path_LD+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -z "$LD"; then
+else case e in #(
+  e) if test -z "$LD"; then
   lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
   for ac_dir in $PATH; do
     IFS=$lt_save_ifs
@@ -8206,7 +8370,8 @@ else $as_nop
   IFS=$lt_save_ifs
 else
   lt_cv_path_LD=$LD # Let the user override the test with a path.
-fi
+fi ;;
+esac
 fi
 
 LD=$lt_cv_path_LD
@@ -8223,8 +8388,8 @@ printf %s "checking if the linker ($LD) is GNU ld... " >&6; }
 if test ${lt_cv_prog_gnu_ld+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  # I'd rather use --version here, but apparently some GNU lds only accept -v.
+else case e in #(
+  e) # I'd rather use --version here, but apparently some GNU lds only accept -v.
 case `$LD -v 2>&1 </dev/null` in
 *GNU* | *'with BFD'*)
   lt_cv_prog_gnu_ld=yes
@@ -8232,6 +8397,7 @@ case `$LD -v 2>&1 </dev/null` in
 *)
   lt_cv_prog_gnu_ld=no
   ;;
+esac ;;
 esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_gnu_ld" >&5
@@ -8251,8 +8417,8 @@ printf %s "checking for BSD- or MS-compatible name lister (nm)... " >&6; }
 if test ${lt_cv_path_NM+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$NM"; then
+else case e in #(
+  e) if test -n "$NM"; then
   # Let the user override the test.
   lt_cv_path_NM=$NM
 else
@@ -8299,7 +8465,8 @@ else
     IFS=$lt_save_ifs
   done
   : ${lt_cv_path_NM=no}
-fi
+fi ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_NM" >&5
 printf "%s\n" "$lt_cv_path_NM" >&6; }
@@ -8320,8 +8487,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_DUMPBIN+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$DUMPBIN"; then
+else case e in #(
+  e) if test -n "$DUMPBIN"; then
   ac_cv_prog_DUMPBIN="$DUMPBIN" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -8343,7 +8510,8 @@ done
   done
 IFS=$as_save_IFS
 
-fi
+fi ;;
+esac
 fi
 DUMPBIN=$ac_cv_prog_DUMPBIN
 if test -n "$DUMPBIN"; then
@@ -8369,8 +8537,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_ac_ct_DUMPBIN+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$ac_ct_DUMPBIN"; then
+else case e in #(
+  e) if test -n "$ac_ct_DUMPBIN"; then
   ac_cv_prog_ac_ct_DUMPBIN="$ac_ct_DUMPBIN" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -8392,7 +8560,8 @@ done
   done
 IFS=$as_save_IFS
 
-fi
+fi ;;
+esac
 fi
 ac_ct_DUMPBIN=$ac_cv_prog_ac_ct_DUMPBIN
 if test -n "$ac_ct_DUMPBIN"; then
@@ -8446,8 +8615,8 @@ printf %s "checking the name lister ($NM) interface... " >&6; }
 if test ${lt_cv_nm_interface+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  lt_cv_nm_interface="BSD nm"
+else case e in #(
+  e) lt_cv_nm_interface="BSD nm"
   echo "int some_variable = 0;" > conftest.$ac_ext
   (eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&5)
   (eval "$ac_compile" 2>conftest.err)
@@ -8460,7 +8629,8 @@ else $as_nop
   if $GREP 'External.*some_variable' conftest.out > /dev/null; then
     lt_cv_nm_interface="MS dumpbin"
   fi
-  rm -f conftest*
+  rm -f conftest* ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_nm_interface" >&5
 printf "%s\n" "$lt_cv_nm_interface" >&6; }
@@ -8482,8 +8652,8 @@ printf %s "checking the maximum length of command line arguments... " >&6; }
 if test ${lt_cv_sys_max_cmd_len+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-    i=0
+else case e in #(
+  e)   i=0
   teststring=ABCD
 
   case $build_os in
@@ -8605,7 +8775,8 @@ else $as_nop
     fi
     ;;
   esac
-
+ ;;
+esac
 fi
 
 if test -n "$lt_cv_sys_max_cmd_len"; then
@@ -8662,8 +8833,8 @@ printf %s "checking how to convert $build file names to $host format... " >&6; }
 if test ${lt_cv_to_host_file_cmd+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  case $host in
+else case e in #(
+  e) case $host in
   *-*-mingw* )
     case $build in
       *-*-mingw* ) # actually msys
@@ -8694,7 +8865,8 @@ else $as_nop
     lt_cv_to_host_file_cmd=func_convert_file_noop
     ;;
 esac
-
+ ;;
+esac
 fi
 
 to_host_file_cmd=$lt_cv_to_host_file_cmd
@@ -8710,8 +8882,8 @@ printf %s "checking how to convert $build file names to toolchain format... " >&
 if test ${lt_cv_to_tool_file_cmd+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  #assume ordinary cross tools, or native build.
+else case e in #(
+  e) #assume ordinary cross tools, or native build.
 lt_cv_to_tool_file_cmd=func_convert_file_noop
 case $host in
   *-*-mingw* )
@@ -8722,7 +8894,8 @@ case $host in
     esac
     ;;
 esac
-
+ ;;
+esac
 fi
 
 to_tool_file_cmd=$lt_cv_to_tool_file_cmd
@@ -8738,8 +8911,9 @@ printf %s "checking for $LD option to reload object files... " >&6; }
 if test ${lt_cv_ld_reload_flag+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  lt_cv_ld_reload_flag='-r'
+else case e in #(
+  e) lt_cv_ld_reload_flag='-r' ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_reload_flag" >&5
 printf "%s\n" "$lt_cv_ld_reload_flag" >&6; }
@@ -8780,8 +8954,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_OBJDUMP+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$OBJDUMP"; then
+else case e in #(
+  e) if test -n "$OBJDUMP"; then
   ac_cv_prog_OBJDUMP="$OBJDUMP" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -8803,7 +8977,8 @@ done
   done
 IFS=$as_save_IFS
 
-fi
+fi ;;
+esac
 fi
 OBJDUMP=$ac_cv_prog_OBJDUMP
 if test -n "$OBJDUMP"; then
@@ -8825,8 +9000,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_ac_ct_OBJDUMP+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$ac_ct_OBJDUMP"; then
+else case e in #(
+  e) if test -n "$ac_ct_OBJDUMP"; then
   ac_cv_prog_ac_ct_OBJDUMP="$ac_ct_OBJDUMP" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -8848,7 +9023,8 @@ done
   done
 IFS=$as_save_IFS
 
-fi
+fi ;;
+esac
 fi
 ac_ct_OBJDUMP=$ac_cv_prog_ac_ct_OBJDUMP
 if test -n "$ac_ct_OBJDUMP"; then
@@ -8889,8 +9065,8 @@ printf %s "checking how to recognize dependent libraries... " >&6; }
 if test ${lt_cv_deplibs_check_method+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  lt_cv_file_magic_cmd='$MAGIC_CMD'
+else case e in #(
+  e) lt_cv_file_magic_cmd='$MAGIC_CMD'
 lt_cv_file_magic_test_file=
 lt_cv_deplibs_check_method='unknown'
 # Need to set the preceding variable on all platforms that support
@@ -9083,7 +9259,8 @@ os2*)
   lt_cv_deplibs_check_method=pass_all
   ;;
 esac
-
+ ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_deplibs_check_method" >&5
 printf "%s\n" "$lt_cv_deplibs_check_method" >&6; }
@@ -9135,8 +9312,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_DLLTOOL+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$DLLTOOL"; then
+else case e in #(
+  e) if test -n "$DLLTOOL"; then
   ac_cv_prog_DLLTOOL="$DLLTOOL" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -9158,7 +9335,8 @@ done
   done
 IFS=$as_save_IFS
 
-fi
+fi ;;
+esac
 fi
 DLLTOOL=$ac_cv_prog_DLLTOOL
 if test -n "$DLLTOOL"; then
@@ -9180,8 +9358,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_ac_ct_DLLTOOL+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$ac_ct_DLLTOOL"; then
+else case e in #(
+  e) if test -n "$ac_ct_DLLTOOL"; then
   ac_cv_prog_ac_ct_DLLTOOL="$ac_ct_DLLTOOL" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -9203,7 +9381,8 @@ done
   done
 IFS=$as_save_IFS
 
-fi
+fi ;;
+esac
 fi
 ac_ct_DLLTOOL=$ac_cv_prog_ac_ct_DLLTOOL
 if test -n "$ac_ct_DLLTOOL"; then
@@ -9245,8 +9424,8 @@ printf %s "checking how to associate runtime and link libraries... " >&6; }
 if test ${lt_cv_sharedlib_from_linklib_cmd+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  lt_cv_sharedlib_from_linklib_cmd='unknown'
+else case e in #(
+  e) lt_cv_sharedlib_from_linklib_cmd='unknown'
 
 case $host_os in
 cygwin* | mingw* | pw32* | cegcc*)
@@ -9266,7 +9445,8 @@ cygwin* | mingw* | pw32* | cegcc*)
   lt_cv_sharedlib_from_linklib_cmd=$ECHO
   ;;
 esac
-
+ ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sharedlib_from_linklib_cmd" >&5
 printf "%s\n" "$lt_cv_sharedlib_from_linklib_cmd" >&6; }
@@ -9289,8 +9469,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_AR+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$AR"; then
+else case e in #(
+  e) if test -n "$AR"; then
   ac_cv_prog_AR="$AR" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -9312,7 +9492,8 @@ done
   done
 IFS=$as_save_IFS
 
-fi
+fi ;;
+esac
 fi
 AR=$ac_cv_prog_AR
 if test -n "$AR"; then
@@ -9338,8 +9519,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_ac_ct_AR+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$ac_ct_AR"; then
+else case e in #(
+  e) if test -n "$ac_ct_AR"; then
   ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -9361,7 +9542,8 @@ done
   done
 IFS=$as_save_IFS
 
-fi
+fi ;;
+esac
 fi
 ac_ct_AR=$ac_cv_prog_ac_ct_AR
 if test -n "$ac_ct_AR"; then
@@ -9407,8 +9589,8 @@ printf %s "checking for archiver @FILE support... " >&6; }
 if test ${lt_cv_ar_at_file+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  lt_cv_ar_at_file=no
+else case e in #(
+  e) lt_cv_ar_at_file=no
    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
@@ -9445,7 +9627,8 @@ then :
 
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-
+   ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ar_at_file" >&5
 printf "%s\n" "$lt_cv_ar_at_file" >&6; }
@@ -9470,8 +9653,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_STRIP+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$STRIP"; then
+else case e in #(
+  e) if test -n "$STRIP"; then
   ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -9493,7 +9676,8 @@ done
   done
 IFS=$as_save_IFS
 
-fi
+fi ;;
+esac
 fi
 STRIP=$ac_cv_prog_STRIP
 if test -n "$STRIP"; then
@@ -9515,8 +9699,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_ac_ct_STRIP+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$ac_ct_STRIP"; then
+else case e in #(
+  e) if test -n "$ac_ct_STRIP"; then
   ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -9538,7 +9722,8 @@ done
   done
 IFS=$as_save_IFS
 
-fi
+fi ;;
+esac
 fi
 ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
 if test -n "$ac_ct_STRIP"; then
@@ -9579,8 +9764,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_RANLIB+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$RANLIB"; then
+else case e in #(
+  e) if test -n "$RANLIB"; then
   ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -9602,7 +9787,8 @@ done
   done
 IFS=$as_save_IFS
 
-fi
+fi ;;
+esac
 fi
 RANLIB=$ac_cv_prog_RANLIB
 if test -n "$RANLIB"; then
@@ -9624,8 +9810,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_ac_ct_RANLIB+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$ac_ct_RANLIB"; then
+else case e in #(
+  e) if test -n "$ac_ct_RANLIB"; then
   ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -9647,7 +9833,8 @@ done
   done
 IFS=$as_save_IFS
 
-fi
+fi ;;
+esac
 fi
 ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB
 if test -n "$ac_ct_RANLIB"; then
@@ -9733,8 +9920,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_AWK+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$AWK"; then
+else case e in #(
+  e) if test -n "$AWK"; then
   ac_cv_prog_AWK="$AWK" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -9756,7 +9943,8 @@ done
   done
 IFS=$as_save_IFS
 
-fi
+fi ;;
+esac
 fi
 AWK=$ac_cv_prog_AWK
 if test -n "$AWK"; then
@@ -9805,8 +9993,8 @@ printf %s "checking command to parse $NM output from $compiler object... " >&6;
 if test ${lt_cv_sys_global_symbol_pipe+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-
+else case e in #(
+  e)
 # These are sane defaults that work on at least a few old systems.
 # [They come from Ultrix.  What could be older than Ultrix?!! ;)]
 
@@ -10061,7 +10249,8 @@ _LT_EOF
     lt_cv_sys_global_symbol_pipe=
   fi
 done
-
+ ;;
+esac
 fi
 
 if test -z "$lt_cv_sys_global_symbol_pipe"; then
@@ -10125,8 +10314,9 @@ printf %s "checking for sysroot... " >&6; }
 if test ${with_sysroot+y}
 then :
   withval=$with_sysroot;
-else $as_nop
-  with_sysroot=no
+else case e in #(
+  e) with_sysroot=no ;;
+esac
 fi
 
 
@@ -10161,8 +10351,8 @@ printf %s "checking for a working dd... " >&6; }
 if test ${ac_cv_path_lt_DD+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  printf 0123456789abcdef0123456789abcdef >conftest.i
+else case e in #(
+  e) printf 0123456789abcdef0123456789abcdef >conftest.i
 cat conftest.i conftest.i >conftest2.i
 : ${lt_DD:=$DD}
 if test -z "$lt_DD"; then
@@ -10198,7 +10388,8 @@ else
   ac_cv_path_lt_DD=$lt_DD
 fi
 
-rm -f conftest.i conftest2.i conftest.out
+rm -f conftest.i conftest2.i conftest.out ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_lt_DD" >&5
 printf "%s\n" "$ac_cv_path_lt_DD" >&6; }
@@ -10209,8 +10400,8 @@ printf %s "checking how to truncate binary pipes... " >&6; }
 if test ${lt_cv_truncate_bin+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  printf 0123456789abcdef0123456789abcdef >conftest.i
+else case e in #(
+  e) printf 0123456789abcdef0123456789abcdef >conftest.i
 cat conftest.i conftest.i >conftest2.i
 lt_cv_truncate_bin=
 if "$ac_cv_path_lt_DD" bs=32 count=1 <conftest2.i >conftest.out 2>/dev/null; then
@@ -10218,7 +10409,8 @@ if "$ac_cv_path_lt_DD" bs=32 count=1 <conftest2.i >conftest.out 2>/dev/null; the
   && lt_cv_truncate_bin="$ac_cv_path_lt_DD bs=4096 count=1"
 fi
 rm -f conftest.i conftest2.i conftest.out
-test -z "$lt_cv_truncate_bin" && lt_cv_truncate_bin="$SED -e 4q"
+test -z "$lt_cv_truncate_bin" && lt_cv_truncate_bin="$SED -e 4q" ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_truncate_bin" >&5
 printf "%s\n" "$lt_cv_truncate_bin" >&6; }
@@ -10428,8 +10620,8 @@ printf %s "checking whether the C compiler needs -belf... " >&6; }
 if test ${lt_cv_cc_needs_belf+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  ac_ext=c
+else case e in #(
+  e) ac_ext=c
 ac_cpp='$CPP $CPPFLAGS'
 ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
 ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
@@ -10449,8 +10641,9 @@ _ACEOF
 if ac_fn_c_try_link "$LINENO"
 then :
   lt_cv_cc_needs_belf=yes
-else $as_nop
-  lt_cv_cc_needs_belf=no
+else case e in #(
+  e) lt_cv_cc_needs_belf=no ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
@@ -10459,7 +10652,8 @@ ac_cpp='$CPP $CPPFLAGS'
 ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
 ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
 ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
+ ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_cc_needs_belf" >&5
 printf "%s\n" "$lt_cv_cc_needs_belf" >&6; }
@@ -10517,8 +10711,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_MANIFEST_TOOL+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$MANIFEST_TOOL"; then
+else case e in #(
+  e) if test -n "$MANIFEST_TOOL"; then
   ac_cv_prog_MANIFEST_TOOL="$MANIFEST_TOOL" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -10540,7 +10734,8 @@ done
   done
 IFS=$as_save_IFS
 
-fi
+fi ;;
+esac
 fi
 MANIFEST_TOOL=$ac_cv_prog_MANIFEST_TOOL
 if test -n "$MANIFEST_TOOL"; then
@@ -10562,8 +10757,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_ac_ct_MANIFEST_TOOL+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$ac_ct_MANIFEST_TOOL"; then
+else case e in #(
+  e) if test -n "$ac_ct_MANIFEST_TOOL"; then
   ac_cv_prog_ac_ct_MANIFEST_TOOL="$ac_ct_MANIFEST_TOOL" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -10585,7 +10780,8 @@ done
   done
 IFS=$as_save_IFS
 
-fi
+fi ;;
+esac
 fi
 ac_ct_MANIFEST_TOOL=$ac_cv_prog_ac_ct_MANIFEST_TOOL
 if test -n "$ac_ct_MANIFEST_TOOL"; then
@@ -10617,15 +10813,16 @@ printf %s "checking if $MANIFEST_TOOL is a manifest tool... " >&6; }
 if test ${lt_cv_path_mainfest_tool+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  lt_cv_path_mainfest_tool=no
+else case e in #(
+  e) lt_cv_path_mainfest_tool=no
   echo "$as_me:$LINENO: $MANIFEST_TOOL '-?'" >&5
   $MANIFEST_TOOL '-?' 2>conftest.err > conftest.out
   cat conftest.err >&5
   if $GREP 'Manifest Tool' conftest.out > /dev/null; then
     lt_cv_path_mainfest_tool=yes
   fi
-  rm -f conftest*
+  rm -f conftest* ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_mainfest_tool" >&5
 printf "%s\n" "$lt_cv_path_mainfest_tool" >&6; }
@@ -10648,8 +10845,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_DSYMUTIL+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$DSYMUTIL"; then
+else case e in #(
+  e) if test -n "$DSYMUTIL"; then
   ac_cv_prog_DSYMUTIL="$DSYMUTIL" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -10671,7 +10868,8 @@ done
   done
 IFS=$as_save_IFS
 
-fi
+fi ;;
+esac
 fi
 DSYMUTIL=$ac_cv_prog_DSYMUTIL
 if test -n "$DSYMUTIL"; then
@@ -10693,8 +10891,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_ac_ct_DSYMUTIL+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$ac_ct_DSYMUTIL"; then
+else case e in #(
+  e) if test -n "$ac_ct_DSYMUTIL"; then
   ac_cv_prog_ac_ct_DSYMUTIL="$ac_ct_DSYMUTIL" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -10716,7 +10914,8 @@ done
   done
 IFS=$as_save_IFS
 
-fi
+fi ;;
+esac
 fi
 ac_ct_DSYMUTIL=$ac_cv_prog_ac_ct_DSYMUTIL
 if test -n "$ac_ct_DSYMUTIL"; then
@@ -10750,8 +10949,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_NMEDIT+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$NMEDIT"; then
+else case e in #(
+  e) if test -n "$NMEDIT"; then
   ac_cv_prog_NMEDIT="$NMEDIT" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -10773,7 +10972,8 @@ done
   done
 IFS=$as_save_IFS
 
-fi
+fi ;;
+esac
 fi
 NMEDIT=$ac_cv_prog_NMEDIT
 if test -n "$NMEDIT"; then
@@ -10795,8 +10995,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_ac_ct_NMEDIT+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$ac_ct_NMEDIT"; then
+else case e in #(
+  e) if test -n "$ac_ct_NMEDIT"; then
   ac_cv_prog_ac_ct_NMEDIT="$ac_ct_NMEDIT" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -10818,7 +11018,8 @@ done
   done
 IFS=$as_save_IFS
 
-fi
+fi ;;
+esac
 fi
 ac_ct_NMEDIT=$ac_cv_prog_ac_ct_NMEDIT
 if test -n "$ac_ct_NMEDIT"; then
@@ -10852,8 +11053,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_LIPO+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$LIPO"; then
+else case e in #(
+  e) if test -n "$LIPO"; then
   ac_cv_prog_LIPO="$LIPO" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -10875,7 +11076,8 @@ done
   done
 IFS=$as_save_IFS
 
-fi
+fi ;;
+esac
 fi
 LIPO=$ac_cv_prog_LIPO
 if test -n "$LIPO"; then
@@ -10897,8 +11099,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_ac_ct_LIPO+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$ac_ct_LIPO"; then
+else case e in #(
+  e) if test -n "$ac_ct_LIPO"; then
   ac_cv_prog_ac_ct_LIPO="$ac_ct_LIPO" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -10920,7 +11122,8 @@ done
   done
 IFS=$as_save_IFS
 
-fi
+fi ;;
+esac
 fi
 ac_ct_LIPO=$ac_cv_prog_ac_ct_LIPO
 if test -n "$ac_ct_LIPO"; then
@@ -10954,8 +11157,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_OTOOL+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$OTOOL"; then
+else case e in #(
+  e) if test -n "$OTOOL"; then
   ac_cv_prog_OTOOL="$OTOOL" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -10977,7 +11180,8 @@ done
   done
 IFS=$as_save_IFS
 
-fi
+fi ;;
+esac
 fi
 OTOOL=$ac_cv_prog_OTOOL
 if test -n "$OTOOL"; then
@@ -10999,8 +11203,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_ac_ct_OTOOL+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$ac_ct_OTOOL"; then
+else case e in #(
+  e) if test -n "$ac_ct_OTOOL"; then
   ac_cv_prog_ac_ct_OTOOL="$ac_ct_OTOOL" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -11022,7 +11226,8 @@ done
   done
 IFS=$as_save_IFS
 
-fi
+fi ;;
+esac
 fi
 ac_ct_OTOOL=$ac_cv_prog_ac_ct_OTOOL
 if test -n "$ac_ct_OTOOL"; then
@@ -11056,8 +11261,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_OTOOL64+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$OTOOL64"; then
+else case e in #(
+  e) if test -n "$OTOOL64"; then
   ac_cv_prog_OTOOL64="$OTOOL64" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -11079,7 +11284,8 @@ done
   done
 IFS=$as_save_IFS
 
-fi
+fi ;;
+esac
 fi
 OTOOL64=$ac_cv_prog_OTOOL64
 if test -n "$OTOOL64"; then
@@ -11101,8 +11307,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_ac_ct_OTOOL64+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$ac_ct_OTOOL64"; then
+else case e in #(
+  e) if test -n "$ac_ct_OTOOL64"; then
   ac_cv_prog_ac_ct_OTOOL64="$ac_ct_OTOOL64" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -11124,7 +11330,8 @@ done
   done
 IFS=$as_save_IFS
 
-fi
+fi ;;
+esac
 fi
 ac_ct_OTOOL64=$ac_cv_prog_ac_ct_OTOOL64
 if test -n "$ac_ct_OTOOL64"; then
@@ -11181,8 +11388,8 @@ printf %s "checking for -single_module linker flag... " >&6; }
 if test ${lt_cv_apple_cc_single_mod+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  lt_cv_apple_cc_single_mod=no
+else case e in #(
+  e) lt_cv_apple_cc_single_mod=no
       if test -z "$LT_MULTI_MODULE"; then
 	# By default we will add the -single_module flag. You can override
 	# by either setting the environment variable LT_MULTI_MODULE
@@ -11208,7 +11415,8 @@ else $as_nop
 	fi
 	rm -rf libconftest.dylib*
 	rm -f conftest.*
-      fi
+      fi ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_apple_cc_single_mod" >&5
 printf "%s\n" "$lt_cv_apple_cc_single_mod" >&6; }
@@ -11218,8 +11426,8 @@ printf %s "checking for -exported_symbols_list linker flag... " >&6; }
 if test ${lt_cv_ld_exported_symbols_list+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  lt_cv_ld_exported_symbols_list=no
+else case e in #(
+  e) lt_cv_ld_exported_symbols_list=no
       save_LDFLAGS=$LDFLAGS
       echo "_main" > conftest.sym
       LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym"
@@ -11237,13 +11445,15 @@ _ACEOF
 if ac_fn_c_try_link "$LINENO"
 then :
   lt_cv_ld_exported_symbols_list=yes
-else $as_nop
-  lt_cv_ld_exported_symbols_list=no
+else case e in #(
+  e) lt_cv_ld_exported_symbols_list=no ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
 	LDFLAGS=$save_LDFLAGS
-
+     ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5
 printf "%s\n" "$lt_cv_ld_exported_symbols_list" >&6; }
@@ -11253,8 +11463,8 @@ printf %s "checking for -force_load linker flag... " >&6; }
 if test ${lt_cv_ld_force_load+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  lt_cv_ld_force_load=no
+else case e in #(
+  e) lt_cv_ld_force_load=no
       cat > conftest.c << _LT_EOF
 int forced_loaded() { return 2;}
 _LT_EOF
@@ -11279,7 +11489,8 @@ _LT_EOF
       fi
         rm -f conftest.err libconftest.a conftest conftest.c
         rm -rf conftest.dSYM
-
+     ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_force_load" >&5
 printf "%s\n" "$lt_cv_ld_force_load" >&6; }
@@ -11397,8 +11608,9 @@ then :
       IFS=$lt_save_ifs
       ;;
     esac
-else $as_nop
-  enable_shared=yes
+else case e in #(
+  e) enable_shared=yes ;;
+esac
 fi
 
 
@@ -11429,8 +11641,9 @@ then :
       IFS=$lt_save_ifs
       ;;
     esac
-else $as_nop
-  enable_static=yes
+else case e in #(
+  e) enable_static=yes ;;
+esac
 fi
 
 
@@ -11461,8 +11674,9 @@ then :
       IFS=$lt_save_ifs
       ;;
     esac
-else $as_nop
-  pic_mode=default
+else case e in #(
+  e) pic_mode=default ;;
+esac
 fi
 
 
@@ -11492,8 +11706,9 @@ then :
       IFS=$lt_save_ifs
       ;;
     esac
-else $as_nop
-  enable_fast_install=yes
+else case e in #(
+  e) enable_fast_install=yes ;;
+esac
 fi
 
 
@@ -11520,15 +11735,17 @@ then :
       ;;
     esac
     lt_cv_with_aix_soname=$with_aix_soname
-else $as_nop
-  if test ${lt_cv_with_aix_soname+y}
+else case e in #(
+  e) if test ${lt_cv_with_aix_soname+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  lt_cv_with_aix_soname=aix
+else case e in #(
+  e) lt_cv_with_aix_soname=aix ;;
+esac
 fi
 
-    with_aix_soname=$lt_cv_with_aix_soname
+    with_aix_soname=$lt_cv_with_aix_soname ;;
+esac
 fi
 
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $with_aix_soname" >&5
@@ -11619,8 +11836,8 @@ printf %s "checking for objdir... " >&6; }
 if test ${lt_cv_objdir+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  rm -f .libs 2>/dev/null
+else case e in #(
+  e) rm -f .libs 2>/dev/null
 mkdir .libs 2>/dev/null
 if test -d .libs; then
   lt_cv_objdir=.libs
@@ -11628,7 +11845,8 @@ else
   # MS-DOS does not allow filenames that begin with a dot.
   lt_cv_objdir=_libs
 fi
-rmdir .libs 2>/dev/null
+rmdir .libs 2>/dev/null ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_objdir" >&5
 printf "%s\n" "$lt_cv_objdir" >&6; }
@@ -11689,8 +11907,8 @@ printf %s "checking for ${ac_tool_prefix}file... " >&6; }
 if test ${lt_cv_path_MAGIC_CMD+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  case $MAGIC_CMD in
+else case e in #(
+  e) case $MAGIC_CMD in
 [\\/*] |  ?:[\\/]*)
   lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path.
   ;;
@@ -11733,6 +11951,7 @@ _LT_EOF
   IFS=$lt_save_ifs
   MAGIC_CMD=$lt_save_MAGIC_CMD
   ;;
+esac ;;
 esac
 fi
 
@@ -11756,8 +11975,8 @@ printf %s "checking for file... " >&6; }
 if test ${lt_cv_path_MAGIC_CMD+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  case $MAGIC_CMD in
+else case e in #(
+  e) case $MAGIC_CMD in
 [\\/*] |  ?:[\\/]*)
   lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path.
   ;;
@@ -11800,6 +12019,7 @@ _LT_EOF
   IFS=$lt_save_ifs
   MAGIC_CMD=$lt_save_MAGIC_CMD
   ;;
+esac ;;
 esac
 fi
 
@@ -11895,8 +12115,8 @@ printf %s "checking if $compiler supports -fno-rtti -fno-exceptions... " >&6; }
 if test ${lt_cv_prog_compiler_rtti_exceptions+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  lt_cv_prog_compiler_rtti_exceptions=no
+else case e in #(
+  e) lt_cv_prog_compiler_rtti_exceptions=no
    ac_outfile=conftest.$ac_objext
    echo "$lt_simple_compile_test_code" > conftest.$ac_ext
    lt_compiler_flag="-fno-rtti -fno-exceptions"  ## exclude from sc_useless_quotes_in_assignment
@@ -11924,7 +12144,8 @@ else $as_nop
      fi
    fi
    $RM conftest*
-
+ ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_rtti_exceptions" >&5
 printf "%s\n" "$lt_cv_prog_compiler_rtti_exceptions" >&6; }
@@ -12289,8 +12510,9 @@ printf %s "checking for $compiler option to produce PIC... " >&6; }
 if test ${lt_cv_prog_compiler_pic+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  lt_cv_prog_compiler_pic=$lt_prog_compiler_pic
+else case e in #(
+  e) lt_cv_prog_compiler_pic=$lt_prog_compiler_pic ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic" >&5
 printf "%s\n" "$lt_cv_prog_compiler_pic" >&6; }
@@ -12305,8 +12527,8 @@ printf %s "checking if $compiler PIC flag $lt_prog_compiler_pic works... " >&6;
 if test ${lt_cv_prog_compiler_pic_works+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  lt_cv_prog_compiler_pic_works=no
+else case e in #(
+  e) lt_cv_prog_compiler_pic_works=no
    ac_outfile=conftest.$ac_objext
    echo "$lt_simple_compile_test_code" > conftest.$ac_ext
    lt_compiler_flag="$lt_prog_compiler_pic -DPIC"  ## exclude from sc_useless_quotes_in_assignment
@@ -12334,7 +12556,8 @@ else $as_nop
      fi
    fi
    $RM conftest*
-
+ ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works" >&5
 printf "%s\n" "$lt_cv_prog_compiler_pic_works" >&6; }
@@ -12370,8 +12593,8 @@ printf %s "checking if $compiler static flag $lt_tmp_static_flag works... " >&6;
 if test ${lt_cv_prog_compiler_static_works+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  lt_cv_prog_compiler_static_works=no
+else case e in #(
+  e) lt_cv_prog_compiler_static_works=no
    save_LDFLAGS=$LDFLAGS
    LDFLAGS="$LDFLAGS $lt_tmp_static_flag"
    echo "$lt_simple_link_test_code" > conftest.$ac_ext
@@ -12392,7 +12615,8 @@ else $as_nop
    fi
    $RM -r conftest*
    LDFLAGS=$save_LDFLAGS
-
+ ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works" >&5
 printf "%s\n" "$lt_cv_prog_compiler_static_works" >&6; }
@@ -12414,8 +12638,8 @@ printf %s "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
 if test ${lt_cv_prog_compiler_c_o+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  lt_cv_prog_compiler_c_o=no
+else case e in #(
+  e) lt_cv_prog_compiler_c_o=no
    $RM -r conftest 2>/dev/null
    mkdir conftest
    cd conftest
@@ -12455,7 +12679,8 @@ else $as_nop
    cd ..
    $RM -r conftest
    $RM conftest*
-
+ ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5
 printf "%s\n" "$lt_cv_prog_compiler_c_o" >&6; }
@@ -12470,8 +12695,8 @@ printf %s "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
 if test ${lt_cv_prog_compiler_c_o+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  lt_cv_prog_compiler_c_o=no
+else case e in #(
+  e) lt_cv_prog_compiler_c_o=no
    $RM -r conftest 2>/dev/null
    mkdir conftest
    cd conftest
@@ -12511,7 +12736,8 @@ else $as_nop
    cd ..
    $RM -r conftest
    $RM conftest*
-
+ ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5
 printf "%s\n" "$lt_cv_prog_compiler_c_o" >&6; }
@@ -13105,8 +13331,8 @@ else
   if test ${lt_cv_aix_libpath_+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else case e in #(
+  e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 int
@@ -13138,7 +13364,8 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam \
   if test -z "$lt_cv_aix_libpath_"; then
     lt_cv_aix_libpath_=/usr/lib:/lib
   fi
-
+   ;;
+esac
 fi
 
   aix_libpath=$lt_cv_aix_libpath_
@@ -13160,8 +13387,8 @@ else
   if test ${lt_cv_aix_libpath_+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else case e in #(
+  e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 int
@@ -13193,7 +13420,8 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam \
   if test -z "$lt_cv_aix_libpath_"; then
     lt_cv_aix_libpath_=/usr/lib:/lib
   fi
-
+   ;;
+esac
 fi
 
   aix_libpath=$lt_cv_aix_libpath_
@@ -13444,8 +13672,8 @@ printf %s "checking if $CC understands -b... " >&6; }
 if test ${lt_cv_prog_compiler__b+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  lt_cv_prog_compiler__b=no
+else case e in #(
+  e) lt_cv_prog_compiler__b=no
    save_LDFLAGS=$LDFLAGS
    LDFLAGS="$LDFLAGS -b"
    echo "$lt_simple_link_test_code" > conftest.$ac_ext
@@ -13466,7 +13694,8 @@ else $as_nop
    fi
    $RM -r conftest*
    LDFLAGS=$save_LDFLAGS
-
+ ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler__b" >&5
 printf "%s\n" "$lt_cv_prog_compiler__b" >&6; }
@@ -13514,8 +13743,8 @@ printf %s "checking whether the $host_os linker accepts -exported_symbol... " >&
 if test ${lt_cv_irix_exported_symbol+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  save_LDFLAGS=$LDFLAGS
+else case e in #(
+  e) save_LDFLAGS=$LDFLAGS
 	   LDFLAGS="$LDFLAGS -shared $wl-exported_symbol ${wl}foo $wl-update_registry $wl/dev/null"
 	   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
@@ -13524,12 +13753,14 @@ _ACEOF
 if ac_fn_c_try_link "$LINENO"
 then :
   lt_cv_irix_exported_symbol=yes
-else $as_nop
-  lt_cv_irix_exported_symbol=no
+else case e in #(
+  e) lt_cv_irix_exported_symbol=no ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
-           LDFLAGS=$save_LDFLAGS
+           LDFLAGS=$save_LDFLAGS ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_irix_exported_symbol" >&5
 printf "%s\n" "$lt_cv_irix_exported_symbol" >&6; }
@@ -13854,8 +14085,8 @@ printf %s "checking whether -lc should be explicitly linked in... " >&6; }
 if test ${lt_cv_archive_cmds_need_lc+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  $RM conftest*
+else case e in #(
+  e) $RM conftest*
 	echo "$lt_simple_compile_test_code" > conftest.$ac_ext
 
 	if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
@@ -13891,7 +14122,8 @@ else $as_nop
 	  cat conftest.err 1>&5
 	fi
 	$RM conftest*
-
+	 ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_archive_cmds_need_lc" >&5
 printf "%s\n" "$lt_cv_archive_cmds_need_lc" >&6; }
@@ -14618,8 +14850,8 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
   if test ${lt_cv_shlibpath_overrides_runpath+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  lt_cv_shlibpath_overrides_runpath=no
+else case e in #(
+  e) lt_cv_shlibpath_overrides_runpath=no
     save_LDFLAGS=$LDFLAGS
     save_libdir=$libdir
     eval "libdir=/foo; wl=\"$lt_prog_compiler_wl\"; \
@@ -14646,7 +14878,8 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
     LDFLAGS=$save_LDFLAGS
     libdir=$save_libdir
-
+     ;;
+esac
 fi
 
   shlibpath_overrides_runpath=$lt_cv_shlibpath_overrides_runpath
@@ -15074,16 +15307,22 @@ printf %s "checking for dlopen in -ldl... " >&6; }
 if test ${ac_cv_lib_dl_dlopen+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  ac_check_lib_save_LIBS=$LIBS
+else case e in #(
+  e) ac_check_lib_save_LIBS=$LIBS
 LIBS="-ldl  $LIBS"
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-char dlopen ();
+   builtin and then its argument prototype would still apply.
+   The 'extern "C"' is for builds by C++ compilers;
+   although this is not generally supported in C code supporting it here
+   has little cost and some practical benefit (sr 110532).  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dlopen (void);
 int
 main (void)
 {
@@ -15095,24 +15334,27 @@ _ACEOF
 if ac_fn_c_try_link "$LINENO"
 then :
   ac_cv_lib_dl_dlopen=yes
-else $as_nop
-  ac_cv_lib_dl_dlopen=no
+else case e in #(
+  e) ac_cv_lib_dl_dlopen=no ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
+LIBS=$ac_check_lib_save_LIBS ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
 printf "%s\n" "$ac_cv_lib_dl_dlopen" >&6; }
 if test "x$ac_cv_lib_dl_dlopen" = xyes
 then :
   lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl
-else $as_nop
-
+else case e in #(
+  e)
     lt_cv_dlopen=dyld
     lt_cv_dlopen_libs=
     lt_cv_dlopen_self=yes
-
+     ;;
+esac
 fi
 
     ;;
@@ -15130,22 +15372,28 @@ fi
 if test "x$ac_cv_func_shl_load" = xyes
 then :
   lt_cv_dlopen=shl_load
-else $as_nop
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5
+else case e in #(
+  e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5
 printf %s "checking for shl_load in -ldld... " >&6; }
 if test ${ac_cv_lib_dld_shl_load+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  ac_check_lib_save_LIBS=$LIBS
+else case e in #(
+  e) ac_check_lib_save_LIBS=$LIBS
 LIBS="-ldld  $LIBS"
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-char shl_load ();
+   builtin and then its argument prototype would still apply.
+   The 'extern "C"' is for builds by C++ compilers;
+   although this is not generally supported in C code supporting it here
+   has little cost and some practical benefit (sr 110532).  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char shl_load (void);
 int
 main (void)
 {
@@ -15157,39 +15405,47 @@ _ACEOF
 if ac_fn_c_try_link "$LINENO"
 then :
   ac_cv_lib_dld_shl_load=yes
-else $as_nop
-  ac_cv_lib_dld_shl_load=no
+else case e in #(
+  e) ac_cv_lib_dld_shl_load=no ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
+LIBS=$ac_check_lib_save_LIBS ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5
 printf "%s\n" "$ac_cv_lib_dld_shl_load" >&6; }
 if test "x$ac_cv_lib_dld_shl_load" = xyes
 then :
   lt_cv_dlopen=shl_load lt_cv_dlopen_libs=-ldld
-else $as_nop
-  ac_fn_c_check_func "$LINENO" "dlopen" "ac_cv_func_dlopen"
+else case e in #(
+  e) ac_fn_c_check_func "$LINENO" "dlopen" "ac_cv_func_dlopen"
 if test "x$ac_cv_func_dlopen" = xyes
 then :
   lt_cv_dlopen=dlopen
-else $as_nop
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
+else case e in #(
+  e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
 printf %s "checking for dlopen in -ldl... " >&6; }
 if test ${ac_cv_lib_dl_dlopen+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  ac_check_lib_save_LIBS=$LIBS
+else case e in #(
+  e) ac_check_lib_save_LIBS=$LIBS
 LIBS="-ldl  $LIBS"
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-char dlopen ();
+   builtin and then its argument prototype would still apply.
+   The 'extern "C"' is for builds by C++ compilers;
+   although this is not generally supported in C code supporting it here
+   has little cost and some practical benefit (sr 110532).  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dlopen (void);
 int
 main (void)
 {
@@ -15201,34 +15457,42 @@ _ACEOF
 if ac_fn_c_try_link "$LINENO"
 then :
   ac_cv_lib_dl_dlopen=yes
-else $as_nop
-  ac_cv_lib_dl_dlopen=no
+else case e in #(
+  e) ac_cv_lib_dl_dlopen=no ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
+LIBS=$ac_check_lib_save_LIBS ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
 printf "%s\n" "$ac_cv_lib_dl_dlopen" >&6; }
 if test "x$ac_cv_lib_dl_dlopen" = xyes
 then :
   lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl
-else $as_nop
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5
+else case e in #(
+  e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5
 printf %s "checking for dlopen in -lsvld... " >&6; }
 if test ${ac_cv_lib_svld_dlopen+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  ac_check_lib_save_LIBS=$LIBS
+else case e in #(
+  e) ac_check_lib_save_LIBS=$LIBS
 LIBS="-lsvld  $LIBS"
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-char dlopen ();
+   builtin and then its argument prototype would still apply.
+   The 'extern "C"' is for builds by C++ compilers;
+   although this is not generally supported in C code supporting it here
+   has little cost and some practical benefit (sr 110532).  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dlopen (void);
 int
 main (void)
 {
@@ -15240,34 +15504,42 @@ _ACEOF
 if ac_fn_c_try_link "$LINENO"
 then :
   ac_cv_lib_svld_dlopen=yes
-else $as_nop
-  ac_cv_lib_svld_dlopen=no
+else case e in #(
+  e) ac_cv_lib_svld_dlopen=no ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
+LIBS=$ac_check_lib_save_LIBS ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_svld_dlopen" >&5
 printf "%s\n" "$ac_cv_lib_svld_dlopen" >&6; }
 if test "x$ac_cv_lib_svld_dlopen" = xyes
 then :
   lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-lsvld
-else $as_nop
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5
+else case e in #(
+  e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5
 printf %s "checking for dld_link in -ldld... " >&6; }
 if test ${ac_cv_lib_dld_dld_link+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  ac_check_lib_save_LIBS=$LIBS
+else case e in #(
+  e) ac_check_lib_save_LIBS=$LIBS
 LIBS="-ldld  $LIBS"
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-char dld_link ();
+   builtin and then its argument prototype would still apply.
+   The 'extern "C"' is for builds by C++ compilers;
+   although this is not generally supported in C code supporting it here
+   has little cost and some practical benefit (sr 110532).  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dld_link (void);
 int
 main (void)
 {
@@ -15279,12 +15551,14 @@ _ACEOF
 if ac_fn_c_try_link "$LINENO"
 then :
   ac_cv_lib_dld_dld_link=yes
-else $as_nop
-  ac_cv_lib_dld_dld_link=no
+else case e in #(
+  e) ac_cv_lib_dld_dld_link=no ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
+LIBS=$ac_check_lib_save_LIBS ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_dld_link" >&5
 printf "%s\n" "$ac_cv_lib_dld_dld_link" >&6; }
@@ -15293,19 +15567,24 @@ then :
   lt_cv_dlopen=dld_link lt_cv_dlopen_libs=-ldld
 fi
 
-
+	       ;;
+esac
 fi
 
-
+	     ;;
+esac
 fi
 
-
+	   ;;
+esac
 fi
 
-
+	 ;;
+esac
 fi
 
-
+       ;;
+esac
 fi
 
     ;;
@@ -15333,8 +15612,8 @@ printf %s "checking whether a program can dlopen itself... " >&6; }
 if test ${lt_cv_dlopen_self+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  	  if test yes = "$cross_compiling"; then :
+else case e in #(
+  e) 	  if test yes = "$cross_compiling"; then :
   lt_cv_dlopen_self=cross
 else
   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
@@ -15428,7 +15707,8 @@ _LT_EOF
 fi
 rm -fr conftest*
 
-
+     ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self" >&5
 printf "%s\n" "$lt_cv_dlopen_self" >&6; }
@@ -15440,8 +15720,8 @@ printf %s "checking whether a statically linked program can dlopen itself... " >
 if test ${lt_cv_dlopen_self_static+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  	  if test yes = "$cross_compiling"; then :
+else case e in #(
+  e) 	  if test yes = "$cross_compiling"; then :
   lt_cv_dlopen_self_static=cross
 else
   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
@@ -15535,7 +15815,8 @@ _LT_EOF
 fi
 rm -fr conftest*
 
-
+       ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self_static" >&5
 printf "%s\n" "$lt_cv_dlopen_self_static" >&6; }
@@ -15710,8 +15991,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_path_PKG_CONFIG+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  case $PKG_CONFIG in
+else case e in #(
+  e) case $PKG_CONFIG in
   [\\/]* | ?:[\\/]*)
   ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path.
   ;;
@@ -15736,6 +16017,7 @@ done
 IFS=$as_save_IFS
 
   ;;
+esac ;;
 esac
 fi
 PKG_CONFIG=$ac_cv_path_PKG_CONFIG
@@ -15758,8 +16040,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_path_ac_pt_PKG_CONFIG+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  case $ac_pt_PKG_CONFIG in
+else case e in #(
+  e) case $ac_pt_PKG_CONFIG in
   [\\/]* | ?:[\\/]*)
   ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path.
   ;;
@@ -15784,6 +16066,7 @@ done
 IFS=$as_save_IFS
 
   ;;
+esac ;;
 esac
 fi
 ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG
@@ -16115,265 +16398,132 @@ ac_fn_c_check_type "$LINENO" "int8_t" "ac_cv_type_int8_t" "$ac_includes_default"
 if test "x$ac_cv_type_int8_t" = xyes
 then :
 
-else $as_nop
-
+else case e in #(
+  e)
 printf "%s\n" "#define int8_t signed char" >>confdefs.h
-
+ ;;
+esac
 fi
 
 ac_fn_c_check_type "$LINENO" "int16_t" "ac_cv_type_int16_t" "$ac_includes_default"
 if test "x$ac_cv_type_int16_t" = xyes
 then :
 
-else $as_nop
-
+else case e in #(
+  e)
 printf "%s\n" "#define int16_t short" >>confdefs.h
-
+ ;;
+esac
 fi
 
 ac_fn_c_check_type "$LINENO" "int32_t" "ac_cv_type_int32_t" "$ac_includes_default"
 if test "x$ac_cv_type_int32_t" = xyes
 then :
 
-else $as_nop
-
+else case e in #(
+  e)
 printf "%s\n" "#define int32_t int" >>confdefs.h
-
+ ;;
+esac
 fi
 
 ac_fn_c_check_type "$LINENO" "int64_t" "ac_cv_type_int64_t" "$ac_includes_default"
 if test "x$ac_cv_type_int64_t" = xyes
 then :
 
-else $as_nop
-
+else case e in #(
+  e)
 printf "%s\n" "#define int64_t long long" >>confdefs.h
-
+ ;;
+esac
 fi
 
 ac_fn_c_check_type "$LINENO" "uint8_t" "ac_cv_type_uint8_t" "$ac_includes_default"
 if test "x$ac_cv_type_uint8_t" = xyes
 then :
 
-else $as_nop
-
+else case e in #(
+  e)
 printf "%s\n" "#define uint8_t unsigned char" >>confdefs.h
-
+ ;;
+esac
 fi
 
 ac_fn_c_check_type "$LINENO" "uint16_t" "ac_cv_type_uint16_t" "$ac_includes_default"
 if test "x$ac_cv_type_uint16_t" = xyes
 then :
 
-else $as_nop
-
+else case e in #(
+  e)
 printf "%s\n" "#define uint16_t unsigned short" >>confdefs.h
-
+ ;;
+esac
 fi
 
 ac_fn_c_check_type "$LINENO" "uint32_t" "ac_cv_type_uint32_t" "$ac_includes_default"
 if test "x$ac_cv_type_uint32_t" = xyes
 then :
 
-else $as_nop
-
+else case e in #(
+  e)
 printf "%s\n" "#define uint32_t unsigned int" >>confdefs.h
-
+ ;;
+esac
 fi
 
 ac_fn_c_check_type "$LINENO" "uint64_t" "ac_cv_type_uint64_t" "$ac_includes_default"
 if test "x$ac_cv_type_uint64_t" = xyes
 then :
 
-else $as_nop
-
+else case e in #(
+  e)
 printf "%s\n" "#define uint64_t unsigned long long" >>confdefs.h
-
+ ;;
+esac
 fi
 
 ac_fn_c_check_type "$LINENO" "size_t" "ac_cv_type_size_t" "$ac_includes_default"
 if test "x$ac_cv_type_size_t" = xyes
 then :
 
-else $as_nop
-
+else case e in #(
+  e)
 printf "%s\n" "#define size_t unsigned int" >>confdefs.h
-
+ ;;
+esac
 fi
 
 ac_fn_c_check_type "$LINENO" "ssize_t" "ac_cv_type_ssize_t" "$ac_includes_default"
 if test "x$ac_cv_type_ssize_t" = xyes
 then :
 
-else $as_nop
-
+else case e in #(
+  e)
 printf "%s\n" "#define ssize_t int" >>confdefs.h
-
-fi
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5
-printf %s "checking how to run the C preprocessor... " >&6; }
-# On Suns, sometimes $CPP names a directory.
-if test -n "$CPP" && test -d "$CPP"; then
-  CPP=
-fi
-if test -z "$CPP"; then
-  if test ${ac_cv_prog_CPP+y}
-then :
-  printf %s "(cached) " >&6
-else $as_nop
-      # Double quotes because $CC needs to be expanded
-    for CPP in "$CC -E" "$CC -E -traditional-cpp" cpp /lib/cpp
-    do
-      ac_preproc_ok=false
-for ac_c_preproc_warn_flag in '' yes
-do
-  # Use a header file that comes with gcc, so configuring glibc
-  # with a fresh cross-compiler works.
-  # On the NeXT, cc -E runs the code through the compiler's parser,
-  # not just through cpp. "Syntax error" is here to catch this case.
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-#include <limits.h>
-		     Syntax error
-_ACEOF
-if ac_fn_c_try_cpp "$LINENO"
-then :
-
-else $as_nop
-  # Broken: fails on valid input.
-continue
-fi
-rm -f conftest.err conftest.i conftest.$ac_ext
-
-  # OK, works on sane cases.  Now check whether nonexistent headers
-  # can be detected and how.
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-#include <ac_nonexistent.h>
-_ACEOF
-if ac_fn_c_try_cpp "$LINENO"
-then :
-  # Broken: success on invalid input.
-continue
-else $as_nop
-  # Passes both tests.
-ac_preproc_ok=:
-break
-fi
-rm -f conftest.err conftest.i conftest.$ac_ext
-
-done
-# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
-rm -f conftest.i conftest.err conftest.$ac_ext
-if $ac_preproc_ok
-then :
-  break
-fi
-
-    done
-    ac_cv_prog_CPP=$CPP
-
-fi
-  CPP=$ac_cv_prog_CPP
-else
-  ac_cv_prog_CPP=$CPP
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5
-printf "%s\n" "$CPP" >&6; }
-ac_preproc_ok=false
-for ac_c_preproc_warn_flag in '' yes
-do
-  # Use a header file that comes with gcc, so configuring glibc
-  # with a fresh cross-compiler works.
-  # On the NeXT, cc -E runs the code through the compiler's parser,
-  # not just through cpp. "Syntax error" is here to catch this case.
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-#include <limits.h>
-		     Syntax error
-_ACEOF
-if ac_fn_c_try_cpp "$LINENO"
-then :
-
-else $as_nop
-  # Broken: fails on valid input.
-continue
-fi
-rm -f conftest.err conftest.i conftest.$ac_ext
-
-  # OK, works on sane cases.  Now check whether nonexistent headers
-  # can be detected and how.
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-#include <ac_nonexistent.h>
-_ACEOF
-if ac_fn_c_try_cpp "$LINENO"
-then :
-  # Broken: success on invalid input.
-continue
-else $as_nop
-  # Passes both tests.
-ac_preproc_ok=:
-break
+ ;;
+esac
 fi
-rm -f conftest.err conftest.i conftest.$ac_ext
 
-done
-# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
-rm -f conftest.i conftest.err conftest.$ac_ext
-if $ac_preproc_ok
+ac_fn_c_check_type "$LINENO" "uid_t" "ac_cv_type_uid_t" "$ac_includes_default"
+if test "x$ac_cv_type_uid_t" = xyes
 then :
 
-else $as_nop
-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "C preprocessor \"$CPP\" fails sanity check
-See \`config.log' for more details" "$LINENO" 5; }
+else case e in #(
+  e)
+printf "%s\n" "#define uid_t int" >>confdefs.h
+ ;;
+esac
 fi
 
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for uid_t in sys/types.h" >&5
-printf %s "checking for uid_t in sys/types.h... " >&6; }
-if test ${ac_cv_type_uid_t+y}
-then :
-  printf %s "(cached) " >&6
-else $as_nop
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-#include <sys/types.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  $EGREP "uid_t" >/dev/null 2>&1
+ac_fn_c_check_type "$LINENO" "gid_t" "ac_cv_type_gid_t" "$ac_includes_default"
+if test "x$ac_cv_type_gid_t" = xyes
 then :
-  ac_cv_type_uid_t=yes
-else $as_nop
-  ac_cv_type_uid_t=no
-fi
-rm -rf conftest*
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_uid_t" >&5
-printf "%s\n" "$ac_cv_type_uid_t" >&6; }
-if test $ac_cv_type_uid_t = no; then
-
-printf "%s\n" "#define uid_t int" >>confdefs.h
-
 
+else case e in #(
+  e)
 printf "%s\n" "#define gid_t int" >>confdefs.h
-
+ ;;
+esac
 fi
 
 
@@ -16382,8 +16532,8 @@ fi
 if test "x$ac_cv_type_pid_t" = xyes
 then :
 
-else $as_nop
-                                          cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else case e in #(
+  e)                                         cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
           #if defined _WIN64 && !defined __CYGWIN__
@@ -16402,14 +16552,16 @@ _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
   ac_pid_type='int'
-else $as_nop
-  ac_pid_type='__int64'
+else case e in #(
+  e) ac_pid_type='__int64' ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
 
 printf "%s\n" "#define pid_t $ac_pid_type" >>confdefs.h
 
-
+     ;;
+esac
 fi
 
 
@@ -16417,10 +16569,11 @@ ac_fn_c_check_type "$LINENO" "off_t" "ac_cv_type_off_t" "$ac_includes_default"
 if test "x$ac_cv_type_off_t" = xyes
 then :
 
-else $as_nop
-
+else case e in #(
+  e)
 printf "%s\n" "#define off_t long int" >>confdefs.h
-
+ ;;
+esac
 fi
 
 ac_fn_c_check_type "$LINENO" "u_char" "ac_cv_type_u_char" "
@@ -16433,10 +16586,11 @@ $ac_includes_default
 if test "x$ac_cv_type_u_char" = xyes
 then :
 
-else $as_nop
-
+else case e in #(
+  e)
 printf "%s\n" "#define u_char unsigned char" >>confdefs.h
-
+ ;;
+esac
 fi
 
 ac_fn_c_check_type "$LINENO" "rlim_t" "ac_cv_type_rlim_t" "
@@ -16449,10 +16603,11 @@ $ac_includes_default
 if test "x$ac_cv_type_rlim_t" = xyes
 then :
 
-else $as_nop
-
+else case e in #(
+  e)
 printf "%s\n" "#define rlim_t unsigned long" >>confdefs.h
-
+ ;;
+esac
 fi
 
 
@@ -16469,10 +16624,11 @@ $ac_includes_default
 if test "x$ac_cv_type_socklen_t" = xyes
 then :
 
-else $as_nop
-
+else case e in #(
+  e)
 printf "%s\n" "#define socklen_t int" >>confdefs.h
-
+ ;;
+esac
 fi
 
  ac_fn_c_check_type "$LINENO" "in_addr_t" "ac_cv_type_in_addr_t" "
@@ -16488,10 +16644,11 @@ $ac_includes_default
 if test "x$ac_cv_type_in_addr_t" = xyes
 then :
 
-else $as_nop
-
+else case e in #(
+  e)
 printf "%s\n" "#define in_addr_t uint32_t" >>confdefs.h
-
+ ;;
+esac
 fi
 
  ac_fn_c_check_type "$LINENO" "in_port_t" "ac_cv_type_in_port_t" "
@@ -16507,10 +16664,11 @@ $ac_includes_default
 if test "x$ac_cv_type_in_port_t" = xyes
 then :
 
-else $as_nop
-
+else case e in #(
+  e)
 printf "%s\n" "#define in_port_t uint16_t" >>confdefs.h
-
+ ;;
+esac
 fi
 
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if memcmp compares unsigned" >&5
@@ -16529,8 +16687,8 @@ printf "%s\n" "#define MEMCMP_IS_BROKEN 1" >>confdefs.h
 esac
 
 
-else $as_nop
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else case e in #(
+  e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 #include <stdio.h>
@@ -16549,8 +16707,8 @@ if ac_fn_c_try_run "$LINENO"
 then :
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
 printf "%s\n" "yes" >&6; }
-else $as_nop
-   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+else case e in #(
+  e)  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
 
 printf "%s\n" "#define MEMCMP_IS_BROKEN 1" >>confdefs.h
@@ -16561,24 +16719,26 @@ printf "%s\n" "#define MEMCMP_IS_BROKEN 1" >>confdefs.h
  ;;
 esac
 
-
+ ;;
+esac
 fi
 rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
-  conftest.$ac_objext conftest.beam conftest.$ac_ext
+  conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
+esac
 fi
 
 
 # The cast to long int works around a bug in the HP C Compiler
 # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
-# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# declarations like 'int a3[[(sizeof (unsigned char)) >= 0]];'.
 # This bug is HP SR number 8606223364.
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking size of time_t" >&5
 printf %s "checking size of time_t... " >&6; }
 if test ${ac_cv_sizeof_time_t+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (time_t))" "ac_cv_sizeof_time_t"        "
+else case e in #(
+  e) if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (time_t))" "ac_cv_sizeof_time_t"        "
 $ac_includes_default
 #ifdef TIME_WITH_SYS_TIME
 # include <sys/time.h>
@@ -16594,17 +16754,19 @@ $ac_includes_default
 "
 then :
 
-else $as_nop
-  if test "$ac_cv_type_time_t" = yes; then
-     { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+else case e in #(
+  e) if test "$ac_cv_type_time_t" = yes; then
+     { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;}
 as_fn_error 77 "cannot compute sizeof (time_t)
-See \`config.log' for more details" "$LINENO" 5; }
+See 'config.log' for more details" "$LINENO" 5; }
    else
      ac_cv_sizeof_time_t=0
-   fi
+   fi ;;
+esac
 fi
-
+ ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_time_t" >&5
 printf "%s\n" "$ac_cv_sizeof_time_t" >&6; }
@@ -16616,28 +16778,30 @@ printf "%s\n" "#define SIZEOF_TIME_T $ac_cv_sizeof_time_t" >>confdefs.h
 
 # The cast to long int works around a bug in the HP C Compiler
 # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
-# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# declarations like 'int a3[[(sizeof (unsigned char)) >= 0]];'.
 # This bug is HP SR number 8606223364.
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking size of size_t" >&5
 printf %s "checking size of size_t... " >&6; }
 if test ${ac_cv_sizeof_size_t+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (size_t))" "ac_cv_sizeof_size_t"        "$ac_includes_default"
+else case e in #(
+  e) if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (size_t))" "ac_cv_sizeof_size_t"        "$ac_includes_default"
 then :
 
-else $as_nop
-  if test "$ac_cv_type_size_t" = yes; then
-     { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+else case e in #(
+  e) if test "$ac_cv_type_size_t" = yes; then
+     { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;}
 as_fn_error 77 "cannot compute sizeof (size_t)
-See \`config.log' for more details" "$LINENO" 5; }
+See 'config.log' for more details" "$LINENO" 5; }
    else
      ac_cv_sizeof_size_t=0
-   fi
+   fi ;;
+esac
 fi
-
+ ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_size_t" >&5
 printf "%s\n" "$ac_cv_sizeof_size_t" >&6; }
@@ -16654,8 +16818,9 @@ printf "%s\n" "#define SIZEOF_SIZE_T $ac_cv_sizeof_size_t" >>confdefs.h
 if test ${enable_rpath+y}
 then :
   enableval=$enable_rpath; enable_rpath=$enableval
-else $as_nop
-  enable_rpath=yes
+else case e in #(
+  e) enable_rpath=yes ;;
+esac
 fi
 
 if test "x$enable_rpath" = xno; then
@@ -16671,15 +16836,21 @@ printf %s "checking for library containing inet_pton... " >&6; }
 if test ${ac_cv_search_inet_pton+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  ac_func_search_save_LIBS=$LIBS
+else case e in #(
+  e) ac_func_search_save_LIBS=$LIBS
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-char inet_pton ();
+   builtin and then its argument prototype would still apply.
+   The 'extern "C"' is for builds by C++ compilers;
+   although this is not generally supported in C code supporting it here
+   has little cost and some practical benefit (sr 110532).  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char inet_pton (void);
 int
 main (void)
 {
@@ -16710,11 +16881,13 @@ done
 if test ${ac_cv_search_inet_pton+y}
 then :
 
-else $as_nop
-  ac_cv_search_inet_pton=no
+else case e in #(
+  e) ac_cv_search_inet_pton=no ;;
+esac
 fi
 rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
+LIBS=$ac_func_search_save_LIBS ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_inet_pton" >&5
 printf "%s\n" "$ac_cv_search_inet_pton" >&6; }
@@ -16730,15 +16903,21 @@ printf %s "checking for library containing socket... " >&6; }
 if test ${ac_cv_search_socket+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  ac_func_search_save_LIBS=$LIBS
+else case e in #(
+  e) ac_func_search_save_LIBS=$LIBS
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-char socket ();
+   builtin and then its argument prototype would still apply.
+   The 'extern "C"' is for builds by C++ compilers;
+   although this is not generally supported in C code supporting it here
+   has little cost and some practical benefit (sr 110532).  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char socket (void);
 int
 main (void)
 {
@@ -16769,11 +16948,13 @@ done
 if test ${ac_cv_search_socket+y}
 then :
 
-else $as_nop
-  ac_cv_search_socket=no
+else case e in #(
+  e) ac_cv_search_socket=no ;;
+esac
 fi
 rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
+LIBS=$ac_func_search_save_LIBS ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_socket" >&5
 printf "%s\n" "$ac_cv_search_socket" >&6; }
@@ -16793,8 +16974,8 @@ printf %s "checking for working chown... " >&6; }
 if test ${ac_cv_func_chown_works+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test "$cross_compiling" = yes
+else case e in #(
+  e) if test "$cross_compiling" = yes
 then :
   case "$host_os" in # ((
 			  # Guess yes on glibc systems.
@@ -16802,8 +16983,8 @@ then :
 			  # If we don't know, assume the worst.
 		  *)      ac_cv_func_chown_works=no ;;
 		esac
-else $as_nop
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else case e in #(
+  e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 $ac_includes_default
 #include <fcntl.h>
@@ -16831,15 +17012,18 @@ _ACEOF
 if ac_fn_c_try_run "$LINENO"
 then :
   ac_cv_func_chown_works=yes
-else $as_nop
-  ac_cv_func_chown_works=no
+else case e in #(
+  e) ac_cv_func_chown_works=no ;;
+esac
 fi
 rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
-  conftest.$ac_objext conftest.beam conftest.$ac_ext
+  conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
+esac
 fi
 
 rm -f conftest.chown
-
+ ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_chown_works" >&5
 printf "%s\n" "$ac_cv_func_chown_works" >&6; }
@@ -16872,19 +17056,19 @@ printf %s "checking for working fork... " >&6; }
 if test ${ac_cv_func_fork_works+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test "$cross_compiling" = yes
+else case e in #(
+  e) if test "$cross_compiling" = yes
 then :
   ac_cv_func_fork_works=cross
-else $as_nop
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else case e in #(
+  e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 $ac_includes_default
 int
 main (void)
 {
 
-	  /* By Ruediger Kuhlmann. */
+	  /* By R. Kuhlmann. */
 	  return fork () < 0;
 
   ;
@@ -16894,13 +17078,16 @@ _ACEOF
 if ac_fn_c_try_run "$LINENO"
 then :
   ac_cv_func_fork_works=yes
-else $as_nop
-  ac_cv_func_fork_works=no
+else case e in #(
+  e) ac_cv_func_fork_works=no ;;
+esac
 fi
 rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
-  conftest.$ac_objext conftest.beam conftest.$ac_ext
+  conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
+esac
 fi
-
+ ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_fork_works" >&5
 printf "%s\n" "$ac_cv_func_fork_works" >&6; }
@@ -16928,12 +17115,12 @@ printf %s "checking for working vfork... " >&6; }
 if test ${ac_cv_func_vfork_works+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test "$cross_compiling" = yes
+else case e in #(
+  e) if test "$cross_compiling" = yes
 then :
   ac_cv_func_vfork_works=cross
-else $as_nop
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else case e in #(
+  e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 /* Thanks to Paul Eggert for this test.  */
 $ac_includes_default
@@ -17044,13 +17231,16 @@ _ACEOF
 if ac_fn_c_try_run "$LINENO"
 then :
   ac_cv_func_vfork_works=yes
-else $as_nop
-  ac_cv_func_vfork_works=no
+else case e in #(
+  e) ac_cv_func_vfork_works=no ;;
+esac
 fi
 rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
-  conftest.$ac_objext conftest.beam conftest.$ac_ext
+  conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
+esac
 fi
-
+ ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_vfork_works" >&5
 printf "%s\n" "$ac_cv_func_vfork_works" >&6; }
@@ -17080,74 +17270,99 @@ fi
 
 printf "%s\n" "#define RETSIGTYPE void" >>confdefs.h
 
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for _LARGEFILE_SOURCE value needed for large files" >&5
-printf %s "checking for _LARGEFILE_SOURCE value needed for large files... " >&6; }
-if test ${ac_cv_sys_largefile_source+y}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for declarations of fseeko and ftello" >&5
+printf %s "checking for declarations of fseeko and ftello... " >&6; }
+if test ${ac_cv_func_fseeko_ftello+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  while :; do
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else case e in #(
+  e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
+
+#if defined __hpux && !defined _LARGEFILE_SOURCE
+# include <limits.h>
+# if LONG_MAX >> 31 == 0
+#  error "32-bit HP-UX 11/ia64 needs _LARGEFILE_SOURCE for fseeko in C++"
+# endif
+#endif
 #include <sys/types.h> /* for off_t */
-     #include <stdio.h>
+#include <stdio.h>
+
 int
 main (void)
 {
-int (*fp) (FILE *, off_t, int) = fseeko;
-     return fseeko (stdin, 0, 0) && fp (stdin, 0, 0);
+
+  int (*fp1) (FILE *, off_t, int) = fseeko;
+  off_t (*fp2) (FILE *) = ftello;
+  return fseeko (stdin, 0, 0)
+      && fp1 (stdin, 0, 0)
+      && ftello (stdin) >= 0
+      && fp2 (stdin) >= 0;
+
   ;
   return 0;
 }
 _ACEOF
-if ac_fn_c_try_link "$LINENO"
+if ac_fn_c_try_compile "$LINENO"
 then :
-  ac_cv_sys_largefile_source=no; break
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
-    conftest$ac_exeext conftest.$ac_ext
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+  ac_cv_func_fseeko_ftello=yes
+else case e in #(
+  e) ac_save_CPPFLAGS="$CPPFLAGS"
+    CPPFLAGS="$CPPFLAGS -D_LARGEFILE_SOURCE=1"
+    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
-#define _LARGEFILE_SOURCE 1
+
+#if defined __hpux && !defined _LARGEFILE_SOURCE
+# include <limits.h>
+# if LONG_MAX >> 31 == 0
+#  error "32-bit HP-UX 11/ia64 needs _LARGEFILE_SOURCE for fseeko in C++"
+# endif
+#endif
 #include <sys/types.h> /* for off_t */
-     #include <stdio.h>
+#include <stdio.h>
+
 int
 main (void)
 {
-int (*fp) (FILE *, off_t, int) = fseeko;
-     return fseeko (stdin, 0, 0) && fp (stdin, 0, 0);
+
+  int (*fp1) (FILE *, off_t, int) = fseeko;
+  off_t (*fp2) (FILE *) = ftello;
+  return fseeko (stdin, 0, 0)
+      && fp1 (stdin, 0, 0)
+      && ftello (stdin) >= 0
+      && fp2 (stdin) >= 0;
+
   ;
   return 0;
 }
 _ACEOF
-if ac_fn_c_try_link "$LINENO"
+if ac_fn_c_try_compile "$LINENO"
 then :
-  ac_cv_sys_largefile_source=1; break
+  ac_cv_func_fseeko_ftello="need _LARGEFILE_SOURCE"
+else case e in #(
+  e) ac_cv_func_fseeko_ftello=no ;;
+esac
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
-    conftest$ac_exeext conftest.$ac_ext
-  ac_cv_sys_largefile_source=unknown
-  break
-done
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
+esac
 fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_source" >&5
-printf "%s\n" "$ac_cv_sys_largefile_source" >&6; }
-case $ac_cv_sys_largefile_source in #(
-  no | unknown) ;;
-  *)
-printf "%s\n" "#define _LARGEFILE_SOURCE $ac_cv_sys_largefile_source" >>confdefs.h
-;;
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
 esac
-rm -rf conftest*
-
-# We used to try defining _XOPEN_SOURCE=500 too, to work around a bug
-# in glibc 2.1.3, but that breaks too many other things.
-# If you want fseeko and ftello with glibc, upgrade to a fixed glibc.
-if test $ac_cv_sys_largefile_source != unknown; then
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_fseeko_ftello" >&5
+printf "%s\n" "$ac_cv_func_fseeko_ftello" >&6; }
+if test "$ac_cv_func_fseeko_ftello" != no
+then :
 
 printf "%s\n" "#define HAVE_FSEEKO 1" >>confdefs.h
 
 fi
+if test "$ac_cv_func_fseeko_ftello" = "need _LARGEFILE_SOURCE"
+then :
+
+printf "%s\n" "#define _LARGEFILE_SOURCE 1" >>confdefs.h
+
+fi
 
 
 # Check whether --enable-largefile was given.
@@ -17155,31 +17370,34 @@ if test ${enable_largefile+y}
 then :
   enableval=$enable_largefile;
 fi
-
-if test "$enable_largefile" != no; then
-
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for special C compiler options needed for large files" >&5
-printf %s "checking for special C compiler options needed for large files... " >&6; }
-if test ${ac_cv_sys_largefile_CC+y}
+if test "$enable_largefile,$enable_year2038" != no,no
+then :
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable large file support" >&5
+printf %s "checking for $CC option to enable large file support... " >&6; }
+if test ${ac_cv_sys_largefile_opts+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  ac_cv_sys_largefile_CC=no
-     if test "$GCC" != yes; then
-       ac_save_CC=$CC
-       while :; do
-	 # IRIX 6.2 and later do not support large files by default,
-	 # so use the C compiler's -n32 option if that helps.
-	 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else case e in #(
+  e) ac_save_CC="$CC"
+  ac_opt_found=no
+  for ac_opt in "none needed" "-D_FILE_OFFSET_BITS=64" "-D_LARGE_FILES=1" "-n32"; do
+    if test x"$ac_opt" != x"none needed"
+then :
+  CC="$ac_save_CC $ac_opt"
+fi
+    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 #include <sys/types.h>
- /* Check that off_t can represent 2**63 - 1 correctly.
-    We can't simply define LARGE_OFF_T to be 9223372036854775807,
+#ifndef FTYPE
+# define FTYPE off_t
+#endif
+ /* Check that FTYPE can represent 2**63 - 1 correctly.
+    We can't simply define LARGE_FTYPE to be 9223372036854775807,
     since some C++ compilers masquerading as C compilers
     incorrectly reject 9223372036854775807.  */
-#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31))
-  int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
-		       && LARGE_OFF_T % 2147483647 == 1)
+#define LARGE_FTYPE (((FTYPE) 1 << 31 << 31) - 1 + ((FTYPE) 1 << 31 << 31))
+  int FTYPE_is_large[(LARGE_FTYPE % 2147483629 == 721
+		       && LARGE_FTYPE % 2147483647 == 1)
 		      ? 1 : -1];
 int
 main (void)
@@ -17189,142 +17407,88 @@ main (void)
   return 0;
 }
 _ACEOF
-	 if ac_fn_c_try_compile "$LINENO"
+if ac_fn_c_try_compile "$LINENO"
 then :
-  break
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam
-	 CC="$CC -n32"
+  if test x"$ac_opt" = x"none needed"
+then :
+  # GNU/Linux s390x and alpha need _FILE_OFFSET_BITS=64 for wide ino_t.
+	 CC="$CC -DFTYPE=ino_t"
 	 if ac_fn_c_try_compile "$LINENO"
 then :
-  ac_cv_sys_largefile_CC=' -n32'; break
+
+else case e in #(
+  e) CC="$CC -D_FILE_OFFSET_BITS=64"
+	    if ac_fn_c_try_compile "$LINENO"
+then :
+  ac_opt='-D_FILE_OFFSET_BITS=64'
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam
-	 break
-       done
-       CC=$ac_save_CC
-       rm -f conftest.$ac_ext
-    fi
 fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_CC" >&5
-printf "%s\n" "$ac_cv_sys_largefile_CC" >&6; }
-  if test "$ac_cv_sys_largefile_CC" != no; then
-    CC=$CC$ac_cv_sys_largefile_CC
-  fi
-
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for _FILE_OFFSET_BITS value needed for large files" >&5
-printf %s "checking for _FILE_OFFSET_BITS value needed for large files... " >&6; }
-if test ${ac_cv_sys_file_offset_bits+y}
-then :
-  printf %s "(cached) " >&6
-else $as_nop
-  while :; do
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-#include <sys/types.h>
- /* Check that off_t can represent 2**63 - 1 correctly.
-    We can't simply define LARGE_OFF_T to be 9223372036854775807,
-    since some C++ compilers masquerading as C compilers
-    incorrectly reject 9223372036854775807.  */
-#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31))
-  int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
-		       && LARGE_OFF_T % 2147483647 == 1)
-		      ? 1 : -1];
-int
-main (void)
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
-  ac_cv_sys_file_offset_bits=no; break
+      ac_cv_sys_largefile_opts=$ac_opt
+      ac_opt_found=yes
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-#define _FILE_OFFSET_BITS 64
-#include <sys/types.h>
- /* Check that off_t can represent 2**63 - 1 correctly.
-    We can't simply define LARGE_OFF_T to be 9223372036854775807,
-    since some C++ compilers masquerading as C compilers
-    incorrectly reject 9223372036854775807.  */
-#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31))
-  int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
-		       && LARGE_OFF_T % 2147483647 == 1)
-		      ? 1 : -1];
-int
-main (void)
-{
+    test $ac_opt_found = no || break
+  done
+  CC="$ac_save_CC"
 
-  ;
-  return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
-  ac_cv_sys_file_offset_bits=64; break
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-  ac_cv_sys_file_offset_bits=unknown
-  break
-done
+  test $ac_opt_found = yes || ac_cv_sys_largefile_opts="support not detected" ;;
+esac
 fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_file_offset_bits" >&5
-printf "%s\n" "$ac_cv_sys_file_offset_bits" >&6; }
-case $ac_cv_sys_file_offset_bits in #(
-  no | unknown) ;;
-  *)
-printf "%s\n" "#define _FILE_OFFSET_BITS $ac_cv_sys_file_offset_bits" >>confdefs.h
-;;
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_opts" >&5
+printf "%s\n" "$ac_cv_sys_largefile_opts" >&6; }
+
+ac_have_largefile=yes
+case $ac_cv_sys_largefile_opts in #(
+  "none needed") :
+     ;; #(
+  "supported through gnulib") :
+     ;; #(
+  "support not detected") :
+    ac_have_largefile=no ;; #(
+  "-D_FILE_OFFSET_BITS=64") :
+
+printf "%s\n" "#define _FILE_OFFSET_BITS 64" >>confdefs.h
+ ;; #(
+  "-D_LARGE_FILES=1") :
+
+printf "%s\n" "#define _LARGE_FILES 1" >>confdefs.h
+ ;; #(
+  "-n32") :
+    CC="$CC -n32" ;; #(
+  *) :
+    as_fn_error $? "internal error: bad value for \$ac_cv_sys_largefile_opts" "$LINENO" 5 ;;
 esac
-rm -rf conftest*
-  if test $ac_cv_sys_file_offset_bits = unknown; then
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for _LARGE_FILES value needed for large files" >&5
-printf %s "checking for _LARGE_FILES value needed for large files... " >&6; }
-if test ${ac_cv_sys_large_files+y}
+
+if test "$enable_year2038" != no
+then :
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option for timestamps after 2038" >&5
+printf %s "checking for $CC option for timestamps after 2038... " >&6; }
+if test ${ac_cv_sys_year2038_opts+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  while :; do
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-#include <sys/types.h>
- /* Check that off_t can represent 2**63 - 1 correctly.
-    We can't simply define LARGE_OFF_T to be 9223372036854775807,
-    since some C++ compilers masquerading as C compilers
-    incorrectly reject 9223372036854775807.  */
-#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31))
-  int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
-		       && LARGE_OFF_T % 2147483647 == 1)
-		      ? 1 : -1];
-int
-main (void)
-{
-
-  ;
-  return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
+else case e in #(
+  e) ac_save_CPPFLAGS="$CPPFLAGS"
+  ac_opt_found=no
+  for ac_opt in "none needed" "-D_TIME_BITS=64" "-D__MINGW_USE_VC2005_COMPAT" "-U_USE_32_BIT_TIME_T -D__MINGW_USE_VC2005_COMPAT"; do
+    if test x"$ac_opt" != x"none needed"
 then :
-  ac_cv_sys_large_files=no; break
+  CPPFLAGS="$ac_save_CPPFLAGS $ac_opt"
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
-#define _LARGE_FILES 1
-#include <sys/types.h>
- /* Check that off_t can represent 2**63 - 1 correctly.
-    We can't simply define LARGE_OFF_T to be 9223372036854775807,
-    since some C++ compilers masquerading as C compilers
-    incorrectly reject 9223372036854775807.  */
-#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31))
-  int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
-		       && LARGE_OFF_T % 2147483647 == 1)
-		      ? 1 : -1];
+
+  #include <time.h>
+  /* Check that time_t can represent 2**32 - 1 correctly.  */
+  #define LARGE_TIME_T \\
+    ((time_t) (((time_t) 1 << 30) - 1 + 3 * ((time_t) 1 << 30)))
+  int verify_time_t_range[(LARGE_TIME_T / 65537 == 65535
+                           && LARGE_TIME_T % 65537 == 0)
+                          ? 1 : -1];
+
 int
 main (void)
 {
@@ -17335,25 +17499,47 @@ main (void)
 _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
-  ac_cv_sys_large_files=1; break
+  ac_cv_sys_year2038_opts="$ac_opt"
+      ac_opt_found=yes
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-  ac_cv_sys_large_files=unknown
-  break
-done
+    test $ac_opt_found = no || break
+  done
+  CPPFLAGS="$ac_save_CPPFLAGS"
+  test $ac_opt_found = yes || ac_cv_sys_year2038_opts="support not detected" ;;
+esac
 fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_large_files" >&5
-printf "%s\n" "$ac_cv_sys_large_files" >&6; }
-case $ac_cv_sys_large_files in #(
-  no | unknown) ;;
-  *)
-printf "%s\n" "#define _LARGE_FILES $ac_cv_sys_large_files" >>confdefs.h
-;;
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_year2038_opts" >&5
+printf "%s\n" "$ac_cv_sys_year2038_opts" >&6; }
+
+ac_have_year2038=yes
+case $ac_cv_sys_year2038_opts in #(
+  "none needed") :
+     ;; #(
+  "support not detected") :
+    ac_have_year2038=no ;; #(
+  "-D_TIME_BITS=64") :
+
+printf "%s\n" "#define _TIME_BITS 64" >>confdefs.h
+ ;; #(
+  "-D__MINGW_USE_VC2005_COMPAT") :
+
+printf "%s\n" "#define __MINGW_USE_VC2005_COMPAT 1" >>confdefs.h
+ ;; #(
+  "-U_USE_32_BIT_TIME_T"*) :
+    { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;}
+as_fn_error $? "the 'time_t' type is currently forced to be 32-bit. It
+will stop working after mid-January 2038. Remove
+_USE_32BIT_TIME_T from the compiler flags.
+See 'config.log' for more details" "$LINENO" 5; } ;; #(
+  *) :
+    as_fn_error $? "internal error: bad value for \$ac_cv_sys_year2038_opts" "$LINENO" 5 ;;
 esac
-rm -rf conftest*
-  fi
+
 fi
 
+fi
 
 
 
@@ -17363,8 +17549,8 @@ cache=_D_LARGEFILE_SOURCE_1
 if eval test \${cv_prog_cc_flag_needed_$cache+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-
+else case e in #(
+  e)
 echo '
 #include <stdio.h>
 int test(void) {
@@ -17390,7 +17576,8 @@ fi
 
 fi
 rm -f conftest conftest.c conftest.o
-
+ ;;
+esac
 fi
 
 if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = yes"; then
@@ -17434,8 +17621,8 @@ then :
 	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: crosscompile(yes)" >&5
 printf "%s\n" "crosscompile(yes)" >&6; }
 
-else $as_nop
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else case e in #(
+  e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 
@@ -17570,17 +17757,19 @@ then :
 	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
 printf "%s\n" "yes" >&6; }
 
-else $as_nop
-
+else case e in #(
+  e)
 	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
 
 printf "%s\n" "#define NONBLOCKING_IS_BROKEN 1" >>confdefs.h
 
-
+ ;;
+esac
 fi
 rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
-  conftest.$ac_objext conftest.beam conftest.$ac_ext
+  conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
+esac
 fi
 
 fi
@@ -17618,10 +17807,11 @@ printf "%s\n" "yes" >&6; }
 printf "%s\n" "#define MKDIR_HAS_ONE_ARG 1" >>confdefs.h
 
 
-else $as_nop
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+else case e in #(
+  e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
-
+ ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
 
@@ -17639,8 +17829,8 @@ if test c${cross_compiling} = cno; then
 if test "$cross_compiling" = yes
 then :
   eval "ac_cv_c_strptime_works=maybe"
-else $as_nop
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else case e in #(
+  e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 #define _XOPEN_SOURCE 600
@@ -17655,11 +17845,13 @@ _ACEOF
 if ac_fn_c_try_run "$LINENO"
 then :
   eval "ac_cv_c_strptime_works=yes"
-else $as_nop
-  eval "ac_cv_c_strptime_works=no"
+else case e in #(
+  e) eval "ac_cv_c_strptime_works=no" ;;
+esac
 fi
 rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
-  conftest.$ac_objext conftest.beam conftest.$ac_ext
+  conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
+esac
 fi
 
 else
@@ -17680,13 +17872,14 @@ printf "%s\n" "#define STRPTIME_WORKS 1" >>confdefs.h
 
 fi
 
-else $as_nop
-  case " $LIBOBJS " in
+else case e in #(
+  e) case " $LIBOBJS " in
   *" strptime.$ac_objext "* ) ;;
   *) LIBOBJS="$LIBOBJS strptime.$ac_objext"
  ;;
 esac
-
+ ;;
+esac
 fi
 
 done
@@ -17713,8 +17906,9 @@ fi
 if test ${enable_systemd+y}
 then :
   enableval=$enable_systemd;
-else $as_nop
-  enable_systemd=no
+else case e in #(
+  e) enable_systemd=no ;;
+esac
 fi
 
 have_systemd=no
@@ -17795,8 +17989,8 @@ See the pkg-config man page for more details." "$LINENO" 5
 elif test $pkg_failed = untried; then
      	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
-	{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+	{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;}
 as_fn_error $? "The pkg-config script could not be found or is too old.  Make sure it
 is in your PATH or set the PKG_CONFIG environment variable to the full
 path to pkg-config.
@@ -17806,7 +18000,7 @@ and SYSTEMD_LIBS to avoid the need to call pkg-config.
 See the pkg-config man page for more details.
 
 To get pkg-config, see <http://pkg-config.freedesktop.org/>.
-See \`config.log' for more details" "$LINENO" 5; }
+See 'config.log' for more details" "$LINENO" 5; }
 else
 	SYSTEMD_CFLAGS=$pkg_cv_SYSTEMD_CFLAGS
 	SYSTEMD_LIBS=$pkg_cv_SYSTEMD_LIBS
@@ -17890,8 +18084,8 @@ See the pkg-config man page for more details." "$LINENO" 5
 elif test $pkg_failed = untried; then
      	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
-	{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+	{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;}
 as_fn_error $? "The pkg-config script could not be found or is too old.  Make sure it
 is in your PATH or set the PKG_CONFIG environment variable to the full
 path to pkg-config.
@@ -17901,7 +18095,7 @@ and SYSTEMD_DAEMON_LIBS to avoid the need to call pkg-config.
 See the pkg-config man page for more details.
 
 To get pkg-config, see <http://pkg-config.freedesktop.org/>.
-See \`config.log' for more details" "$LINENO" 5; }
+See 'config.log' for more details" "$LINENO" 5; }
 else
 	SYSTEMD_DAEMON_CFLAGS=$pkg_cv_SYSTEMD_DAEMON_CFLAGS
 	SYSTEMD_DAEMON_LIBS=$pkg_cv_SYSTEMD_DAEMON_LIBS
@@ -17998,8 +18192,8 @@ esac
 
 printf "%s\n" "#define malloc rpl_malloc_unbound" >>confdefs.h
 
-else $as_nop
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else case e in #(
+  e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 #if defined STDC_HEADERS || defined HAVE_STDLIB_H
 #include <stdlib.h>
@@ -18029,15 +18223,17 @@ esac
 
 printf "%s\n" "#define malloc rpl_malloc_unbound" >>confdefs.h
 
-else $as_nop
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+else case e in #(
+  e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
 printf "%s\n" "yes" >&6; }
 
 printf "%s\n" "#define HAVE_MALLOC 1" >>confdefs.h
-
+ ;;
+esac
 fi
 rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
-  conftest.$ac_objext conftest.beam conftest.$ac_ext
+  conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
+esac
 fi
 
 
@@ -18082,10 +18278,11 @@ printf "%s\n" "yes" >&6; }
 printf "%s\n" "#define HAVE_WINDOWS_THREADS 1" >>confdefs.h
 
 
-else $as_nop
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+else case e in #(
+  e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
-
+ ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
 
@@ -18101,12 +18298,286 @@ else
 if test ${with_pthreads+y}
 then :
   withval=$with_pthreads;
-else $as_nop
-   withval="yes"
+else case e in #(
+  e)  withval="yes"  ;;
+esac
 fi
 
 ub_have_pthreads=no
 if test x_$withval != x_no; then
+	ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5
+printf %s "checking how to run the C preprocessor... " >&6; }
+# On Suns, sometimes $CPP names a directory.
+if test -n "$CPP" && test -d "$CPP"; then
+  CPP=
+fi
+if test -z "$CPP"; then
+  if test ${ac_cv_prog_CPP+y}
+then :
+  printf %s "(cached) " >&6
+else case e in #(
+  e)     # Double quotes because $CC needs to be expanded
+    for CPP in "$CC -E" "$CC -E -traditional-cpp" cpp /lib/cpp
+    do
+      ac_preproc_ok=false
+for ac_c_preproc_warn_flag in '' yes
+do
+  # Use a header file that comes with gcc, so configuring glibc
+  # with a fresh cross-compiler works.
+  # On the NeXT, cc -E runs the code through the compiler's parser,
+  # not just through cpp. "Syntax error" is here to catch this case.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <limits.h>
+		     Syntax error
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"
+then :
+
+else case e in #(
+  e) # Broken: fails on valid input.
+continue ;;
+esac
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+  # OK, works on sane cases.  Now check whether nonexistent headers
+  # can be detected and how.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <ac_nonexistent.h>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"
+then :
+  # Broken: success on invalid input.
+continue
+else case e in #(
+  e) # Passes both tests.
+ac_preproc_ok=:
+break ;;
+esac
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+done
+# Because of 'break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.i conftest.err conftest.$ac_ext
+if $ac_preproc_ok
+then :
+  break
+fi
+
+    done
+    ac_cv_prog_CPP=$CPP
+   ;;
+esac
+fi
+  CPP=$ac_cv_prog_CPP
+else
+  ac_cv_prog_CPP=$CPP
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5
+printf "%s\n" "$CPP" >&6; }
+ac_preproc_ok=false
+for ac_c_preproc_warn_flag in '' yes
+do
+  # Use a header file that comes with gcc, so configuring glibc
+  # with a fresh cross-compiler works.
+  # On the NeXT, cc -E runs the code through the compiler's parser,
+  # not just through cpp. "Syntax error" is here to catch this case.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <limits.h>
+		     Syntax error
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"
+then :
+
+else case e in #(
+  e) # Broken: fails on valid input.
+continue ;;
+esac
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+  # OK, works on sane cases.  Now check whether nonexistent headers
+  # can be detected and how.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <ac_nonexistent.h>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"
+then :
+  # Broken: success on invalid input.
+continue
+else case e in #(
+  e) # Passes both tests.
+ac_preproc_ok=:
+break ;;
+esac
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+done
+# Because of 'break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.i conftest.err conftest.$ac_ext
+if $ac_preproc_ok
+then :
+
+else case e in #(
+  e) { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;}
+as_fn_error $? "C preprocessor \"$CPP\" fails sanity check
+See 'config.log' for more details" "$LINENO" 5; } ;;
+esac
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for egrep -e" >&5
+printf %s "checking for egrep -e... " >&6; }
+if test ${ac_cv_path_EGREP_TRADITIONAL+y}
+then :
+  printf %s "(cached) " >&6
+else case e in #(
+  e) if test -z "$EGREP_TRADITIONAL"; then
+  ac_path_EGREP_TRADITIONAL_found=false
+  # Loop through the user's path and test for each of PROGNAME-LIST
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_prog in grep ggrep
+   do
+    for ac_exec_ext in '' $ac_executable_extensions; do
+      ac_path_EGREP_TRADITIONAL="$as_dir$ac_prog$ac_exec_ext"
+      as_fn_executable_p "$ac_path_EGREP_TRADITIONAL" || continue
+# Check for GNU ac_path_EGREP_TRADITIONAL and select it if it is found.
+  # Check for GNU $ac_path_EGREP_TRADITIONAL
+case `"$ac_path_EGREP_TRADITIONAL" --version 2>&1` in #(
+*GNU*)
+  ac_cv_path_EGREP_TRADITIONAL="$ac_path_EGREP_TRADITIONAL" ac_path_EGREP_TRADITIONAL_found=:;;
+#(
+*)
+  ac_count=0
+  printf %s 0123456789 >"conftest.in"
+  while :
+  do
+    cat "conftest.in" "conftest.in" >"conftest.tmp"
+    mv "conftest.tmp" "conftest.in"
+    cp "conftest.in" "conftest.nl"
+    printf "%s\n" 'EGREP_TRADITIONAL' >> "conftest.nl"
+    "$ac_path_EGREP_TRADITIONAL" -E 'EGR(EP|AC)_TRADITIONAL$' < "conftest.nl" >"conftest.out" 2>/dev/null || break
+    diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+    as_fn_arith $ac_count + 1 && ac_count=$as_val
+    if test $ac_count -gt ${ac_path_EGREP_TRADITIONAL_max-0}; then
+      # Best one so far, save it but keep looking for a better one
+      ac_cv_path_EGREP_TRADITIONAL="$ac_path_EGREP_TRADITIONAL"
+      ac_path_EGREP_TRADITIONAL_max=$ac_count
+    fi
+    # 10*(2^10) chars as input seems more than enough
+    test $ac_count -gt 10 && break
+  done
+  rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+      $ac_path_EGREP_TRADITIONAL_found && break 3
+    done
+  done
+  done
+IFS=$as_save_IFS
+  if test -z "$ac_cv_path_EGREP_TRADITIONAL"; then
+    :
+  fi
+else
+  ac_cv_path_EGREP_TRADITIONAL=$EGREP_TRADITIONAL
+fi
+
+    if test "$ac_cv_path_EGREP_TRADITIONAL"
+then :
+  ac_cv_path_EGREP_TRADITIONAL="$ac_cv_path_EGREP_TRADITIONAL -E"
+else case e in #(
+  e) if test -z "$EGREP_TRADITIONAL"; then
+  ac_path_EGREP_TRADITIONAL_found=false
+  # Loop through the user's path and test for each of PROGNAME-LIST
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_prog in egrep
+   do
+    for ac_exec_ext in '' $ac_executable_extensions; do
+      ac_path_EGREP_TRADITIONAL="$as_dir$ac_prog$ac_exec_ext"
+      as_fn_executable_p "$ac_path_EGREP_TRADITIONAL" || continue
+# Check for GNU ac_path_EGREP_TRADITIONAL and select it if it is found.
+  # Check for GNU $ac_path_EGREP_TRADITIONAL
+case `"$ac_path_EGREP_TRADITIONAL" --version 2>&1` in #(
+*GNU*)
+  ac_cv_path_EGREP_TRADITIONAL="$ac_path_EGREP_TRADITIONAL" ac_path_EGREP_TRADITIONAL_found=:;;
+#(
+*)
+  ac_count=0
+  printf %s 0123456789 >"conftest.in"
+  while :
+  do
+    cat "conftest.in" "conftest.in" >"conftest.tmp"
+    mv "conftest.tmp" "conftest.in"
+    cp "conftest.in" "conftest.nl"
+    printf "%s\n" 'EGREP_TRADITIONAL' >> "conftest.nl"
+    "$ac_path_EGREP_TRADITIONAL" 'EGR(EP|AC)_TRADITIONAL$' < "conftest.nl" >"conftest.out" 2>/dev/null || break
+    diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+    as_fn_arith $ac_count + 1 && ac_count=$as_val
+    if test $ac_count -gt ${ac_path_EGREP_TRADITIONAL_max-0}; then
+      # Best one so far, save it but keep looking for a better one
+      ac_cv_path_EGREP_TRADITIONAL="$ac_path_EGREP_TRADITIONAL"
+      ac_path_EGREP_TRADITIONAL_max=$ac_count
+    fi
+    # 10*(2^10) chars as input seems more than enough
+    test $ac_count -gt 10 && break
+  done
+  rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+      $ac_path_EGREP_TRADITIONAL_found && break 3
+    done
+  done
+  done
+IFS=$as_save_IFS
+  if test -z "$ac_cv_path_EGREP_TRADITIONAL"; then
+    as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
+  fi
+else
+  ac_cv_path_EGREP_TRADITIONAL=$EGREP_TRADITIONAL
+fi
+ ;;
+esac
+fi ;;
+esac
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP_TRADITIONAL" >&5
+printf "%s\n" "$ac_cv_path_EGREP_TRADITIONAL" >&6; }
+ EGREP_TRADITIONAL=$ac_cv_path_EGREP_TRADITIONAL
+
 
 
 
@@ -18147,8 +18618,14 @@ printf %s "checking for pthread_join using $CC $PTHREAD_CFLAGS $PTHREAD_LIBS...
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-char pthread_join ();
+   builtin and then its argument prototype would still apply.
+   The 'extern "C"' is for builds by C++ compilers;
+   although this is not generally supported in C code supporting it here
+   has little cost and some practical benefit (sr 110532).  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char pthread_join (void);
 int
 main (void)
 {
@@ -18242,7 +18719,7 @@ case $host_os in
 
 _ACEOF
 if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  $EGREP "AX_PTHREAD_ZOS_MISSING" >/dev/null 2>&1
+  $EGREP_TRADITIONAL "AX_PTHREAD_ZOS_MISSING" >/dev/null 2>&1
 then :
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: IBM z/OS requires -D_OPEN_THREADS or -D_UNIX03_THREADS to enable pthreads support." >&5
 printf "%s\n" "$as_me: WARNING: IBM z/OS requires -D_OPEN_THREADS or -D_UNIX03_THREADS to enable pthreads support." >&2;}
@@ -18272,8 +18749,8 @@ printf %s "checking whether $CC is Clang... " >&6; }
 if test ${ax_cv_PTHREAD_CLANG+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  ax_cv_PTHREAD_CLANG=no
+else case e in #(
+  e) ax_cv_PTHREAD_CLANG=no
      # Note that Autoconf sets GCC=yes for Clang as well as GCC
      if test "x$GCC" = "xyes"; then
         cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@@ -18285,14 +18762,15 @@ else $as_nop
 
 _ACEOF
 if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  $EGREP "AX_PTHREAD_CC_IS_CLANG" >/dev/null 2>&1
+  $EGREP_TRADITIONAL "AX_PTHREAD_CC_IS_CLANG" >/dev/null 2>&1
 then :
   ax_cv_PTHREAD_CLANG=yes
 fi
 rm -rf conftest*
 
      fi
-
+     ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_PTHREAD_CLANG" >&5
 printf "%s\n" "$ax_cv_PTHREAD_CLANG" >&6; }
@@ -18342,8 +18820,9 @@ esac
 if test "x$ax_pthread_check_macro" = "x--"
 then :
   ax_pthread_check_cond=0
-else $as_nop
-  ax_pthread_check_cond="!defined($ax_pthread_check_macro)"
+else case e in #(
+  e) ax_pthread_check_cond="!defined($ax_pthread_check_macro)" ;;
+esac
 fi
 
 
@@ -18377,8 +18856,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_ax_pthread_config+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$ax_pthread_config"; then
+else case e in #(
+  e) if test -n "$ax_pthread_config"; then
   ac_cv_prog_ax_pthread_config="$ax_pthread_config" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -18401,7 +18880,8 @@ done
 IFS=$as_save_IFS
 
   test -z "$ac_cv_prog_ax_pthread_config" && ac_cv_prog_ax_pthread_config="no"
-fi
+fi ;;
+esac
 fi
 ax_pthread_config=$ac_cv_prog_ax_pthread_config
 if test -n "$ax_pthread_config"; then
@@ -18534,8 +19014,8 @@ printf %s "checking whether Clang needs flag to prevent \"argument unused\" warn
 if test ${ax_cv_PTHREAD_CLANG_NO_WARN_FLAG+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  ax_cv_PTHREAD_CLANG_NO_WARN_FLAG=unknown
+else case e in #(
+  e) ax_cv_PTHREAD_CLANG_NO_WARN_FLAG=unknown
              # Create an alternate version of $ac_link that compiles and
              # links in two steps (.c -> .o, .o -> exe) instead of one
              # (.c -> exe), because the warning occurs only in the second
@@ -18581,7 +19061,8 @@ then :
   ax_pthread_try=no
 fi
              ax_cv_PTHREAD_CLANG_NO_WARN_FLAG="$ax_pthread_try"
-
+             ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_PTHREAD_CLANG_NO_WARN_FLAG" >&5
 printf "%s\n" "$ax_cv_PTHREAD_CLANG_NO_WARN_FLAG" >&6; }
@@ -18608,8 +19089,8 @@ printf %s "checking for joinable pthread attribute... " >&6; }
 if test ${ax_cv_PTHREAD_JOINABLE_ATTR+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  ax_cv_PTHREAD_JOINABLE_ATTR=unknown
+else case e in #(
+  e) ax_cv_PTHREAD_JOINABLE_ATTR=unknown
              for ax_pthread_attr in PTHREAD_CREATE_JOINABLE PTHREAD_CREATE_UNDETACHED; do
                  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
@@ -18629,7 +19110,8 @@ fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
              done
-
+             ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_PTHREAD_JOINABLE_ATTR" >&5
 printf "%s\n" "$ax_cv_PTHREAD_JOINABLE_ATTR" >&6; }
@@ -18649,14 +19131,15 @@ printf %s "checking whether more special flags are required for pthreads... " >&
 if test ${ax_cv_PTHREAD_SPECIAL_FLAGS+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  ax_cv_PTHREAD_SPECIAL_FLAGS=no
+else case e in #(
+  e) ax_cv_PTHREAD_SPECIAL_FLAGS=no
              case $host_os in
              solaris*)
              ax_cv_PTHREAD_SPECIAL_FLAGS="-D_POSIX_PTHREAD_SEMANTICS"
              ;;
              esac
-
+             ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_PTHREAD_SPECIAL_FLAGS" >&5
 printf "%s\n" "$ax_cv_PTHREAD_SPECIAL_FLAGS" >&6; }
@@ -18672,8 +19155,8 @@ printf %s "checking for PTHREAD_PRIO_INHERIT... " >&6; }
 if test ${ax_cv_PTHREAD_PRIO_INHERIT+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else case e in #(
+  e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 #include <pthread.h>
 int
@@ -18688,12 +19171,14 @@ _ACEOF
 if ac_fn_c_try_link "$LINENO"
 then :
   ax_cv_PTHREAD_PRIO_INHERIT=yes
-else $as_nop
-  ax_cv_PTHREAD_PRIO_INHERIT=no
+else case e in #(
+  e) ax_cv_PTHREAD_PRIO_INHERIT=no ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
-
+             ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_PTHREAD_PRIO_INHERIT" >&5
 printf "%s\n" "$ax_cv_PTHREAD_PRIO_INHERIT" >&6; }
@@ -18743,8 +19228,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_PTHREAD_CC+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$PTHREAD_CC"; then
+else case e in #(
+  e) if test -n "$PTHREAD_CC"; then
   ac_cv_prog_PTHREAD_CC="$PTHREAD_CC" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -18766,7 +19251,8 @@ done
   done
 IFS=$as_save_IFS
 
-fi
+fi ;;
+esac
 fi
 PTHREAD_CC=$ac_cv_prog_PTHREAD_CC
 if test -n "$PTHREAD_CC"; then
@@ -18793,8 +19279,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_PTHREAD_CXX+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$PTHREAD_CXX"; then
+else case e in #(
+  e) if test -n "$PTHREAD_CXX"; then
   ac_cv_prog_PTHREAD_CXX="$PTHREAD_CXX" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -18816,7 +19302,8 @@ done
   done
 IFS=$as_save_IFS
 
-fi
+fi ;;
+esac
 fi
 PTHREAD_CXX=$ac_cv_prog_PTHREAD_CXX
 if test -n "$PTHREAD_CXX"; then
@@ -18886,28 +19373,30 @@ fi
 
 		# The cast to long int works around a bug in the HP C Compiler
 # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
-# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# declarations like 'int a3[[(sizeof (unsigned char)) >= 0]];'.
 # This bug is HP SR number 8606223364.
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking size of unsigned long" >&5
 printf %s "checking size of unsigned long... " >&6; }
 if test ${ac_cv_sizeof_unsigned_long+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned long))" "ac_cv_sizeof_unsigned_long"        "$ac_includes_default"
+else case e in #(
+  e) if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned long))" "ac_cv_sizeof_unsigned_long"        "$ac_includes_default"
 then :
 
-else $as_nop
-  if test "$ac_cv_type_unsigned_long" = yes; then
-     { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+else case e in #(
+  e) if test "$ac_cv_type_unsigned_long" = yes; then
+     { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;}
 as_fn_error 77 "cannot compute sizeof (unsigned long)
-See \`config.log' for more details" "$LINENO" 5; }
+See 'config.log' for more details" "$LINENO" 5; }
    else
      ac_cv_sizeof_unsigned_long=0
-   fi
+   fi ;;
+esac
 fi
-
+ ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_unsigned_long" >&5
 printf "%s\n" "$ac_cv_sizeof_unsigned_long" >&6; }
@@ -18919,28 +19408,30 @@ printf "%s\n" "#define SIZEOF_UNSIGNED_LONG $ac_cv_sizeof_unsigned_long" >>confd
 
 		# The cast to long int works around a bug in the HP C Compiler
 # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
-# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# declarations like 'int a3[[(sizeof (unsigned char)) >= 0]];'.
 # This bug is HP SR number 8606223364.
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking size of pthread_t" >&5
 printf %s "checking size of pthread_t... " >&6; }
 if test ${ac_cv_sizeof_pthread_t+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (pthread_t))" "ac_cv_sizeof_pthread_t"        "$ac_includes_default"
+else case e in #(
+  e) if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (pthread_t))" "ac_cv_sizeof_pthread_t"        "$ac_includes_default"
 then :
 
-else $as_nop
-  if test "$ac_cv_type_pthread_t" = yes; then
-     { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+else case e in #(
+  e) if test "$ac_cv_type_pthread_t" = yes; then
+     { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;}
 as_fn_error 77 "cannot compute sizeof (pthread_t)
-See \`config.log' for more details" "$LINENO" 5; }
+See 'config.log' for more details" "$LINENO" 5; }
    else
      ac_cv_sizeof_pthread_t=0
-   fi
+   fi ;;
+esac
 fi
-
+ ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_pthread_t" >&5
 printf "%s\n" "$ac_cv_sizeof_pthread_t" >&6; }
@@ -19008,8 +19499,9 @@ fi
 if test ${with_solaris_threads+y}
 then :
   withval=$with_solaris_threads;
-else $as_nop
-   withval="no"
+else case e in #(
+  e)  withval="no"  ;;
+esac
 fi
 
 ub_have_sol_threads=no
@@ -19023,15 +19515,21 @@ printf %s "checking for library containing thr_create... " >&6; }
 if test ${ac_cv_search_thr_create+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  ac_func_search_save_LIBS=$LIBS
+else case e in #(
+  e) ac_func_search_save_LIBS=$LIBS
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-char thr_create ();
+   builtin and then its argument prototype would still apply.
+   The 'extern "C"' is for builds by C++ compilers;
+   although this is not generally supported in C code supporting it here
+   has little cost and some practical benefit (sr 110532).  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char thr_create (void);
 int
 main (void)
 {
@@ -19062,11 +19560,13 @@ done
 if test ${ac_cv_search_thr_create+y}
 then :
 
-else $as_nop
-  ac_cv_search_thr_create=no
+else case e in #(
+  e) ac_cv_search_thr_create=no ;;
+esac
 fi
 rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
+LIBS=$ac_func_search_save_LIBS ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_thr_create" >&5
 printf "%s\n" "$ac_cv_search_thr_create" >&6; }
@@ -19087,8 +19587,8 @@ cache=`echo mt | sed 'y%.=/+-%___p_%'`
 if eval test \${cv_prog_cc_flag_$cache+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-
+else case e in #(
+  e)
 echo 'void f(void){}' >conftest.c
 if test -z "`$CC $CPPFLAGS $CFLAGS -mt -c conftest.c 2>&1`"; then
 eval "cv_prog_cc_flag_$cache=yes"
@@ -19096,7 +19596,8 @@ else
 eval "cv_prog_cc_flag_$cache=no"
 fi
 rm -f conftest conftest.o conftest.c
-
+ ;;
+esac
 fi
 
 if eval "test \"`echo '$cv_prog_cc_flag_'$cache`\" = yes"; then
@@ -19113,10 +19614,11 @@ fi
 
 		ub_have_sol_threads=yes
 
-else $as_nop
-
+else case e in #(
+  e)
 		as_fn_error $? "no solaris threads found." "$LINENO" 5
-
+	 ;;
+esac
 fi
 
 	fi
@@ -19149,8 +19651,9 @@ printf "%s\n" "#define UB_SYSLOG_FACILITY ${UNBOUND_SYSLOG_FACILITY}" >>confdefs
 if test ${with_dynlibmodule+y}
 then :
   withval=$with_dynlibmodule;
-else $as_nop
-   withval="no"
+else case e in #(
+  e)  withval="no"  ;;
+esac
 fi
 
 
@@ -19173,15 +19676,21 @@ printf %s "checking for library containing dlopen... " >&6; }
 if test ${ac_cv_search_dlopen+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  ac_func_search_save_LIBS=$LIBS
+else case e in #(
+  e) ac_func_search_save_LIBS=$LIBS
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-char dlopen ();
+   builtin and then its argument prototype would still apply.
+   The 'extern "C"' is for builds by C++ compilers;
+   although this is not generally supported in C code supporting it here
+   has little cost and some practical benefit (sr 110532).  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dlopen (void);
 int
 main (void)
 {
@@ -19212,11 +19721,13 @@ done
 if test ${ac_cv_search_dlopen+y}
 then :
 
-else $as_nop
-  ac_cv_search_dlopen=no
+else case e in #(
+  e) ac_cv_search_dlopen=no ;;
+esac
 fi
 rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
+LIBS=$ac_func_search_save_LIBS ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dlopen" >&5
 printf "%s\n" "$ac_cv_search_dlopen" >&6; }
@@ -19240,8 +19751,9 @@ fi
 if test ${with_pyunbound+y}
 then :
   withval=$with_pyunbound;
-else $as_nop
-   withval="no"
+else case e in #(
+  e)  withval="no"  ;;
+esac
 fi
 
 
@@ -19258,8 +19770,9 @@ fi
 if test ${with_pythonmodule+y}
 then :
   withval=$with_pythonmodule;
-else $as_nop
-   withval="no"
+else case e in #(
+  e)  withval="no"  ;;
+esac
 fi
 
 
@@ -19287,8 +19800,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_path_PYTHON+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  case $PYTHON in
+else case e in #(
+  e) case $PYTHON in
   [\\/]* | ?:[\\/]*)
   ac_cv_path_PYTHON="$PYTHON" # Let the user override the test with a path.
   ;;
@@ -19313,6 +19826,7 @@ done
 IFS=$as_save_IFS
 
   ;;
+esac ;;
 esac
 fi
 PYTHON=$ac_cv_path_PYTHON
@@ -19490,8 +20004,9 @@ _ACEOF
 if ac_fn_c_try_link "$LINENO"
 then :
   pythonexists=yes
-else $as_nop
-  pythonexists=no
+else case e in #(
+  e) pythonexists=no ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
@@ -19601,8 +20116,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_path_SWIG+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  case $SWIG in
+else case e in #(
+  e) case $SWIG in
   [\\/]* | ?:[\\/]*)
   ac_cv_path_SWIG="$SWIG" # Let the user override the test with a path.
   ;;
@@ -19627,6 +20142,7 @@ done
 IFS=$as_save_IFS
 
   ;;
+esac ;;
 esac
 fi
 SWIG=$ac_cv_path_SWIG
@@ -19727,8 +20243,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_path_SWIG+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  case $SWIG in
+else case e in #(
+  e) case $SWIG in
   [\\/]* | ?:[\\/]*)
   ac_cv_path_SWIG="$SWIG" # Let the user override the test with a path.
   ;;
@@ -19753,6 +20269,7 @@ done
 IFS=$as_save_IFS
 
   ;;
+esac ;;
 esac
 fi
 SWIG=$ac_cv_path_SWIG
@@ -19914,15 +20431,17 @@ ax_date_fmt="%Y%m%d"
 if test x"$SOURCE_DATE_EPOCH" = x
 then :
   CONFIG_DATE=`date "+$ax_date_fmt"`
-else $as_nop
-  ax_build_date=`date -u -d "@$SOURCE_DATE_EPOCH" "+$ax_date_fmt" 2>/dev/null \
+else case e in #(
+  e) ax_build_date=`date -u -d "@$SOURCE_DATE_EPOCH" "+$ax_date_fmt" 2>/dev/null \
                  || date -u -r "$SOURCE_DATE_EPOCH" "+$ax_date_fmt" 2>/dev/null`
   if test x"$ax_build_date" = x
 then :
   as_fn_error $? "malformed SOURCE_DATE_EPOCH" "$LINENO" 5
-else $as_nop
-  CONFIG_DATE=$ax_build_date
-fi
+else case e in #(
+  e) CONFIG_DATE=$ax_build_date ;;
+esac
+fi ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CONFIG_DATE" >&5
 printf "%s\n" "$CONFIG_DATE" >&6; }
@@ -20017,10 +20536,11 @@ if test ${with_ssl+y}
 then :
   withval=$with_ssl;
 
-else $as_nop
-
+else case e in #(
+  e)
             withval="yes"
-
+         ;;
+esac
 fi
 
     if test x_$withval = x_no; then
@@ -20116,8 +20636,8 @@ printf "%s\n" "yes" >&6; }
 printf "%s\n" "#define HAVE_EVP_SHA256 1" >>confdefs.h
 
 
-else $as_nop
-
+else case e in #(
+  e)
                 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
                 # check if -lwsock32 or -lgdi32 are needed.
@@ -20150,8 +20670,8 @@ printf "%s\n" "#define HAVE_EVP_SHA256 1" >>confdefs.h
                     { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
 printf "%s\n" "yes" >&6; }
 
-else $as_nop
-
+else case e in #(
+  e)
                     { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
                     LIBS="$BAKLIBS"
@@ -20184,8 +20704,8 @@ printf "%s\n" "#define HAVE_EVP_SHA256 1" >>confdefs.h
 			{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
 printf "%s\n" "yes" >&6; }
 
-else $as_nop
-
+else case e in #(
+  e)
 			{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
 			LIBS="$BAKLIBS"
@@ -20218,8 +20738,8 @@ printf "%s\n" "#define HAVE_EVP_SHA256 1" >>confdefs.h
 			    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
 printf "%s\n" "yes" >&6; }
 
-else $as_nop
-
+else case e in #(
+  e)
 			    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
 			    LIBS="$BAKLIBS"
@@ -20252,8 +20772,8 @@ printf "%s\n" "#define HAVE_EVP_SHA256 1" >>confdefs.h
 				{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
 printf "%s\n" "yes" >&6; }
 
-else $as_nop
-
+else case e in #(
+  e)
 				{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
 				LIBS="$BAKLIBS"
@@ -20285,32 +20805,38 @@ printf "%s\n" "#define HAVE_EVP_SHA256 1" >>confdefs.h
 				    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
 printf "%s\n" "yes" >&6; }
 
-else $as_nop
-
+else case e in #(
+  e)
 				    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
 				    as_fn_error $? "OpenSSL found in $ssldir, but version 0.9.7 or higher is required" "$LINENO" 5
-
+				 ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
-
+			     ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
-
+			 ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
-
+		     ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
-
+                 ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
-
+             ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
@@ -20355,8 +20881,14 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-char SSL_CTX_new ();
+   builtin and then its argument prototype would still apply.
+   The 'extern "C"' is for builds by C++ compilers;
+   although this is not generally supported in C code supporting it here
+   has little cost and some practical benefit (sr 110532).  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char SSL_CTX_new (void);
 int
 main (void)
 {
@@ -20372,8 +20904,8 @@ then :
 printf "%s\n" "no" >&6; }
 	LIBS="$BAKLIBS"
 
-else $as_nop
-
+else case e in #(
+  e)
 	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
 printf "%s\n" "yes" >&6; }
 	LIBS="$BAKLIBS"
@@ -20382,15 +20914,21 @@ printf %s "checking for library containing dlopen... " >&6; }
 if test ${ac_cv_search_dlopen+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  ac_func_search_save_LIBS=$LIBS
+else case e in #(
+  e) ac_func_search_save_LIBS=$LIBS
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-char dlopen ();
+   builtin and then its argument prototype would still apply.
+   The 'extern "C"' is for builds by C++ compilers;
+   although this is not generally supported in C code supporting it here
+   has little cost and some practical benefit (sr 110532).  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dlopen (void);
 int
 main (void)
 {
@@ -20421,11 +20959,13 @@ done
 if test ${ac_cv_search_dlopen+y}
 then :
 
-else $as_nop
-  ac_cv_search_dlopen=no
+else case e in #(
+  e) ac_cv_search_dlopen=no ;;
+esac
 fi
 rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
+LIBS=$ac_func_search_save_LIBS ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dlopen" >&5
 printf "%s\n" "$ac_cv_search_dlopen" >&6; }
@@ -20436,7 +20976,8 @@ then :
 
 fi
 
-
+ ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
@@ -20471,13 +21012,14 @@ then :
 printf "%s\n" "no" >&6; }
 	LIBS="$BAKLIBS"
 
-else $as_nop
-
+else case e in #(
+  e)
 	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
 printf "%s\n" "yes" >&6; }
 	LIBS="$BAKLIBS"
 	LIBS="$LIBS -lcrypt32"
-
+ ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
@@ -20497,8 +21039,8 @@ printf %s "checking for $CC options needed to detect all undeclared functions...
 if test ${ac_cv_c_undeclared_builtin_options+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  ac_save_CFLAGS=$CFLAGS
+else case e in #(
+  e) ac_save_CFLAGS=$CFLAGS
    ac_cv_c_undeclared_builtin_options='cannot detect'
    for ac_arg in '' -fno-builtin; do
      CFLAGS="$ac_save_CFLAGS $ac_arg"
@@ -20517,8 +21059,8 @@ _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
 
-else $as_nop
-  # This test program should compile successfully.
+else case e in #(
+  e) # This test program should compile successfully.
         # No library function is consistently available on
         # freestanding implementations, so test against a dummy
         # declaration.  Include always-available headers on the
@@ -20546,26 +21088,29 @@ then :
   if test x"$ac_arg" = x
 then :
   ac_cv_c_undeclared_builtin_options='none needed'
-else $as_nop
-  ac_cv_c_undeclared_builtin_options=$ac_arg
+else case e in #(
+  e) ac_cv_c_undeclared_builtin_options=$ac_arg ;;
+esac
 fi
           break
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
     done
     CFLAGS=$ac_save_CFLAGS
-
+   ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_undeclared_builtin_options" >&5
 printf "%s\n" "$ac_cv_c_undeclared_builtin_options" >&6; }
   case $ac_cv_c_undeclared_builtin_options in #(
   'cannot detect') :
-    { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+    { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;}
 as_fn_error $? "cannot make $CC report undeclared builtins
-See \`config.log' for more details" "$LINENO" 5; } ;; #(
+See 'config.log' for more details" "$LINENO" 5; } ;; #(
   'none needed') :
     ac_c_undeclared_builtin_options='' ;; #(
   *) :
@@ -20576,32 +21121,36 @@ ac_fn_check_decl "$LINENO" "strlcpy" "ac_cv_have_decl_strlcpy" "$ac_includes_def
 if test "x$ac_cv_have_decl_strlcpy" = xyes
 then :
   ac_have_decl=1
-else $as_nop
-  ac_have_decl=0
+else case e in #(
+  e) ac_have_decl=0 ;;
+esac
 fi
 printf "%s\n" "#define HAVE_DECL_STRLCPY $ac_have_decl" >>confdefs.h
 ac_fn_check_decl "$LINENO" "strlcat" "ac_cv_have_decl_strlcat" "$ac_includes_default" "$ac_c_undeclared_builtin_options" "CFLAGS"
 if test "x$ac_cv_have_decl_strlcat" = xyes
 then :
   ac_have_decl=1
-else $as_nop
-  ac_have_decl=0
+else case e in #(
+  e) ac_have_decl=0 ;;
+esac
 fi
 printf "%s\n" "#define HAVE_DECL_STRLCAT $ac_have_decl" >>confdefs.h
 ac_fn_check_decl "$LINENO" "arc4random" "ac_cv_have_decl_arc4random" "$ac_includes_default" "$ac_c_undeclared_builtin_options" "CFLAGS"
 if test "x$ac_cv_have_decl_arc4random" = xyes
 then :
   ac_have_decl=1
-else $as_nop
-  ac_have_decl=0
+else case e in #(
+  e) ac_have_decl=0 ;;
+esac
 fi
 printf "%s\n" "#define HAVE_DECL_ARC4RANDOM $ac_have_decl" >>confdefs.h
 ac_fn_check_decl "$LINENO" "arc4random_uniform" "ac_cv_have_decl_arc4random_uniform" "$ac_includes_default" "$ac_c_undeclared_builtin_options" "CFLAGS"
 if test "x$ac_cv_have_decl_arc4random_uniform" = xyes
 then :
   ac_have_decl=1
-else $as_nop
-  ac_have_decl=0
+else case e in #(
+  e) ac_have_decl=0 ;;
+esac
 fi
 printf "%s\n" "#define HAVE_DECL_ARC4RANDOM_UNIFORM $ac_have_decl" >>confdefs.h
 
@@ -20816,12 +21365,6 @@ then :
   printf "%s\n" "#define HAVE_BIO_SET_CALLBACK_EX 1" >>confdefs.h
 
 fi
-ac_fn_c_check_func "$LINENO" "SSL_CTX_set_tmp_ecdh" "ac_cv_func_SSL_CTX_set_tmp_ecdh"
-if test "x$ac_cv_func_SSL_CTX_set_tmp_ecdh" = xyes
-then :
-  printf "%s\n" "#define HAVE_SSL_CTX_SET_TMP_ECDH 1" >>confdefs.h
-
-fi
 
 
 # these check_funcs need -lssl
@@ -20920,8 +21463,9 @@ $ac_includes_default
 if test "x$ac_cv_have_decl_SSL_COMP_get_compression_methods" = xyes
 then :
   ac_have_decl=1
-else $as_nop
-  ac_have_decl=0
+else case e in #(
+  e) ac_have_decl=0 ;;
+esac
 fi
 printf "%s\n" "#define HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS $ac_have_decl" >>confdefs.h
 ac_fn_check_decl "$LINENO" "sk_SSL_COMP_pop_free" "ac_cv_have_decl_sk_SSL_COMP_pop_free" "
@@ -20948,8 +21492,9 @@ $ac_includes_default
 if test "x$ac_cv_have_decl_sk_SSL_COMP_pop_free" = xyes
 then :
   ac_have_decl=1
-else $as_nop
-  ac_have_decl=0
+else case e in #(
+  e) ac_have_decl=0 ;;
+esac
 fi
 printf "%s\n" "#define HAVE_DECL_SK_SSL_COMP_POP_FREE $ac_have_decl" >>confdefs.h
 ac_fn_check_decl "$LINENO" "SSL_CTX_set_ecdh_auto" "ac_cv_have_decl_SSL_CTX_set_ecdh_auto" "
@@ -20976,10 +21521,39 @@ $ac_includes_default
 if test "x$ac_cv_have_decl_SSL_CTX_set_ecdh_auto" = xyes
 then :
   ac_have_decl=1
+else case e in #(
+  e) ac_have_decl=0 ;;
+esac
+fi
+printf "%s\n" "#define HAVE_DECL_SSL_CTX_SET_ECDH_AUTO $ac_have_decl" >>confdefs.h
+ac_fn_check_decl "$LINENO" "SSL_CTX_set_tmp_ecdh" "ac_cv_have_decl_SSL_CTX_set_tmp_ecdh" "
+$ac_includes_default
+#ifdef HAVE_OPENSSL_ERR_H
+#include <openssl/err.h>
+#endif
+
+#ifdef HAVE_OPENSSL_RAND_H
+#include <openssl/rand.h>
+#endif
+
+#ifdef HAVE_OPENSSL_CONF_H
+#include <openssl/conf.h>
+#endif
+
+#ifdef HAVE_OPENSSL_ENGINE_H
+#include <openssl/engine.h>
+#endif
+#include <openssl/ssl.h>
+#include <openssl/evp.h>
+
+" "$ac_c_undeclared_builtin_options" "CFLAGS"
+if test "x$ac_cv_have_decl_SSL_CTX_set_tmp_ecdh" = xyes
+then :
+  ac_have_decl=1
 else $as_nop
   ac_have_decl=0
 fi
-printf "%s\n" "#define HAVE_DECL_SSL_CTX_SET_ECDH_AUTO $ac_have_decl" >>confdefs.h
+printf "%s\n" "#define HAVE_DECL_SSL_CTX_SET_TMP_ECDH $ac_have_decl" >>confdefs.h
 
 
 if test "$ac_cv_func_HMAC_Init_ex" = "yes"; then
@@ -21027,14 +21601,15 @@ then :
 	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: int" >&5
 printf "%s\n" "int" >&6; }
 
-else $as_nop
-
+else case e in #(
+  e)
 	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: void" >&5
 printf "%s\n" "void" >&6; }
 
 printf "%s\n" "#define HMAC_INIT_EX_RETURNS_VOID 1" >>confdefs.h
 
-
+ ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
@@ -21065,21 +21640,27 @@ fi
 
 	if test "x$ac_cv_header_bsd_string_h" = xyes -a "x$ac_cv_header_bsd_stdlib_h" = xyes; then
 		for func in strlcpy strlcat arc4random arc4random_uniform reallocarray; do
-			as_ac_Search=`printf "%s\n" "ac_cv_search_$func" | $as_tr_sh`
+			as_ac_Search=`printf "%s\n" "ac_cv_search_$func" | sed "$as_sed_sh"`
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing $func" >&5
 printf %s "checking for library containing $func... " >&6; }
 if eval test \${$as_ac_Search+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  ac_func_search_save_LIBS=$LIBS
+else case e in #(
+  e) ac_func_search_save_LIBS=$LIBS
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-char $func ();
+   builtin and then its argument prototype would still apply.
+   The 'extern "C"' is for builds by C++ compilers;
+   although this is not generally supported in C code supporting it here
+   has little cost and some practical benefit (sr 110532).  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $func (void);
 int
 main (void)
 {
@@ -21110,11 +21691,13 @@ done
 if eval test \${$as_ac_Search+y}
 then :
 
-else $as_nop
-  eval "$as_ac_Search=no"
+else case e in #(
+  e) eval "$as_ac_Search=no" ;;
+esac
 fi
 rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
+LIBS=$ac_func_search_save_LIBS ;;
+esac
 fi
 eval ac_res=\$$as_ac_Search
 	       { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
@@ -21209,16 +21792,18 @@ case "$enable_gost" in
 if test "x$ac_cv_func_EVP_PKEY_set_type_str" = xyes
 then :
   :
-else $as_nop
-  as_fn_error $? "OpenSSL 1.0.0 is needed for GOST support" "$LINENO" 5
+else case e in #(
+  e) as_fn_error $? "OpenSSL 1.0.0 is needed for GOST support" "$LINENO" 5 ;;
+esac
 fi
 
 	ac_fn_c_check_func "$LINENO" "EC_KEY_new" "ac_cv_func_EC_KEY_new"
 if test "x$ac_cv_func_EC_KEY_new" = xyes
 then :
 
-else $as_nop
-  as_fn_error $? "OpenSSL does not support ECC, needed for GOST support" "$LINENO" 5
+else case e in #(
+  e) as_fn_error $? "OpenSSL does not support ECC, needed for GOST support" "$LINENO" 5 ;;
+esac
 fi
 
 
@@ -21232,8 +21817,8 @@ fi
 if test "$cross_compiling" = yes
 then :
   eval "ac_cv_c_gost_works=maybe"
-else $as_nop
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else case e in #(
+  e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 #include <string.h>
@@ -21321,11 +21906,13 @@ _ACEOF
 if ac_fn_c_try_run "$LINENO"
 then :
   eval "ac_cv_c_gost_works=yes"
-else $as_nop
-  eval "ac_cv_c_gost_works=no"
+else case e in #(
+  e) eval "ac_cv_c_gost_works=no" ;;
+esac
 fi
 rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
-  conftest.$ac_objext conftest.beam conftest.$ac_ext
+  conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
+esac
 fi
 
 CFLAGS="$BAKCFLAGS"
@@ -21371,26 +21958,29 @@ then :
 
 fi
 
-else $as_nop
-
+else case e in #(
+  e)
 		  # without EVP_PKEY_fromdata, older openssl, check for support
 		  ac_fn_c_check_func "$LINENO" "ECDSA_sign" "ac_cv_func_ECDSA_sign"
 if test "x$ac_cv_func_ECDSA_sign" = xyes
 then :
 
-else $as_nop
-  as_fn_error $? "OpenSSL does not support ECDSA: please upgrade or rerun with --disable-ecdsa" "$LINENO" 5
+else case e in #(
+  e) as_fn_error $? "OpenSSL does not support ECDSA: please upgrade or rerun with --disable-ecdsa" "$LINENO" 5 ;;
+esac
 fi
 
 		  ac_fn_c_check_func "$LINENO" "SHA384_Init" "ac_cv_func_SHA384_Init"
 if test "x$ac_cv_func_SHA384_Init" = xyes
 then :
 
-else $as_nop
-  as_fn_error $? "OpenSSL does not support SHA384: please upgrade or rerun with --disable-ecdsa" "$LINENO" 5
+else case e in #(
+  e) as_fn_error $? "OpenSSL does not support SHA384: please upgrade or rerun with --disable-ecdsa" "$LINENO" 5 ;;
+esac
 fi
 
-
+		 ;;
+esac
 fi
 
 	      ac_fn_check_decl "$LINENO" "NID_X9_62_prime256v1" "ac_cv_have_decl_NID_X9_62_prime256v1" "$ac_includes_default
@@ -21400,15 +21990,17 @@ fi
 if test "x$ac_cv_have_decl_NID_X9_62_prime256v1" = xyes
 then :
   ac_have_decl=1
-else $as_nop
-  ac_have_decl=0
+else case e in #(
+  e) ac_have_decl=0 ;;
+esac
 fi
 printf "%s\n" "#define HAVE_DECL_NID_X9_62_PRIME256V1 $ac_have_decl" >>confdefs.h
 if test $ac_have_decl = 1
 then :
 
-else $as_nop
-  as_fn_error $? "OpenSSL does not support the ECDSA curves: please upgrade or rerun with --disable-ecdsa" "$LINENO" 5
+else case e in #(
+  e) as_fn_error $? "OpenSSL does not support the ECDSA curves: please upgrade or rerun with --disable-ecdsa" "$LINENO" 5 ;;
+esac
 fi
 ac_fn_check_decl "$LINENO" "NID_secp384r1" "ac_cv_have_decl_NID_secp384r1" "$ac_includes_default
 #include <openssl/evp.h>
@@ -21417,15 +22009,17 @@ ac_fn_check_decl "$LINENO" "NID_secp384r1" "ac_cv_have_decl_NID_secp384r1" "$ac_
 if test "x$ac_cv_have_decl_NID_secp384r1" = xyes
 then :
   ac_have_decl=1
-else $as_nop
-  ac_have_decl=0
+else case e in #(
+  e) ac_have_decl=0 ;;
+esac
 fi
 printf "%s\n" "#define HAVE_DECL_NID_SECP384R1 $ac_have_decl" >>confdefs.h
 if test $ac_have_decl = 1
 then :
 
-else $as_nop
-  as_fn_error $? "OpenSSL does not support the ECDSA curves: please upgrade or rerun with --disable-ecdsa" "$LINENO" 5
+else case e in #(
+  e) as_fn_error $? "OpenSSL does not support the ECDSA curves: please upgrade or rerun with --disable-ecdsa" "$LINENO" 5 ;;
+esac
 fi
 
 	      # see if OPENSSL 1.0.0 or later (has EVP MD and Verify independency)
@@ -21471,7 +22065,7 @@ case "$enable_dsa" in
 if test "x$ac_cv_func_DSA_SIG_new" = xyes
 then :
 
-      as_ac_Type=`printf "%s\n" "ac_cv_type_DSA_SIG*" | $as_tr_sh`
+      as_ac_Type=`printf "%s\n" "ac_cv_type_DSA_SIG*" | sed "$as_sed_sh"`
 ac_fn_c_check_type "$LINENO" "DSA_SIG*" "$as_ac_Type" "
 $ac_includes_default
 #ifdef HAVE_OPENSSL_ERR_H
@@ -21498,15 +22092,17 @@ then :
 printf "%s\n" "#define USE_DSA 1" >>confdefs.h
 
 
-else $as_nop
-  if test "x$enable_dsa" = "xyes"; then as_fn_error $? "OpenSSL does not support DSA and you used --enable-dsa." "$LINENO" 5
-               fi
+else case e in #(
+  e) if test "x$enable_dsa" = "xyes"; then as_fn_error $? "OpenSSL does not support DSA and you used --enable-dsa." "$LINENO" 5
+               fi  ;;
+esac
 fi
 
 
-else $as_nop
-  if test "x$enable_dsa" = "xyes"; then as_fn_error $? "OpenSSL does not support DSA and you used --enable-dsa." "$LINENO" 5
-               fi
+else case e in #(
+  e) if test "x$enable_dsa" = "xyes"; then as_fn_error $? "OpenSSL does not support DSA and you used --enable-dsa." "$LINENO" 5
+               fi  ;;
+esac
 fi
 
       else
@@ -21553,8 +22149,9 @@ case "$enable_ed25519" in
 if test "x$ac_cv_have_decl_NID_ED25519" = xyes
 then :
   ac_have_decl=1
-else $as_nop
-  ac_have_decl=0
+else case e in #(
+  e) ac_have_decl=0 ;;
+esac
 fi
 printf "%s\n" "#define HAVE_DECL_NID_ED25519 $ac_have_decl" >>confdefs.h
 if test $ac_have_decl = 1
@@ -21562,9 +22159,10 @@ then :
 
       		use_ed25519="yes"
 
-else $as_nop
-   if test "x$enable_ed25519" = "xyes"; then as_fn_error $? "OpenSSL does not support ED25519 and you used --enable-ed25519." "$LINENO" 5
-	      	fi
+else case e in #(
+  e)  if test "x$enable_ed25519" = "xyes"; then as_fn_error $? "OpenSSL does not support ED25519 and you used --enable-ed25519." "$LINENO" 5
+	      	fi  ;;
+esac
 fi
 
       fi
@@ -21608,8 +22206,9 @@ case "$enable_ed448" in
 if test "x$ac_cv_have_decl_NID_ED448" = xyes
 then :
   ac_have_decl=1
-else $as_nop
-  ac_have_decl=0
+else case e in #(
+  e) ac_have_decl=0 ;;
+esac
 fi
 printf "%s\n" "#define HAVE_DECL_NID_ED448 $ac_have_decl" >>confdefs.h
 if test $ac_have_decl = 1
@@ -21617,9 +22216,10 @@ then :
 
       		use_ed448="yes"
 
-else $as_nop
-   if test "x$enable_ed448" = "xyes"; then as_fn_error $? "OpenSSL does not support ED448 and you used --enable-ed448." "$LINENO" 5
-	      	fi
+else case e in #(
+  e)  if test "x$enable_ed448" = "xyes"; then as_fn_error $? "OpenSSL does not support ED448 and you used --enable-ed448." "$LINENO" 5
+	      	fi  ;;
+esac
 fi
 
       fi
@@ -21665,8 +22265,9 @@ if test "x$ac_cv_have_decl_MSG_FASTOPEN" = xyes
 then :
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Check the platform specific TFO kernel parameters are correctly configured to support client mode TFO" >&5
 printf "%s\n" "$as_me: WARNING: Check the platform specific TFO kernel parameters are correctly configured to support client mode TFO" >&2;}
-else $as_nop
-  as_fn_error $? "TCP Fast Open is not available for client mode: please rerun without --enable-tfo-client" "$LINENO" 5
+else case e in #(
+  e) as_fn_error $? "TCP Fast Open is not available for client mode: please rerun without --enable-tfo-client" "$LINENO" 5 ;;
+esac
 fi
 
 printf "%s\n" "#define USE_MSG_FASTOPEN 1" >>confdefs.h
@@ -21680,8 +22281,9 @@ if test "x$ac_cv_have_decl_CONNECT_RESUME_ON_READ_WRITE" = xyes
 then :
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Check the platform specific TFO kernel parameters are correctly configured to support client mode TFO" >&5
 printf "%s\n" "$as_me: WARNING: Check the platform specific TFO kernel parameters are correctly configured to support client mode TFO" >&2;}
-else $as_nop
-  as_fn_error $? "TCP Fast Open is not available for client mode: please rerun without --enable-tfo-client" "$LINENO" 5
+else case e in #(
+  e) as_fn_error $? "TCP Fast Open is not available for client mode: please rerun without --enable-tfo-client" "$LINENO" 5 ;;
+esac
 fi
 
 printf "%s\n" "#define USE_OSX_MSG_FASTOPEN 1" >>confdefs.h
@@ -21709,8 +22311,9 @@ if test "x$ac_cv_have_decl_TCP_FASTOPEN" = xyes
 then :
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Check the platform specific TFO kernel parameters are correctly configured to support server mode TFO" >&5
 printf "%s\n" "$as_me: WARNING: Check the platform specific TFO kernel parameters are correctly configured to support server mode TFO" >&2;}
-else $as_nop
-  as_fn_error $? "TCP Fast Open is not available for server mode: please rerun without --enable-tfo-server" "$LINENO" 5
+else case e in #(
+  e) as_fn_error $? "TCP Fast Open is not available for server mode: please rerun without --enable-tfo-server" "$LINENO" 5 ;;
+esac
 fi
 
 printf "%s\n" "#define USE_TCP_FASTOPEN 1" >>confdefs.h
@@ -21726,8 +22329,9 @@ esac
 if test ${with_libevent+y}
 then :
   withval=$with_libevent;
-else $as_nop
-   with_libevent="no"
+else case e in #(
+  e)  with_libevent="no"  ;;
+esac
 fi
 
 if test "x_$with_libevent" != x_no; then
@@ -21806,15 +22410,21 @@ printf %s "checking for library containing clock_gettime... " >&6; }
 if test ${ac_cv_search_clock_gettime+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  ac_func_search_save_LIBS=$LIBS
+else case e in #(
+  e) ac_func_search_save_LIBS=$LIBS
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-char clock_gettime ();
+   builtin and then its argument prototype would still apply.
+   The 'extern "C"' is for builds by C++ compilers;
+   although this is not generally supported in C code supporting it here
+   has little cost and some practical benefit (sr 110532).  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char clock_gettime (void);
 int
 main (void)
 {
@@ -21845,11 +22455,13 @@ done
 if test ${ac_cv_search_clock_gettime+y}
 then :
 
-else $as_nop
-  ac_cv_search_clock_gettime=no
+else case e in #(
+  e) ac_cv_search_clock_gettime=no ;;
+esac
 fi
 rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
+LIBS=$ac_func_search_save_LIBS ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_clock_gettime" >&5
 printf "%s\n" "$ac_cv_search_clock_gettime" >&6; }
@@ -21882,15 +22494,21 @@ printf %s "checking for library containing event_set... " >&6; }
 if test ${ac_cv_search_event_set+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  ac_func_search_save_LIBS=$LIBS
+else case e in #(
+  e) ac_func_search_save_LIBS=$LIBS
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-char event_set ();
+   builtin and then its argument prototype would still apply.
+   The 'extern "C"' is for builds by C++ compilers;
+   although this is not generally supported in C code supporting it here
+   has little cost and some practical benefit (sr 110532).  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char event_set (void);
 int
 main (void)
 {
@@ -21921,11 +22539,13 @@ done
 if test ${ac_cv_search_event_set+y}
 then :
 
-else $as_nop
-  ac_cv_search_event_set=no
+else case e in #(
+  e) ac_cv_search_event_set=no ;;
+esac
 fi
 rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
+LIBS=$ac_func_search_save_LIBS ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_event_set" >&5
 printf "%s\n" "$ac_cv_search_event_set" >&6; }
@@ -21937,22 +22557,28 @@ then :
 fi
 
 
-else $as_nop
-
+else case e in #(
+  e)
 		{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing event_set" >&5
 printf %s "checking for library containing event_set... " >&6; }
 if test ${ac_cv_search_event_set+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  ac_func_search_save_LIBS=$LIBS
+else case e in #(
+  e) ac_func_search_save_LIBS=$LIBS
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-char event_set ();
+   builtin and then its argument prototype would still apply.
+   The 'extern "C"' is for builds by C++ compilers;
+   although this is not generally supported in C code supporting it here
+   has little cost and some practical benefit (sr 110532).  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char event_set (void);
 int
 main (void)
 {
@@ -21983,11 +22609,13 @@ done
 if test ${ac_cv_search_event_set+y}
 then :
 
-else $as_nop
-  ac_cv_search_event_set=no
+else case e in #(
+  e) ac_cv_search_event_set=no ;;
+esac
 fi
 rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
+LIBS=$ac_func_search_save_LIBS ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_event_set" >&5
 printf "%s\n" "$ac_cv_search_event_set" >&6; }
@@ -21998,7 +22626,8 @@ then :
 
 fi
 
-
+	 ;;
+esac
 fi
 	ac_fn_c_check_func "$LINENO" "event_base_free" "ac_cv_func_event_base_free"
 if test "x$ac_cv_func_event_base_free" = xyes
@@ -22060,8 +22689,9 @@ fi
 if test "x$ac_cv_have_decl_evsignal_assign" = xyes
 then :
   ac_have_decl=1
-else $as_nop
-  ac_have_decl=0
+else case e in #(
+  e) ac_have_decl=0 ;;
+esac
 fi
 printf "%s\n" "#define HAVE_DECL_EVSIGNAL_ASSIGN $ac_have_decl" >>confdefs.h
 
@@ -22082,8 +22712,9 @@ fi
 if test ${with_libexpat+y}
 then :
   withval=$with_libexpat;
-else $as_nop
-   withval="/usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr"
+else case e in #(
+  e)  withval="/usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr"  ;;
+esac
 fi
 
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for libexpat" >&5
@@ -22119,8 +22750,9 @@ ac_fn_check_decl "$LINENO" "XML_StopParser" "ac_cv_have_decl_XML_StopParser" "$a
 if test "x$ac_cv_have_decl_XML_StopParser" = xyes
 then :
   ac_have_decl=1
-else $as_nop
-  ac_have_decl=0
+else case e in #(
+  e) ac_have_decl=0 ;;
+esac
 fi
 printf "%s\n" "#define HAVE_DECL_XML_STOPPARSER $ac_have_decl" >>confdefs.h
 
@@ -22131,8 +22763,9 @@ printf "%s\n" "#define HAVE_DECL_XML_STOPPARSER $ac_have_decl" >>confdefs.h
 if test ${with_libhiredis+y}
 then :
   withval=$with_libhiredis;
-else $as_nop
-   withval="no"
+else case e in #(
+  e)  withval="no"  ;;
+esac
 fi
 
 found_libhiredis="no"
@@ -22176,8 +22809,9 @@ fi
 if test "x$ac_cv_have_decl_redisConnect" = xyes
 then :
   ac_have_decl=1
-else $as_nop
-  ac_have_decl=0
+else case e in #(
+  e) ac_have_decl=0 ;;
+esac
 fi
 printf "%s\n" "#define HAVE_DECL_REDISCONNECT $ac_have_decl" >>confdefs.h
 
@@ -22189,8 +22823,9 @@ fi
 if test ${with_libnghttp2+y}
 then :
   withval=$with_libnghttp2;
-else $as_nop
-   withval="no"
+else case e in #(
+  e)  withval="no"  ;;
+esac
 fi
 
 found_libnghttp2="no"
@@ -22234,8 +22869,9 @@ fi
 if test "x$ac_cv_have_decl_nghttp2_session_server_new" = xyes
 then :
   ac_have_decl=1
-else $as_nop
-  ac_have_decl=0
+else case e in #(
+  e) ac_have_decl=0 ;;
+esac
 fi
 printf "%s\n" "#define HAVE_DECL_NGHTTP2_SESSION_SERVER_NEW $ac_have_decl" >>confdefs.h
 
@@ -22247,8 +22883,9 @@ fi
 if test ${with_libngtcp2+y}
 then :
   withval=$with_libngtcp2;
-else $as_nop
-   withval="no"
+else case e in #(
+  e)  withval="no"  ;;
+esac
 fi
 
 found_libngtcp2="no"
@@ -22284,6 +22921,13 @@ then :
   printf "%s\n" "#define HAVE_NGTCP2_NGTCP2_H 1" >>confdefs.h
 
 fi
+ac_fn_c_check_header_compile "$LINENO" "ngtcp2/ngtcp2_crypto_ossl.h" "ac_cv_header_ngtcp2_ngtcp2_crypto_ossl_h" "$ac_includes_default
+"
+if test "x$ac_cv_header_ngtcp2_ngtcp2_crypto_ossl_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_NGTCP2_NGTCP2_CRYPTO_OSSL_H 1" >>confdefs.h
+
+fi
 ac_fn_c_check_header_compile "$LINENO" "ngtcp2/ngtcp2_crypto_openssl.h" "ac_cv_header_ngtcp2_ngtcp2_crypto_openssl_h" "$ac_includes_default
 "
 if test "x$ac_cv_header_ngtcp2_ngtcp2_crypto_openssl_h" = xyes
@@ -22306,8 +22950,9 @@ fi
 if test "x$ac_cv_have_decl_ngtcp2_conn_server_new" = xyes
 then :
   ac_have_decl=1
-else $as_nop
-  ac_have_decl=0
+else case e in #(
+  e) ac_have_decl=0 ;;
+esac
 fi
 printf "%s\n" "#define HAVE_DECL_NGTCP2_CONN_SERVER_NEW $ac_have_decl" >>confdefs.h
 
@@ -22318,19 +22963,20 @@ printf "%s\n" "#define HAVE_DECL_NGTCP2_CONN_SERVER_NEW $ac_have_decl" >>confdef
 if test "x$ac_cv_have_decl_ngtcp2_crypto_encrypt_cb" = xyes
 then :
   ac_have_decl=1
-else $as_nop
-  ac_have_decl=0
+else case e in #(
+  e) ac_have_decl=0 ;;
+esac
 fi
 printf "%s\n" "#define HAVE_DECL_NGTCP2_CRYPTO_ENCRYPT_CB $ac_have_decl" >>confdefs.h
 
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ngtcp2_crypto_encrypt_cb in -lngtcp2_crypto_openssl" >&5
-printf %s "checking for ngtcp2_crypto_encrypt_cb in -lngtcp2_crypto_openssl... " >&6; }
-if test ${ac_cv_lib_ngtcp2_crypto_openssl_ngtcp2_crypto_encrypt_cb+y}
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ngtcp2_crypto_encrypt_cb in -lngtcp2_crypto_ossl" >&5
+printf %s "checking for ngtcp2_crypto_encrypt_cb in -lngtcp2_crypto_ossl... " >&6; }
+if test ${ac_cv_lib_ngtcp2_crypto_ossl_ngtcp2_crypto_encrypt_cb+y}
 then :
   printf %s "(cached) " >&6
 else $as_nop
   ac_check_lib_save_LIBS=$LIBS
-LIBS="-lngtcp2_crypto_openssl  $LIBS"
+LIBS="-lngtcp2_crypto_ossl  $LIBS"
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
@@ -22348,36 +22994,95 @@ return ngtcp2_crypto_encrypt_cb ();
 _ACEOF
 if ac_fn_c_try_link "$LINENO"
 then :
-  ac_cv_lib_ngtcp2_crypto_openssl_ngtcp2_crypto_encrypt_cb=yes
+  ac_cv_lib_ngtcp2_crypto_ossl_ngtcp2_crypto_encrypt_cb=yes
 else $as_nop
-  ac_cv_lib_ngtcp2_crypto_openssl_ngtcp2_crypto_encrypt_cb=no
+  ac_cv_lib_ngtcp2_crypto_ossl_ngtcp2_crypto_encrypt_cb=no
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ngtcp2_crypto_ossl_ngtcp2_crypto_encrypt_cb" >&5
+printf "%s\n" "$ac_cv_lib_ngtcp2_crypto_ossl_ngtcp2_crypto_encrypt_cb" >&6; }
+if test "x$ac_cv_lib_ngtcp2_crypto_ossl_ngtcp2_crypto_encrypt_cb" = xyes
+then :
+
+	LIBS="$LIBS -lngtcp2_crypto_ossl"
+
+printf "%s\n" "#define USE_NGTCP2_CRYPTO_OSSL 1" >>confdefs.h
+
+
+else $as_nop
+
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ngtcp2_crypto_encrypt_cb in -lngtcp2_crypto_openssl" >&5
+printf %s "checking for ngtcp2_crypto_encrypt_cb in -lngtcp2_crypto_openssl... " >&6; }
+if test ${ac_cv_lib_ngtcp2_crypto_openssl_ngtcp2_crypto_encrypt_cb+y}
+then :
+  printf %s "(cached) " >&6
+else case e in #(
+  e) ac_check_lib_save_LIBS=$LIBS
+LIBS="-lngtcp2_crypto_openssl  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.
+   The 'extern "C"' is for builds by C++ compilers;
+   although this is not generally supported in C code supporting it here
+   has little cost and some practical benefit (sr 110532).  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char ngtcp2_crypto_encrypt_cb (void);
+int
+main (void)
+{
+return ngtcp2_crypto_encrypt_cb ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  ac_cv_lib_ngtcp2_crypto_openssl_ngtcp2_crypto_encrypt_cb=yes
+else case e in #(
+  e) ac_cv_lib_ngtcp2_crypto_openssl_ngtcp2_crypto_encrypt_cb=no ;;
+esac
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS ;;
+esac
+fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ngtcp2_crypto_openssl_ngtcp2_crypto_encrypt_cb" >&5
 printf "%s\n" "$ac_cv_lib_ngtcp2_crypto_openssl_ngtcp2_crypto_encrypt_cb" >&6; }
 if test "x$ac_cv_lib_ngtcp2_crypto_openssl_ngtcp2_crypto_encrypt_cb" = xyes
 then :
    LIBS="$LIBS -lngtcp2_crypto_openssl"
-fi
+else $as_nop
 
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ngtcp2_crypto_encrypt_cb in -lngtcp2_crypto_quictls" >&5
+            { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ngtcp2_crypto_encrypt_cb in -lngtcp2_crypto_quictls" >&5
 printf %s "checking for ngtcp2_crypto_encrypt_cb in -lngtcp2_crypto_quictls... " >&6; }
 if test ${ac_cv_lib_ngtcp2_crypto_quictls_ngtcp2_crypto_encrypt_cb+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  ac_check_lib_save_LIBS=$LIBS
+else case e in #(
+  e) ac_check_lib_save_LIBS=$LIBS
 LIBS="-lngtcp2_crypto_quictls  $LIBS"
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-char ngtcp2_crypto_encrypt_cb ();
+   builtin and then its argument prototype would still apply.
+   The 'extern "C"' is for builds by C++ compilers;
+   although this is not generally supported in C code supporting it here
+   has little cost and some practical benefit (sr 110532).  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char ngtcp2_crypto_encrypt_cb (void);
 int
 main (void)
 {
@@ -22389,12 +23094,14 @@ _ACEOF
 if ac_fn_c_try_link "$LINENO"
 then :
   ac_cv_lib_ngtcp2_crypto_quictls_ngtcp2_crypto_encrypt_cb=yes
-else $as_nop
-  ac_cv_lib_ngtcp2_crypto_quictls_ngtcp2_crypto_encrypt_cb=no
+else case e in #(
+  e) ac_cv_lib_ngtcp2_crypto_quictls_ngtcp2_crypto_encrypt_cb=no ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
+LIBS=$ac_check_lib_save_LIBS ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ngtcp2_crypto_quictls_ngtcp2_crypto_encrypt_cb" >&5
 printf "%s\n" "$ac_cv_lib_ngtcp2_crypto_quictls_ngtcp2_crypto_encrypt_cb" >&6; }
@@ -22403,6 +23110,12 @@ then :
    LIBS="$LIBS -lngtcp2_crypto_quictls"
 fi
 
+
+fi
+
+
+fi
+
     ac_fn_c_check_func "$LINENO" "ngtcp2_crypto_encrypt_cb" "ac_cv_func_ngtcp2_crypto_encrypt_cb"
 if test "x$ac_cv_func_ngtcp2_crypto_encrypt_cb" = xyes
 then :
@@ -22451,6 +23164,12 @@ then :
   printf "%s\n" "#define HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_CLIENT_CONTEXT 1" >>confdefs.h
 
 fi
+ac_fn_c_check_func "$LINENO" "ngtcp2_crypto_quictls_init" "ac_cv_func_ngtcp2_crypto_quictls_init"
+if test "x$ac_cv_func_ngtcp2_crypto_quictls_init" = xyes
+then :
+  printf "%s\n" "#define HAVE_NGTCP2_CRYPTO_QUICTLS_INIT 1" >>confdefs.h
+
+fi
 ac_fn_c_check_func "$LINENO" "ngtcp2_conn_get_num_scid" "ac_cv_func_ngtcp2_conn_get_num_scid"
 if test "x$ac_cv_func_ngtcp2_conn_get_num_scid" = xyes
 then :
@@ -22471,6 +23190,10 @@ then :
 fi
 
 
+    # these check_funcs need -lssl
+    BAKLIBS="$LIBS"
+    LIBS="-lssl $LIBS"
+
   for ac_func in SSL_is_quic
 do :
   ac_fn_c_check_func "$LINENO" "SSL_is_quic" "ac_cv_func_SSL_is_quic"
@@ -22478,11 +23201,14 @@ if test "x$ac_cv_func_SSL_is_quic" = xyes
 then :
   printf "%s\n" "#define HAVE_SSL_IS_QUIC 1" >>confdefs.h
 
-else $as_nop
-  as_fn_error $? "No QUIC support detected in OpenSSL. Need OpenSSL version with QUIC support to enable DNS over QUIC with libngtcp2." "$LINENO" 5
+else case e in #(
+  e) as_fn_error $? "No QUIC support detected in OpenSSL. Need OpenSSL version with QUIC support to enable DNS over QUIC with libngtcp2." "$LINENO" 5 ;;
+esac
 fi
 
 done
+    LIBS="$BAKLIBS"
+
     ac_fn_c_check_type "$LINENO" "struct ngtcp2_version_cid" "ac_cv_type_struct_ngtcp2_version_cid" "$ac_includes_default
     #include <ngtcp2/ngtcp2.h>
 
@@ -22578,11 +23304,12 @@ printf "%s\n" "yes" >&6; }
 printf "%s\n" "#define HAVE_NGTCP2_CONN_SHUTDOWN_STREAM4 1" >>confdefs.h
 
 
-else $as_nop
-
+else case e in #(
+  e)
 	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
-
+     ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
 
@@ -22612,16 +23339,22 @@ printf %s "checking for compress in -lz... " >&6; }
 if test ${ac_cv_lib_z_compress+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  ac_check_lib_save_LIBS=$LIBS
+else case e in #(
+  e) ac_check_lib_save_LIBS=$LIBS
 LIBS="-lz  $LIBS"
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-char compress ();
+   builtin and then its argument prototype would still apply.
+   The 'extern "C"' is for builds by C++ compilers;
+   although this is not generally supported in C code supporting it here
+   has little cost and some practical benefit (sr 110532).  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char compress (void);
 int
 main (void)
 {
@@ -22633,12 +23366,14 @@ _ACEOF
 if ac_fn_c_try_link "$LINENO"
 then :
   ac_cv_lib_z_compress=yes
-else $as_nop
-  ac_cv_lib_z_compress=no
+else case e in #(
+  e) ac_cv_lib_z_compress=no ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
+LIBS=$ac_check_lib_save_LIBS ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_z_compress" >&5
 printf "%s\n" "$ac_cv_lib_z_compress" >&6; }
@@ -22676,16 +23411,22 @@ printf %s "checking for compress in -lz... " >&6; }
 if test ${ac_cv_lib_z_compress+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  ac_check_lib_save_LIBS=$LIBS
+else case e in #(
+  e) ac_check_lib_save_LIBS=$LIBS
 LIBS="-lz  $LIBS"
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-char compress ();
+   builtin and then its argument prototype would still apply.
+   The 'extern "C"' is for builds by C++ compilers;
+   although this is not generally supported in C code supporting it here
+   has little cost and some practical benefit (sr 110532).  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char compress (void);
 int
 main (void)
 {
@@ -22697,12 +23438,14 @@ _ACEOF
 if ac_fn_c_try_link "$LINENO"
 then :
   ac_cv_lib_z_compress=yes
-else $as_nop
-  ac_cv_lib_z_compress=no
+else case e in #(
+  e) ac_cv_lib_z_compress=no ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
+LIBS=$ac_check_lib_save_LIBS ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_z_compress" >&5
 printf "%s\n" "$ac_cv_lib_z_compress" >&6; }
@@ -22771,8 +23514,8 @@ printf "%s\n" "#define USE_WINSOCK 1" >>confdefs.h
 	fi
 fi
 
-else $as_nop
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else case e in #(
+  e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 #ifdef HAVE_WS2TCPIP_H
@@ -22799,8 +23542,8 @@ printf "%s\n" "#define USE_WINSOCK 1" >>confdefs.h
 
 USE_WINSOCK="1"
 
-else $as_nop
-  ORIGLIBS="$LIBS"
+else case e in #(
+  e) ORIGLIBS="$LIBS"
 LIBS="$LIBS -lws2_32"
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
@@ -22829,19 +23572,22 @@ printf "%s\n" "#define USE_WINSOCK 1" >>confdefs.h
 
 USE_WINSOCK="1"
 
-else $as_nop
-
+else case e in #(
+  e)
 ac_cv_func_getaddrinfo="no"
 LIBS="$ORIGLIBS"
-
+ ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
-
+ ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
-
+ ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
@@ -22876,8 +23622,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_WINDRES+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$WINDRES"; then
+else case e in #(
+  e) if test -n "$WINDRES"; then
   ac_cv_prog_WINDRES="$WINDRES" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -22899,7 +23645,8 @@ done
   done
 IFS=$as_save_IFS
 
-fi
+fi ;;
+esac
 fi
 WINDRES=$ac_cv_prog_WINDRES
 if test -n "$WINDRES"; then
@@ -22921,8 +23668,8 @@ printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_prog_ac_ct_WINDRES+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  if test -n "$ac_ct_WINDRES"; then
+else case e in #(
+  e) if test -n "$ac_ct_WINDRES"; then
   ac_cv_prog_ac_ct_WINDRES="$ac_ct_WINDRES" # Let the user override the test.
 else
 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -22944,7 +23691,8 @@ done
   done
 IFS=$as_save_IFS
 
-fi
+fi ;;
+esac
 fi
 ac_ct_WINDRES=$ac_cv_prog_ac_ct_WINDRES
 if test -n "$ac_ct_WINDRES"; then
@@ -23034,9 +23782,10 @@ printf "%s\n" "yes" >&6; }
 printf "%s\n" "#define HAVE_IOCTLSOCKET 1" >>confdefs.h
 
 
-else $as_nop
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
+else case e in #(
+  e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; } ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
@@ -23059,8 +23808,8 @@ cache=`echo daemon | sed 'y%.=/+-%___p_%'`
 if eval test \${cv_cc_deprecated_$cache+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-
+else case e in #(
+  e)
 echo '
 #include <stdlib.h>
 #include <unistd.h>
@@ -23072,7 +23821,8 @@ else
 eval "cv_cc_deprecated_$cache=yes"
 fi
 rm -f conftest conftest.o conftest.c
-
+ ;;
+esac
 fi
 
 if eval "test \"`echo '$cv_cc_deprecated_'$cache`\" = yes"; then
@@ -23179,9 +23929,10 @@ printf "%s\n" "yes" >&6; }
 
 printf "%s\n" "#define HAVE_HTOBE64 1" >>confdefs.h
 
-else $as_nop
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
+else case e in #(
+  e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; } ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
@@ -23214,9 +23965,10 @@ printf "%s\n" "yes" >&6; }
 
 printf "%s\n" "#define HAVE_BE64TOH 1" >>confdefs.h
 
-else $as_nop
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
+else case e in #(
+  e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; } ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
@@ -23226,15 +23978,21 @@ printf %s "checking for library containing setusercontext... " >&6; }
 if test ${ac_cv_search_setusercontext+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  ac_func_search_save_LIBS=$LIBS
+else case e in #(
+  e) ac_func_search_save_LIBS=$LIBS
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-char setusercontext ();
+   builtin and then its argument prototype would still apply.
+   The 'extern "C"' is for builds by C++ compilers;
+   although this is not generally supported in C code supporting it here
+   has little cost and some practical benefit (sr 110532).  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char setusercontext (void);
 int
 main (void)
 {
@@ -23265,11 +24023,13 @@ done
 if test ${ac_cv_search_setusercontext+y}
 then :
 
-else $as_nop
-  ac_cv_search_setusercontext=no
+else case e in #(
+  e) ac_cv_search_setusercontext=no ;;
+esac
 fi
 rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
+LIBS=$ac_func_search_save_LIBS ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_setusercontext" >&5
 printf "%s\n" "$ac_cv_search_setusercontext" >&6; }
@@ -23493,14 +24253,15 @@ if test "x$ac_cv_func_setresuid" = xyes
 then :
   printf "%s\n" "#define HAVE_SETRESUID 1" >>confdefs.h
 
-else $as_nop
-  ac_fn_c_check_func "$LINENO" "setreuid" "ac_cv_func_setreuid"
+else case e in #(
+  e) ac_fn_c_check_func "$LINENO" "setreuid" "ac_cv_func_setreuid"
 if test "x$ac_cv_func_setreuid" = xyes
 then :
   printf "%s\n" "#define HAVE_SETREUID 1" >>confdefs.h
 
 fi
-
+ ;;
+esac
 fi
 
 done
@@ -23512,14 +24273,15 @@ if test "x$ac_cv_func_setresgid" = xyes
 then :
   printf "%s\n" "#define HAVE_SETRESGID 1" >>confdefs.h
 
-else $as_nop
-  ac_fn_c_check_func "$LINENO" "setregid" "ac_cv_func_setregid"
+else case e in #(
+  e) ac_fn_c_check_func "$LINENO" "setregid" "ac_cv_func_setregid"
 if test "x$ac_cv_func_setregid" = xyes
 then :
   printf "%s\n" "#define HAVE_SETREGID 1" >>confdefs.h
 
 fi
-
+ ;;
+esac
 fi
 
 done
@@ -23563,11 +24325,12 @@ printf "%s\n" "yes" >&6; }
 printf "%s\n" "#define HAVE_LINK_ATOMIC_STORE 1" >>confdefs.h
 
 
-else $as_nop
-
+else case e in #(
+  e)
 	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
-
+ ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
@@ -23598,8 +24361,9 @@ $ac_includes_default
 if test "x$ac_cv_have_decl_inet_pton" = xyes
 then :
   ac_have_decl=1
-else $as_nop
-  ac_have_decl=0
+else case e in #(
+  e) ac_have_decl=0 ;;
+esac
 fi
 printf "%s\n" "#define HAVE_DECL_INET_PTON $ac_have_decl" >>confdefs.h
 ac_fn_check_decl "$LINENO" "inet_ntop" "ac_cv_have_decl_inet_ntop" "
@@ -23628,8 +24392,9 @@ $ac_includes_default
 if test "x$ac_cv_have_decl_inet_ntop" = xyes
 then :
   ac_have_decl=1
-else $as_nop
-  ac_have_decl=0
+else case e in #(
+  e) ac_have_decl=0 ;;
+esac
 fi
 printf "%s\n" "#define HAVE_DECL_INET_NTOP $ac_have_decl" >>confdefs.h
 
@@ -23638,13 +24403,14 @@ if test "x$ac_cv_func_inet_aton" = xyes
 then :
   printf "%s\n" "#define HAVE_INET_ATON 1" >>confdefs.h
 
-else $as_nop
-  case " $LIBOBJS " in
+else case e in #(
+  e) case " $LIBOBJS " in
   *" inet_aton.$ac_objext "* ) ;;
   *) LIBOBJS="$LIBOBJS inet_aton.$ac_objext"
  ;;
 esac
-
+ ;;
+esac
 fi
 
 ac_fn_c_check_func "$LINENO" "inet_pton" "ac_cv_func_inet_pton"
@@ -23652,13 +24418,14 @@ if test "x$ac_cv_func_inet_pton" = xyes
 then :
   printf "%s\n" "#define HAVE_INET_PTON 1" >>confdefs.h
 
-else $as_nop
-  case " $LIBOBJS " in
+else case e in #(
+  e) case " $LIBOBJS " in
   *" inet_pton.$ac_objext "* ) ;;
   *) LIBOBJS="$LIBOBJS inet_pton.$ac_objext"
  ;;
 esac
-
+ ;;
+esac
 fi
 
 ac_fn_c_check_func "$LINENO" "inet_ntop" "ac_cv_func_inet_ntop"
@@ -23666,13 +24433,14 @@ if test "x$ac_cv_func_inet_ntop" = xyes
 then :
   printf "%s\n" "#define HAVE_INET_NTOP 1" >>confdefs.h
 
-else $as_nop
-  case " $LIBOBJS " in
+else case e in #(
+  e) case " $LIBOBJS " in
   *" inet_ntop.$ac_objext "* ) ;;
   *) LIBOBJS="$LIBOBJS inet_ntop.$ac_objext"
  ;;
 esac
-
+ ;;
+esac
 fi
 
 ac_fn_c_check_func "$LINENO" "snprintf" "ac_cv_func_snprintf"
@@ -23680,13 +24448,14 @@ if test "x$ac_cv_func_snprintf" = xyes
 then :
   printf "%s\n" "#define HAVE_SNPRINTF 1" >>confdefs.h
 
-else $as_nop
-  case " $LIBOBJS " in
+else case e in #(
+  e) case " $LIBOBJS " in
   *" snprintf.$ac_objext "* ) ;;
   *) LIBOBJS="$LIBOBJS snprintf.$ac_objext"
  ;;
 esac
-
+ ;;
+esac
 fi
 
 # test if snprintf return the proper length
@@ -23698,8 +24467,8 @@ printf %s "checking for correct snprintf return value... " >&6; }
 then :
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: maybe" >&5
 printf "%s\n" "maybe" >&6; }
-else $as_nop
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+else case e in #(
+  e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 $ac_includes_default
 
@@ -23710,8 +24479,8 @@ if ac_fn_c_try_run "$LINENO"
 then :
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
 printf "%s\n" "yes" >&6; }
-else $as_nop
-
+else case e in #(
+  e)
 		{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
 
@@ -23723,10 +24492,12 @@ printf "%s\n" "#define SNPRINTF_RET_BROKEN /**/" >>confdefs.h
  ;;
 esac
 
-
+	   ;;
+esac
 fi
 rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
-  conftest.$ac_objext conftest.beam conftest.$ac_ext
+  conftest.$ac_objext conftest.beam conftest.$ac_ext ;;
+esac
 fi
 
     fi
@@ -23736,13 +24507,14 @@ if test "x$ac_cv_func_strlcat" = xyes
 then :
   printf "%s\n" "#define HAVE_STRLCAT 1" >>confdefs.h
 
-else $as_nop
-  case " $LIBOBJS " in
+else case e in #(
+  e) case " $LIBOBJS " in
   *" strlcat.$ac_objext "* ) ;;
   *) LIBOBJS="$LIBOBJS strlcat.$ac_objext"
  ;;
 esac
-
+ ;;
+esac
 fi
 
 ac_fn_c_check_func "$LINENO" "strlcpy" "ac_cv_func_strlcpy"
@@ -23750,13 +24522,14 @@ if test "x$ac_cv_func_strlcpy" = xyes
 then :
   printf "%s\n" "#define HAVE_STRLCPY 1" >>confdefs.h
 
-else $as_nop
-  case " $LIBOBJS " in
+else case e in #(
+  e) case " $LIBOBJS " in
   *" strlcpy.$ac_objext "* ) ;;
   *) LIBOBJS="$LIBOBJS strlcpy.$ac_objext"
  ;;
 esac
-
+ ;;
+esac
 fi
 
 ac_fn_c_check_func "$LINENO" "memmove" "ac_cv_func_memmove"
@@ -23764,13 +24537,14 @@ if test "x$ac_cv_func_memmove" = xyes
 then :
   printf "%s\n" "#define HAVE_MEMMOVE 1" >>confdefs.h
 
-else $as_nop
-  case " $LIBOBJS " in
+else case e in #(
+  e) case " $LIBOBJS " in
   *" memmove.$ac_objext "* ) ;;
   *) LIBOBJS="$LIBOBJS memmove.$ac_objext"
  ;;
 esac
-
+ ;;
+esac
 fi
 
 ac_fn_c_check_func "$LINENO" "gmtime_r" "ac_cv_func_gmtime_r"
@@ -23778,13 +24552,14 @@ if test "x$ac_cv_func_gmtime_r" = xyes
 then :
   printf "%s\n" "#define HAVE_GMTIME_R 1" >>confdefs.h
 
-else $as_nop
-  case " $LIBOBJS " in
+else case e in #(
+  e) case " $LIBOBJS " in
   *" gmtime_r.$ac_objext "* ) ;;
   *) LIBOBJS="$LIBOBJS gmtime_r.$ac_objext"
  ;;
 esac
-
+ ;;
+esac
 fi
 
 ac_fn_c_check_func "$LINENO" "isblank" "ac_cv_func_isblank"
@@ -23792,13 +24567,14 @@ if test "x$ac_cv_func_isblank" = xyes
 then :
   printf "%s\n" "#define HAVE_ISBLANK 1" >>confdefs.h
 
-else $as_nop
-  case " $LIBOBJS " in
+else case e in #(
+  e) case " $LIBOBJS " in
   *" isblank.$ac_objext "* ) ;;
   *) LIBOBJS="$LIBOBJS isblank.$ac_objext"
  ;;
 esac
-
+ ;;
+esac
 fi
 
 ac_fn_c_check_func "$LINENO" "explicit_bzero" "ac_cv_func_explicit_bzero"
@@ -23806,13 +24582,14 @@ if test "x$ac_cv_func_explicit_bzero" = xyes
 then :
   printf "%s\n" "#define HAVE_EXPLICIT_BZERO 1" >>confdefs.h
 
-else $as_nop
-  case " $LIBOBJS " in
+else case e in #(
+  e) case " $LIBOBJS " in
   *" explicit_bzero.$ac_objext "* ) ;;
   *) LIBOBJS="$LIBOBJS explicit_bzero.$ac_objext"
  ;;
 esac
-
+ ;;
+esac
 fi
 
 LIBOBJ_WITHOUT_CTIMEARC4="$LIBOBJS"
@@ -23842,8 +24619,8 @@ printf "%s\n" "yes" >&6; }
 printf "%s\n" "#define HAVE_REALLOCARRAY 1" >>confdefs.h
 
 
-else $as_nop
-
+else case e in #(
+  e)
 	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
 	case " $LIBOBJS " in
@@ -23852,7 +24629,8 @@ printf "%s\n" "no" >&6; }
  ;;
 esac
 
-
+ ;;
+esac
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
@@ -23860,8 +24638,9 @@ ac_fn_check_decl "$LINENO" "reallocarray" "ac_cv_have_decl_reallocarray" "$ac_in
 if test "x$ac_cv_have_decl_reallocarray" = xyes
 then :
   ac_have_decl=1
-else $as_nop
-  ac_have_decl=0
+else case e in #(
+  e) ac_have_decl=0 ;;
+esac
 fi
 printf "%s\n" "#define HAVE_DECL_REALLOCARRAY $ac_have_decl" >>confdefs.h
 
@@ -23871,13 +24650,14 @@ if test "x$ac_cv_func_arc4random" = xyes
 then :
   printf "%s\n" "#define HAVE_ARC4RANDOM 1" >>confdefs.h
 
-else $as_nop
-  case " $LIBOBJS " in
+else case e in #(
+  e) case " $LIBOBJS " in
   *" arc4random.$ac_objext "* ) ;;
   *) LIBOBJS="$LIBOBJS arc4random.$ac_objext"
  ;;
 esac
-
+ ;;
+esac
 fi
 
 	ac_fn_c_check_func "$LINENO" "arc4random_uniform" "ac_cv_func_arc4random_uniform"
@@ -23885,13 +24665,14 @@ if test "x$ac_cv_func_arc4random_uniform" = xyes
 then :
   printf "%s\n" "#define HAVE_ARC4RANDOM_UNIFORM 1" >>confdefs.h
 
-else $as_nop
-  case " $LIBOBJS " in
+else case e in #(
+  e) case " $LIBOBJS " in
   *" arc4random_uniform.$ac_objext "* ) ;;
   *) LIBOBJS="$LIBOBJS arc4random_uniform.$ac_objext"
  ;;
 esac
-
+ ;;
+esac
 fi
 
 	if test "$ac_cv_func_arc4random" = "no"; then
@@ -23909,8 +24690,8 @@ if test "x$ac_cv_func_getentropy" = xyes
 then :
   printf "%s\n" "#define HAVE_GETENTROPY 1" >>confdefs.h
 
-else $as_nop
-
+else case e in #(
+  e)
 		    if test "$USE_WINSOCK" = 1; then
 			case " $LIBOBJS " in
   *" getentropy_win.$ac_objext "* ) ;;
@@ -23943,8 +24724,8 @@ if test "x$ac_cv_header_sys_sha2_h" = xyes
 then :
   printf "%s\n" "#define HAVE_SYS_SHA2_H 1" >>confdefs.h
 
-else $as_nop
-
+else case e in #(
+  e)
 
   for ac_func in SHA512_Update
 do :
@@ -23953,19 +24734,21 @@ if test "x$ac_cv_func_SHA512_Update" = xyes
 then :
   printf "%s\n" "#define HAVE_SHA512_UPDATE 1" >>confdefs.h
 
-else $as_nop
-
+else case e in #(
+  e)
 						case " $LIBOBJS " in
   *" sha512.$ac_objext "* ) ;;
   *) LIBOBJS="$LIBOBJS sha512.$ac_objext"
  ;;
 esac
 
-
+					 ;;
+esac
 fi
 
 done
-
+				 ;;
+esac
 fi
 
 done
@@ -23978,15 +24761,21 @@ printf %s "checking for library containing clock_gettime... " >&6; }
 if test ${ac_cv_search_clock_gettime+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  ac_func_search_save_LIBS=$LIBS
+else case e in #(
+  e) ac_func_search_save_LIBS=$LIBS
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-char clock_gettime ();
+   builtin and then its argument prototype would still apply.
+   The 'extern "C"' is for builds by C++ compilers;
+   although this is not generally supported in C code supporting it here
+   has little cost and some practical benefit (sr 110532).  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char clock_gettime (void);
 int
 main (void)
 {
@@ -24017,11 +24806,13 @@ done
 if test ${ac_cv_search_clock_gettime+y}
 then :
 
-else $as_nop
-  ac_cv_search_clock_gettime=no
+else case e in #(
+  e) ac_cv_search_clock_gettime=no ;;
+esac
 fi
 rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
+LIBS=$ac_func_search_save_LIBS ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_clock_gettime" >&5
 printf "%s\n" "$ac_cv_search_clock_gettime" >&6; }
@@ -24056,8 +24847,8 @@ if test "x$ac_cv_func_SHA512_Update" = xyes
 then :
   printf "%s\n" "#define HAVE_SHA512_UPDATE 1" >>confdefs.h
 
-else $as_nop
-
+else case e in #(
+  e)
 
 printf "%s\n" "#define COMPAT_SHA512 1" >>confdefs.h
 
@@ -24067,7 +24858,8 @@ printf "%s\n" "#define COMPAT_SHA512 1" >>confdefs.h
  ;;
 esac
 
-
+				 ;;
+esac
 fi
 
 done
@@ -24091,15 +24883,21 @@ printf %s "checking for library containing clock_gettime... " >&6; }
 if test ${ac_cv_search_clock_gettime+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  ac_func_search_save_LIBS=$LIBS
+else case e in #(
+  e) ac_func_search_save_LIBS=$LIBS
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-char clock_gettime ();
+   builtin and then its argument prototype would still apply.
+   The 'extern "C"' is for builds by C++ compilers;
+   although this is not generally supported in C code supporting it here
+   has little cost and some practical benefit (sr 110532).  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char clock_gettime (void);
 int
 main (void)
 {
@@ -24130,11 +24928,13 @@ done
 if test ${ac_cv_search_clock_gettime+y}
 then :
 
-else $as_nop
-  ac_cv_search_clock_gettime=no
+else case e in #(
+  e) ac_cv_search_clock_gettime=no ;;
+esac
 fi
 rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
+LIBS=$ac_func_search_save_LIBS ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_clock_gettime" >&5
 printf "%s\n" "$ac_cv_search_clock_gettime" >&6; }
@@ -24148,7 +24948,8 @@ fi
 			;;
 			esac
 		    fi
-
+		 ;;
+esac
 fi
 
 done
@@ -24161,13 +24962,14 @@ if test "x$ac_cv_func_ctime_r" = xyes
 then :
   printf "%s\n" "#define HAVE_CTIME_R 1" >>confdefs.h
 
-else $as_nop
-  case " $LIBOBJS " in
+else case e in #(
+  e) case " $LIBOBJS " in
   *" ctime_r.$ac_objext "* ) ;;
   *) LIBOBJS="$LIBOBJS ctime_r.$ac_objext"
  ;;
 esac
-
+ ;;
+esac
 fi
 
 ac_fn_c_check_func "$LINENO" "strsep" "ac_cv_func_strsep"
@@ -24175,13 +24977,14 @@ if test "x$ac_cv_func_strsep" = xyes
 then :
   printf "%s\n" "#define HAVE_STRSEP 1" >>confdefs.h
 
-else $as_nop
-  case " $LIBOBJS " in
+else case e in #(
+  e) case " $LIBOBJS " in
   *" strsep.$ac_objext "* ) ;;
   *) LIBOBJS="$LIBOBJS strsep.$ac_objext"
  ;;
 esac
-
+ ;;
+esac
 fi
 
 
@@ -24232,8 +25035,9 @@ fi
 if test ${enable_dnstap+y}
 then :
   enableval=$enable_dnstap; opt_dnstap=$enableval
-else $as_nop
-  opt_dnstap=no
+else case e in #(
+  e) opt_dnstap=no ;;
+esac
 fi
 
 
@@ -24242,21 +25046,70 @@ fi
 if test ${with_dnstap_socket_path+y}
 then :
   withval=$with_dnstap_socket_path; opt_dnstap_socket_path=$withval
-else $as_nop
-  opt_dnstap_socket_path="$UNBOUND_RUN_DIR/dnstap.sock"
+else case e in #(
+  e) opt_dnstap_socket_path="$UNBOUND_RUN_DIR/dnstap.sock" ;;
+esac
 fi
 
 
     if test "x$opt_dnstap" != "xno"; then
-        # Extract the first word of "protoc-c", so it can be a program name with args.
+	# Extract the first word of "protoc", so it can be a program name with args.
+set dummy protoc; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_PROTOC+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  case $PROTOC in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_PROTOC="$PROTOC" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_path_PROTOC="$as_dir$ac_word$ac_exec_ext"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  ;;
+esac
+fi
+PROTOC=$ac_cv_path_PROTOC
+if test -n "$PROTOC"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PROTOC" >&5
+printf "%s\n" "$PROTOC" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+	# 'protoc-c' is deprecated. We use 'protoc' instead. If it can not be
+	# found, try 'protoc-c'.
+	if test -z "$PROTOC"; then
+	    # Extract the first word of "protoc-c", so it can be a program name with args.
 set dummy protoc-c; ac_word=$2
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
 printf %s "checking for $ac_word... " >&6; }
 if test ${ac_cv_path_PROTOC_C+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  case $PROTOC_C in
+else case e in #(
+  e) case $PROTOC_C in
   [\\/]* | ?:[\\/]*)
   ac_cv_path_PROTOC_C="$PROTOC_C" # Let the user override the test with a path.
   ;;
@@ -24281,6 +25134,7 @@ done
 IFS=$as_save_IFS
 
   ;;
+esac ;;
 esac
 fi
 PROTOC_C=$ac_cv_path_PROTOC_C
@@ -24293,9 +25147,83 @@ printf "%s\n" "no" >&6; }
 fi
 
 
-        if test -z "$PROTOC_C"; then
-          as_fn_error $? "The protoc-c program was not found. Please install protobuf-c!" "$LINENO" 5
-        fi
+	else
+	    PROTOC_C="$PROTOC"
+	fi
+	if test -z "$PROTOC_C"; then
+	  as_fn_error $? "The protoc or protoc-c program was not found. It is needed for dnstap, use --disable-dnstap, or install protobuf-c to provide protoc or protoc-c" "$LINENO" 5
+	fi
+
+	# Check for protoc-gen-c plugin
+	# Extract the first word of "protoc-gen-c", so it can be a program name with args.
+set dummy protoc-gen-c; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_PROTOC_GEN_C+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  case $PROTOC_GEN_C in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_PROTOC_GEN_C="$PROTOC_GEN_C" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_path_PROTOC_GEN_C="$as_dir$ac_word$ac_exec_ext"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  ;;
+esac
+fi
+PROTOC_GEN_C=$ac_cv_path_PROTOC_GEN_C
+if test -n "$PROTOC_GEN_C"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PROTOC_GEN_C" >&5
+printf "%s\n" "$PROTOC_GEN_C" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+	if test -z "$PROTOC_GEN_C"; then
+	  as_fn_error $? "The protoc-gen-c plugin was not found. It is needed for dnstap, use --disable-dnstap, or install protobuf-c-compiler to provide protoc-gen-c" "$LINENO" 5
+	fi
+
+	# Test that protoc-gen-c actually works
+	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if protoc-gen-c plugin works" >&5
+printf %s "checking if protoc-gen-c plugin works... " >&6; }
+	cat > conftest.proto << EOF
+syntax = "proto2";
+message TestMessage {
+  optional string test_field = 1;
+}
+EOF
+	if $PROTOC_C --c_out=. conftest.proto >/dev/null 2>&1; then
+	  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+	  rm -f conftest.proto conftest.pb-c.c conftest.pb-c.h
+	else
+	  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+	  rm -f conftest.proto conftest.pb-c.c conftest.pb-c.h
+	  as_fn_error $? "The protoc-gen-c plugin is not working properly. Please ensure protobuf-c-compiler is properly installed" "$LINENO" 5
+	fi
+
 
 # Check whether --with-protobuf-c was given.
 if test ${with_protobuf_c+y}
@@ -24309,8 +25237,8 @@ then :
                 fi
                 LDFLAGS="$LDFLAGS -L$withval/lib"
 
-else $as_nop
-
+else case e in #(
+  e)
                 if test -n "$PKG_CONFIG"; then
 
 pkg_failed=no
@@ -24426,7 +25354,8 @@ fi
                     fi
                 fi
 
-
+         ;;
+esac
 fi
 
         { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing protobuf_c_message_pack" >&5
@@ -24434,15 +25363,21 @@ printf %s "checking for library containing protobuf_c_message_pack... " >&6; }
 if test ${ac_cv_search_protobuf_c_message_pack+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  ac_func_search_save_LIBS=$LIBS
+else case e in #(
+  e) ac_func_search_save_LIBS=$LIBS
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-char protobuf_c_message_pack ();
+   builtin and then its argument prototype would still apply.
+   The 'extern "C"' is for builds by C++ compilers;
+   although this is not generally supported in C code supporting it here
+   has little cost and some practical benefit (sr 110532).  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char protobuf_c_message_pack (void);
 int
 main (void)
 {
@@ -24473,11 +25408,13 @@ done
 if test ${ac_cv_search_protobuf_c_message_pack+y}
 then :
 
-else $as_nop
-  ac_cv_search_protobuf_c_message_pack=no
+else case e in #(
+  e) ac_cv_search_protobuf_c_message_pack=no ;;
+esac
 fi
 rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
+LIBS=$ac_func_search_save_LIBS ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_protobuf_c_message_pack" >&5
 printf "%s\n" "$ac_cv_search_protobuf_c_message_pack" >&6; }
@@ -24486,8 +25423,9 @@ if test "$ac_res" != no
 then :
   test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
 
-else $as_nop
-  as_fn_error $? "The protobuf-c library was not found. Please install the development libraries for protobuf-c!" "$LINENO" 5
+else case e in #(
+  e) as_fn_error $? "The protobuf-c library was not found. Please install the development libraries for protobuf-c!" "$LINENO" 5 ;;
+esac
 fi
 
 
@@ -24527,8 +25465,9 @@ printf "%s\n" "#define DNSTAP_SOCKET_PATH \"$hdr_dnstap_socket_path\"" >>confdef
 if test ${enable_dnscrypt+y}
 then :
   enableval=$enable_dnscrypt; opt_dnscrypt=$enableval
-else $as_nop
-  opt_dnscrypt=no
+else case e in #(
+  e) opt_dnscrypt=no ;;
+esac
 fi
 
 
@@ -24548,15 +25487,21 @@ printf %s "checking for library containing sodium_init... " >&6; }
 if test ${ac_cv_search_sodium_init+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  ac_func_search_save_LIBS=$LIBS
+else case e in #(
+  e) ac_func_search_save_LIBS=$LIBS
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-char sodium_init ();
+   builtin and then its argument prototype would still apply.
+   The 'extern "C"' is for builds by C++ compilers;
+   although this is not generally supported in C code supporting it here
+   has little cost and some practical benefit (sr 110532).  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char sodium_init (void);
 int
 main (void)
 {
@@ -24587,11 +25532,13 @@ done
 if test ${ac_cv_search_sodium_init+y}
 then :
 
-else $as_nop
-  ac_cv_search_sodium_init=no
+else case e in #(
+  e) ac_cv_search_sodium_init=no ;;
+esac
 fi
 rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
+LIBS=$ac_func_search_save_LIBS ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_sodium_init" >&5
 printf "%s\n" "$ac_cv_search_sodium_init" >&6; }
@@ -24600,8 +25547,9 @@ if test "$ac_res" != no
 then :
   test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
 
-else $as_nop
-  as_fn_error $? "The sodium library was not found. Please install sodium!" "$LINENO" 5
+else case e in #(
+  e) as_fn_error $? "The sodium library was not found. Please install sodium!" "$LINENO" 5 ;;
+esac
 fi
 
     { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing crypto_box_curve25519xchacha20poly1305_beforenm" >&5
@@ -24609,15 +25557,21 @@ printf %s "checking for library containing crypto_box_curve25519xchacha20poly130
 if test ${ac_cv_search_crypto_box_curve25519xchacha20poly1305_beforenm+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  ac_func_search_save_LIBS=$LIBS
+else case e in #(
+  e) ac_func_search_save_LIBS=$LIBS
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-char crypto_box_curve25519xchacha20poly1305_beforenm ();
+   builtin and then its argument prototype would still apply.
+   The 'extern "C"' is for builds by C++ compilers;
+   although this is not generally supported in C code supporting it here
+   has little cost and some practical benefit (sr 110532).  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char crypto_box_curve25519xchacha20poly1305_beforenm (void);
 int
 main (void)
 {
@@ -24648,11 +25602,13 @@ done
 if test ${ac_cv_search_crypto_box_curve25519xchacha20poly1305_beforenm+y}
 then :
 
-else $as_nop
-  ac_cv_search_crypto_box_curve25519xchacha20poly1305_beforenm=no
+else case e in #(
+  e) ac_cv_search_crypto_box_curve25519xchacha20poly1305_beforenm=no ;;
+esac
 fi
 rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
+LIBS=$ac_func_search_save_LIBS ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_crypto_box_curve25519xchacha20poly1305_beforenm" >&5
 printf "%s\n" "$ac_cv_search_crypto_box_curve25519xchacha20poly1305_beforenm" >&6; }
@@ -24667,11 +25623,12 @@ then :
 printf "%s\n" "#define USE_DNSCRYPT_XCHACHA20 1" >>confdefs.h
 
 
-else $as_nop
-
+else case e in #(
+  e)
             ENABLE_DNSCRYPT_XCHACHA20=0
 
-
+         ;;
+esac
 fi
 
     { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing sodium_set_misuse_handler" >&5
@@ -24679,15 +25636,21 @@ printf %s "checking for library containing sodium_set_misuse_handler... " >&6; }
 if test ${ac_cv_search_sodium_set_misuse_handler+y}
 then :
   printf %s "(cached) " >&6
-else $as_nop
-  ac_func_search_save_LIBS=$LIBS
+else case e in #(
+  e) ac_func_search_save_LIBS=$LIBS
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-char sodium_set_misuse_handler ();
+   builtin and then its argument prototype would still apply.
+   The 'extern "C"' is for builds by C++ compilers;
+   although this is not generally supported in C code supporting it here
+   has little cost and some practical benefit (sr 110532).  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char sodium_set_misuse_handler (void);
 int
 main (void)
 {
@@ -24718,11 +25681,13 @@ done
 if test ${ac_cv_search_sodium_set_misuse_handler+y}
 then :
 
-else $as_nop
-  ac_cv_search_sodium_set_misuse_handler=no
+else case e in #(
+  e) ac_cv_search_sodium_set_misuse_handler=no ;;
+esac
 fi
 rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
+LIBS=$ac_func_search_save_LIBS ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_sodium_set_misuse_handler" >&5
 printf "%s\n" "$ac_cv_search_sodium_set_misuse_handler" >&6; }
@@ -24835,16 +25800,17 @@ if test "x$ac_cv_header_net_pfvar_h" = xyes
 then :
   printf "%s\n" "#define HAVE_NET_PFVAR_H 1" >>confdefs.h
 
-else $as_nop
-
+else case e in #(
+  e)
 		    # mnl
 
 # Check whether --with-libmnl was given.
 if test ${with_libmnl+y}
 then :
   withval=$with_libmnl;
-else $as_nop
-   withval="yes"
+else case e in #(
+  e)  withval="yes"  ;;
+esac
 fi
 
 		    found_libmnl="no"
@@ -24875,7 +25841,8 @@ printf "%s\n" "found in $dir" >&6; }
 		    if test x_$found_libmnl != x_yes; then
 			  as_fn_error $? "Could not find libmnl, libmnl.h" "$LINENO" 5
 		    fi
-
+		 ;;
+esac
 fi
 
 done
@@ -25073,7 +26040,7 @@ printf "%s\n" "#define MAXSYSLOGMSGLEN 10240" >>confdefs.h
 
 
 
-version=1.23.0
+version=1.24.0
 
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for build time" >&5
 printf %s "checking for build time... " >&6; }
@@ -25081,15 +26048,17 @@ ax_date_fmt="%b %e, %Y"
 if test x"$SOURCE_DATE_EPOCH" = x
 then :
   date=`date "+$ax_date_fmt"`
-else $as_nop
-  ax_build_date=`date -u -d "@$SOURCE_DATE_EPOCH" "+$ax_date_fmt" 2>/dev/null \
+else case e in #(
+  e) ax_build_date=`date -u -d "@$SOURCE_DATE_EPOCH" "+$ax_date_fmt" 2>/dev/null \
                  || date -u -r "$SOURCE_DATE_EPOCH" "+$ax_date_fmt" 2>/dev/null`
   if test x"$ax_build_date" = x
 then :
   as_fn_error $? "malformed SOURCE_DATE_EPOCH" "$LINENO" 5
-else $as_nop
-  date=$ax_build_date
-fi
+else case e in #(
+  e) date=$ax_build_date ;;
+esac
+fi ;;
+esac
 fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $date" >&5
 printf "%s\n" "$date" >&6; }
@@ -25110,8 +26079,8 @@ cat >confcache <<\_ACEOF
 # config.status only pays attention to the cache file if you give it
 # the --recheck option to rerun configure.
 #
-# `ac_cv_env_foo' variables (set or unset) will be overridden when
-# loading this file, other *unset* `ac_cv_foo' will be assigned the
+# 'ac_cv_env_foo' variables (set or unset) will be overridden when
+# loading this file, other *unset* 'ac_cv_foo' will be assigned the
 # following values.
 
 _ACEOF
@@ -25141,14 +26110,14 @@ printf "%s\n" "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;}
   (set) 2>&1 |
     case $as_nl`(ac_space=' '; set) 2>&1` in #(
     *${as_nl}ac_space=\ *)
-      # `set' does not quote correctly, so add quotes: double-quote
+      # 'set' does not quote correctly, so add quotes: double-quote
       # substitution turns \\\\ into \\, and sed turns \\ into \.
       sed -n \
 	"s/'/'\\\\''/g;
 	  s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
       ;; #(
     *)
-      # `set' quotes correctly as required by POSIX, so do not add quotes.
+      # 'set' quotes correctly as required by POSIX, so do not add quotes.
       sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
       ;;
     esac |
@@ -25209,6 +26178,12 @@ LIBOBJS=$ac_libobjs
 LTLIBOBJS=$ac_ltlibobjs
 
 
+# Check whether --enable-year2038 was given.
+if test ${enable_year2038+y}
+then :
+  enableval=$enable_year2038;
+fi
+
 if test -z "${USE_SYSTEMD_TRUE}" && test -z "${USE_SYSTEMD_FALSE}"; then
   as_fn_error $? "conditional \"USE_SYSTEMD\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
@@ -25242,7 +26217,6 @@ cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1
 
 # Be more Bourne compatible
 DUALCASE=1; export DUALCASE # for MKS sh
-as_nop=:
 if test ${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1
 then :
   emulate sh
@@ -25251,12 +26225,13 @@ then :
   # is contrary to our usage.  Disable this feature.
   alias -g '${1+"$@"}'='"$@"'
   setopt NO_GLOB_SUBST
-else $as_nop
-  case `(set -o) 2>/dev/null` in #(
+else case e in #(
+  e) case `(set -o) 2>/dev/null` in #(
   *posix*) :
     set -o posix ;; #(
   *) :
      ;;
+esac ;;
 esac
 fi
 
@@ -25328,7 +26303,7 @@ IFS=$as_save_IFS
 
      ;;
 esac
-# We did not find ourselves, most probably we were run as `sh COMMAND'
+# We did not find ourselves, most probably we were run as 'sh COMMAND'
 # in which case we are not to be found in the path.
 if test "x$as_myself" = x; then
   as_myself=$0
@@ -25357,7 +26332,6 @@ as_fn_error ()
 } # as_fn_error
 
 
-
 # as_fn_set_status STATUS
 # -----------------------
 # Set $? to STATUS, without forking.
@@ -25397,11 +26371,12 @@ then :
   {
     eval $1+=\$2
   }'
-else $as_nop
-  as_fn_append ()
+else case e in #(
+  e) as_fn_append ()
   {
     eval $1=\$$1\$2
-  }
+  } ;;
+esac
 fi # as_fn_append
 
 # as_fn_arith ARG...
@@ -25415,11 +26390,12 @@ then :
   {
     as_val=$(( $* ))
   }'
-else $as_nop
-  as_fn_arith ()
+else case e in #(
+  e) as_fn_arith ()
   {
     as_val=`expr "$@" || test $? -eq 1`
-  }
+  } ;;
+esac
 fi # as_fn_arith
 
 
@@ -25502,9 +26478,9 @@ if (echo >conf$$.file) 2>/dev/null; then
   if ln -s conf$$.file conf$$ 2>/dev/null; then
     as_ln_s='ln -s'
     # ... but there are two gotchas:
-    # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
-    # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
-    # In both cases, we have to default to `cp -pR'.
+    # 1) On MSYS, both 'ln -s file dir' and 'ln file dir' fail.
+    # 2) DJGPP < 2.04 has no symlinks; 'ln -s' creates a wrapper executable.
+    # In both cases, we have to default to 'cp -pR'.
     ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
       as_ln_s='cp -pR'
   elif ln conf$$.file conf$$ 2>/dev/null; then
@@ -25585,10 +26561,12 @@ as_test_x='test -x'
 as_executable_p=as_fn_executable_p
 
 # Sed expression to map a string onto a valid CPP name.
-as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+as_sed_cpp="y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g"
+as_tr_cpp="eval sed '$as_sed_cpp'" # deprecated
 
 # Sed expression to map a string onto a valid variable name.
-as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+as_sed_sh="y%*+%pp%;s%[^_$as_cr_alnum]%_%g"
+as_tr_sh="eval sed '$as_sed_sh'" # deprecated
 
 
 exec 6>&1
@@ -25603,7 +26581,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by unbound $as_me 1.23.0, which was
+This file was extended by unbound $as_me 1.24.0, which was
 generated by GNU Autoconf 2.71.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -25636,7 +26614,7 @@ _ACEOF
 
 cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 ac_cs_usage="\
-\`$as_me' instantiates files and other configuration actions
+'$as_me' instantiates files and other configuration actions
 from templates according to the current configuration.  Unless the files
 and actions are specified as TAGs, all are instantiated by default.
 
@@ -25671,11 +26649,11 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config='$ac_cs_config_escaped'
 ac_cs_version="\\
-unbound config.status 1.23.0
+unbound config.status 1.24.0
 configured by $0, generated by GNU Autoconf 2.71,
   with options \\"\$ac_cs_config\\"
 
-Copyright (C) 2021 Free Software Foundation, Inc.
+Copyright (C) 2023 Free Software Foundation, Inc.
 This config.status script is free software; the Free Software Foundation
 gives unlimited permission to copy, distribute and modify it."
 
@@ -25735,8 +26713,8 @@ do
     ac_need_defaults=false;;
   --he | --h)
     # Conflict between --help and --header
-    as_fn_error $? "ambiguous option: \`$1'
-Try \`$0 --help' for more information.";;
+    as_fn_error $? "ambiguous option: '$1'
+Try '$0 --help' for more information.";;
   --help | --hel | -h )
     printf "%s\n" "$ac_cs_usage"; exit ;;
   -q | -quiet | --quiet | --quie | --qui | --qu | --q \
@@ -25744,8 +26722,8 @@ Try \`$0 --help' for more information.";;
     ac_cs_silent=: ;;
 
   # This is an error.
-  -*) as_fn_error $? "unrecognized option: \`$1'
-Try \`$0 --help' for more information." ;;
+  -*) as_fn_error $? "unrecognized option: '$1'
+Try '$0 --help' for more information." ;;
 
   *) as_fn_append ac_config_targets " $1"
      ac_need_defaults=false ;;
@@ -26100,7 +27078,7 @@ do
     "contrib/unbound_portable.service") CONFIG_FILES="$CONFIG_FILES contrib/unbound_portable.service" ;;
     "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
 
-  *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
+  *) as_fn_error $? "invalid argument: '$ac_config_target'" "$LINENO" 5;;
   esac
 done
 
@@ -26120,7 +27098,7 @@ fi
 # creating and moving files from /tmp can sometimes cause problems.
 # Hook for its removal unless debugging.
 # Note that there is a small window in which the directory will not be cleaned:
-# after its creation but before its name has been assigned to `$tmp'.
+# after its creation but before its name has been assigned to '$tmp'.
 $debug ||
 {
   tmp= ac_tmp=
@@ -26144,7 +27122,7 @@ ac_tmp=$tmp
 
 # Set up the scripts for CONFIG_FILES section.
 # No need to generate them if there are no CONFIG_FILES.
-# This happens for instance with `./config.status config.h'.
+# This happens for instance with './config.status config.h'.
 if test -n "$CONFIG_FILES"; then
 
 
@@ -26302,13 +27280,13 @@ fi # test -n "$CONFIG_FILES"
 
 # Set up the scripts for CONFIG_HEADERS section.
 # No need to generate them if there are no CONFIG_HEADERS.
-# This happens for instance with `./config.status Makefile'.
+# This happens for instance with './config.status Makefile'.
 if test -n "$CONFIG_HEADERS"; then
 cat >"$ac_tmp/defines.awk" <<\_ACAWK ||
 BEGIN {
 _ACEOF
 
-# Transform confdefs.h into an awk script `defines.awk', embedded as
+# Transform confdefs.h into an awk script 'defines.awk', embedded as
 # here-document in config.status, that substitutes the proper values into
 # config.h.in to produce config.h.
 
@@ -26418,7 +27396,7 @@ do
   esac
   case $ac_mode$ac_tag in
   :[FHL]*:*);;
-  :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;;
+  :L* | :C*:*) as_fn_error $? "invalid tag '$ac_tag'" "$LINENO" 5;;
   :[FH]-) ac_tag=-:-;;
   :[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
   esac
@@ -26440,19 +27418,19 @@ do
       -) ac_f="$ac_tmp/stdin";;
       *) # Look for the file first in the build tree, then in the source tree
 	 # (if the path is not absolute).  The absolute path cannot be DOS-style,
-	 # because $ac_f cannot contain `:'.
+	 # because $ac_f cannot contain ':'.
 	 test -f "$ac_f" ||
 	   case $ac_f in
 	   [\\/$]*) false;;
 	   *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
 	   esac ||
-	   as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;;
+	   as_fn_error 1 "cannot find input file: '$ac_f'" "$LINENO" 5;;
       esac
       case $ac_f in *\'*) ac_f=`printf "%s\n" "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
       as_fn_append ac_file_inputs " '$ac_f'"
     done
 
-    # Let's still pretend it is `configure' which instantiates (i.e., don't
+    # Let's still pretend it is 'configure' which instantiates (i.e., don't
     # use $as_me), people would be surprised to read:
     #    /* config.h.  Generated by config.status.  */
     configure_input='Generated from '`
@@ -26576,7 +27554,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 esac
 _ACEOF
 
-# Neutralize VPATH when `$srcdir' = `.'.
+# Neutralize VPATH when '$srcdir' = '.'.
 # Shell code in configure.ac might set extrasub.
 # FIXME: do we really want to maintain this feature?
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
@@ -26605,9 +27583,9 @@ test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
   { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } &&
   { ac_out=`sed -n '/^[	 ]*datarootdir[	 ]*:*=/p' \
       "$ac_tmp/out"`; test -z "$ac_out"; } &&
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable 'datarootdir'
 which seems to be undefined.  Please make sure it is defined" >&5
-printf "%s\n" "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+printf "%s\n" "$as_me: WARNING: $ac_file contains a reference to the variable 'datarootdir'
 which seems to be undefined.  Please make sure it is defined" >&2;}
 
   rm -f "$ac_tmp/stdin"
diff --git a/contrib/unbound/configure.ac b/contrib/unbound/configure.ac
index 76239c099572..1bbb41a764f3 100644
--- a/contrib/unbound/configure.ac
+++ b/contrib/unbound/configure.ac
@@ -11,7 +11,7 @@ sinclude(dnscrypt/dnscrypt.m4)
 
 # must be numbers. ac_defun because of later processing
 m4_define([VERSION_MAJOR],[1])
-m4_define([VERSION_MINOR],[23])
+m4_define([VERSION_MINOR],[24])
 m4_define([VERSION_MICRO],[0])
 AC_INIT([unbound],m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]),[unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues],[unbound])
 AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR])
@@ -19,7 +19,7 @@ AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR])
 AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO])
 
 LIBUNBOUND_CURRENT=9
-LIBUNBOUND_REVISION=31
+LIBUNBOUND_REVISION=33
 LIBUNBOUND_AGE=1
 # 1.0.0 had 0:12:0
 # 1.0.1 had 0:13:0
@@ -118,6 +118,8 @@ LIBUNBOUND_AGE=1
 # 1.21.1 had 9:29:1
 # 1.22.0 had 9:30:1
 # 1.23.0 had 9:31:1
+# 1.23.1 had 9:32:1
+# 1.24.0 had 9:33:1
 
 #   Current  -- the number of the binary API that we're implementing
 #   Revision -- which iteration of the implementation of the binary
@@ -995,7 +997,7 @@ else
 	AC_MSG_RESULT([no])
 fi
 AC_CHECK_HEADERS([openssl/conf.h openssl/engine.h openssl/bn.h openssl/dh.h openssl/dsa.h openssl/rsa.h openssl/core_names.h openssl/param_build.h],,, [AC_INCLUDES_DEFAULT])
-AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_default_properties_is_fips_enabled EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ENGINE_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback EVP_MAC_CTX_set_params OSSL_PARAM_BLD_new BIO_set_callback_ex SSL_CTX_set_tmp_ecdh])
+AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_default_properties_is_fips_enabled EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ENGINE_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback EVP_MAC_CTX_set_params OSSL_PARAM_BLD_new BIO_set_callback_ex])
 
 # these check_funcs need -lssl
 BAKLIBS="$LIBS"
@@ -1003,7 +1005,7 @@ LIBS="-lssl $LIBS"
 AC_CHECK_FUNCS([OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host SSL_CTX_set_ciphersuites SSL_CTX_set_tlsext_ticket_key_evp_cb SSL_CTX_set_alpn_select_cb SSL_get0_alpn_selected SSL_CTX_set_alpn_protos SSL_get1_peer_certificate])
 LIBS="$BAKLIBS"
 
-AC_CHECK_DECLS([SSL_COMP_get_compression_methods,sk_SSL_COMP_pop_free,SSL_CTX_set_ecdh_auto], [], [], [
+AC_CHECK_DECLS([SSL_COMP_get_compression_methods,sk_SSL_COMP_pop_free,SSL_CTX_set_ecdh_auto,SSL_CTX_set_tmp_ecdh], [], [], [
 AC_INCLUDES_DEFAULT
 #ifdef HAVE_OPENSSL_ERR_H
 #include <openssl/err.h>
@@ -1609,17 +1611,29 @@ if test x_$withval = x_yes -o x_$withval != x_no; then
     if test x_$found_libngtcp2 != x_yes; then
 	AC_MSG_ERROR([Could not find libngtcp2, ngtcp2.h])
     fi
-    AC_CHECK_HEADERS([ngtcp2/ngtcp2.h ngtcp2/ngtcp2_crypto_openssl.h ngtcp2/ngtcp2_crypto_quictls.h],,, [AC_INCLUDES_DEFAULT])
+    AC_CHECK_HEADERS([ngtcp2/ngtcp2.h ngtcp2/ngtcp2_crypto_ossl.h ngtcp2/ngtcp2_crypto_openssl.h ngtcp2/ngtcp2_crypto_quictls.h],,, [AC_INCLUDES_DEFAULT])
     AC_CHECK_DECLS([ngtcp2_conn_server_new], [], [], [AC_INCLUDES_DEFAULT
     #include <ngtcp2/ngtcp2.h>
     ])
     AC_CHECK_DECLS([ngtcp2_crypto_encrypt_cb], [], [], [AC_INCLUDES_DEFAULT
     #include <ngtcp2/ngtcp2_crypto.h>
     ])
-    AC_CHECK_LIB([ngtcp2_crypto_openssl], [ngtcp2_crypto_encrypt_cb], [ LIBS="$LIBS -lngtcp2_crypto_openssl" ])
-    AC_CHECK_LIB([ngtcp2_crypto_quictls], [ngtcp2_crypto_encrypt_cb], [ LIBS="$LIBS -lngtcp2_crypto_quictls" ])
-    AC_CHECK_FUNCS([ngtcp2_crypto_encrypt_cb ngtcp2_ccerr_default ngtcp2_conn_in_closing_period ngtcp2_conn_in_draining_period ngtcp2_conn_get_max_local_streams_uni ngtcp2_crypto_quictls_from_ossl_encryption_level ngtcp2_crypto_quictls_configure_server_context ngtcp2_crypto_quictls_configure_client_context ngtcp2_conn_get_num_scid ngtcp2_conn_tls_early_data_rejected ngtcp2_conn_encode_0rtt_transport_params])
+    AC_CHECK_LIB([ngtcp2_crypto_ossl], [ngtcp2_crypto_encrypt_cb], [
+	LIBS="$LIBS -lngtcp2_crypto_ossl"
+	AC_DEFINE(USE_NGTCP2_CRYPTO_OSSL, 1, [Define this to use ngtcp2_crypto_ossl.])
+    ], [
+        AC_CHECK_LIB([ngtcp2_crypto_openssl], [ngtcp2_crypto_encrypt_cb], [ LIBS="$LIBS -lngtcp2_crypto_openssl" ], [
+            AC_CHECK_LIB([ngtcp2_crypto_quictls], [ngtcp2_crypto_encrypt_cb], [ LIBS="$LIBS -lngtcp2_crypto_quictls" ])
+	])
+    ])
+    AC_CHECK_FUNCS([ngtcp2_crypto_encrypt_cb ngtcp2_ccerr_default ngtcp2_conn_in_closing_period ngtcp2_conn_in_draining_period ngtcp2_conn_get_max_local_streams_uni ngtcp2_crypto_quictls_from_ossl_encryption_level ngtcp2_crypto_quictls_configure_server_context ngtcp2_crypto_quictls_configure_client_context ngtcp2_crypto_quictls_init ngtcp2_conn_get_num_scid ngtcp2_conn_tls_early_data_rejected ngtcp2_conn_encode_0rtt_transport_params])
+
+    # these check_funcs need -lssl
+    BAKLIBS="$LIBS"
+    LIBS="-lssl $LIBS"
     AC_CHECK_FUNCS([SSL_is_quic], [], [AC_MSG_ERROR([No QUIC support detected in OpenSSL. Need OpenSSL version with QUIC support to enable DNS over QUIC with libngtcp2.])])
+    LIBS="$BAKLIBS"
+
     AC_CHECK_TYPES([struct ngtcp2_version_cid, ngtcp2_encryption_level],,,[AC_INCLUDES_DEFAULT
     #include <ngtcp2/ngtcp2.h>
     ])
diff --git a/contrib/unbound/contrib/aaaa-filter-iterator.patch b/contrib/unbound/contrib/aaaa-filter-iterator.patch
index b0c2b2198a60..4ada030730fc 100644
--- a/contrib/unbound/contrib/aaaa-filter-iterator.patch
+++ b/contrib/unbound/contrib/aaaa-filter-iterator.patch
@@ -1,10 +1,10 @@
 diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in
-index 5a75e319..c6c6dbe2 100644
+index 172eb26c..2921c87f 100644
 --- a/doc/unbound.conf.5.in
 +++ b/doc/unbound.conf.5.in
-@@ -970,6 +970,13 @@ potentially broken nameservers. A lot of domains will not be resolvable when
- this option in enabled. Only use if you know what you are doing.
- This option only has effect when qname-minimisation is enabled. Default is no.
+@@ -2146,6 +2146,13 @@ Default: no
+ .UNINDENT
+ .INDENT 0.0
  .TP
 +.B aaaa\-filter: \fI<yes or no>
 +Activate behavior similar to BIND's AAAA-filter.
@@ -13,14 +13,14 @@ index 5a75e319..c6c6dbe2 100644
 +This also causes an additional A query to be sent for each AAAA query.
 +This breaks DNSSEC!
 +.TP
- .B aggressive\-nsec: \fI<yes or no>
- Aggressive NSEC uses the DNSSEC NSEC chain to synthesize NXDOMAIN
- and other denials, using information from previous NXDOMAINs answers.
+ .B aggressive\-nsec: \fI<yes or no>\fP 
+ Aggressive NSEC uses the DNSSEC NSEC chain to synthesize NXDOMAIN and other
+ denials, using information from previous NXDOMAINs answers.
 diff --git a/iterator/iter_scrub.c b/iterator/iter_scrub.c
-index f093c1bf..e55a2246 100644
+index 49a5f5da..fbe434fa 100644
 --- a/iterator/iter_scrub.c
 +++ b/iterator/iter_scrub.c
-@@ -679,6 +679,32 @@ static int sanitize_nsec_is_overreach(sldns_buffer* pkt,
+@@ -849,6 +849,32 @@ scrub_sanitize_rr_length(sldns_buffer* pkt, struct msg_parse* msg,
  	return 0;
  }
  
@@ -53,15 +53,15 @@ index f093c1bf..e55a2246 100644
  /**
   * Given a response event, remove suspect RRsets from the response.
   * "Suspect" rrsets are potentially poison. Note that this routine expects
-@@ -698,6 +724,7 @@ scrub_sanitize(sldns_buffer* pkt, struct msg_parse* msg,
+@@ -869,6 +895,7 @@ scrub_sanitize(sldns_buffer* pkt, struct msg_parse* msg,
  	struct query_info* qinfo, uint8_t* zonename, struct module_env* env,
- 	struct iter_env* ie)
+ 	struct iter_env* ie, struct module_qstate* qstate)
  {
 +	int found_a_record = 0; /* ASN: do we have a A record? */
  	int del_addi = 0; /* if additional-holding rrsets are deleted, we
  		do not trust the normalized additional-A-AAAA any more */
- 	struct rrset_parse* rrset, *prev;
-@@ -733,6 +760,13 @@ scrub_sanitize(sldns_buffer* pkt, struct msg_parse* msg,
+ 	uint8_t* ns_rrset_dname = NULL;
+@@ -906,6 +933,13 @@ scrub_sanitize(sldns_buffer* pkt, struct msg_parse* msg,
  		rrset = rrset->rrset_all_next;
  	}
  
@@ -75,9 +75,9 @@ index f093c1bf..e55a2246 100644
  	/* At this point, we brutally remove ALL rrsets that aren't 
  	 * children of the originating zone. The idea here is that, 
  	 * as far as we know, the server that we contacted is ONLY 
-@@ -744,6 +778,24 @@ scrub_sanitize(sldns_buffer* pkt, struct msg_parse* msg,
- 	rrset = msg->rrset_first;
- 	while(rrset) {
+@@ -925,6 +959,24 @@ scrub_sanitize(sldns_buffer* pkt, struct msg_parse* msg,
+ 				continue;
+ 		}
  
 +		/* ASN: For AAAA records only... */
 +		if((ie->aaaa_filter) && (rrset->type == LDNS_RR_TYPE_AAAA)) {
@@ -101,10 +101,10 @@ index f093c1bf..e55a2246 100644
  		if( (rrset->type == LDNS_RR_TYPE_A || 
  			rrset->type == LDNS_RR_TYPE_AAAA)) {
 diff --git a/iterator/iter_utils.c b/iterator/iter_utils.c
-index 2482a1f4..bd5ba243 100644
+index 1da21896..6583dd0e 100644
 --- a/iterator/iter_utils.c
 +++ b/iterator/iter_utils.c
-@@ -177,6 +177,7 @@ iter_apply_cfg(struct iter_env* iter_env, struct config_file* cfg)
+@@ -250,6 +250,7 @@ iter_apply_cfg(struct iter_env* iter_env, struct config_file* cfg)
  	iter_env->outbound_msg_retry = cfg->outbound_msg_retry;
  	iter_env->max_sent_count = cfg->max_sent_count;
  	iter_env->max_query_restarts = cfg->max_query_restarts;
@@ -113,12 +113,12 @@ index 2482a1f4..bd5ba243 100644
  }
  
 diff --git a/iterator/iterator.c b/iterator/iterator.c
-index 54006940..768fe202 100644
+index 71e64655..735f4ca0 100644
 --- a/iterator/iterator.c
 +++ b/iterator/iterator.c
-@@ -2155,6 +2155,53 @@ processDSNSFind(struct module_qstate* qstate, struct iter_qstate* iq, int id)
- 
- 	return 0;
+@@ -2412,6 +2412,53 @@ check_waiting_queries(struct iter_qstate* iq, struct module_qstate* qstate,
+ 		qstate->ext_state[id] = module_wait_reply;
+ 	}
  }
 +
 +/**
@@ -170,8 +170,8 @@ index 54006940..768fe202 100644
  	
  /** 
   * This is the request event state where the request will be sent to one of
-@@ -2216,6 +2263,13 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq,
- 		return error_response(qstate, id, LDNS_RCODE_SERVFAIL);
+@@ -2554,6 +2601,13 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq,
+ 		}
  	}
  	
 +	/* ASN: If we have a AAAA query, then also query for A records */
@@ -184,7 +184,7 @@ index 54006940..768fe202 100644
  	/* Make sure we have a delegation point, otherwise priming failed
  	 * or another failure occurred */
  	if(!iq->dp) {
-@@ -3648,6 +3702,61 @@ processFinished(struct module_qstate* qstate, struct iter_qstate* iq,
+@@ -4178,6 +4232,61 @@ processFinished(struct module_qstate* qstate, struct iter_qstate* iq,
  	return 0;
  }
  
@@ -246,7 +246,7 @@ index 54006940..768fe202 100644
  /*
   * Return priming query results to interested super querystates.
   * 
-@@ -3667,6 +3776,9 @@ iter_inform_super(struct module_qstate* qstate, int id,
+@@ -4197,6 +4306,9 @@ iter_inform_super(struct module_qstate* qstate, int id,
  	else if(super->qinfo.qtype == LDNS_RR_TYPE_DS && ((struct iter_qstate*)
  		super->minfo[id])->state == DSNS_FIND_STATE)
  		processDSNSResponse(qstate, id, super);
@@ -256,7 +256,7 @@ index 54006940..768fe202 100644
  	else if(qstate->return_rcode != LDNS_RCODE_NOERROR)
  		error_supers(qstate, id, super);
  	else if(qstate->is_priming)
-@@ -3704,6 +3816,9 @@ iter_handle(struct module_qstate* qstate, struct iter_qstate* iq,
+@@ -4234,6 +4346,9 @@ iter_handle(struct module_qstate* qstate, struct iter_qstate* iq,
  			case INIT_REQUEST_3_STATE:
  				cont = processInitRequest3(qstate, iq, id);
  				break;
@@ -266,7 +266,7 @@ index 54006940..768fe202 100644
  			case QUERYTARGETS_STATE:
  				cont = processQueryTargets(qstate, iq, ie, id);
  				break;
-@@ -4040,6 +4155,8 @@ iter_state_to_string(enum iter_state state)
+@@ -4578,6 +4693,8 @@ iter_state_to_string(enum iter_state state)
  		return "INIT REQUEST STATE (stage 2)";
  	case INIT_REQUEST_3_STATE:
  		return "INIT REQUEST STATE (stage 3)";
@@ -275,7 +275,7 @@ index 54006940..768fe202 100644
  	case QUERYTARGETS_STATE :
  		return "QUERY TARGETS STATE";
  	case PRIME_RESP_STATE :
-@@ -4064,6 +4181,7 @@ iter_state_is_responsestate(enum iter_state s)
+@@ -4602,6 +4719,7 @@ iter_state_is_responsestate(enum iter_state s)
  		case INIT_REQUEST_STATE :
  		case INIT_REQUEST_2_STATE :
  		case INIT_REQUEST_3_STATE :
@@ -284,10 +284,10 @@ index 54006940..768fe202 100644
  		case COLLECT_CLASS_STATE :
  			return 0;
 diff --git a/iterator/iterator.h b/iterator/iterator.h
-index 8b840528..a61c4195 100644
+index ae4b4e45..a44f9d27 100644
 --- a/iterator/iterator.h
 +++ b/iterator/iterator.h
-@@ -133,6 +133,9 @@ struct iter_env {
+@@ -157,6 +157,9 @@ struct iter_env {
  	 */
  	int* target_fetch_policy;
  
@@ -297,7 +297,7 @@ index 8b840528..a61c4195 100644
  	/** lock on ratelimit counter */
  	lock_basic_type queries_ratelimit_lock;
  	/** number of queries that have been ratelimited */
-@@ -187,6 +190,14 @@ enum iter_state {
+@@ -217,6 +220,14 @@ enum iter_state {
  	 */
  	INIT_REQUEST_3_STATE,
  
@@ -312,9 +312,9 @@ index 8b840528..a61c4195 100644
  	/**
  	 * Each time a delegation point changes for a given query or a 
  	 * query times out and/or wakes up, this state is (re)visited. 
-@@ -376,6 +387,13 @@ struct iter_qstate {
- 	 */
- 	int refetch_glue;
+@@ -434,6 +445,13 @@ struct iter_qstate {
+ 	 * already so that it is accepted later. */
+ 	int empty_nodata_found;
  
 +	/**
 +	 * ASN: This is a flag that, if true, means that this query is
@@ -327,10 +327,10 @@ index 8b840528..a61c4195 100644
  	struct outbound_list outlist;
  
 diff --git a/pythonmod/interface.i b/pythonmod/interface.i
-index 1ca8686a..d91b19ec 100644
+index 2040fb9e..f073c3dc 100644
 --- a/pythonmod/interface.i
 +++ b/pythonmod/interface.i
-@@ -995,6 +995,7 @@ struct config_file {
+@@ -1013,6 +1013,7 @@ struct config_file {
     int harden_dnssec_stripped;
     int harden_referral_path;
     int use_caps_bits_for_id;
@@ -339,23 +339,23 @@ index 1ca8686a..d91b19ec 100644
     struct config_strlist* private_domain;
     size_t unwanted_threshold;
 diff --git a/util/config_file.c b/util/config_file.c
-index 969d664b..8d94b008 100644
+index b1e767b3..5eb3c099 100644
 --- a/util/config_file.c
 +++ b/util/config_file.c
-@@ -231,6 +231,7 @@ config_create(void)
- 	cfg->harden_referral_path = 0;
+@@ -247,6 +247,7 @@ config_create(void)
  	cfg->harden_algo_downgrade = 0;
+ 	cfg->harden_unknown_additional = 0;
  	cfg->use_caps_bits_for_id = 0;
 +	cfg->aaaa_filter = 0; /* ASN: default is disabled */
  	cfg->caps_whitelist = NULL;
  	cfg->private_address = NULL;
  	cfg->private_domain = NULL;
 diff --git a/util/config_file.h b/util/config_file.h
-index c7c9a0a4..e3aa15b0 100644
+index 44ac036b..1e59ab07 100644
 --- a/util/config_file.h
 +++ b/util/config_file.h
-@@ -285,6 +285,8 @@ struct config_file {
- 	int harden_algo_downgrade;
+@@ -311,6 +311,8 @@ struct config_file {
+ 	int harden_unknown_additional;
  	/** use 0x20 bits in query as random ID bits */
  	int use_caps_bits_for_id;
 +	/** ASN: enable AAAA filter? */
@@ -364,10 +364,10 @@ index c7c9a0a4..e3aa15b0 100644
  	struct config_strlist* caps_whitelist;
  	/** strip away these private addrs from answers, no DNS Rebinding */
 diff --git a/util/configlexer.lex b/util/configlexer.lex
-index 34a0e5dd..c890be2a 100644
+index bc258673..76aab170 100644
 --- a/util/configlexer.lex
 +++ b/util/configlexer.lex
-@@ -317,6 +317,7 @@ use-caps-for-id{COLON}		{ YDVAR(1, VAR_USE_CAPS_FOR_ID) }
+@@ -327,6 +327,7 @@ use-caps-for-id{COLON}		{ YDVAR(1, VAR_USE_CAPS_FOR_ID) }
  caps-whitelist{COLON}		{ YDVAR(1, VAR_CAPS_WHITELIST) }
  caps-exempt{COLON}		{ YDVAR(1, VAR_CAPS_WHITELIST) }
  unwanted-reply-threshold{COLON}	{ YDVAR(1, VAR_UNWANTED_REPLY_THRESHOLD) }
@@ -376,10 +376,10 @@ index 34a0e5dd..c890be2a 100644
  private-domain{COLON}		{ YDVAR(1, VAR_PRIVATE_DOMAIN) }
  prefetch-key{COLON}		{ YDVAR(1, VAR_PREFETCH_KEY) }
 diff --git a/util/configparser.y b/util/configparser.y
-index d4f965f9..8cc237c6 100644
+index 82e1d878..dc19bed5 100644
 --- a/util/configparser.y
 +++ b/util/configparser.y
-@@ -97,6 +97,7 @@ extern struct config_parser_state* cfg_parser;
+@@ -100,6 +100,7 @@ extern struct config_parser_state* cfg_parser;
  %token VAR_STATISTICS_CUMULATIVE VAR_OUTGOING_PORT_PERMIT
  %token VAR_OUTGOING_PORT_AVOID VAR_DLV_ANCHOR_FILE VAR_DLV_ANCHOR
  %token VAR_NEG_CACHE_SIZE VAR_HARDEN_REFERRAL_PATH VAR_PRIVATE_ADDRESS
@@ -387,7 +387,7 @@ index d4f965f9..8cc237c6 100644
  %token VAR_PRIVATE_DOMAIN VAR_REMOTE_CONTROL VAR_CONTROL_ENABLE
  %token VAR_CONTROL_INTERFACE VAR_CONTROL_PORT VAR_SERVER_KEY_FILE
  %token VAR_SERVER_CERT_FILE VAR_CONTROL_KEY_FILE VAR_CONTROL_CERT_FILE
-@@ -247,6 +248,7 @@ content_server: server_num_threads | server_verbosity | server_port |
+@@ -276,6 +277,7 @@ content_server: server_num_threads | server_verbosity | server_port |
  	server_dlv_anchor_file | server_dlv_anchor | server_neg_cache_size |
  	server_harden_referral_path | server_private_address |
  	server_private_domain | server_extended_statistics |
@@ -395,7 +395,7 @@ index d4f965f9..8cc237c6 100644
  	server_local_data_ptr | server_jostle_timeout |
  	server_unwanted_reply_threshold | server_log_time_ascii |
  	server_domain_insecure | server_val_sig_skew_min |
-@@ -1754,6 +1756,15 @@ server_caps_whitelist: VAR_CAPS_WHITELIST STRING_ARG
+@@ -1932,6 +1934,15 @@ server_caps_whitelist: VAR_CAPS_WHITELIST STRING_ARG
  			yyerror("out of memory");
  	}
  	;
diff --git a/contrib/unbound/contrib/unbound.service.in b/contrib/unbound/contrib/unbound.service.in
index 8a5d3b2b0189..cc8d0ed2dab3 100644
--- a/contrib/unbound/contrib/unbound.service.in
+++ b/contrib/unbound/contrib/unbound.service.in
@@ -38,11 +38,17 @@
 ;   - `LockPersonality=yes` locks down the personality system call so that the
 ;     kernel execution domain may not be changed from the default.
 ;
+;   - With /etc/systemd/network/*.network a setting to make sure the network
+;     is not considered online too early, can reduce network unreachable
+;     errors on server start:
+;     [Link]
+;     RequiredForOnline=routable
 ;
 [Unit]
 Description=Validating, recursive, and caching DNS resolver
 Documentation=man:unbound(8)
 After=network-online.target
+Wants=network-online.target
 Before=nss-lookup.target
 
 [Install]
diff --git a/contrib/unbound/daemon/cachedump.c b/contrib/unbound/daemon/cachedump.c
index ba986c763edc..f0a693bf6f8e 100644
--- a/contrib/unbound/daemon/cachedump.c
+++ b/contrib/unbound/daemon/cachedump.c
@@ -62,84 +62,231 @@
 #include "sldns/wire2str.h"
 #include "sldns/str2wire.h"
 
+static void spool_txt_printf(struct config_strlist_head* txt,
+	const char* format, ...) ATTR_FORMAT(printf, 2, 3);
+
+/** Append to strlist at end, and log error if out of memory. */
+static void
+spool_txt_string(struct config_strlist_head* txt, char* str)
+{
+	if(!cfg_strlist_append(txt, strdup(str))) {
+		log_err("out of memory in spool text");
+	}
+}
+
+/** Spool txt to spool list. */
+static void
+spool_txt_vmsg(struct config_strlist_head* txt, const char* format,
+	va_list args)
+{
+	char msg[65535];
+	vsnprintf(msg, sizeof(msg), format, args);
+	spool_txt_string(txt, msg);
+}
+
+/** Print item to spool list. On alloc failure the list is as before. */
+static void
+spool_txt_printf(struct config_strlist_head* txt, const char* format, ...)
+{
+	va_list args;
+	va_start(args, format);
+	spool_txt_vmsg(txt, format, args);
+	va_end(args);
+}
+
 /** dump one rrset zonefile line */
-static int
-dump_rrset_line(RES* ssl, struct ub_packed_rrset_key* k, time_t now, size_t i)
+static void
+dump_rrset_line(struct config_strlist_head* txt, struct ub_packed_rrset_key* k,
+	time_t now, size_t i)
 {
 	char s[65535];
 	if(!packed_rr_to_string(k, i, now, s, sizeof(s))) {
-		return ssl_printf(ssl, "BADRR\n");
+		spool_txt_string(txt, "BADRR\n");
+		return;
 	}
-	return ssl_printf(ssl, "%s", s);
+	spool_txt_string(txt, s);
 }
 
 /** dump rrset key and data info */
-static int
-dump_rrset(RES* ssl, struct ub_packed_rrset_key* k, 
+static void
+dump_rrset(struct config_strlist_head* txt, struct ub_packed_rrset_key* k,
 	struct packed_rrset_data* d, time_t now)
 {
 	size_t i;
 	/* rd lock held by caller */
-	if(!k || !d) return 1;
-	if(k->id == 0) return 1; /* deleted */
-	if(d->ttl < now) return 1; /* expired */
+	if(!k || !d) return;
+	if(k->id == 0) return; /* deleted */
+	if(d->ttl < now) return; /* expired */
 
 	/* meta line */
-	if(!ssl_printf(ssl, ";rrset%s " ARG_LL "d %u %u %d %d\n",
+	spool_txt_printf(txt, ";rrset%s " ARG_LL "d %u %u %d %d\n",
 		(k->rk.flags & PACKED_RRSET_NSEC_AT_APEX)?" nsec_apex":"",
 		(long long)(d->ttl - now),
 		(unsigned)d->count, (unsigned)d->rrsig_count,
 		(int)d->trust, (int)d->security
-		)) 
-		return 0;
+		);
 	for(i=0; i<d->count + d->rrsig_count; i++) {
-		if(!dump_rrset_line(ssl, k, now, i))
+		dump_rrset_line(txt, k, now, i);
+	}
+}
+
+/** Spool strlist to the output. */
+static int
+spool_strlist(RES* ssl, struct config_strlist* list)
+{
+	struct config_strlist* s;
+	for(s=list; s; s=s->next) {
+		if(!ssl_printf(ssl, "%s", s->str))
 			return 0;
 	}
 	return 1;
 }
 
-/** dump lruhash rrset cache */
+/** dump lruhash cache and call callback for every item. */
 static int
-dump_rrset_lruhash(RES* ssl, struct lruhash* h, time_t now)
+dump_lruhash(struct lruhash* table,
+	void (*func)(struct lruhash_entry*, struct config_strlist_head*, void*),
+	RES* ssl, void* arg)
 {
-	struct lruhash_entry* e;
-	/* lruhash already locked by caller */
-	/* walk in order of lru; best first */
-	for(e=h->lru_start; e; e = e->lru_next) {
-		lock_rw_rdlock(&e->lock);
-		if(!dump_rrset(ssl, (struct ub_packed_rrset_key*)e->key,
-			(struct packed_rrset_data*)e->data, now)) {
-			lock_rw_unlock(&e->lock);
+	int just_started = 1;
+	int not_done = 1;
+	hashvalue_type hash;
+	size_t num = 0; /* number of entries processed. */
+	size_t max = 2; /* number of entries after which it unlocks. */
+	struct config_strlist_head txt; /* Text strings spooled. */
+	memset(&txt, 0, sizeof(txt));
+
+	while(not_done) {
+		size_t i; /* hash bin. */
+		/* Process a number of items. */
+		num = 0;
+		lock_quick_lock(&table->lock);
+		if(just_started) {
+			i = 0;
+		} else {
+			i = hash&table->size_mask;
+		}
+		while(num < max) {
+			/* Process bin. */
+			int found = 0;
+			size_t num_bin = 0;
+			struct lruhash_bin* bin = &table->array[i];
+			struct lruhash_entry* e;
+			lock_quick_lock(&bin->lock);
+			for(e = bin->overflow_list; e; e = e->overflow_next) {
+				/* Entry e is locked by the func. */
+				func(e, &txt, arg);
+				num_bin++;
+			}
+			lock_quick_unlock(&bin->lock);
+			/* This addition of bin number of entries may take
+			 * it over the max. */
+			num += num_bin;
+
+			/* Move to next bin. */
+			/* Find one with an entry, with a  hash value, so we
+			 * can continue from the hash value. The hash value
+			 * can be indexed also if the array changes size. */
+			i++;
+			while(i < table->size) {
+				bin = &table->array[i];
+				lock_quick_lock(&bin->lock);
+				if(bin->overflow_list) {
+					hash = bin->overflow_list->hash;
+					lock_quick_unlock(&bin->lock);
+					found = 1;
+					just_started = 0;
+					break;
+				}
+				lock_quick_unlock(&bin->lock);
+				i++;
+			}
+			if(!found) {
+				not_done = 0;
+				break;
+			}
+		}
+		lock_quick_unlock(&table->lock);
+		/* Print the spooled items, that are collected while the
+		 * locks are locked. The print happens while they are not
+		 * locked. */
+		if(txt.first) {
+			if(!spool_strlist(ssl, txt.first)) {
+				config_delstrlist(txt.first);
+				return 0;
+			}
+			config_delstrlist(txt.first);
+			memset(&txt, 0, sizeof(txt));
+		}
+	}
+	/* Print the final spooled items. */
+	if(txt.first) {
+		if(!spool_strlist(ssl, txt.first)) {
+			config_delstrlist(txt.first);
 			return 0;
 		}
-		lock_rw_unlock(&e->lock);
+		config_delstrlist(txt.first);
+	}
+	return 1;
+}
+
+/** dump slabhash cache and call callback for every item. */
+static int
+dump_slabhash(struct slabhash* sh,
+	void (*func)(struct lruhash_entry*, struct config_strlist_head*, void*),
+	RES* ssl, void* arg)
+{
+	/* Process a number of items at a time, then unlock the cache,
+	 * so that ordinary processing can continue. Keep an iteration marker
+	 * to continue the loop. That means the cache can change, items
+	 * could be inserted and deleted. And, for example, the hash table
+	 * can grow. */
+	size_t slab;
+	for(slab=0; slab<sh->size; slab++) {
+		if(!dump_lruhash(sh->array[slab], func, ssl, arg))
+			return 0;
 	}
 	return 1;
 }
 
+/** Struct for dump information. */
+struct dump_info {
+	/** The worker. */
+	struct worker* worker;
+	/** The printout connection. */
+	RES* ssl;
+};
+
+/** Dump the rrset cache entry */
+static void
+dump_rrset_entry(struct lruhash_entry* e, struct config_strlist_head* txt,
+	void* arg)
+{
+	struct dump_info* dump_info = (struct dump_info*)arg;
+	lock_rw_rdlock(&e->lock);
+	dump_rrset(txt, (struct ub_packed_rrset_key*)e->key,
+		(struct packed_rrset_data*)e->data,
+		*dump_info->worker->env.now);
+	lock_rw_unlock(&e->lock);
+}
+
 /** dump rrset cache */
 static int
 dump_rrset_cache(RES* ssl, struct worker* worker)
 {
 	struct rrset_cache* r = worker->env.rrset_cache;
-	size_t slab;
+	struct dump_info dump_info;
+	dump_info.worker = worker;
+	dump_info.ssl = ssl;
 	if(!ssl_printf(ssl, "START_RRSET_CACHE\n")) return 0;
-	for(slab=0; slab<r->table.size; slab++) {
-		lock_quick_lock(&r->table.array[slab]->lock);
-		if(!dump_rrset_lruhash(ssl, r->table.array[slab],
-			*worker->env.now)) {
-			lock_quick_unlock(&r->table.array[slab]->lock);
-			return 0;
-		}
-		lock_quick_unlock(&r->table.array[slab]->lock);
-	}
+	if(!dump_slabhash(&r->table, &dump_rrset_entry, ssl, &dump_info))
+		return 0;
 	return ssl_printf(ssl, "END_RRSET_CACHE\n");
 }
 
 /** dump message to rrset reference */
-static int
-dump_msg_ref(RES* ssl, struct ub_packed_rrset_key* k)
+static void
+dump_msg_ref(struct config_strlist_head* txt, struct ub_packed_rrset_key* k)
 {
 	char* nm, *tp, *cl;
 	nm = sldns_wire2str_dname(k->rk.dname, k->rk.dname_len);
@@ -149,30 +296,25 @@ dump_msg_ref(RES* ssl, struct ub_packed_rrset_key* k)
 		free(nm);
 		free(tp);
 		free(cl);
-		return ssl_printf(ssl, "BADREF\n");
-	}
-	if(!ssl_printf(ssl, "%s %s %s %d\n", nm, cl, tp, (int)k->rk.flags)) {
-		free(nm);
-		free(tp);
-		free(cl);
-		return 0;
+		spool_txt_string(txt, "BADREF\n");
+		return;
 	}
+	spool_txt_printf(txt, "%s %s %s %d\n", nm, cl, tp, (int)k->rk.flags);
 	free(nm);
 	free(tp);
 	free(cl);
-
-	return 1;
 }
 
 /** dump message entry */
-static int
-dump_msg(RES* ssl, struct query_info* k, struct reply_info* d, time_t now)
+static void
+dump_msg(struct config_strlist_head* txt, struct query_info* k,
+	struct reply_info* d, time_t now)
 {
 	size_t i;
 	char* nm, *tp, *cl;
-	if(!k || !d) return 1;
-	if(d->ttl < now) return 1; /* expired */
-	
+	if(!k || !d) return;
+	if(d->ttl < now) return; /* expired */
+
 	nm = sldns_wire2str_dname(k->qname, k->qname_len);
 	tp = sldns_wire2str_type(k->qtype);
 	cl = sldns_wire2str_class(k->qclass);
@@ -180,45 +322,35 @@ dump_msg(RES* ssl, struct query_info* k, struct reply_info* d, time_t now)
 		free(nm);
 		free(tp);
 		free(cl);
-		return 1; /* skip this entry */
+		return; /* skip this entry */
 	}
 	if(!rrset_array_lock(d->ref, d->rrset_count, now)) {
 		/* rrsets have timed out or do not exist */
 		free(nm);
 		free(tp);
 		free(cl);
-		return 1; /* skip this entry */
+		return; /* skip this entry */
 	}
-	
+
 	/* meta line */
-	if(!ssl_printf(ssl, "msg %s %s %s %d %d " ARG_LL "d %d %u %u %u %d %s\n",
-			nm, cl, tp,
-			(int)d->flags, (int)d->qdcount, 
-			(long long)(d->ttl-now), (int)d->security,
-			(unsigned)d->an_numrrsets,
-			(unsigned)d->ns_numrrsets,
-			(unsigned)d->ar_numrrsets,
-			(int)d->reason_bogus,
-			d->reason_bogus_str?d->reason_bogus_str:"")) {
-		free(nm);
-		free(tp);
-		free(cl);
-		rrset_array_unlock(d->ref, d->rrset_count);
-		return 0;
-	}
+	spool_txt_printf(txt,
+		"msg %s %s %s %d %d " ARG_LL "d %d %u %u %u %d %s\n",
+		nm, cl, tp,
+		(int)d->flags, (int)d->qdcount,
+		(long long)(d->ttl-now), (int)d->security,
+		(unsigned)d->an_numrrsets,
+		(unsigned)d->ns_numrrsets,
+		(unsigned)d->ar_numrrsets,
+		(int)d->reason_bogus,
+		d->reason_bogus_str?d->reason_bogus_str:"");
 	free(nm);
 	free(tp);
 	free(cl);
 	
 	for(i=0; i<d->rrset_count; i++) {
-		if(!dump_msg_ref(ssl, d->rrsets[i])) {
-			rrset_array_unlock(d->ref, d->rrset_count);
-			return 0;
-		}
+		dump_msg_ref(txt, d->rrsets[i]);
 	}
 	rrset_array_unlock(d->ref, d->rrset_count);
-
-	return 1;
 }
 
 /** copy msg to worker pad */
@@ -247,49 +379,40 @@ copy_msg(struct regional* region, struct lruhash_entry* e,
 	return (*k)->qname != NULL;
 }
 
-/** dump lruhash msg cache */
-static int
-dump_msg_lruhash(RES* ssl, struct worker* worker, struct lruhash* h)
+/** Dump the msg entry. */
+static void
+dump_msg_entry(struct lruhash_entry* e, struct config_strlist_head* txt,
+	void* arg)
 {
-	struct lruhash_entry* e;
+	struct dump_info* dump_info = (struct dump_info*)arg;
 	struct query_info* k;
 	struct reply_info* d;
 
-	/* lruhash already locked by caller */
-	/* walk in order of lru; best first */
-	for(e=h->lru_start; e; e = e->lru_next) {
-		regional_free_all(worker->scratchpad);
-		lock_rw_rdlock(&e->lock);
-		/* make copy of rrset in worker buffer */
-		if(!copy_msg(worker->scratchpad, e, &k, &d)) {
-			lock_rw_unlock(&e->lock);
-			return 0;
-		}
+	regional_free_all(dump_info->worker->scratchpad);
+	/* Make copy of rrset in worker buffer. */
+	lock_rw_rdlock(&e->lock);
+	if(!copy_msg(dump_info->worker->scratchpad, e, &k, &d)) {
 		lock_rw_unlock(&e->lock);
-		/* release lock so we can lookup the rrset references 
-		 * in the rrset cache */
-		if(!dump_msg(ssl, k, d, *worker->env.now)) {
-			return 0;
-		}
+		log_err("out of memory in dump_msg_entry");
+		return;
 	}
-	return 1;
+	lock_rw_unlock(&e->lock);
+	/* Release lock so we can lookup the rrset references
+	 * in the rrset cache. */
+	dump_msg(txt, k, d, *dump_info->worker->env.now);
 }
 
 /** dump msg cache */
 static int
 dump_msg_cache(RES* ssl, struct worker* worker)
 {
-	struct slabhash* sh = worker->env.msg_cache;
-	size_t slab;
+	struct dump_info dump_info;
+	dump_info.worker = worker;
+	dump_info.ssl = ssl;
 	if(!ssl_printf(ssl, "START_MSG_CACHE\n")) return 0;
-	for(slab=0; slab<sh->size; slab++) {
-		lock_quick_lock(&sh->array[slab]->lock);
-		if(!dump_msg_lruhash(ssl, worker, sh->array[slab])) {
-			lock_quick_unlock(&sh->array[slab]->lock);
-			return 0;
-		}
-		lock_quick_unlock(&sh->array[slab]->lock);
-	}
+	if(!dump_slabhash(worker->env.msg_cache, &dump_msg_entry, ssl,
+		&dump_info))
+		return 0;
 	return ssl_printf(ssl, "END_MSG_CACHE\n");
 }
 
@@ -811,12 +934,18 @@ print_dp_main(RES* ssl, struct delegpt* dp, struct dns_msg* msg)
 		struct ub_packed_rrset_key* k = msg->rep->rrsets[i];
 		struct packed_rrset_data* d = 
 			(struct packed_rrset_data*)k->entry.data;
+		struct config_strlist_head txt;
+		memset(&txt, 0, sizeof(txt));
 		if(d->security == sec_status_bogus) {
 			if(!ssl_printf(ssl, "Address is BOGUS:\n"))
 				return;
 		}
-		if(!dump_rrset(ssl, k, d, 0))
+		dump_rrset(&txt, k, d, 0);
+		if(!spool_strlist(ssl, txt.first)) {
+			config_delstrlist(txt.first);
 			return;
+		}
+		config_delstrlist(txt.first);
 	    }
 	delegpt_count_ns(dp, &n_ns, &n_miss);
 	delegpt_count_addr(dp, &n_addr, &n_res, &n_avail);
diff --git a/contrib/unbound/daemon/remote.c b/contrib/unbound/daemon/remote.c
index 89134efc92a8..e10dadde7862 100644
--- a/contrib/unbound/daemon/remote.c
+++ b/contrib/unbound/daemon/remote.c
@@ -101,6 +101,10 @@
 #ifdef USE_CACHEDB
 #include "cachedb/cachedb.h"
 #endif
+#ifdef CLIENT_SUBNET
+#include "edns-subnet/subnetmod.h"
+#include "edns-subnet/addrtree.h"
+#endif
 
 #ifdef HAVE_SYS_TYPES_H
 #  include <sys/types.h>
@@ -1148,6 +1152,8 @@ print_ext(RES* ssl, struct ub_stats_info* s, int inhibit_zero)
 		(unsigned long)s->svr.ans_bogus)) return 0;
 	if(!ssl_printf(ssl, "num.rrset.bogus"SQ"%lu\n",
 		(unsigned long)s->svr.rrset_bogus)) return 0;
+	if(!ssl_printf(ssl, "num.valops"SQ"%lu\n",
+		(unsigned long)s->svr.val_ops)) return 0;
 	if(!ssl_printf(ssl, "num.query.aggressive.NOERROR"SQ"%lu\n",
 		(unsigned long)s->svr.num_neg_cache_noerror)) return 0;
 	if(!ssl_printf(ssl, "num.query.aggressive.NXDOMAIN"SQ"%lu\n",
@@ -1576,7 +1582,7 @@ do_view_zone_add(RES* ssl, struct worker* worker, char* arg)
 		}
 		if(!v->isfirst) {
 			/* Global local-zone is not used for this view,
-			 * therefore add defaults to this view-specic
+			 * therefore add defaults to this view-specific
 			 * local-zone. */
 			struct config_file lz_cfg;
 			memset(&lz_cfg, 0, sizeof(lz_cfg));
@@ -1740,6 +1746,334 @@ do_view_datas_remove(struct daemon_remote* rc, RES* ssl, struct worker* worker,
 	(void)ssl_printf(ssl, "removed %d datas\n", num);
 }
 
+/** information for the domain search */
+struct cache_lookup_info {
+	/** The connection to print on. */
+	RES* ssl;
+	/** The worker. */
+	struct worker* worker;
+	/** The domain, in wireformat. */
+	uint8_t* nm;
+	/** The length of nm. */
+	size_t nmlen;
+};
+
+#ifdef CLIENT_SUBNET
+static void addrtree_traverse_visit_node(struct addrnode* n, addrkey_t* addr,
+	size_t addr_size, int is_ipv6, time_t now, struct query_info* q,
+	void (*func)(struct query_info*, struct reply_info*, addrkey_t*,
+		size_t, int, addrlen_t, int, time_t, void*), void* arg);
+
+/** Lookup in subnet addrtree */
+static void
+cache_lookup_subnet_addrnode(struct query_info* q, struct reply_info* d,
+	addrkey_t* addr, size_t addr_size, int is_ipv6, addrlen_t scope,
+	int only_match_scope_zero, time_t ttl, void* arg)
+{
+	size_t i;
+	char s[65535], tp[32], cl[32], rc[32], fg[32], astr[64];
+	struct cache_lookup_info* inf = (struct cache_lookup_info*)arg;
+	if(is_ipv6) {
+		if(addr_size < 16 || inet_ntop(AF_INET6, addr, astr,
+			sizeof(astr)) == NULL)
+			snprintf(astr, sizeof(astr), "(inet6ntoperror)");
+	} else {
+		if(addr_size < 4 || inet_ntop(AF_INET, addr, astr,
+			sizeof(astr)) == NULL)
+			snprintf(astr, sizeof(astr), "(inetntoperror)");
+	}
+	sldns_wire2str_dname_buf(q->qname, q->qname_len, s, sizeof(s));
+	sldns_wire2str_type_buf(q->qtype, tp, sizeof(tp));
+	sldns_wire2str_class_buf(q->qclass, cl, sizeof(cl));
+	sldns_wire2str_rcode_buf(FLAGS_GET_RCODE(d->flags),
+		rc, sizeof(rc));
+	snprintf(fg, sizeof(fg), "%s%s%s%s%s%s%s%s",
+		((d->flags&BIT_QR)?" QR":""),
+		((d->flags&BIT_AA)?" AA":""),
+		((d->flags&BIT_TC)?" TC":""),
+		((d->flags&BIT_RD)?" RD":""),
+		((d->flags&BIT_RA)?" RA":""),
+		((d->flags&BIT_Z)?" Z":""),
+		((d->flags&BIT_AD)?" AD":""),
+		((d->flags&BIT_CD)?" CD":""));
+	if(!rrset_array_lock(d->ref, d->rrset_count,
+		*inf->worker->env.now)) {
+		/* rrsets have timed out or do not exist */
+		return;
+	}
+	if(!ssl_printf(inf->ssl, "subnet %s/%d%s %s %s %s " ARG_LL "d\n", astr,
+		(int)scope, (only_match_scope_zero?" scope_zero":""),
+		s, cl, tp, (long long)(ttl-*inf->worker->env.now))) {
+		rrset_array_unlock(d->ref, d->rrset_count);
+		return;
+	}
+	ssl_printf(inf->ssl,
+		"subnet msg %s %s %s%s %s %d %d " ARG_LL "d %d %u %u %u %d %s\n",
+		s, cl, tp, fg, rc,
+		(int)d->flags, (int)d->qdcount,
+		(long long)(d->ttl-*inf->worker->env.now),
+		(int)d->security,
+		(unsigned)d->an_numrrsets,
+		(unsigned)d->ns_numrrsets,
+		(unsigned)d->ar_numrrsets,
+		(int)d->reason_bogus,
+		d->reason_bogus_str?d->reason_bogus_str:"");
+	for(i=0; i<d->rrset_count; i++) {
+		struct ub_packed_rrset_key* rk = d->rrsets[i];
+		struct packed_rrset_data* rd = (struct packed_rrset_data*)rk->entry.data;
+		size_t j;
+		for(j=0; j<rd->count + rd->rrsig_count; j++) {
+			if(!packed_rr_to_string(rk, j,
+				*inf->worker->env.now, s, sizeof(s))) {
+				ssl_printf(inf->ssl, "BADRR\n");
+			} else {
+				ssl_printf(inf->ssl, "%s", s);
+			}
+		}
+	}
+	rrset_array_unlock(d->ref, d->rrset_count);
+	ssl_printf(inf->ssl, "\n");
+}
+
+/** Visit an edge in subnet addrtree traverse */
+static void
+addrtree_traverse_visit_edge(struct addredge* edge, addrkey_t* addr,
+	size_t addr_size, int is_ipv6, time_t now, struct query_info* q,
+	void (*func)(struct query_info*, struct reply_info*, addrkey_t*,
+		size_t, int, addrlen_t, int, time_t, void*), void* arg)
+{
+	size_t n;
+	addrlen_t addrlen;
+	if(!edge || !edge->node)
+		return;
+	addrlen = edge->len;
+	/* ceil() */
+	n = (size_t)((addrlen / KEYWIDTH) + ((addrlen % KEYWIDTH != 0)?1:0));
+	if(n > addr_size)
+		n = addr_size;
+	memset(addr, 0, addr_size);
+	memcpy(addr, edge->str, n);
+	addrtree_traverse_visit_node(edge->node, addr, addr_size, is_ipv6,
+		now, q, func, arg);
+}
+
+/** Visit a node in subnet addrtree traverse */
+static void
+addrtree_traverse_visit_node(struct addrnode* n, addrkey_t* addr,
+	size_t addr_size, int is_ipv6, time_t now, struct query_info* q,
+	void (*func)(struct query_info*, struct reply_info*, addrkey_t*,
+		size_t, int, addrlen_t, int, time_t, void*), void* arg)
+{
+	/* If this node has data, and not expired. */
+	if(n->elem && n->ttl >= now) {
+		func(q, (struct reply_info*)n->elem, addr, addr_size, is_ipv6,
+			n->scope, n->only_match_scope_zero, n->ttl, arg);
+	}
+	/* Traverse edges. */
+	addrtree_traverse_visit_edge(n->edge[0], addr, addr_size, is_ipv6,
+		now, q, func, arg);
+	addrtree_traverse_visit_edge(n->edge[1], addr, addr_size, is_ipv6,
+		now, q, func, arg);
+}
+
+/** Traverse subnet addrtree */
+static void
+addrtree_traverse(struct addrtree* tree, int is_ipv6, time_t now,
+	struct query_info* q,
+	void (*func)(struct query_info*, struct reply_info*, addrkey_t*,
+		size_t, int, addrlen_t, int, time_t, void*), void* arg)
+{
+	uint8_t addr[16]; /* Large enough for IPv4 and IPv6. */
+	memset(addr, 0, sizeof(addr));
+	addrtree_traverse_visit_node(tree->root, (addrkey_t*)addr,
+		sizeof(addr), is_ipv6, now, q, func, arg);
+}
+
+/** Lookup cache_lookup for subnet content. */
+static void
+cache_lookup_subnet_msg(struct lruhash_entry* e, void* arg)
+{
+	struct cache_lookup_info* inf = (struct cache_lookup_info*)arg;
+	struct msgreply_entry *k = (struct msgreply_entry*)e->key;
+	struct subnet_msg_cache_data* d =
+		(struct subnet_msg_cache_data*)e->data;
+	if(!dname_subdomain_c(k->key.qname, inf->nm))
+		return;
+
+	if(d->tree4) {
+		addrtree_traverse(d->tree4, 0, *inf->worker->env.now, &k->key,
+			&cache_lookup_subnet_addrnode, inf);
+	}
+	if(d->tree6) {
+		addrtree_traverse(d->tree6, 1, *inf->worker->env.now, &k->key,
+			&cache_lookup_subnet_addrnode, inf);
+	}
+}
+#endif /* CLIENT_SUBNET */
+
+static void
+cache_lookup_rrset(struct lruhash_entry* e, void* arg)
+{
+	struct cache_lookup_info* inf = (struct cache_lookup_info*)arg;
+	struct ub_packed_rrset_key* k = (struct ub_packed_rrset_key*)e->key;
+	struct packed_rrset_data* d = (struct packed_rrset_data*)e->data;
+	if(*inf->worker->env.now < d->ttl &&
+		k->id != 0 && /* not deleted */
+		dname_subdomain_c(k->rk.dname, inf->nm)) {
+		size_t i;
+		for(i=0; i<d->count + d->rrsig_count; i++) {
+			char s[65535];
+			if(!packed_rr_to_string(k, i, *inf->worker->env.now,
+				s, sizeof(s))) {
+				ssl_printf(inf->ssl, "BADRR\n");
+				return;
+			}
+			ssl_printf(inf->ssl, "%s", s);
+		}
+		ssl_printf(inf->ssl, "\n");
+	}
+}
+
+static void
+cache_lookup_msg(struct lruhash_entry* e, void* arg)
+{
+	struct cache_lookup_info* inf = (struct cache_lookup_info*)arg;
+	struct msgreply_entry* k = (struct msgreply_entry*)e->key;
+	struct reply_info* d = (struct reply_info*)e->data;
+	if(*inf->worker->env.now < d->ttl &&
+		dname_subdomain_c(k->key.qname, inf->nm)) {
+		size_t i;
+		char s[65535], tp[32], cl[32], rc[32], fg[32];
+		sldns_wire2str_dname_buf(k->key.qname, k->key.qname_len,
+			s, sizeof(s));
+		sldns_wire2str_type_buf(k->key.qtype, tp, sizeof(tp));
+		sldns_wire2str_class_buf(k->key.qclass, cl, sizeof(cl));
+		sldns_wire2str_rcode_buf(FLAGS_GET_RCODE(d->flags),
+			rc, sizeof(rc));
+		snprintf(fg, sizeof(fg), "%s%s%s%s%s%s%s%s",
+			((d->flags&BIT_QR)?" QR":""),
+			((d->flags&BIT_AA)?" AA":""),
+			((d->flags&BIT_TC)?" TC":""),
+			((d->flags&BIT_RD)?" RD":""),
+			((d->flags&BIT_RA)?" RA":""),
+			((d->flags&BIT_Z)?" Z":""),
+			((d->flags&BIT_AD)?" AD":""),
+			((d->flags&BIT_CD)?" CD":""));
+		if(!rrset_array_lock(d->ref, d->rrset_count,
+			*inf->worker->env.now)) {
+			/* rrsets have timed out or do not exist */
+			return;
+		}
+		ssl_printf(inf->ssl,
+			"msg %s %s %s%s %s %d %d " ARG_LL "d %d %u %u %u %d %s\n",
+			s, cl, tp, fg, rc,
+			(int)d->flags, (int)d->qdcount,
+			(long long)(d->ttl-*inf->worker->env.now),
+			(int)d->security,
+			(unsigned)d->an_numrrsets,
+			(unsigned)d->ns_numrrsets,
+			(unsigned)d->ar_numrrsets,
+			(int)d->reason_bogus,
+			d->reason_bogus_str?d->reason_bogus_str:"");
+		for(i=0; i<d->rrset_count; i++) {
+			struct ub_packed_rrset_key* rk = d->rrsets[i];
+			struct packed_rrset_data* rd = (struct packed_rrset_data*)rk->entry.data;
+			size_t j;
+			for(j=0; j<rd->count + rd->rrsig_count; j++) {
+				if(!packed_rr_to_string(rk, j,
+					*inf->worker->env.now, s, sizeof(s))) {
+					rrset_array_unlock(d->ref, d->rrset_count);
+					ssl_printf(inf->ssl, "BADRR\n");
+					return;
+				}
+				ssl_printf(inf->ssl, "%s", s);
+			}
+		}
+		rrset_array_unlock(d->ref, d->rrset_count);
+		ssl_printf(inf->ssl, "\n");
+	}
+}
+
+/** perform cache search for domain */
+static void
+do_cache_lookup_domain(RES* ssl, struct worker* worker, uint8_t* nm,
+	size_t nmlen)
+{
+#ifdef CLIENT_SUBNET
+	int m;
+	struct subnet_env* sn_env = NULL;
+#endif /* CLIENT_SUBNET */
+	struct cache_lookup_info inf;
+	inf.ssl = ssl;
+	inf.worker = worker;
+	inf.nm = nm;
+	inf.nmlen = nmlen;
+
+#ifdef CLIENT_SUBNET
+	m = modstack_find(worker->env.modstack, "subnetcache");
+	if(m != -1) sn_env = (struct subnet_env*)worker->env.modinfo[m];
+	if(sn_env) {
+		lock_rw_rdlock(&sn_env->biglock);
+		slabhash_traverse(sn_env->subnet_msg_cache, 0,
+			&cache_lookup_subnet_msg, &inf);
+		lock_rw_unlock(&sn_env->biglock);
+	}
+#endif /* CLIENT_SUBNET */
+
+	slabhash_traverse(&worker->env.rrset_cache->table, 0,
+		&cache_lookup_rrset, &inf);
+	slabhash_traverse(worker->env.msg_cache, 0, &cache_lookup_msg, &inf);
+}
+
+/** cache lookup of domain */
+static void
+do_cache_lookup(RES* ssl, struct worker* worker, char* arg)
+{
+	uint8_t nm[LDNS_MAX_DOMAINLEN+1];
+	size_t nmlen;
+	int status;
+	char* s = arg, *next = NULL;
+	int allow_long = 0;
+
+	if(arg[0] == '+' && arg[1] == 't' && (arg[2]==' ' || arg[2]=='\t')) {
+		allow_long = 1;
+		s = arg+2;
+	}
+
+	/* Find the commandline arguments of domains. */
+	while(s && *s != 0) {
+		s = skipwhite(s);
+		if(*s == 0)
+			break;
+		if(strchr(s, ' ') || strchr(s, '\t')) {
+			char* sp = strchr(s, ' ');
+			if(strchr(s, '\t') != 0 && strchr(s, '\t') < sp)
+				sp = strchr(s, '\t');
+			*sp = 0;
+			next = sp+1;
+		} else {
+			next = NULL;
+		}
+
+		nmlen = sizeof(nm);
+		status = sldns_str2wire_dname_buf(s, nm, &nmlen);
+		if(status != 0) {
+			ssl_printf(ssl, "error cannot parse name %s at %d: %s\n", s,
+				LDNS_WIREPARSE_OFFSET(status),
+				sldns_get_errorstr_parse(status));
+			return;
+		}
+		if(!allow_long && dname_count_labels(nm) < 3) {
+			ssl_printf(ssl, "error name too short: '%s'. Need example.com. or longer, short names take very long, use +t to allow them.\n", s);
+			return;
+		}
+
+		do_cache_lookup_domain(ssl, worker, nm, nmlen);
+
+		s = next;
+	}
+}
+
 /** cache lookup of nameservers */
 static void
 do_lookup(RES* ssl, struct worker* worker, char* arg)
@@ -2887,10 +3221,13 @@ do_auth_zone_reload(RES* ssl, struct worker* worker, char* arg)
 			(void)ssl_printf(ssl, "error: no SOA in zone after read %s\n", arg);
 			return;
 		}
-		if(xfr->have_zone)
+		if(xfr->have_zone) {
 			xfr->lease_time = *worker->env.now;
+			xfr->soa_zone_acquired = *worker->env.now;
+		}
 		lock_basic_unlock(&xfr->lock);
 	}
+	z->soa_zone_acquired = *worker->env.now;
 
 	auth_zone_verify_zonemd(z, &worker->env, &worker->env.mesh->mods,
 		&reason, 0, 0);
@@ -3039,7 +3376,7 @@ static void
 do_list_auth_zones(RES* ssl, struct auth_zones* az)
 {
 	struct auth_zone* z;
-	char buf[LDNS_MAX_DOMAINLEN], buf2[256];
+	char buf[LDNS_MAX_DOMAINLEN], buf2[256], buf3[256];
 	lock_rw_rdlock(&az->lock);
 	RBTREE_FOR(z, struct auth_zone*, &az->ztree) {
 		lock_rw_rdlock(&z->lock);
@@ -3048,18 +3385,41 @@ do_list_auth_zones(RES* ssl, struct auth_zones* az)
 			snprintf(buf2, sizeof(buf2), "expired");
 		else {
 			uint32_t serial = 0;
-			if(auth_zone_get_serial(z, &serial))
+			if(auth_zone_get_serial(z, &serial)) {
 				snprintf(buf2, sizeof(buf2), "serial %u",
 					(unsigned)serial);
-			else	snprintf(buf2, sizeof(buf2), "no serial");
+				if(z->soa_zone_acquired != 0) {
+#if defined(HAVE_STRFTIME) && defined(HAVE_LOCALTIME_R)
+					char tmbuf[32];
+					struct tm tm;
+					struct tm *tm_p;
+					tm_p = localtime_r(
+						&z->soa_zone_acquired, &tm);
+					if(!strftime(tmbuf, sizeof(tmbuf), "%Y-%m-%dT%H:%M:%S", tm_p))
+						snprintf(tmbuf, sizeof(tmbuf), "strftime-err-%u", (unsigned)z->soa_zone_acquired);
+					snprintf(buf3, sizeof(buf3),
+						"\t since %u %s",
+						(unsigned)z->soa_zone_acquired,
+						tmbuf);
+#else
+					snprintf(buf3, sizeof(buf3),
+						"\t since %u",
+						(unsigned)z->soa_zone_acquired);
+#endif
+				} else {
+					buf3[0]=0;
+				}
+			} else	{
+				snprintf(buf2, sizeof(buf2), "no serial");
+				buf3[0]=0;
+			}
 		}
-		if(!ssl_printf(ssl, "%s\t%s\n", buf, buf2)) {
+		lock_rw_unlock(&z->lock);
+		if(!ssl_printf(ssl, "%s\t%s%s\n", buf, buf2, buf3)) {
 			/* failure to print */
-			lock_rw_unlock(&z->lock);
 			lock_rw_unlock(&az->lock);
 			return;
 		}
-		lock_rw_unlock(&z->lock);
 	}
 	lock_rw_unlock(&az->lock);
 }
@@ -3502,6 +3862,30 @@ do_print_cookie_secrets(RES* ssl, struct worker* worker) {
 	explicit_bzero(secret_hex, sizeof(secret_hex));
 }
 
+/** check that there is no argument after a command that takes no arguments. */
+static int
+cmd_no_args(RES* ssl, char* cmd, char* p)
+{
+	if(p && *p != 0) {
+		/* cmd contains the command that is called at the start,
+		 * with space or tab after it. */
+		char* c = cmd;
+		if(strchr(c, ' ') && strchr(c, '\t')) {
+			if(strchr(c, ' ') < strchr(c, '\t'))
+				*strchr(c, ' ')=0;
+			else	*strchr(c, '\t')=0;
+		} else if(strchr(c, ' ')) {
+			*strchr(c, ' ')=0;
+		} else if(strchr(c, '\t')) {
+			*strchr(c, '\t')=0;
+		}
+		(void)ssl_printf(ssl, "error command %s takes no arguments,"
+			" have '%s'\n", c, p);
+		return 1;
+	}
+	return 0;
+}
+
 /** check for name with end-of-string, space or tab after it */
 static int
 cmdcmp(char* p, const char* cmd, size_t len)
@@ -3517,27 +3901,41 @@ execute_cmd(struct daemon_remote* rc, struct rc_state* s, RES* ssl, char* cmd,
 	char* p = skipwhite(cmd);
 	/* compare command */
 	if(cmdcmp(p, "stop", 4)) {
+		if(cmd_no_args(ssl, p, skipwhite(p+4)))
+			return;
 		do_stop(ssl, worker);
 		return;
 	} else if(cmdcmp(p, "reload_keep_cache", 17)) {
+		if(cmd_no_args(ssl, p, skipwhite(p+17)))
+			return;
 		do_reload(ssl, worker, 1);
 		return;
 	} else if(cmdcmp(p, "reload", 6)) {
+		if(cmd_no_args(ssl, p, skipwhite(p+6)))
+			return;
 		do_reload(ssl, worker, 0);
 		return;
 	} else if(cmdcmp(p, "fast_reload", 11)) {
 		do_fast_reload(ssl, worker, s, skipwhite(p+11));
 		return;
 	} else if(cmdcmp(p, "stats_noreset", 13)) {
+		if(cmd_no_args(ssl, p, skipwhite(p+13)))
+			return;
 		do_stats(ssl, worker, 0);
 		return;
 	} else if(cmdcmp(p, "stats", 5)) {
+		if(cmd_no_args(ssl, p, skipwhite(p+5)))
+			return;
 		do_stats(ssl, worker, 1);
 		return;
 	} else if(cmdcmp(p, "status", 6)) {
+		if(cmd_no_args(ssl, p, skipwhite(p+6)))
+			return;
 		do_status(ssl, worker);
 		return;
 	} else if(cmdcmp(p, "dump_cache", 10)) {
+		if(cmd_no_args(ssl, p, skipwhite(p+10)))
+			return;
 #ifdef THREADS_DISABLED
 		if(worker->daemon->num > 1) {
 			(void)ssl_printf(ssl, "dump_cache/load_cache is not "
@@ -3548,6 +3946,8 @@ execute_cmd(struct daemon_remote* rc, struct rc_state* s, RES* ssl, char* cmd,
 		(void)dump_cache(ssl, worker);
 		return;
 	} else if(cmdcmp(p, "load_cache", 10)) {
+		if(cmd_no_args(ssl, p, skipwhite(p+10)))
+			return;
 #ifdef THREADS_DISABLED
 		if(worker->daemon->num > 1) {
 			/* The warning can't be printed when stdin is sending
@@ -3558,18 +3958,28 @@ execute_cmd(struct daemon_remote* rc, struct rc_state* s, RES* ssl, char* cmd,
 		if(load_cache(ssl, worker)) send_ok(ssl);
 		return;
 	} else if(cmdcmp(p, "list_forwards", 13)) {
+		if(cmd_no_args(ssl, p, skipwhite(p+13)))
+			return;
 		do_list_forwards(ssl, worker);
 		return;
 	} else if(cmdcmp(p, "list_stubs", 10)) {
+		if(cmd_no_args(ssl, p, skipwhite(p+10)))
+			return;
 		do_list_stubs(ssl, worker);
 		return;
 	} else if(cmdcmp(p, "list_insecure", 13)) {
+		if(cmd_no_args(ssl, p, skipwhite(p+13)))
+			return;
 		do_insecure_list(ssl, worker);
 		return;
 	} else if(cmdcmp(p, "list_local_zones", 16)) {
+		if(cmd_no_args(ssl, p, skipwhite(p+16)))
+			return;
 		do_list_local_zones(ssl, worker->daemon->local_zones);
 		return;
 	} else if(cmdcmp(p, "list_local_data", 15)) {
+		if(cmd_no_args(ssl, p, skipwhite(p+15)))
+			return;
 		do_list_local_data(ssl, worker, worker->daemon->local_zones);
 		return;
 	} else if(cmdcmp(p, "view_list_local_zones", 21)) {
@@ -3585,6 +3995,8 @@ execute_cmd(struct daemon_remote* rc, struct rc_state* s, RES* ssl, char* cmd,
 		do_ip_ratelimit_list(ssl, worker, p+17);
 		return;
 	} else if(cmdcmp(p, "list_auth_zones", 15)) {
+		if(cmd_no_args(ssl, p, skipwhite(p+15)))
+			return;
 		do_list_auth_zones(ssl, worker->env.auth_zones);
 		return;
 	} else if(cmdcmp(p, "auth_zone_reload", 16)) {
@@ -3605,14 +4017,21 @@ execute_cmd(struct daemon_remote* rc, struct rc_state* s, RES* ssl, char* cmd,
 		return;
 	} else if(cmdcmp(p, "flush_stats", 11)) {
 		/* must always distribute this cmd */
+		if(cmd_no_args(ssl, p, skipwhite(p+11)))
+			return;
 		if(rc) distribute_cmd(rc, ssl, cmd);
 		do_flush_stats(ssl, worker);
 		return;
 	} else if(cmdcmp(p, "flush_requestlist", 17)) {
 		/* must always distribute this cmd */
+		if(cmd_no_args(ssl, p, skipwhite(p+17)))
+			return;
 		if(rc) distribute_cmd(rc, ssl, cmd);
 		do_flush_requestlist(ssl, worker);
 		return;
+	} else if(cmdcmp(p, "cache_lookup", 12)) {
+		do_cache_lookup(ssl, worker, skipwhite(p+12));
+		return;
 	} else if(cmdcmp(p, "lookup", 6)) {
 		do_lookup(ssl, worker, skipwhite(p+6));
 		return;
@@ -3620,15 +4039,23 @@ execute_cmd(struct daemon_remote* rc, struct rc_state* s, RES* ssl, char* cmd,
 	 * Each line needs to be distributed if THREADS_DISABLED.
 	 */
 	} else if(cmdcmp(p, "local_zones_remove", 18)) {
+		if(cmd_no_args(ssl, p, skipwhite(p+18)))
+			return;
 		do_zones_remove(rc, ssl, worker);
 		return;
 	} else if(cmdcmp(p, "local_zones", 11)) {
+		if(cmd_no_args(ssl, p, skipwhite(p+11)))
+			return;
 		do_zones_add(rc, ssl, worker);
 		return;
 	} else if(cmdcmp(p, "local_datas_remove", 18)) {
+		if(cmd_no_args(ssl, p, skipwhite(p+18)))
+			return;
 		do_datas_remove(rc, ssl, worker);
 		return;
 	} else if(cmdcmp(p, "local_datas", 11)) {
+		if(cmd_no_args(ssl, p, skipwhite(p+11)))
+			return;
 		do_datas_add(rc, ssl, worker);
 		return;
 	} else if(cmdcmp(p, "view_local_datas_remove", 23)){
@@ -3638,6 +4065,8 @@ execute_cmd(struct daemon_remote* rc, struct rc_state* s, RES* ssl, char* cmd,
 		do_view_datas_add(rc, ssl, worker, skipwhite(p+16));
 		return;
 	} else if(cmdcmp(p, "print_cookie_secrets", 20)) {
+		if(cmd_no_args(ssl, p, skipwhite(p+20)))
+			return;
 		do_print_cookie_secrets(ssl, worker);
 		return;
 	}
@@ -3687,10 +4116,16 @@ execute_cmd(struct daemon_remote* rc, struct rc_state* s, RES* ssl, char* cmd,
 	} else if(cmdcmp(p, "flush", 5)) {
 		do_flush_name(ssl, worker, skipwhite(p+5));
 	} else if(cmdcmp(p, "dump_requestlist", 16)) {
+		if(cmd_no_args(ssl, p, skipwhite(p+16)))
+			return;
 		do_dump_requestlist(ssl, worker);
 	} else if(cmdcmp(p, "dump_infra", 10)) {
+		if(cmd_no_args(ssl, p, skipwhite(p+10)))
+			return;
 		do_dump_infra(ssl, worker);
 	} else if(cmdcmp(p, "log_reopen", 10)) {
+		if(cmd_no_args(ssl, p, skipwhite(p+10)))
+			return;
 		do_log_reopen(ssl, worker);
 	} else if(cmdcmp(p, "set_option", 10)) {
 		do_set_option(ssl, worker, skipwhite(p+10));
@@ -3707,8 +4142,12 @@ execute_cmd(struct daemon_remote* rc, struct rc_state* s, RES* ssl, char* cmd,
 	} else if(cmdcmp(p, "add_cookie_secret", 17)) {
 		do_add_cookie_secret(ssl, worker, skipwhite(p+17));
 	} else if(cmdcmp(p, "drop_cookie_secret", 18)) {
+		if(cmd_no_args(ssl, p, skipwhite(p+18)))
+			return;
 		do_drop_cookie_secret(ssl, worker);
 	} else if(cmdcmp(p, "activate_cookie_secret", 22)) {
+		if(cmd_no_args(ssl, p, skipwhite(p+22)))
+			return;
 		do_activate_cookie_secret(ssl, worker);
 	} else {
 		(void)ssl_printf(ssl, "error unknown command '%s'\n", p);
@@ -4348,37 +4787,45 @@ fr_check_tag_defines(struct fast_reload_thread* fr, struct config_file* newcfg)
 	return 1;
 }
 
-/** fast reload thread, check if config item has changed, if not add to
- * the explanatory string. */
+/** fast reload thread, add incompatible option to the explanatory string */
 static void
-fr_check_changed_cfg(int cmp, const char* desc, char* str, size_t len)
+fr_add_incompatible_option(const char* desc, char* str, size_t len)
 {
-	if(cmp) {
-		size_t slen = strlen(str);
-		size_t desclen = strlen(desc);
-		if(slen == 0) {
-			snprintf(str, len, "%s", desc);
-			return;
-		}
-		if(len - slen < desclen+2)
-			return; /* It does not fit */
-		snprintf(str+slen, len-slen, " %s", desc);
+	size_t slen = strlen(str);
+	size_t desclen = strlen(desc);
+	if(slen == 0) {
+		snprintf(str, len, "%s", desc);
+		return;
 	}
+	if(len - slen < desclen+2)
+		return; /* It does not fit */
+	snprintf(str+slen, len-slen, " %s", desc);
 }
 
+/** fast reload thread, check if config item has changed; thus incompatible */
+#define FR_CHECK_CHANGED_CFG(desc, var, str)				\
+do {									\
+	if(cfg->var != newcfg->var) {					\
+		fr_add_incompatible_option(desc, str, sizeof(str));	\
+	}								\
+} while(0);
+
 /** fast reload thread, check if config string has changed, checks NULLs. */
-static void
-fr_check_changed_cfg_str(char* cmp1, char* cmp2, const char* desc, char* str,
-	size_t len)
-{
-	if((!cmp1 && cmp2) ||
-		(cmp1 && !cmp2) ||
-		(cmp1 && cmp2 && strcmp(cmp1, cmp2) != 0)) {
-		fr_check_changed_cfg(1, desc, str, len);
-	}
-}
+#define FR_CHECK_CHANGED_CFG_STR(desc, var, str)			\
+do {									\
+	if((!cfg->var && newcfg->var) ||				\
+		(cfg->var && !newcfg->var) ||				\
+		(cfg->var && newcfg->var				\
+		&& strcmp(cfg->var, newcfg->var) != 0)) {		\
+		fr_add_incompatible_option(desc, str, sizeof(str));	\
+	}								\
+} while(0);
 
 /** fast reload thread, check if config strlist has changed. */
+#define FR_CHECK_CHANGED_CFG_STRLIST(desc, var, str) do {		\
+	fr_check_changed_cfg_strlist(cfg->var, newcfg->var, desc, str,	\
+		sizeof(str));						\
+	} while(0);
 static void
 fr_check_changed_cfg_strlist(struct config_strlist* cmp1,
 	struct config_strlist* cmp2, const char* desc, char* str, size_t len)
@@ -4389,18 +4836,22 @@ fr_check_changed_cfg_strlist(struct config_strlist* cmp1,
 			(p1->str && !p2->str) ||
 			(p1->str && p2->str && strcmp(p1->str, p2->str) != 0)) {
 			/* The strlist is different. */
-			fr_check_changed_cfg(1, desc, str, len);
+			fr_add_incompatible_option(desc, str, len);
 			return;
 		}
 		p1 = p1->next;
 		p2 = p2->next;
 	}
 	if((!p1 && p2) || (p1 && !p2)) {
-		fr_check_changed_cfg(1, desc, str, len);
+		fr_add_incompatible_option(desc, str, len);
 	}
 }
 
 /** fast reload thread, check if config str2list has changed. */
+#define FR_CHECK_CHANGED_CFG_STR2LIST(desc, var, buff) do {		\
+	fr_check_changed_cfg_str2list(cfg->var, newcfg->var, desc, buff,\
+		sizeof(buff));						\
+	} while(0);
 static void
 fr_check_changed_cfg_str2list(struct config_str2list* cmp1,
 	struct config_str2list* cmp2, const char* desc, char* str, size_t len)
@@ -4411,7 +4862,7 @@ fr_check_changed_cfg_str2list(struct config_str2list* cmp1,
 			(p1->str && !p2->str) ||
 			(p1->str && p2->str && strcmp(p1->str, p2->str) != 0)) {
 			/* The str2list is different. */
-			fr_check_changed_cfg(1, desc, str, len);
+			fr_add_incompatible_option(desc, str, len);
 			return;
 		}
 		if((!p1->str2 && p2->str2) ||
@@ -4419,14 +4870,14 @@ fr_check_changed_cfg_str2list(struct config_str2list* cmp1,
 			(p1->str2 && p2->str2 &&
 			strcmp(p1->str2, p2->str2) != 0)) {
 			/* The str2list is different. */
-			fr_check_changed_cfg(1, desc, str, len);
+			fr_add_incompatible_option(desc, str, len);
 			return;
 		}
 		p1 = p1->next;
 		p2 = p2->next;
 	}
 	if((!p1 && p2) || (p1 && !p2)) {
-		fr_check_changed_cfg(1, desc, str, len);
+		fr_add_incompatible_option(desc, str, len);
 	}
 }
 
@@ -4440,98 +4891,54 @@ fr_check_compat_cfg(struct fast_reload_thread* fr, struct config_file* newcfg)
 	changed_str[0]=0;
 
 	/* Find incompatible options, and if so, print an error. */
-	fr_check_changed_cfg(cfg->num_threads != newcfg->num_threads,
-		"num-threads", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(cfg->do_ip4 != newcfg->do_ip4,
-		"do-ip4", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(cfg->do_ip6 != newcfg->do_ip6,
-		"do-ip6", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(cfg->do_udp != newcfg->do_udp,
-		"do-udp", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(cfg->do_tcp != newcfg->do_tcp,
-		"do-tcp", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(cfg->port != newcfg->port,
-		"port", changed_str, sizeof(changed_str));
+	FR_CHECK_CHANGED_CFG("num-threads", num_threads, changed_str);
+	FR_CHECK_CHANGED_CFG("do-ip4", do_ip4, changed_str);
+	FR_CHECK_CHANGED_CFG("do-ip6", do_ip6, changed_str);
+	FR_CHECK_CHANGED_CFG("do-udp", do_udp, changed_str);
+	FR_CHECK_CHANGED_CFG("do-tcp", do_tcp, changed_str);
+	FR_CHECK_CHANGED_CFG("port", port, changed_str);
 	/* But cfg->outgoing_num_ports has been changed at startup,
 	 * possibly to reduce it, so do not check it here. */
-	fr_check_changed_cfg(cfg->outgoing_num_tcp != newcfg->outgoing_num_tcp,
-		"outgoing-num-tcp", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(cfg->incoming_num_tcp != newcfg->incoming_num_tcp,
-		"incoming-num-tcp", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(cfg->num_out_ifs != newcfg->num_out_ifs,
-		"outgoing-interface", changed_str, sizeof(changed_str));
+	FR_CHECK_CHANGED_CFG("outgoing-num-tcp", outgoing_num_tcp, changed_str);
+	FR_CHECK_CHANGED_CFG("incoming-num-tcp", incoming_num_tcp, changed_str);
+	FR_CHECK_CHANGED_CFG("outgoing-interface", num_out_ifs, changed_str);
 	if(cfg->num_out_ifs == newcfg->num_out_ifs) {
 		for(i=0; i<cfg->num_out_ifs; i++)
-			fr_check_changed_cfg(strcmp(cfg->out_ifs[i],
-				newcfg->out_ifs[i]) != 0, "outgoing-interface",
-				changed_str, sizeof(changed_str));
+			FR_CHECK_CHANGED_CFG_STR("outgoing-interface",
+				out_ifs[i], changed_str);
 	}
-	fr_check_changed_cfg(cfg->num_ifs != newcfg->num_ifs,
-		"interface", changed_str, sizeof(changed_str));
+	FR_CHECK_CHANGED_CFG("interface", num_ifs, changed_str);
 	if(cfg->num_ifs == newcfg->num_ifs) {
 		for(i=0; i<cfg->num_ifs; i++)
-			fr_check_changed_cfg(strcmp(cfg->ifs[i],
-				newcfg->ifs[i]) != 0, "interface",
-				changed_str, sizeof(changed_str));
-	}
-	fr_check_changed_cfg(cfg->if_automatic != newcfg->if_automatic,
-		"interface-automatic", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(cfg->so_rcvbuf != newcfg->so_rcvbuf,
-		"so-rcvbuf", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(cfg->so_sndbuf != newcfg->so_sndbuf,
-		"so-sndbuf", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(cfg->so_reuseport != newcfg->so_reuseport,
-		"so-reuseport", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(cfg->ip_transparent != newcfg->ip_transparent,
-		"ip-transparent", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(cfg->ip_freebind != newcfg->ip_freebind,
-		"ip-freebind", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(cfg->udp_connect != newcfg->udp_connect,
-		"udp-connect", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(cfg->msg_buffer_size != newcfg->msg_buffer_size,
-		"msg-buffer-size", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(cfg->do_tcp_keepalive != newcfg->do_tcp_keepalive,
-		"edns-tcp-keepalive", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(
-		cfg->tcp_keepalive_timeout != newcfg->tcp_keepalive_timeout,
-		"edns-tcp-keepalive-timeout", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(cfg->tcp_idle_timeout != newcfg->tcp_idle_timeout,
-		"tcp-idle-timeout", changed_str, sizeof(changed_str));
+			FR_CHECK_CHANGED_CFG_STR("interface",
+				ifs[i], changed_str);
+	}
+	FR_CHECK_CHANGED_CFG("interface-automatic", if_automatic, changed_str);
+	FR_CHECK_CHANGED_CFG("so-rcvbuf", so_rcvbuf, changed_str);
+	FR_CHECK_CHANGED_CFG("so-sndbuf", so_sndbuf, changed_str);
+	FR_CHECK_CHANGED_CFG("so-reuseport", so_reuseport, changed_str);
+	FR_CHECK_CHANGED_CFG("ip-transparent", ip_transparent, changed_str);
+	FR_CHECK_CHANGED_CFG("ip-freebind", ip_freebind, changed_str);
+	FR_CHECK_CHANGED_CFG("udp-connect", udp_connect, changed_str);
+	FR_CHECK_CHANGED_CFG("msg-buffer-size", msg_buffer_size, changed_str);
+	FR_CHECK_CHANGED_CFG("edns-tcp-keepalive", do_tcp_keepalive, changed_str);
+	FR_CHECK_CHANGED_CFG("edns-tcp-keepalive-timeout", tcp_keepalive_timeout, changed_str);
+	FR_CHECK_CHANGED_CFG("tcp-idle-timeout", tcp_idle_timeout, changed_str);
 	/* Not changed, only if DoH is used, it is then stored in commpoints,
 	 * as well as used from cfg. */
-	fr_check_changed_cfg(
-		cfg->harden_large_queries != newcfg->harden_large_queries,
-		"harden-large-queries", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(cfg->http_max_streams != newcfg->http_max_streams,
-		"http-max-streams", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg_str(cfg->http_endpoint, newcfg->http_endpoint,
-		"http-endpoint", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(
-		cfg->http_notls_downstream != newcfg->http_notls_downstream,
-		"http_notls_downstream", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(cfg->https_port != newcfg->https_port,
-		"https-port", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(cfg->ssl_port != newcfg->ssl_port,
-		"tls-port", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg_str(cfg->ssl_service_key, newcfg->ssl_service_key,
-		"tls-service-key", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg_str(cfg->ssl_service_pem, newcfg->ssl_service_pem,
-		"tls-service-pem", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg_str(cfg->tls_cert_bundle, newcfg->tls_cert_bundle,
-		"tls-cert-bundle", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg_strlist(cfg->proxy_protocol_port,
-		newcfg->proxy_protocol_port, "proxy-protocol-port",
-		changed_str, sizeof(changed_str));
-	fr_check_changed_cfg_strlist(cfg->tls_additional_port,
-		newcfg->tls_additional_port, "tls-additional-port",
-		changed_str, sizeof(changed_str));
-	fr_check_changed_cfg_str(cfg->if_automatic_ports,
-		newcfg->if_automatic_ports, "interface-automatic-ports",
-		changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(cfg->udp_upstream_without_downstream !=
-		newcfg->udp_upstream_without_downstream,
-		"udp-upstream-without-downstream", changed_str,
-		sizeof(changed_str));
+	FR_CHECK_CHANGED_CFG("harden-large-queries", harden_large_queries, changed_str);
+	FR_CHECK_CHANGED_CFG("http-max-streams", http_max_streams, changed_str);
+	FR_CHECK_CHANGED_CFG_STR("http-endpoint", http_endpoint, changed_str);
+	FR_CHECK_CHANGED_CFG("http_notls_downstream", http_notls_downstream, changed_str);
+	FR_CHECK_CHANGED_CFG("https-port", https_port, changed_str);
+	FR_CHECK_CHANGED_CFG("tls-port", ssl_port, changed_str);
+	FR_CHECK_CHANGED_CFG_STR("tls-service-key", ssl_service_key, changed_str);
+	FR_CHECK_CHANGED_CFG_STR("tls-service-pem", ssl_service_pem, changed_str);
+	FR_CHECK_CHANGED_CFG_STR("tls-cert-bundle", tls_cert_bundle, changed_str);
+	FR_CHECK_CHANGED_CFG_STRLIST("proxy-protocol-port", proxy_protocol_port, changed_str);
+	FR_CHECK_CHANGED_CFG_STRLIST("tls-additional-port", tls_additional_port, changed_str);
+	FR_CHECK_CHANGED_CFG_STR("interface-automatic-ports", if_automatic_ports, changed_str);
+	FR_CHECK_CHANGED_CFG("udp-upstream-without-downstream", udp_upstream_without_downstream, changed_str);
 
 	if(changed_str[0] != 0) {
 		/* The new config changes some items that do not work with
@@ -4549,7 +4956,7 @@ fr_check_compat_cfg(struct fast_reload_thread* fr, struct config_file* newcfg)
 
 /** fast reload thread, check nopause config items */
 static int
-fr_check_nopause_cfg(struct fast_reload_thread* fr, struct config_file* newcfg)
+fr_check_nopause_compat_cfg(struct fast_reload_thread* fr, struct config_file* newcfg)
 {
 	char changed_str[1024];
 	struct config_file* cfg = fr->worker->env.cfg;
@@ -4558,94 +4965,43 @@ fr_check_nopause_cfg(struct fast_reload_thread* fr, struct config_file* newcfg)
 	changed_str[0]=0;
 
 	/* Check for iter_env. */
-	fr_check_changed_cfg(
-		cfg->outbound_msg_retry != newcfg->outbound_msg_retry,
-		"outbound-msg-retry", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(cfg->max_sent_count != newcfg->max_sent_count,
-		"max-sent-count", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(
-		cfg->max_query_restarts != newcfg->max_query_restarts,
-		"max-query-restarts", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(strcmp(cfg->target_fetch_policy,
-		newcfg->target_fetch_policy) != 0,
-		"target-fetch-policy", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(
-		cfg->donotquery_localhost != newcfg->donotquery_localhost,
-		"do-not-query-localhost", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg_strlist(cfg->donotqueryaddrs,
-		newcfg->donotqueryaddrs, "do-not-query-localhost",
-		changed_str, sizeof(changed_str));
-	fr_check_changed_cfg_strlist(cfg->private_address,
-		newcfg->private_address, "private-address",
-		changed_str, sizeof(changed_str));
-	fr_check_changed_cfg_strlist(cfg->private_domain,
-		newcfg->private_domain, "private-domain",
-		changed_str, sizeof(changed_str));
-	fr_check_changed_cfg_strlist(cfg->caps_whitelist,
-		newcfg->caps_whitelist, "caps-exempt",
-		changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(cfg->do_nat64 != newcfg->do_nat64,
-		"do-nat64", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg_str(cfg->nat64_prefix, newcfg->nat64_prefix,
-		"nat64-prefix", changed_str, sizeof(changed_str));
+	FR_CHECK_CHANGED_CFG("outbound-msg-retry", outbound_msg_retry, changed_str);
+	FR_CHECK_CHANGED_CFG("max-sent-count", max_sent_count, changed_str);
+	FR_CHECK_CHANGED_CFG("max-query-restarts", max_query_restarts, changed_str);
+	FR_CHECK_CHANGED_CFG_STR("target-fetch-policy", target_fetch_policy, changed_str);
+	FR_CHECK_CHANGED_CFG("do-not-query-localhost", donotquery_localhost, changed_str);
+	FR_CHECK_CHANGED_CFG_STRLIST("do-not-query-address", donotqueryaddrs, changed_str);
+	FR_CHECK_CHANGED_CFG_STRLIST("private-address", private_address, changed_str);
+	FR_CHECK_CHANGED_CFG_STRLIST("private-domain", private_domain, changed_str);
+	FR_CHECK_CHANGED_CFG_STRLIST("caps-exempt", caps_whitelist, changed_str);
+	FR_CHECK_CHANGED_CFG("do-nat64", do_nat64, changed_str);
+	FR_CHECK_CHANGED_CFG_STR("nat64-prefix", nat64_prefix, changed_str);
 
 	/* Check for val_env. */
-	fr_check_changed_cfg(cfg->bogus_ttl != newcfg->bogus_ttl,
-		"val-bogus-ttl", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(
-		cfg->val_date_override != newcfg->val_date_override,
-		"val-date-override", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(cfg->val_sig_skew_min != newcfg->val_sig_skew_min,
-		"val-sig-skew-min", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(cfg->val_sig_skew_max != newcfg->val_sig_skew_max,
-		"val-sig-skew-max", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(cfg->val_max_restart != newcfg->val_max_restart,
-		"val-max-restart", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(strcmp(cfg->val_nsec3_key_iterations,
-		newcfg->val_nsec3_key_iterations) != 0,
-		"val-nsec3-keysize-iterations", changed_str,
-		sizeof(changed_str));
+	FR_CHECK_CHANGED_CFG("val-bogus-ttl", bogus_ttl, changed_str);
+	FR_CHECK_CHANGED_CFG("val-date-override", val_date_override, changed_str);
+	FR_CHECK_CHANGED_CFG("val-sig-skew-min", val_sig_skew_min, changed_str);
+	FR_CHECK_CHANGED_CFG("val-sig-skew-max", val_sig_skew_max, changed_str);
+	FR_CHECK_CHANGED_CFG("val-max-restart", val_max_restart, changed_str);
+	FR_CHECK_CHANGED_CFG_STR("val-nsec3-keysize-iterations",
+		val_nsec3_key_iterations, changed_str);
 
 	/* Check for infra. */
-	fr_check_changed_cfg(cfg->host_ttl != newcfg->host_ttl,
-		"infra-host-ttl", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(
-		cfg->infra_keep_probing != newcfg->infra_keep_probing,
-		"infra-keep-probing", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(
-		cfg->ratelimit != newcfg->ratelimit,
-		"ratelimit", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(
-		cfg->ip_ratelimit != newcfg->ip_ratelimit,
-		"ip-ratelimit", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(
-		cfg->ip_ratelimit_cookie != newcfg->ip_ratelimit_cookie,
-		"ip-ratelimit-cookie", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg_str2list(cfg->wait_limit_netblock,
-		newcfg->wait_limit_netblock, "wait-limit-netblock",
-		changed_str, sizeof(changed_str));
-	fr_check_changed_cfg_str2list(cfg->wait_limit_cookie_netblock,
-		newcfg->wait_limit_cookie_netblock,
-		"wait-limit-cookie-netblock", changed_str,
-		sizeof(changed_str));
-	fr_check_changed_cfg_str2list(cfg->ratelimit_below_domain,
-		newcfg->ratelimit_below_domain, "ratelimit-below-domain",
-		changed_str, sizeof(changed_str));
-	fr_check_changed_cfg_str2list(cfg->ratelimit_for_domain,
-		newcfg->ratelimit_for_domain, "ratelimit-for-domain",
-		changed_str, sizeof(changed_str));
+	FR_CHECK_CHANGED_CFG("infra-host-ttl", host_ttl, changed_str);
+	FR_CHECK_CHANGED_CFG("infra-keep-probing", infra_keep_probing, changed_str);
+	FR_CHECK_CHANGED_CFG("ratelimit", ratelimit, changed_str);
+	FR_CHECK_CHANGED_CFG("ip-ratelimit", ip_ratelimit, changed_str);
+	FR_CHECK_CHANGED_CFG("ip-ratelimit-cookie", ip_ratelimit_cookie, changed_str);
+	FR_CHECK_CHANGED_CFG_STR2LIST("wait-limit-netblock", wait_limit_netblock, changed_str);
+	FR_CHECK_CHANGED_CFG_STR2LIST("wait-limit-cookie-netblock", wait_limit_cookie_netblock, changed_str);
+	FR_CHECK_CHANGED_CFG_STR2LIST("ratelimit-below-domain", ratelimit_below_domain, changed_str);
+	FR_CHECK_CHANGED_CFG_STR2LIST("ratelimit-for-domain", ratelimit_for_domain, changed_str);
 
 	/* Check for dnstap. */
-	fr_check_changed_cfg(
-		cfg->dnstap_send_identity != newcfg->dnstap_send_identity,
-		"dnstap-send-identity", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg(
-		cfg->dnstap_send_version != newcfg->dnstap_send_version,
-		"dnstap-send-version", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg_str(cfg->dnstap_identity, newcfg->dnstap_identity,
-		"dnstap-identity", changed_str, sizeof(changed_str));
-	fr_check_changed_cfg_str(cfg->dnstap_version, newcfg->dnstap_version,
-		"dnstap-version", changed_str, sizeof(changed_str));
+	FR_CHECK_CHANGED_CFG("dnstap-send-identity", dnstap_send_identity, changed_str);
+	FR_CHECK_CHANGED_CFG("dnstap-send-version", dnstap_send_version, changed_str);
+	FR_CHECK_CHANGED_CFG_STR("dnstap-identity", dnstap_identity, changed_str);
+	FR_CHECK_CHANGED_CFG_STR("dnstap-version", dnstap_version, changed_str);
 
 	if(changed_str[0] != 0) {
 		/* The new config changes some items that need a pause,
@@ -5507,7 +5863,7 @@ fr_atomic_copy_cfg(struct config_file* oldcfg, struct config_file* cfg,
 	COPY_VAR_ptr(tls_cert_bundle);
 	COPY_VAR_int(tls_win_cert);
 	COPY_VAR_ptr(tls_additional_port);
-	/* The first is used to walk throught the list but last is
+	/* The first is used to walk through the list but last is
 	 * only used during config read. */
 	COPY_VAR_ptr(tls_session_ticket_keys.first);
 	COPY_VAR_ptr(tls_session_ticket_keys.last);
@@ -5694,7 +6050,7 @@ fr_atomic_copy_cfg(struct config_file* oldcfg, struct config_file* cfg,
 	   tagname, num_tags
 	*/
 	COPY_VAR_int(remote_control_enable);
-	/* The first is used to walk throught the list but last is
+	/* The first is used to walk through the list but last is
 	 * only used during config read. */
 	COPY_VAR_ptr(control_ifs.first);
 	COPY_VAR_ptr(control_ifs.last);
@@ -6193,7 +6549,7 @@ fr_load_config(struct fast_reload_thread* fr, struct timeval* time_read,
 		config_delete(newcfg);
 		return 0;
 	}
-	if(!fr_check_nopause_cfg(fr, newcfg)) {
+	if(!fr_check_nopause_compat_cfg(fr, newcfg)) {
 		config_delete(newcfg);
 		return 0;
 	}
@@ -7131,6 +7487,7 @@ fr_worker_auth_add(struct worker* worker, struct fast_reload_auth_change* item,
 			xfr->serial = 0;
 		}
 	}
+	auth_zone_pickup_initial_zone(item->new_z, &worker->env);
 	lock_rw_unlock(&item->new_z->lock);
 	lock_rw_unlock(&worker->env.auth_zones->lock);
 	lock_rw_unlock(&worker->daemon->fast_reload_thread->old_auth_zones->lock);
@@ -7257,7 +7614,7 @@ void
 fast_reload_worker_pickup_changes(struct worker* worker)
 {
 	/* The pickup of changes is called when the fast reload has
-	 * a syncronized moment, and all the threads are paused and the
+	 * a synchronized moment, and all the threads are paused and the
 	 * reload has been applied. Then the worker can pick up the new
 	 * changes and store them in worker-specific structs.
 	 * The pickup is also called when there is no pause, and then
diff --git a/contrib/unbound/daemon/stats.c b/contrib/unbound/daemon/stats.c
index 7efb83a0bc3f..41c4656aaec5 100644
--- a/contrib/unbound/daemon/stats.c
+++ b/contrib/unbound/daemon/stats.c
@@ -273,6 +273,7 @@ server_stats_compile(struct worker* worker, struct ub_stats_info* s, int reset)
 	/* add in the values from the mesh */
 	s->svr.ans_secure += (long long)worker->env.mesh->ans_secure;
 	s->svr.ans_bogus += (long long)worker->env.mesh->ans_bogus;
+	s->svr.val_ops += (long long)worker->env.mesh->val_ops;
 	s->svr.ans_rcode_nodata += (long long)worker->env.mesh->ans_nodata;
 	s->svr.ans_expired += (long long)worker->env.mesh->ans_expired;
 	for(i=0; i<UB_STATS_RCODE_NUM; i++)
@@ -495,6 +496,7 @@ void server_stats_add(struct ub_stats_info* total, struct ub_stats_info* a)
 		total->svr.ans_rcode_nodata += a->svr.ans_rcode_nodata;
 		total->svr.ans_secure += a->svr.ans_secure;
 		total->svr.ans_bogus += a->svr.ans_bogus;
+		total->svr.val_ops += a->svr.val_ops;
 		total->svr.unwanted_replies += a->svr.unwanted_replies;
 		total->svr.unwanted_queries += a->svr.unwanted_queries;
 		total->svr.tcp_accept_usage += a->svr.tcp_accept_usage;
diff --git a/contrib/unbound/daemon/unbound.c b/contrib/unbound/daemon/unbound.c
index 8e59bb25a725..164d0fb89509 100644
--- a/contrib/unbound/daemon/unbound.c
+++ b/contrib/unbound/daemon/unbound.c
@@ -174,7 +174,7 @@ static void
 checkrlimits(struct config_file* cfg)
 {
 #ifndef S_SPLINT_S
-#ifdef HAVE_GETRLIMIT
+#if defined(HAVE_GETRLIMIT) && !defined(unbound_testbound)
 	/* list has number of ports to listen to, ifs number addresses */
 	int list = ((cfg->do_udp?1:0) + (cfg->do_tcp?1 + 
 			(int)cfg->incoming_num_tcp:0));
@@ -463,11 +463,11 @@ detach(void)
 #endif /* HAVE_DAEMON */
 }
 
+#ifdef HAVE_SSL
 /* setup a listening ssl context, fatal_exit() on any failure */
 static void
 setup_listen_sslctx(void** ctx, int is_dot, int is_doh, struct config_file* cfg)
 {
-#ifdef HAVE_SSL
 	if(!(*ctx = listen_sslctx_create(
 		cfg->ssl_service_key, cfg->ssl_service_pem, NULL,
 		cfg->tls_ciphers, cfg->tls_ciphersuites,
@@ -476,10 +476,8 @@ setup_listen_sslctx(void** ctx, int is_dot, int is_doh, struct config_file* cfg)
 		is_dot, is_doh))) {
 		fatal_exit("could not set up listen SSL_CTX");
 	}
-#else /* HAVE_SSL */
-	(void)ctx;(void)is_dot;(void)is_doh;(void)cfg;
-#endif /* HAVE_SSL */
 }
+#endif /* HAVE_SSL */
 
 /* setups the needed ssl contexts, fatal_exit() on any failure */
 static void
@@ -747,6 +745,7 @@ run_daemon(const char* cfgfile, int cmdline_verbose, int debug_mode, int need_pi
 					"the commandline to see more errors, "
 					"or unbound-checkconf", cfgfile);
 			log_warn("Continuing with default config settings");
+			config_auto_slab_values(cfg);
 		}
 		apply_settings(daemon, cfg, cmdline_verbose, debug_mode);
 		if(!done_setup)
diff --git a/contrib/unbound/daemon/worker.c b/contrib/unbound/daemon/worker.c
index ead20938e172..8e4a9b3d650a 100644
--- a/contrib/unbound/daemon/worker.c
+++ b/contrib/unbound/daemon/worker.c
@@ -1707,6 +1707,7 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
 			repinfo->client_addrlen, edns.cookie_valid,
 			c->buffer)) {
 			worker->stats.num_queries_ip_ratelimited++;
+			regional_free_all(worker->scratchpad);
 			comm_point_drop_reply(repinfo);
 			return 0;
 		}
@@ -1818,8 +1819,9 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
 		goto send_reply;
 	}
 	if(worker->env.auth_zones &&
-		auth_zones_answer(worker->env.auth_zones, &worker->env,
-		&qinfo, &edns, repinfo, c->buffer, worker->scratchpad)) {
+		auth_zones_downstream_answer(worker->env.auth_zones,
+		&worker->env, &qinfo, &edns, repinfo, c->buffer,
+		worker->scratchpad)) {
 		regional_free_all(worker->scratchpad);
 		if(sldns_buffer_limit(c->buffer) == 0) {
 			comm_point_drop_reply(repinfo);
@@ -1872,20 +1874,11 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
 	/* If we've found a local alias, replace the qname with the alias
 	 * target before resolving it. */
 	if(qinfo.local_alias) {
-		struct ub_packed_rrset_key* rrset = qinfo.local_alias->rrset;
-		struct packed_rrset_data* d = rrset->entry.data;
-
-		/* Sanity check: our current implementation only supports
-		 * a single CNAME RRset as a local alias. */
-		if(qinfo.local_alias->next ||
-			rrset->rk.type != htons(LDNS_RR_TYPE_CNAME) ||
-			d->count != 1) {
-			log_err("assumption failure: unexpected local alias");
+		if(!local_alias_shallow_copy_qname(qinfo.local_alias, &qinfo.qname,
+			&qinfo.qname_len)) {
 			regional_free_all(worker->scratchpad);
 			return 0; /* drop it */
 		}
-		qinfo.qname = d->rr_data[0] + 2;
-		qinfo.qname_len = d->rr_len[0] - 2;
 	}
 
 	/* If we may apply IP-based actions to the answer, build the client
diff --git a/contrib/unbound/dns64/dns64.c b/contrib/unbound/dns64/dns64.c
index f028cd28aa24..fbdbd87b9f63 100644
--- a/contrib/unbound/dns64/dns64.c
+++ b/contrib/unbound/dns64/dns64.c
@@ -631,7 +631,7 @@ handle_event_moddone(struct module_qstate* qstate, int id)
 
 	/* When an AAAA query completes check if we want to perform DNS64
 	 * synthesis. We skip queries with DNSSEC enabled (!CD) and
-	 * ones generated by us to retrive the A/PTR record to use for
+	 * ones generated by us to retrieve the A/PTR record to use for
 	 * synth. */
 	int could_synth =
 		qstate->qinfo.qtype == LDNS_RR_TYPE_AAAA &&
diff --git a/contrib/unbound/dnstap/dnstap.c b/contrib/unbound/dnstap/dnstap.c
index 071fd0895fe6..3b27301825c2 100644
--- a/contrib/unbound/dnstap/dnstap.c
+++ b/contrib/unbound/dnstap/dnstap.c
@@ -542,7 +542,7 @@ dt_msg_send_outside_query(struct dt_env *env,
 	qflags = sldns_buffer_read_u16_at(qmsg, 2);
 
 	/* type */
-	if (qflags & BIT_RD) {
+	if ((qflags & BIT_RD)) {
 		if (!env->log_forwarder_query_messages)
 			return;
 		dt_msg_init(env, &dm, DNSTAP__MESSAGE__TYPE__FORWARDER_QUERY);
@@ -599,7 +599,7 @@ dt_msg_send_outside_response(struct dt_env *env,
 	qflags = ntohs(qflags);
 
 	/* type */
-	if (qflags & BIT_RD) {
+	if ((qflags & BIT_RD)) {
 		if (!env->log_forwarder_response_messages)
 			return;
 		dt_msg_init(env, &dm, DNSTAP__MESSAGE__TYPE__FORWARDER_RESPONSE);
diff --git a/contrib/unbound/dnstap/dnstap.m4 b/contrib/unbound/dnstap/dnstap.m4
index 78d0dd68b762..89eda929bfb3 100644
--- a/contrib/unbound/dnstap/dnstap.m4
+++ b/contrib/unbound/dnstap/dnstap.m4
@@ -18,10 +18,41 @@ AC_DEFUN([dt_DNSTAP],
         [opt_dnstap_socket_path="$1"])
 
     if test "x$opt_dnstap" != "xno"; then
-        AC_PATH_PROG([PROTOC_C], [protoc-c])
-        if test -z "$PROTOC_C"; then
-          AC_MSG_ERROR([The protoc-c program was not found. Please install protobuf-c!])
-        fi
+	AC_PATH_PROG([PROTOC], [protoc])
+	# 'protoc-c' is deprecated. We use 'protoc' instead. If it can not be
+	# found, try 'protoc-c'.
+	if test -z "$PROTOC"; then
+	    AC_PATH_PROG([PROTOC_C], [protoc-c])
+	else
+	    PROTOC_C="$PROTOC"
+	fi
+	if test -z "$PROTOC_C"; then
+	  AC_MSG_ERROR([[The protoc or protoc-c program was not found. It is needed for dnstap, use --disable-dnstap, or install protobuf-c to provide protoc or protoc-c]])
+	fi
+
+	# Check for protoc-gen-c plugin
+	AC_PATH_PROG([PROTOC_GEN_C], [protoc-gen-c])
+	if test -z "$PROTOC_GEN_C"; then
+	  AC_MSG_ERROR([[The protoc-gen-c plugin was not found. It is needed for dnstap, use --disable-dnstap, or install protobuf-c-compiler to provide protoc-gen-c]])
+	fi
+
+	# Test that protoc-gen-c actually works
+	AC_MSG_CHECKING([if protoc-gen-c plugin works])
+	cat > conftest.proto << EOF
+syntax = "proto2";
+message TestMessage {
+  optional string test_field = 1;
+}
+EOF
+	if $PROTOC_C --c_out=. conftest.proto >/dev/null 2>&1; then
+	  AC_MSG_RESULT([yes])
+	  rm -f conftest.proto conftest.pb-c.c conftest.pb-c.h
+	else
+	  AC_MSG_RESULT([no])
+	  rm -f conftest.proto conftest.pb-c.c conftest.pb-c.h
+	  AC_MSG_ERROR([[The protoc-gen-c plugin is not working properly. Please ensure protobuf-c-compiler is properly installed]])
+	fi
+
         AC_ARG_WITH([protobuf-c],
             AS_HELP_STRING([--with-protobuf-c=path], [Path where protobuf-c is installed, for dnstap]),
             [
diff --git a/contrib/unbound/dnstap/dnstap.proto b/contrib/unbound/dnstap/dnstap.proto
index dfc8ad411d94..75b8757c2081 100644
--- a/contrib/unbound/dnstap/dnstap.proto
+++ b/contrib/unbound/dnstap/dnstap.proto
@@ -98,7 +98,7 @@ message Policy {
     // rule: the rule matched by the message.
     //
     // In a RPZ context, this is the owner name of the rule in
-    // the Reponse Policy Zone in wire format.
+    // the Response Policy Zone in wire format.
     optional bytes rule = 2;
 
     // action: the policy action taken in response to the
diff --git a/contrib/unbound/dnstap/dtstream.c b/contrib/unbound/dnstap/dtstream.c
index 2d5ab20f0c84..39d43403bc62 100644
--- a/contrib/unbound/dnstap/dtstream.c
+++ b/contrib/unbound/dnstap/dtstream.c
@@ -1509,7 +1509,7 @@ void dtio_output_cb(int ATTR_UNUSED(fd), short bits, void* arg)
 	}
 #endif
 
-	if((bits&UB_EV_READ || dtio->ssl_brief_write)) {
+	if((bits&UB_EV_READ) || dtio->ssl_brief_write) {
 #ifdef HAVE_SSL
 		if(dtio->ssl_brief_write)
 			(void)dtio_disable_brief_write(dtio);
diff --git a/contrib/unbound/doc/Changelog b/contrib/unbound/doc/Changelog
index 9668a6364cf4..c78cdff3b9bf 100644
--- a/contrib/unbound/doc/Changelog
+++ b/contrib/unbound/doc/Changelog
@@ -1,3 +1,270 @@
+17 September 2025: Yorgos
+	- Too many quotes for the EDE message debug printout.
+
+15 September 2025: Yorgos
+	- Small debug output improvement when attaching an EDE.
+
+15 September 2025: Wouter
+	- Fix to print warning for when so-sndbuf setsockopt is not granted.
+
+11 September 2025: Wouter
+	- version set to 1.24.0 for release.
+	- tag for 1.24.0rc1.
+	- Update contrib/aaaa-filter-iterator.patch so it applies on 1.24.0.
+
+9 September 2025: Wouter
+	- Fix #1332: CNAME chains are sometimes not followed when RPZs add a
+	  local CNAME rewrite.
+
+8 September 2025: Yorgos
+	- Update documentation for using "SET ... EX" in Redis.
+	- Document max buffer sizes for Redis commands.
+	- Update man pages.
+
+3 September 2025: Wouter
+	- For #1328: make depend.
+
+2 September 2025: Wouter
+	- Fix #1235: Outdated Python2 code in
+	  unbound/pythonmod/examples/log.py.
+	- Fix #1324: Memory leak in 'msgparse.c' in
+	  'parse_edns_options_from_query(...)'.
+	- Fix indentation in tcp-mss option parsing.
+
+1 September 2025: Wouter
+	- Fix for #1324: Fix to free edns options scratch in ratelimit case.
+
+29 August 2025: Yorgos
+	- Limit the number of consecutive reads on an HTTP/2 session.
+	  Thanks to Gal Bar Nahum for exposing the possibility of infinite
+	  reads on the session.
+
+28 August 2025: Wouter
+	- Fix setup_listen_sslctx warning for nettle compile.
+
+27 August 2025: Wouter
+	- Fix unbound-control dump_cache for double unlock of lruhash table.
+
+26 August 2025: Wouter
+	- Fix ports workflow to install expat for macos.
+
+22 August 2025: Wouter
+	- For #1318: Fix compile warnings for DoH compile on windows.
+	- Fix sha1 enable environment variable in test code on windows.
+	- Fix #1319: [FR] zone status for Unbound auth-zones.
+	- Fix that the zone acquired timestamp is set after the
+	  zonefile is read.
+
+21 August 2025: Wouter
+	- Fix to check for extraneous command arguments for unbound-control,
+	  when the command takes no arguments but there are arguments present.
+	- Fix #1317: Unbound starts too early. Add
+	  Wants=network-online.target under [Unit] in unbound.service.
+	- Fix for #1317: Fix contrib/unbound.service comment path for
+	  systemd network configuration.
+
+15 August 2025: Wouter
+	- unbound-control cache_lookup +t allows tld and root names. And
+	  subnet cache contents are printed.
+	- Fix cache_lookup subnet printout to wipe zero part of the prefix.
+	- Fix cache_lookup subnet print to not print messages without rrsets
+	  and perform in-depth check on node in the addrtree.
+
+14 August 2025: Wouter
+	- Fix to increase responsiveness of dump_cache.
+	- Fix to decouple file descriptor activity and cache lookups in
+	  dump_cache.
+
+13 August 2025: Wouter
+	- unbound-control cache_lookup <domains> prints the cached rrsets
+	  and messages for those.
+	- Fix to remove debug from cache_lookup.
+	- Fix to unlock cache_lookup message for malformed records.
+
+12 August 2025: Wouter
+	- Fix that unbound-control dump_cache releases the cache locks
+	  every so often, so that the server stays responsive.
+
+7 August 2025: Wouter
+	- Fix dname_str for printout of long names. Thanks to Jan Komissar
+	  for the fix.
+	- Fix that edns-subnet failure to create a subquery errors as
+	  servfail, and not formerror.
+	- Fix to whitespace in dname_str.
+
+6 August 2025: Wouter
+	- Fix edns subnet, so that the subquery without subnet is stored in
+	  global cache if the querier used 0.0.0.0/0 and the name and address
+	  do not receive subnet treatment. If the name and address are
+	  configured for subnet, it is stored in the subnet cache.
+
+5 August 2025: Wouter
+	- Fix #1309: incorrectly reclaimed tcp handler can cause data
+	  corruption and segfault.
+	- Fix to use assertions for consistency checks in #1309 reclaimed
+	  tcp handlers.
+
+1 August 2025: Wouter
+	- Fix testbound test program to accurately output packets from hex.
+
+28 July 2025: Wouter
+	- Fix redis cachedb module gettimeofday init failure.
+
+24 July 2025: Wouter
+	- Redis checks for server down and throttles reconnects.
+
+17 July 2025: Wouter
+	- Fix to not set rlimits in the unit tests.
+	- Fix #1303: [FR] Disable TLSv1.2.
+	- iana portlist updated.
+
+16 July 2025: Wouter
+	- Fix for RebirthDay Attack CVE-2025-5994, reported by Xiang Li
+	  from AOSP Lab Nankai University.
+	- Tag for 1.23.1 with the release of 1.23.0 and the CVE fix, the
+	  repository continues with the previous fixes, with 1.23.2.
+	- Add unit tests for non-ecs aggregation.
+
+12 July 2025: Yorgos
+	- Merge #1289 from Roland van Rijswijk-Deij: Add extra statistic to
+	  track the number of signature validation operations.
+	  Adds 'num.valops' to extended statistics.
+	- For #1289: test num.valops in existing stat_values.tdir.
+	- For #1289: add num.valops in the unbound-control man page.
+
+11 July 2025: Wouter
+	- Fix detection of SSL_CTX_set_tmp_ecdh function.
+	- For #1301: configure cant find SSL_is_quic in OpenSSL 3.5.1.
+
+8 July 2025: Wouter
+	- Fix to improve dnstap discovery on Fedora.
+
+3 July 2025: Wouter
+	- Fix #1300: Is 'sock-queue-timeout' a linux only feature.
+	- For #1300: implement sock-queue-timeout for FreeBSD as well.
+	- Fix layout of comm_point_udp_ancil_callback.
+
+2 July 2025: Wouter
+	- Merge #1299: Fix typos.
+	- Generate ltmain.sh and configure again.
+
+25 June 2025: Yorgos
+	- Fix #1247: forward-first: ssl handshake failed on root nameservers.
+	- For #1247, turn off fetch-policy for delegation when looking into
+	  parent side name servers that may not update the addresses and hit
+	  NXNS limits.
+	- For #1247, replay test (added tcp_transport to
+	  outnet_serviced_query).
+
+20 June 2025: Yorgos
+	- Fix #1293: EDE 6 is attached to insecure cached answers when client
+	  sends the CD bit.
+
+19 June 2025: Wouter
+	- Fix #1296: DNS over QUIC depends on a very outdated version of
+	  ngtcp2. Fixed so it works with ngtcp2 1.13.0 and OpenSSL 3.5.0.
+	- Merge #1297: edns-subnet: fix NULL_AFTER_DEREF on subnetmod.
+	- Fix rrset cache create allocation failure case.
+
+17 June 2025: Yorgos
+	- Fix for consistent use of local zone CNAME alias for configured auth
+	  zones. Now it also applies to downstream configured auth zones.
+
+16 June 2025: Wouter
+	- Fix to check control-interface addresses in unbound-checkconf.
+	- Fix #1295: Windows 32-bit binaries download seems to be missing dll
+	  dependency.
+
+12 June 2025: Wouter
+	- Fix header return value description for skip_pkt_rrs and
+	  parse_edns_from_query_pkt.
+
+11 June 2025: Wouter
+	- Fix bitwise operators in conditional expressions with parentheses.
+	- Fix conditional expressions with parentheses for bitwise and.
+
+5 June 2025: Wouter
+	- Fix unbound-anchor certificate file read for line ends and end of
+	  file.
+	- Fix comment for the dname_remove_label_limit_len function.
+	- iana portlist updated.
+
+3 June 2025: Yorgos
+	- Small manpage corrections for the 'disable-dnssec-lame-check' option.
+
+21 May 2025: Wouter
+	- Fix #1288: [FR] Improve fuzzing of unbound by adapting the netbound
+	  program.
+
+20 May 2025: Yorgos
+	- Merge #1285:  RST man pages. It introduces restructuredText man pages
+	  to sync the online and source code man page documentation.
+	  The templated man pages (*.in) are still part of the repo but
+	  generated with docutils from their .rst counterpart.
+	  Documentation on how to generate those (mainly for core developers)
+	  is in README.man.
+	- Add more checks about respip in unbound-checkconf.
+	  Also fixes #310: unbound-checkconf not reporting RPZ configuration
+	  error.
+
+19 May 2025: Wouter
+	- Fix for cname chain length with qtype ANY and qname minimisation.
+	  Thanks to Jim Greenwood from Nominet for the report.
+
+15 May 2025: Wouter
+	- Fix config of slab values when there is no config file.
+
+13 May 2025: Yorgos
+	- Fix #1284: NULL pointer deref in az_find_nsec_cover() (latent bug)
+	  by adding a log_assert() to safeguard future development.
+	- Fix #1282: log-destaddr fail on long ipv6 addresses.
+
+13 May 2025: Wouter
+	- Change default for so-sndbuf to 1m, to mitigate a cross-layer
+	  issue where the UDP socket send buffers are exhausted waiting
+	  for ARP/NDP resolution. Thanks to Reflyable for the report.
+	- Adjusted so-sndbuf default to 4m.
+
+12 May 2025: Yorgos
+	- Merge #1280: Fix auth nsec3 code. Fixes NSEC3 code to not break on
+	  broken auth zones that include unsigned out of zone (above apex)
+	  data. Could lead to hang while trying to prove a wildcard answer.
+
+12 May 2025: Wouter
+	- Fix #1283: Unsafe usage of atoi() while parsing the configuration
+	  file.
+
+9 May 2025: Wouter
+	- Fix #1281: forward-zone "name: ." conflicts with auth-zone "name: ."
+	  in 1.23.0, but worked in 1.22.0.
+
+5 May 2025: Yorgos
+	- Sync unbound and unbound-checkconf log output for unknown modules.
+
+29 April 2025: Wouter
+	- Fix for parallel build of dnstap protoc-c output.
+	- Fix dnstap to use protoc.
+
+29 April 2025: Yorgos
+	- Merge #1276: Auto-configure '-slabs' values.
+
+28 April 2025: Yorgos
+	- Merge #1275: Use macros for the fr_check_changed* functions.
+
+25 April 2025: Wouter
+	- Fix #1272: assertion failure testcode/unitverify.c:202.
+
+16 April 2025: Wouter
+	- Increase default to `num-queries-per-thread: 2048`, when unbound is
+	  compiled with libevent. It makes saturation of the task queue more
+	  resource intensive and less practical. Thanks to Shiming Liu,
+	  Network and Information Security Lab, Tsinghua University for the
+	  report.
+
+11 April 2025: Wouter
+	- Tag for 1.23.0rc2. This became the release of 1.23.0 on 24 April
+	  2025. The code repository continues with 1.23.1 in development.
+
 11 April 2025: Yorgos
 	- Merge #1265: Fix WSAPoll.
 
@@ -651,7 +918,7 @@
 	  now checks both single and multi process/thread operation.
 
 16 May 2024: Yorgos
-	- Merge #1070: Fix rtt assignement for low values of
+	- Merge #1070: Fix rtt assignment for low values of
 	  infra-cache-max-rtt.
 
 16 May 2024: Wouter
@@ -1059,7 +1326,7 @@
 13 October 2023: George
 	- Better fix for infinite loop when reading multiple lines of input on
 	  a broken remote control socket, by treating a zero byte line the
-	  same as transmission end. Addesses #947 and #948.
+	  same as transmission end. Addresses #947 and #948.
 
 12 October 2023: Wouter
 	- Merge #944: Disable EDNS DO.
@@ -1082,7 +1349,7 @@
 
 10 October 2023: George
 	- Fix infinite loop when reading multiple lines of input on a broken
-	  remote control socket. Addesses #947 and #948.
+	  remote control socket. Addresses #947 and #948.
 
 9 October 2023: Wouter
 	- Fix edns subnet so that queries with a source prefix of zero cause
@@ -1515,7 +1782,7 @@
 	- Ignore expired error responses.
 
 11 November 2022: Wouter
-	- Fix #779: [doc] Missing documention in ub_resolve_event() for
+	- Fix #779: [doc] Missing documentation in ub_resolve_event() for
 	  callback parameter was_ratelimited.
 
 9 November 2022: George
@@ -2479,7 +2746,7 @@
 	  not hang. removed trailing slashes from configure paths. Moved iOS
 	  tests to allow-failure.
 	- travis, analyzer disabled on test without debug, that does not
-	  run anway.  Turn off failing tests except one.  Update iOS test
+	  run anyway.  Turn off failing tests except one.  Update iOS test
 	  to xcode image 12.2.
 
 22 March 2021: George
@@ -2568,7 +2835,7 @@
 	- Fix build on Python 3.10.
 
 10 February 2021: Wouter
-	- Merge PR #420 from dyunwei: DOH not responsing with
+	- Merge PR #420 from dyunwei: DOH not responding with
 	  "http2_query_read_done failure" logged.
 
 9 February 2021: Wouter
@@ -2968,7 +3235,7 @@
 
 6 August 2020: Wouter
 	- Merge PR #284 and Fix #246: Remove DLV entirely from Unbound.
-	  The DLV has been decommisioned and in unbound 1.5.4, in 2015, there
+	  The DLV has been decommissioned and in unbound 1.5.4, in 2015, there
 	  was advise to stop using it.  The current code base does not contain
 	  DLV code any more.  The use of dlv options displays a warning.
 
@@ -3517,7 +3784,7 @@
 3 December 2019: Wouter
 	- Merge pull request #124 from rmetrich: Changed log lock
 	  from 'quick' to 'basic' because this is an I/O lock.
-	- Fix text around serial arithmatic used for RRSIG times to refer
+	- Fix text around serial arithmetic used for RRSIG times to refer
 	  to correct RFC number.
 	- Fix Assert Causing DoS in synth_cname(),
 	  reported by X41 D-Sec.
@@ -3780,7 +4047,7 @@
 	- For #52 #53, second context does not close logfile override.
 	- Fix #52 #53, fix for example fail program.
 	- Fix to return after failed auth zone http chunk write.
-	- Fix to remove unused test for task_probe existance.
+	- Fix to remove unused test for task_probe existence.
 	- Fix to timeval_add for remaining second in microseconds.
 	- Check repinfo in worker_handle_request, if null, drop it.
 
@@ -5037,7 +5304,7 @@
 
 1 February 2018: Wouter
 	- fix unaligned structure making a false positive in checklock
-	  unitialised memory.
+	  uninitialised memory.
 
 29 January 2018: Ralph
 	- Use NSEC with longest ce to prove wildcard absence.
@@ -5640,8 +5907,8 @@
 	- Remove (now unused) event2 include from dnscrypt code.
 
 24 March 2017: George
-	- Fix to prevent non-referal query from being cached as referal when the
-	  no_cache_store flag was set.
+	- Fix to prevent non-referral query from being cached as referral when
+	  the no_cache_store flag was set.
 
 23 March 2017: Wouter
 	- Fix #1239: configure fails to find python distutils if python
@@ -5704,7 +5971,7 @@
 
 7 March 2017: Wouter
 	- Fix #1230: swig version 2.0.0 is required for pythonmod, with
-	  1.3.40 it crashes when running repeatly unbound-control reload.
+	  1.3.40 it crashes when running repeatedly unbound-control reload.
 	- Response actions based on IP address from Jinmei Tatuya (Infoblox).
 
 6 March 2017: Wouter
@@ -5720,7 +5987,7 @@
 	  known vulns.
 
 27 February 2017: Wouter
-	- Fix #1227: Fix that Unbound control allows weak ciphersuits.
+	- Fix #1227: Fix that Unbound control allows weak ciphersuites.
 	- Fix #1226: provide official 32bit binary for windows.
 
 24 February 2017: Wouter
@@ -6709,7 +6976,7 @@
 	- Fix #674: Do not free pointers given by getenv.
 
 29 May 2015: Wouter
-	- Fix that unparseable error responses are ratelimited.
+	- Fix that unparsable error responses are ratelimited.
 	- SOA negative TTL is capped at minimumttl in its rdata section.
 	- cache-max-negative-ttl config option, default 3600.
 
@@ -6727,7 +6994,7 @@
 
 10 May 2015: Wouter
 	- Change syntax of particular validator error to be easier for
-	  machine parse, swap rrset and ip adres info so it looks like:
+	  machine parse, swap rrset and ip address info so it looks like:
 	  validation failure <www.example.nl. TXT IN>: signature crypto
 	  failed from 2001:DB8:7:bba4::53 for <*.example.nl. NSEC IN>
 
@@ -8307,7 +8574,7 @@
 	- fix that --enable-static-exe does not complain about it unknown.
 
 30 June 2011: Wouter
-	- tag relase 1.4.11, trunk is 1.4.12 development.
+	- tag release 1.4.11, trunk is 1.4.12 development.
 	- iana portlist updated.
 	- fix bug#395: id bits of other query may leak out under conditions
 	- fix replyaddr count wrong after jostled queries, which leads to
@@ -9637,7 +9904,7 @@
 
 8 June 2009: Wouter
 	- Removed RFC5011 REVOKE flag support. Partial 5011 support may cause
-	  inadvertant behaviour.
+	  inadvertent behaviour.
 	- 1.3.0 tarball for release created.
 	- 1.3.1 development in svn trunk.
 	- iana portlist updated.
@@ -9986,7 +10253,7 @@
 	- initgroups(3) is called to drop secondary group permissions, if
 	  applicable.
 	- configure option --with-ldns-builtin forces the use of the 
-	  inluded ldns package with the unbound source.  The -I include
+	  included ldns package with the unbound source.  The -I include
 	  is put before the others, so it avoids bad include files from
 	  an older ldns install.
 	- daemon(3) posix call is used when available.
@@ -10291,7 +10558,7 @@
 	  please ranlib, stop file without symbols warning.
 	- harden referral path now also validates the root after priming.
 	  It looks up the root NS authoritatively as well as the root servers
-	  and attemps to validate the entries.
+	  and attempts to validate the entries.
 
 16 October 2008: Wouter
 	- Fixup negative TTL values appearing (reported by Attila Nagy).
@@ -11070,7 +11337,7 @@
 	- please doxygen, put doxygen comment in one place.
 	- asynclook -b blocking mode and test.
 	- refactor asynclook, nicer code.
-	- fixup race problems from opensll in rand init from library, with
+	- fixup race problems from openssl in rand init from library, with
 	  a mutex around the rand init.
 	- fix pass async_id=NULL to _async resolve().
 	- rewrote _wait() routine, so that it is threadsafe.
@@ -12043,7 +12310,7 @@
 11 June 2007: Wouter
 	- replies on TCP queries have the address field set in replyinfo,
 	  for serviced queries, because the initiator does not know that
-	  a TCP fallback has occured.
+	  a TCP fallback has occurred.
 	- omit DNSSEC types from nonDO replies, except if qtype is ANY or
 	  if qtype directly queries for the type (and then only show that
 	  'unknown type' in the answer section).
diff --git a/contrib/unbound/doc/README b/contrib/unbound/doc/README
index 50d9022dbdca..8286ea81ca70 100644
--- a/contrib/unbound/doc/README
+++ b/contrib/unbound/doc/README
@@ -1,4 +1,4 @@
-README for Unbound 1.23.0
+README for Unbound 1.24.0
 Copyright 2007 NLnet Labs
 http://unbound.net
 
diff --git a/contrib/unbound/doc/README.man b/contrib/unbound/doc/README.man
new file mode 100644
index 000000000000..8e7897f47790
--- /dev/null
+++ b/contrib/unbound/doc/README.man
@@ -0,0 +1,16 @@
+After Unbound 1.23.0, the source of the man pages is in reStructuredText format.
+
+This helps with the online documentation at https://unbound.docs.nlnetlabs.nl
+and makes it easier to maintain and contribute to the documentation.
+
+The templated man pages (*.in) are still part of the code repository as to not
+alter current procedures that could be in place by users/packagers.
+
+The templated man pages (*.in) are generated by Sphinx (used for the online
+documentation).
+The online documentation has its own repository at
+https://github.com/NLnetLabs/unbound-manual.
+
+In the README.md there (branch test-auto for now), there are further simple
+instructions on how to generate the templated man pages there and update them
+in this repository.
diff --git a/contrib/unbound/doc/example.conf b/contrib/unbound/doc/example.conf
index ab9445fc69f1..3a5188f00477 100644
--- a/contrib/unbound/doc/example.conf
+++ b/contrib/unbound/doc/example.conf
@@ -1,7 +1,7 @@
 #
 # Example configuration file.
 #
-# See unbound.conf(5) man page, version 1.15.0.
+# See unbound.conf(5) man page, version 1.23.1.
 #
 # this is a comment.
 
@@ -17,7 +17,7 @@ server:
 	# whitespace is not necessary, but looks cleaner.
 
 	# verbosity number, 0 is least verbose. 1 is default.
-	verbosity: 1
+	# verbosity: 1
 
 	# print statistics to the log (for every thread) every N seconds.
 	# Set to "" or 0 to disable. Default is disabled.
@@ -35,9 +35,14 @@ server:
 	# statistics-cumulative: no
 
 	# enable extended statistics (query types, answer codes, status)
-	# printed from unbound-control. default off, because of speed.
+	# printed from unbound-control. Default off, because of speed.
 	# extended-statistics: no
 
+	# Inhibits selected extended statistics (qtype, qclass, qopcode, rcode,
+	# rpz-actions) from printing if their value is 0.
+	# Default on.
+	# statistics-inhibit-zero: yes
+
 	# number of threads to create. 1 disables threading.
 	# num-threads: 1
 
@@ -50,11 +55,16 @@ server:
 	# interface: 192.0.2.154
 	# interface: 192.0.2.154@5003
 	# interface: 2001:DB8::5
+	# interface: eth0@5003
 
 	# enable this feature to copy the source address of queries to reply.
 	# Socket options are not supported on all platforms. experimental.
 	# interface-automatic: no
 
+	# instead of the default port, open additional ports separated by
+	# spaces when interface-automatic is enabled, by listing them here.
+	# interface-automatic-ports: ""
+
 	# port to answer queries from
 	# port: 53
 
@@ -133,8 +143,8 @@ server:
 	# edns-buffer-size: 1232
 
 	# Maximum UDP response size (not applied to TCP response).
-	# Suggested values are 512 to 4096. Default is 4096. 65536 disables it.
-	# max-udp-size: 4096
+	# Suggested values are 512 to 4096. Default is 1232. 65536 disables it.
+	# max-udp-size: 1232
 
 	# max memory to use for stream(tcp and tls) waiting result buffers.
 	# stream-wait-size: 4m
@@ -164,13 +174,53 @@ server:
 	# perform connect for UDP sockets to mitigate ICMP side channel.
 	# udp-connect: yes
 
-	# The number of retries when a non-positive response is received.
+	# The number of retries, per upstream nameserver in a delegation, when
+	# a throwaway response (also timeouts) is received.
 	# outbound-msg-retry: 5
 
+	# Hard limit on the number of outgoing queries Unbound will make while
+	# resolving a name, making sure large NS sets do not loop.
+	# It resets on query restarts (e.g., CNAME) and referrals.
+	# max-sent-count: 32
+
+	# Hard limit on the number of times Unbound is allowed to restart a
+	# query upon encountering a CNAME record.
+	# max-query-restarts: 11
+
+	# Limit on number of NS records in NS RRset for incoming packets.
+	# iter-scrub-ns: 20
+
+	# Limit on number of CNAME, DNAME records for incoming packets.
+	# iter-scrub-cname: 11
+
+	# Limit on upstream queries for an incoming query and its recursion.
+	# max-global-quota: 200
+
 	# msec for waiting for an unknown server to reply.  Increase if you
 	# are behind a slow satellite link, to eg. 1128.
 	# unknown-server-time-limit: 376
 
+	# msec before recursion replies are dropped. The work item continues.
+	# discard-timeout: 1900
+
+	# Max number of replies waiting for recursion per IP address.
+	# wait-limit: 1000
+
+	# Max replies waiting for recursion for IP address with cookie.
+	# wait-limit-cookie: 10000
+
+	# Apart from the default, the wait limit can be set for a netblock.
+	# wait-limit-netblock: 192.0.2.0/24 50000
+
+	# Apart from the default, the wait limit with cookie can be adjusted.
+	# wait-limit-cookie-netblock: 192.0.2.0/24 50000
+
+	# Defaults for loopback, it has no wait limit.
+	# wait-limit-netblock: 127.0.0.0/8 -1
+	# wait-limit-netblock: ::1/128 -1
+	# wait-limit-cookie-netblock: 127.0.0.0/8 -1
+	# wait-limit-cookie-netblock: ::1/128 -1
+
 	# the amount of memory to use for the RRset cache.
 	# plain value in bytes or you can append k, m or G. default is "4Mb".
 	# rrset-cache-size: 4m
@@ -191,6 +241,11 @@ server:
 	# the time to live (TTL) value cap for negative responses in the cache
 	# cache-max-negative-ttl: 3600
 
+	# the time to live (TTL) value lower bound, in seconds. Default 0.
+	# For negative responses in the cache. If disabled, default,
+	# cache-min-ttl applies if configured.
+	# cache-min-negative-ttl: 0
+
 	# the time to live (TTL) value for cached roundtrip times, lameness and
 	# EDNS version information for hosts. In seconds.
 	# infra-host-ttl: 900
@@ -198,6 +253,9 @@ server:
 	# minimum wait time for responses, increase if uplink is long. In msec.
 	# infra-cache-min-rtt: 50
 
+	# maximum wait time for responses. In msec.
+	# infra-cache-max-rtt: 120000
+
 	# enable to make server probe down hosts more frequently.
 	# infra-keep-probing: no
 
@@ -209,7 +267,8 @@ server:
 	# the maximum number of hosts that are cached (roundtrip, EDNS, lame).
 	# infra-cache-numhosts: 10000
 
-	# define a number of tags here, use with local-zone, access-control.
+	# define a number of tags here, use with local-zone, access-control,
+	# interface-*.
 	# repeat the define-tag statement to add additional tags.
 	# define-tag: "tag1 tag2 tag3"
 
@@ -219,6 +278,18 @@ server:
 	# Enable IPv6, "yes" or "no".
 	# do-ip6: yes
 
+	# If running unbound on an IPv6-only host, domains that only have
+	# IPv4 servers would become unresolveable.  If NAT64 is available in
+	# the network, unbound can use NAT64 to reach these servers with
+	# the following option.  This is NOT needed for enabling DNS64 on a
+	# system that has IPv4 connectivity.
+	# Consider also enabling prefer-ip6 to prefer native IPv6 connections
+	# to nameservers.
+	# do-nat64: no
+
+	# NAT64 prefix.  Defaults to using dns64-prefix value.
+	# nat64-prefix: 64:ff9b::0/96
+
 	# Enable UDP, "yes" or "no".
 	# do-udp: yes
 
@@ -247,9 +318,14 @@ server:
 	# Enable EDNS TCP keepalive option.
 	# edns-tcp-keepalive: no
 
-	# Timeout for EDNS TCP keepalive, in msec.
+	# Timeout for EDNS TCP keepalive, in msec. Overrides tcp-idle-timeout
+	# if edns-tcp-keepalive is set.
 	# edns-tcp-keepalive-timeout: 120000
 
+	# UDP queries that have waited in the socket buffer for a long time
+	# can be dropped. Default is 0, disabled. In seconds, such as 3.
+	# sock-queue-timeout: 0
+
 	# Use systemd socket activation for UDP, TCP, and control sockets.
 	# use-systemd: no
 
@@ -263,11 +339,10 @@ server:
 	# Choose deny (drop message), refuse (polite error reply),
 	# allow (recursive ok), allow_setrd (recursive ok, rd bit is forced on),
 	# allow_snoop (recursive and nonrecursive ok)
+	# allow_cookie (allow UDP with valid cookie or stateful transport)
 	# deny_non_local (drop queries unless can be answered from local-data)
 	# refuse_non_local (like deny_non_local but polite error reply).
-	# access-control: 0.0.0.0/0 refuse
 	# access-control: 127.0.0.0/8 allow
-	# access-control: ::0/0 refuse
 	# access-control: ::1 allow
 	# access-control: ::ffff:127.0.0.1 allow
 
@@ -276,7 +351,7 @@ server:
 	# are tagged with one of these tags.
 	# access-control-tag: 192.0.2.0/24 "tag2 tag3"
 
-	# set action for particular tag for given access control element
+	# set action for particular tag for given access control element.
 	# if you have multiple tag values, the tag used to lookup the action
 	# is the first tag match between access-control-tag and local-zone-tag
 	# where "first" comes from the order of the define-tag values.
@@ -288,6 +363,58 @@ server:
 	# Set view for access control element
 	# access-control-view: 192.0.2.0/24 viewname
 
+	# Similar to 'access-control:' but for interfaces.
+	# Control which listening interfaces are allowed to accept (recursive)
+	# queries for this server.
+	# The specified interfaces should be the same as the ones specified in
+	# 'interface:' followed by the action.
+	# The actions are the same as 'access-control:' above.
+	# By default all the interfaces configured are refused.
+	# Note: any 'access-control*:' setting overrides all 'interface-*:'
+	# settings for targeted clients.
+	# interface-action: 192.0.2.153 allow
+	# interface-action: 192.0.2.154 allow
+	# interface-action: 192.0.2.154@5003 allow
+	# interface-action: 2001:DB8::5 allow
+	# interface-action: eth0@5003 allow
+
+	# Similar to 'access-control-tag:' but for interfaces.
+	# Tag interfaces with a list of tags (in "" with spaces between).
+	# Interfaces using these tags use localzones that are tagged with one
+	# of these tags.
+	# The specified interfaces should be the same as the ones specified in
+	# 'interface:' followed by the list of tags.
+	# Note: any 'access-control*:' setting overrides all 'interface-*:'
+	# settings for targeted clients.
+	# interface-tag: eth0@5003 "tag2 tag3"
+
+	# Similar to 'access-control-tag-action:' but for interfaces.
+	# Set action for particular tag for a given interface element.
+	# If you have multiple tag values, the tag used to lookup the action
+	# is the first tag match between interface-tag and local-zone-tag
+	# where "first" comes from the order of the define-tag values.
+	# The specified interfaces should be the same as the ones specified in
+	# 'interface:' followed by the tag and action.
+	# Note: any 'access-control*:' setting overrides all 'interface-*:'
+	# settings for targeted clients.
+	# interface-tag-action: eth0@5003 tag3 refuse
+
+	# Similar to 'access-control-tag-data:' but for interfaces.
+	# Set redirect data for a particular tag for an interface element.
+	# The specified interfaces should be the same as the ones specified in
+	# 'interface:' followed by the tag and the redirect data.
+	# Note: any 'access-control*:' setting overrides all 'interface-*:'
+	# settings for targeted clients.
+	# interface-tag-data: eth0@5003 tag2 "A 127.0.0.1"
+
+	# Similar to 'access-control-view:' but for interfaces.
+	# Set view for an interface element.
+	# The specified interfaces should be the same as the ones specified in
+	# 'interface:' followed by the view name.
+	# Note: any 'access-control*:' setting overrides all 'interface-*:'
+	# settings for targeted clients.
+	# interface-view: eth0@5003 viewname
+
 	# if given, a chroot(2) is done to the given directory.
 	# i.e. you can chroot to the working directory, for example,
 	# for extra security, but make sure all files are in that directory.
@@ -311,19 +438,19 @@ server:
 	# How to do this is specific to your OS.
 	#
 	# If you give "" no chroot is performed. The path must not end in a /.
-	# chroot: "@UNBOUND_CHROOT_DIR@"
+	# chroot: "/var/unbound"
 
 	# if given, user privileges are dropped (after binding port),
 	# and the given username is assumed. Default is user "unbound".
 	# If you give "" no privileges are dropped.
-	# username: "@UNBOUND_USERNAME@"
+	# username: "unbound"
 
 	# the working directory. The relative files in this config are
 	# relative to this directory. If you give "" the working directory
 	# is not changed.
 	# If you give a server: directory: dir before include: file statements
 	# then those includes can be relative to the working directory.
-	# directory: "@UNBOUND_RUN_DIR@"
+	# directory: "/var/unbound"
 
 	# the log file, "" means log to stderr.
 	# Use of this option sets use-syslog to "no".
@@ -340,6 +467,10 @@ server:
 	# print UTC timestamp in ascii to logfile, default is epoch in seconds.
 	# log-time-ascii: no
 
+	# log timestamp in ISO8601 format if also log-time-ascii is enabled.
+	# (y-m-dTh:m:s.msec[+-]tzhours:tzminutes)
+	# log-time-iso: no
+
 	# print one line with time, IP, name, type, class for every query.
 	# log-queries: no
 
@@ -351,6 +482,9 @@ server:
 	# filtering log-queries and log-replies from the log.
 	# log-tag-queryreply: no
 
+	# log with destination address, port and type for log-replies.
+	# log-destaddr: no
+
 	# log the local-zone actions, like local-zone type inform is enabled
 	# also for the other local zone types.
 	# log-local-actions: no
@@ -359,7 +493,7 @@ server:
 	# log-servfail: no
 
 	# the pid file. Can be an absolute path outside of chroot/work dir.
-	# pidfile: "@UNBOUND_PIDFILE@"
+	# pidfile: "/var/unbound/unbound.pid"
 
 	# file to read root hints from.
 	# get one from https://www.internic.net/domain/named.cache
@@ -409,6 +543,9 @@ server:
 	# Harden against out of zone rrsets, to avoid spoofing attempts.
 	# harden-glue: yes
 
+	# Harden against unverified (outside-zone, including sibling zone) glue rrsets
+	# harden-unverified-glue: no
+
 	# Harden against receiving dnssec-stripped data. If you turn it
 	# off, failing to validate dnskey data for a trustanchor will
 	# trigger insecure mode for that zone (like without a trustanchor).
@@ -425,10 +562,15 @@ server:
 	# harden-referral-path: no
 
 	# Harden against algorithm downgrade when multiple algorithms are
-	# advertised in the DS record.  If no, allows the weakest algorithm
-	# to validate the zone.
+	# advertised in the DS record.  If no, allows any algorithm
+	# to validate the zone which is the standard behavior for validators.
+	# Check the manpage for detailed information.
 	# harden-algo-downgrade: no
 
+	# Harden against unknown records in the authority section and the
+	# additional section.
+	# harden-unknown-additional: no
+
 	# Sent minimum amount of information to upstream servers to enhance
 	# privacy. Only sent minimum required labels of the QNAME and set QTYPE
 	# to A when possible.
@@ -521,7 +663,7 @@ server:
 	# And then enable the auto-trust-anchor-file config item.
 	# Please note usage of unbound-anchor root anchor is at your own risk
 	# and under the terms of our LICENSE (see that file in the source).
-	# auto-trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@"
+	# auto-trust-anchor-file: "/var/unbound/root.key"
 
 	# trust anchor signaling sends a RFC8145 key tag query after priming.
 	# trust-anchor-signaling: yes
@@ -589,13 +731,19 @@ server:
 	# that set CD but cannot validate themselves.
 	# ignore-cd-flag: no
 
+	# Disable the DO flag in outgoing requests. It is helpful for upstream
+	# devices that cannot handle DNSSEC information. But do not enable it
+	# otherwise, because it would stop DNSSEC validation.
+	# disable-edns-do: no
+
 	# Serve expired responses from cache, with serve-expired-reply-ttl in
-	# the response, and then attempt to fetch the data afresh.
+	# the response. By default it first tries to refresh an expired answer.
+	# Can be configured with serve-expired-client-timeout.
 	# serve-expired: no
 	#
 	# Limit serving of expired responses to configured seconds after
 	# expiration. 0 disables the limit.
-	# serve-expired-ttl: 0
+	# serve-expired-ttl: 86400
 	#
 	# Set the TTL of expired records to the serve-expired-ttl value after a
 	# failed attempt to retrieve the record from upstream. This makes sure
@@ -608,10 +756,9 @@ server:
 	#
 	# Time in milliseconds before replying to the client with expired data.
 	# This essentially enables the serve-stale behavior as specified in
-	# RFC 8767 that first tries to resolve before
-	# immediately responding with expired data.  0 disables this behavior.
-	# A recommended value is 1800.
-	# serve-expired-client-timeout: 0
+	# RFC 8767 that first tries to resolve before immediately responding
+	# with expired data.  0 disables this behavior.
+	# serve-expired-client-timeout: 1800
 
 	# Return the original TTL as received from the upstream name server rather
 	# than the decrementing TTL as stored in the cache.  Enabling this feature
@@ -670,6 +817,8 @@ server:
 	# local-zone: "127.in-addr.arpa." nodefault
 	# local-zone: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." nodefault
 	# local-zone: "home.arpa." nodefault
+	# local-zone: "resolver.arpa." nodefault
+	# local-zone: "service.arpa." nodefault
 	# local-zone: "onion." nodefault
 	# local-zone: "test." nodefault
 	# local-zone: "invalid." nodefault
@@ -736,6 +885,8 @@ server:
 	# o always_transparent, always_refuse, always_nxdomain, always_nodata,
 	#   always_deny resolve in that way but ignore local data for
 	#   that name
+	# o block_a resolves all records normally but returns
+	#   NODATA for A queries and ignores local data for that name
 	# o always_null returns 0.0.0.0 or ::0 for any name in the zone.
 	# o noview breaks out of that view towards global local-zones.
 	#
@@ -778,6 +929,7 @@ server:
 	# tls-service-pem: "path/to/publiccertfile.pem"
 	# tls-port: 853
 	# https-port: 443
+	# quic-port: 853
 
 	# cipher setting for TLSv1.2
 	# tls-ciphers: "DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256"
@@ -811,6 +963,8 @@ server:
 
 	# Add system certs to the cert bundle, from the Windows Cert Store
 	# tls-win-cert: no
+	# and on other systems, the default openssl certificates
+	# tls-system-cert: no
 
 	# Pad queries over TLS upstreams
 	# pad-queries: yes
@@ -840,6 +994,13 @@ server:
 	# Disable TLS for DNS-over-HTTP downstream service.
 	# http-notls-downstream: no
 
+	# Maximum number of bytes used for QUIC buffers.
+	# quic-size: 8m
+
+	# The interfaces that use these listed port numbers will support and
+	# expect PROXYv2. For UDP and TCP/TLS interfaces.
+	# proxy-protocol-port: portno for each of the port numbers.
+
 	# DNS64 prefix. Must be specified when DNS64 is use.
 	# Enable dns64 in module-config.  Used to synthesize IPv6 from IPv4.
 	# dns64-prefix: 64:ff9b::0/96
@@ -876,6 +1037,13 @@ server:
 	# if 0(default) it is disabled, otherwise states qps allowed per ip address
 	# ip-ratelimit: 0
 
+	# global query ratelimit for all ip addresses with a valid DNS Cookie.
+	# feature is experimental.
+	# if 0(default) it is disabled, otherwise states qps allowed per ip address
+	# useful in combination with 'allow_cookie'.
+	# If used, suggested to be higher than ip-ratelimit, tenfold.
+	# ip-ratelimit-cookie: 0
+
 	# ip ratelimits are tracked in a cache, size in bytes of cache (or k,m).
 	# ip-ratelimit-size: 4m
 	# ip ratelimit cache slabs, reduces lock contention if equal to cpucount.
@@ -897,6 +1065,32 @@ server:
 	# the number of servers that will be used in the fast server selection.
 	# fast-server-num: 3
 
+	# reply to requests containing DNS Cookies as specified in RFC 7873 and RFC 9018.
+	# answer-cookie: no
+
+	# secret for DNS Cookie generation.
+	# useful for anycast deployments.
+	# example value "000102030405060708090a0b0c0d0e0f".
+	# cookie-secret: <128 bit random hex string>
+
+	# File with cookie secrets, the 'cookie-secret:' option is ignored
+	# and the file can be managed to have staging and active secrets
+	# with remote control commands. Disabled with "". Default is "".
+	# cookie-secret-file: "/usr/local/etc/unbound_cookiesecrets.txt"
+
+	# Enable to attach Extended DNS Error codes (RFC8914) to responses.
+	# ede: no
+
+	# Enable to attach an Extended DNS Error (RFC8914) Code 3 - Stale
+	# Answer as EDNS0 option to expired responses.
+	# Note that the ede option above needs to be enabled for this to work.
+	# ede-serve-expired: no
+
+	# Enable DNS Error Reporting (RFC9567).
+	# qname-minimisation is advised to be turned on as well to increase
+	# privacy on the outgoing reports.
+	# dns-error-reporting: no
+
 	# Specific options for ipsecmod. Unbound needs to be configured with
 	# --enable-ipsecmod for these to take effect.
 	#
@@ -941,7 +1135,7 @@ server:
 # o and give a python-script to run.
 python:
 	# Script file to load
-	# python-script: "@UNBOUND_SHARE_DIR@/ubmodule-tst.py"
+	# python-script: "/var/unbound/ubmodule-tst.py"
 
 # Dynamic library config section. To enable:
 # o use --with-dynlibmodule to configure before compiling.
@@ -952,7 +1146,7 @@ python:
 #   the module-config then you need one dynlib-file per instance.
 dynlib:
 	# Script file to load
-	# dynlib-file: "@UNBOUND_SHARE_DIR@/dynlib.so"
+	# dynlib-file: "/var/unbound/dynlib.so"
 
 # Remote control config section.
 remote-control:
@@ -975,16 +1169,16 @@ remote-control:
 	# control-use-cert: "yes"
 
 	# Unbound server key file.
-	# server-key-file: "@UNBOUND_RUN_DIR@/unbound_server.key"
+	# server-key-file: "/var/unbound/unbound_server.key"
 
 	# Unbound server certificate file.
-	# server-cert-file: "@UNBOUND_RUN_DIR@/unbound_server.pem"
+	# server-cert-file: "/var/unbound/unbound_server.pem"
 
 	# unbound-control key file.
-	# control-key-file: "@UNBOUND_RUN_DIR@/unbound_control.key"
+	# control-key-file: "/var/unbound/unbound_control.key"
 
 	# unbound-control certificate file.
-	# control-cert-file: "@UNBOUND_RUN_DIR@/unbound_control.pem"
+	# control-cert-file: "/var/unbound/unbound_control.pem"
 
 # Stub zones.
 # Create entries like below, to make all queries for 'example.com' and
@@ -1031,11 +1225,11 @@ remote-control:
 # has a copy of the root for local usage.  The second serves example.org
 # authoritatively.  zonefile: reads from file (and writes to it if you also
 # download it), primary: fetches with AXFR and IXFR, or url to zonefile.
-# With allow-notify: you can give additional (apart from primaries) sources of
-# notifies.
+# With allow-notify: you can give additional (apart from primaries and urls)
+# sources of notifies.
 # auth-zone:
 #	name: "."
-#	primary: 199.9.14.201         # b.root-servers.net
+#	primary: 170.247.170.2        # b.root-servers.net
 #	primary: 192.33.4.12          # c.root-servers.net
 #	primary: 199.7.91.13          # d.root-servers.net
 #	primary: 192.5.5.241          # f.root-servers.net
@@ -1043,7 +1237,7 @@ remote-control:
 #	primary: 193.0.14.129         # k.root-servers.net
 #	primary: 192.0.47.132         # xfr.cjr.dns.icann.org
 #	primary: 192.0.32.132         # xfr.lax.dns.icann.org
-#	primary: 2001:500:200::b      # b.root-servers.net
+#	primary: 2801:1b8:10::b       # b.root-servers.net
 #	primary: 2001:500:2::c        # c.root-servers.net
 #	primary: 2001:500:2d::d       # d.root-servers.net
 #	primary: 2001:500:2f::f       # f.root-servers.net
@@ -1111,6 +1305,11 @@ remote-control:
 #     backend: "testframe"
 #     # secret seed string to calculate hashed keys
 #     secret-seed: "default"
+#     # if the backend should be read from, but not written to.
+#     cachedb-no-store: no
+#     # if the cachedb should be checked before a serve-expired response is
+#     # given, when serve-expired is enabled.
+#     cachedb-check-when-serve-expired: yes
 #
 #     # For "redis" backend:
 #     # (to enable, use --with-libhiredis to configure before compiling)
@@ -1118,10 +1317,36 @@ remote-control:
 #     redis-server-host: 127.0.0.1
 #     # redis server's TCP port
 #     redis-server-port: 6379
+#     # if the server uses a unix socket, set its path, or "" when not used.
+#     redis-server-path: "/var/lib/redis/redis-server.sock"
+#     # if the server uses an AUTH password, specify here, or "" when not used.
+#     redis-server-password: ""
 #     # timeout (in ms) for communication with the redis server
 #     redis-timeout: 100
+#     # timeout (in ms) for commands, if 0, uses redis-timeout.
+#     redis-command-timeout: 0
+#     # timeout (in ms) for connection set up, if 0, uses redis-timeout.
+#     redis-connect-timeout: 0
 #     # set timeout on redis records based on DNS response TTL
 #     redis-expire-records: no
+#     # redis logical database to use, 0 is the default database.
+#     redis-logical-db: 0
+#     # redis replica server's IP address or host name
+#     redis-replica-server-host: 127.0.0.1
+#     # redis replica server's TCP port
+#     redis-replica-server-port: 6379
+#     # if the replica server uses a unix socket, set its path, or "" when not used.
+#     redis-replica-server-path: "/var/lib/redis/redis-server.sock"
+#     # if the replica server uses an AUTH password, specify here, or "" when not used.
+#     redis-replica-server-password: ""
+#     # timeout (in ms) for communication with the redis replica server
+#     redis-replica-timeout: 100
+#     # timeout (in ms) for redis replica commands, if 0, uses redis-replica-timeout.
+#     redis-replica-command-timeout: 0
+#     # timeout (in ms) for redis replica connection set up, if 0, uses redis-replica-timeout.
+#     redis-replica-connect-timeout: 0
+#     # redis logical database to use for the replica server, 0 is the default database.
+#     redis-replica-logical-db: 0
 
 # IPSet
 # Add specify domain into set via ipset.
@@ -1143,7 +1368,7 @@ remote-control:
 # 	dnstap-enable: no
 # 	# if set to yes frame streams will be used in bidirectional mode
 # 	dnstap-bidirectional: yes
-# 	dnstap-socket-path: "@DNSTAP_SOCKET_PATH@"
+# 	dnstap-socket-path: ""
 # 	# if "" use the unix socket in dnstap-socket-path, otherwise,
 # 	# set it to "IPaddress[@port]" of the destination.
 # 	dnstap-ip: ""
@@ -1163,6 +1388,8 @@ remote-control:
 # 	dnstap-identity: ""
 # 	# if "" it uses the package version.
 # 	dnstap-version: ""
+# 	# log only 1/N messages, if 0 it is disabled. default 0.
+# 	dnstap-sample-rate: 0
 # 	dnstap-log-resolver-query-messages: no
 # 	dnstap-log-resolver-response-messages: no
 # 	dnstap-log-client-query-messages: no
@@ -1171,7 +1398,8 @@ remote-control:
 # 	dnstap-log-forwarder-response-messages: no
 
 # Response Policy Zones
-# RPZ policies. Applied in order of configuration. QNAME, Response IP
+# RPZ policies. Applied in order of configuration. Any match from an earlier
+# RPZ zone will terminate the RPZ lookup. QNAME, Response IP
 # Address, nsdname, nsip and clientip triggers are supported. Supported
 # actions are: NXDOMAIN, NODATA, PASSTHRU, DROP, Local Data, tcp-only
 # and drop.  Policies can be loaded from a file, or using zone
diff --git a/contrib/unbound/doc/example.conf.in b/contrib/unbound/doc/example.conf.in
index ba817288bb62..ef9a5a264c64 100644
--- a/contrib/unbound/doc/example.conf.in
+++ b/contrib/unbound/doc/example.conf.in
@@ -1,7 +1,7 @@
 #
 # Example configuration file.
 #
-# See unbound.conf(5) man page, version 1.23.0.
+# See unbound.conf(5) man page, version 1.24.0.
 #
 # this is a comment.
 
@@ -116,8 +116,8 @@ server:
 	# so-rcvbuf: 0
 
 	# buffer size for UDP port 53 outgoing (SO_SNDBUF socket option).
-	# 0 is system default.  Use 4m to handle spikes on very busy servers.
-	# so-sndbuf: 0
+	# 0 is system default. Set larger to handle spikes on very busy servers.
+	# so-sndbuf: 4m
 
 	# use SO_REUSEPORT to distribute queries over threads.
 	# at extreme load it could be better to turn it off to distribute even.
@@ -163,7 +163,7 @@ server:
 	# msg-cache-slabs: 4
 
 	# the number of queries that a thread gets to service.
-	# num-queries-per-thread: 1024
+	# num-queries-per-thread: 2048
 
 	# if very busy, 50% queries run to completion, 50% get timeout in msec
 	# jostle-timeout: 200
@@ -279,7 +279,7 @@ server:
 	# do-ip6: yes
 
 	# If running unbound on an IPv6-only host, domains that only have
-	# IPv4 servers would become unresolveable.  If NAT64 is available in
+	# IPv4 servers would become unresolvable.  If NAT64 is available in
 	# the network, unbound can use NAT64 to reach these servers with
 	# the following option.  This is NOT needed for enabling DNS64 on a
 	# system that has IPv4 connectivity.
diff --git a/contrib/unbound/doc/libunbound.3 b/contrib/unbound/doc/libunbound.3
index 7df4f59d7831..8ef33b0998a2 100644
--- a/contrib/unbound/doc/libunbound.3
+++ b/contrib/unbound/doc/libunbound.3
@@ -1,4 +1,4 @@
-.TH "libunbound" "3" "Feb 10, 2022" "NLnet Labs" "unbound 1.15.0"
+.TH "libunbound" "3" "Jul 16, 2025" "NLnet Labs" "unbound 1.23.1"
 .\"
 .\" libunbound.3 -- unbound library functions manual
 .\"
@@ -44,7 +44,7 @@
 .B ub_ctx_zone_remove,
 .B ub_ctx_data_add,
 .B ub_ctx_data_remove
-\- Unbound DNS validating resolver 1.15.0 functions.
+\- Unbound DNS validating resolver 1.23.1 functions.
 .SH "SYNOPSIS"
 .B #include <unbound.h>
 .LP
diff --git a/contrib/unbound/doc/libunbound.3.in b/contrib/unbound/doc/libunbound.3.in
index 4edc9b3c30af..e3723fbbdbad 100644
--- a/contrib/unbound/doc/libunbound.3.in
+++ b/contrib/unbound/doc/libunbound.3.in
@@ -1,335 +1,306 @@
-.TH "libunbound" "3" "Apr 24, 2025" "NLnet Labs" "unbound 1.23.0"
-.\"
-.\" libunbound.3 -- unbound library functions manual
-.\"
-.\" Copyright (c) 2007, NLnet Labs. All rights reserved.
-.\"
-.\" See LICENSE for the license.
-.\"
-.\"
-.SH "NAME"
-.B libunbound,
-.B unbound.h,
-.B ub_ctx,
-.B ub_result,
-.B ub_callback_type,
-.B ub_ctx_create,
-.B ub_ctx_delete,
-.B ub_ctx_set_option,
-.B ub_ctx_get_option,
-.B ub_ctx_config,
-.B ub_ctx_set_fwd,
-.B ub_ctx_set_stub,
-.B ub_ctx_set_tls,
-.B ub_ctx_resolvconf,
-.B ub_ctx_hosts,
-.B ub_ctx_add_ta,
-.B ub_ctx_add_ta_autr,
-.B ub_ctx_add_ta_file,
-.B ub_ctx_trustedkeys,
-.B ub_ctx_debugout,
-.B ub_ctx_debuglevel,
-.B ub_ctx_async,
-.B ub_poll,
-.B ub_wait,
-.B ub_fd,
-.B ub_process,
-.B ub_resolve,
-.B ub_resolve_async,
-.B ub_cancel,
-.B ub_resolve_free,
-.B ub_strerror,
-.B ub_ctx_print_local_zones,
-.B ub_ctx_zone_add,
-.B ub_ctx_zone_remove,
-.B ub_ctx_data_add,
-.B ub_ctx_data_remove
-\- Unbound DNS validating resolver 1.23.0 functions.
-.SH "SYNOPSIS"
-.B #include <unbound.h>
-.LP
-\fIstruct ub_ctx *\fR
-\fBub_ctx_create\fR(\fIvoid\fR);
-.LP
-\fIvoid\fR
-\fBub_ctx_delete\fR(\fIstruct ub_ctx*\fR ctx);
-.LP
-\fIint\fR
-\fBub_ctx_set_option\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR opt, \fIchar*\fR val);
-.LP
-\fIint\fR
-\fBub_ctx_get_option\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR opt, \fIchar**\fR val);
-.LP
-\fIint\fR
-\fBub_ctx_config\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname);
-.LP
-\fIint\fR
-\fBub_ctx_set_fwd\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR addr);
-.LP
-\fIint\fR
-\fBub_ctx_set_stub\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR zone,
-\fIchar*\fR addr,
-.br
-		\fIint\fR isprime);
-.LP
-\fIint\fR
-\fBub_ctx_set_tls\fR(\fIstruct ub_ctx*\fR ctx, \fIint\fR tls);
-.LP
-\fIint\fR
-\fBub_ctx_resolvconf\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname);
-.LP
-\fIint\fR
-\fBub_ctx_hosts\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname);
-.LP
-\fIint\fR
-\fBub_ctx_add_ta\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR ta);
-.LP
-\fIint\fR
-\fBub_ctx_add_ta_autr\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname);
-.LP
-\fIint\fR
-\fBub_ctx_add_ta_file\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname);
-.LP
-\fIint\fR
-\fBub_ctx_trustedkeys\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname);
-.LP
-\fIint\fR
-\fBub_ctx_debugout\fR(\fIstruct ub_ctx*\fR ctx, \fIFILE*\fR out);
-.LP
-\fIint\fR
-\fBub_ctx_debuglevel\fR(\fIstruct ub_ctx*\fR ctx, \fIint\fR d);
-.LP
-\fIint\fR
-\fBub_ctx_async\fR(\fIstruct ub_ctx*\fR ctx, \fIint\fR dothread);
-.LP
-\fIint\fR
-\fBub_poll\fR(\fIstruct ub_ctx*\fR ctx);
-.LP
-\fIint\fR
-\fBub_wait\fR(\fIstruct ub_ctx*\fR ctx);
-.LP
-\fIint\fR
-\fBub_fd\fR(\fIstruct ub_ctx*\fR ctx);
-.LP
-\fIint\fR
-\fBub_process\fR(\fIstruct ub_ctx*\fR ctx);
-.LP
-\fIint\fR
-\fBub_resolve\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR name, 
-.br
-           \fIint\fR rrtype, \fIint\fR rrclass, \fIstruct ub_result**\fR result);
-.LP
-\fIint\fR
-\fBub_resolve_async\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR name, 
-.br
-                 \fIint\fR rrtype, \fIint\fR rrclass, \fIvoid*\fR mydata, 
-.br
-                 \fIub_callback_type\fR callback, \fIint*\fR async_id);
-.LP
-\fIint\fR
-\fBub_cancel\fR(\fIstruct ub_ctx*\fR ctx, \fIint\fR async_id);
-.LP
-\fIvoid\fR
-\fBub_resolve_free\fR(\fIstruct ub_result*\fR result);
-.LP
-\fIconst char *\fR
-\fBub_strerror\fR(\fIint\fR err);
-.LP
-\fIint\fR
-\fBub_ctx_print_local_zones\fR(\fIstruct ub_ctx*\fR ctx);
-.LP
-\fIint\fR
-\fBub_ctx_zone_add\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR zone_name, \fIchar*\fR zone_type);
-.LP
-\fIint\fR
-\fBub_ctx_zone_remove\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR zone_name);
-.LP
-\fIint\fR
-\fBub_ctx_data_add\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR data);
-.LP
-\fIint\fR
-\fBub_ctx_data_remove\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR data);
-.SH "DESCRIPTION"
-.B Unbound 
-is an implementation of a DNS resolver, that does caching and 
-DNSSEC validation. This is the library API, for using the \-lunbound library.
-The server daemon is described in \fIunbound\fR(8).
-The library works independent from a running unbound server, and
-can be used to convert hostnames to ip addresses, and back,
-and obtain other information from the DNS. The library performs public\-key
-validation of results with DNSSEC.
-.P
-The library uses a variable of type \fIstruct ub_ctx\fR to keep context
-between calls. The user must maintain it, creating it with
-.B ub_ctx_create
-and deleting it with
-.B ub_ctx_delete\fR.
-It can be created and deleted at any time. Creating it anew removes any 
-previous configuration (such as trusted keys) and clears any cached results.
-.P
-The functions are thread\-safe, and a context can be used in a threaded (as 
-well as in a non\-threaded) environment. Also resolution (and validation) 
-can be performed blocking and non\-blocking (also called asynchronous). 
-The async method returns from the call immediately, so that processing 
-can go on, while the results become available later. 
-.P
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "LIBUNBOUND" "3" "Sep 18, 2025" "1.24.0" "Unbound"
+.SH NAME
+libunbound \- Unbound DNS validating resolver 1.24.0 functions.
+.SH SYNOPSIS
+.sp
+\fB#include <unbound.h>\fP
+.sp
+struct ub_ctx * \fBub_ctx_create\fP(void);
+.sp
+void \fBub_ctx_delete\fP(struct ub_ctx* ctx);
+.sp
+int \fBub_ctx_set_option\fP(struct ub_ctx* ctx, char* opt, char* val);
+.sp
+int \fBub_ctx_get_option\fP(struct ub_ctx* ctx, char* opt, char** val);
+.sp
+int \fBub_ctx_config\fP(struct ub_ctx* ctx, char* fname);
+.sp
+int \fBub_ctx_set_fwd\fP(struct ub_ctx* ctx, char* addr);
+.INDENT 0.0
+.TP
+int \fBub_ctx_set_stub\fP(struct ub_ctx* ctx, char* zone, char* addr,
+int isprime);
+.UNINDENT
+.sp
+int \fBub_ctx_set_tls\fP(struct ub_ctx* ctx, int tls);
+.sp
+int \fBub_ctx_resolvconf\fP(struct ub_ctx* ctx, char* fname);
+.sp
+int \fBub_ctx_hosts\fP(struct ub_ctx* ctx, char* fname);
+.sp
+int \fBub_ctx_add_ta\fP(struct ub_ctx* ctx, char* ta);
+.sp
+int \fBub_ctx_add_ta_autr\fP(struct ub_ctx* ctx, char* fname);
+.sp
+int \fBub_ctx_add_ta_file\fP(struct ub_ctx* ctx, char* fname);
+.sp
+int \fBub_ctx_trustedkeys\fP(struct ub_ctx* ctx, char* fname);
+.sp
+int \fBub_ctx_debugout\fP(struct ub_ctx* ctx, FILE* out);
+.sp
+int \fBub_ctx_debuglevel\fP(struct ub_ctx* ctx, int d);
+.sp
+int \fBub_ctx_async\fP(struct ub_ctx* ctx, int dothread);
+.sp
+int \fBub_poll\fP(struct ub_ctx* ctx);
+.sp
+int \fBub_wait\fP(struct ub_ctx* ctx);
+.sp
+int \fBub_fd\fP(struct ub_ctx* ctx);
+.sp
+int \fBub_process\fP(struct ub_ctx* ctx);
+.INDENT 0.0
+.TP
+int \fBub_resolve\fP(struct ub_ctx* ctx, char* name,
+int rrtype, int rrclass, struct ub_result** result);
+.TP
+int \fBub_resolve_async\fP(struct ub_ctx* ctx, char* name,
+int rrtype, int rrclass, void* mydata,
+ub_callback_type* callback, int* async_id);
+.UNINDENT
+.sp
+int \fBub_cancel\fP(struct ub_ctx* ctx, int async_id);
+.sp
+void \fBub_resolve_free\fP(struct ub_result* result);
+.sp
+const char * \fBub_strerror\fP(int err);
+.sp
+int \fBub_ctx_print_local_zones\fP(struct ub_ctx* ctx);
+.sp
+int \fBub_ctx_zone_add\fP(struct ub_ctx* ctx, char* zone_name, char* zone_type);
+.sp
+int \fBub_ctx_zone_remove\fP(struct ub_ctx* ctx, char* zone_name);
+.sp
+int \fBub_ctx_data_add\fP(struct ub_ctx* ctx, char* data);
+.sp
+int \fBub_ctx_data_remove\fP(struct ub_ctx* ctx, char* data);
+.SH DESCRIPTION
+.sp
+Unbound is an implementation of a DNS resolver, that does caching and DNSSEC
+validation.
+This is the library API, for using the \fB\-lunbound\fP library.
+The server daemon is described in \fI\%unbound(8)\fP\&.
+The library works independent from a running unbound server, and can be used to
+convert hostnames to ip addresses, and back, and obtain other information from
+the DNS.
+The library performs public\-key validation of results with DNSSEC.
+.sp
+The library uses a variable of type \fIstruct ub_ctx\fP to keep context between
+calls.
+The user must maintain it, creating it with \fBub_ctx_create\fP and deleting it
+with \fBub_ctx_delete\fP\&.
+It can be created and deleted at any time.
+Creating it anew removes any previous configuration (such as trusted keys) and
+clears any cached results.
+.sp
+The functions are thread\-safe, and a context can be used in a threaded (as well
+as in a non\-threaded) environment.
+Also resolution (and validation) can be performed blocking and non\-blocking
+(also called asynchronous).
+The async method returns from the call immediately, so that processing can go
+on, while the results become available later.
+.sp
 The functions are discussed in turn below.
-.SH "FUNCTIONS"
-.TP 
+.SH FUNCTIONS
+.INDENT 0.0
+.TP
 .B ub_ctx_create
 Create a new context, initialised with defaults.
-The information from /etc/resolv.conf and /etc/hosts is not utilised 
-by default. Use 
-.B ub_ctx_resolvconf
-and
-.B ub_ctx_hosts
-to read them.
-Before you call this, use the openssl functions CRYPTO_set_id_callback and
-CRYPTO_set_locking_callback to set up asynchronous operation if you use
-lib openssl (the application calls these functions once for initialisation).
-Openssl 1.0.0 or later uses the CRYPTO_THREADID_set_callback function.
+The information from \fB/etc/resolv.conf\fP and \fB/etc/hosts\fP is
+not utilised by default.
+Use \fBub_ctx_resolvconf\fP and \fBub_ctx_hosts\fP to read them.
+Before you call this, use the openssl functions
+\fBCRYPTO_set_id_callback\fP and \fBCRYPTO_set_locking_callback\fP to set
+up asynchronous operation if you use lib openssl (the application calls
+these functions once for initialisation).
+Openssl 1.0.0 or later uses the \fBCRYPTO_THREADID_set_callback\fP
+function.
 .TP
 .B ub_ctx_delete
 Delete validation context and free associated resources.
-Outstanding async queries are killed and callbacks are not called for them.
+Outstanding async queries are killed and callbacks are not called for
+them.
 .TP
 .B ub_ctx_set_option
-A power\-user interface that lets you specify one of the options from the
-config file format, see \fIunbound.conf\fR(5). Not all options are
-relevant. For some specific options, such as adding trust anchors, special
-routines exist. Pass the option name with the trailing ':'.
+A power\-user interface that lets you specify one of the options from
+the config file format, see \fI\%unbound.conf(5)\fP\&.
+Not all options are relevant.
+For some specific options, such as adding trust anchors, special
+routines exist.
+Pass the option name with the trailing \fB\(aq:\(aq\fP\&.
 .TP
 .B ub_ctx_get_option
-A power\-user interface that gets an option value.  Some options cannot be
-gotten, and others return a newline separated list.  Pass the option name
-without trailing ':'.  The returned value must be free(2)d by the caller.
+A power\-user interface that gets an option value.
+Some options cannot be gotten, and others return a newline separated
+list.
+Pass the option name without trailing \fB\(aq:\(aq\fP\&.
+The returned value must be free(2)d by the caller.
 .TP
 .B ub_ctx_config
-A power\-user interface that lets you specify an unbound config file, see
-\fIunbound.conf\fR(5), which is read for configuration. Not all options are
-relevant. For some specific options, such as adding trust anchors, special
-routines exist.  This function is thread\-safe only if a single instance of
-ub_ctx* exists in the application.  If several instances exist the
-application has to ensure that ub_ctx_config is not called in parallel by
-the different instances.
+A power\-user interface that lets you specify an unbound config file,
+see \fI\%unbound.conf(5)\fP, which is read for
+configuration.
+Not all options are relevant.
+For some specific options, such as adding trust anchors, special
+routines exist.
+This function is thread\-safe only if a single instance of \fBub_ctx\fP*
+exists in the application.
+If several instances exist the application has to ensure that
+\fBub_ctx_config\fP is not called in parallel by the different instances.
 .TP
 .B ub_ctx_set_fwd
-Set machine to forward DNS queries to, the caching resolver to use. 
-IP4 or IP6 address. Forwards all DNS requests to that machine, which 
-is expected to run a recursive resolver. If the proxy is not 
-DNSSEC capable, validation may fail. Can be called several times, in 
-that case the addresses are used as backup servers.
-At this time it is only possible to set configuration before the
-first resolve is done.
+Set machine to forward DNS queries to, the caching resolver to use.
+IP4 or IP6 address.
+Forwards all DNS requests to that machine, which is expected to run a
+recursive resolver.
+If the proxy is not DNSSEC capable, validation may fail.
+Can be called several times, in that case the addresses are used as
+backup servers.
+At this time it is only possible to set configuration before the first
+resolve is done.
 .TP
 .B ub_ctx_set_stub
-Set a stub zone, authoritative dns servers to use for a particular zone.
-IP4 or IP6 address.  If the address is NULL the stub entry is removed.
-Set isprime true if you configure root hints with it.  Otherwise similar to
-the stub zone item from unbound's config file.  Can be called several times,
-for different zones, or to add multiple addresses for a particular zone.
-At this time it is only possible to set configuration before the
-first resolve is done.
+Set a stub zone, authoritative dns servers to use for a particular
+zone.
+IP4 or IP6 address.
+If the address is NULL the stub entry is removed.
+Set isprime true if you configure root hints with it.
+Otherwise similar to the stub zone item from unbound\(aqs config file.
+Can be called several times, for different zones, or to add multiple
+addresses for a particular zone.
+At this time it is only possible to set configuration before the first
+resolve is done.
 .TP
 .B ub_ctx_set_tls
-Enable DNS over TLS (DoT) for machines set with 
-.B ub_ctx_set_fwd.
-At this time it is only possible to set configuration before the
-first resolve is done.
+Enable DNS over TLS (DoT) for machines set with \fBub_ctx_set_fwd\fP\&.
+At this time it is only possible to set configuration before the first
+resolve is done.
 .TP
 .B ub_ctx_resolvconf
-By default the root servers are queried and full resolver mode is used, but
-you can use this call to read the list of nameservers to use from the
-filename given.
-Usually "/etc/resolv.conf". Uses those nameservers as caching proxies.
+By default the root servers are queried and full resolver mode is used,
+but you can use this call to read the list of nameservers to use from
+the filename given.
+Usually \fB\(dq/etc/resolv.conf\(dq\fP\&.
+Uses those nameservers as caching proxies.
 If they do not support DNSSEC, validation may fail.
 Only nameservers are picked up, the searchdomain, ndots and other
-settings from \fIresolv.conf\fR(5) are ignored.
-If fname NULL is passed, "/etc/resolv.conf" is used (if on Windows, 
-the system\-wide configured nameserver is picked instead).
-At this time it is only possible to set configuration before the
-first resolve is done.
+settings from \fIresolv.conf(5)\fP are ignored.
+If fname NULL is passed, \fB\(dq/etc/resolv.conf\(dq\fP is used (if on
+Windows, the system\-wide configured nameserver is picked instead).
+At this time it is only possible to set configuration before the first
+resolve is done.
 .TP
 .B ub_ctx_hosts
 Read list of hosts from the filename given.
-Usually "/etc/hosts". When queried for, these addresses are not marked 
-DNSSEC secure. If fname NULL is passed, "/etc/hosts" is used 
-(if on Windows, etc/hosts from WINDIR is picked instead).
-At this time it is only possible to set configuration before the
-first resolve is done.
-.TP
-.B
-ub_ctx_add_ta
+Usually \fB\(dq/etc/hosts\(dq\fP\&.
+When queried for, these addresses are not marked DNSSEC secure.
+If fname NULL is passed, \fB\(dq/etc/hosts\(dq\fP is used (if on Windows,
+\fBetc/hosts\fP from WINDIR is picked instead).
+At this time it is only possible to set configuration before the first
+resolve is done.
+.TP
+.B ub_ctx_add_ta
 Add a trust anchor to the given context.
-At this time it is only possible to add trusted keys before the
-first resolve is done.
+At this time it is only possible to add trusted keys before the first
+resolve is done.
 The format is a string, similar to the zone\-file format,
-[domainname] [type] [rdata contents]. Both DS and DNSKEY records are accepted.
+\fB[domainname]\fP \fB[type]\fP \fB[rdata contents]\fP\&.
+Both DS and DNSKEY records are accepted.
 .TP
 .B ub_ctx_add_ta_autr
-Add filename with automatically tracked trust anchor to the given context.
-Pass name of a file with the managed trust anchor.  You can create this
-file with \fIunbound\-anchor\fR(8) for the root anchor.  You can also
-create it with an initial file with one line with a DNSKEY or DS record.
+Add filename with automatically tracked trust anchor to the given
+context.
+Pass name of a file with the managed trust anchor.
+You can create this file with
+\fI\%unbound\-anchor(8)\fP for the root anchor.
+You can also create it with an initial file with one line with a DNSKEY
+or DS record.
 If the file is writable, it is updated when the trust anchor changes.
-At this time it is only possible to add trusted keys before the
-first resolve is done.
+At this time it is only possible to add trusted keys before the first
+resolve is done.
 .TP
 .B ub_ctx_add_ta_file
 Add trust anchors to the given context.
 Pass name of a file with DS and DNSKEY records in zone file format.
-At this time it is only possible to add trusted keys before the
-first resolve is done.
+At this time it is only possible to add trusted keys before the first
+resolve is done.
 .TP
 .B ub_ctx_trustedkeys
 Add trust anchors to the given context.
-Pass the name of a bind\-style config file with trusted\-keys{}.
-At this time it is only possible to add trusted keys before the
-first resolve is done.
+Pass the name of a bind\-style config file with \fBtrusted\-keys{}\fP\&.
+At this time it is only possible to add trusted keys before the first
+resolve is done.
 .TP
 .B ub_ctx_debugout
-Set debug and error log output to the given stream. Pass NULL to disable
-output. Default is stderr. File\-names or using syslog can be enabled
-using config options, this routine is for using your own stream.
+Set debug and error log output to the given stream.
+Pass NULL to disable output.
+Default is stderr.
+File\-names or using syslog can be enabled using config options, this
+routine is for using your own stream.
 .TP
 .B ub_ctx_debuglevel
-Set debug verbosity for the context. Output is directed to stderr.
+Set debug verbosity for the context.
+Output is directed to stderr.
 Higher debug level gives more output.
 .TP
 .B ub_ctx_async
 Set a context behaviour for asynchronous action.
-if set to true, enables threading and a call to 
-.B ub_resolve_async 
+if set to true, enables threading and a call to \fBub_resolve_async\fP
 creates a thread to handle work in the background.
 If false, a process is forked to handle work in the background.
-Changes to this setting after 
-.B ub_resolve_async 
-calls have been made have no effect (delete and re\-create the context 
-to change).
+Changes to this setting after \fBub_resolve_async\fP calls have been made
+have no effect (delete and re\-create the context to change).
 .TP
 .B ub_poll
 Poll a context to see if it has any new results.
-Do not poll in a loop, instead extract the fd below to poll for readiness,
-and then check, or wait using the wait routine.
+Do not poll in a loop, instead extract the \fBfd\fP below to poll for
+readiness, and then check, or wait using the wait routine.
 Returns 0 if nothing to read, or nonzero if a result is available.
-If nonzero, call 
-.B ub_process 
-to do callbacks.
+If nonzero, call \fBub_process\fP to do callbacks.
 .TP
 .B ub_wait
-Wait for a context to finish with results. Calls 
-.B ub_process 
-after the wait for you. After the wait, there are no more outstanding 
-asynchronous queries.
+Wait for a context to finish with results.
+Calls \fBub_process\fP after the wait for you.
+After the wait, there are no more outstanding asynchronous queries.
 .TP
 .B ub_fd
-Get file descriptor. Wait for it to become readable, at this point
-answers are returned from the asynchronous validating resolver.
-Then call the \fBub_process\fR to continue processing.
+Get file descriptor.
+Wait for it to become readable, at this point answers are returned from
+the asynchronous validating resolver.
+Then call the \fBub_process\fP to continue processing.
 .TP
 .B ub_process
 Call this routine to continue processing results from the validating
-resolver (when the fd becomes readable).
+resolver (when the \fBfd\fP becomes readable).
 Will perform necessary callbacks.
 .TP
 .B ub_resolve
@@ -340,95 +311,111 @@ The result structure is newly allocated with the resulting data.
 .TP
 .B ub_resolve_async
 Perform asynchronous resolution and validation of the target name.
-Arguments mean the same as for \fBub_resolve\fR except no
-data is returned immediately, instead a callback is called later.
-The callback receives a copy of the mydata pointer, that you can use to pass
-information to the callback. The callback type is a function pointer to
-a function declared as
-.IP
-void my_callback_function(void* my_arg, int err, 
-.br
-                  struct ub_result* result);
-.IP
-The async_id is returned so you can (at your option) decide to track it
-and cancel the request if needed.  If you pass a NULL pointer the async_id
-is not returned. 
+Arguments mean the same as for \fBub_resolve\fP except no data is
+returned immediately, instead a callback is called later.
+The callback receives a copy of the mydata pointer, that you can use to
+pass information to the callback.
+The callback type is a function pointer to a function declared as:
+.INDENT 7.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+void my_callback_function(void* my_arg, int err,
+                struct ub_result* result);
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+The \fBasync_id\fP is returned so you can (at your option) decide to
+track it and cancel the request if needed.
+If you pass a NULL pointer the \fBasync_id\fP is not returned.
 .TP
 .B ub_cancel
-Cancel an async query in progress.  This may return an error if the query
-does not exist, or the query is already being delivered, in that case you 
-may still get a callback for the query.
+Cancel an async query in progress.
+This may return an error if the query does not exist, or the query is
+already being delivered, in that case you may still get a callback for
+the query.
 .TP
 .B ub_resolve_free
-Free struct ub_result contents after use.
+Free struct \fBub_result\fP contents after use.
 .TP
 .B ub_strerror
-Convert error value from one of the unbound library functions 
-to a human readable string.
+Convert error value from one of the unbound library functions to a
+human readable string.
 .TP
 .B ub_ctx_print_local_zones
 Debug printout the local authority information to debug output.
 .TP
 .B ub_ctx_zone_add
-Add new zone to local authority info, like local\-zone \fIunbound.conf\fR(5) 
-statement.
+Add new zone to local authority info, like local\-zone
+\fI\%unbound.conf(5)\fP statement.
 .TP
 .B ub_ctx_zone_remove
 Delete zone from local authority info.
 .TP
 .B ub_ctx_data_add
 Add resource record data to local authority info, like local\-data
-\fIunbound.conf\fR(5) statement.
+\fI\%unbound.conf(5)\fP statement.
 .TP
 .B ub_ctx_data_remove
 Delete local authority data from the name given.
-.SH "RESULT DATA STRUCTURE"
-The result of the DNS resolution and validation is returned as 
-\fIstruct ub_result\fR. The result structure contains the following entries.
-.P
+.UNINDENT
+.SH RESULT DATA STRUCTURE
+.sp
+The result of the DNS resolution and validation is returned as \fIstruct
+ub_result\fP\&.
+The result structure contains the following entries:
+.INDENT 0.0
+.INDENT 3.5
+.sp
 .nf
-	struct ub_result {
-		char* qname; /* text string, original question */
-		int qtype;   /* type code asked for */
-		int qclass;  /* class code asked for */
-		char** data; /* array of rdata items, NULL terminated*/
-		int* len;    /* array with lengths of rdata items */
-		char* canonname; /* canonical name of result */
-		int rcode;   /* additional error code in case of no data */
-		void* answer_packet; /* full network format answer packet */
-		int answer_len;  /* length of packet in octets */
-		int havedata; /* true if there is data */
-		int nxdomain; /* true if nodata because name does not exist */
-		int secure;   /* true if result is secure */
-		int bogus;    /* true if a security failure happened */
-		char* why_bogus; /* string with error if bogus */
-		int was_ratelimited; /* true if the query was ratelimited (SERVFAIL) by unbound */
-		int ttl;     /* number of seconds the result is valid */
-	};
+.ft C
+struct ub_result {
+     char* qname;         /* text string, original question */
+     int qtype;           /* type code asked for */
+     int qclass;          /* class code asked for */
+     char** data;         /* array of rdata items, NULL terminated*/
+     int* len;            /* array with lengths of rdata items */
+     char* canonname;     /* canonical name of result */
+     int rcode;           /* additional error code in case of no data */
+     void* answer_packet; /* full network format answer packet */
+     int answer_len;      /* length of packet in octets */
+     int havedata;        /* true if there is data */
+     int nxdomain;        /* true if nodata because name does not exist */
+     int secure;          /* true if result is secure */
+     int bogus;           /* true if a security failure happened */
+     char* why_bogus;     /* string with error if bogus */
+     int was_ratelimited; /* true if the query was ratelimited (SERVFAIL) by unbound */
+     int ttl;             /* number of seconds the result is valid */
+};
+.ft P
 .fi
-.P
-If both secure and bogus are false, security was not enabled for the 
-domain of the query.  Else, they are not both true, one of them is true.
-.SH "RETURN VALUES"
-Many routines return an error code. The value 0 (zero) denotes no error
-happened. Other values can be passed to
-.B ub_strerror
-to obtain a readable error string.
-.B ub_strerror
-returns a zero terminated string.
-.B ub_ctx_create
-returns NULL on an error (a malloc failure).
-.B ub_poll
-returns true if some information may be available, false otherwise.
-.B ub_fd
-returns a file descriptor or \-1 on error.
-.B ub_ctx_config
-and
-.B ub_ctx_resolvconf
-attempt to leave errno informative on a function return with file read failure.
-.SH "SEE ALSO"
-\fIunbound.conf\fR(5), 
-\fIunbound\fR(8).
-.SH "AUTHORS"
-.B Unbound
-developers are mentioned in the CREDITS file in the distribution.
+.UNINDENT
+.UNINDENT
+.sp
+If both secure and bogus are false, security was not enabled for the domain of
+the query.
+Else, they are not both true, one of them is true.
+.SH RETURN VALUES
+.sp
+Many routines return an error code.
+The value 0 (zero) denotes no error happened.
+Other values can be passed to \fBub_strerror\fP to obtain a readable error
+string.
+\fBub_strerror\fP returns a zero terminated string.
+\fBub_ctx_create\fP returns NULL on an error (a malloc failure).
+\fBub_poll\fP returns true if some information may be available, false otherwise.
+\fBub_fd\fP returns a file descriptor or \-1 on error.
+\fBub_ctx_config\fP and \fBub_ctx_resolvconf\fP attempt to leave errno informative
+on a function return with file read failure.
+.SH SEE ALSO
+.sp
+\fI\%unbound.conf(5)\fP, \fI\%unbound(8)\fP\&.
+.SH AUTHOR
+Unbound developers are mentioned in the CREDITS file in the distribution.
+.SH COPYRIGHT
+1999-2025, NLnet Labs
+.\" Generated by docutils manpage writer.
+.
diff --git a/contrib/unbound/doc/libunbound.rst b/contrib/unbound/doc/libunbound.rst
new file mode 100644
index 000000000000..97883dc555a3
--- /dev/null
+++ b/contrib/unbound/doc/libunbound.rst
@@ -0,0 +1,491 @@
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+libunbound(3)
+=============
+
+Synopsis
+--------
+
+.. only:: html
+
+    .. code-block:: c
+
+        #include <unbound.h>
+
+        struct ub_ctx * ub_ctx_create(void);
+
+        void ub_ctx_delete(struct ub_ctx* ctx);
+
+        int ub_ctx_set_option(struct ub_ctx* ctx, char* opt, char* val);
+
+        int ub_ctx_get_option(struct ub_ctx* ctx, char* opt, char** val);
+
+        int ub_ctx_config(struct ub_ctx* ctx, char* fname);
+
+        int ub_ctx_set_fwd(struct ub_ctx* ctx, char* addr);
+
+        int ub_ctx_set_stub(struct ub_ctx* ctx, char* zone, char* addr,
+                            int isprime);
+
+        int ub_ctx_set_tls(struct ub_ctx* ctx, int tls);
+
+        int ub_ctx_resolvconf(struct ub_ctx* ctx, char* fname);
+
+        int ub_ctx_hosts(struct ub_ctx* ctx, char* fname);
+
+        int ub_ctx_add_ta(struct ub_ctx* ctx, char* ta);
+
+        int ub_ctx_add_ta_autr(struct ub_ctx* ctx, char* fname);
+
+        int ub_ctx_add_ta_file(struct ub_ctx* ctx, char* fname);
+
+        int ub_ctx_trustedkeys(struct ub_ctx* ctx, char* fname);
+
+        int ub_ctx_debugout(struct ub_ctx* ctx, FILE* out);
+
+        int ub_ctx_debuglevel(struct ub_ctx* ctx, int d);
+
+        int ub_ctx_async(struct ub_ctx* ctx, int dothread);
+
+        int ub_poll(struct ub_ctx* ctx);
+
+        int ub_wait(struct ub_ctx* ctx);
+
+        int ub_fd(struct ub_ctx* ctx);
+
+        int ub_process(struct ub_ctx* ctx);
+
+        int ub_resolve(struct ub_ctx* ctx, char* name, int rrtype,
+                       int rrclass, struct ub_result** result);
+
+        int ub_resolve_async(struct ub_ctx* ctx, char* name, int rrtype,
+                             int rrclass, void* mydata, ub_callback_type callback,
+                             int* async_id);
+
+        int ub_cancel(struct ub_ctx* ctx, int async_id);
+
+        void ub_resolve_free(struct ub_result* result);
+
+        const char * ub_strerror(int err);
+
+        int ub_ctx_print_local_zones(struct ub_ctx* ctx);
+
+        int ub_ctx_zone_add(struct ub_ctx* ctx, char* zone_name, char* zone_type);
+
+        int ub_ctx_zone_remove(struct ub_ctx* ctx, char* zone_name);
+
+        int ub_ctx_data_add(struct ub_ctx* ctx, char* data);
+
+        int ub_ctx_data_remove(struct ub_ctx* ctx, char* data);
+
+.. only:: man
+
+    **#include <unbound.h>**
+
+    struct ub_ctx \* **ub_ctx_create**\ (void);
+
+    void **ub_ctx_delete**\ (struct ub_ctx\* ctx);
+
+    int **ub_ctx_set_option**\ (struct ub_ctx\* ctx, char\* opt, char\* val);
+
+    int **ub_ctx_get_option**\ (struct ub_ctx\* ctx, char\* opt, char\*\* val);
+
+    int **ub_ctx_config**\ (struct ub_ctx\* ctx, char* fname);
+
+    int **ub_ctx_set_fwd**\ (struct ub_ctx\* ctx, char\* addr);
+
+    int **ub_ctx_set_stub**\ (struct ub_ctx\* ctx, char\* zone, char\* addr,
+        int isprime);
+
+    int **ub_ctx_set_tls**\ (struct ub_ctx\* ctx, int tls);
+
+    int **ub_ctx_resolvconf**\ (struct ub_ctx\* ctx, char\* fname);
+
+    int **ub_ctx_hosts**\ (struct ub_ctx\* ctx, char\* fname);
+
+    int **ub_ctx_add_ta**\ (struct ub_ctx\* ctx, char\* ta);
+
+    int **ub_ctx_add_ta_autr**\ (struct ub_ctx\* ctx, char\* fname);
+
+    int **ub_ctx_add_ta_file**\ (struct ub_ctx\* ctx, char\* fname);
+
+    int **ub_ctx_trustedkeys**\ (struct ub_ctx\* ctx, char\* fname);
+
+    int **ub_ctx_debugout**\ (struct ub_ctx\* ctx, FILE\* out);
+
+    int **ub_ctx_debuglevel**\ (struct ub_ctx\* ctx, int d);
+
+    int **ub_ctx_async**\ (struct ub_ctx\* ctx, int dothread);
+
+    int **ub_poll**\ (struct ub_ctx\* ctx);
+
+    int **ub_wait**\ (struct ub_ctx\* ctx);
+
+    int **ub_fd**\ (struct ub_ctx\* ctx);
+
+    int **ub_process**\ (struct ub_ctx\* ctx);
+
+    int **ub_resolve**\ (struct ub_ctx\* ctx, char\* name,
+        int rrtype, int rrclass, struct ub_result\*\* result);
+
+    int **ub_resolve_async**\ (struct ub_ctx\* ctx, char\* name,
+        int rrtype, int rrclass, void\* mydata,
+        ub_callback_type\* callback, int\* async_id);
+
+    int **ub_cancel**\ (struct ub_ctx\* ctx, int async_id);
+
+    void **ub_resolve_free**\ (struct ub_result\* result);
+
+    const char \* **ub_strerror**\ (int err);
+
+    int **ub_ctx_print_local_zones**\ (struct ub_ctx\* ctx);
+
+    int **ub_ctx_zone_add**\ (struct ub_ctx\* ctx, char\* zone_name, char\* zone_type);
+
+    int **ub_ctx_zone_remove**\ (struct ub_ctx\* ctx, char\* zone_name);
+
+    int **ub_ctx_data_add**\ (struct ub_ctx\* ctx, char\* data);
+
+    int **ub_ctx_data_remove**\ (struct ub_ctx\* ctx, char\* data);
+
+Description
+-----------
+
+Unbound is an implementation of a DNS resolver, that does caching and DNSSEC
+validation.
+This is the library API, for using the ``-lunbound`` library.
+The server daemon is described in :doc:`unbound(8)</manpages/unbound>`.
+The library works independent from a running unbound server, and can be used to
+convert hostnames to ip addresses, and back, and obtain other information from
+the DNS.
+The library performs public-key validation of results with DNSSEC.
+
+The library uses a variable of type *struct ub_ctx* to keep context between
+calls.
+The user must maintain it, creating it with **ub_ctx_create** and deleting it
+with **ub_ctx_delete**.
+It can be created and deleted at any time.
+Creating it anew removes any previous configuration (such as trusted keys) and
+clears any cached results.
+
+The functions are thread-safe, and a context can be used in a threaded (as well
+as in a non-threaded) environment.
+Also resolution (and validation) can be performed blocking and non-blocking
+(also called asynchronous).
+The async method returns from the call immediately, so that processing can go
+on, while the results become available later.
+
+The functions are discussed in turn below.
+
+Functions
+---------
+
+.. glossary::
+
+    ub_ctx_create
+        Create a new context, initialised with defaults.
+        The information from :file:`/etc/resolv.conf` and :file:`/etc/hosts` is
+        not utilised by default.
+        Use **ub_ctx_resolvconf** and **ub_ctx_hosts** to read them.
+        Before you call this, use the openssl functions
+        **CRYPTO_set_id_callback** and **CRYPTO_set_locking_callback** to set
+        up asynchronous operation if you use lib openssl (the application calls
+        these functions once for initialisation).
+        Openssl 1.0.0 or later uses the **CRYPTO_THREADID_set_callback**
+        function.
+
+    ub_ctx_delete
+        Delete validation context and free associated resources.
+        Outstanding async queries are killed and callbacks are not called for
+        them.
+
+    ub_ctx_set_option
+        A power-user interface that lets you specify one of the options from
+        the config file format, see :doc:`unbound.conf(5)</manpages/unbound.conf>`.
+        Not all options are relevant.
+        For some specific options, such as adding trust anchors, special
+        routines exist.
+        Pass the option name with the trailing ``':'``.
+
+    ub_ctx_get_option
+        A power-user interface that gets an option value.
+        Some options cannot be gotten, and others return a newline separated
+        list.
+        Pass the option name without trailing ``':'``.
+        The returned value must be free(2)d by the caller.
+
+    ub_ctx_config
+        A power-user interface that lets you specify an unbound config file,
+        see :doc:`unbound.conf(5)</manpages/unbound.conf>`, which is read for
+        configuration.
+        Not all options are relevant.
+        For some specific options, such as adding trust anchors, special
+        routines exist.
+        This function is thread-safe only if a single instance of **ub_ctx**\*
+        exists in the application.
+        If several instances exist the application has to ensure that
+        **ub_ctx_config** is not called in parallel by the different instances.
+
+    ub_ctx_set_fwd
+        Set machine to forward DNS queries to, the caching resolver to use.
+        IP4 or IP6 address.
+        Forwards all DNS requests to that machine, which is expected to run a
+        recursive resolver.
+        If the proxy is not DNSSEC capable, validation may fail.
+        Can be called several times, in that case the addresses are used as
+        backup servers.
+        At this time it is only possible to set configuration before the first
+        resolve is done.
+
+    ub_ctx_set_stub
+        Set a stub zone, authoritative dns servers to use for a particular
+        zone.
+        IP4 or IP6 address.
+        If the address is NULL the stub entry is removed.
+        Set isprime true if you configure root hints with it.
+        Otherwise similar to the stub zone item from unbound's config file.
+        Can be called several times, for different zones, or to add multiple
+        addresses for a particular zone.
+        At this time it is only possible to set configuration before the first
+        resolve is done.
+
+    ub_ctx_set_tls
+        Enable DNS over TLS (DoT) for machines set with **ub_ctx_set_fwd**.
+        At this time it is only possible to set configuration before the first
+        resolve is done.
+
+    ub_ctx_resolvconf
+        By default the root servers are queried and full resolver mode is used,
+        but you can use this call to read the list of nameservers to use from
+        the filename given.
+        Usually :file:`"/etc/resolv.conf"`.
+        Uses those nameservers as caching proxies.
+        If they do not support DNSSEC, validation may fail.
+        Only nameservers are picked up, the searchdomain, ndots and other
+        settings from *resolv.conf(5)* are ignored.
+        If fname NULL is passed, :file:`"/etc/resolv.conf"` is used (if on
+        Windows, the system-wide configured nameserver is picked instead).
+        At this time it is only possible to set configuration before the first
+        resolve is done.
+
+    ub_ctx_hosts
+        Read list of hosts from the filename given.
+        Usually :file:`"/etc/hosts"`.
+        When queried for, these addresses are not marked DNSSEC secure.
+        If fname NULL is passed, :file:`"/etc/hosts"` is used (if on Windows,
+        :file:`etc/hosts` from WINDIR is picked instead).
+        At this time it is only possible to set configuration before the first
+        resolve is done.
+
+    ub_ctx_add_ta
+        Add a trust anchor to the given context.
+        At this time it is only possible to add trusted keys before the first
+        resolve is done.
+        The format is a string, similar to the zone-file format,
+        **[domainname]** **[type]** **[rdata contents]**.
+        Both DS and DNSKEY records are accepted.
+
+    ub_ctx_add_ta_autr
+        Add filename with automatically tracked trust anchor to the given
+        context.
+        Pass name of a file with the managed trust anchor.
+        You can create this file with
+        :doc:`unbound-anchor(8)</manpages/unbound-anchor>` for the root anchor.
+        You can also create it with an initial file with one line with a DNSKEY
+        or DS record.
+        If the file is writable, it is updated when the trust anchor changes.
+        At this time it is only possible to add trusted keys before the first
+        resolve is done.
+
+    ub_ctx_add_ta_file
+        Add trust anchors to the given context.
+        Pass name of a file with DS and DNSKEY records in zone file format.
+        At this time it is only possible to add trusted keys before the first
+        resolve is done.
+
+    ub_ctx_trustedkeys
+        Add trust anchors to the given context.
+        Pass the name of a bind-style config file with ``trusted-keys{}``.
+        At this time it is only possible to add trusted keys before the first
+        resolve is done.
+
+    ub_ctx_debugout
+        Set debug and error log output to the given stream.
+        Pass NULL to disable output.
+        Default is stderr.
+        File-names or using syslog can be enabled using config options, this
+        routine is for using your own stream.
+
+    ub_ctx_debuglevel
+        Set debug verbosity for the context.
+        Output is directed to stderr.
+        Higher debug level gives more output.
+
+    ub_ctx_async
+        Set a context behaviour for asynchronous action.
+        if set to true, enables threading and a call to **ub_resolve_async**
+        creates a thread to handle work in the background.
+        If false, a process is forked to handle work in the background.
+        Changes to this setting after **ub_resolve_async** calls have been made
+        have no effect (delete and re-create the context to change).
+
+    ub_poll
+        Poll a context to see if it has any new results.
+        Do not poll in a loop, instead extract the **fd** below to poll for
+        readiness, and then check, or wait using the wait routine.
+        Returns 0 if nothing to read, or nonzero if a result is available.
+        If nonzero, call **ub_process** to do callbacks.
+
+    ub_wait
+        Wait for a context to finish with results.
+        Calls **ub_process** after the wait for you.
+        After the wait, there are no more outstanding asynchronous queries.
+
+    ub_fd 
+        Get file descriptor.
+        Wait for it to become readable, at this point answers are returned from
+        the asynchronous validating resolver.
+        Then call the **ub_process** to continue processing.
+
+    ub_process
+        Call this routine to continue processing results from the validating
+        resolver (when the **fd** becomes readable).
+        Will perform necessary callbacks.
+
+    ub_resolve
+        Perform resolution and validation of the target name.
+        The name is a domain name in a zero terminated text string.
+        The rrtype and rrclass are DNS type and class codes.
+        The result structure is newly allocated with the resulting data.
+
+    ub_resolve_async
+        Perform asynchronous resolution and validation of the target name.
+        Arguments mean the same as for **ub_resolve** except no data is
+        returned immediately, instead a callback is called later.
+        The callback receives a copy of the mydata pointer, that you can use to
+        pass information to the callback.
+        The callback type is a function pointer to a function declared as:
+
+        .. code-block:: c
+
+            void my_callback_function(void* my_arg, int err,
+                            struct ub_result* result);
+
+        The **async_id** is returned so you can (at your option) decide to
+        track it and cancel the request if needed.
+        If you pass a NULL pointer the **async_id** is not returned.
+
+    ub_cancel
+        Cancel an async query in progress.
+        This may return an error if the query does not exist, or the query is
+        already being delivered, in that case you may still get a callback for
+        the query.
+
+    ub_resolve_free
+        Free struct **ub_result** contents after use.
+
+    ub_strerror
+        Convert error value from one of the unbound library functions to a
+        human readable string.
+
+    ub_ctx_print_local_zones
+        Debug printout the local authority information to debug output.
+
+    ub_ctx_zone_add
+        Add new zone to local authority info, like local-zone
+        :doc:`unbound.conf(5)</manpages/unbound.conf>` statement.
+
+    ub_ctx_zone_remove
+        Delete zone from local authority info.
+
+    ub_ctx_data_add
+        Add resource record data to local authority info, like local-data
+        :doc:`unbound.conf(5)</manpages/unbound.conf>` statement.
+
+    ub_ctx_data_remove
+        Delete local authority data from the name given.
+
+Result Data structure
+---------------------
+
+The result of the DNS resolution and validation is returned as *struct
+ub_result*.
+The result structure contains the following entries:
+
+.. code-block:: c
+
+    struct ub_result {
+         char* qname;         /* text string, original question */
+         int qtype;           /* type code asked for */
+         int qclass;          /* class code asked for */
+         char** data;         /* array of rdata items, NULL terminated*/
+         int* len;            /* array with lengths of rdata items */
+         char* canonname;     /* canonical name of result */
+         int rcode;           /* additional error code in case of no data */
+         void* answer_packet; /* full network format answer packet */
+         int answer_len;      /* length of packet in octets */
+         int havedata;        /* true if there is data */
+         int nxdomain;        /* true if nodata because name does not exist */
+         int secure;          /* true if result is secure */
+         int bogus;           /* true if a security failure happened */
+         char* why_bogus;     /* string with error if bogus */
+         int was_ratelimited; /* true if the query was ratelimited (SERVFAIL) by unbound */
+         int ttl;             /* number of seconds the result is valid */
+    };
+
+If both secure and bogus are false, security was not enabled for the domain of
+the query.
+Else, they are not both true, one of them is true.
+
+Return Values
+-------------
+
+Many routines return an error code.
+The value 0 (zero) denotes no error happened.
+Other values can be passed to **ub_strerror** to obtain a readable error
+string.
+**ub_strerror** returns a zero terminated string.
+**ub_ctx_create** returns NULL on an error (a malloc failure).
+**ub_poll** returns true if some information may be available, false otherwise.
+**ub_fd** returns a file descriptor or -1 on error.
+**ub_ctx_config** and **ub_ctx_resolvconf** attempt to leave errno informative
+on a function return with file read failure.
+
+See Also
+--------
+
+:doc:`unbound.conf(5)</manpages/unbound.conf>`, :doc:`unbound(8)</manpages/unbound>`.
diff --git a/contrib/unbound/doc/unbound-anchor.8 b/contrib/unbound/doc/unbound-anchor.8
index 268640d8155c..23c1dd4b060f 100644
--- a/contrib/unbound/doc/unbound-anchor.8
+++ b/contrib/unbound/doc/unbound-anchor.8
@@ -1,4 +1,4 @@
-.TH "unbound-anchor" "8" "Feb 10, 2022" "NLnet Labs" "unbound 1.15.0"
+.TH "unbound-anchor" "8" "Jul 16, 2025" "NLnet Labs" "unbound 1.23.1"
 .\"
 .\" unbound-anchor.8 -- unbound anchor maintenance utility manual
 .\"
@@ -26,13 +26,13 @@ Suggested usage:
 .nf
 	# in the init scripts.
 	# provide or update the root anchor (if necessary)
-	unbound-anchor \-a "@UNBOUND_ROOTKEY_FILE@"
+	unbound-anchor \-a "/var/unbound/root.key"
 	# Please note usage of this root anchor is at your own risk
 	# and under the terms of our LICENSE (see source).
 	#
 	# start validating resolver
 	# the unbound.conf contains:
-	#   auto-trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@"
+	#   auto-trust-anchor-file: "/var/unbound/root.key"
 	unbound \-c unbound.conf
 .fi
 .P
@@ -53,12 +53,12 @@ The available options are:
 .TP
 .B \-a \fIfile
 The root anchor key file, that is read in and written out.
-Default is @UNBOUND_ROOTKEY_FILE@.
+Default is /var/unbound/root.key.
 If the file does not exist, or is empty, a builtin root key is written to it.
 .TP
 .B \-c \fIfile
 The root update certificate file, that is read in.
-Default is @UNBOUND_ROOTCERT_FILE@.
+Default is /var/unbound/icannbundle.pem.
 If the file does not exist, or is empty, a builtin certificate is used.
 .TP
 .B \-l
@@ -169,11 +169,11 @@ The build\-in configuration can be overridden by providing a root\-cert
 file and a rootkey file.
 .SH "FILES"
 .TP
-.I @UNBOUND_ROOTKEY_FILE@
+.I /var/unbound/root.key
 The root anchor file, updated with 5011 tracking, and read and written to.
 The file is created if it does not exist.
 .TP
-.I @UNBOUND_ROOTCERT_FILE@
+.I /var/unbound/icannbundle.pem
 The trusted self\-signed certificate that is used to verify the downloaded
 DNSSEC root trust anchor.  You can update it by fetching it from
 https://data.iana.org/root\-anchors/icannbundle.pem (and validate it).
diff --git a/contrib/unbound/doc/unbound-anchor.8.in b/contrib/unbound/doc/unbound-anchor.8.in
index c3a8d64cabbe..6b75e3c3874f 100644
--- a/contrib/unbound/doc/unbound-anchor.8.in
+++ b/contrib/unbound/doc/unbound-anchor.8.in
@@ -1,189 +1,300 @@
-.TH "unbound-anchor" "8" "Apr 24, 2025" "NLnet Labs" "unbound 1.23.0"
-.\"
-.\" unbound-anchor.8 -- unbound anchor maintenance utility manual
-.\"
-.\" Copyright (c) 2008, NLnet Labs. All rights reserved.
-.\"
-.\" See LICENSE for the license.
-.\"
-.\"
-.SH "NAME"
-.B unbound\-anchor
-\- Unbound anchor utility.
-.SH "SYNOPSIS"
-.B unbound\-anchor
-.RB [ opts ]
-.SH "DESCRIPTION"
-.B Unbound\-anchor
-performs setup or update of the root trust anchor for DNSSEC validation.
-The program fetches the trust anchor with the method from RFC7958 when
-regular RFC5011 update fails to bring it up to date.
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "UNBOUND-ANCHOR" "8" "Sep 18, 2025" "1.24.0" "Unbound"
+.SH NAME
+unbound-anchor \- Unbound 1.24.0 anchor utility.
+.SH SYNOPSIS
+.sp
+\fBunbound\-anchor\fP [\fBopts\fP]
+.SH DESCRIPTION
+.sp
+\fBunbound\-anchor\fP performs setup or update of the root trust anchor for DNSSEC
+validation.
+The program fetches the trust anchor with the method from \fI\%RFC 7958\fP when
+regular \fI\%RFC 5011\fP update fails to bring it up to date.
 It can be run (as root) from the commandline, or run as part of startup
-scripts.  Before you start the \fIunbound\fR(8) DNS server.
-.P
+scripts.
+Before you start the \fI\%unbound(8)\fP DNS server.
+.sp
 Suggested usage:
-.P
+.INDENT 0.0
+.INDENT 3.5
+.sp
 .nf
-	# in the init scripts.
-	# provide or update the root anchor (if necessary)
-	unbound-anchor \-a "@UNBOUND_ROOTKEY_FILE@"
-	# Please note usage of this root anchor is at your own risk
-	# and under the terms of our LICENSE (see source).
-	#
-	# start validating resolver
-	# the unbound.conf contains:
-	#   auto-trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@"
-	unbound \-c unbound.conf
+.ft C
+# in the init scripts.
+# provide or update the root anchor (if necessary)
+unbound\-anchor \-a \(dq@UNBOUND_ROOTKEY_FILE@\(dq
+# Please note usage of this root anchor is at your own risk
+# and under the terms of our LICENSE (see source).
+#
+# start validating resolver
+# the unbound.conf contains:
+# auto\-trust\-anchor\-file: \(dq@UNBOUND_ROOTKEY_FILE@\(dq
+unbound \-c unbound.conf
+.ft P
 .fi
-.P
-This tool provides builtin default contents for the root anchor and root
-update certificate files.
-.P
+.UNINDENT
+.UNINDENT
+.sp
+This tool provides builtin default contents for the root anchor and root update
+certificate files.
+.sp
 It tests if the root anchor file works, and if not, and an update is possible,
 attempts to update the root anchor using the root update certificate.
-It performs a https fetch of root-anchors.xml and checks the results (RFC7958),
-if all checks are successful, it updates the root anchor file.  Otherwise
-the root anchor file is unchanged.  It performs RFC5011 tracking if the
-DNSSEC information available via the DNS makes that possible.
-.P
-It does not perform an update if the certificate is expired, if the network
-is down or other errors occur.
-.P
+It performs a https fetch of
+\fI\%root\-anchors.xml\fP
+and checks the results (\fI\%RFC 7958\fP); if all checks are successful, it updates
+the root anchor file.
+Otherwise the root anchor file is unchanged.
+It performs \fI\%RFC 5011\fP tracking if the DNSSEC information available via the
+DNS makes that possible.
+.sp
+It does not perform an update if the certificate is expired, if the network is
+down or other errors occur.
+.sp
 The available options are:
+.INDENT 0.0
 .TP
-.B \-a \fIfile
+.B \-a <file>
 The root anchor key file, that is read in and written out.
-Default is @UNBOUND_ROOTKEY_FILE@.
-If the file does not exist, or is empty, a builtin root key is written to it.
+Default is \fB@UNBOUND_ROOTKEY_FILE@\fP\&.
+If the file does not exist, or is empty, a builtin root key is written
+to it.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B \-c \fIfile
+.B \-c <file>
 The root update certificate file, that is read in.
-Default is @UNBOUND_ROOTCERT_FILE@.
+Default is \fB@UNBOUND_ROOTCERT_FILE@\fP\&.
 If the file does not exist, or is empty, a builtin certificate is used.
+.UNINDENT
+.INDENT 0.0
 .TP
 .B \-l
 List the builtin root key and builtin root update certificate on stdout.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B \-u \fIname
-The server name, it connects to https://name.  Specify without https:// prefix.
-The default is "data.iana.org".  It connects to the port specified with \-P.
+.B \-u <name>
+The server name, it connects to \fBhttps://name\fP\&.
+Specify without \fBhttps://\fP prefix.
+The default is \fB\(dqdata.iana.org\(dq\fP\&.
+It connects to the port specified with \fI\%\-P\fP\&.
 You can pass an IPv4 address or IPv6 address (no brackets) if you want.
+.UNINDENT
+.INDENT 0.0
 .TP
 .B \-S
-Do not use SNI for the HTTPS connection.  Default is to use SNI.
+Do not use SNI for the HTTPS connection.
+Default is to use SNI.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B \-b \fIaddress
-The source address to bind to for domain resolution and contacting the server
-on https.  May be either an IPv4 address or IPv6 address (no brackets).
+.B \-b <address>
+The source address to bind to for domain resolution and contacting the
+server on https.
+May be either an IPv4 address or IPv6 address (no brackets).
+.UNINDENT
+.INDENT 0.0
 .TP
-.B \-x \fIpath
-The pathname to the root\-anchors.xml file on the server. (forms URL with \-u).
-The default is /root\-anchors/root\-anchors.xml.
+.B \-x <path>
+The pathname to the root\-anchors.xml file on the server.
+(forms URL with \fI\%\-u\fP).
+The default is \fB/root\-anchors/root\-anchors.xml\fP\&.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B \-s \fIpath
-The pathname to the root\-anchors.p7s file on the server. (forms URL with \-u).
-The default is /root\-anchors/root\-anchors.p7s.  This file has to be a PKCS7
-signature over the xml file, using the pem file (\-c) as trust anchor.
+.B \-s <path>
+The pathname to the root\-anchors.p7s file on the server.
+(forms URL with \fI\%\-u\fP).
+The default is \fB/root\-anchors/root\-anchors.p7s\fP\&.
+This file has to be a PKCS7 signature over the xml file, using the pem
+file (\fI\%\-c\fP) as trust anchor.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B \-n \fIname
-The emailAddress for the Subject of the signer's certificate from the p7s
-signature file.  Only signatures from this name are allowed.  default is
-dnssec@iana.org.  If you pass "" then the emailAddress is not checked.
+.B \-n <name>
+The emailAddress for the Subject of the signer\(aqs certificate from the
+p7s signature file.
+Only signatures from this name are allowed.
+The default is \fBdnssec@iana.org\fP\&.
+If you pass \fB\(dq\(dq\fP then the emailAddress is not checked.
+.UNINDENT
+.INDENT 0.0
 .TP
 .B \-4
-Use IPv4 for domain resolution and contacting the server on https.  Default is
-to use IPv4 and IPv6 where appropriate.
+Use IPv4 for domain resolution and contacting the server on
+https.
+Default is to use IPv4 and IPv6 where appropriate.
+.UNINDENT
+.INDENT 0.0
 .TP
 .B \-6
-Use IPv6 for domain resolution and contacting the server on https.  Default is
-to use IPv4 and IPv6 where appropriate.
-.TP
-.B \-f \fIresolv.conf
-Use the given resolv.conf file.  Not enabled by default, but you could try to
-pass /etc/resolv.conf on some systems.  It contains the IP addresses of the
-recursive nameservers to use.  However, since this tool could be used to
-bootstrap that very recursive nameserver, it would not be useful (since
-that server is not up yet, since we are bootstrapping it).  It could be
-useful in a situation where you know an upstream cache is deployed (and
-running) and in captive portal situations.
-.TP
-.B \-r \fIroot.hints
-Use the given root.hints file (same syntax as the BIND and Unbound root hints
-file) to bootstrap domain resolution.  By default a list of builtin root
-hints is used.  Unbound\-anchor goes to the network itself for these roots,
-to resolve the server (\-u option) and to check the root DNSKEY records.
+Use IPv6 for domain resolution and contacting the server on https.
+Default is to use IPv4 and IPv6 where appropriate.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B \-f <resolv.conf>
+Use the given resolv.conf file.
+Not enabled by default, but you could try to pass
+\fB/etc/resolv.conf\fP on some systems.
+It contains the IP addresses of the recursive nameservers to use.
+However, since this tool could be used to bootstrap that very recursive
+nameserver, it would not be useful (since that server is not up yet,
+since we are bootstrapping it).
+It could be useful in a situation where you know an upstream cache is
+deployed (and running) and in captive portal situations.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B \-r <root.hints>
+Use the given root.hints file (same syntax as the BIND and Unbound root
+hints file) to bootstrap domain resolution.
+By default a list of builtin root hints is used.
+unbound\-anchor goes to the network itself for these roots, to resolve
+the server (\fI\%\-u\fP option) and to check the root DNSKEY records.
 It does so, because the tool when used for bootstrapping the recursive
-resolver, cannot use that recursive resolver itself because it is bootstrapping
-that server.
+resolver, cannot use that recursive resolver itself because it is
+bootstrapping that server.
+.UNINDENT
+.INDENT 0.0
 .TP
 .B \-R
-Allow fallback from \-f resolv.conf file to direct root servers query.
-It allows you to prefer local resolvers, but fallback automatically
-to direct root query if they do not respond or do not support DNSSEC.
+Allow fallback from \fI\%\-f\fP \fB<resolv.conf>\fP file to direct root
+servers query.
+It allows you to prefer local resolvers, but fallback automatically to
+direct root query if they do not respond or do not support DNSSEC.
+.UNINDENT
+.INDENT 0.0
 .TP
 .B \-v
-More verbose. Once prints informational messages, multiple times may enable
-large debug amounts (such as full certificates or byte\-dumps of downloaded
-files).  By default it prints almost nothing.  It also prints nothing on
-errors by default; in that case the original root anchor file is simply
-left undisturbed, so that a recursive server can start right after it.
+More verbose.
+Once prints informational messages, multiple times may enable large
+debug amounts (such as full certificates or byte\-dumps of downloaded
+files).
+By default it prints almost nothing.
+It also prints nothing on errors by default; in that case the original
+root anchor file is simply left undisturbed, so that a recursive server
+can start right after it.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B \-C \fIunbound.conf
-Debug option to read unbound.conf into the resolver process used.
+.B \-C <unbound.conf>
+Debug option to read \fB<unbound.conf>\fP into the resolver process
+used.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B \-P \fIport
-Set the port number to use for the https connection.  The default is 443.
+.B \-P <port>
+Set the port number to use for the https connection.
+The default is 443.
+.UNINDENT
+.INDENT 0.0
 .TP
 .B \-F
-Debug option to force update of the root anchor through downloading the xml
-file and verifying it with the certificate.  By default it first tries to
-update by contacting the DNS, which uses much less bandwidth, is much
-faster (200 msec not 2 sec), and is nicer to the deployed infrastructure.
-With this option, it still attempts to do so (and may verbosely tell you),
-but then ignores the result and goes on to use the xml fallback method.
+Debug option to force update of the root anchor through downloading the
+xml file and verifying it with the certificate.
+By default it first tries to update by contacting the DNS, which uses
+much less bandwidth, is much faster (200 msec not 2 sec), and is nicer
+to the deployed infrastructure.
+With this option, it still attempts to do so (and may verbosely tell
+you), but then ignores the result and goes on to use the xml fallback
+method.
+.UNINDENT
+.INDENT 0.0
 .TP
 .B \-h
 Show the version and commandline option help.
-.SH "EXIT CODE"
+.UNINDENT
+.SH EXIT CODE
+.sp
 This tool exits with value 1 if the root anchor was updated using the
-certificate or if the builtin root-anchor was used.  It exits with code
-0 if no update was necessary, if the update was possible with RFC5011
-tracking, or if an error occurred.
-.P
+certificate or if the builtin root\-anchor was used.
+It exits with code 0 if no update was necessary, if the update was possible
+with \fI\%RFC 5011\fP tracking, or if an error occurred.
+.sp
 You can check the exit value in this manner:
+.INDENT 0.0
+.INDENT 3.5
+.sp
 .nf
-	unbound-anchor \-a "root.key" || logger "Please check root.key"
+.ft C
+unbound\-anchor \-a \(dqroot.key\(dq || logger \(dqPlease check root.key\(dq
+.ft P
 .fi
+.UNINDENT
+.UNINDENT
+.sp
 Or something more suitable for your operational environment.
-.SH "TRUST"
-The root keys and update certificate included in this tool
-are provided for convenience and under the terms of our
-license (see the LICENSE file in the source distribution or
-https://github.com/NLnetLabs/unbound/blob/master/LICENSE) and might be stale or
-not suitable to your purpose.
-.P
-By running "unbound\-anchor \-l" the  keys and certificate that are
+.SH TRUST
+.sp
+The root keys and update certificate included in this tool are provided for
+convenience and under the terms of our license (see the LICENSE file in the
+source distribution or \fI\%https://github.com/NLnetLabs/unbound/blob/master/LICENSE\fP
+and might be stale or not suitable to your purpose.
+.sp
+By running \fI\%unbound\-anchor \-l\fP the keys and certificate that are
 configured in the code are printed for your convenience.
-.P
-The build\-in configuration can be overridden by providing a root\-cert
-file and a rootkey file.
-.SH "FILES"
+.sp
+The built\-in configuration can be overridden by providing a root\-cert file and
+a rootkey file.
+.SH FILES
+.INDENT 0.0
 .TP
-.I @UNBOUND_ROOTKEY_FILE@
-The root anchor file, updated with 5011 tracking, and read and written to.
+.B @UNBOUND_ROOTKEY_FILE@
+The root anchor file, updated with 5011 tracking, and read and written
+to.
 The file is created if it does not exist.
 .TP
-.I @UNBOUND_ROOTCERT_FILE@
-The trusted self\-signed certificate that is used to verify the downloaded
-DNSSEC root trust anchor.  You can update it by fetching it from
-https://data.iana.org/root\-anchors/icannbundle.pem (and validate it).
+.B @UNBOUND_ROOTCERT_FILE@
+The trusted self\-signed certificate that is used to verify the
+downloaded DNSSEC root trust anchor.
+You can update it by fetching it from
+\fI\%https://data.iana.org/root\-anchors/icannbundle.pem\fP (and validate it).
 If the file does not exist or is empty, a builtin version is used.
 .TP
-.I https://data.iana.org/root\-anchors/root\-anchors.xml
+.B \fI\%https://data.iana.org/root\-anchors/root\-anchors.xml\fP
 Source for the root key information.
 .TP
-.I https://data.iana.org/root\-anchors/root\-anchors.p7s
+.B \fI\%https://data.iana.org/root\-anchors/root\-anchors.p7s\fP
 Signature on the root key information.
-.SH "SEE ALSO"
-\fIunbound.conf\fR(5),
-\fIunbound\fR(8).
+.UNINDENT
+.SH SEE ALSO
+.sp
+\fI\%unbound.conf(5)\fP,
+\fI\%unbound(8)\fP\&.
+.SH AUTHOR
+Unbound developers are mentioned in the CREDITS file in the distribution.
+.SH COPYRIGHT
+1999-2025, NLnet Labs
+.\" Generated by docutils manpage writer.
+.
diff --git a/contrib/unbound/doc/unbound-anchor.rst b/contrib/unbound/doc/unbound-anchor.rst
new file mode 100644
index 000000000000..480db8eeb8c9
--- /dev/null
+++ b/contrib/unbound/doc/unbound-anchor.rst
@@ -0,0 +1,281 @@
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+.. program:: unbound-anchor
+
+unbound-anchor(8)
+=================
+
+Synopsis
+--------
+
+**unbound-anchor** [``opts``]
+
+Description
+-----------
+
+``unbound-anchor`` performs setup or update of the root trust anchor for DNSSEC
+validation.
+The program fetches the trust anchor with the method from :rfc:`7958` when
+regular :rfc:`5011` update fails to bring it up to date.
+It can be run (as root) from the commandline, or run as part of startup
+scripts.
+Before you start the :doc:`unbound(8)</manpages/unbound>` DNS server.
+
+Suggested usage:
+
+.. code-block:: text
+
+   # in the init scripts.
+   # provide or update the root anchor (if necessary)
+   unbound-anchor -a "@UNBOUND_ROOTKEY_FILE@"
+   # Please note usage of this root anchor is at your own risk
+   # and under the terms of our LICENSE (see source).
+   #
+   # start validating resolver
+   # the unbound.conf contains:
+   # auto-trust-anchor-file: "@UNBOUND_ROOTKEY_FILE@"
+   unbound -c unbound.conf
+
+This tool provides builtin default contents for the root anchor and root update
+certificate files.
+
+It tests if the root anchor file works, and if not, and an update is possible,
+attempts to update the root anchor using the root update certificate.
+It performs a https fetch of
+`root-anchors.xml <http://data.iana.org/root-anchors/root-anchors.xml>`__
+and checks the results (:rfc:`7958`); if all checks are successful, it updates
+the root anchor file.
+Otherwise the root anchor file is unchanged.
+It performs :rfc:`5011` tracking if the DNSSEC information available via the
+DNS makes that possible.
+
+It does not perform an update if the certificate is expired, if the network is
+down or other errors occur.
+
+The available options are:
+
+.. option:: -a <file>
+
+       The root anchor key file, that is read in and written out.
+       Default is :file:`@UNBOUND_ROOTKEY_FILE@`.
+       If the file does not exist, or is empty, a builtin root key is written
+       to it.
+
+.. option:: -c <file>
+
+       The root update certificate file, that is read in.
+       Default is :file:`@UNBOUND_ROOTCERT_FILE@`.
+       If the file does not exist, or is empty, a builtin certificate is used.
+
+.. option:: -l
+
+       List the builtin root key and builtin root update certificate on stdout.
+
+.. option:: -u <name>
+
+       The server name, it connects to ``https://name``.
+       Specify without ``https://`` prefix.
+       The default is ``"data.iana.org"``.
+       It connects to the port specified with :option:`-P`.
+       You can pass an IPv4 address or IPv6 address (no brackets) if you want.
+
+.. option:: -S
+
+       Do not use SNI for the HTTPS connection.
+       Default is to use SNI.
+
+.. option:: -b <address>
+
+       The source address to bind to for domain resolution and contacting the
+       server on https.
+       May be either an IPv4 address or IPv6 address (no brackets).
+
+.. option:: -x <path>
+
+       The pathname to the root-anchors.xml file on the server.
+       (forms URL with :option:`-u`).
+       The default is :file:`/root-anchors/root-anchors.xml`.
+
+.. option:: -s <path>
+
+       The pathname to the root-anchors.p7s file on the server.
+       (forms URL with :option:`-u`).
+       The default is :file:`/root-anchors/root-anchors.p7s`.
+       This file has to be a PKCS7 signature over the xml file, using the pem
+       file (:option:`-c`) as trust anchor.
+
+.. option:: -n <name>
+
+       The emailAddress for the Subject of the signer's certificate from the
+       p7s signature file.
+       Only signatures from this name are allowed.
+       The default is ``dnssec@iana.org``.
+       If you pass ``""`` then the emailAddress is not checked.
+
+.. option:: -4
+
+       Use IPv4 for domain resolution and contacting the server on
+       https.
+       Default is to use IPv4 and IPv6 where appropriate.
+
+.. option:: -6
+
+       Use IPv6 for domain resolution and contacting the server on https.
+       Default is to use IPv4 and IPv6 where appropriate.
+
+.. option:: -f <resolv.conf>
+
+       Use the given resolv.conf file.
+       Not enabled by default, but you could try to pass
+       :file:`/etc/resolv.conf` on some systems.
+       It contains the IP addresses of the recursive nameservers to use.
+       However, since this tool could be used to bootstrap that very recursive
+       nameserver, it would not be useful (since that server is not up yet,
+       since we are bootstrapping it).
+       It could be useful in a situation where you know an upstream cache is
+       deployed (and running) and in captive portal situations.
+
+.. option:: -r <root.hints>
+
+       Use the given root.hints file (same syntax as the BIND and Unbound root
+       hints file) to bootstrap domain resolution.
+       By default a list of builtin root hints is used.
+       unbound-anchor goes to the network itself for these roots, to resolve
+       the server (:option:`-u` option) and to check the root DNSKEY records.
+       It does so, because the tool when used for bootstrapping the recursive
+       resolver, cannot use that recursive resolver itself because it is
+       bootstrapping that server.
+
+.. option:: -R
+
+       Allow fallback from :option:`-f` ``<resolv.conf>`` file to direct root
+       servers query.
+       It allows you to prefer local resolvers, but fallback automatically to
+       direct root query if they do not respond or do not support DNSSEC.
+
+.. option:: -v
+
+       More verbose.
+       Once prints informational messages, multiple times may enable large
+       debug amounts (such as full certificates or byte-dumps of downloaded
+       files).
+       By default it prints almost nothing.
+       It also prints nothing on errors by default; in that case the original
+       root anchor file is simply left undisturbed, so that a recursive server
+       can start right after it.
+
+.. option:: -C <unbound.conf>
+
+       Debug option to read :file:`<unbound.conf>` into the resolver process
+       used.
+
+.. option:: -P <port>
+
+       Set the port number to use for the https connection.
+       The default is 443.
+
+.. option:: -F
+
+       Debug option to force update of the root anchor through downloading the
+       xml file and verifying it with the certificate.
+       By default it first tries to update by contacting the DNS, which uses
+       much less bandwidth, is much faster (200 msec not 2 sec), and is nicer
+       to the deployed infrastructure.
+       With this option, it still attempts to do so (and may verbosely tell
+       you), but then ignores the result and goes on to use the xml fallback
+       method.
+
+.. option:: -h
+
+       Show the version and commandline option help.
+
+Exit Code
+---------
+
+This tool exits with value 1 if the root anchor was updated using the
+certificate or if the builtin root-anchor was used.
+It exits with code 0 if no update was necessary, if the update was possible
+with :rfc:`5011` tracking, or if an error occurred.
+
+You can check the exit value in this manner:
+
+.. code-block:: text
+
+       unbound-anchor -a "root.key" || logger "Please check root.key"
+
+Or something more suitable for your operational environment.
+
+Trust
+-----
+
+The root keys and update certificate included in this tool are provided for
+convenience and under the terms of our license (see the LICENSE file in the
+source distribution or https://github.com/NLnetLabs/unbound/blob/master/LICENSE
+and might be stale or not suitable to your purpose.
+
+By running :option:`unbound-anchor -l` the keys and certificate that are
+configured in the code are printed for your convenience.
+
+The built-in configuration can be overridden by providing a root-cert file and
+a rootkey file.
+
+Files
+-----
+
+@UNBOUND_ROOTKEY_FILE@
+       The root anchor file, updated with 5011 tracking, and read and written
+       to.
+       The file is created if it does not exist.
+
+@UNBOUND_ROOTCERT_FILE@
+       The trusted self-signed certificate that is used to verify the
+       downloaded DNSSEC root trust anchor.
+       You can update it by fetching it from
+       https://data.iana.org/root-anchors/icannbundle.pem (and validate it).
+       If the file does not exist or is empty, a builtin version is used.
+
+https://data.iana.org/root-anchors/root-anchors.xml
+       Source for the root key information.
+
+https://data.iana.org/root-anchors/root-anchors.p7s
+       Signature on the root key information.
+
+See Also
+--------
+
+:doc:`unbound.conf(5)</manpages/unbound.conf>`,
+:doc:`unbound(8)</manpages/unbound>`.
diff --git a/contrib/unbound/doc/unbound-checkconf.8 b/contrib/unbound/doc/unbound-checkconf.8
index ac8782dcde40..9afc0df10de3 100644
--- a/contrib/unbound/doc/unbound-checkconf.8
+++ b/contrib/unbound/doc/unbound-checkconf.8
@@ -1,4 +1,4 @@
-.TH "unbound-checkconf" "8" "Feb 10, 2022" "NLnet Labs" "unbound 1.15.0"
+.TH "unbound-checkconf" "8" "Jul 16, 2025" "NLnet Labs" "unbound 1.23.1"
 .\"
 .\" unbound-checkconf.8 -- unbound configuration checker manual
 .\"
@@ -14,6 +14,7 @@ unbound\-checkconf
 .B unbound\-checkconf
 .RB [ \-h ]
 .RB [ \-f ]
+.RB [ \-q ]
 .RB [ \-o
 .IR option ]
 .RI [ cfgfile ]
@@ -37,6 +38,9 @@ Print full pathname, with chroot applied to it.  Use with the \-o option.
 If given, after checking the config file the value of this option is
 printed to stdout.  For "" (disabled) options an empty line is printed.
 .TP
+.B \-q
+Make the operation quiet, suppress output on success.
+.TP
 .I cfgfile
 The config file to read with settings for Unbound. It is checked.
 If omitted, the config file at the default location is checked.
@@ -45,7 +49,7 @@ The unbound\-checkconf program exits with status code 1 on error,
 0 for a correct config file.
 .SH "FILES"
 .TP
-.I @ub_conf_file@
+.I /var/unbound/unbound.conf
 Unbound configuration file.
 .SH "SEE ALSO"
 \fIunbound.conf\fR(5),
diff --git a/contrib/unbound/doc/unbound-checkconf.8.in b/contrib/unbound/doc/unbound-checkconf.8.in
index 73cb0ebcbb5f..69f998a5b80f 100644
--- a/contrib/unbound/doc/unbound-checkconf.8.in
+++ b/contrib/unbound/doc/unbound-checkconf.8.in
@@ -1,56 +1,93 @@
-.TH "unbound-checkconf" "8" "Apr 24, 2025" "NLnet Labs" "unbound 1.23.0"
-.\"
-.\" unbound-checkconf.8 -- unbound configuration checker manual
-.\"
-.\" Copyright (c) 2007, NLnet Labs. All rights reserved.
-.\"
-.\" See LICENSE for the license.
-.\"
-.\"
-.SH "NAME"
-unbound\-checkconf
-\- Check Unbound configuration file for errors.
-.SH "SYNOPSIS"
-.B unbound\-checkconf
-.RB [ \-h ]
-.RB [ \-f ]
-.RB [ \-q ]
-.RB [ \-o
-.IR option ]
-.RI [ cfgfile ]
-.SH "DESCRIPTION"
-.B Unbound\-checkconf
-checks the configuration file for the
-\fIunbound\fR(8)
-DNS resolver for syntax and other errors.
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "UNBOUND-CHECKCONF" "8" "Sep 18, 2025" "1.24.0" "Unbound"
+.SH NAME
+unbound-checkconf \- Check Unbound 1.24.0 configuration file for errors.
+.SH SYNOPSIS
+.sp
+\fBunbound\-checkconf\fP [\fB\-hf\fP] [\fB\-o option\fP] [cfgfile]
+.SH DESCRIPTION
+.sp
+\fBunbound\-checkconf\fP checks the configuration file for the
+\fI\%unbound(8)\fP DNS resolver for syntax and other errors.
 The config file syntax is described in
-\fIunbound.conf\fR(5).
-.P
+\fI\%unbound.conf(5)\fP\&.
+.sp
 The available options are:
+.INDENT 0.0
 .TP
 .B \-h
 Show the version and commandline option help.
+.UNINDENT
+.INDENT 0.0
 .TP
 .B \-f
-Print full pathname, with chroot applied to it.  Use with the \-o option.
-.TP
-.B \-o\fI option
-If given, after checking the config file the value of this option is
-printed to stdout.  For "" (disabled) options an empty line is printed.
+Print full pathname, with chroot applied to it.
+Use with the \fI\%\-o\fP option.
+.UNINDENT
+.INDENT 0.0
 .TP
 .B \-q
 Make the operation quiet, suppress output on success.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B \-o <option>
+If given, after checking the config file the value of this option is
+printed to stdout.
+For \fB\(dq\(dq\fP (disabled) options an empty line is printed.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I cfgfile
-The config file to read with settings for Unbound. It is checked.
+.B cfgfile
+The config file to read with settings for Unbound.
+It is checked.
 If omitted, the config file at the default location is checked.
-.SH "EXIT CODE"
-The unbound\-checkconf program exits with status code 1 on error,
-0 for a correct config file.
-.SH "FILES"
+.UNINDENT
+.SH EXIT CODE
+.sp
+The \fBunbound\-checkconf\fP program exits with status code 1 on error, 0 for a
+correct config file.
+.SH FILES
+.INDENT 0.0
 .TP
-.I @ub_conf_file@
+.B @ub_conf_file@
 Unbound configuration file.
-.SH "SEE ALSO"
-\fIunbound.conf\fR(5),
-\fIunbound\fR(8).
+.UNINDENT
+.SH SEE ALSO
+.sp
+\fI\%unbound.conf(5)\fP,
+\fI\%unbound(8)\fP\&.
+.SH AUTHOR
+Unbound developers are mentioned in the CREDITS file in the distribution.
+.SH COPYRIGHT
+1999-2025, NLnet Labs
+.\" Generated by docutils manpage writer.
+.
diff --git a/contrib/unbound/doc/unbound-checkconf.rst b/contrib/unbound/doc/unbound-checkconf.rst
new file mode 100644
index 000000000000..fbaacbee7d8e
--- /dev/null
+++ b/contrib/unbound/doc/unbound-checkconf.rst
@@ -0,0 +1,98 @@
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+.. program:: unbound-checkconf
+
+unbound-checkconf(8)
+====================
+
+Synopsis
+--------
+
+**unbound-checkconf** [``-hf``] [``-o option``] [cfgfile]
+
+Description
+-----------
+
+``unbound-checkconf`` checks the configuration file for the
+:doc:`unbound(8)</manpages/unbound>` DNS resolver for syntax and other errors.
+The config file syntax is described in
+:doc:`unbound.conf(5)</manpages/unbound.conf>`.
+
+The available options are:
+
+.. option:: -h
+
+    Show the version and commandline option help.
+
+.. option:: -f
+
+    Print full pathname, with chroot applied to it.
+    Use with the :option:`-o` option.
+
+.. option:: -q
+
+    Make the operation quiet, suppress output on success.
+
+.. option:: -o <option>
+
+    If given, after checking the config file the value of this option is
+    printed to stdout.
+    For ``""`` (disabled) options an empty line is printed.
+
+.. option:: cfgfile
+
+    The config file to read with settings for Unbound.
+    It is checked.
+    If omitted, the config file at the default location is checked.
+
+Exit Code
+---------
+
+The ``unbound-checkconf`` program exits with status code 1 on error, 0 for a
+correct config file.
+
+Files
+-----
+
+@ub_conf_file@
+    Unbound configuration file.
+
+See Also
+--------
+
+:doc:`unbound.conf(5)</manpages/unbound.conf>`,
+:doc:`unbound(8)</manpages/unbound>`.
diff --git a/contrib/unbound/doc/unbound-control.8 b/contrib/unbound/doc/unbound-control.8
index 9d0c10e942bd..abc333c42ff9 100644
--- a/contrib/unbound/doc/unbound-control.8
+++ b/contrib/unbound/doc/unbound-control.8
@@ -1,4 +1,4 @@
-.TH "unbound-control" "8" "Feb 10, 2022" "NLnet Labs" "unbound 1.15.0"
+.TH "unbound-control" "8" "Jul 16, 2025" "NLnet Labs" "unbound 1.23.1"
 .\"
 .\" unbound-control.8 -- unbound remote control manual
 .\"
@@ -32,7 +32,7 @@ Show the version and commandline option help.
 .TP
 .B \-c \fIcfgfile
 The config file to read with settings.  If not given the default
-config file @ub_conf_file@ is used.
+config file /var/unbound/unbound.conf is used.
 .TP
 .B \-s \fIserver[@port]
 IPv4 or IPv6 address of the server to contact.  If not given, the
@@ -54,6 +54,161 @@ Stop the server. The server daemon exits.
 .B reload
 Reload the server. This flushes the cache and reads the config file fresh.
 .TP
+.B reload_keep_cache
+Reload the server but try to keep the RRset and message cache if
+(re)configuration allows for it.
+That means the caches sizes and the number of threads must not change between
+reloads.
+.TP
+.B fast_reload \fR[\fI+dpv\fR]
+Reload the server, but keep downtime to a minimum, so that user queries
+keep seeing service. This needs the code compiled with threads. The config
+is loaded in a thread, and prepared, then it briefly pauses the existing
+server and updates config options. The intent is that the pause does not
+impact the service of user queries. The cache is kept. Also user queries
+worked on are kept and continue, but with the new config options.
+.IP
+This command is experimental at this time.
+.IP
+The amount of temporal memory needed during a fast_reload is twice the
+amount needed for configuration.
+This is because Unbound temporarily needs to store both current configuration
+values and new ones while trying to fast_reload.
+Zones loaded from disk (authority zones and RPZ zones) are included in such
+memory needs.
+.IP
+Options that can be changed are for
+forwards,
+stubs,
+views,
+authority zones,
+RPZ zones and
+local zones.
+.IP
+Also
+access-control and similar options,
+interface-action and similar options and
+tcp-connection-limit.
+It can reload some
+define-tag
+changes, more on that below.
+Further options include
+insecure-lan-zones,
+domain-insecure,
+trust-anchor-file,
+trust-anchor,
+trusted-keys-file,
+auto-trust-anchor-file,
+edns-client-string,
+ipset,
+log-identity,
+infra-cache-numhosts,
+msg-cache-size,
+rrset-cache-size,
+key-cache-size,
+ratelimit-size,
+neg-cache-size,
+num-queries-per-thread,
+jostle-timeout,
+use-caps-for-id,
+unwanted-reply-threshold,
+tls-use-sni,
+outgoing-tcp-mss,
+ip-dscp,
+max-reuse-tcp-queries,
+tcp-reuse-timeout,
+tcp-auth-query-timeout,
+delay-close.
+.IP
+It does not work with
+interface and
+outgoing-interface changes,
+also not with
+remote control,
+outgoing-port-permit,
+outgoing-port-avoid,
+msg-buffer-size,
+any **\*-slabs** options and
+statistics-interval changes.
+.IP
+For dnstap these options can be changed:
+dnstap-log-resolver-query-messages,
+dnstap-log-resolver-response-messages,
+dnstap-log-client-query-messages,
+dnstap-log-client-response-messages,
+dnstap-log-forwarder-query-messages and
+dnstap-log-forwarder-response-messages.
+.IP
+It does not work with these options:
+dnstap-enable,
+dnstap-bidirectional,
+dnstap-socket-path,
+dnstap-ip,
+dnstap-tls,
+dnstap-tls-server-name,
+dnstap-tls-cert-bundle,
+dnstap-tls-client-key-file and
+dnstap-tls-client-cert-file.
+.IP
+The options
+dnstap-send-identity,
+dnstap-send-version,
+dnstap-identity, and
+dnstap-version can be loaded
+when ``+p`` is not used.
+.IP
+The '+v' option makes the output verbose which includes the time it took to do
+the reload.
+With '+vv' it is more verbose which includes the amount of memory that was
+allocated temporarily to perform the reload; this amount of memory can be big
+if the config has large contents.
+In the timing output the 'reload' time is the time during which the server was
+paused.
+.IP
+The '+p' option makes the reload not pause threads, they keep running.
+Locks are acquired, but items are updated in sequence, so it is possible
+for threads to see an inconsistent state with some options from the old
+and some options from the new config, such as cache TTL parameters from the
+old config and forwards from the new config. The stubs and forwards are
+updated at the same time, so that they are viewed consistently, either old
+or new values together. The option makes the reload time take eg. 3
+microseconds instead of 0.3 milliseconds during which the worker threads are
+interrupted. So, the interruption is much shorter, at the expense of some
+inconsistency. After the reload itself, every worker thread is briefly
+contacted to make them release resources, this makes the delete timing
+a little longer, and takes up time from the remote control servicing
+worker thread.
+.IP
+With the nopause option, the reload does not work to reload some options,
+that fast reload works on without the nopause option: val-bogus-ttl,
+val-override-date, val-sig-skew-min, val-sig-skew-max, val-max-restart,
+val-nsec3-keysize-iterations, target-fetch-policy, outbound-msg-retry,
+max-sent-count, max-query-restarts, do-not-query-address,
+do-not-query-localhost, private-address, private-domain, caps-exempt,
+nat64-prefix, do-nat64, infra-host-ttl, infra-keep-probing, ratelimit,
+ip-ratelimit, ip-ratelimit-cookie, wait-limit-netblock,
+wait-limit-cookie-netblock, ratelimit-below-domain, ratelimit-for-domain.
+.IP
+The '+d' option makes the reload drop queries that the worker threads are
+working on. This is like flush_requestlist. Without it the queries are kept
+so that users keep getting answers for those queries that are currently
+processed. The drop makes it so that queries during the life time of the
+query processing see only old, or only new config options.
+.IP
+When there are changes to the config tags, from the \fBdefine\-tag\fR option,
+then the '+d' option is implicitly turned on with a warning printout, and
+queries are dropped.
+This is to stop references to the old tag information, by the old
+queries. If the number of tags is increased in the newly loaded config, by
+adding tags at the end, then the implicit '+d' option is not needed.
+.IP
+For response ip, that is actions associated with IP addresses, and perhaps
+intersected with access control tag and action information, those settings
+are stored with a query when it comes in based on its source IP address.
+The old information is kept with the query until the queries are done.
+This is gone when those queries are resolved and finished, or it is possible
+to flush the requestlist with '+d'.
+.TP
 .B verbosity \fInumber
 Change verbosity value for logging. Same values as \fBverbosity\fR keyword in
 \fIunbound.conf\fR(5).  This new setting lasts until the server is issued
@@ -115,31 +270,38 @@ Remove local data RRs read from stdin of unbound\-control. Input is one name per
 line. For bulk removals.
 .TP
 .B dump_cache
-The contents of the cache is printed in a text format to stdout. You can
-redirect it to a file to store the cache in a file.
+The content of the cache is printed in a text format to stdout.
+You can redirect it to a file to store the cache in a file.
+Not supported in remote Unbounds in multi-process operation.
 .TP
 .B load_cache
-The contents of the cache is loaded from stdin.  Uses the same format as
-dump_cache uses.  Loading the cache with old, or wrong data can result
-in old or wrong data returned to clients.  Loading data into the cache
-in this way is supported in order to aid with debugging.
+The content of the cache is loaded from stdin.
+Uses the same format as dump_cache uses.
+Loading the cache with old, or wrong data can result in old or wrong data
+returned to clients.
+Loading data into the cache in this way is supported in order to aid with
+debugging.
+Not supported in remote Unbounds in multi-process operation.
 .TP
 .B lookup \fIname
 Print to stdout the name servers that would be used to look up the
 name specified.
 .TP
-.B flush \fIname
+.B flush \fR[\fI+c\fR] \fIname
 Remove the name from the cache. Removes the types
-A, AAAA, NS, SOA, CNAME, DNAME, MX, PTR, SRV and NAPTR.
+A, AAAA, NS, SOA, CNAME, DNAME, MX, PTR, SRV, NAPTR, SVCB and HTTPS.
 Because that is fast to do. Other record types can be removed using
 .B flush_type
 or
 .B flush_zone\fR.
+.IP
+The '+c' option removes the items also from the cachedb cache. If
+cachedb is in use.
 .TP
-.B flush_type \fIname\fR \fItype
+.B flush_type \fR[\fI+c\fR] \fIname\fR \fItype
 Remove the name, type information from the cache.
 .TP
-.B flush_zone \fIname
+.B flush_zone \fR[\fI+c\fR] \fIname
 Remove all information at or below the name from the cache.
 The rrsets and key entries are removed so that new lookups will be performed.
 This needs to walk and inspect the entire cache, and is a slow operation.
@@ -147,10 +309,10 @@ The entries are set to expired in the implementation of this command (so,
 with serve\-expired enabled, it'll serve that information but schedule a
 prefetch for new information).
 .TP
-.B flush_bogus
+.B flush_bogus \fR[\fI+c\fR]
 Remove all bogus data from the cache.
 .TP
-.B flush_negative
+.B flush_negative \fR[\fI+c\fR]
 Remove all negative data from the cache.  This is nxdomain answers,
 nodata answers and servfail answers.  Also removes bad key entries
 (which could be due to failed lookups) from the dnssec key cache, and
@@ -233,22 +395,24 @@ still be bogus, use \fBflush_zone\fR to remove it), does not affect the config f
 .B insecure_remove \fIzone
 Removes domain\-insecure for the given zone.
 .TP
-.B forward_add \fR[\fI+i\fR] \fIzone addr ...
+.B forward_add \fR[\fI+it\fR] \fIzone addr ...
 Add a new forward zone to running Unbound.  With +i option also adds a
 \fIdomain\-insecure\fR for the zone (so it can resolve insecurely if you have
 a DNSSEC root trust anchor configured for other names).
 The addr can be IP4, IP6 or nameserver names, like \fIforward-zone\fR config
 in unbound.conf.
+The +t option sets it to use tls upstream, like \fIforward\-tls\-upstream\fR: yes.
 .TP
 .B forward_remove \fR[\fI+i\fR] \fIzone
 Remove a forward zone from running Unbound.  The +i also removes a
 \fIdomain\-insecure\fR for the zone.
 .TP
-.B stub_add \fR[\fI+ip\fR] \fIzone addr ...
+.B stub_add \fR[\fI+ipt\fR] \fIzone addr ...
 Add a new stub zone to running Unbound.  With +i option also adds a
 \fIdomain\-insecure\fR for the zone.  With +p the stub zone is set to prime,
 without it it is set to notprime.  The addr can be IP4, IP6 or nameserver
 names, like the \fIstub-zone\fR config in unbound.conf.
+The +t option sets it to use tls upstream, like \fIstub\-tls\-upstream\fR: yes.
 .TP
 .B stub_remove \fR[\fI+i\fR] \fIzone
 Remove a stub zone from running Unbound.  The +i also removes a
@@ -289,20 +453,22 @@ just the ratelimited ips, with their estimated qps.  The ratelimited
 ips are dropped before checking the cache.
 .TP
 .B list_auth_zones
-List the auth zones that are configured.  Printed one per line with a
-status, indicating if the zone is expired and current serial number.
+List the auth zones that are configured.  Printed one per line with a status,
+indicating if the zone is expired and current serial number.  Configured RPZ
+zones are included.
 .TP
 .B auth_zone_reload \fIzone\fR
-Reload the auth zone from zonefile.  The zonefile is read in overwriting
-the current contents of the zone in memory.  This changes the auth zone
-contents itself, not the cache contents.  Such cache contents exists if
-you set Unbound to validate with for-upstream yes and that can be cleared
-with \fBflush_zone\fR \fIzone\fR.
+Reload the auth zone (or RPZ zone) from zonefile.  The zonefile is read in
+overwriting the current contents of the zone in memory.  This changes the auth
+zone contents itself, not the cache contents.  Such cache contents exists if
+you set Unbound to validate with for-upstream yes and that can be cleared with
+\fBflush_zone\fR \fIzone\fR.
 .TP
 .B auth_zone_transfer \fIzone\fR
-Transfer the auth zone from master.  The auth zone probe sequence is started,
-where the masters are probed to see if they have an updated zone (with the SOA
-serial check).  And then the zone is transferred for a newer zone version.
+Transfer the auth zone (or RPZ zone) from master.  The auth zone probe sequence
+is started, where the masters are probed to see if they have an updated zone
+(with the SOA serial check).  And then the zone is transferred for a newer zone
+version.
 .TP
 .B rpz_enable \fIzone\fR
 Enable the RPZ zone if it had previously been disabled.
@@ -333,6 +499,41 @@ Remove a list of \fIlocal_data\fR for given view from stdin. Like local_datas_re
 .TP
 .B view_local_datas \fIview\fR
 Add a list of \fIlocal_data\fR for given view from stdin.  Like local_datas.
+.TP
+.B add_cookie_secret <secret>
+Add or replace a cookie secret persistently. <secret> needs to be an 128 bit
+hex string.
+.IP
+Cookie secrets can be either \fIactive\fR or \fIstaging\fR. \fIActive\fR cookie
+secrets are used to create DNS Cookies, but verification of a DNS Cookie
+succeeds with any of the \fIactive\fR or \fIstaging\fR cookie secrets. The
+state of the current cookie secrets can be printed with the
+\fBprint_cookie_secrets\fR command.
+.IP
+When there are no cookie secrets configured yet, the <secret> is added as
+\fIactive\fR. If there is already an \fIactive\fR cookie secret, the <secret>
+is added as \fIstaging\fR or replacing an existing \fIstaging\fR secret.
+.IP
+To "roll" a cookie secret used in an anycast set. The new secret has to be
+added as staging secret to \fBall\fR nodes in the anycast set. When \fBall\fR
+nodes can verify DNS Cookies with the new secret, the new secret can be
+activated with the \fBactivate_cookie_secret\fR command. After \fBall\fR nodes
+have the new secret \fIactive\fR for at least one hour, the previous secret can
+be dropped with the \fBdrop_cookie_secret\fR command.
+.IP
+Persistence is accomplished by writing to a file which if configured with the
+\fBcookie\-secret\-file\fR option in the server section of the config file.
+This is disabled by default, "".
+.TP
+.B drop_cookie_secret
+Drop the \fIstaging\fR cookie secret.
+.TP
+.B activate_cookie_secret
+Make the current \fIstaging\fR cookie secret \fIactive\fR, and the current
+\fIactive\fR cookie secret \fIstaging\fR.
+.TP
+.B print_cookie_secrets
+Show the current configured cookie secrets with their status.
 .SH "EXIT CODE"
 The unbound\-control program exits with status code 1 on error, 0 on success.
 .SH "SET UP"
@@ -361,6 +562,21 @@ number of queries received by thread
 .I threadX.num.queries_ip_ratelimited
 number of queries rate limited by thread
 .TP
+.I threadX.num.queries_cookie_valid
+number of queries with a valid DNS Cookie by thread
+.TP
+.I threadX.num.queries_cookie_client
+number of queries with a client part only DNS Cookie by thread
+.TP
+.I threadX.num.queries_cookie_invalid
+number of queries with an invalid DNS Cookie by thread
+.TP
+.I threadX.num.queries_discard_timeout
+number of queries removed due to discard-timeout by thread
+.TP
+.I threadX.num.queries_wait_limit
+number of queries removed due to wait-limit by thread
+.TP
 .I threadX.num.cachehits
 number of queries that were successfully answered using a cache lookup
 .TP
@@ -380,6 +596,9 @@ request for certificates.
 .I threadX.num.dnscrypt.malformed
 number of request that were neither cleartext, not valid dnscrypt messages.
 .TP
+.I threadX.num.dns_error_reports
+number of DNS Error Reports generated by thread
+.TP
 .I threadX.num.prefetch
 number of cache prefetches performed.  This number is included in
 cachehits, as the original query had the unprefetched answer from cache,
@@ -390,6 +609,14 @@ as a cache response was sent.
 .I threadX.num.expired
 number of replies that served an expired cache entry.
 .TP
+.I threadX.num.queries_timed_out
+number of queries that are dropped because they waited in the UDP socket buffer
+for too long.
+.TP
+.I threadX.query.queue_time_us.max
+The maximum wait time for packets in the socket buffer, in microseconds. This
+is only reported when sock-queue-timeout is enabled.
+.TP
 .I threadX.num.recursivereplies
 The number of replies sent to queries that needed recursive processing. Could be smaller than threadX.num.cachemiss if due to timeouts no replies were sent for some queries.
 .TP
@@ -430,6 +657,24 @@ buffers are full.
 .I total.num.queries
 summed over threads.
 .TP
+.I total.num.queries_ip_ratelimited
+summed over threads.
+.TP
+.I total.num.queries_cookie_valid
+summed over threads.
+.TP
+.I total.num.queries_cookie_client
+summed over threads.
+.TP
+.I total.num.queries_cookie_invalid
+summed over threads.
+.TP
+.I total.num.queries_discard_timeout
+summed over threads.
+.TP
+.I total.num.queries_wait_limit
+summed over threads.
+.TP
 .I total.num.cachehits
 summed over threads.
 .TP
@@ -448,12 +693,21 @@ summed over threads.
 .I total.num.dnscrypt.malformed
 summed over threads.
 .TP
+.I total.num.dns_error_reports
+summed over threads.
+.TP
 .I total.num.prefetch
 summed over threads.
 .TP
 .I total.num.expired
 summed over threads.
 .TP
+.I total.num.queries_timed_out
+summed over threads.
+.TP
+.I total.query.queue_time_us.max
+the maximum of the thread values.
+.TP
 .I total.num.recursivereplies
 summed over threads.
 .TP
@@ -519,6 +773,10 @@ queries waiting for request stream completion.
 Memory in bytes used by the HTTP/2 response buffers. Containing DNS responses
 waiting to be written back to the clients.
 .TP
+.I mem.quic
+Memory in bytes used by QUIC. Containing connection information, stream
+information, queries read and responses written back to the clients.
+.TP
 .I histogram.<sec>.<usec>.to.<sec>.<usec>
 Shows a histogram, summed over all threads. Every element counts the
 recursive queries whose reply time fit between the lower and upper bound.
@@ -550,6 +808,10 @@ Number of queries that were made using TCP towards the Unbound server.
 Number of queries that the Unbound server made using TCP outgoing towards
 other servers.
 .TP
+.I num.query.udpout
+Number of queries that the Unbound server made using UDP outgoing towards
+other servers.
+.TP
 .I num.query.tls
 Number of queries that were made using TLS towards the Unbound server.
 These are also counted in num.query.tcp, because TLS uses TCP.
@@ -563,6 +825,10 @@ Number of queries that were made using HTTPS towards the Unbound server.
 These are also counted in num.query.tcp and num.query.tls, because HTTPS
 uses TLS and TCP.
 .TP
+.I num.query.quic
+Number of queries that were made using QUIC towards the Unbound server.
+These are also counted in num.query.tls, because TLS is used for these queries.
+.TP
 .I num.query.ipv6
 Number of queries that were made using IPv6 towards the Unbound server.
 .TP
@@ -585,7 +851,7 @@ ratelimiting.
 .TP
 .I num.query.dnscrypt.shared_secret.cachemiss
 The number of dnscrypt queries that did not find a shared secret in the cache.
-The can be use to compute the shared secret hitrate.
+This can be used to compute the shared secret hitrate.
 .TP
 .I num.query.dnscrypt.replay
 The number of dnscrypt queries that found a nonce hit in the nonce cache and
@@ -641,6 +907,18 @@ timing and protocol support information.
 The number of items in the key cache.  These are DNSSEC keys, one item
 per delegation point, and their validation status.
 .TP
+.I msg.cache.max_collisions
+The maximum number of hash table collisions in the msg cache. This is the
+number of hashes that are identical when a new element is inserted in the
+hash table. If the value is very large, like hundreds, something is wrong
+with the performance of the hash table, hash values are incorrect or malicious.
+.TP
+.I rrset.cache.max_collisions
+The maximum number of hash table collisions in the rrset cache. This is the
+number of hashes that are identical when a new element is inserted in the
+hash table. If the value is very large, like hundreds, something is wrong
+with the performance of the hash table, hash values are incorrect or malicious.
+.TP
 .I dnscrypt_shared_secret.cache.count
 The number of items in the shared secret cache. These are precomputed shared
 secrets for a given client public key/server secret key pair. Shared secrets
@@ -680,7 +958,12 @@ Number of queries that got an answer that contained EDNS client subnet data.
 .I num.query.subnet_cache
 Number of queries answered from the edns client subnet cache.  These are
 counted as cachemiss by the main counters, but hit the client subnet
-specific cache, after getting processed by the edns client subnet module.
+specific cache after getting processed by the edns client subnet module.
+.TP
+.I num.query.cachedb
+Number of queries answered from the external cache of cachedb.
+These are counted as cachemiss by the main counters, but hit the cachedb
+external cache after getting processed by the cachedb module.
 .TP
 .I num.rpz.action.<rpz_action>
 Number of queries answered using configured RPZ policy, per RPZ action type.
@@ -688,10 +971,10 @@ Possible actions are: nxdomain, nodata, passthru, drop, tcp\-only, local\-data,
 disabled, and cname\-override.
 .SH "FILES"
 .TP
-.I @ub_conf_file@
+.I /var/unbound/unbound.conf
 Unbound configuration file.
 .TP
-.I @UNBOUND_RUN_DIR@
+.I /var/unbound
 directory with private keys (unbound_server.key and unbound_control.key) and
 self\-signed certificates (unbound_server.pem and unbound_control.pem).
 .SH "SEE ALSO"
diff --git a/contrib/unbound/doc/unbound-control.8.in b/contrib/unbound/doc/unbound-control.8.in
index 449c279d6499..8586f4fb5a86 100644
--- a/contrib/unbound/doc/unbound-control.8.in
+++ b/contrib/unbound/doc/unbound-control.8.in
@@ -1,982 +1,1547 @@
-.TH "unbound-control" "8" "Apr 24, 2025" "NLnet Labs" "unbound 1.23.0"
-.\"
-.\" unbound-control.8 -- unbound remote control manual
-.\"
-.\" Copyright (c) 2008, NLnet Labs. All rights reserved.
-.\"
-.\" See LICENSE for the license.
-.\"
-.\"
-.SH "NAME"
-.B unbound\-control,
-.B unbound\-control\-setup
-\- Unbound remote server control utility.
-.SH "SYNOPSIS"
-.B unbound\-control
-.RB [ \-hq ]
-.RB [ \-c
-.IR cfgfile ]
-.RB [ \-s
-.IR server ]
-.IR command
-.SH "DESCRIPTION"
-.B Unbound\-control
-performs remote administration on the \fIunbound\fR(8) DNS server.
-It reads the configuration file, contacts the Unbound server over SSL
-sends the command and displays the result.
-.P
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "UNBOUND-CONTROL" "8" "Sep 18, 2025" "1.24.0" "Unbound"
+.SH NAME
+unbound-control \- Unbound 1.24.0 remote server control utility.
+.SH SYNOPSIS
+.sp
+\fBunbound\-control\fP [\fB\-hq\fP] [\fB\-c cfgfile\fP] [\fB\-s server\fP] command
+.SH DESCRIPTION
+.sp
+\fBunbound\-control\fP performs remote administration on the
+\fI\%unbound(8)\fP DNS server.
+It reads the configuration file, contacts the Unbound server over TLS sends the
+command and displays the result.
+.sp
 The available options are:
+.INDENT 0.0
 .TP
 .B \-h
 Show the version and commandline option help.
-.TP
-.B \-c \fIcfgfile
-The config file to read with settings.  If not given the default
-config file @ub_conf_file@ is used.
-.TP
-.B \-s \fIserver[@port]
-IPv4 or IPv6 address of the server to contact.  If not given, the
-address is read from the config file.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B \-c <cfgfile>
+The config file to read with settings.
+If not given the default config file
+\fB@ub_conf_file@\fP is used.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B \-s <server[@port]>
+IPv4 or IPv6 address of the server to contact.
+If not given, the address is read from the config file.
+.UNINDENT
+.INDENT 0.0
 .TP
 .B \-q
-quiet, if the option is given it does not print anything if it works ok.
-.SH "COMMANDS"
+Quiet, if the option is given it does not print anything if it works ok.
+.UNINDENT
+.SH COMMANDS
+.sp
 There are several commands that the server understands.
-.TP
-.B start
-Start the server. Simply execs \fIunbound\fR(8).  The Unbound executable
-is searched for in the \fBPATH\fR set in the environment.  It is started
-with the config file specified using \fI\-c\fR or the default config file.
-.TP
-.B stop
-Stop the server. The server daemon exits.
-.TP
-.B reload
-Reload the server. This flushes the cache and reads the config file fresh.
-.TP
-.B reload_keep_cache
+.INDENT 0.0
+.TP
+.B start 
+Start the server.
+Simply execs \fI\%unbound(8)\fP\&.
+The \fBunbound\fP executable is searched for in the \fBPATH\fP set in the
+environment.
+It is started with the config file specified using \fI\%\-c\fP or the
+default config file.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B stop 
+Stop the server.
+The server daemon exits.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B reload 
+Reload the server.
+This flushes the cache and reads the config file fresh.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B reload_keep_cache 
 Reload the server but try to keep the RRset and message cache if
 (re)configuration allows for it.
-That means the caches sizes and the number of threads must not change between
-reloads.
+That means the caches sizes and the number of threads must not change
+between reloads.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B fast_reload \fR[\fI+dpv\fR]
+.B fast_reload [\fB+dpv\fP] 
 Reload the server, but keep downtime to a minimum, so that user queries
-keep seeing service. This needs the code compiled with threads. The config
-is loaded in a thread, and prepared, then it briefly pauses the existing
-server and updates config options. The intent is that the pause does not
-impact the service of user queries. The cache is kept. Also user queries
-worked on are kept and continue, but with the new config options.
-.IP
+keep seeing service.
+This needs the code compiled with threads.
+The config is loaded in a thread, and prepared, then it briefly pauses the
+existing server and updates config options.
+The intent is that the pause does not impact the service of user queries.
+The cache is kept.
+Also user queries worked on are kept and continue, but with the new config
+options.
+.sp
+\fBNOTE:\fP
+.INDENT 7.0
+.INDENT 3.5
 This command is experimental at this time.
-.IP
+.UNINDENT
+.UNINDENT
+.sp
 The amount of temporal memory needed during a fast_reload is twice the
 amount needed for configuration.
-This is because Unbound temporarily needs to store both current configuration
-values and new ones while trying to fast_reload.
+This is because Unbound temporarily needs to store both current
+configuration values and new ones while trying to fast_reload.
 Zones loaded from disk (authority zones and RPZ zones) are included in such
 memory needs.
-.IP
+.sp
 Options that can be changed are for
-forwards,
-stubs,
-views,
-authority zones,
-RPZ zones and
-local zones.
-.IP
+\fI\%forwards\fP,
+\fI\%stubs\fP,
+\fI\%views\fP,
+\fI\%authority zones\fP,
+\fI\%RPZ zones\fP and
+\fI\%local zones\fP\&.
+.sp
 Also
-access-control and similar options,
-interface-action and similar options and
-tcp-connection-limit.
+\fI\%access\-control\fP and similar options,
+\fI\%interface\-action\fP and similar
+options and
+\fI\%tcp\-connection\-limit\fP\&.
 It can reload some
-define-tag
+\fI\%define\-tag\fP
 changes, more on that below.
 Further options include
-insecure-lan-zones,
-domain-insecure,
-trust-anchor-file,
-trust-anchor,
-trusted-keys-file,
-auto-trust-anchor-file,
-edns-client-string,
+\fI\%insecure\-lan\-zones\fP,
+\fI\%domain\-insecure\fP,
+\fI\%trust\-anchor\-file\fP,
+\fI\%trust\-anchor\fP,
+\fI\%trusted\-keys\-file\fP,
+\fI\%auto\-trust\-anchor\-file\fP,
+\fI\%edns\-client\-string\fP,
 ipset,
-log-identity,
-infra-cache-numhosts,
-msg-cache-size,
-rrset-cache-size,
-key-cache-size,
-ratelimit-size,
-neg-cache-size,
-num-queries-per-thread,
-jostle-timeout,
-use-caps-for-id,
-unwanted-reply-threshold,
-tls-use-sni,
-outgoing-tcp-mss,
-ip-dscp,
-max-reuse-tcp-queries,
-tcp-reuse-timeout,
-tcp-auth-query-timeout,
-delay-close.
-.IP
+\fI\%log\-identity\fP,
+\fI\%infra\-cache\-numhosts\fP,
+\fI\%msg\-cache\-size\fP,
+\fI\%rrset\-cache\-size\fP,
+\fI\%key\-cache\-size\fP,
+\fI\%ratelimit\-size\fP,
+\fI\%neg\-cache\-size\fP,
+\fI\%num\-queries\-per\-thread\fP,
+\fI\%jostle\-timeout\fP,
+\fI\%use\-caps\-for\-id\fP,
+\fI\%unwanted\-reply\-threshold\fP,
+\fI\%tls\-use\-sni\fP,
+\fI\%outgoing\-tcp\-mss\fP,
+\fI\%ip\-dscp\fP,
+\fI\%max\-reuse\-tcp\-queries\fP,
+\fI\%tcp\-reuse\-timeout\fP,
+\fI\%tcp\-auth\-query\-timeout\fP,
+\fI\%delay\-close\fP\&.
+.sp
 It does not work with
-interface and
-outgoing-interface changes,
+\fI\%interface\fP and
+\fI\%outgoing\-interface\fP changes,
 also not with
-remote control,
-outgoing-port-permit,
-outgoing-port-avoid,
-msg-buffer-size,
-any **\*-slabs** options and
-statistics-interval changes.
-.IP
-For dnstap these options can be changed:
-dnstap-log-resolver-query-messages,
-dnstap-log-resolver-response-messages,
-dnstap-log-client-query-messages,
-dnstap-log-client-response-messages,
-dnstap-log-forwarder-query-messages and
-dnstap-log-forwarder-response-messages.
-.IP
+\fI\%remote control\fP,
+\fI\%outgoing\-port\-permit\fP,
+\fI\%outgoing\-port\-avoid\fP,
+\fI\%msg\-buffer\-size\fP,
+any \fB*\-slabs\fP options and
+\fI\%statistics\-interval\fP changes.
+.sp
+For \fI\%dnstap\fP these options can be changed:
+\fI\%dnstap\-log\-resolver\-query\-messages\fP,
+\fI\%dnstap\-log\-resolver\-response\-messages\fP,
+\fI\%dnstap\-log\-client\-query\-messages\fP,
+\fI\%dnstap\-log\-client\-response\-messages\fP,
+\fI\%dnstap\-log\-forwarder\-query\-messages\fP and
+\fI\%dnstap\-log\-forwarder\-response\-messages\fP\&.
+.sp
 It does not work with these options:
-dnstap-enable,
-dnstap-bidirectional,
-dnstap-socket-path,
-dnstap-ip,
-dnstap-tls,
-dnstap-tls-server-name,
-dnstap-tls-cert-bundle,
-dnstap-tls-client-key-file and
-dnstap-tls-client-cert-file.
-.IP
+\fI\%dnstap\-enable\fP,
+\fI\%dnstap\-bidirectional\fP,
+\fI\%dnstap\-socket\-path\fP,
+\fI\%dnstap\-ip\fP,
+\fI\%dnstap\-tls\fP,
+\fI\%dnstap\-tls\-server\-name\fP,
+\fI\%dnstap\-tls\-cert\-bundle\fP,
+\fI\%dnstap\-tls\-client\-key\-file\fP and
+\fI\%dnstap\-tls\-client\-cert\-file\fP\&.
+.sp
 The options
-dnstap-send-identity,
-dnstap-send-version,
-dnstap-identity, and
-dnstap-version can be loaded
-when ``+p`` is not used.
-.IP
-The '+v' option makes the output verbose which includes the time it took to do
-the reload.
-With '+vv' it is more verbose which includes the amount of memory that was
-allocated temporarily to perform the reload; this amount of memory can be big
-if the config has large contents.
-In the timing output the 'reload' time is the time during which the server was
-paused.
-.IP
-The '+p' option makes the reload not pause threads, they keep running.
+\fI\%dnstap\-send\-identity\fP,
+\fI\%dnstap\-send\-version\fP,
+\fI\%dnstap\-identity\fP, and
+\fI\%dnstap\-version\fP can be loaded
+when \fB+p\fP is not used.
+.sp
+The \fB+v\fP option makes the output verbose which includes the time it took
+to do the reload.
+With \fB+vv\fP it is more verbose which includes the amount of memory that
+was allocated temporarily to perform the reload; this amount of memory can
+be big if the config has large contents.
+In the timing output the \(aqreload\(aq time is the time during which the server
+was paused.
+.sp
+The \fB+p\fP option makes the reload not pause threads, they keep running.
 Locks are acquired, but items are updated in sequence, so it is possible
 for threads to see an inconsistent state with some options from the old
 and some options from the new config, such as cache TTL parameters from the
-old config and forwards from the new config. The stubs and forwards are
-updated at the same time, so that they are viewed consistently, either old
-or new values together. The option makes the reload time take eg. 3
-microseconds instead of 0.3 milliseconds during which the worker threads are
-interrupted. So, the interruption is much shorter, at the expense of some
-inconsistency. After the reload itself, every worker thread is briefly
-contacted to make them release resources, this makes the delete timing
-a little longer, and takes up time from the remote control servicing
-worker thread.
-.IP
-With the nopause option, the reload does not work to reload some options,
-that fast reload works on without the nopause option: val-bogus-ttl,
-val-override-date, val-sig-skew-min, val-sig-skew-max, val-max-restart,
-val-nsec3-keysize-iterations, target-fetch-policy, outbound-msg-retry,
-max-sent-count, max-query-restarts, do-not-query-address,
-do-not-query-localhost, private-address, private-domain, caps-exempt,
-nat64-prefix, do-nat64, infra-host-ttl, infra-keep-probing, ratelimit,
-ip-ratelimit, ip-ratelimit-cookie, wait-limit-netblock,
-wait-limit-cookie-netblock, ratelimit-below-domain, ratelimit-for-domain.
-.IP
-The '+d' option makes the reload drop queries that the worker threads are
-working on. This is like flush_requestlist. Without it the queries are kept
-so that users keep getting answers for those queries that are currently
-processed. The drop makes it so that queries during the life time of the
+old config and forwards from the new config.
+The stubs and forwards are updated at the same time, so that they are
+viewed consistently, either old or new values together.
+The option makes the reload time take eg. 3 microseconds instead of 0.3
+milliseconds during which the worker threads are interrupted.
+So, the interruption is much shorter, at the expense of some inconsistency.
+After the reload itself, every worker thread is briefly contacted to make
+them release resources, this makes the delete timing a little longer, and
+takes up time from the remote control servicing worker thread.
+.sp
+With the nopause option (\fB+p\fP), the reload does not work to reload some
+options, that fast reload works on without the nopause option:
+\fI\%val\-bogus\-ttl\fP,
+\fI\%val\-override\-date\fP,
+\fI\%val\-sig\-skew\-min\fP,
+\fI\%val\-sig\-skew\-max\fP,
+\fI\%val\-max\-restart\fP,
+\fI\%val\-nsec3\-keysize\-iterations\fP,
+\fI\%target\-fetch\-policy\fP,
+\fI\%outbound\-msg\-retry\fP,
+\fI\%max\-sent\-count\fP,
+\fI\%max\-query\-restarts\fP,
+\fI\%do\-not\-query\-address\fP,
+\fI\%do\-not\-query\-localhost\fP,
+\fI\%private\-address\fP,
+\fI\%private\-domain\fP,
+\fI\%caps\-exempt\fP,
+\fI\%nat64\-prefix\fP,
+\fI\%do\-nat64\fP,
+\fI\%infra\-host\-ttl\fP,
+\fI\%infra\-keep\-probing\fP,
+\fI\%ratelimit\fP,
+\fI\%ip\-ratelimit\fP,
+\fI\%ip\-ratelimit\-cookie\fP,
+\fI\%wait\-limit\-netblock\fP,
+\fI\%wait\-limit\-cookie\-netblock\fP,
+\fI\%ratelimit\-below\-domain\fP,
+\fI\%ratelimit\-for\-domain\fP\&.
+.sp
+The \fB+d\fP option makes the reload drop queries that the worker threads are
+working on.
+This is like
+\fI\%flush_requestlist\fP\&.
+Without it the queries are kept so that users keep getting answers for
+those queries that are currently processed.
+The drop makes it so that queries during the life time of the
 query processing see only old, or only new config options.
-.IP
-When there are changes to the config tags, from the \fBdefine\-tag\fR option,
-then the '+d' option is implicitly turned on with a warning printout, and
+.sp
+When there are changes to the config tags, from the
+\fI\%define\-tag\fP option,
+then the \fB+d\fP option is implicitly turned on with a warning printout, and
 queries are dropped.
 This is to stop references to the old tag information, by the old
-queries. If the number of tags is increased in the newly loaded config, by
-adding tags at the end, then the implicit '+d' option is not needed.
-.IP
+queries.
+If the number of tags is increased in the newly loaded config, by
+adding tags at the end, then the implicit \fB+d\fP option is not needed.
+.sp
 For response ip, that is actions associated with IP addresses, and perhaps
 intersected with access control tag and action information, those settings
 are stored with a query when it comes in based on its source IP address.
 The old information is kept with the query until the queries are done.
-This is gone when those queries are resolved and finished, or it is possible
-to flush the requestlist with '+d'.
-.TP
-.B verbosity \fInumber
-Change verbosity value for logging. Same values as \fBverbosity\fR keyword in
-\fIunbound.conf\fR(5).  This new setting lasts until the server is issued
-a reload (taken from config file again), or the next verbosity control command.
-.TP
-.B log_reopen
-Reopen the logfile, close and open it.  Useful for logrotation to make the
-daemon release the file it is logging to.  If you are using syslog it will
-attempt to close and open the syslog (which may not work if chrooted).
-.TP
-.B stats
-Print statistics. Resets the internal counters to zero, this can be
-controlled using the \fBstatistics\-cumulative\fR config statement.
-Statistics are printed with one [name]: [value] per line.
-.TP
-.B stats_noreset
-Peek at statistics. Prints them like the \fBstats\fR command does, but does not
-reset the internal counters to zero.
-.TP
-.B status
-Display server status. Exit code 3 if not running (the connection to the
-port is refused), 1 on error, 0 if running.
-.TP
-.B local_zone \fIname\fR \fItype
-Add new local zone with name and type. Like \fBlocal\-zone\fR config statement.
+This is gone when those queries are resolved and finished, or it is
+possible to flush the requestlist with \fB+d\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B verbosity \fInumber\fP 
+Change verbosity value for logging.
+Same values as the \fBverbosity:\fP keyword in
+\fI\%unbound.conf(5)\fP\&.
+This new setting lasts until the server is issued a reload (taken from
+config file again), or the next verbosity control command.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B log_reopen 
+Reopen the logfile, close and open it.
+Useful for logrotation to make the daemon release the file it is logging
+to.
+If you are using syslog it will attempt to close and open the syslog (which
+may not work if chrooted).
+.UNINDENT
+.INDENT 0.0
+.TP
+.B stats 
+Print statistics.
+Resets the internal counters to zero, this can be controlled using the
+\fBstatistics\-cumulative:\fP config statement.
+Statistics are printed with one \fB[name]: [value]\fP per line.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B stats_noreset 
+Peek at statistics.
+Prints them like the stats command does, but does not reset the internal
+counters to zero.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B status 
+Display server status.
+Exit code 3 if not running (the connection to the port is refused), 1 on
+error, 0 if running.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B local_zone \fIname type\fP 
+Add new local zone with name and type.
+Like local\-zone config statement.
 If the zone already exists, the type is changed to the given argument.
-.TP
-.B local_zone_remove \fIname
-Remove the local zone with the given name.  Removes all local data inside
-it.  If the zone does not exist, the command succeeds.
-.TP
-.B local_data \fIRR data...
-Add new local data, the given resource record. Like \fBlocal\-data\fR
-config statement, except for when no covering zone exists.  In that case
-this remote control command creates a transparent zone with the same
-name as this record.
-.TP
-.B local_data_remove \fIname
-Remove all RR data from local name.  If the name already has no items,
-nothing happens.  Often results in NXDOMAIN for the name (in a static zone),
-but if the name has become an empty nonterminal (there is still data in
-domain names below the removed name), NOERROR nodata answers are the
-result for that name.
-.TP
-.B local_zones
-Add local zones read from stdin of unbound\-control. Input is read per line,
-with name space type on a line. For bulk additions.
-.TP
-.B local_zones_remove
-Remove local zones read from stdin of unbound\-control. Input is one name per
-line. For bulk removals.
-.TP
-.B local_datas
-Add local data RRs read from stdin of unbound\-control. Input is one RR per
-line. For bulk additions.
-.TP
-.B local_datas_remove
-Remove local data RRs read from stdin of unbound\-control. Input is one name per
-line. For bulk removals.
-.TP
-.B dump_cache
-The content of the cache is printed in a text format to stdout.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B local_zone_remove \fIname\fP 
+Remove the local zone with the given name.
+Removes all local data inside it.
+If the zone does not exist, the command succeeds.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B local_data \fIRR data...\fP 
+Add new local data, the given resource record.
+Like \fBlocal\-data:\fP keyword, except for when no covering zone exists.
+In that case this remote control command creates a transparent zone with
+the same name as this record.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B local_data_remove \fIname\fP 
+Remove all RR data from local name.
+If the name already has no items, nothing happens.
+Often results in NXDOMAIN for the name (in a static zone), but if the name
+has become an empty nonterminal (there is still data in domain names below
+the removed name), NOERROR nodata answers are the result for that name.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B local_zones 
+Add local zones read from stdin of unbound\-control.
+Input is read per line, with name space type on a line.
+For bulk additions.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B local_zones_remove 
+Remove local zones read from stdin of unbound\-control.
+Input is one name per line.
+For bulk removals.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B local_datas 
+Add local data RRs read from stdin of unbound\-control.
+Input is one RR per line.
+For bulk additions.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B local_datas_remove 
+Remove local data RRs read from stdin of unbound\-control.
+Input is one name per line.
+For bulk removals.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dump_cache 
+The contents of the cache is printed in a text format to stdout.
 You can redirect it to a file to store the cache in a file.
-Not supported in remote Unbounds in multi-process operation.
+Not supported in remote Unbounds in multi\-process operation.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B load_cache
-The content of the cache is loaded from stdin.
+.B load_cache 
+The contents of the cache is loaded from stdin.
 Uses the same format as dump_cache uses.
 Loading the cache with old, or wrong data can result in old or wrong data
 returned to clients.
 Loading data into the cache in this way is supported in order to aid with
 debugging.
-Not supported in remote Unbounds in multi-process operation.
-.TP
-.B lookup \fIname
-Print to stdout the name servers that would be used to look up the
-name specified.
-.TP
-.B flush \fR[\fI+c\fR] \fIname
-Remove the name from the cache. Removes the types
-A, AAAA, NS, SOA, CNAME, DNAME, MX, PTR, SRV, NAPTR, SVCB and HTTPS.
-Because that is fast to do. Other record types can be removed using
-.B flush_type
-or
-.B flush_zone\fR.
-.IP
-The '+c' option removes the items also from the cachedb cache. If
-cachedb is in use.
-.TP
-.B flush_type \fR[\fI+c\fR] \fIname\fR \fItype
+Not supported in remote Unbounds in multi\-process operation.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B cache_lookup [\fB+t\fP] \fInames\fP 
+Print to stdout the RRsets and messages that are in the cache.
+For every name listed the content at or under the name is printed.
+Several names separated by spaces can be given, each is printed.
+When subnetcache is enabled, also matching entries from the subnet
+cache are printed.
+.sp
+The \fB+t\fP option allows tld and root names.
+With it names like \(aqcom\(aq and \(aq.\(aq can be used, but it takes a lot of
+effort to look up in the cache.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B lookup \fIname\fP 
+Print to stdout the name servers that would be used to look up the name
+specified.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B flush [\fB+c\fP] \fIname\fP 
+Remove the name from the cache.
+Removes the types A, AAAA, NS, SOA, CNAME, DNAME, MX, PTR, SRV, NAPTR,
+SVCB and HTTPS.
+Because that is fast to do.
+Other record types can be removed using \fBflush_type\fP or \fBflush_zone\fP\&.
+.sp
+The \fB+c\fP option removes the items also from the cachedb cache.
+If cachedb is in use.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B flush_type [\fB+c\fP] \fIname type\fP 
 Remove the name, type information from the cache.
+.sp
+The \fB+c\fP option removes the items also from the cachedb cache.
+If cachedb is in use.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B flush_zone \fR[\fI+c\fR] \fIname
+.B flush_zone [\fB+c\fP] name 
 Remove all information at or below the name from the cache.
-The rrsets and key entries are removed so that new lookups will be performed.
+The rrsets and key entries are removed so that new lookups will be
+performed.
 This needs to walk and inspect the entire cache, and is a slow operation.
 The entries are set to expired in the implementation of this command (so,
-with serve\-expired enabled, it'll serve that information but schedule a
+with serve\-expired enabled, it\(aqll serve that information but schedule a
 prefetch for new information).
+.sp
+The \fB+c\fP option removes the items also from the cachedb cache.
+If cachedb is in use.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B flush_bogus \fR[\fI+c\fR]
+.B flush_bogus [\fB+c\fP] 
 Remove all bogus data from the cache.
-.TP
-.B flush_negative \fR[\fI+c\fR]
-Remove all negative data from the cache.  This is nxdomain answers,
-nodata answers and servfail answers.  Also removes bad key entries
-(which could be due to failed lookups) from the dnssec key cache, and
-iterator last-resort lookup failures from the rrset cache.
-.TP
-.B flush_stats
+.sp
+The \fB+c\fP option removes the items also from the cachedb cache.
+If cachedb is in use.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B flush_negative [\fB+c\fP] 
+Remove all negative data from the cache.
+This is nxdomain answers, nodata answers and servfail answers.
+Also removes bad key entries (which could be due to failed lookups) from
+the dnssec key cache, and iterator last\-resort lookup failures from the
+rrset cache.
+.sp
+The \fB+c\fP option removes the items also from the cachedb cache.
+If cachedb is in use.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B flush_stats 
 Reset statistics to zero.
-.TP
-.B flush_requestlist
-Drop the queries that are worked on.  Stops working on the queries that the
-server is working on now.  The cache is unaffected.  No reply is sent for
-those queries, probably making those users request again later.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B flush_requestlist 
+Drop the queries that are worked on.
+Stops working on the queries that the server is working on now.
+The cache is unaffected.
+No reply is sent for those queries, probably making those users request
+again later.
 Useful to make the server restart working on queries with new settings,
 such as a higher verbosity level.
-.TP
-.B dump_requestlist
-Show what is worked on.  Prints all queries that the server is currently
-working on.  Prints the time that users have been waiting.  For internal
-requests, no time is printed.  And then prints out the module status.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dump_requestlist 
+Show what is worked on.
+Prints all queries that the server is currently working on.
+Prints the time that users have been waiting.
+For internal requests, no time is printed.
+And then prints out the module status.
 This prints the queries from the first thread, and not queries that are
 being serviced from other threads.
-.TP
-.B flush_infra \fIall|IP
-If all then entire infra cache is emptied.  If a specific IP address, the
-entry for that address is removed from the cache.  It contains EDNS, ping
-and lameness data.
-.TP
-.B dump_infra
+.UNINDENT
+.INDENT 0.0
+.TP
+.B flush_infra \fIall|IP\fP 
+If all then entire infra cache is emptied.
+If a specific IP address, the entry for that address is removed from the
+cache.
+It contains EDNS, ping and lameness data.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dump_infra 
 Show the contents of the infra cache.
-.TP
-.B set_option \fIopt: val
-Set the option to the given value without a reload.  The cache is
-therefore not flushed.  The option must end with a ':' and whitespace
-must be between the option and the value.  Some values may not have an
-effect if set this way, the new values are not written to the config file,
-not all options are supported.  This is different from the set_option call
-in libunbound, where all values work because Unbound has not been initialized.
-.IP
+.UNINDENT
+.INDENT 0.0
+.TP
+.B set_option \fIopt: val\fP 
+Set the option to the given value without a reload.
+The cache is therefore not flushed.
+The option must end with a \fB\(aq:\(aq\fP and whitespace must be between the
+option and the value.
+Some values may not have an effect if set this way, the new values are not
+written to the config file, not all options are supported.
+This is different from the set_option call in libunbound, where all values
+work because Unbound has not been initialized.
+.sp
 The values that work are: statistics\-interval, statistics\-cumulative,
-do\-not\-query\-localhost, harden\-short\-bufsize, harden\-large\-queries,
+do\-not\-query\-localhost,  harden\-short\-bufsize, harden\-large\-queries,
 harden\-glue, harden\-dnssec\-stripped, harden\-below\-nxdomain,
-harden\-referral\-path, prefetch, prefetch\-key, log\-queries,
-hide\-identity, hide\-version, identity, version, val\-log\-level,
-val\-log\-squelch, ignore\-cd\-flag, add\-holddown, del\-holddown,
-keep\-missing, tcp\-upstream, ssl\-upstream, max\-udp\-size, ratelimit,
-ip\-ratelimit, cache\-max\-ttl, cache\-min\-ttl, cache\-max\-negative\-ttl.
-.TP
-.B get_option \fIopt
-Get the value of the option.  Give the option name without a trailing ':'.
-The value is printed.  If the value is "", nothing is printed
-and the connection closes.  On error 'error ...' is printed (it gives
-a syntax error on unknown option).  For some options a list of values,
-one on each line, is printed.  The options are shown from the config file
-as modified with set_option.  For some options an override may have been
-taken that does not show up with this command, not results from e.g. the
-verbosity and forward control commands.  Not all options work, see list_stubs,
-list_forwards, list_local_zones and list_local_data for those.
-.TP
-.B list_stubs
-List the stub zones in use.  These are printed one by one to the output.
+harden\-referral\-path,  prefetch, prefetch\-key, log\-queries, hide\-identity,
+hide\-version, identity, version, val\-log\-level, val\-log\-squelch,
+ignore\-cd\-flag, add\-holddown, del\-holddown, keep\-missing, tcp\-upstream,
+ssl\-upstream, max\-udp\-size, ratelimit, ip\-ratelimit, cache\-max\-ttl,
+cache\-min\-ttl, cache\-max\-negative\-ttl.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B get_option \fIopt\fP 
+Get the value of the option.
+Give the option name without a trailing \fB\(aq:\(aq\fP\&.
+The value is printed.
+If the value is \fB\(dq\(dq\fP, nothing is printed and the connection closes.
+On error \fB\(aqerror ...\(aq\fP is printed (it gives a syntax error on unknown
+option).
+For some options a list of values, one on each line, is printed.
+The options are shown from the config file as modified with set_option.
+For some options an override may have been taken that does not show up with
+this command, not results from e.g. the verbosity and forward control
+commands.
+Not all options work, see list_stubs, list_forwards, list_local_zones and
+list_local_data for those.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B list_stubs 
+List the stub zones in use.
+These are printed one by one to the output.
 This includes the root hints in use.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B list_forwards
-List the forward zones in use.  These are printed zone by zone to the output.
+.B list_forwards 
+List the forward zones in use.
+These are printed zone by zone to the output.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B list_insecure
+.B list_insecure 
 List the zones with domain\-insecure.
-.TP
-.B list_local_zones
-List the local zones in use.  These are printed one per line with zone type.
-.TP
-.B list_local_data
-List the local data RRs in use.  The resource records are printed.
-.TP
-.B insecure_add \fIzone
-Add a \fBdomain\-insecure\fR for the given zone, like the statement in unbound.conf.
-Adds to the running Unbound without affecting the cache contents (which may
-still be bogus, use \fBflush_zone\fR to remove it), does not affect the config file.
-.TP
-.B insecure_remove \fIzone
+.UNINDENT
+.INDENT 0.0
+.TP
+.B list_local_zones 
+List the local zones in use.
+These are printed one per line with zone type.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B list_local_data 
+List the local data RRs in use.
+The resource records are printed.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B insecure_add \fIzone\fP 
+Add a domain\-insecure for the given zone, like the statement in
+unbound.conf.
+Adds to the running Unbound without affecting the cache
+contents (which may still be bogus, use flush_zone to remove it), does not
+affect the config file.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B insecure_remove \fIzone\fP 
 Removes domain\-insecure for the given zone.
-.TP
-.B forward_add \fR[\fI+it\fR] \fIzone addr ...
-Add a new forward zone to running Unbound.  With +i option also adds a
-\fIdomain\-insecure\fR for the zone (so it can resolve insecurely if you have
-a DNSSEC root trust anchor configured for other names).
-The addr can be IP4, IP6 or nameserver names, like \fIforward-zone\fR config
-in unbound.conf.
-The +t option sets it to use tls upstream, like \fIforward\-tls\-upstream\fR: yes.
-.TP
-.B forward_remove \fR[\fI+i\fR] \fIzone
-Remove a forward zone from running Unbound.  The +i also removes a
-\fIdomain\-insecure\fR for the zone.
-.TP
-.B stub_add \fR[\fI+ipt\fR] \fIzone addr ...
-Add a new stub zone to running Unbound.  With +i option also adds a
-\fIdomain\-insecure\fR for the zone.  With +p the stub zone is set to prime,
-without it it is set to notprime.  The addr can be IP4, IP6 or nameserver
-names, like the \fIstub-zone\fR config in unbound.conf.
-The +t option sets it to use tls upstream, like \fIstub\-tls\-upstream\fR: yes.
-.TP
-.B stub_remove \fR[\fI+i\fR] \fIzone
-Remove a stub zone from running Unbound.  The +i also removes a
-\fIdomain\-insecure\fR for the zone.
-.TP
-.B forward \fR[\fIoff\fR | \fIaddr ...\fR ]
-Setup forwarding mode.  Configures if the server should ask other upstream
-nameservers, should go to the internet root nameservers itself, or show
-the current config.  You could pass the nameservers after a DHCP update.
-.IP
+.UNINDENT
+.INDENT 0.0
+.TP
+.B forward_add [\fB+it\fP] \fIzone addr ...\fP 
+Add a new forward zone to running Unbound.
+With \fB+i\fP option also adds a domain\-insecure for the zone (so it can
+resolve insecurely if you have a DNSSEC root trust anchor configured for
+other names).
+The addr can be IP4, IP6 or nameserver names, like forward\-zone config in
+unbound.conf.
+The \fB+t\fP option sets it to use TLS upstream, like
+\fI\%forward\-tls\-upstream: yes\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B forward_remove [\fB+i\fP] \fIzone\fP 
+Remove a forward zone from running Unbound.
+The \fB+i\fP also removes a domain\-insecure for the zone.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B stub_add [\fB+ipt\fP] \fIzone addr ...\fP 
+Add a new stub zone to running Unbound.
+With \fB+i\fP option also adds a domain\-insecure for the zone.
+With \fB+p\fP the stub zone is set to prime, without it it is set to
+notprime.
+The addr can be IP4, IP6 or nameserver names, like the \fBstub\-zone:\fP
+config in unbound.conf.
+The \fB+t\fP option sets it to use TLS upstream, like
+\fI\%stub\-tls\-upstream: yes\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B stub_remove [\fB+i\fP] \fIzone\fP 
+Remove a stub zone from running Unbound.
+The \fB+i\fP also removes a domain\-insecure for the zone.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B forward [\fIoff\fP | \fIaddr ...\fP ] 
+Setup forwarding mode.
+Configures if the server should ask other upstream nameservers, should go
+to the internet root nameservers itself, or show the current config.
+You could pass the nameservers after a DHCP update.
+.sp
 Without arguments the current list of addresses used to forward all queries
-to is printed.  On startup this is from the forward\-zone "." configuration.
-Afterwards it shows the status.  It prints off when no forwarding is used.
-.IP
-If \fIoff\fR is passed, forwarding is disabled and the root nameservers
-are used.  This can be used to avoid to avoid buggy or non\-DNSSEC supporting
-nameservers returned from DHCP.  But may not work in hotels or hotspots.
-.IP
-If one or more IPv4 or IPv6 addresses are given, those are then used to forward
-queries to.  The addresses must be separated with spaces.  With '@port' the
-port number can be set explicitly (default port is 53 (DNS)).
-.IP
-By default the forwarder information from the config file for the root "." is
-used.  The config file is not changed, so after a reload these changes are
-gone.  Other forward zones from the config file are not affected by this command.
-.TP
-.B ratelimit_list \fR[\fI+a\fR]
-List the domains that are ratelimited.  Printed one per line with current
-estimated qps and qps limit from config.  With +a it prints all domains, not
-just the ratelimited domains, with their estimated qps.  The ratelimited
-domains return an error for uncached (new) queries, but cached queries work
-as normal.
-.TP
-.B ip_ratelimit_list \fR[\fI+a\fR]
-List the ip addresses that are ratelimited.  Printed one per line with current
-estimated qps and qps limit from config.  With +a it prints all ips, not
-just the ratelimited ips, with their estimated qps.  The ratelimited
-ips are dropped before checking the cache.
-.TP
-.B list_auth_zones
-List the auth zones that are configured.  Printed one per line with a status,
-indicating if the zone is expired and current serial number.  Configured RPZ
-zones are included.
-.TP
-.B auth_zone_reload \fIzone\fR
-Reload the auth zone (or RPZ zone) from zonefile.  The zonefile is read in
-overwriting the current contents of the zone in memory.  This changes the auth
-zone contents itself, not the cache contents.  Such cache contents exists if
-you set Unbound to validate with for-upstream yes and that can be cleared with
-\fBflush_zone\fR \fIzone\fR.
-.TP
-.B auth_zone_transfer \fIzone\fR
-Transfer the auth zone (or RPZ zone) from master.  The auth zone probe sequence
-is started, where the masters are probed to see if they have an updated zone
-(with the SOA serial check).  And then the zone is transferred for a newer zone
-version.
-.TP
-.B rpz_enable \fIzone\fR
+to is printed.
+On startup this is from the forward\-zone \fB\(dq.\(dq\fP configuration.
+Afterwards it shows the status.
+It prints off when no forwarding is used.
+.sp
+If off is passed, forwarding is disabled and the root nameservers are
+used.
+This can be used to avoid to avoid buggy or non\-DNSSEC supporting
+nameservers returned from DHCP.
+But may not work in hotels or hotspots.
+.sp
+If one or more IPv4 or IPv6 addresses are given, those are then used to
+forward queries to.
+The addresses must be separated with spaces.
+With \fB\(aq@port\(aq\fP the port number can be set explicitly (default port is 53
+(DNS)).
+.sp
+By default the forwarder information from the config file for the root
+\fB\(dq.\(dq\fP is used.
+The config file is not changed, so after a reload these changes are gone.
+Other forward zones from the config file are not affected by this command.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ratelimit_list [\fB+a\fP] 
+List the domains that are ratelimited.
+Printed one per line with current estimated qps and qps limit from config.
+With \fB+a\fP it prints all domains, not just the ratelimited domains, with
+their estimated qps.
+The ratelimited domains return an error for uncached (new) queries, but
+cached queries work as normal.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ip_ratelimit_list [\fB+a\fP] 
+List the ip addresses that are ratelimited.
+Printed one per line with current estimated qps and qps limit from config.
+With \fB+a\fP it prints all ips, not just the ratelimited ips, with their
+estimated qps.
+The ratelimited ips are dropped before checking the cache.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B list_auth_zones 
+List the auth zones that are configured.
+Printed one per line with a status, indicating if the zone is expired and
+current serial number.
+Configured RPZ zones are included.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B auth_zone_reload \fIzone\fP 
+Reload the auth zone (or RPZ zone) from zonefile.
+The zonefile is read in overwriting the current contents of the zone in
+memory.
+This changes the auth zone contents itself, not the cache contents.
+Such cache contents exists if you set Unbound to validate with
+\fBfor\-upstream: yes\fP and that can be cleared with \fBflush_zone\fP \fIzone\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B auth_zone_transfer \fIzone\fP 
+Transfer the auth zone (or RPZ zone) from master.
+The auth zone probe sequence is started, where the masters are probed to
+see if they have an updated zone (with the SOA serial check).
+And then the zone is transferred for a newer zone version.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B rpz_enable \fIzone\fP 
 Enable the RPZ zone if it had previously been disabled.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B rpz_disable \fIzone\fR
+.B rpz_disable \fIzone\fP 
 Disable the RPZ zone.
-.TP
-.B view_list_local_zones \fIview\fR
-\fIlist_local_zones\fR for given view.
-.TP
-.B view_local_zone \fIview\fR \fIname\fR \fItype
-\fIlocal_zone\fR for given view.
-.TP
-.B view_local_zone_remove \fIview\fR \fIname
-\fIlocal_zone_remove\fR for given view.
-.TP
-.B view_list_local_data \fIview\fR
-\fIlist_local_data\fR for given view.
-.TP
-.B view_local_data \fIview\fR \fIRR data...
-\fIlocal_data\fR for given view.
-.TP
-.B view_local_data_remove \fIview\fR \fIname
-\fIlocal_data_remove\fR for given view.
-.TP
-.B view_local_datas_remove \fIview\fR
-Remove a list of \fIlocal_data\fR for given view from stdin. Like local_datas_remove.
-.TP
-.B view_local_datas \fIview\fR
-Add a list of \fIlocal_data\fR for given view from stdin.  Like local_datas.
-.TP
-.B add_cookie_secret <secret>
-Add or replace a cookie secret persistently. <secret> needs to be an 128 bit
-hex string.
-.IP
-Cookie secrets can be either \fIactive\fR or \fIstaging\fR. \fIActive\fR cookie
-secrets are used to create DNS Cookies, but verification of a DNS Cookie
-succeeds with any of the \fIactive\fR or \fIstaging\fR cookie secrets. The
-state of the current cookie secrets can be printed with the
-\fBprint_cookie_secrets\fR command.
-.IP
-When there are no cookie secrets configured yet, the <secret> is added as
-\fIactive\fR. If there is already an \fIactive\fR cookie secret, the <secret>
-is added as \fIstaging\fR or replacing an existing \fIstaging\fR secret.
-.IP
-To "roll" a cookie secret used in an anycast set. The new secret has to be
-added as staging secret to \fBall\fR nodes in the anycast set. When \fBall\fR
-nodes can verify DNS Cookies with the new secret, the new secret can be
-activated with the \fBactivate_cookie_secret\fR command. After \fBall\fR nodes
-have the new secret \fIactive\fR for at least one hour, the previous secret can
-be dropped with the \fBdrop_cookie_secret\fR command.
-.IP
-Persistence is accomplished by writing to a file which if configured with the
-\fBcookie\-secret\-file\fR option in the server section of the config file.
-This is disabled by default, "".
-.TP
-.B drop_cookie_secret
-Drop the \fIstaging\fR cookie secret.
-.TP
-.B activate_cookie_secret
-Make the current \fIstaging\fR cookie secret \fIactive\fR, and the current
-\fIactive\fR cookie secret \fIstaging\fR.
-.TP
-.B print_cookie_secrets
+.UNINDENT
+.INDENT 0.0
+.TP
+.B view_list_local_zones \fIview\fP 
+\fIlist_local_zones\fP for given view.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B view_local_zone \fIview name type\fP 
+\fIlocal_zone\fP for given view.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B view_local_zone_remove \fIview name\fP 
+\fIlocal_zone_remove\fP for given view.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B view_list_local_data \fIview\fP 
+\fIlist_local_data\fP for given view.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B view_local_data \fIview RR data...\fP 
+\fIlocal_data\fP for given view.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B view_local_data_remove \fIview name\fP 
+\fIlocal_data_remove\fP for given view.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B view_local_datas_remove \fIview\fP 
+Remove a list of \fIlocal_data\fP for given view from stdin.
+Like \fIlocal_datas_remove\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B view_local_datas \fIview\fP 
+Add a list of \fIlocal_data\fP for given view from stdin.
+Like \fIlocal_datas\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B add_cookie_secret \fIsecret\fP 
+Add or replace a cookie secret persistently.
+\fIsecret\fP needs to be an 128 bit hex string.
+.sp
+Cookie secrets can be either \fBactive\fP or \fBstaging\fP\&.
+\fBActive\fP cookie secrets are used to create DNS Cookies, but verification
+of a DNS Cookie succeeds with any of the \fBactive\fP or \fBstaging\fP cookie
+secrets.
+The state of the current cookie secrets can be printed with the
+\fI\%print_cookie_secrets\fP
+command.
+.sp
+When there are no cookie secrets configured yet, the \fIsecret\fP is added as
+\fBactive\fP\&.
+If there is already an \fBactive\fP cookie secret, the \fIsecret\fP is added as
+\fBstaging\fP or replacing an existing \fBstaging\fP secret.
+.sp
+To \(dqroll\(dq a cookie secret used in an anycast set.
+The new secret has to be added as \fBstaging\fP secret to \fBall\fP nodes in
+the anycast set.
+When \fBall\fP nodes can verify DNS Cookies with the new secret, the new
+secret can be activated with the
+\fI\%activate_cookie_secret\fP
+command.
+After \fBall\fP nodes have the new secret \fBactive\fP for at least one hour,
+the previous secret can be dropped with the
+\fI\%drop_cookie_secret\fP
+command.
+.sp
+Persistence is accomplished by writing to a file which is configured with
+the
+\fI\%cookie\-secret\-file\fP
+option in the server section of the config file.
+This is disabled by default, \(dq\(dq.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B drop_cookie_secret 
+Drop the \fBstaging\fP cookie secret.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B activate_cookie_secret 
+Make the current \fBstaging\fP cookie secret \fBactive\fP, and the current
+\fBactive\fP cookie secret \fBstaging\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B print_cookie_secrets 
 Show the current configured cookie secrets with their status.
-.SH "EXIT CODE"
-The unbound\-control program exits with status code 1 on error, 0 on success.
-.SH "SET UP"
-The setup requires a self\-signed certificate and private keys for both
-the server and client.  The script \fIunbound\-control\-setup\fR generates
-these in the default run directory, or with \-d in another directory.
+.UNINDENT
+.SH EXIT CODE
+.sp
+The \fBunbound\-control\fP program exits with status code 1 on error, 0 on
+success.
+.SH SET UP
+.sp
+The setup requires a self\-signed certificate and private keys for both the
+server and client.
+The script \fBunbound\-control\-setup\fP generates these in the default run
+directory, or with \fB\-d\fP in another directory.
 If you change the access control permissions on the key files you can decide
-who can use unbound\-control, by default owner and group but not all users.
-Run the script under the same username as you have configured in unbound.conf
-or as root, so that the daemon is permitted to read the files, for example with:
+who can use \fBunbound\-control\fP, by default owner and group but not all users.
+Run the script under the same username as you have configured in
+\fBunbound.conf\fP or as root, so that the daemon is permitted to read the
+files, for example with:
+.INDENT 0.0
+.INDENT 3.5
+.sp
 .nf
-    sudo \-u unbound unbound\-control\-setup
+.ft C
+sudo \-u unbound unbound\-control\-setup
+.ft P
 .fi
-If you have not configured
-a username in unbound.conf, the keys need read permission for the user
-credentials under which the daemon is started.
+.UNINDENT
+.UNINDENT
+.sp
+If you have not configured a username in \fBunbound.conf\fP, the keys need
+read permission for the user credentials under which the daemon is started.
 The script preserves private keys present in the directory.
-After running the script as root, turn on \fBcontrol\-enable\fR in
-\fIunbound.conf\fR.
-.SH "STATISTIC COUNTERS"
-The \fIstats\fR command shows a number of statistic counters.
-.TP
-.I threadX.num.queries
+After running the script as root, turn on
+\fI\%control\-enable\fP in
+\fBunbound.conf\fP\&.
+.SH STATISTIC COUNTERS
+.sp
+The \fI\%stats\fP and
+\fI\%stats_noreset\fP commands show a
+number of statistic counters:
+.INDENT 0.0
+.TP
+.B threadX.num.queries 
 number of queries received by thread
+.UNINDENT
+.INDENT 0.0
 .TP
-.I threadX.num.queries_ip_ratelimited
+.B threadX.num.queries_ip_ratelimited 
 number of queries rate limited by thread
+.UNINDENT
+.INDENT 0.0
 .TP
-.I threadX.num.queries_cookie_valid
+.B threadX.num.queries_cookie_valid 
 number of queries with a valid DNS Cookie by thread
+.UNINDENT
+.INDENT 0.0
 .TP
-.I threadX.num.queries_cookie_client
+.B threadX.num.queries_cookie_client 
 number of queries with a client part only DNS Cookie by thread
+.UNINDENT
+.INDENT 0.0
 .TP
-.I threadX.num.queries_cookie_invalid
+.B threadX.num.queries_cookie_invalid 
 number of queries with an invalid DNS Cookie by thread
+.UNINDENT
+.INDENT 0.0
 .TP
-.I threadX.num.queries_discard_timeout
-number of queries removed due to discard-timeout by thread
+.B threadX.num.queries_discard_timeout 
+number of queries removed due to discard\-timeout by thread
+.UNINDENT
+.INDENT 0.0
 .TP
-.I threadX.num.queries_wait_limit
-number of queries removed due to wait-limit by thread
+.B threadX.num.queries_wait_limit 
+number of queries removed due to wait\-limit by thread
+.UNINDENT
+.INDENT 0.0
 .TP
-.I threadX.num.cachehits
+.B threadX.num.cachehits 
 number of queries that were successfully answered using a cache lookup
+.UNINDENT
+.INDENT 0.0
 .TP
-.I threadX.num.cachemiss
+.B threadX.num.cachemiss 
 number of queries that needed recursive processing
+.UNINDENT
+.INDENT 0.0
 .TP
-.I threadX.num.dnscrypt.crypted
-number of queries that were encrypted and successfully decapsulated by dnscrypt.
+.B threadX.num.dnscrypt.crypted 
+number of queries that were encrypted and successfully decapsulated by
+dnscrypt.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I threadX.num.dnscrypt.cert
+.B threadX.num.dnscrypt.cert 
 number of queries that were requesting dnscrypt certificates.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I threadX.num.dnscrypt.cleartext
+.B threadX.num.dnscrypt.cleartext 
 number of queries received on dnscrypt port that were cleartext and not a
 request for certificates.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I threadX.num.dnscrypt.malformed
+.B threadX.num.dnscrypt.malformed 
 number of request that were neither cleartext, not valid dnscrypt messages.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I threadX.num.dns_error_reports
+.B threadX.num.dns_error_reports 
 number of DNS Error Reports generated by thread
-.TP
-.I threadX.num.prefetch
-number of cache prefetches performed.  This number is included in
-cachehits, as the original query had the unprefetched answer from cache,
-and resulted in recursive processing, taking a slot in the requestlist.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B threadX.num.prefetch 
+number of cache prefetches performed.
+This number is included in cachehits, as the original query had the
+unprefetched answer from cache, and resulted in recursive processing,
+taking a slot in the requestlist.
 Not part of the recursivereplies (or the histogram thereof) or cachemiss,
 as a cache response was sent.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I threadX.num.expired
+.B threadX.num.expired 
 number of replies that served an expired cache entry.
-.TP
-.I threadX.num.queries_timed_out
-number of queries that are dropped because they waited in the UDP socket buffer
-for too long.
-.TP
-.I threadX.query.queue_time_us.max
-The maximum wait time for packets in the socket buffer, in microseconds. This
-is only reported when sock-queue-timeout is enabled.
-.TP
-.I threadX.num.recursivereplies
-The number of replies sent to queries that needed recursive processing. Could be smaller than threadX.num.cachemiss if due to timeouts no replies were sent for some queries.
-.TP
-.I threadX.requestlist.avg
-The average number of requests in the internal recursive processing request list on insert of a new incoming recursive processing query.
-.TP
-.I threadX.requestlist.max
+.UNINDENT
+.INDENT 0.0
+.TP
+.B threadX.num.queries_timed_out 
+number of queries that are dropped because they waited in the UDP socket
+buffer for too long.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B threadX.query.queue_time_us.max 
+The maximum wait time for packets in the socket buffer, in microseconds.
+This is only reported when
+\fI\%sock\-queue\-timeout\fP is enabled.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B threadX.num.recursivereplies 
+The number of replies sent to queries that needed recursive processing.
+Could be smaller than threadX.num.cachemiss if due to timeouts no replies
+were sent for some queries.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B threadX.requestlist.avg 
+The average number of requests in the internal recursive processing request
+list on insert of a new incoming recursive processing query.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B threadX.requestlist.max 
 Maximum size attained by the internal recursive processing request list.
-.TP
-.I threadX.requestlist.overwritten
-Number of requests in the request list that were overwritten by newer entries. This happens if there is a flood of queries that recursive processing and the server has a hard time.
-.TP
-.I threadX.requestlist.exceeded
-Queries that were dropped because the request list was full. This happens if a flood of queries need recursive processing, and the server can not keep up.
-.TP
-.I threadX.requestlist.current.all
-Current size of the request list, includes internally generated queries (such
-as priming queries and glue lookups).
-.TP
-.I threadX.requestlist.current.user
+.UNINDENT
+.INDENT 0.0
+.TP
+.B threadX.requestlist.overwritten 
+Number of requests in the request list that were overwritten by newer
+entries.
+This happens if there is a flood of queries that recursive processing and
+the server has a hard time.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B threadX.requestlist.exceeded 
+Queries that were dropped because the request list was full.
+This happens if a flood of queries need recursive processing, and the
+server can not keep up.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B threadX.requestlist.current.all 
+Current size of the request list, includes internally generated queries
+(such as priming queries and glue lookups).
+.UNINDENT
+.INDENT 0.0
+.TP
+.B threadX.requestlist.current.user 
 Current size of the request list, only the requests from client queries.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I threadX.recursion.time.avg
-Average time it took to answer queries that needed recursive processing. Note that queries that were answered from the cache are not in this average.
+.B threadX.recursion.time.avg 
+Average time it took to answer queries that needed recursive processing.
+Note that queries that were answered from the cache are not in this average.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I threadX.recursion.time.median
+.B threadX.recursion.time.median 
 The median of the time it took to answer queries that needed recursive
-processing.  The median means that 50% of the user queries were answered in
-less than this time.  Because of big outliers (usually queries to non
-responsive servers), the average can be bigger than the median.  This median
-has been calculated by interpolation from a histogram.
-.TP
-.I threadX.tcpusage
-The currently held tcp buffers for incoming connections.  A spot value on
-the time of the request.  This helps you spot if the incoming\-num\-tcp
-buffers are full.
-.TP
-.I total.num.queries
+processing.
+The median means that 50% of the user queries were answered in less than
+this time.
+Because of big outliers (usually queries to non responsive servers), the
+average can be bigger than the median.
+This median has been calculated by interpolation from a histogram.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B threadX.tcpusage 
+The currently held tcp buffers for incoming connections.
+A spot value on the time of the request.
+This helps you spot if the incoming\-num\-tcp buffers are full.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B total.num.queries 
 summed over threads.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I total.num.queries_ip_ratelimited
+.B total.num.queries_ip_ratelimited 
 summed over threads.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I total.num.queries_cookie_valid
+.B total.num.queries_cookie_valid 
 summed over threads.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I total.num.queries_cookie_client
+.B total.num.queries_cookie_client 
 summed over threads.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I total.num.queries_cookie_invalid
+.B total.num.queries_cookie_invalid 
 summed over threads.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I total.num.queries_discard_timeout
+.B total.num.queries_discard_timeout 
 summed over threads.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I total.num.queries_wait_limit
+.B total.num.queries_wait_limit 
 summed over threads.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I total.num.cachehits
+.B total.num.cachehits 
 summed over threads.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I total.num.cachemiss
+.B total.num.cachemiss 
 summed over threads.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I total.num.dnscrypt.crypted
+.B total.num.dnscrypt.crypted 
 summed over threads.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I total.num.dnscrypt.cert
+.B total.num.dnscrypt.cert 
 summed over threads.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I total.num.dnscrypt.cleartext
+.B total.num.dnscrypt.cleartext 
 summed over threads.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I total.num.dnscrypt.malformed
+.B total.num.dnscrypt.malformed 
 summed over threads.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I total.num.dns_error_reports
+.B total.num.dns_error_reports 
 summed over threads.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I total.num.prefetch
+.B total.num.prefetch 
 summed over threads.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I total.num.expired
+.B total.num.expired 
 summed over threads.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I total.num.queries_timed_out
+.B total.num.queries_timed_out 
 summed over threads.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I total.query.queue_time_us.max
+.B total.query.queue_time_us.max 
 the maximum of the thread values.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I total.num.recursivereplies
+.B total.num.recursivereplies 
 summed over threads.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I total.requestlist.avg
+.B total.requestlist.avg 
 averaged over threads.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I total.requestlist.max
+.B total.requestlist.max 
 the maximum of the thread requestlist.max values.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I total.requestlist.overwritten
+.B total.requestlist.overwritten 
 summed over threads.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I total.requestlist.exceeded
+.B total.requestlist.exceeded 
 summed over threads.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I total.requestlist.current.all
+.B total.requestlist.current.all 
 summed over threads.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I total.recursion.time.median
+.B total.recursion.time.median 
 averaged over threads.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I total.tcpusage
+.B total.tcpusage 
 summed over threads.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I time.now
+.B time.now 
 current time in seconds since 1970.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I time.up
+.B time.up 
 uptime since server boot in seconds.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I time.elapsed
+.B time.elapsed 
 time since last statistics printout, in seconds.
+.UNINDENT
 .SH EXTENDED STATISTICS
+.INDENT 0.0
 .TP
-.I mem.cache.rrset
+.B mem.cache.rrset 
 Memory in bytes in use by the RRset cache.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I mem.cache.message
+.B mem.cache.message 
 Memory in bytes in use by the message cache.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I mem.cache.dnscrypt_shared_secret
+.B mem.cache.dnscrypt_shared_secret 
 Memory in bytes in use by the dnscrypt shared secrets cache.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I mem.cache.dnscrypt_nonce
+.B mem.cache.dnscrypt_nonce 
 Memory in bytes in use by the dnscrypt nonce cache.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I mem.mod.iterator
+.B mem.mod.iterator 
 Memory in bytes in use by the iterator module.
-.TP
-.I mem.mod.validator
-Memory in bytes in use by the validator module. Includes the key cache and
-negative cache.
-.TP
-.I mem.streamwait
-Memory in bytes in used by the TCP and TLS stream wait buffers.  These are
-answers waiting to be written back to the clients.
-.TP
-.I mem.http.query_buffer
-Memory in bytes used by the HTTP/2 query buffers. Containing (partial) DNS
-queries waiting for request stream completion.
-.TP
-.I mem.http.response_buffer
-Memory in bytes used by the HTTP/2 response buffers. Containing DNS responses
-waiting to be written back to the clients.
-.TP
-.I mem.quic
-Memory in bytes used by QUIC. Containing connection information, stream
-information, queries read and responses written back to the clients.
-.TP
-.I histogram.<sec>.<usec>.to.<sec>.<usec>
-Shows a histogram, summed over all threads. Every element counts the
-recursive queries whose reply time fit between the lower and upper bound.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B mem.mod.validator 
+Memory in bytes in use by the validator module.
+Includes the key cache and negative cache.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B mem.streamwait 
+Memory in bytes in used by the TCP and TLS stream wait buffers.
+These are answers waiting to be written back to the clients.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B mem.http.query_buffer 
+Memory in bytes used by the HTTP/2 query buffers.
+Containing (partial) DNS queries waiting for request stream completion.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B mem.http.response_buffer 
+Memory in bytes used by the HTTP/2 response buffers.
+Containing DNS responses waiting to be written back to the clients.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B mem.quic 
+Memory in bytes used by QUIC.
+Containing connection information, stream information, queries read and
+responses written back to the clients.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B histogram.<sec>.<usec>.to.<sec>.<usec> 
+Shows a histogram, summed over all threads.
+Every element counts the recursive queries whose reply time fit between the
+lower and upper bound.
 Times larger or equal to the lowerbound, and smaller than the upper bound.
 There are 40 buckets, with bucket sizes doubling.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I num.query.type.A
+.B num.query.type.A 
 The total number of queries over all threads with query type A.
 Printed for the other query types as well, but only for the types for which
 queries were received, thus =0 entries are omitted for brevity.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I num.query.type.other
+.B num.query.type.other 
 Number of queries with query types 256\-65535.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I num.query.class.IN
-The total number of queries over all threads with query class IN (internet).
+.B num.query.class.IN 
+The total number of queries over all threads with query class IN
+(internet).
 Also printed for other classes (such as CH (CHAOS) sometimes used for
 debugging), or NONE, ANY, used by dynamic update.
 num.query.class.other is printed for classes 256\-65535.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I num.query.opcode.QUERY
+.B num.query.opcode.QUERY 
 The total number of queries over all threads with query opcode QUERY.
 Also printed for other opcodes, UPDATE, ...
+.UNINDENT
+.INDENT 0.0
 .TP
-.I num.query.tcp
+.B num.query.tcp 
 Number of queries that were made using TCP towards the Unbound server.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I num.query.tcpout
+.B num.query.tcpout 
 Number of queries that the Unbound server made using TCP outgoing towards
 other servers.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I num.query.udpout
+.B num.query.udpout 
 Number of queries that the Unbound server made using UDP outgoing towards
 other servers.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I num.query.tls
+.B num.query.tls 
 Number of queries that were made using TLS towards the Unbound server.
 These are also counted in num.query.tcp, because TLS uses TCP.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I num.query.tls.resume
-Number of TLS session resumptions, these are queries over TLS towards
-the Unbound server where the client negotiated a TLS session resumption key.
+.B num.query.tls.resume 
+Number of TLS session resumptions, these are queries over TLS towards the
+Unbound server where the client negotiated a TLS session resumption key.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I num.query.https
+.B num.query.https 
 Number of queries that were made using HTTPS towards the Unbound server.
 These are also counted in num.query.tcp and num.query.tls, because HTTPS
 uses TLS and TCP.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I num.query.quic
+.B num.query.quic 
 Number of queries that were made using QUIC towards the Unbound server.
-These are also counted in num.query.tls, because TLS is used for these queries.
+These are also counted in num.query.tls, because TLS is used for these
+queries.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I num.query.ipv6
+.B num.query.ipv6 
 Number of queries that were made using IPv6 towards the Unbound server.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I num.query.flags.RD
+.B num.query.flags.RD 
 The number of queries that had the RD flag set in the header.
 Also printed for flags QR, AA, TC, RA, Z, AD, CD.
-Note that queries with flags QR, AA or TC may have been rejected
-because of that.
+Note that queries with flags QR, AA or TC may have been rejected because of
+that.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I num.query.edns.present
+.B num.query.edns.present 
 number of queries that had an EDNS OPT record present.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I num.query.edns.DO
-number of queries that had an EDNS OPT record with the DO (DNSSEC OK) bit set.
+.B num.query.edns.DO 
+number of queries that had an EDNS OPT record with the DO (DNSSEC OK) bit
+set.
 These queries are also included in the num.query.edns.present number.
-.TP
-.I num.query.ratelimited
-The number of queries that are turned away from being send to nameserver due to
-ratelimiting.
-.TP
-.I num.query.dnscrypt.shared_secret.cachemiss
-The number of dnscrypt queries that did not find a shared secret in the cache.
-This can be used to compute the shared secret hitrate.
-.TP
-.I num.query.dnscrypt.replay
-The number of dnscrypt queries that found a nonce hit in the nonce cache and
-hence are considered a query replay.
-.TP
-.I num.answer.rcode.NXDOMAIN
-The number of answers to queries, from cache or from recursion, that had the
-return code NXDOMAIN. Also printed for the other return codes.
-.TP
-.I num.answer.rcode.nodata
+.UNINDENT
+.INDENT 0.0
+.TP
+.B num.query.ratelimited 
+The number of queries that are turned away from being send to nameserver
+due to ratelimiting.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B num.query.dnscrypt.shared_secret.cachemiss 
+The number of dnscrypt queries that did not find a shared secret in the
+cache.
+This can be use to compute the shared secret hitrate.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B num.query.dnscrypt.replay 
+The number of dnscrypt queries that found a nonce hit in the nonce cache
+and hence are considered a query replay.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B num.answer.rcode.NXDOMAIN 
+The number of answers to queries, from cache or from recursion, that had
+the return code NXDOMAIN.
+Also printed for the other return codes.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B num.answer.rcode.nodata 
 The number of answers to queries that had the pseudo return code nodata.
-This means the actual return code was NOERROR, but additionally, no data was
-carried in the answer (making what is called a NOERROR/NODATA answer).
+This means the actual return code was NOERROR, but additionally, no data
+was carried in the answer (making what is called a NOERROR/NODATA answer).
 These queries are also included in the num.answer.rcode.NOERROR number.
 Common for AAAA lookups when an A record exists, and no AAAA.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I num.answer.secure
-Number of answers that were secure.  The answer validated correctly.
+.B num.answer.secure 
+Number of answers that were secure.
+The answer validated correctly.
 The AD bit might have been set in some of these answers, where the client
 signalled (with DO or AD bit in the query) that they were ready to accept
 the AD bit in the answer.
-.TP
-.I num.answer.bogus
-Number of answers that were bogus.  These answers resulted in SERVFAIL
-to the client because the answer failed validation.
-.TP
-.I num.rrset.bogus
-The number of rrsets marked bogus by the validator.  Increased for every
-RRset inspection that fails.
-.TP
-.I unwanted.queries
+.UNINDENT
+.INDENT 0.0
+.TP
+.B num.answer.bogus 
+Number of answers that were bogus.
+These answers resulted in SERVFAIL to the client because the answer failed
+validation.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B num.rrset.bogus 
+The number of rrsets marked bogus by the validator.
+Increased for every RRset inspection that fails.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B num.valops 
+The number of validation operations performed by the validator.
+Increased for every RRSIG verification operation regardless of the
+validation result.
+The RRSIG and key combination needs to first pass some sanity checks before
+Unbound even performs the verification, e.g., length/protocol checks.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B unwanted.queries 
 Number of queries that were refused or dropped because they failed the
 access control settings.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I unwanted.replies
-Replies that were unwanted or unsolicited.  Could have been random traffic,
-delayed duplicates, very late answers, or could be spoofing attempts.
+.B unwanted.replies 
+Replies that were unwanted or unsolicited.
+Could have been random traffic, delayed duplicates, very late answers, or
+could be spoofing attempts.
 Some low level of late answers and delayed duplicates are to be expected
-with the UDP protocol.  Very high values could indicate a threat (spoofing).
+with the UDP protocol.
+Very high values could indicate a threat (spoofing).
+.UNINDENT
+.INDENT 0.0
 .TP
-.I msg.cache.count
+.B msg.cache.count 
 The number of items (DNS replies) in the message cache.
-.TP
-.I rrset.cache.count
-The number of RRsets in the rrset cache.  This includes rrsets used by
-the messages in the message cache, but also delegation information.
-.TP
-.I infra.cache.count
-The number of items in the infra cache.  These are IP addresses with their
-timing and protocol support information.
-.TP
-.I key.cache.count
-The number of items in the key cache.  These are DNSSEC keys, one item
-per delegation point, and their validation status.
-.TP
-.I msg.cache.max_collisions
-The maximum number of hash table collisions in the msg cache. This is the
-number of hashes that are identical when a new element is inserted in the
-hash table. If the value is very large, like hundreds, something is wrong
-with the performance of the hash table, hash values are incorrect or malicious.
-.TP
-.I rrset.cache.max_collisions
-The maximum number of hash table collisions in the rrset cache. This is the
-number of hashes that are identical when a new element is inserted in the
-hash table. If the value is very large, like hundreds, something is wrong
-with the performance of the hash table, hash values are incorrect or malicious.
-.TP
-.I dnscrypt_shared_secret.cache.count
-The number of items in the shared secret cache. These are precomputed shared
-secrets for a given client public key/server secret key pair. Shared secrets
-are CPU intensive and this cache allows Unbound to avoid recomputing the
-shared secret when multiple dnscrypt queries are sent from the same client.
-.TP
-.I dnscrypt_nonce.cache.count
-The number of items in the client nonce cache. This cache is used to prevent
-dnscrypt queries replay. The client nonce must be unique for each client public
-key/server secret key pair. This cache should be able to host QPS * `replay
-window` interval keys to prevent replay of a query during `replay window`
-seconds.
-.TP
-.I num.query.authzone.up
+.UNINDENT
+.INDENT 0.0
+.TP
+.B rrset.cache.count 
+The number of RRsets in the rrset cache.
+This includes rrsets used by the messages in the message cache, but also
+delegation information.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B infra.cache.count 
+The number of items in the infra cache.
+These are IP addresses with their timing and protocol support information.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B key.cache.count 
+The number of items in the key cache.
+These are DNSSEC keys, one item per delegation point, and their validation
+status.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B msg.cache.max_collisions 
+The maximum number of hash table collisions in the msg cache.
+This is the number of hashes that are identical when a new element is
+inserted in the hash table.
+If the value is very large, like hundreds, something is wrong with the
+performance of the hash table, hash values are incorrect or malicious.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B rrset.cache.max_collisions 
+The maximum number of hash table collisions in the rrset cache.
+This is the number of hashes that are identical when a new element is
+inserted in the hash table.
+If the value is very large, like hundreds, something is wrong with the
+performance of the hash table, hash values are incorrect or malicious.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnscrypt_shared_secret.cache.count 
+The number of items in the shared secret cache.
+These are precomputed shared secrets for a given client public key/server
+secret key pair.
+Shared secrets are CPU intensive and this cache allows Unbound to avoid
+recomputing the shared secret when multiple dnscrypt queries are sent from
+the same client.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnscrypt_nonce.cache.count 
+The number of items in the client nonce cache.
+This cache is used to prevent dnscrypt queries replay.
+The client nonce must be unique for each client public key/server secret
+key pair.
+This cache should be able to host QPS * \fIreplay window\fP interval keys to
+prevent replay of a query during \fIreplay window\fP seconds.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B num.query.authzone.up 
 The number of queries answered from auth\-zone data, upstream queries.
-These queries would otherwise have been sent (with fallback enabled) to
-the internet, but are now answered from the auth zone.
+These queries would otherwise have been sent (with fallback enabled) to the
+internet, but are now answered from the auth zone.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I num.query.authzone.down
+.B num.query.authzone.down 
 The number of queries for downstream answered from auth\-zone data.
-These queries are from downstream clients, and have had an answer from
-the data in the auth zone.
+These queries are from downstream clients, and have had an answer from the
+data in the auth zone.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I num.query.aggressive.NOERROR
+.B num.query.aggressive.NOERROR 
 The number of queries answered using cached NSEC records with NODATA RCODE.
 These queries would otherwise have been sent to the internet, but are now
 answered using cached data.
+.UNINDENT
+.INDENT 0.0
 .TP
-.I num.query.aggressive.NXDOMAIN
-The number of queries answered using cached NSEC records with NXDOMAIN RCODE.
+.B num.query.aggressive.NXDOMAIN 
+The number of queries answered using cached NSEC records with NXDOMAIN
+RCODE.
 These queries would otherwise have been sent to the internet, but are now
 answered using cached data.
-.TP
-.I num.query.subnet
-Number of queries that got an answer that contained EDNS client subnet data.
-.TP
-.I num.query.subnet_cache
-Number of queries answered from the edns client subnet cache.  These are
-counted as cachemiss by the main counters, but hit the client subnet
-specific cache after getting processed by the edns client subnet module.
-.TP
-.I num.query.cachedb
+.UNINDENT
+.INDENT 0.0
+.TP
+.B num.query.subnet 
+Number of queries that got an answer that contained EDNS client subnet
+data.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B num.query.subnet_cache 
+Number of queries answered from the edns client subnet cache.
+These are counted as cachemiss by the main counters, but hit the client
+subnet specific cache after getting processed by the edns client subnet
+module.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B num.query.cachedb 
 Number of queries answered from the external cache of cachedb.
 These are counted as cachemiss by the main counters, but hit the cachedb
 external cache after getting processed by the cachedb module.
-.TP
-.I num.rpz.action.<rpz_action>
-Number of queries answered using configured RPZ policy, per RPZ action type.
-Possible actions are: nxdomain, nodata, passthru, drop, tcp\-only, local\-data,
-disabled, and cname\-override.
-.SH "FILES"
-.TP
-.I @ub_conf_file@
+.UNINDENT
+.INDENT 0.0
+.TP
+.B num.rpz.action.<rpz_action> 
+Number of queries answered using configured RPZ policy, per RPZ action
+type.
+Possible actions are: nxdomain, nodata, passthru, drop, tcp\-only,
+local\-data, disabled, and cname\-override.
+.UNINDENT
+.SH FILES
+.INDENT 0.0
+.TP
+.B @ub_conf_file@
 Unbound configuration file.
 .TP
-.I @UNBOUND_RUN_DIR@
-directory with private keys (unbound_server.key and unbound_control.key) and
-self\-signed certificates (unbound_server.pem and unbound_control.pem).
-.SH "SEE ALSO"
-\fIunbound.conf\fR(5),
-\fIunbound\fR(8).
+.B @UNBOUND_RUN_DIR@
+directory with private keys (\fBunbound_server.key\fP and
+\fBunbound_control.key\fP) and self\-signed certificates
+(\fBunbound_server.pem\fP and \fBunbound_control.pem\fP).
+.UNINDENT
+.SH SEE ALSO
+.sp
+\fI\%unbound.conf(5)\fP,
+\fI\%unbound(8)\fP\&.
+.SH AUTHOR
+Unbound developers are mentioned in the CREDITS file in the distribution.
+.SH COPYRIGHT
+1999-2025, NLnet Labs
+.\" Generated by docutils manpage writer.
+.
diff --git a/contrib/unbound/doc/unbound-control.rst b/contrib/unbound/doc/unbound-control.rst
new file mode 100644
index 000000000000..bc548f51d064
--- /dev/null
+++ b/contrib/unbound/doc/unbound-control.rst
@@ -0,0 +1,1374 @@
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+.. program:: unbound-control
+
+unbound-control(8)
+==================
+
+Synopsis
+--------
+
+**unbound-control** [``-hq``] [``-c cfgfile``] [``-s server``] command
+
+Description
+-----------
+
+``unbound-control`` performs remote administration on the
+:doc:`unbound(8)</manpages/unbound>` DNS server.
+It reads the configuration file, contacts the Unbound server over TLS sends the
+command and displays the result.
+
+The available options are:
+
+.. option:: -h
+
+    Show the version and commandline option help.
+
+.. option:: -c <cfgfile>
+
+    The config file to read with settings.
+    If not given the default config file
+    :file:`@ub_conf_file@` is used.
+
+.. option:: -s <server[@port]>
+
+    IPv4 or IPv6 address of the server to contact.
+    If not given, the address is read from the config file.
+
+.. option:: -q
+
+    Quiet, if the option is given it does not print anything if it works ok.
+
+Commands
+--------
+
+There are several commands that the server understands.
+
+
+@@UAHL@unbound-control.commands@start@@
+    Start the server.
+    Simply execs :doc:`unbound(8)</manpages/unbound>`.
+    The ``unbound`` executable is searched for in the **PATH** set in the
+    environment.
+    It is started with the config file specified using :option:`-c` or the
+    default config file.
+
+
+@@UAHL@unbound-control.commands@stop@@
+    Stop the server.
+    The server daemon exits.
+
+
+@@UAHL@unbound-control.commands@reload@@
+    Reload the server.
+    This flushes the cache and reads the config file fresh.
+
+
+@@UAHL@unbound-control.commands@reload_keep_cache@@
+    Reload the server but try to keep the RRset and message cache if
+    (re)configuration allows for it.
+    That means the caches sizes and the number of threads must not change
+    between reloads.
+
+
+@@UAHL@unbound-control.commands@fast_reload@@ [``+dpv``]
+    Reload the server, but keep downtime to a minimum, so that user queries
+    keep seeing service.
+    This needs the code compiled with threads.
+    The config is loaded in a thread, and prepared, then it briefly pauses the
+    existing server and updates config options.
+    The intent is that the pause does not impact the service of user queries.
+    The cache is kept.
+    Also user queries worked on are kept and continue, but with the new config
+    options.
+
+    .. note::
+        This command is experimental at this time.
+
+    The amount of temporal memory needed during a fast_reload is twice the
+    amount needed for configuration.
+    This is because Unbound temporarily needs to store both current
+    configuration values and new ones while trying to fast_reload.
+    Zones loaded from disk (authority zones and RPZ zones) are included in such
+    memory needs.
+
+    Options that can be changed are for
+    :ref:`forwards<unbound.conf.forward>`,
+    :ref:`stubs<unbound.conf.stub>`,
+    :ref:`views<unbound.conf.view>`,
+    :ref:`authority zones<unbound.conf.auth>`,
+    :ref:`RPZ zones<unbound.conf.rpz>` and
+    :ref:`local zones<unbound.conf.local-zone>`.
+
+    Also
+    :ref:`access-control<unbound.conf.access-control>` and similar options,
+    :ref:`interface-action<unbound.conf.interface-action>` and similar
+    options and
+    :ref:`tcp-connection-limit<unbound.conf.tcp-connection-limit>`.
+    It can reload some
+    :ref:`define-tag<unbound.conf.define-tag>`
+    changes, more on that below.
+    Further options include
+    :ref:`insecure-lan-zones<unbound.conf.insecure-lan-zones>`,
+    :ref:`domain-insecure<unbound.conf.domain-insecure>`,
+    :ref:`trust-anchor-file<unbound.conf.trust-anchor-file>`,
+    :ref:`trust-anchor<unbound.conf.trust-anchor>`,
+    :ref:`trusted-keys-file<unbound.conf.trusted-keys-file>`,
+    :ref:`auto-trust-anchor-file<unbound.conf.auto-trust-anchor-file>`,
+    :ref:`edns-client-string<unbound.conf.edns-client-string>`,
+    ipset,
+    :ref:`log-identity<unbound.conf.log-identity>`,
+    :ref:`infra-cache-numhosts<unbound.conf.infra-cache-numhosts>`,
+    :ref:`msg-cache-size<unbound.conf.msg-cache-size>`,
+    :ref:`rrset-cache-size<unbound.conf.rrset-cache-size>`,
+    :ref:`key-cache-size<unbound.conf.key-cache-size>`,
+    :ref:`ratelimit-size<unbound.conf.ratelimit-size>`,
+    :ref:`neg-cache-size<unbound.conf.neg-cache-size>`,
+    :ref:`num-queries-per-thread<unbound.conf.num-queries-per-thread>`,
+    :ref:`jostle-timeout<unbound.conf.jostle-timeout>`,
+    :ref:`use-caps-for-id<unbound.conf.use-caps-for-id>`,
+    :ref:`unwanted-reply-threshold<unbound.conf.unwanted-reply-threshold>`,
+    :ref:`tls-use-sni<unbound.conf.tls-use-sni>`,
+    :ref:`outgoing-tcp-mss<unbound.conf.outgoing-tcp-mss>`,
+    :ref:`ip-dscp<unbound.conf.ip-dscp>`,
+    :ref:`max-reuse-tcp-queries<unbound.conf.max-reuse-tcp-queries>`,
+    :ref:`tcp-reuse-timeout<unbound.conf.tcp-reuse-timeout>`,
+    :ref:`tcp-auth-query-timeout<unbound.conf.tcp-auth-query-timeout>`,
+    :ref:`delay-close<unbound.conf.delay-close>`.
+
+    It does not work with
+    :ref:`interface<unbound.conf.interface>` and
+    :ref:`outgoing-interface<unbound.conf.outgoing-interface>` changes,
+    also not with
+    :ref:`remote control<unbound.conf.remote>`,
+    :ref:`outgoing-port-permit<unbound.conf.outgoing-port-permit>`,
+    :ref:`outgoing-port-avoid<unbound.conf.outgoing-port-avoid>`,
+    :ref:`msg-buffer-size<unbound.conf.msg-buffer-size>`,
+    any **\*-slabs** options and
+    :ref:`statistics-interval<unbound.conf.statistics-interval>` changes.
+
+    For :ref:`dnstap<unbound.conf.dnstap>` these options can be changed:
+    :ref:`dnstap-log-resolver-query-messages<unbound.conf.dnstap.dnstap-log-resolver-query-messages>`,
+    :ref:`dnstap-log-resolver-response-messages<unbound.conf.dnstap.dnstap-log-resolver-response-messages>`,
+    :ref:`dnstap-log-client-query-messages<unbound.conf.dnstap.dnstap-log-client-query-messages>`,
+    :ref:`dnstap-log-client-response-messages<unbound.conf.dnstap.dnstap-log-client-response-messages>`,
+    :ref:`dnstap-log-forwarder-query-messages<unbound.conf.dnstap.dnstap-log-forwarder-query-messages>` and
+    :ref:`dnstap-log-forwarder-response-messages<unbound.conf.dnstap.dnstap-log-forwarder-response-messages>`.
+
+    It does not work with these options:
+    :ref:`dnstap-enable<unbound.conf.dnstap.dnstap-enable>`,
+    :ref:`dnstap-bidirectional<unbound.conf.dnstap.dnstap-bidirectional>`,
+    :ref:`dnstap-socket-path<unbound.conf.dnstap.dnstap-socket-path>`,
+    :ref:`dnstap-ip<unbound.conf.dnstap.dnstap-ip>`,
+    :ref:`dnstap-tls<unbound.conf.dnstap.dnstap-tls>`,
+    :ref:`dnstap-tls-server-name<unbound.conf.dnstap.dnstap-tls-server-name>`,
+    :ref:`dnstap-tls-cert-bundle<unbound.conf.dnstap.dnstap-tls-cert-bundle>`,
+    :ref:`dnstap-tls-client-key-file<unbound.conf.dnstap.dnstap-tls-client-key-file>` and
+    :ref:`dnstap-tls-client-cert-file<unbound.conf.dnstap.dnstap-tls-client-cert-file>`.
+
+    The options
+    :ref:`dnstap-send-identity<unbound.conf.dnstap.dnstap-send-identity>`,
+    :ref:`dnstap-send-version<unbound.conf.dnstap.dnstap-send-version>`,
+    :ref:`dnstap-identity<unbound.conf.dnstap.dnstap-identity>`, and
+    :ref:`dnstap-version<unbound.conf.dnstap.dnstap-version>` can be loaded
+    when ``+p`` is not used.
+
+    The ``+v`` option makes the output verbose which includes the time it took
+    to do the reload.
+    With ``+vv`` it is more verbose which includes the amount of memory that
+    was allocated temporarily to perform the reload; this amount of memory can
+    be big if the config has large contents.
+    In the timing output the 'reload' time is the time during which the server
+    was paused.
+
+    The ``+p`` option makes the reload not pause threads, they keep running.
+    Locks are acquired, but items are updated in sequence, so it is possible
+    for threads to see an inconsistent state with some options from the old
+    and some options from the new config, such as cache TTL parameters from the
+    old config and forwards from the new config.
+    The stubs and forwards are updated at the same time, so that they are
+    viewed consistently, either old or new values together.
+    The option makes the reload time take eg. 3 microseconds instead of 0.3
+    milliseconds during which the worker threads are interrupted.
+    So, the interruption is much shorter, at the expense of some inconsistency.
+    After the reload itself, every worker thread is briefly contacted to make
+    them release resources, this makes the delete timing a little longer, and
+    takes up time from the remote control servicing worker thread.
+
+    With the nopause option (``+p``), the reload does not work to reload some
+    options, that fast reload works on without the nopause option:
+    :ref:`val-bogus-ttl<unbound.conf.val-bogus-ttl>`,
+    :ref:`val-override-date<unbound.conf.val-override-date>`,
+    :ref:`val-sig-skew-min<unbound.conf.val-sig-skew-min>`,
+    :ref:`val-sig-skew-max<unbound.conf.val-sig-skew-max>`,
+    :ref:`val-max-restart<unbound.conf.val-max-restart>`,
+    :ref:`val-nsec3-keysize-iterations<unbound.conf.val-nsec3-keysize-iterations>`,
+    :ref:`target-fetch-policy<unbound.conf.target-fetch-policy>`,
+    :ref:`outbound-msg-retry<unbound.conf.outbound-msg-retry>`,
+    :ref:`max-sent-count<unbound.conf.max-sent-count>`,
+    :ref:`max-query-restarts<unbound.conf.max-query-restarts>`,
+    :ref:`do-not-query-address<unbound.conf.do-not-query-address>`,
+    :ref:`do-not-query-localhost<unbound.conf.do-not-query-localhost>`,
+    :ref:`private-address<unbound.conf.private-address>`,
+    :ref:`private-domain<unbound.conf.private-domain>`,
+    :ref:`caps-exempt<unbound.conf.caps-exempt>`,
+    :ref:`nat64-prefix<unbound.conf.nat64.nat64-prefix>`,
+    :ref:`do-nat64<unbound.conf.nat64.do-nat64>`,
+    :ref:`infra-host-ttl<unbound.conf.infra-host-ttl>`,
+    :ref:`infra-keep-probing<unbound.conf.infra-keep-probing>`,
+    :ref:`ratelimit<unbound.conf.ratelimit>`,
+    :ref:`ip-ratelimit<unbound.conf.ip-ratelimit>`,
+    :ref:`ip-ratelimit-cookie<unbound.conf.ip-ratelimit-cookie>`,
+    :ref:`wait-limit-netblock<unbound.conf.wait-limit-netblock>`,
+    :ref:`wait-limit-cookie-netblock<unbound.conf.wait-limit-cookie-netblock>`,
+    :ref:`ratelimit-below-domain<unbound.conf.ratelimit-below-domain>`,
+    :ref:`ratelimit-for-domain<unbound.conf.ratelimit-for-domain>`.
+
+    The ``+d`` option makes the reload drop queries that the worker threads are
+    working on.
+    This is like
+    :ref:`flush_requestlist<unbound-control.commands.flush_requestlist>`.
+    Without it the queries are kept so that users keep getting answers for
+    those queries that are currently processed.
+    The drop makes it so that queries during the life time of the
+    query processing see only old, or only new config options.
+
+    When there are changes to the config tags, from the
+    :ref:`define-tag<unbound.conf.define-tag>` option,
+    then the ``+d`` option is implicitly turned on with a warning printout, and
+    queries are dropped.
+    This is to stop references to the old tag information, by the old
+    queries.
+    If the number of tags is increased in the newly loaded config, by
+    adding tags at the end, then the implicit ``+d`` option is not needed.
+
+    For response ip, that is actions associated with IP addresses, and perhaps
+    intersected with access control tag and action information, those settings
+    are stored with a query when it comes in based on its source IP address.
+    The old information is kept with the query until the queries are done.
+    This is gone when those queries are resolved and finished, or it is
+    possible to flush the requestlist with ``+d``.
+
+
+@@UAHL@unbound-control.commands@verbosity@@ *number*
+    Change verbosity value for logging.
+    Same values as the **verbosity:** keyword in
+    :doc:`unbound.conf(5)</manpages/unbound.conf>`.
+    This new setting lasts until the server is issued a reload (taken from
+    config file again), or the next verbosity control command.
+
+
+@@UAHL@unbound-control.commands@log_reopen@@
+    Reopen the logfile, close and open it.
+    Useful for logrotation to make the daemon release the file it is logging
+    to.
+    If you are using syslog it will attempt to close and open the syslog (which
+    may not work if chrooted).
+
+
+@@UAHL@unbound-control.commands@stats@@
+    Print statistics.
+    Resets the internal counters to zero, this can be controlled using the
+    **statistics-cumulative:** config statement.
+    Statistics are printed with one ``[name]: [value]`` per line.
+
+
+@@UAHL@unbound-control.commands@stats_noreset@@
+    Peek at statistics.
+    Prints them like the stats command does, but does not reset the internal
+    counters to zero.
+
+
+@@UAHL@unbound-control.commands@status@@
+    Display server status.
+    Exit code 3 if not running (the connection to the port is refused), 1 on
+    error, 0 if running.
+
+
+@@UAHL@unbound-control.commands@local_zone@@ *name type*
+    Add new local zone with name and type.
+    Like local-zone config statement.
+    If the zone already exists, the type is changed to the given argument.
+
+
+@@UAHL@unbound-control.commands@local_zone_remove@@ *name*
+    Remove the local zone with the given name.
+    Removes all local data inside it.
+    If the zone does not exist, the command succeeds.
+
+
+@@UAHL@unbound-control.commands@local_data@@ *RR data...*
+    Add new local data, the given resource record.
+    Like **local-data:** keyword, except for when no covering zone exists.
+    In that case this remote control command creates a transparent zone with
+    the same name as this record.
+
+
+@@UAHL@unbound-control.commands@local_data_remove@@ *name*
+    Remove all RR data from local name.
+    If the name already has no items, nothing happens.
+    Often results in NXDOMAIN for the name (in a static zone), but if the name
+    has become an empty nonterminal (there is still data in domain names below
+    the removed name), NOERROR nodata answers are the result for that name.
+
+
+@@UAHL@unbound-control.commands@local_zones@@
+    Add local zones read from stdin of unbound-control.
+    Input is read per line, with name space type on a line.
+    For bulk additions.
+
+
+@@UAHL@unbound-control.commands@local_zones_remove@@
+    Remove local zones read from stdin of unbound-control.
+    Input is one name per line.
+    For bulk removals.
+
+
+@@UAHL@unbound-control.commands@local_datas@@
+    Add local data RRs read from stdin of unbound-control.
+    Input is one RR per line.
+    For bulk additions.
+
+
+@@UAHL@unbound-control.commands@local_datas_remove@@
+    Remove local data RRs read from stdin of unbound-control.
+    Input is one name per line.
+    For bulk removals.
+
+
+@@UAHL@unbound-control.commands@dump_cache@@
+    The contents of the cache is printed in a text format to stdout.
+    You can redirect it to a file to store the cache in a file.
+    Not supported in remote Unbounds in multi-process operation.
+
+
+@@UAHL@unbound-control.commands@load_cache@@
+    The contents of the cache is loaded from stdin.
+    Uses the same format as dump_cache uses.
+    Loading the cache with old, or wrong data can result in old or wrong data
+    returned to clients.
+    Loading data into the cache in this way is supported in order to aid with
+    debugging.
+    Not supported in remote Unbounds in multi-process operation.
+
+
+@@UAHL@unbound-control.commands@cache_lookup@@ [``+t``] *names*
+    Print to stdout the RRsets and messages that are in the cache.
+    For every name listed the content at or under the name is printed.
+    Several names separated by spaces can be given, each is printed.
+    When subnetcache is enabled, also matching entries from the subnet
+    cache are printed.
+
+    The ``+t`` option allows tld and root names.
+    With it names like 'com' and '.' can be used, but it takes a lot of
+    effort to look up in the cache.
+
+
+@@UAHL@unbound-control.commands@lookup@@ *name*
+    Print to stdout the name servers that would be used to look up the name
+    specified.
+
+
+@@UAHL@unbound-control.commands@flush@@ [``+c``] *name*
+    Remove the name from the cache.
+    Removes the types A, AAAA, NS, SOA, CNAME, DNAME, MX, PTR, SRV, NAPTR,
+    SVCB and HTTPS.
+    Because that is fast to do.
+    Other record types can be removed using **flush_type** or **flush_zone**.
+
+    The ``+c`` option removes the items also from the cachedb cache.
+    If cachedb is in use.
+
+
+@@UAHL@unbound-control.commands@flush_type@@ [``+c``] *name type*
+    Remove the name, type information from the cache.
+
+    The ``+c`` option removes the items also from the cachedb cache.
+    If cachedb is in use.
+
+
+@@UAHL@unbound-control.commands@flush_zone@@ [``+c``] name
+    Remove all information at or below the name from the cache.
+    The rrsets and key entries are removed so that new lookups will be
+    performed.
+    This needs to walk and inspect the entire cache, and is a slow operation.
+    The entries are set to expired in the implementation of this command (so,
+    with serve-expired enabled, it'll serve that information but schedule a
+    prefetch for new information).
+
+    The ``+c`` option removes the items also from the cachedb cache.
+    If cachedb is in use.
+
+
+@@UAHL@unbound-control.commands@flush_bogus@@ [``+c``]
+    Remove all bogus data from the cache.
+
+    The ``+c`` option removes the items also from the cachedb cache.
+    If cachedb is in use.
+
+
+@@UAHL@unbound-control.commands@flush_negative@@ [``+c``]
+    Remove all negative data from the cache.
+    This is nxdomain answers, nodata answers and servfail answers.
+    Also removes bad key entries (which could be due to failed lookups) from
+    the dnssec key cache, and iterator last-resort lookup failures from the
+    rrset cache.
+
+    The ``+c`` option removes the items also from the cachedb cache.
+    If cachedb is in use.
+
+
+@@UAHL@unbound-control.commands@flush_stats@@
+    Reset statistics to zero.
+
+
+@@UAHL@unbound-control.commands@flush_requestlist@@
+    Drop the queries that are worked on.
+    Stops working on the queries that the server is working on now.
+    The cache is unaffected.
+    No reply is sent for those queries, probably making those users request
+    again later.
+    Useful to make the server restart working on queries with new settings,
+    such as a higher verbosity level.
+
+
+@@UAHL@unbound-control.commands@dump_requestlist@@
+    Show what is worked on.
+    Prints all queries that the server is currently working on.
+    Prints the time that users have been waiting.
+    For internal requests, no time is printed.
+    And then prints out the module status.
+    This prints the queries from the first thread, and not queries that are
+    being serviced from other threads.
+
+
+@@UAHL@unbound-control.commands@flush_infra@@ *all|IP*
+    If all then entire infra cache is emptied.
+    If a specific IP address, the entry for that address is removed from the
+    cache.
+    It contains EDNS, ping and lameness data.
+
+
+@@UAHL@unbound-control.commands@dump_infra@@
+    Show the contents of the infra cache.
+
+
+@@UAHL@unbound-control.commands@set_option@@ *opt: val*
+    Set the option to the given value without a reload.
+    The cache is therefore not flushed.
+    The option must end with a ``':'`` and whitespace must be between the
+    option and the value.
+    Some values may not have an effect if set this way, the new values are not
+    written to the config file, not all options are supported.
+    This is different from the set_option call in libunbound, where all values
+    work because Unbound has not been initialized.
+
+    The values that work are: statistics-interval, statistics-cumulative,
+    do-not-query-localhost,  harden-short-bufsize, harden-large-queries,
+    harden-glue, harden-dnssec-stripped, harden-below-nxdomain,
+    harden-referral-path,  prefetch, prefetch-key, log-queries, hide-identity,
+    hide-version, identity, version, val-log-level, val-log-squelch,
+    ignore-cd-flag, add-holddown, del-holddown, keep-missing, tcp-upstream,
+    ssl-upstream, max-udp-size, ratelimit, ip-ratelimit, cache-max-ttl,
+    cache-min-ttl, cache-max-negative-ttl.
+
+
+@@UAHL@unbound-control.commands@get_option@@ *opt*
+    Get the value of the option.
+    Give the option name without a trailing ``':'``.
+    The value is printed.
+    If the value is ``""``, nothing is printed and the connection closes.
+    On error ``'error ...'`` is printed (it gives a syntax error on unknown
+    option).
+    For some options a list of values, one on each line, is printed.
+    The options are shown from the config file as modified with set_option.
+    For some options an override may have been taken that does not show up with
+    this command, not results from e.g. the verbosity and forward control
+    commands.
+    Not all options work, see list_stubs, list_forwards, list_local_zones and
+    list_local_data for those.
+
+
+@@UAHL@unbound-control.commands@list_stubs@@
+    List the stub zones in use.
+    These are printed one by one to the output.
+    This includes the root hints in use.
+
+
+@@UAHL@unbound-control.commands@list_forwards@@
+    List the forward zones in use.
+    These are printed zone by zone to the output.
+
+
+@@UAHL@unbound-control.commands@list_insecure@@
+    List the zones with domain-insecure.
+
+
+@@UAHL@unbound-control.commands@list_local_zones@@
+    List the local zones in use.
+    These are printed one per line with zone type.
+
+
+@@UAHL@unbound-control.commands@list_local_data@@
+    List the local data RRs in use.
+    The resource records are printed.
+
+
+@@UAHL@unbound-control.commands@insecure_add@@ *zone*
+    Add a domain-insecure for the given zone, like the statement in
+    unbound.conf.
+    Adds to the running Unbound without affecting the cache
+    contents (which may still be bogus, use flush_zone to remove it), does not
+    affect the config file.
+
+
+@@UAHL@unbound-control.commands@insecure_remove@@ *zone*
+    Removes domain-insecure for the given zone.
+
+
+@@UAHL@unbound-control.commands@forward_add@@ [``+it``] *zone addr ...*
+    Add a new forward zone to running Unbound.
+    With ``+i`` option also adds a domain-insecure for the zone (so it can
+    resolve insecurely if you have a DNSSEC root trust anchor configured for
+    other names).
+    The addr can be IP4, IP6 or nameserver names, like forward-zone config in
+    unbound.conf.
+    The ``+t`` option sets it to use TLS upstream, like
+    :ref:`forward-tls-upstream: yes<unbound.conf.forward.forward-tls-upstream>`.
+
+
+@@UAHL@unbound-control.commands@forward_remove@@ [``+i``] *zone*
+    Remove a forward zone from running Unbound.
+    The ``+i`` also removes a domain-insecure for the zone.
+
+
+@@UAHL@unbound-control.commands@stub_add@@ [``+ipt``] *zone addr ...*
+    Add a new stub zone to running Unbound.
+    With ``+i`` option also adds a domain-insecure for the zone.
+    With ``+p`` the stub zone is set to prime, without it it is set to
+    notprime.
+    The addr can be IP4, IP6 or nameserver names, like the **stub-zone:**
+    config in unbound.conf.
+    The ``+t`` option sets it to use TLS upstream, like
+    :ref:`stub-tls-upstream: yes<unbound.conf.stub.stub-tls-upstream>`.
+
+
+@@UAHL@unbound-control.commands@stub_remove@@ [``+i``] *zone*
+    Remove a stub zone from running Unbound.
+    The ``+i`` also removes a domain-insecure for the zone.
+
+
+@@UAHL@unbound-control.commands@forward@@ [*off* | *addr ...* ]
+    Setup forwarding mode.
+    Configures if the server should ask other upstream nameservers, should go
+    to the internet root nameservers itself, or show the current config.
+    You could pass the nameservers after a DHCP update.
+
+    Without arguments the current list of addresses used to forward all queries
+    to is printed.
+    On startup this is from the forward-zone ``"."`` configuration.
+    Afterwards it shows the status.
+    It prints off when no forwarding is used.
+
+    If off is passed, forwarding is disabled and the root nameservers are
+    used.
+    This can be used to avoid to avoid buggy or non-DNSSEC supporting
+    nameservers returned from DHCP.
+    But may not work in hotels or hotspots.
+
+    If one or more IPv4 or IPv6 addresses are given, those are then used to
+    forward queries to.
+    The addresses must be separated with spaces.
+    With ``'@port'`` the port number can be set explicitly (default port is 53
+    (DNS)).
+
+    By default the forwarder information from the config file for the root
+    ``"."`` is used.
+    The config file is not changed, so after a reload these changes are gone.
+    Other forward zones from the config file are not affected by this command.
+
+
+@@UAHL@unbound-control.commands@ratelimit_list@@ [``+a``]
+    List the domains that are ratelimited.
+    Printed one per line with current estimated qps and qps limit from config.
+    With ``+a`` it prints all domains, not just the ratelimited domains, with
+    their estimated qps.
+    The ratelimited domains return an error for uncached (new) queries, but
+    cached queries work as normal.
+
+
+@@UAHL@unbound-control.commands@ip_ratelimit_list@@ [``+a``]
+    List the ip addresses that are ratelimited.
+    Printed one per line with current estimated qps and qps limit from config.
+    With ``+a`` it prints all ips, not just the ratelimited ips, with their
+    estimated qps.
+    The ratelimited ips are dropped before checking the cache.
+
+
+@@UAHL@unbound-control.commands@list_auth_zones@@
+    List the auth zones that are configured.
+    Printed one per line with a status, indicating if the zone is expired and
+    current serial number.
+    Configured RPZ zones are included.
+
+
+@@UAHL@unbound-control.commands@auth_zone_reload@@ *zone*
+    Reload the auth zone (or RPZ zone) from zonefile.
+    The zonefile is read in overwriting the current contents of the zone in
+    memory.
+    This changes the auth zone contents itself, not the cache contents.
+    Such cache contents exists if you set Unbound to validate with
+    **for-upstream: yes** and that can be cleared with **flush_zone** *zone*.
+
+
+@@UAHL@unbound-control.commands@auth_zone_transfer@@ *zone*
+    Transfer the auth zone (or RPZ zone) from master.
+    The auth zone probe sequence is started, where the masters are probed to
+    see if they have an updated zone (with the SOA serial check).
+    And then the zone is transferred for a newer zone version.
+
+
+@@UAHL@unbound-control.commands@rpz_enable@@ *zone*
+    Enable the RPZ zone if it had previously been disabled.
+
+
+@@UAHL@unbound-control.commands@rpz_disable@@ *zone*
+    Disable the RPZ zone.
+
+
+@@UAHL@unbound-control.commands@view_list_local_zones@@ *view*
+    *list_local_zones* for given view.
+
+
+@@UAHL@unbound-control.commands@view_local_zone@@ *view name type*
+    *local_zone* for given view.
+
+
+@@UAHL@unbound-control.commands@view_local_zone_remove@@ *view name*
+    *local_zone_remove* for given view.
+
+
+@@UAHL@unbound-control.commands@view_list_local_data@@ *view*
+    *list_local_data* for given view.
+
+
+@@UAHL@unbound-control.commands@view_local_data@@ *view RR data...*
+    *local_data* for given view.
+
+
+@@UAHL@unbound-control.commands@view_local_data_remove@@ *view name*
+    *local_data_remove* for given view.
+
+
+@@UAHL@unbound-control.commands@view_local_datas_remove@@ *view*
+    Remove a list of *local_data* for given view from stdin.
+    Like *local_datas_remove*.
+
+
+@@UAHL@unbound-control.commands@view_local_datas@@ *view*
+    Add a list of *local_data* for given view from stdin.
+    Like *local_datas*.
+
+
+@@UAHL@unbound-control.commands@add_cookie_secret@@ *secret*
+    Add or replace a cookie secret persistently.
+    *secret* needs to be an 128 bit hex string.
+
+    Cookie secrets can be either **active** or **staging**.
+    **Active** cookie secrets are used to create DNS Cookies, but verification
+    of a DNS Cookie succeeds with any of the **active** or **staging** cookie
+    secrets.
+    The state of the current cookie secrets can be printed with the
+    :ref:`print_cookie_secrets<unbound-control.commands.print_cookie_secrets>`
+    command.
+
+    When there are no cookie secrets configured yet, the *secret* is added as
+    **active**.
+    If there is already an **active** cookie secret, the *secret* is added as
+    **staging** or replacing an existing **staging** secret.
+
+    To "roll" a cookie secret used in an anycast set.
+    The new secret has to be added as **staging** secret to **all** nodes in
+    the anycast set.
+    When **all** nodes can verify DNS Cookies with the new secret, the new
+    secret can be activated with the
+    :ref:`activate_cookie_secret<unbound-control.commands.activate_cookie_secret>`
+    command.
+    After **all** nodes have the new secret **active** for at least one hour,
+    the previous secret can be dropped with the
+    :ref:`drop_cookie_secret<unbound-control.commands.drop_cookie_secret>`
+    command.
+
+    Persistence is accomplished by writing to a file which is configured with
+    the
+    :ref:`cookie-secret-file<unbound.conf.cookie-secret-file>`
+    option in the server section of the config file.
+    This is disabled by default, "".
+
+
+@@UAHL@unbound-control.commands@drop_cookie_secret@@
+    Drop the **staging** cookie secret.
+
+
+@@UAHL@unbound-control.commands@activate_cookie_secret@@
+    Make the current **staging** cookie secret **active**, and the current
+    **active** cookie secret **staging**.
+
+
+@@UAHL@unbound-control.commands@print_cookie_secrets@@
+    Show the current configured cookie secrets with their status.
+
+Exit Code
+---------
+
+The ``unbound-control`` program exits with status code 1 on error, 0 on
+success.
+
+Set Up
+------
+
+The setup requires a self-signed certificate and private keys for both the
+server and client.
+The script ``unbound-control-setup`` generates these in the default run
+directory, or with ``-d`` in another directory.
+If you change the access control permissions on the key files you can decide
+who can use ``unbound-control``, by default owner and group but not all users.
+Run the script under the same username as you have configured in
+:file:`unbound.conf` or as root, so that the daemon is permitted to read the
+files, for example with:
+
+.. code-block:: bash
+
+    sudo -u unbound unbound-control-setup
+
+If you have not configured a username in :file:`unbound.conf`, the keys need
+read permission for the user credentials under which the daemon is started.
+The script preserves private keys present in the directory.
+After running the script as root, turn on
+:ref:`control-enable<unbound.conf.remote.control-enable>` in
+:file:`unbound.conf`.
+
+Statistic Counters
+------------------
+
+The :ref:`stats<unbound-control.commands.stats>` and
+:ref:`stats_noreset<unbound-control.commands.stats_noreset>` commands show a
+number of statistic counters:
+
+
+@@UAHL@unbound-control.stats@threadX.num.queries@@
+    number of queries received by thread
+
+
+@@UAHL@unbound-control.stats@threadX.num.queries_ip_ratelimited@@
+    number of queries rate limited by thread
+
+
+@@UAHL@unbound-control.stats@threadX.num.queries_cookie_valid@@
+    number of queries with a valid DNS Cookie by thread
+
+
+@@UAHL@unbound-control.stats@threadX.num.queries_cookie_client@@
+    number of queries with a client part only DNS Cookie by thread
+
+
+@@UAHL@unbound-control.stats@threadX.num.queries_cookie_invalid@@
+    number of queries with an invalid DNS Cookie by thread
+
+
+@@UAHL@unbound-control.stats@threadX.num.queries_discard_timeout@@
+    number of queries removed due to discard-timeout by thread
+
+
+@@UAHL@unbound-control.stats@threadX.num.queries_wait_limit@@
+    number of queries removed due to wait-limit by thread
+
+
+@@UAHL@unbound-control.stats@threadX.num.cachehits@@
+    number of queries that were successfully answered using a cache lookup
+
+
+@@UAHL@unbound-control.stats@threadX.num.cachemiss@@
+    number of queries that needed recursive processing
+
+
+@@UAHL@unbound-control.stats@threadX.num.dnscrypt.crypted@@
+    number of queries that were encrypted and successfully decapsulated by
+    dnscrypt.
+
+
+@@UAHL@unbound-control.stats@threadX.num.dnscrypt.cert@@
+    number of queries that were requesting dnscrypt certificates.
+
+
+@@UAHL@unbound-control.stats@threadX.num.dnscrypt.cleartext@@
+    number of queries received on dnscrypt port that were cleartext and not a
+    request for certificates.
+
+
+@@UAHL@unbound-control.stats@threadX.num.dnscrypt.malformed@@
+    number of request that were neither cleartext, not valid dnscrypt messages.
+
+
+@@UAHL@unbound-control.stats@threadX.num.dns_error_reports@@
+    number of DNS Error Reports generated by thread
+
+
+@@UAHL@unbound-control.stats@threadX.num.prefetch@@
+    number of cache prefetches performed.
+    This number is included in cachehits, as the original query had the
+    unprefetched answer from cache, and resulted in recursive processing,
+    taking a slot in the requestlist.
+    Not part of the recursivereplies (or the histogram thereof) or cachemiss,
+    as a cache response was sent.
+
+
+@@UAHL@unbound-control.stats@threadX.num.expired@@
+    number of replies that served an expired cache entry.
+
+
+@@UAHL@unbound-control.stats@threadX.num.queries_timed_out@@
+    number of queries that are dropped because they waited in the UDP socket
+    buffer for too long.
+
+
+@@UAHL@unbound-control.stats@threadX.query.queue_time_us.max@@
+    The maximum wait time for packets in the socket buffer, in microseconds.
+    This is only reported when
+    :ref:`sock-queue-timeout<unbound.conf.sock-queue-timeout>` is enabled.
+
+
+@@UAHL@unbound-control.stats@threadX.num.recursivereplies@@
+    The number of replies sent to queries that needed recursive processing.
+    Could be smaller than threadX.num.cachemiss if due to timeouts no replies
+    were sent for some queries.
+
+
+@@UAHL@unbound-control.stats@threadX.requestlist.avg@@
+    The average number of requests in the internal recursive processing request
+    list on insert of a new incoming recursive processing query.
+
+
+@@UAHL@unbound-control.stats@threadX.requestlist.max@@
+    Maximum size attained by the internal recursive processing request list.
+
+
+@@UAHL@unbound-control.stats@threadX.requestlist.overwritten@@
+    Number of requests in the request list that were overwritten by newer
+    entries.
+    This happens if there is a flood of queries that recursive processing and
+    the server has a hard time.
+
+
+@@UAHL@unbound-control.stats@threadX.requestlist.exceeded@@
+    Queries that were dropped because the request list was full.
+    This happens if a flood of queries need recursive processing, and the
+    server can not keep up.
+
+
+@@UAHL@unbound-control.stats@threadX.requestlist.current.all@@
+    Current size of the request list, includes internally generated queries
+    (such as priming queries and glue lookups).
+
+
+@@UAHL@unbound-control.stats@threadX.requestlist.current.user@@
+    Current size of the request list, only the requests from client queries.
+
+
+@@UAHL@unbound-control.stats@threadX.recursion.time.avg@@
+    Average time it took to answer queries that needed recursive processing.
+    Note that queries that were answered from the cache are not in this average.
+
+
+@@UAHL@unbound-control.stats@threadX.recursion.time.median@@
+    The median of the time it took to answer queries that needed recursive
+    processing.
+    The median means that 50% of the user queries were answered in less than
+    this time.
+    Because of big outliers (usually queries to non responsive servers), the
+    average can be bigger than the median.
+    This median has been calculated by interpolation from a histogram.
+
+
+@@UAHL@unbound-control.stats@threadX.tcpusage@@
+    The currently held tcp buffers for incoming connections.
+    A spot value on the time of the request.
+    This helps you spot if the incoming-num-tcp buffers are full.
+
+
+@@UAHL@unbound-control.stats@total.num.queries@@
+    summed over threads.
+
+
+@@UAHL@unbound-control.stats@total.num.queries_ip_ratelimited@@
+    summed over threads.
+
+
+@@UAHL@unbound-control.stats@total.num.queries_cookie_valid@@
+    summed over threads.
+
+
+@@UAHL@unbound-control.stats@total.num.queries_cookie_client@@
+    summed over threads.
+
+
+@@UAHL@unbound-control.stats@total.num.queries_cookie_invalid@@
+    summed over threads.
+
+
+@@UAHL@unbound-control.stats@total.num.queries_discard_timeout@@
+    summed over threads.
+
+
+@@UAHL@unbound-control.stats@total.num.queries_wait_limit@@
+    summed over threads.
+
+
+@@UAHL@unbound-control.stats@total.num.cachehits@@
+    summed over threads.
+
+
+@@UAHL@unbound-control.stats@total.num.cachemiss@@
+    summed over threads.
+
+
+@@UAHL@unbound-control.stats@total.num.dnscrypt.crypted@@
+    summed over threads.
+
+
+@@UAHL@unbound-control.stats@total.num.dnscrypt.cert@@
+    summed over threads.
+
+
+@@UAHL@unbound-control.stats@total.num.dnscrypt.cleartext@@
+    summed over threads.
+
+
+@@UAHL@unbound-control.stats@total.num.dnscrypt.malformed@@
+    summed over threads.
+
+
+@@UAHL@unbound-control.stats@total.num.dns_error_reports@@
+    summed over threads.
+
+
+@@UAHL@unbound-control.stats@total.num.prefetch@@
+    summed over threads.
+
+
+@@UAHL@unbound-control.stats@total.num.expired@@
+    summed over threads.
+
+
+@@UAHL@unbound-control.stats@total.num.queries_timed_out@@
+    summed over threads.
+
+
+@@UAHL@unbound-control.stats@total.query.queue_time_us.max@@
+    the maximum of the thread values.
+
+
+@@UAHL@unbound-control.stats@total.num.recursivereplies@@
+    summed over threads.
+
+
+@@UAHL@unbound-control.stats@total.requestlist.avg@@
+    averaged over threads.
+
+
+@@UAHL@unbound-control.stats@total.requestlist.max@@
+    the maximum of the thread requestlist.max values.
+
+
+@@UAHL@unbound-control.stats@total.requestlist.overwritten@@
+    summed over threads.
+
+
+@@UAHL@unbound-control.stats@total.requestlist.exceeded@@
+    summed over threads.
+
+
+@@UAHL@unbound-control.stats@total.requestlist.current.all@@
+    summed over threads.
+
+
+@@UAHL@unbound-control.stats@total.recursion.time.median@@
+    averaged over threads.
+
+
+@@UAHL@unbound-control.stats@total.tcpusage@@
+    summed over threads.
+
+
+@@UAHL@unbound-control.stats@time.now@@
+    current time in seconds since 1970.
+
+
+@@UAHL@unbound-control.stats@time.up@@
+    uptime since server boot in seconds.
+
+
+@@UAHL@unbound-control.stats@time.elapsed@@
+    time since last statistics printout, in seconds.
+
+Extended Statistics
+-------------------
+
+
+@@UAHL@unbound-control.stats@mem.cache.rrset@@
+    Memory in bytes in use by the RRset cache.
+
+
+@@UAHL@unbound-control.stats@mem.cache.message@@
+    Memory in bytes in use by the message cache.
+
+
+@@UAHL@unbound-control.stats@mem.cache.dnscrypt_shared_secret@@
+    Memory in bytes in use by the dnscrypt shared secrets cache.
+
+
+@@UAHL@unbound-control.stats@mem.cache.dnscrypt_nonce@@
+    Memory in bytes in use by the dnscrypt nonce cache.
+
+
+@@UAHL@unbound-control.stats@mem.mod.iterator@@
+    Memory in bytes in use by the iterator module.
+
+
+@@UAHL@unbound-control.stats@mem.mod.validator@@
+    Memory in bytes in use by the validator module.
+    Includes the key cache and negative cache.
+
+
+@@UAHL@unbound-control.stats@mem.streamwait@@
+    Memory in bytes in used by the TCP and TLS stream wait buffers.
+    These are answers waiting to be written back to the clients.
+
+
+@@UAHL@unbound-control.stats@mem.http.query_buffer@@
+    Memory in bytes used by the HTTP/2 query buffers.
+    Containing (partial) DNS queries waiting for request stream completion.
+
+
+@@UAHL@unbound-control.stats@mem.http.response_buffer@@
+    Memory in bytes used by the HTTP/2 response buffers.
+    Containing DNS responses waiting to be written back to the clients.
+
+
+@@UAHL@unbound-control.stats@mem.quic@@
+    Memory in bytes used by QUIC.
+    Containing connection information, stream information, queries read and
+    responses written back to the clients.
+
+@@UAHL@unbound-control.stats@histogram@@.<sec>.<usec>.to.<sec>.<usec>
+    Shows a histogram, summed over all threads.
+    Every element counts the recursive queries whose reply time fit between the
+    lower and upper bound.
+    Times larger or equal to the lowerbound, and smaller than the upper bound.
+    There are 40 buckets, with bucket sizes doubling.
+
+
+@@UAHL@unbound-control.stats@num.query.type.A@@
+    The total number of queries over all threads with query type A.
+    Printed for the other query types as well, but only for the types for which
+    queries were received, thus =0 entries are omitted for brevity.
+
+
+@@UAHL@unbound-control.stats@num.query.type.other@@
+    Number of queries with query types 256-65535.
+
+
+@@UAHL@unbound-control.stats@num.query.class.IN@@
+    The total number of queries over all threads with query class IN
+    (internet).
+    Also printed for other classes (such as CH (CHAOS) sometimes used for
+    debugging), or NONE, ANY, used by dynamic update.
+    num.query.class.other is printed for classes 256-65535.
+
+
+@@UAHL@unbound-control.stats@num.query.opcode.QUERY@@
+    The total number of queries over all threads with query opcode QUERY.
+    Also printed for other opcodes, UPDATE, ...
+
+
+@@UAHL@unbound-control.stats@num.query.tcp@@
+    Number of queries that were made using TCP towards the Unbound server.
+
+
+@@UAHL@unbound-control.stats@num.query.tcpout@@
+    Number of queries that the Unbound server made using TCP outgoing towards
+    other servers.
+
+
+@@UAHL@unbound-control.stats@num.query.udpout@@
+    Number of queries that the Unbound server made using UDP outgoing towards
+    other servers.
+
+
+@@UAHL@unbound-control.stats@num.query.tls@@
+    Number of queries that were made using TLS towards the Unbound server.
+    These are also counted in num.query.tcp, because TLS uses TCP.
+
+
+@@UAHL@unbound-control.stats@num.query.tls.resume@@
+    Number of TLS session resumptions, these are queries over TLS towards the
+    Unbound server where the client negotiated a TLS session resumption key.
+
+
+@@UAHL@unbound-control.stats@num.query.https@@
+    Number of queries that were made using HTTPS towards the Unbound server.
+    These are also counted in num.query.tcp and num.query.tls, because HTTPS
+    uses TLS and TCP.
+
+
+@@UAHL@unbound-control.stats@num.query.quic@@
+    Number of queries that were made using QUIC towards the Unbound server.
+    These are also counted in num.query.tls, because TLS is used for these
+    queries.
+
+
+@@UAHL@unbound-control.stats@num.query.ipv6@@
+    Number of queries that were made using IPv6 towards the Unbound server.
+
+
+@@UAHL@unbound-control.stats@num.query.flags.RD@@
+    The number of queries that had the RD flag set in the header.
+    Also printed for flags QR, AA, TC, RA, Z, AD, CD.
+    Note that queries with flags QR, AA or TC may have been rejected because of
+    that.
+
+
+@@UAHL@unbound-control.stats@num.query.edns.present@@
+    number of queries that had an EDNS OPT record present.
+
+
+@@UAHL@unbound-control.stats@num.query.edns.DO@@
+    number of queries that had an EDNS OPT record with the DO (DNSSEC OK) bit
+    set.
+    These queries are also included in the num.query.edns.present number.
+
+
+@@UAHL@unbound-control.stats@num.query.ratelimited@@
+    The number of queries that are turned away from being send to nameserver
+    due to ratelimiting.
+
+
+@@UAHL@unbound-control.stats@num.query.dnscrypt.shared_secret.cachemiss@@
+    The number of dnscrypt queries that did not find a shared secret in the
+    cache.
+    This can be use to compute the shared secret hitrate.
+
+
+@@UAHL@unbound-control.stats@num.query.dnscrypt.replay@@
+    The number of dnscrypt queries that found a nonce hit in the nonce cache
+    and hence are considered a query replay.
+
+
+@@UAHL@unbound-control.stats@num.answer.rcode.NXDOMAIN@@
+    The number of answers to queries, from cache or from recursion, that had
+    the return code NXDOMAIN.
+    Also printed for the other return codes.
+
+
+@@UAHL@unbound-control.stats@num.answer.rcode.nodata@@
+    The number of answers to queries that had the pseudo return code nodata.
+    This means the actual return code was NOERROR, but additionally, no data
+    was carried in the answer (making what is called a NOERROR/NODATA answer).
+    These queries are also included in the num.answer.rcode.NOERROR number.
+    Common for AAAA lookups when an A record exists, and no AAAA.
+
+
+@@UAHL@unbound-control.stats@num.answer.secure@@
+    Number of answers that were secure.
+    The answer validated correctly.
+    The AD bit might have been set in some of these answers, where the client
+    signalled (with DO or AD bit in the query) that they were ready to accept
+    the AD bit in the answer.
+
+
+@@UAHL@unbound-control.stats@num.answer.bogus@@
+    Number of answers that were bogus.
+    These answers resulted in SERVFAIL to the client because the answer failed
+    validation.
+
+
+@@UAHL@unbound-control.stats@num.rrset.bogus@@
+    The number of rrsets marked bogus by the validator.
+    Increased for every RRset inspection that fails.
+
+
+@@UAHL@unbound-control.stats@num.valops@@
+    The number of validation operations performed by the validator.
+    Increased for every RRSIG verification operation regardless of the
+    validation result.
+    The RRSIG and key combination needs to first pass some sanity checks before
+    Unbound even performs the verification, e.g., length/protocol checks.
+
+
+@@UAHL@unbound-control.stats@unwanted.queries@@
+    Number of queries that were refused or dropped because they failed the
+    access control settings.
+
+
+@@UAHL@unbound-control.stats@unwanted.replies@@
+    Replies that were unwanted or unsolicited.
+    Could have been random traffic, delayed duplicates, very late answers, or
+    could be spoofing attempts.
+    Some low level of late answers and delayed duplicates are to be expected
+    with the UDP protocol.
+    Very high values could indicate a threat (spoofing).
+
+
+@@UAHL@unbound-control.stats@msg.cache.count@@
+    The number of items (DNS replies) in the message cache.
+
+
+@@UAHL@unbound-control.stats@rrset.cache.count@@
+    The number of RRsets in the rrset cache.
+    This includes rrsets used by the messages in the message cache, but also
+    delegation information.
+
+
+@@UAHL@unbound-control.stats@infra.cache.count@@
+    The number of items in the infra cache.
+    These are IP addresses with their timing and protocol support information.
+
+
+@@UAHL@unbound-control.stats@key.cache.count@@
+    The number of items in the key cache.
+    These are DNSSEC keys, one item per delegation point, and their validation
+    status.
+
+
+@@UAHL@unbound-control.stats@msg.cache.max_collisions@@
+    The maximum number of hash table collisions in the msg cache.
+    This is the number of hashes that are identical when a new element is
+    inserted in the hash table.
+    If the value is very large, like hundreds, something is wrong with the
+    performance of the hash table, hash values are incorrect or malicious.
+
+
+@@UAHL@unbound-control.stats@rrset.cache.max_collisions@@
+    The maximum number of hash table collisions in the rrset cache.
+    This is the number of hashes that are identical when a new element is
+    inserted in the hash table.
+    If the value is very large, like hundreds, something is wrong with the
+    performance of the hash table, hash values are incorrect or malicious.
+
+
+@@UAHL@unbound-control.stats@dnscrypt_shared_secret.cache.count@@
+    The number of items in the shared secret cache.
+    These are precomputed shared secrets for a given client public key/server
+    secret key pair.
+    Shared secrets are CPU intensive and this cache allows Unbound to avoid
+    recomputing the shared secret when multiple dnscrypt queries are sent from
+    the same client.
+
+
+@@UAHL@unbound-control.stats@dnscrypt_nonce.cache.count@@
+    The number of items in the client nonce cache.
+    This cache is used to prevent dnscrypt queries replay.
+    The client nonce must be unique for each client public key/server secret
+    key pair.
+    This cache should be able to host QPS * `replay window` interval keys to
+    prevent replay of a query during `replay window` seconds.
+
+
+@@UAHL@unbound-control.stats@num.query.authzone.up@@
+    The number of queries answered from auth-zone data, upstream queries.
+    These queries would otherwise have been sent (with fallback enabled) to the
+    internet, but are now answered from the auth zone.
+
+
+@@UAHL@unbound-control.stats@num.query.authzone.down@@
+    The number of queries for downstream answered from auth-zone data.
+    These queries are from downstream clients, and have had an answer from the
+    data in the auth zone.
+
+
+@@UAHL@unbound-control.stats@num.query.aggressive.NOERROR@@
+    The number of queries answered using cached NSEC records with NODATA RCODE.
+    These queries would otherwise have been sent to the internet, but are now
+    answered using cached data.
+
+
+@@UAHL@unbound-control.stats@num.query.aggressive.NXDOMAIN@@
+    The number of queries answered using cached NSEC records with NXDOMAIN
+    RCODE.
+    These queries would otherwise have been sent to the internet, but are now
+    answered using cached data.
+
+
+@@UAHL@unbound-control.stats@num.query.subnet@@
+    Number of queries that got an answer that contained EDNS client subnet
+    data.
+
+
+@@UAHL@unbound-control.stats@num.query.subnet_cache@@
+    Number of queries answered from the edns client subnet cache.
+    These are counted as cachemiss by the main counters, but hit the client
+    subnet specific cache after getting processed by the edns client subnet
+    module.
+
+
+@@UAHL@unbound-control.stats@num.query.cachedb@@
+    Number of queries answered from the external cache of cachedb.
+    These are counted as cachemiss by the main counters, but hit the cachedb
+    external cache after getting processed by the cachedb module.
+
+@@UAHL@unbound-control.stats@num.rpz.action@@.<rpz_action>
+    Number of queries answered using configured RPZ policy, per RPZ action
+    type.
+    Possible actions are: nxdomain, nodata, passthru, drop, tcp-only,
+    local-data, disabled, and cname-override.
+
+Files
+-----
+
+@ub_conf_file@
+    Unbound configuration file.
+
+@UNBOUND_RUN_DIR@
+    directory with private keys (:file:`unbound_server.key` and
+    :file:`unbound_control.key`) and self-signed certificates
+    (:file:`unbound_server.pem` and :file:`unbound_control.pem`).
+
+See Also
+--------
+
+:doc:`unbound.conf(5)</manpages/unbound.conf>`,
+:doc:`unbound(8)</manpages/unbound>`.
diff --git a/contrib/unbound/doc/unbound-host.1 b/contrib/unbound/doc/unbound-host.1
index 94c8ca3dd569..7fba066968ec 100644
--- a/contrib/unbound/doc/unbound-host.1
+++ b/contrib/unbound/doc/unbound-host.1
@@ -1,4 +1,4 @@
-.TH "unbound\-host" "1" "Feb 10, 2022" "NLnet Labs" "unbound 1.15.0"
+.TH "unbound\-host" "1" "Jul 16, 2025" "NLnet Labs" "unbound 1.23.1"
 .\"
 .\" unbound-host.1 -- unbound DNS lookup utility
 .\"
@@ -73,7 +73,7 @@ For example \-y "example.com DS 31560 5 1 1CFED84787E6E19CCF9372C1187325972FE546
 .TP
 .B \-D
 Enables DNSSEC validation.  Reads the root anchor from the default configured
-root anchor at the default location, \fI@UNBOUND_ROOTKEY_FILE@\fR.
+root anchor at the default location, \fI/var/unbound/root.key\fR.
 .TP
 .B \-f \fIkeyfile
 Reads keys from a file. Every line has a DS or DNSKEY record, in the format
diff --git a/contrib/unbound/doc/unbound-host.1.in b/contrib/unbound/doc/unbound-host.1.in
index f56a8d4d18ed..f7ed75665bf5 100644
--- a/contrib/unbound/doc/unbound-host.1.in
+++ b/contrib/unbound/doc/unbound-host.1.in
@@ -1,118 +1,190 @@
-.TH "unbound\-host" "1" "Apr 24, 2025" "NLnet Labs" "unbound 1.23.0"
-.\"
-.\" unbound-host.1 -- unbound DNS lookup utility
-.\"
-.\" Copyright (c) 2007, NLnet Labs. All rights reserved.
-.\"
-.\" See LICENSE for the license.
-.\"
-.\"
-.SH "NAME"
-.B unbound\-host
-\- unbound DNS lookup utility
-.SH "SYNOPSIS"
-.B unbound\-host
-.RB [ \-C
-.IR configfile ]
-.RB [ \-vdhr46D ]
-.RB [ \-c
-.IR class ]
-.RB [ \-t
-.IR type ]
-.RB [ \-y
-.IR key ]
-.RB [ \-f
-.IR keyfile ]
-.RB [ \-F
-.IR namedkeyfile ]
-.I hostname
-.SH "DESCRIPTION"
-.B Unbound\-host
-uses the Unbound validating resolver to query for the hostname and display
-results. With the \fB\-v\fR option it displays validation
-status: secure, insecure, bogus (security failure).
-.P
-By default it reads no configuration file whatsoever.  It attempts to reach
-the internet root servers.  With \fB\-C\fR an Unbound config file and with
-\fB\-r\fR resolv.conf can be read.
-.P
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "UNBOUND-HOST" "1" "Sep 18, 2025" "1.24.0" "Unbound"
+.SH NAME
+unbound-host \- Unbound 1.24.0 DNS lookup utility.
+.SH SYNOPSIS
+.sp
+\fBunbound\-host\fP [\fB\-C configfile\fP] [\fB\-vdhr46D\fP] [\fB\-c class\fP]
+[\fB\-t type\fP] [\fB\-y key\fP] [\fB\-f keyfile\fP] [\fB\-F namedkeyfile\fP] hostname
+.SH DESCRIPTION
+.sp
+\fBunbound\-host\fP uses the Unbound validating resolver to query for the hostname
+and display results.
+With the \fI\%\-v\fP option it displays validation status: secure, insecure,
+bogus (security failure).
+.sp
+By default it reads no configuration file whatsoever.
+It attempts to reach the internet root servers.
+With \fI\%\-C\fP an unbound config file and with \fI\%\-r\fP \fBresolv.conf\fP
+can be read.
+.sp
 The available options are:
+.INDENT 0.0
 .TP
-.I hostname
+.B hostname
 This name is resolved (looked up in the DNS).
 If a IPv4 or IPv6 address is given, a reverse lookup is performed.
+.UNINDENT
+.INDENT 0.0
 .TP
 .B \-h
 Show the version and commandline option help.
+.UNINDENT
+.INDENT 0.0
 .TP
 .B \-v
 Enable verbose output and it shows validation results, on every line.
-Secure means that the NXDOMAIN (no such domain name), nodata (no such data)
-or positive data response validated correctly with one of the keys.
+Secure means that the NXDOMAIN (no such domain name), nodata (no such
+data) or positive data response validated correctly with one of the
+keys.
 Insecure means that that domain name has no security set up for it.
-Bogus (security failure) means that the response failed one or more checks,
-it is likely wrong, outdated, tampered with, or broken.
+Bogus (security failure) means that the response failed one or more
+checks, it is likely wrong, outdated, tampered with, or broken.
+.UNINDENT
+.INDENT 0.0
 .TP
 .B \-d
-Enable debug output to stderr. One \-d shows what the resolver and validator
-are doing and may tell you what is going on. More times, \-d \-d, gives a
-lot of output, with every packet sent and received.
+Enable debug output to stderr.
+One \fI\%\-d\fP shows what the resolver and validator are doing and may
+tell you what is going on.
+More times, \fI\%\-d\fP \fI\%\-d\fP, gives a lot of output, with every
+packet sent and received.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B \-c \fIclass
-Specify the class to lookup for, the default is IN the internet class.
+.B \-c <class>
+Specify the class to lookup for, the default is IN the internet
+class.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B \-t \fItype
-Specify the type of data to lookup. The default looks for IPv4, IPv6 and
-mail handler data, or domain name pointers for reverse queries.
+.B \-t <type>
+Specify the type of data to lookup.
+The default looks for IPv4, IPv6 and mail handler data, or domain name
+pointers for reverse queries.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B \-y \fIkey
-Specify a public key to use as trust anchor. This is the base for a chain
-of trust that is built up from the trust anchor to the response, in order
-to validate the response message. Can be given as a DS or DNSKEY record.
-For example \-y "example.com DS 31560 5 1 1CFED84787E6E19CCF9372C1187325972FE546CD".
+.B \-y <key>
+Specify a public key to use as trust anchor.
+This is the base for a chain of trust that is built up from the trust
+anchor to the response, in order to validate the response message.
+Can be given as a DS or DNSKEY record.
+For example:
+.INDENT 7.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+\-y \(dqexample.com DS 31560 5 1 1CFED84787E6E19CCF9372C1187325972FE546CD\(dq
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
 .TP
 .B \-D
-Enables DNSSEC validation.  Reads the root anchor from the default configured
-root anchor at the default location, \fI@UNBOUND_ROOTKEY_FILE@\fR.
+Enables DNSSEC validation.
+Reads the root anchor from the default configured root anchor at the
+default location, \fB@UNBOUND_ROOTKEY_FILE@\fP\&.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B \-f \fIkeyfile
-Reads keys from a file. Every line has a DS or DNSKEY record, in the format
-as for \-y. The zone file format, the same as dig and drill produce.
+.B \-f <keyfile>
+Reads keys from a file.
+Every line has a DS or DNSKEY record, in the format as for \fI\%\-y\fP\&.
+The zone file format, the same as \fBdig\fP and \fBdrill\fP produce.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B \-F \fInamedkeyfile
-Reads keys from a BIND\-style named.conf file. Only the trusted\-key {}; entries
-are read.
+.B \-F <namedkeyfile>
+Reads keys from a BIND\-style \fBnamed.conf\fP file.
+Only the \fBtrusted\-key {};\fP entries are read.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B \-C \fIconfigfile
-Uses the specified unbound.conf to prime
-.IR libunbound (3).
+.B \-C <configfile>
+Uses the specified unbound.conf to prime \fI\%libunbound(3)\fP\&.
 Pass it as first argument if you want to override some options from the
 config file with further arguments on the commandline.
+.UNINDENT
+.INDENT 0.0
 .TP
 .B \-r
-Read /etc/resolv.conf, and use the forward DNS servers from there (those could
-have been set by DHCP).  More info in
-.IR resolv.conf (5).
+Read \fB/etc/resolv.conf\fP, and use the forward DNS servers from
+there (those could have been set by DHCP).
+More info in \fIresolv.conf(5)\fP\&.
 Breaks validation if those servers do not support DNSSEC.
+.UNINDENT
+.INDENT 0.0
 .TP
 .B \-4
 Use solely the IPv4 network for sending packets.
+.UNINDENT
+.INDENT 0.0
 .TP
 .B \-6
 Use solely the IPv6 network for sending packets.
-.SH "EXAMPLES"
-Some examples of use. The keys shown below are fakes, thus a security failure
-is encountered.
-.P
+.UNINDENT
+.SH EXAMPLES
+.sp
+Some examples of use.
+The keys shown below are fakes, thus a security failure is encountered.
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
 $ unbound\-host www.example.com
-.P
-$ unbound\-host \-v \-y "example.com DS 31560 5 1 1CFED84787E6E19CCF9372C1187325972FE546CD" www.example.com
-.P
-$ unbound\-host \-v \-y "example.com DS 31560 5 1 1CFED84787E6E19CCF9372C1187325972FE546CD" 192.0.2.153
-.SH "EXIT CODE"
-The unbound\-host program exits with status code 1 on error,
-0 on no error. The data may not be available on exit code 0, exit code 1
-means the lookup encountered a fatal error.
-.SH "SEE ALSO"
-\fIunbound.conf\fR(5),
-\fIunbound\fR(8).
+
+$ unbound\-host \-v \-y \(dqexample.com DS 31560 5 1 1CFED84787E6E19CCF9372C1187325972FE546CD\(dq www.example.com
+
+$ unbound\-host \-v \-y \(dqexample.com DS 31560 5 1 1CFED84787E6E19CCF9372C1187325972FE546CD\(dq 192.0.2.153
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SH EXIT CODE
+.sp
+The \fBunbound\-host\fP program exits with status code 1 on error, 0 on no error.
+The data may not be available on exit code 0, exit code 1 means the lookup
+encountered a fatal error.
+.SH SEE ALSO
+.sp
+\fI\%unbound.conf(5)\fP,
+\fI\%unbound(8)\fP\&.
+.SH AUTHOR
+Unbound developers are mentioned in the CREDITS file in the distribution.
+.SH COPYRIGHT
+1999-2025, NLnet Labs
+.\" Generated by docutils manpage writer.
+.
diff --git a/contrib/unbound/doc/unbound-host.rst b/contrib/unbound/doc/unbound-host.rst
new file mode 100644
index 000000000000..7c809a15d187
--- /dev/null
+++ b/contrib/unbound/doc/unbound-host.rst
@@ -0,0 +1,176 @@
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+.. program:: unbound-host
+
+unbound-host(1)
+===============
+
+Synopsis
+--------
+
+**unbound-host** [``-C configfile``] [``-vdhr46D``] [``-c class``]
+[``-t type``] [``-y key``] [``-f keyfile``] [``-F namedkeyfile``] hostname
+
+Description
+-----------
+
+``unbound-host`` uses the Unbound validating resolver to query for the hostname
+and display results.
+With the :option:`-v` option it displays validation status: secure, insecure,
+bogus (security failure).
+
+By default it reads no configuration file whatsoever.
+It attempts to reach the internet root servers.
+With :option:`-C` an unbound config file and with :option:`-r` ``resolv.conf``
+can be read.
+
+The available options are:
+
+.. option:: hostname
+
+       This name is resolved (looked up in the DNS).
+       If a IPv4 or IPv6 address is given, a reverse lookup is performed.
+
+.. option:: -h
+
+       Show the version and commandline option help.
+
+.. option:: -v
+
+       Enable verbose output and it shows validation results, on every line.
+       Secure means that the NXDOMAIN (no such domain name), nodata (no such
+       data) or positive data response validated correctly with one of the
+       keys.
+       Insecure means that that domain name has no security set up for it.
+       Bogus (security failure) means that the response failed one or more
+       checks, it is likely wrong, outdated, tampered with, or broken.
+
+.. option:: -d
+
+       Enable debug output to stderr.
+       One :option:`-d` shows what the resolver and validator are doing and may
+       tell you what is going on.
+       More times, :option:`-d` :option:`-d`, gives a lot of output, with every
+       packet sent and received.
+
+.. option:: -c <class>
+
+       Specify the class to lookup for, the default is IN the internet
+       class.
+
+.. option:: -t <type>
+
+       Specify the type of data to lookup.
+       The default looks for IPv4, IPv6 and mail handler data, or domain name
+       pointers for reverse queries.
+
+.. option:: -y <key>
+
+       Specify a public key to use as trust anchor.
+       This is the base for a chain of trust that is built up from the trust
+       anchor to the response, in order to validate the response message.
+       Can be given as a DS or DNSKEY record.
+       For example:
+
+       .. code-block:: text
+
+            -y "example.com DS 31560 5 1 1CFED84787E6E19CCF9372C1187325972FE546CD"
+
+.. option:: -D
+
+       Enables DNSSEC validation.
+       Reads the root anchor from the default configured root anchor at the
+       default location, :file:`@UNBOUND_ROOTKEY_FILE@`.
+
+.. option:: -f <keyfile>
+
+       Reads keys from a file.
+       Every line has a DS or DNSKEY record, in the format as for :option:`-y`.
+       The zone file format, the same as ``dig`` and ``drill`` produce.
+
+.. option:: -F <namedkeyfile>
+
+       Reads keys from a BIND-style :file:`named.conf` file.
+       Only the ``trusted-key {};`` entries are read.
+
+.. option:: -C <configfile>
+
+       Uses the specified unbound.conf to prime :doc:`libunbound(3)</manpages/libunbound>`.
+       Pass it as first argument if you want to override some options from the
+       config file with further arguments on the commandline.
+
+.. option:: -r
+
+       Read :file:`/etc/resolv.conf`, and use the forward DNS servers from
+       there (those could have been set by DHCP).
+       More info in *resolv.conf(5)*.
+       Breaks validation if those servers do not support DNSSEC.
+
+.. option:: -4
+
+       Use solely the IPv4 network for sending packets.
+
+.. option:: -6
+
+       Use solely the IPv6 network for sending packets.
+
+Examples
+--------
+
+Some examples of use.
+The keys shown below are fakes, thus a security failure is encountered.
+
+.. code-block:: text
+
+       $ unbound-host www.example.com
+
+       $ unbound-host -v -y "example.com DS 31560 5 1 1CFED84787E6E19CCF9372C1187325972FE546CD" www.example.com
+
+       $ unbound-host -v -y "example.com DS 31560 5 1 1CFED84787E6E19CCF9372C1187325972FE546CD" 192.0.2.153
+
+Exit Code
+---------
+
+The ``unbound-host`` program exits with status code 1 on error, 0 on no error.
+The data may not be available on exit code 0, exit code 1 means the lookup
+encountered a fatal error.
+
+See Also
+--------
+
+:doc:`unbound.conf(5)</manpages/unbound.conf>`,
+:doc:`unbound(8)</manpages/unbound>`.
diff --git a/contrib/unbound/doc/unbound.8 b/contrib/unbound/doc/unbound.8
index 723f23238b8e..331fc47f358e 100644
--- a/contrib/unbound/doc/unbound.8
+++ b/contrib/unbound/doc/unbound.8
@@ -1,4 +1,4 @@
-.TH "unbound" "8" "Feb 10, 2022" "NLnet Labs" "unbound 1.15.0"
+.TH "unbound" "8" "Jul 16, 2025" "NLnet Labs" "unbound 1.23.1"
 .\"
 .\" unbound.8 -- unbound manual
 .\"
@@ -9,7 +9,7 @@
 .\"
 .SH "NAME"
 .B unbound
-\- Unbound DNS validating resolver 1.15.0.
+\- Unbound DNS validating resolver 1.23.1.
 .SH "SYNOPSIS"
 .B unbound
 .RB [ \-h ]
@@ -58,7 +58,7 @@ Show the version number and commandline option help, and exit.
 .TP
 .B \-c\fI cfgfile
 Set the config file with settings for Unbound to read instead of reading the
-file at the default location, @ub_conf_file@. The syntax is
+file at the default location, /var/unbound/unbound.conf. The syntax is
 described in \fIunbound.conf\fR(5).
 .TP
 .B \-d
@@ -75,7 +75,7 @@ concurrently.
 .TP
 .B \-v
 Increase verbosity. If given multiple times, more information is logged.
-This is in addition to the verbosity (if any) from the config file.
+This is added to the verbosity (if any) from the config file.
 .TP
 .B \-V
 Show the version number and build options, and exit.
diff --git a/contrib/unbound/doc/unbound.8.in b/contrib/unbound/doc/unbound.8.in
index 33c87cde4edf..5069bc92d99f 100644
--- a/contrib/unbound/doc/unbound.8.in
+++ b/contrib/unbound/doc/unbound.8.in
@@ -1,88 +1,123 @@
-.TH "unbound" "8" "Apr 24, 2025" "NLnet Labs" "unbound 1.23.0"
-.\"
-.\" unbound.8 -- unbound manual
-.\"
-.\" Copyright (c) 2007, NLnet Labs. All rights reserved.
-.\"
-.\" See LICENSE for the license.
-.\"
-.\"
-.SH "NAME"
-.B unbound
-\- Unbound DNS validating resolver 1.23.0.
-.SH "SYNOPSIS"
-.B unbound
-.RB [ \-h ]
-.RB [ \-d ]
-.RB [ \-p ]
-.RB [ \-v ]
-.RB [ \-c
-.IR cfgfile ]
-.SH "DESCRIPTION"
-.B Unbound
-is a caching DNS resolver.
-.P
-It uses a built in list of authoritative nameservers for the root zone (.),
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "UNBOUND" "8" "Sep 18, 2025" "1.24.0" "Unbound"
+.SH NAME
+unbound \- Unbound DNS validating resolver 1.24.0.
+.SH SYNOPSIS
+.sp
+\fBunbound\fP [\fB\-hdpv\fP] [\fB\-c <cfgfile>\fP]
+.SH DESCRIPTION
+.sp
+\fBunbound\fP is a caching DNS resolver.
+.sp
+It uses a built in list of authoritative nameservers for the root zone (\fB\&.\fP),
 the so called root hints.
-On receiving a DNS query it will ask the root nameservers for
-an answer and will in almost all cases receive a delegation to a top level
-domain (TLD) authoritative nameserver.
+On receiving a DNS query it will ask the root nameservers for an answer and
+will in almost all cases receive a delegation to a top level domain (TLD)
+authoritative nameserver.
 It will then ask that nameserver for an answer.
-It will recursively continue until an answer is found or no answer is
-available (NXDOMAIN).
-For performance and efficiency reasons that answer is cached for a
-certain time (the answer's time\-to\-live or TTL).
+It will recursively continue until an answer is found or no answer is available
+(NXDOMAIN).
+For performance and efficiency reasons that answer is cached for a certain time
+(the answer\(aqs time\-to\-live or TTL).
 A second query for the same name will then be answered from the cache.
 Unbound can also do DNSSEC validation.
-.P
-To use a locally running
-.B Unbound
-for resolving put
 .sp
-.RS 6n
+To use a locally running Unbound for resolving put:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
 nameserver 127.0.0.1
-.RE
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+into \fIresolv.conf(5)\fP\&.
+.sp
+If authoritative DNS is needed as well using \fI\%nsd(8)\fP,
+careful setup is required because authoritative nameservers and resolvers are
+using the same port number (53).
 .sp
-into
-.IR resolv.conf (5).
-.P
-If authoritative DNS is needed as well using
-.IR nsd (8),
-careful setup is required because authoritative nameservers and
-resolvers are using the same port number (53).
-.P
 The available options are:
+.INDENT 0.0
 .TP
 .B \-h
 Show the version number and commandline option help, and exit.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B \-c\fI cfgfile
-Set the config file with settings for Unbound to read instead of reading the
-file at the default location, @ub_conf_file@. The syntax is
-described in \fIunbound.conf\fR(5).
+.B \-c <cfgfile>
+Set the config file with settings for unbound to read instead of reading the
+file at the default location, \fB@ub_conf_file@\fP\&.
+The syntax is described in \fI\%unbound.conf(5)\fP\&.
+.UNINDENT
+.INDENT 0.0
 .TP
 .B \-d
-Debug flag: do not fork into the background, but stay attached to
-the console.  This flag will also delay writing to the log file until
-the thread\-spawn time, so that most config and setup errors appear on
-stderr. If given twice or more, logging does not switch to the log file
-or to syslog, but the log messages are printed to stderr all the time.
+Debug flag: do not fork into the background, but stay attached to the
+console.
+This flag will also delay writing to the log file until the thread\-spawn
+time, so that most config and setup errors appear on stderr.
+If given twice or more, logging does not switch to the log file or to
+syslog, but the log messages are printed to stderr all the time.
+.UNINDENT
+.INDENT 0.0
 .TP
 .B \-p
-Don't use a pidfile.  This argument should only be used by supervision
-systems which can ensure that only one instance of Unbound will run
-concurrently.
+Don\(aqt use a pidfile.
+This argument should only be used by supervision systems which can ensure
+that only one instance of Unbound will run concurrently.
+.UNINDENT
+.INDENT 0.0
 .TP
 .B \-v
-Increase verbosity. If given multiple times, more information is logged.
-This is added to the verbosity (if any) from the config file.
+Increase verbosity.
+If given multiple times, more information is logged.
+This is in addition to the verbosity (if any) from the config file.
+.UNINDENT
+.INDENT 0.0
 .TP
 .B \-V
 Show the version number and build options, and exit.
-.SH "SEE ALSO"
-\fIunbound.conf\fR(5),
-\fIunbound\-checkconf\fR(8),
-\fInsd\fR(8).
-.SH "AUTHORS"
-.B Unbound
-developers are mentioned in the CREDITS file in the distribution.
+.UNINDENT
+.SH SEE ALSO
+.sp
+\fI\%unbound.conf(5)\fP,
+\fI\%unbound\-checkconf(8)\fP,
+\fI\%nsd(8)\fP\&.
+.SH AUTHOR
+Unbound developers are mentioned in the CREDITS file in the distribution.
+.SH COPYRIGHT
+1999-2025, NLnet Labs
+.\" Generated by docutils manpage writer.
+.
diff --git a/contrib/unbound/doc/unbound.conf.5 b/contrib/unbound/doc/unbound.conf.5
index e1cc5c020756..af03aefb1855 100644
--- a/contrib/unbound/doc/unbound.conf.5
+++ b/contrib/unbound/doc/unbound.conf.5
@@ -1,4 +1,4 @@
-.TH "unbound.conf" "5" "Feb 10, 2022" "NLnet Labs" "unbound 1.15.0"
+.TH "unbound.conf" "5" "Jul 16, 2025" "NLnet Labs" "unbound 1.23.1"
 .\"
 .\" unbound.conf.5 -- unbound.conf manual
 .\"
@@ -112,13 +112,21 @@ If enabled, extended statistics are printed from \fIunbound\-control\fR(8).
 Default is off, because keeping track of more statistics takes time.  The
 counters are listed in \fIunbound\-control\fR(8).
 .TP
+.B statistics\-inhibit\-zero: \fI<yes or no>
+If enabled, selected extended statistics with a value of 0 are inhibited from
+printing with \fIunbound\-control\fR(8).
+These are query types, query classes, query opcodes, answer rcodes
+(except NOERROR, FORMERR, SERVFAIL, NXDOMAIN, NOTIMPL, REFUSED) and
+RPZ actions.
+Default is on.
+.TP
 .B num\-threads: \fI<number>
 The number of threads to create to serve clients. Use 1 for no threading.
 .TP
 .B port: \fI<port number>
 The port number, default 53, on which the server responds to queries.
 .TP
-.B interface: \fI<ip address[@port]>
+.B interface: \fI<ip address or interface name [@port]>
 Interface to use to connect to the network. This interface is listened to
 for queries from clients, and answers to clients are given from it.
 Can be given multiple times to work on several interfaces. If none are
@@ -129,7 +137,7 @@ A port number can be specified with @port (without spaces between
 interface and port number), if not specified the default port (from
 \fBport\fR) is used.
 .TP
-.B ip\-address: \fI<ip address[@port]>
+.B ip\-address: \fI<ip address or interface name [@port]>
 Same as interface: (for ease of compatibility with nsd.conf).
 .TP
 .B interface\-automatic: \fI<yes or no>
@@ -140,6 +148,15 @@ ip\-transparent you can select which (future) interfaces Unbound provides
 service on.  This feature is experimental, and needs support in your OS for
 particular socket options.  Default value is no.
 .TP
+.B interface\-automatic\-ports: \fI<string>
+List the port numbers that interface-automatic listens on. If empty, the
+default port is listened on. The port numbers are separated by spaces in the
+string. Default is "".
+.IP
+This can be used to have interface automatic to deal with the interface,
+and listen on the normal port number, by including it in the list, and
+also https or dns over tls port numbers by putting them in the list as well.
+.TP
 .B outgoing\-interface: \fI<ip address or ip6 netblock>
 Interface to use to connect to the network. This interface is used to send
 queries to authoritative servers and receive their replies. Can be given
@@ -216,7 +233,8 @@ number).
 .B max\-udp\-size: \fI<number>
 Maximum UDP response size (not applied to TCP response).  65536 disables the
 udp response size maximum, and uses the choice from the client, always.
-Suggested values are 512 to 4096. Default is 4096.
+Suggested values are 512 to 4096. Default is 1232. The default value is the
+same as the default for edns\-buffer\-size.
 .TP
 .B stream\-wait\-size: \fI<number>
 Number of bytes size maximum to use for waiting stream buffers.  Default is
@@ -284,6 +302,40 @@ Increase this if you are behind a slow satellite link, to eg. 1128.
 That would then avoid re\-querying every initial query because it times out.
 Default is 376 msec.
 .TP
+.B discard\-timeout: \fI<msec>
+The wait time in msec where recursion requests are dropped. This is
+to stop a large number of replies from accumulating. They receive
+no reply, the work item continues to recurse. It is nice to be a bit
+larger than serve\-expired\-client\-timeout if that is enabled.
+A value of 1900 msec is suggested. The value 0 disables it.
+Default 1900 msec.
+.TP
+.B wait\-limit: \fI<number>
+The number of replies that can wait for recursion, for an IP address.
+This makes a ratelimit per IP address of waiting replies for recursion.
+It stops very large amounts of queries waiting to be returned to one
+destination. The value 0 disables wait limits. Default is 1000.
+.TP
+.B wait\-limit\-cookie: \fI<number>
+The number of replies that can wait for recursion, for an IP address
+that sent the query with a valid DNS cookie. Since the cookie validates
+the client address, the limit can be higher. Default is 10000.
+.TP
+.B wait\-limit\-netblock: \fI<netblock> <number>
+The wait limit for the netblock. If not given the wait\-limit value is
+used. The most specific netblock is used to determine the limit. Useful for
+overriding the default for a specific, group or individual, server.
+The value -1 disables wait limits for the netblock.
+By default the loopback has a wait limit netblock of -1, it is not limited,
+because it is separated from the rest of network for spoofed packets.
+The loopback addresses 127.0.0.0/8 and ::1/128 are default at -1.
+.TP
+.B wait\-limit\-cookie\-netblock: \fI<netblock> <number>
+The wait limit for the netblock, when the query has a DNS cookie.
+If not given, the wait\-limit\-cookie value is used.
+The value -1 disables wait limits for the netblock.
+The loopback addresses 127.0.0.0/8 and ::1/128 are default at -1.
+.TP
 .B so\-rcvbuf: \fI<number>
 If not 0, then set the SO_RCVBUF socket option to get more buffer
 space on UDP port 53 incoming queries.  So that short spikes on busy
@@ -340,7 +392,7 @@ ip\-transparent option is also available.
 The value of the Differentiated Services Codepoint (DSCP) in the
 differentiated services field (DS) of the outgoing IP packet headers.
 The field replaces the outdated IPv4 Type-Of-Service field and the
-IPV6 traffic class field.
+IPv6 traffic class field.
 .TP
 .B rrset\-cache\-size: \fI<number>
 Number of bytes size of the RRset cache. Default is 4 megabytes.
@@ -370,6 +422,15 @@ Time to live maximum for negative responses, these have a SOA in the
 authority section that is limited in time.  Default is 3600.
 This applies to nxdomain and nodata answers.
 .TP
+.B cache\-min\-negative\-ttl: \fI<seconds>
+Time to live minimum for negative responses, these have a SOA in the
+authority section that is limited in time.
+Default is 0 (disabled).
+If this is disabled and \fBcache-min-ttl\fR is configured, it will take effect
+instead.
+In that case you can set this to 1 to honor the upstream TTL.
+This applies to nxdomain and nodata answers.
+.TP
 .B infra\-host\-ttl: \fI<seconds>
 Time to live for entries in the host cache. The host cache contains
 roundtrip timing, lameness and EDNS support information. Default is 900.
@@ -386,6 +447,10 @@ Lower limit for dynamic retransmit timeout calculation in infrastructure
 cache. Default is 50 milliseconds. Increase this value if using forwarders
 needing more time to do recursive name resolution.
 .TP
+.B infra\-cache\-max\-rtt: \fI<msec>
+Upper limit for dynamic retransmit timeout calculation in infrastructure
+cache. Default is 2 minutes.
+.TP
 .B infra\-keep\-probing: \fI<yes or no>
 If enabled the server keeps probing hosts that are down, in the one probe
 at a time regime.  Default is no.  Hosts that are down, eg. they did
@@ -403,7 +468,7 @@ Enable or disable whether ip4 queries are answered or issued. Default is yes.
 Enable or disable whether ip6 queries are answered or issued. Default is yes.
 If disabled, queries are not answered on IPv6, and queries are not sent on
 IPv6 to the internet nameservers.  With this option you can disable the
-ipv6 transport for sending DNS traffic, it does not impact the contents of
+IPv6 transport for sending DNS traffic, it does not impact the contents of
 the DNS traffic, which may have ip4 and ip6 addresses in it.
 .TP
 .B prefer\-ip4: \fI<yes or no>
@@ -450,6 +515,8 @@ configured value if the number of free buffers falls below 35% of the
 total number configured, and finally to 0 if the number of free buffers
 falls below 20% of the total number configured. A minimum timeout of
 200 milliseconds is observed regardless of the option value used.
+It will be overridden by \fBedns\-tcp\-keepalive\-timeout\fR if
+\fBedns\-tcp\-keepalive\fR is enabled.
 .TP
 .B tcp-reuse-timeout: \fI<msec>\fR
 The period Unbound will keep TCP persistent connections open to
@@ -468,20 +535,19 @@ This option defaults to 3000 milliseconds.
 Enable or disable EDNS TCP Keepalive. Default is no.
 .TP
 .B edns-tcp-keepalive-timeout: \fI<msec>\fR
-The period Unbound will wait for a query on a TCP connection when
-EDNS TCP Keepalive is active. If this timeout expires Unbound closes
-the connection. If the client supports the EDNS TCP Keepalive option,
+Overrides \fBtcp\-idle\-timeout\fR when \fBedns\-tcp\-keepalive\fR is enabled.
+If the client supports the EDNS TCP Keepalive option,
 Unbound sends the timeout value to the client to encourage it to
 close the connection before the server times out.
 This option defaults to 120000 milliseconds.
-When the number of free incoming TCP buffers falls below 50% of
-the total number configured, the advertised timeout is progressively
-reduced to 1% of the configured value, then to 0.2% of the configured
-value if the number of free buffers falls below 35% of the total number
-configured, and finally to 0 if the number of free buffers falls below
-20% of the total number configured.
-A minimum actual timeout of 200 milliseconds is observed regardless of the
-advertised timeout.
+.TP
+.B sock\-queue\-timeout: \fI<sec>\fR
+UDP queries that have waited in the socket buffer for a long time can be
+dropped. Default is 0, disabled. The time is set in seconds, 3 could be a
+good value to ignore old queries that likely the client does not need a reply
+for any more. This could happen if the host has not been able to service
+the queries for a while, i.e. Unbound is not running, and then is enabled
+again. It uses timestamp socket options.
 .TP
 .B tcp\-upstream: \fI<yes or no>
 Enable or disable whether the upstream queries use TCP only for transport.
@@ -499,10 +565,14 @@ Enabled or disable whether the upstream queries use TLS only for transport.
 Default is no.  Useful in tunneling scenarios.  The TLS contains plain DNS in
 TCP wireformat.  The other server must support this (see
 \fBtls\-service\-key\fR).
-If you enable this, also configure a tls\-cert\-bundle or use tls\-win\-cert to
-load CA certs, otherwise the connections cannot be authenticated.
-This option enables TLS for all of them, but if you do not set this you can
-configure TLS specifically for some forward zones with forward\-tls\-upstream.  And also with stub\-tls\-upstream.
+If you enable this, also configure a tls\-cert\-bundle or use tls\-win\-cert or
+tls\-system\-cert to load CA certs, otherwise the connections cannot be
+authenticated. This option enables TLS for all of them, but if you do not set
+this you can configure TLS specifically for some forward zones with
+forward\-tls\-upstream.  And also with stub\-tls\-upstream.
+If the tls\-upstream option is enabled, it is for all the forwards and stubs,
+where the forward\-tls\-upstream and stub\-tls\-upstream options are ignored,
+as if they had been set to yes.
 .TP
 .B ssl\-upstream: \fI<yes or no>
 Alternate syntax for \fBtls\-upstream\fR.  If both are present in the config
@@ -551,7 +621,12 @@ Alternate syntax for \fBtls\-cert\-bundle\fR.
 Add the system certificates to the cert bundle certificates for authentication.
 If no cert bundle, it uses only these certificates.  Default is no.
 On windows this option uses the certificates from the cert store.  Use
-the tls\-cert\-bundle option on other systems.
+the tls\-cert\-bundle option on other systems. On other systems, this option
+enables the system certificates.
+.TP
+.B tls\-system\-cert: \fI<yes or no>
+This the same setting as the tls\-win\-cert setting, under a different name.
+Because it is not windows specific.
 .TP
 .B tls\-additional\-port: \fI<portnr>
 List portnumbers as tls\-additional\-port, and when interfaces are defined,
@@ -637,6 +712,29 @@ Ignored if the option is not available. Default is yes.
 Disable use of TLS for the downstream DNS-over-HTTP connections.  Useful for
 local back end servers.  Default is no.
 .TP
+.B proxy\-protocol\-port: \fI<portnr>
+List port numbers as proxy\-protocol\-port, and when interfaces are defined,
+eg. with the @port suffix, as this port number, they support and expect PROXYv2.
+In this case the proxy address will only be used for the network communication
+and initial ACL (check if the proxy itself is denied/refused by configuration).
+The proxied address (if any) will then be used as the true client address and
+will be used where applicable for logging, ACL, DNSTAP, RPZ and IP ratelimiting.
+PROXYv2 is supported for UDP and TCP/TLS listening interfaces.
+There is no support for PROXYv2 on a DoH, DoQ or DNSCrypt listening interface.
+Can list multiple, each on a new statement.
+.TP
+.B quic\-port: \fI<number>
+The port number on which to provide DNS-over-QUIC service, default 853, only
+interfaces configured with that port number as @number get the QUIC service.
+The interface uses QUIC for the UDP traffic on that port number.
+.TP
+.B quic\-size: \fI<size in bytes>
+Maximum number of bytes for all QUIC buffers and data combined. Default is 8
+megabytes. A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes,
+megabytes or gigabytes (1024*1024 bytes in a megabyte). New connections receive
+connection refused when the limit is exceeded. New streams are reset when the
+limit is exceeded.
+.TP
 .B use\-systemd: \fI<yes or no>
 Enable or disable systemd socket activation.
 Default is no.
@@ -652,19 +750,25 @@ When at the limit, further connections are accepted but closed immediately.
 This option is experimental at this time.
 .TP
 .B access\-control: \fI<IP netblock> <action>
+Specify treatment of incoming queries from their originating IP address.
+Queries can be allowed to have access to this server that gives DNS
+answers, or refused, with other actions possible. The IP address range
+can be specified as a netblock, it is possible to give the statement
+several times in order to specify the treatment of different netblocks.
+.IP
 The netblock is given as an IP4 or IP6 address with /size appended for a
 classless network block. The action can be \fIdeny\fR, \fIrefuse\fR,
-\fIallow\fR, \fIallow_setrd\fR, \fIallow_snoop\fR, \fIdeny_non_local\fR or
-\fIrefuse_non_local\fR.
-The most specific netblock match is used, if none match \fIdeny\fR is used.
+\fIallow\fR, \fIallow_setrd\fR, \fIallow_snoop\fR, \fIallow_cookie\fR,
+\fIdeny_non_local\fR or \fIrefuse_non_local\fR.
+The most specific netblock match is used, if none match \fIrefuse\fR is used.
 The order of the access\-control statements therefore does not matter.
 .IP
-The action \fIdeny\fR stops queries from hosts from that netblock.
+The \fIdeny\fR action stops queries from hosts from that netblock.
 .IP
-The action \fIrefuse\fR stops queries too, but sends a DNS rcode REFUSED
+The \fIrefuse\fR action stops queries too, but sends a DNS rcode REFUSED
 error message back.
 .IP
-The action \fIallow\fR gives access to clients from that netblock.
+The \fIallow\fR action gives access to clients from that netblock.
 It gives only access for recursion clients (which is
 what almost all clients need).  Nonrecursive queries are refused.
 .IP
@@ -684,14 +788,27 @@ may be useful if another DNS server must forward requests for specific
 zones to a resolver DNS server, but only supports stub domains and
 sends queries to the resolver DNS server with the RD bit cleared.
 .IP
-The action \fIallow_snoop\fR gives nonrecursive access too.  This give
+The \fIallow_snoop\fR action gives nonrecursive access too.  This give
 both recursive and non recursive access.  The name \fIallow_snoop\fR refers
 to cache snooping, a technique to use nonrecursive queries to examine
 the cache contents (for malicious acts).  However, nonrecursive queries can
 also be a valuable debugging tool (when you want to examine the cache
 contents). In that case use \fIallow_snoop\fR for your administration host.
 .IP
-By default only localhost is \fIallow\fRed, the rest is \fIrefuse\fRd.
+The \fIallow_cookie\fR action allows access only to UDP queries that contain a
+valid DNS Cookie as specified in RFC 7873 and RFC 9018, when the
+\fBanswer\-cookie\fR option is enabled.
+UDP queries containing only a DNS Client Cookie and no Server Cookie, or an
+invalid DNS Cookie, will receive a BADCOOKIE response including a newly
+generated DNS Cookie, allowing clients to retry with that DNS Cookie.
+The \fIallow_cookie\fR action will also accept requests over stateful
+transports, regardless of the presence of an DNS Cookie and regardless of the
+\fBanswer\-cookie\fR setting.
+UDP queries without a DNS Cookie receive REFUSED responses with the TC flag set,
+that may trigger fall back to TCP for those clients.
+.IP
+By default only localhost (the 127.0.0.0/8 IP netblock, not the loopback
+interface) is implicitly \fIallow\fRed, the rest is \fIrefuse\fRd.
 The default is \fIrefuse\fRd, because that is protocol\-friendly. The DNS
 protocol is not designed to handle dropped packets due to policy, and
 dropping may result in (possibly excessive) retried queries.
@@ -722,6 +839,50 @@ Set redirect data for particular tag for given access control element.
 .B access\-control\-view: \fI<IP netblock> <view name>
 Set view for given access control element.
 .TP
+.B interface\-action: \fI<ip address or interface name [@port]> <action>
+Similar to \fBaccess\-control:\fR but for interfaces.
+.IP
+The action is the same as the ones defined under \fBaccess\-control:\fR.
+Interfaces are \fIrefuse\fRd by default.
+By default only localhost (the 127.0.0.0/8 IP netblock, not the loopback
+interface) is implicitly \fIallow\fRed through the default
+\fBaccess\-control:\fR behavior.
+This also means that any attempt to use the \fBinterface-*:\fR options for the
+loopback interface will not work as they will be overridden by the implicit
+default "\fBaccess\-control:\fR 127.0.0.0/8 allow" option.
+.IP
+Note that the interface needs to be already specified with \fBinterface:\fR
+and that any \fBaccess-control*:\fR setting overrides all \fBinterface-*:\fR
+settings for targeted clients.
+.TP
+.B interface\-tag: \fI<ip address or interface name [@port]> <"list of tags">
+Similar to \fBaccess\-control-tag:\fR but for interfaces.
+.IP
+Note that the interface needs to be already specified with \fBinterface:\fR
+and that any \fBaccess-control*:\fR setting overrides all \fBinterface-*:\fR
+settings for targeted clients.
+.TP
+.B interface\-tag\-action: \fI<ip address or interface name [@port]> <tag> <action>
+Similar to \fBaccess\-control-tag-action:\fR but for interfaces.
+.IP
+Note that the interface needs to be already specified with \fBinterface:\fR
+and that any \fBaccess-control*:\fR setting overrides all \fBinterface-*:\fR
+settings for targeted clients.
+.TP
+.B interface\-tag\-data: \fI<ip address or interface name [@port]> <tag> <"resource record string">
+Similar to \fBaccess\-control-tag-data:\fR but for interfaces.
+.IP
+Note that the interface needs to be already specified with \fBinterface:\fR
+and that any \fBaccess-control*:\fR setting overrides all \fBinterface-*:\fR
+settings for targeted clients.
+.TP
+.B interface\-view: \fI<ip address or interface name [@port]> <view name>
+Similar to \fBaccess\-control-view:\fR but for interfaces.
+.IP
+Note that the interface needs to be already specified with \fBinterface:\fR
+and that any \fBaccess-control*:\fR setting overrides all \fBinterface-*:\fR
+settings for targeted clients.
+.TP
 .B chroot: \fI<directory>
 If chroot is enabled, you should pass the configfile (from the
 commandline) as a full path from the original root. After the
@@ -745,13 +906,12 @@ outside of the chroot directory.
 Additionally, Unbound may need to access /dev/urandom (for entropy)
 from inside the chroot.
 .IP
-If given a chroot is done to the given directory. By default chroot is
-enabled and the default is "@UNBOUND_CHROOT_DIR@". If you give "" no
-chroot is performed.
+If given a chroot is done to the given directory. The chroot is by default 
+set to "/var/unbound". If you give "" no chroot is performed.
 .TP
 .B username: \fI<name>
 If given, after binding the port the user privileges are dropped. Default is
-"@UNBOUND_USERNAME@". If you give username: "" no user change is performed.
+"unbound". If you give username: "" no user change is performed.
 .IP
 If this user is not capable of binding the
 port, reloads (by signal HUP) will still retain the opened ports.
@@ -759,7 +919,7 @@ If you change the port number in the config file, and that new port number
 requires privileges, then a reload will fail; a restart is needed.
 .TP
 .B directory: \fI<directory>
-Sets the working directory for the program. Default is "@UNBOUND_RUN_DIR@".
+Sets the working directory for the program. Default is "/var/unbound".
 On Windows the string "%EXECUTABLE%" tries to change to the directory
 that unbound.exe resides in.
 If you give a server: directory: dir before include: file statements
@@ -794,6 +954,10 @@ Sets logfile lines to use a timestamp in UTC ascii. Default is no, which
 prints the seconds since 1970 in brackets. No effect if using syslog, in
 that case syslog formats the timestamp printed into the log files.
 .TP
+.B log\-time\-iso:\fR <yes or no>
+Log time in ISO8601 format, if \fBlog\-time\-ascii:\fR yes is also set.
+Default is no.
+.TP
 .B log\-queries: \fI<yes or no>
 Prints one line per query to the log, with the log timestamp and IP address,
 name, type and class.  Default is no.  Note that it takes time to print these
@@ -812,6 +976,11 @@ Prints the word 'query' and 'reply' with log\-queries and log\-replies.
 This makes filtering logs easier.  The default is off (for backwards
 compatibility).
 .TP
+.B log\-destaddr: \fI<yes or no>
+Prints the destination address, port and type in the log\-replies output.
+This disambiguates what type of traffic, eg. udp or tcp, and to what local
+port the traffic was sent to.
+.TP
 .B log\-local\-actions: \fI<yes or no>
 Print log lines to inform about local zone actions.  These lines are like the
 local\-zone type inform prints out, but they are also printed for the other
@@ -823,14 +992,14 @@ This is separate from the verbosity debug logs, much smaller, and printed
 at the error level, not the info level of debug info from verbosity.
 .TP
 .B pidfile: \fI<filename>
-The process id is written to the file. Default is "@UNBOUND_PIDFILE@".
+The process id is written to the file. Default is "/var/unbound/unbound.pid".
 So,
 .nf
-kill \-HUP `cat @UNBOUND_PIDFILE@`
+kill \-HUP `cat /var/unbound/unbound.pid`
 .fi
 triggers a reload,
 .nf
-kill \-TERM `cat @UNBOUND_PIDFILE@`
+kill \-TERM `cat /var/unbound/unbound.pid`
 .fi
 gracefully terminates.
 .TP
@@ -890,17 +1059,22 @@ closer to that of BIND 9, while setting "\-1 \-1 \-1 \-1 \-1" gives behaviour
 rumoured to be closer to that of BIND 8.
 .TP
 .B harden\-short\-bufsize: \fI<yes or no>
-Very small EDNS buffer sizes from queries are ignored. Default is on, as
+Very small EDNS buffer sizes from queries are ignored. Default is yes, as
 described in the standard.
 .TP
 .B harden\-large\-queries: \fI<yes or no>
-Very large queries are ignored. Default is off, since it is legal protocol
+Very large queries are ignored. Default is no, since it is legal protocol
 wise to send these, and could be necessary for operation if TSIG or EDNS
 payload is very large.
 .TP
 .B harden\-glue: \fI<yes or no>
 Will trust glue only if it is within the servers authority. Default is yes.
 .TP
+.B harden\-unverified\-glue: \fI<yes or no>
+Will trust only in-zone glue. Will try to resolve all out of zone
+(\fI<unverfied>) glue. Will fallback to the original glue if unable to resolve.
+Default is no.
+.TP
 .B harden\-dnssec\-stripped: \fI<yes or no>
 Require DNSSEC data for trust\-anchored zones, if such data is absent,
 the zone becomes bogus. If turned off, and no DNSSEC data is received
@@ -936,10 +1110,29 @@ to increase the max depth that is checked to.
 .TP
 .B harden\-algo\-downgrade: \fI<yes or no>
 Harden against algorithm downgrade when multiple algorithms are
-advertised in the DS record.  If no, allows the weakest algorithm to
-validate the zone.  Default is no.  Zone signers must produce zones
-that allow this feature to work, but sometimes they do not, and turning
-this option off avoids that validation failure.
+advertised in the DS record.
+This works by first choosing only the strongest DS digest type as per RFC 4509
+(Unbound treats the highest algorithm as the strongest) and then
+expecting signatures from all the advertised signing algorithms from the chosen
+DS(es) to be present.
+If no, allows any one supported algorithm to validate the zone, even if other advertised algorithms are broken.
+Default is no.
+RFC 6840 mandates that zone signers must produce zones signed with all
+advertised algorithms, but sometimes they do not.
+RFC 6840 also clarifies that this requirement is not for validators and
+validators should accept any single valid path.
+It should thus be explicitly noted that this option violates RFC 6840 for
+DNSSEC validation and should only be used to perform a signature
+completeness test to support troubleshooting.
+Using this option may break DNSSEC resolution with non-RFC6840-conforming
+signers and/or in multi-signer configurations that don't send all the
+advertised signatures.
+.TP
+.B harden\-unknown\-additional: \fI<yes or no>
+Harden against unknown records in the authority section and additional
+section. Default is no. If no, such records are copied from the upstream
+and presented to the client together with the answer. If yes, it could
+hamper future protocol developments that want to add records.
 .TP
 .B use\-caps\-for\-id: \fI<yes or no>
 Use 0x20\-encoded random bits in the query to foil spoof attempts.
@@ -954,7 +1147,7 @@ queries.  For domains that do not support 0x20 and also fail with fallback
 because they keep sending different answers, like some load balancers.
 Can be given multiple times, for different domains.
 .TP
-.B caps\-whitelist: \fI<yes or no>
+.B caps\-whitelist: \fI<domain>
 Alternate syntax for \fBcaps\-exempt\fR.
 .TP
 .B qname\-minimisation: \fI<yes or no>
@@ -1018,10 +1211,11 @@ IP6 ::1 and IP4 127.0.0.1/8. If no, then localhost can be used to send
 queries to. Default is yes.
 .TP
 .B prefetch: \fI<yes or no>
-If yes, message cache elements are prefetched before they expire to
-keep the cache up to date.  Default is no.  Turning it on gives about
-10 percent more traffic and load on the machine, but popular items do
-not expire from the cache.
+If yes, cache hits on message cache elements that are on their last 10 percent
+of their TTL value trigger a prefetch to keep the cache up to date.
+Default is no.
+Turning it on gives about 10 percent more traffic and load on the machine, but
+popular items do not expire from the cache.
 .TP
 .B prefetch\-key: \fI<yes or no>
 If yes, fetch the DNSKEYs earlier in the validation process, when a DS
@@ -1041,12 +1235,13 @@ from the query ID, for speed and thread safety).  Default is yes.
 .B minimal-responses: \fI<yes or no>
 If yes, Unbound does not insert authority/additional sections into response
 messages when those sections are not required.  This reduces response
-size significantly, and may avoid TCP fallback for some responses.
-This may cause a slight speedup.  The default is yes, even though the DNS
+size significantly, and may avoid TCP fallback for some responses which may
+cause a slight speedup.  The default is yes, even though the DNS
 protocol RFCs mandate these sections, and the additional content could
-be of use and save roundtrips for clients.  Because they are not used,
-and the saved roundtrips are easier saved with prefetch, whilst this is
-faster.
+save roundtrips for clients that use the additional content.
+However these sections are hardly used by clients.
+Enabling prefetch can benefit clients that need the additional content
+by trying to keep that content fresh in the cache.
 .TP
 .B disable-dnssec-lame-check: \fI<yes or no>
 If true, disables the DNSSEC lameness check in the iterator.  This check
@@ -1069,9 +1264,6 @@ Adding \fIrespip\fR to the front will cause RPZ processing to be done on
 all queries.
 The default is "\fIvalidator iterator\fR".
 .IP
-When the server is built with
-EDNS client subnet support the default is "\fIsubnetcache validator
-iterator\fR".
 Most modules that need to be listed here have to be listed at the beginning
 of the line.  The subnetcachedb module has to be listed just before
 the iterator.
@@ -1195,17 +1387,33 @@ servers that set the CD flag but cannot validate DNSSEC themselves are
 the clients, and then Unbound provides them with DNSSEC protection.
 The default value is "no".
 .TP
+.B disable\-edns\-do: \fI<yes or no>
+Disable the EDNS DO flag in upstream requests.
+It breaks DNSSEC validation for Unbound's clients.
+This results in the upstream name servers to not include DNSSEC records in
+their replies and could be helpful for devices that cannot handle DNSSEC
+information.
+When the option is enabled, clients that set the DO flag receive no EDNS
+record in the response to indicate the lack of support to them.
+If this option is enabled but Unbound is already configured for DNSSEC
+validation (i.e., the validator module is enabled; default) this option is
+implicitly turned off with a warning as to not break DNSSEC validation in
+Unbound.
+Default is no.
+.TP
 .B serve\-expired: \fI<yes or no>
 If enabled, Unbound attempts to serve old responses from cache with a
-TTL of \fBserve\-expired\-reply\-ttl\fR in the response without waiting for the
-actual resolution to finish.  The actual resolution answer ends up in the cache
-later on.  Default is "no".
+TTL of \fBserve\-expired\-reply\-ttl\fR in the response.
+By default the expired answer will be used after a resolution attempt errored
+out or is taking more than serve\-expired\-client\-timeout to resolve.
+Default is "no".
 .TP
 .B serve\-expired\-ttl: \fI<seconds>
-Limit serving of expired responses to configured seconds after expiration. 0
-disables the limit.  This option only applies when \fBserve\-expired\fR is
-enabled.  A suggested value per RFC 8767 is between
-86400 (1 day) and 259200 (3 days).  The default is 0.
+Limit serving of expired responses to configured seconds after expiration.
+0 disables the limit.
+This option only applies when \fBserve\-expired\fR is enabled.
+A suggested value per RFC 8767 is between 86400 (1 day) and 259200 (3 days).
+The default is 86400.
 .TP
 .B serve\-expired\-ttl\-reset: \fI<yes or no>
 Set the TTL of expired records to the \fBserve\-expired\-ttl\fR value after a
@@ -1219,12 +1427,14 @@ TTL value to use when replying with expired data.  If
 use 30 as the value (RFC 8767).  The default is 30.
 .TP
 .B serve\-expired\-client\-timeout: \fI<msec>
-Time in milliseconds before replying to the client with expired data.  This
-essentially enables the serve-stale behavior as specified in
+Time in milliseconds before replying to the client with expired data.
+This essentially enables the serve-stale behavior as specified in
 RFC 8767 that first tries to resolve before immediately
-responding with expired data.  A recommended value per
-RFC 8767 is 1800.  Setting this to 0 will disable this
-behavior.  Default is 0.
+responding with expired data.
+Setting this to 0 will disable this behavior and instead serve the expired
+record immediately from the cache before attempting to refresh it via
+resolution.
+Default is 1800.
 .TP
 .B serve\-original\-ttl: \fI<yes or no>
 If enabled, Unbound will always return the original TTL as received from
@@ -1313,14 +1523,24 @@ address space are not validated.  This is usually required whenever
 Configure a local zone. The type determines the answer to give if
 there is no match from local\-data. The types are deny, refuse, static,
 transparent, redirect, nodefault, typetransparent, inform, inform_deny,
-inform_redirect, always_transparent, always_refuse, always_nxdomain, always_null, noview,
-and are explained below. After that the default settings are listed. Use
-local\-data: to enter data into the local zone. Answers for local zones
-are authoritative DNS answers. By default the zones are class IN.
+inform_redirect, always_transparent, block_a, always_refuse, always_nxdomain,
+always_null, noview, and are explained below. After that the default settings
+are listed. Use local\-data: to enter data into the local zone. Answers for
+local zones are authoritative DNS answers. By default the zones are class IN.
 .IP
 If you need more complicated authoritative data, with referrals, wildcards,
 CNAME/DNAME support, or DNSSEC authoritative service, setup a stub\-zone for
-it as detailed in the stub zone section below.
+it as detailed in the stub zone section below. A stub\-zone can be used to
+have unbound send queries to another server, an authoritative server, to
+fetch the information. With a forward\-zone, unbound sends queries to a server
+that is a recursive server to fetch the information. With an auth\-zone a
+zone can be loaded from file and used, it can be used like a local\-zone
+for users downstream, or the auth\-zone information can be used to fetch
+information from when resolving like it is an upstream server. The
+forward\-zone and auth\-zone options are described in their sections below.
+If you want to perform filtering of the information that the users can fetch,
+the local\-zone and local\-data statements allow for this, but also the
+rpz functionality can be used, described in the RPZ section.
 .TP 10
 \h'5'\fIdeny\fR
 Do not send an answer, drop the query.
@@ -1381,6 +1601,12 @@ Ie. answer queries with fixed data and also log the machines that ask.
 \h'5'\fIalways_transparent\fR
 Like transparent, but ignores local data and resolves normally.
 .TP 10
+\h'5'\fIblock_a\fR
+Like transparent, but ignores local data and resolves normally all query
+types excluding A. For A queries it unconditionally returns NODATA.
+Useful in cases when there is a need to explicitly force all apps to use
+IPv6 protocol and avoid any queries to IPv4.
+.TP 10
 \h'5'\fIalways_refuse\fR
 Like refuse, but ignores local data and refuses the query.
 .TP 10
@@ -1413,6 +1639,7 @@ given zone.  Use \fInodefault\fR if you use exactly that zone, if you want to
 use a subzone, use \fItransparent\fR.
 .P
 The default zones are localhost, reverse 127.0.0.1 and ::1, the home.arpa,
+the resolver.arpa, the service.arpa,
 the onion, test, invalid and the AS112 zones. The AS112 zones are reverse
 DNS zones for private use and reserved IP addresses for which the servers
 on the internet cannot provide correct answers. They are configured by
@@ -1468,6 +1695,24 @@ local\-data: "home.arpa. 10800 IN
     SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
 .fi
 .TP 10
+\h'5'\fIresolver.arpa (RFC 9462)\fR
+Default content:
+.nf
+local\-zone: "resolver.arpa." static
+local\-data: "resolver.arpa. 10800 IN NS localhost."
+local\-data: "resolver.arpa. 10800 IN
+    SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
+.fi
+.TP 10
+\h'5'\fIservice.arpa (draft-ietf-dnssd-srp-25)\fR
+Default content:
+.nf
+local\-zone: "service.arpa." static
+local\-data: "service.arpa. 10800 IN NS localhost."
+local\-data: "service.arpa. 10800 IN
+    SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
+.fi
+.TP 10
 \h'5'\fIonion (RFC 7686)\fR
 Default content:
 .nf
@@ -1591,7 +1836,7 @@ This specifies the action data for \fIresponse-ip\fR with action being
 to redirect as specified by "\fIresource record string\fR".  "Resource
 record string" is similar to that of \fIaccess-control-tag-action\fR,
 but it must be of either AAAA, A or CNAME types.
-If the IP-netblock is an IPv6/IPV4 prefix, the record
+If the IP-netblock is an IPv6/IPv4 prefix, the record
 must be AAAA/A respectively, unless it is a CNAME (which can be used
 for both versions of IP netblocks).  If it is CNAME there must not be
 more than one \fIresponse-ip-data\fR for the same IP-netblock.
@@ -1697,11 +1942,30 @@ A value of 0 will disable ratelimiting for domain names that end in this name.
 .TP 5
 .B ip\-ratelimit: \fI<number or 0>
 Enable global ratelimiting of queries accepted per IP address.
-If 0, the default, it is disabled.  This option is experimental at this time.
+This option is experimental at this time.
 The ratelimit is in queries per second that are allowed.  More queries are
 completely dropped and will not receive a reply, SERVFAIL or otherwise.
 IP ratelimiting happens before looking in the cache. This may be useful for
 mitigating amplification attacks.
+Clients with a valid DNS Cookie will bypass the ratelimit.
+If a ratelimit for such clients is still needed, \fBip\-ratelimit\-cookie\fR
+can be used instead.
+Default is 0 (disabled).
+.TP 5
+.B ip\-ratelimit\-cookie: \fI<number or 0>
+Enable global ratelimiting of queries accepted per IP address with a valid DNS
+Cookie.
+This option is experimental at this time.
+The ratelimit is in queries per second that are allowed.
+More queries are completely dropped and will not receive a reply, SERVFAIL or
+otherwise.
+IP ratelimiting happens before looking in the cache.
+This option could be useful in combination with \fIallow_cookie\fR in an
+attempt to mitigate other amplification attacks than UDP reflections (e.g.,
+attacks targeting Unbound itself) which are already handled with DNS Cookies.
+If used, the value is suggested to be higher than \fBip\-ratelimit\fR e.g.,
+tenfold.
+Default is 0 (disabled).
 .TP 5
 .B ip\-ratelimit\-size: \fI<memory size>
 Give the size of the data structure in which the current ongoing rates are
@@ -1733,9 +1997,44 @@ set ip\-ratelimit to a suspicious rate to aggressively limit unusually high
 traffic.  Default is off.
 .TP 5
 .B outbound\-msg\-retry: \fI<number>
-The number of retries Unbound will do in case of a non positive response is
-received. If a forward nameserver is used, this is the number of retries per
-forward nameserver in case of throwaway response.
+The number of retries, per upstream nameserver in a delegation, that Unbound
+will attempt in case a throwaway response is received.
+No response (timeout) contributes to the retry counter.
+If a forward/stub zone is used, this is the number of retries per nameserver in
+the zone.
+Default is 5.
+.TP 5
+.B max\-sent\-count: \fI<number>
+Hard limit on the number of outgoing queries Unbound will make while resolving
+a name, making sure large NS sets do not loop.
+Results in SERVFAIL when reached.
+It resets on query restarts (e.g., CNAME) and referrals.
+Default is 32.
+.TP 5
+.B max\-query\-restarts: \fI<number>
+Hard limit on the number of times Unbound is allowed to restart a query upon
+encountering a CNAME record.
+Results in SERVFAIL when reached.
+Changing this value needs caution as it can allow long CNAME chains to be
+accepted, where Unbound needs to verify (resolve) each link individually.
+Default is 11.
+.TP 5
+.B iter\-scrub\-ns: \fI<number>
+Limit on the number of NS records allowed in an rrset of type NS, from the
+iterator scrubber. This protects the internals of the resolver from overly
+large NS sets. Default is 20.
+.TP 5
+.B iter\-scrub\-cname: \fI<number>
+Limit on the number of CNAME, DNAME records in an answer, from the iterator
+scrubber. This protects the internals of the resolver from overly long
+indirection chains. Clips off the remainder of the reply packet at that point.
+Default is 11.
+.TP 5
+.B max\-global\-quota: \fI<number>
+Limit on the number of upstream queries sent out for an incoming query and
+its subqueries from recursion. It is not reset during the resolution. When
+it is exceeded the query is failed and the lookup process stops.
+Default is 200.
 .TP 5
 .B fast\-server\-permil: \fI<number>
 Specify how many times out of 1000 to pick from the set of fastest servers.
@@ -1752,6 +2051,32 @@ Set the number of servers that should be used for fast server selection. Only
 use the fastest specified number of servers with the fast\-server\-permil
 option, that turns this on or off. The default is to use the fastest 3 servers.
 .TP 5
+.B answer\-cookie: \fI<yes or no>
+If enabled, Unbound will answer to requests containing DNS Cookies as
+specified in RFC 7873 and RFC 9018.
+Default is no.
+.TP 5
+.B cookie\-secret: \fI<128 bit hex string>
+Server's secret for DNS Cookie generation.
+Useful to explicitly set for servers in an anycast deployment that need to
+share the secret in order to verify each other's Server Cookies.
+An example hex string would be "000102030405060708090a0b0c0d0e0f".
+Default is a 128 bits random secret generated at startup time.
+This option is ignored if a \fBcookie\-secret\-file\fR is
+present.  In that case the secrets from that file are used in DNS Cookie
+calculations.
+.TP 5
+.B cookie\-secret\-file: \fI<filename>
+File from which the secrets are read used in DNS Cookie calculations. When this
+file exists, the secrets in this file are used and the secret specified by the
+\fBcookie-secret\fR option is ignored.
+Enable it by setting a filename, like "/usr/local/etc/unbound_cookiesecrets.txt".
+The content of this file must be manipulated with the \fBadd_cookie_secret\fR,
+\fBdrop_cookie_secret\fR and \fBactivate_cookie_secret\fR commands to the
+\fIunbound\-control\fR(8) tool. Please see that manpage on how to perform a
+safe cookie secret rollover.
+Default is "" (disabled).
+.TP 5
 .B edns\-client\-string: \fI<IP netblock> <string>
 Include an EDNS0 option containing configured ascii string in queries with
 destination address matching the configured IP netblock.  This configuration
@@ -1761,6 +2086,34 @@ option can be used multiple times. The most specific match will be used.
 EDNS0 option code for the \fIedns\-client\-string\fR option, from 0 to 65535.
 A value from the `Reserved for Local/Experimental` range (65001-65534) should
 be used.  Default is 65001.
+.TP 5
+.B ede: \fI<yes or no>
+If enabled, Unbound will respond with Extended DNS Error codes (RFC8914).
+These EDEs provide additional information with a response mainly for, but not
+limited to, DNS and DNSSEC errors.
+
+When the \fBval-log-level\fR option is also set to \fB2\fR, responses with
+Extended DNS Errors concerning DNSSEC failures will also contain a descriptive
+text message about the reason for the failure.
+Default is "no".
+.TP 5
+.B ede\-serve\-expired: \fI<yes or no>
+If enabled, Unbound will attach an Extended DNS Error (RFC8914) Code 3 - Stale
+Answer as EDNS0 option to the expired response.
+The \fBede\fR option needs to be enabled as well for this to work.
+Default is "no".
+.TP 5
+.B dns\-error\-reporting: \fI<yes or no>
+If enabled, Unbound will send DNS Error Reports (RFC9567).
+The name servers need to express support by attaching the Report-Channel EDNS0
+option on their replies specifying the reporting agent for the zone.
+Any errors encountered during resolution that would result in Unbound
+generating an Extended DNS Error (RFC8914) will be reported to the zone's
+reporting agent.
+The \fBede\fR option does not need to be enabled for this to work.
+It is advised that the \fBqname\-minimisation\fR option is also enabled to
+increase privacy on the outgoing reports.
+Default is "no".
 .SS "Remote Control Options"
 In the
 .B remote\-control:
@@ -1776,15 +2129,17 @@ section for options.  To setup the correct self\-signed certificates use the
 The option is used to enable remote control, default is "no".
 If turned off, the server does not listen for control commands.
 .TP 5
-.B control\-interface: \fI<ip address or path>
+.B control\-interface: \fI<ip address or interface name or path>
 Give IPv4 or IPv6 addresses or local socket path to listen on for
 control commands.
+If an interface name is used instead of an ip address, the list of ip addresses
+on that interface are used.
 By default localhost (127.0.0.1 and ::1) is listened to.
 Use 0.0.0.0 and ::0 to listen to all interfaces.
 If you change this and permissions have been dropped, you must restart
 the server for the change to take effect.
 .IP
-If you set it to an absolute path, a local socket is used.  The local socket
+If you set it to an absolute path, a unix domain socket is used. This socket
 does not use the certificates and keys, so those files need not be present.
 To restrict access, Unbound sets permissions on the file to the user and
 group that is configured, the access bits are set to allow the group members
@@ -1968,13 +2323,32 @@ useful when you want immediate changes to be visible.
 Authority zones are configured with \fBauth\-zone:\fR, and each one must
 have a \fBname:\fR.  There can be multiple ones, by listing multiple auth\-zone clauses, each with a different name, pertaining to that part of the namespace.
 The authority zone with the name closest to the name looked up is used.
-Authority zones are processed after \fBlocal\-zones\fR and before
-cache (\fBfor\-downstream:\fR \fIyes\fR), and when used in this manner
-make Unbound respond like an authority server.  Authority zones are also
-processed after cache, just before going to the network to fetch
-information for recursion (\fBfor\-upstream:\fR \fIyes\fR), and when used
-in this manner provide a local copy of an authority server that speeds up
-lookups of that data.
+Authority zones can be processed on two distinct, non-exclusive, configurable
+stages.
+.LP
+With \fBfor\-downstream:\fR \fIyes\fR (default), authority zones are processed
+after \fBlocal\-zones\fR and before cache.
+When used in this manner, Unbound responds like an authority server with no
+further processing other than returning an answer from the zone contents.
+A notable example, in this case, is CNAME records which are returned verbatim
+to downstream clients without further resolution.
+.LP
+With \fBfor\-upstream:\fR \fIyes\fR (default), authority zones are processed
+after the cache lookup, just before going to the network to fetch
+information for recursion.
+When used in this manner they provide a local copy of an authority server
+that speeds up lookups for that data during resolving.
+.LP
+If both options are enabled (default), client queries for an authority zone are
+answered authoritatively from Unbound, while internal queries that require data
+from the authority zone consult the local zone data instead of going to the
+network.
+.LP
+An interesting configuration is \fBfor\-downstream:\fR \fIno\fR,
+\fBfor\-upstream:\fR \fIyes\fR that allows for hyperlocal behavior where both
+client and internal queries consult the local zone data while resolving.
+In this case, the aforementioned CNAME example will result in a thoroughly
+resolved answer.
 .LP
 Authority zones can be read from zonefile.  And can be kept updated via
 AXFR and IXFR.  After update the zonefile is rewritten.  The update mechanism
@@ -2027,8 +2401,8 @@ With allow\-notify you can specify additional sources of notifies.
 When notified, the server attempts to first probe and then zone transfer.
 If the notify is from a primary, it first attempts that primary.  Otherwise
 other primaries are attempted.  If there are no primaries, but only urls, the
-file is downloaded when notified.  The primaries from primary: statements are
-allowed notify by default.
+file is downloaded when notified.  The primaries from primary: and url:
+statements are allowed notify by default.
 .TP
 .B fallback\-enabled: \fI<yes or no>
 Default no.  If enabled, Unbound falls back to querying the internet as
@@ -2151,8 +2525,8 @@ The dynamic library file to load. Repeat this option for every dynlib module
 instance added to the \fBmodule\-config:\fR option.
 .SS "DNS64 Module Options"
 .LP
-The dns64 module must be configured in the \fBmodule\-config:\fR "dns64
-validator iterator" directive and be compiled into the daemon to be
+The dns64 module must be configured in the \fBmodule\-config:\fR directive
+e.g., "dns64 validator iterator" and be compiled into the daemon to be
 enabled.  These settings go in the \fBserver:\fR section.
 .TP
 .B dns64\-prefix: \fI<IPv6 prefix>\fR
@@ -2168,6 +2542,21 @@ List domain for which the AAAA records are ignored and the A record is
 used by dns64 processing instead.  Can be entered multiple times, list a
 new domain for which it applies, one per line.  Applies also to names
 underneath the name given.
+.SS "NAT64 Operation"
+.LP
+NAT64 operation allows using a NAT64 prefix for outbound requests to IPv4-only
+servers.  It is controlled by two options in the \fBserver:\fR section:
+.TP
+.B do\-nat64: \fI<yes or no>\fR
+Use NAT64 to reach IPv4-only servers.
+Consider also enabling \fBprefer\-ip6\fR to prefer native IPv6 connections to
+nameservers.
+Default no.
+.TP
+.B nat64\-prefix: \fI<IPv6 prefix>\fR
+Use a specific NAT64 prefix to reach IPv4-only servers.  Defaults to using
+the prefix configured in \fBdns64\-prefix\fR, which in turn defaults to
+64:ff9b::/96.  The prefix length must be one of /32, /40, /48, /56, /64 or /96.
 .SS "DNSCrypt Options"
 .LP
 The
@@ -2237,8 +2626,8 @@ in the dnscrypt nonce cache.  Close to the number of cpus is
 a fairly good setting.
 .SS "EDNS Client Subnet Module Options"
 .LP
-The ECS module must be configured in the \fBmodule\-config:\fR "subnetcache
-validator iterator" directive and be compiled into the daemon to be
+The ECS module must be configured in the \fBmodule\-config:\fR directive e.g.,
+"subnetcache validator iterator" and be compiled into the daemon to be
 enabled.  These settings go in the \fBserver:\fR section.
 .LP
 If the destination address is allowed in the configuration Unbound will add the
@@ -2258,6 +2647,18 @@ The maximum size of the ECS cache is controlled by 'msg-cache-size' in the
 configuration file. On top of that, for each query only 100 different subnets
 are allowed to be stored for each address family. Exceeding that number, older
 entries will be purged from cache.
+.LP
+Note that due to the nature of how EDNS Client Subnet works, by segregating the
+client IP space in order to try and have tailored responses for prefixes of
+unknown sizes, resolution and cache response performance are impacted as a
+result.
+Usage of the subnetcache module should only be enabled in installations that
+require such functionality where the resolver and the clients belong to
+different networks.
+An example of that is an open resolver installation.
+.LP
+This module does not interact with the \fBserve\-expired*\fR and
+\fBprefetch:\fR options.
 .TP
 .B send\-client\-subnet: \fI<IP address>\fR
 Send client source address to this authority. Append /num to indicate a
@@ -2306,8 +2707,8 @@ Specifies the maximum number of subnets ECS answers kept in the ECS radix tree.
 This number applies for each qname/qclass/qtype tuple. Defaults to 100.
 .SS "Opportunistic IPsec Support Module Options"
 .LP
-The IPsec module must be configured in the \fBmodule\-config:\fR "ipsecmod
-validator iterator" directive and be compiled into Unbound by using
+The IPsec module must be configured in the \fBmodule\-config:\fR directive
+e.g., "ipsecmod validator iterator" and be compiled into Unbound by using
 \fB\-\-enable\-ipsecmod\fR to be enabled.
 These settings go in the \fBserver:\fR section.
 .LP
@@ -2372,12 +2773,12 @@ Allow the ipsecmod functionality for the domain so that the module logic will be
 executed.  Can be given multiple times, for different domains.  If the option is
 not specified, all domains are treated as being allowed (default).
 .TP
-.B ipsecmod\-whitelist: \fI<yes or no>
+.B ipsecmod\-whitelist: \fI<domain>
 Alternate syntax for \fBipsecmod\-allow\fR.
 .SS "Cache DB Module Options"
 .LP
-The Cache DB module must be configured in the \fBmodule\-config:\fR
-"validator cachedb iterator" directive and be compiled into the daemon
+The Cache DB module must be configured in the \fBmodule\-config:\fR directive
+e.g., "validator cachedb iterator" and be compiled into the daemon
 with \fB\-\-enable\-cachedb\fR.
 If this module is enabled and configured, the specified backend database
 works as a second level cache:
@@ -2389,11 +2790,7 @@ If Unbound cannot even find an answer in the backend, it resolves the
 query as usual, and stores the answer in the backend.
 .P
 This module interacts with the \fBserve\-expired\-*\fR options and will reply
-with expired data if Unbound is configured for that.  Currently the use
-of \fBserve\-expired\-client\-timeout:\fR and
-\fBserve\-expired\-reply\-ttl:\fR is not consistent for data originating from
-the external cache as these will result in a reply with 0 TTL without trying to
-update the data first, ignoring the configured values.
+with expired data if Unbound is configured for that.
 .P
 If Unbound was built with
 \fB\-\-with\-libhiredis\fR
@@ -2444,6 +2841,21 @@ operationally.
 If the backend database is shared by multiple Unbound instances,
 all instances must use the same secret seed.
 This option defaults to "default".
+.TP
+.B cachedb-no-store: \fI<yes or no>\fR
+If the backend should be read from, but not written to. This makes this
+instance not store dns messages in the backend. But if data is available it
+is retrieved. The default is no.
+.TP
+.B cachedb-check-when-serve-expired: \fI<yes or no>\fR
+If enabled, the cachedb is checked before an expired response is returned.
+When \fBserve\-expired\fR is enabled, without \fBserve\-expired\-client\-timeout\fR, it then
+does not immediately respond with an expired response from cache, but instead
+first checks the cachedb for valid contents, and if so returns it. If the
+cachedb also has no valid contents, the serve expired response is sent.
+If also \fBserve\-expired\-client\-timeout\fR is enabled, the expired response
+is delayed until the timeout expires. Unless the lookup succeeds within the
+timeout. The default is yes.
 .P
 The following
 .B cachedb
@@ -2460,6 +2872,16 @@ This option defaults to "127.0.0.1".
 The TCP port number of the Redis server.
 This option defaults to 6379.
 .TP
+.B redis-server-path: \fI<unix socket path>\fR
+The unix socket path to connect to the Redis server. Off by default, and it
+can be set to "" to turn this off. Unix sockets may have better throughput
+than the IP address option.
+.TP
+.B redis-server-password: \fI"<password>"\fR
+The Redis AUTH password to use for the Redis server.
+Only relevant if Redis is configured for client password authorisation.
+Off by default, and it can be set to "" to turn this off.
+.TP
 .B redis-timeout: \fI<msec>\fR
 The period until when Unbound waits for a response from the Redis sever.
 If this timeout expires Unbound closes the connection, treats it as
@@ -2467,6 +2889,16 @@ if the Redis server does not have the requested data, and will try to
 re-establish a new connection later.
 This option defaults to 100 milliseconds.
 .TP
+.B redis-command-timeout: \fI<msec>\fR
+The timeout to use for Redis commands, in milliseconds.
+If 0, it uses the \fBredis\-timeout\fR value.
+The default is 0.
+.TP
+.B redis-connect-timeout: \fI<msec>\fR
+The timeout to use for Redis connection set up, in milliseconds.
+If 0, it uses the \fBredis\-timeout\fR value.
+The default is 0.
+.TP
 .B redis-expire-records: \fI<yes or no>
 If Redis record expiration is enabled.  If yes, Unbound sets timeout for Redis
 records so that Redis can evict keys that have expired automatically.  If
@@ -2474,6 +2906,63 @@ Unbound is configured with \fBserve-expired\fR and \fBserve-expired-ttl\fR is 0,
 this option is internally reverted to "no".  Redis SETEX support is required
 for this option (Redis >= 2.0.0).
 This option defaults to no.
+.TP
+.B redis-logical-db: \fI<logical database index>
+The logical database in Redis to use.
+These are databases in the same Redis instance sharing the same configuration
+and persisted in the same RDB/AOF file.
+If unsure about using this option, Redis documentation
+(https://redis.io/commands/select/) suggests not to use a single Redis instance
+for multiple unrelated applications.
+The default database in Redis is 0 while other logical databases need to be
+explicitly SELECT'ed upon connecting.
+This option defaults to 0.
+.TP
+.B redis-replica-server-host: \fI<server address or name>\fR
+The IP (either v6 or v4) address or domain name of the Redis replica server.
+In general an IP address should be specified as otherwise Unbound will have to
+resolve the name of the server every time it establishes a connection
+to the server.
+This server is treated as a read-only replica server
+(https://redis.io/docs/management/replication/#read-only-replica).
+If specified, all Redis read commands will go to this replica server, while
+the write commands will go to the \fBredis-server-host\fR.
+This option defaults to "" (disabled).
+.TP
+.B redis-replica-server-port: \fI<port number>\fR
+The TCP port number of the Redis replica server.
+This option defaults to 6379.
+.TP
+.B redis-replica-server-path: \fI<unix socket path>\fR
+The unix socket path to connect to the Redis server. Off by default, and it
+can be set to "" to turn this off. Unix sockets may have better throughput
+than the IP address option.
+.TP
+.B redis-replica-server-password: \fI"<password>"\fR
+The Redis AUTH password to use for the Redis replica server.
+Only relevant if Redis is configured for client password authorisation.
+Off by default, and it can be set to "" to turn this off.
+.TP
+.B redis-replica-timeout: \fI<msec>\fR
+The period until when Unbound waits for a response from the Redis replica sever.
+If this timeout expires Unbound closes the connection, treats it as
+if the Redis replica server does not have the requested data, and will try to
+re-establish a new connection later.
+This option defaults to 100 milliseconds.
+.TP
+.B redis-replica-command-timeout: \fI<msec>\fR
+The timeout to use for Redis replica commands, in milliseconds.
+If 0, it uses the \fBredis\-replica\-timeout\fR value.
+The default is 0.
+.TP
+.B redis-replica-connect-timeout: \fI<msec>\fR
+The timeout to use for Redis replica connection set up, in milliseconds.
+If 0, it uses the \fBredis\-replica\-timeout\fR value.
+The default is 0.
+.TP
+.B redis-replica-logical-db: \fI<logical database index>
+Same as \fBredis-logical-db\fR but for the Redis replica server.
+This option defaults to 0.
 .SS DNSTAP Logging Options
 DNSTAP support, when compiled in by using \fB\-\-enable\-dnstap\fR, is enabled
 in the \fBdnstap:\fR section.
@@ -2493,7 +2982,7 @@ yes.
 .TP
 .B dnstap-socket-path: \fI<file name>
 Sets the unix socket file name for connecting to the server that is
-listening on that socket.  Default is "@DNSTAP_SOCKET_PATH@".
+listening on that socket.  Default is "".
 .TP
 .B dnstap-ip: \fI<IPaddress[@port]>
 If "", the unix socket is used, if set with an IP address (IPv4 or IPv6)
@@ -2534,6 +3023,13 @@ Default is "".
 The version to send with messages, if "" the package version is used.
 Default is "".
 .TP
+.B dnstap-sample-rate: \fI<number>
+The sample rate for log of messages, it logs only 1/N messages. With 0 it
+is disabled. Default is 0. This is useful in a high volume environment,
+where log functionality would otherwise not be reliable. For example 10
+would spend only 1/10th time on logging, and 100 would only spend a
+hundredth of the time on logging.
+.TP
 .B dnstap-log-resolver-query-messages: \fI<yes or no>
 Enable to log resolver query messages.  Default is no.
 These are messages from Unbound to upstream servers.
@@ -2558,9 +3054,11 @@ Enable to log forwarder response messages.  Default is no.
 .SS Response Policy Zone Options
 .LP
 Response Policy Zones are configured with \fBrpz:\fR, and each one must have a
-\fBname:\fR. There can be multiple ones, by listing multiple rpz clauses, each
-with a different name. RPZ clauses are applied in order of configuration. The
-\fBrespip\fR module needs to be added to the \fBmodule-config\fR, e.g.:
+\fBname:\fR. There can be multiple ones, by listing multiple RPZ clauses, each
+with a different name. RPZ clauses are applied in order of configuration and
+any match from an earlier RPZ zone will terminate the RPZ lookup. Note that a
+PASSTHRU action is still considered a match.
+The \fBrespip\fR module needs to be added to the \fBmodule-config\fR, e.g.:
 \fBmodule-config: "respip validator iterator"\fR.
 .P
 QNAME, Response IP Address, nsdname, nsip and clientip triggers are supported.
@@ -2568,12 +3066,13 @@ Supported actions are: NXDOMAIN, NODATA, PASSTHRU, DROP, Local Data, tcp\-only
 and drop.  RPZ QNAME triggers are applied after \fBlocal\-zones\fR and
 before \fBauth\-zones\fR.
 .P
-The rpz zone is formatted with a SOA start record as usual.  The items in
-the zone are entries, that specify what to act on (the trigger) and what to
-do (the action).  The trigger to act on is recorded in the name, the action
-to do is recorded as the resource record.  The names all end in the zone
-name, so you could type the trigger names without a trailing dot in the
-zonefile.
+The RPZ zone is a regular DNS zone formatted with a SOA start record as usual.
+The items in the zone are entries, that specify what to act on (the trigger)
+and what to do (the action).
+The trigger to act on is recorded in the name, the action to do is recorded as
+the resource record.
+The names all end in the zone name, so you could type the trigger names without
+a trailing dot in the zonefile.
 .P
 An example RPZ record, that answers example.com with NXDOMAIN
 .nf
@@ -2642,8 +3141,8 @@ With allow\-notify you can specify additional sources of notifies.
 When notified, the server attempts to first probe and then zone transfer.
 If the notify is from a primary, it first attempts that primary.  Otherwise
 other primaries are attempted.  If there are no primaries, but only urls, the
-file is downloaded when notified.  The primaries from primary: statements are
-allowed notify by default.
+file is downloaded when notified.  The primaries from primary: and url:
+statements are allowed notify by default.
 .TP
 .B zonefile: \fI<filename>
 The filename where the zone is stored.  If not given then no zonefile is used.
@@ -2673,7 +3172,7 @@ externally blocked. Default is no.
 If enabled the zone is authoritatively answered for and queries for the RPZ
 zone information are answered to downstream clients. This is useful for
 monitoring scripts, that can then access the SOA information to check if
-the rpz information is up to date. Default is no.
+the RPZ information is up to date. Default is no.
 .TP
 .B tags: \fI<list of tags>
 Limit the policies from this RPZ clause to clients with a matching tag. Tags
@@ -2714,18 +3213,18 @@ server:
 .fi
 .SH "FILES"
 .TP
-.I @UNBOUND_RUN_DIR@
+.I /var/unbound
 default Unbound working directory.
 .TP
-.I @UNBOUND_CHROOT_DIR@
+.I /var/unbound
 default
 \fIchroot\fR(2)
 location.
 .TP
-.I @ub_conf_file@
+.I /var/unbound/unbound.conf
 Unbound configuration file.
 .TP
-.I @UNBOUND_PIDFILE@
+.I /var/unbound/unbound.pid
 default Unbound pidfile with process ID of the running daemon.
 .TP
 .I unbound.log
diff --git a/contrib/unbound/doc/unbound.conf.5.in b/contrib/unbound/doc/unbound.conf.5.in
index 4484267dbc79..59e9411cd6eb 100644
--- a/contrib/unbound/doc/unbound.conf.5.in
+++ b/contrib/unbound/doc/unbound.conf.5.in
@@ -1,1395 +1,2549 @@
-.TH "unbound.conf" "5" "Apr 24, 2025" "NLnet Labs" "unbound 1.23.0"
-.\"
-.\" unbound.conf.5 -- unbound.conf manual
-.\"
-.\" Copyright (c) 2007, NLnet Labs. All rights reserved.
-.\"
-.\" See LICENSE for the license.
-.\"
-.\"
-.SH "NAME"
-.B unbound.conf
-\- Unbound configuration file.
-.SH "SYNOPSIS"
-.B unbound.conf
-.SH "DESCRIPTION"
-.B unbound.conf
-is used to configure
-\fIunbound\fR(8).
-The file format has attributes and values. Some attributes have attributes
-inside them.
-The notation is: attribute: value.
-.P
-Comments start with # and last to the end of line. Empty lines are
-ignored as is whitespace at the beginning of a line.
-.P
-The utility
-\fIunbound\-checkconf\fR(8)
-can be used to check unbound.conf prior to usage.
-.SH "EXAMPLE"
-An example config file is shown below. Copy this to /etc/unbound/unbound.conf
-and start the server with:
-.P
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "UNBOUND.CONF" "5" "Sep 18, 2025" "1.24.0" "Unbound"
+.SH NAME
+unbound.conf \- Unbound 1.24.0 configuration file.
+.SH SYNOPSIS
+.sp
+\fBunbound.conf\fP
+.SH DESCRIPTION
+.sp
+\fBunbound.conf\fP is used to configure \fI\%unbound(8)\fP\&.
+The file format has attributes and values.
+Some attributes have attributes inside them.
+The notation is: \fBattribute: value\fP\&.
+.sp
+Comments start with \fB#\fP and last to the end of line.
+Empty lines are ignored as is whitespace at the beginning of a line.
+.sp
+The utility \fI\%unbound\-checkconf(8)\fP can be
+used to check \fBunbound.conf\fP prior to usage.
+.SH EXAMPLE
+.sp
+An example config file is shown below.
+Copy this to \fB/etc/unbound/unbound.conf\fP and start the server with:
+.INDENT 0.0
+.INDENT 3.5
+.sp
 .nf
-	$ unbound \-c /etc/unbound/unbound.conf
+.ft C
+$ unbound \-c /etc/unbound/unbound.conf
+.ft P
 .fi
-.P
-Most settings are the defaults. Stop the server with:
-.P
+.UNINDENT
+.UNINDENT
+.sp
+Most settings are the defaults.
+Stop the server with:
+.INDENT 0.0
+.INDENT 3.5
+.sp
 .nf
-	$ kill `cat /etc/unbound/unbound.pid`
+.ft C
+$ kill \(gacat /etc/unbound/unbound.pid\(ga
+.ft P
 .fi
-.P
-Below is a minimal config file. The source distribution contains an extensive
-example.conf file with all the options.
-.P
+.UNINDENT
+.UNINDENT
+.sp
+Below is a minimal config file.
+The source distribution contains an extensive \fBexample.conf\fP file with
+all the options.
+.INDENT 0.0
+.INDENT 3.5
+.sp
 .nf
+.ft C
 # unbound.conf(5) config file for unbound(8).
 server:
-	directory: "/etc/unbound"
-	username: unbound
-	# make sure unbound can access entropy from inside the chroot.
-	# e.g. on linux the use these commands (on BSD, devfs(8) is used):
-	#      mount \-\-bind \-n /dev/urandom /etc/unbound/dev/urandom
-	# and  mount \-\-bind \-n /dev/log /etc/unbound/dev/log
-	chroot: "/etc/unbound"
-	# logfile: "/etc/unbound/unbound.log"  #uncomment to use logfile.
-	pidfile: "/etc/unbound/unbound.pid"
-	# verbosity: 1		# uncomment and increase to get more logging.
-	# listen on all interfaces, answer queries from the local subnet.
-	interface: 0.0.0.0
-	interface: ::0
-	access\-control: 10.0.0.0/8 allow
-	access\-control: 2001:DB8::/64 allow
+    directory: \(dq/etc/unbound\(dq
+    username: unbound
+    # make sure unbound can access entropy from inside the chroot.
+    # e.g. on linux the use these commands (on BSD, devfs(8) is used):
+    #      mount \-\-bind \-n /dev/urandom /etc/unbound/dev/urandom
+    # and  mount \-\-bind \-n /dev/log /etc/unbound/dev/log
+    chroot: \(dq/etc/unbound\(dq
+    # logfile: \(dq/etc/unbound/unbound.log\(dq  #uncomment to use logfile.
+    pidfile: \(dq/etc/unbound/unbound.pid\(dq
+    # verbosity: 1      # uncomment and increase to get more logging.
+    # listen on all interfaces, answer queries from the local subnet.
+    interface: 0.0.0.0
+    interface: ::0
+    access\-control: 10.0.0.0/8 allow
+    access\-control: 2001:DB8::/64 allow
+.ft P
 .fi
-.SH "FILE FORMAT"
-There must be whitespace between keywords.  Attribute keywords end with a
-colon ':'.  An attribute is followed by a value, or its containing attributes
-in which case it is referred to as a clause.  Clauses can be repeated throughout
-the file (or included files) to group attributes under the same clause.
-.P
-Files can be included using the
-.B include:
-directive. It can appear anywhere, it accepts a single file name as argument.
-Processing continues as if the text from the included file was copied into
-the config file at that point.  If also using chroot, using full path names
-for the included files works, relative pathnames for the included names work
-if the directory where the daemon is started equals its chroot/working
-directory or is specified before the include statement with directory: dir.
-Wildcards can be used to include multiple files, see \fIglob\fR(7).
-.P
-For a more structural include option, the
-.B include\-toplevel:
-directive can be used.  This closes whatever clause is currently active (if any)
-and forces the use of clauses in the included files and right after this
-directive.
-.SS "Server Options"
-These options are part of the
-.B server:
-clause.
-.TP
-.B verbosity: \fI<number>
-The verbosity number, level 0 means no verbosity, only errors.  Level 1
-gives operational information.  Level 2 gives detailed operational
-information including short information per query.  Level 3 gives query level
-information, output per query.  Level 4 gives algorithm level information.
-Level 5 logs client identification for cache misses.  Default is level 1.
-The verbosity can also be increased from the commandline, see \fIunbound\fR(8).
-.TP
-.B statistics\-interval: \fI<seconds>
-The number of seconds between printing statistics to the log for every thread.
-Disable with value 0 or "". Default is disabled.  The histogram statistics
-are only printed if replies were sent during the statistics interval,
-requestlist statistics are printed for every interval (but can be 0).
+.UNINDENT
+.UNINDENT
+.SH FILE FORMAT
+.sp
+There must be whitespace between keywords.
+Attribute keywords end with a colon \fB\(aq:\(aq\fP\&.
+An attribute is followed by a value, or its containing attributes in which case
+it is referred to as a clause.
+Clauses can be repeated throughout the file (or included files) to group
+attributes under the same clause.
+.sp
+Files can be included using the \fBinclude:\fP directive.
+It can appear anywhere, it accepts a single file name as argument.
+Processing continues as if the text from the included file was copied into the
+config file at that point.
+If also using \fI\%chroot\fP, using full path names for
+the included files works, relative pathnames for the included names work if the
+directory where the daemon is started equals its chroot/working directory or is
+specified before the include statement with \fI\%directory:
+dir\fP\&.
+Wildcards can be used to include multiple files, see \fIglob(7)\fP\&.
+.sp
+For a more structural include option, the \fBinclude\-toplevel:\fP directive can
+be used.
+This closes whatever clause is currently active (if any) and forces the use of
+clauses in the included files and right after this directive.
+.SS Server Options
+.sp
+These options are part of the \fBserver:\fP clause.
+.INDENT 0.0
+.TP
+.B verbosity: \fI<number>\fP 
+The verbosity level.
+.INDENT 7.0
+.TP
+.B Level 0
+No verbosity, only errors.
+.TP
+.B Level 1
+Gives operational information.
+.TP
+.B Level 2
+Gives detailed operational information including short information per
+query.
+.TP
+.B Level 3
+Gives query level information, output per query.
+.TP
+.B Level 4
+Gives algorithm level information.
+.TP
+.B Level 5
+Logs client identification for cache misses.
+.UNINDENT
+.sp
+The verbosity can also be increased from the command line and during run
+time via remote control. See \fI\%unbound(8)\fP and
+\fI\%unbound\-control(8)\fP respectively.
+.sp
+Default: 1
+.UNINDENT
+.INDENT 0.0
+.TP
+.B statistics\-interval: \fI<seconds>\fP 
+The number of seconds between printing statistics to the log for every
+thread.
+Disable with value \fB0\fP or \fB\(dq\(dq\fP\&.
+The histogram statistics are only printed if replies were sent during the
+statistics interval, requestlist statistics are printed for every interval
+(but can be 0).
 This is because the median calculation requires data to be present.
-.TP
-.B statistics\-cumulative: \fI<yes or no>
-If enabled, statistics are cumulative since starting Unbound, without clearing
-the statistics counters after logging the statistics. Default is no.
-.TP
-.B extended\-statistics: \fI<yes or no>
-If enabled, extended statistics are printed from \fIunbound\-control\fR(8).
-Default is off, because keeping track of more statistics takes time.  The
-counters are listed in \fIunbound\-control\fR(8).
-.TP
-.B statistics\-inhibit\-zero: \fI<yes or no>
-If enabled, selected extended statistics with a value of 0 are inhibited from
-printing with \fIunbound\-control\fR(8).
+.sp
+Default: 0 (disabled)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B statistics\-cumulative: \fI<yes or no>\fP 
+If enabled, statistics are cumulative since starting Unbound, without
+clearing the statistics counters after logging the statistics.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B extended\-statistics: \fI<yes or no>\fP 
+If enabled, extended statistics are printed from
+\fI\%unbound\-control(8)\fP\&.
+The counters are listed in
+\fI\%unbound\-control(8)\fP\&.
+Keeping track of more statistics takes time.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B statistics\-inhibit\-zero: \fI<yes or no>\fP 
+If enabled, selected extended statistics with a value of 0 are inhibited
+from printing with
+\fI\%unbound\-control(8)\fP\&.
 These are query types, query classes, query opcodes, answer rcodes
-(except NOERROR, FORMERR, SERVFAIL, NXDOMAIN, NOTIMPL, REFUSED) and
-RPZ actions.
-Default is on.
-.TP
-.B num\-threads: \fI<number>
+(except NOERROR, FORMERR, SERVFAIL, NXDOMAIN, NOTIMPL, REFUSED)
+and PRZ actions.
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B num\-threads: \fI<number>\fP 
 The number of threads to create to serve clients. Use 1 for no threading.
-.TP
-.B port: \fI<port number>
-The port number, default 53, on which the server responds to queries.
-.TP
-.B interface: \fI<ip address or interface name [@port]>
-Interface to use to connect to the network. This interface is listened to
-for queries from clients, and answers to clients are given from it.
-Can be given multiple times to work on several interfaces. If none are
-given the default is to listen to localhost.  If an interface name is used
-instead of an ip address, the list of ip addresses on that interface are used.
-The interfaces are not changed on a reload (kill \-HUP) but only on restart.
-A port number can be specified with @port (without spaces between
-interface and port number), if not specified the default port (from
-\fBport\fR) is used.
-.TP
-.B ip\-address: \fI<ip address or interface name [@port]>
-Same as interface: (for ease of compatibility with nsd.conf).
-.TP
-.B interface\-automatic: \fI<yes or no>
+.sp
+Default: 1
+.UNINDENT
+.INDENT 0.0
+.TP
+.B port: \fI<port number>\fP 
+The port number on which the server responds to queries.
+.sp
+Default: 53
+.UNINDENT
+.INDENT 0.0
+.TP
+.B interface: \fI<IP address or interface name[@port]>\fP 
+Interface to use to connect to the network.
+This interface is listened to for queries from clients, and answers to
+clients are given from it.
+Can be given multiple times to work on several interfaces.
+If none are given the default is to listen on localhost.
+.sp
+If an interface name is used instead of an IP address, the list of IP
+addresses on that interface are used.
+The interfaces are not changed on a reload (\fBkill \-HUP\fP) but only on
+restart.
+.sp
+A port number can be specified with @port (without spaces between interface
+and port number), if not specified the default port (from
+\fI\%port\fP) is used.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ip\-address: \fI<IP address or interface name[@port]>\fP 
+Same as \fI\%interface\fP (for ease of
+compatibility with \fI\%nsd.conf(5)\fP).
+.UNINDENT
+.INDENT 0.0
+.TP
+.B interface\-automatic: \fI<yes or no>\fP 
 Listen on all addresses on all (current and future) interfaces, detect the
-source interface on UDP queries and copy them to replies.  This is a lot like
-ip\-transparent, but this option services all interfaces whilst with
-ip\-transparent you can select which (future) interfaces Unbound provides
-service on.  This feature is experimental, and needs support in your OS for
-particular socket options.  Default value is no.
-.TP
-.B interface\-automatic\-ports: \fI<string>
-List the port numbers that interface-automatic listens on. If empty, the
-default port is listened on. The port numbers are separated by spaces in the
-string. Default is "".
-.IP
+source interface on UDP queries and copy them to replies.
+This is a lot like \fI\%ip\-transparent\fP, but
+this option services all interfaces whilst with
+\fI\%ip\-transparent\fP you can select which
+(future) interfaces Unbound provides service on.
+This feature is experimental, and needs support in your OS for particular
+socket options.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B interface\-automatic\-ports: \fI\(dq<string>\(dq\fP 
+List the port numbers that
+\fI\%interface\-automatic\fP listens on.
+If empty, the default port is listened on.
+The port numbers are separated by spaces in the string.
+.sp
 This can be used to have interface automatic to deal with the interface,
 and listen on the normal port number, by including it in the list, and
-also https or dns over tls port numbers by putting them in the list as well.
-.TP
-.B outgoing\-interface: \fI<ip address or ip6 netblock>
-Interface to use to connect to the network. This interface is used to send
-queries to authoritative servers and receive their replies. Can be given
-multiple times to work on several interfaces. If none are given the
-default (all) is used. You can specify the same interfaces in
-.B interface:
-and
-.B outgoing\-interface:
-lines, the interfaces are then used for both purposes. Outgoing queries are
-sent via a random outgoing interface to counter spoofing.
-.IP
+also HTTPS or DNS\-over\-TLS port numbers by putting them in the list as
+well.
+.sp
+Default: \(dq\(dq
+.UNINDENT
+.INDENT 0.0
+.TP
+.B outgoing\-interface: \fI<IPv4/IPv6 address or IPv6 netblock>\fP 
+Interface to use to connect to the network.
+This interface is used to send queries to authoritative servers and receive
+their replies.
+Can be given multiple times to work on several interfaces.
+If none are given the default (all) is used.
+You can specify the same interfaces in
+\fI\%interface\fP and
+\fI\%outgoing\-interface\fP lines, the
+interfaces are then used for both purposes.
+Outgoing queries are sent via a random outgoing interface to counter
+spoofing.
+.sp
 If an IPv6 netblock is specified instead of an individual IPv6 address,
 outgoing UDP queries will use a randomised source address taken from the
-netblock to counter spoofing. Requires the IPv6 netblock to be routed to the
-host running Unbound, and requires OS support for unprivileged non-local binds
-(currently only supported on Linux). Several netblocks may be specified with
-multiple
-.B outgoing\-interface:
-options, but do not specify both an individual IPv6 address and an IPv6
-netblock, or the randomisation will be compromised.  Consider combining with
-.B prefer\-ip6: yes
-to increase the likelihood of IPv6 nameservers being selected for queries.
+netblock to counter spoofing.
+Requires the IPv6 netblock to be routed to the host running Unbound, and
+requires OS support for unprivileged non\-local binds (currently only
+supported on Linux).
+Several netblocks may be specified with multiple
+\fI\%outgoing\-interface\fP options, but do
+not specify both an individual IPv6 address and an IPv6 netblock, or the
+randomisation will be compromised.
+Consider combining with \fI\%prefer\-ip6: yes\fP to
+increase the likelihood of IPv6 nameservers being selected for queries.
 On Linux you need these two commands to be able to use the freebind socket
 option to receive traffic for the ip6 netblock:
-ip \-6 addr add mynetblock/64 dev lo &&
+.INDENT 7.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+ip \-6 addr add mynetblock/64 dev lo && \e
 ip \-6 route add local mynetblock/64 dev lo
-.TP
-.B outgoing\-range: \fI<number>
-Number of ports to open. This number of file descriptors can be opened per
-thread. Must be at least 1. Default depends on compile options. Larger
-numbers need extra resources from the operating system.  For performance a
-very large value is best, use libevent to make this possible.
-.TP
-.B outgoing\-port\-permit: \fI<port number or range>
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
+.TP
+.B outgoing\-range: \fI<number>\fP 
+Number of ports to open.
+This number of file descriptors can be opened per thread.
+Must be at least 1.
+Default depends on compile options.
+Larger numbers need extra resources from the operating system.
+For performance a very large value is best, use libevent to make this
+possible.
+.sp
+Default: 4096 (libevent) / 960 (minievent) / 48 (windows)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B outgoing\-port\-permit: \fI<port number or range>\fP 
 Permit Unbound to open this port or range of ports for use to send queries.
 A larger number of permitted outgoing ports increases resilience against
-spoofing attempts. Make sure these ports are not needed by other daemons.
-By default only ports above 1024 that have not been assigned by IANA are used.
-Give a port number or a range of the form "low\-high", without spaces.
-.IP
-The \fBoutgoing\-port\-permit\fR and \fBoutgoing\-port\-avoid\fR statements
-are processed in the line order of the config file, adding the permitted ports
-and subtracting the avoided ports from the set of allowed ports.  The
-processing starts with the non IANA allocated ports above 1024 in the set
-of allowed ports.
-.TP
-.B outgoing\-port\-avoid: \fI<port number or range>
+spoofing attempts.
+Make sure these ports are not needed by other daemons.
+By default only ports above 1024 that have not been assigned by IANA are
+used.
+Give a port number or a range of the form \(dqlow\-high\(dq, without spaces.
+.sp
+The \fI\%outgoing\-port\-permit\fP and
+\fI\%outgoing\-port\-avoid\fP statements
+are processed in the line order of the config file, adding the permitted
+ports and subtracting the avoided ports from the set of allowed ports.
+The processing starts with the non IANA allocated ports above 1024 in the
+set of allowed ports.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B outgoing\-port\-avoid: \fI<port number or range>\fP 
 Do not permit Unbound to open this port or range of ports for use to send
-queries. Use this to make sure Unbound does not grab a port that another
-daemon needs. The port is avoided on all outgoing interfaces, both IP4 and IP6.
-By default only ports above 1024 that have not been assigned by IANA are used.
-Give a port number or a range of the form "low\-high", without spaces.
-.TP
-.B outgoing\-num\-tcp: \fI<number>
-Number of outgoing TCP buffers to allocate per thread. Default is 10. If
-set to 0, or if do\-tcp is "no", no TCP queries to authoritative servers
-are done.  For larger installations increasing this value is a good idea.
-.TP
-.B incoming\-num\-tcp: \fI<number>
-Number of incoming TCP buffers to allocate per thread. Default is
-10. If set to 0, or if do\-tcp is "no", no TCP queries from clients are
-accepted. For larger installations increasing this value is a good idea.
-.TP
-.B edns\-buffer\-size: \fI<number>
+queries.
+Use this to make sure Unbound does not grab a port that another daemon
+needs.
+The port is avoided on all outgoing interfaces, both IPv4 and IPv6.
+By default only ports above 1024 that have not been assigned by IANA are
+used.
+Give a port number or a range of the form \(dqlow\-high\(dq, without spaces.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B outgoing\-num\-tcp: \fI<number>\fP 
+Number of outgoing TCP buffers to allocate per thread.
+If set to 0, or if \fI\%do\-tcp: no\fP is set, no TCP
+queries to authoritative servers are done.
+For larger installations increasing this value is a good idea.
+.sp
+Default: 10
+.UNINDENT
+.INDENT 0.0
+.TP
+.B incoming\-num\-tcp: \fI<number>\fP 
+Number of incoming TCP buffers to allocate per thread.
+If set to 0, or if \fI\%do\-tcp: no\fP is set, no TCP
+queries from clients are accepted.
+For larger installations increasing this value is a good idea.
+.sp
+Default: 10
+.UNINDENT
+.INDENT 0.0
+.TP
+.B edns\-buffer\-size: \fI<number>\fP 
 Number of bytes size to advertise as the EDNS reassembly buffer size.
-This is the value put into datagrams over UDP towards peers.  The actual
-buffer size is determined by msg\-buffer\-size (both for TCP and UDP).  Do
-not set higher than that value.  Default is 1232 which is the DNS Flag Day 2020
-recommendation. Setting to 512 bypasses even the most stringent path MTU
-problems, but is seen as extreme, since the amount of TCP fallback generated is
-excessive (probably also for this resolver, consider tuning the outgoing tcp
-number).
-.TP
-.B max\-udp\-size: \fI<number>
-Maximum UDP response size (not applied to TCP response).  65536 disables the
-udp response size maximum, and uses the choice from the client, always.
-Suggested values are 512 to 4096. Default is 1232. The default value is the
-same as the default for edns\-buffer\-size.
-.TP
-.B stream\-wait\-size: \fI<number>
-Number of bytes size maximum to use for waiting stream buffers.  Default is
-4 megabytes.  A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes,
-megabytes or gigabytes (1024*1024 bytes in a megabyte).  As TCP and TLS streams
-queue up multiple results, the amount of memory used for these buffers does
-not exceed this number, otherwise the responses are dropped.  This manages
-the total memory usage of the server (under heavy use), the number of requests
-that can be queued up per connection is also limited, with further requests
-waiting in TCP buffers.
-.TP
-.B msg\-buffer\-size: \fI<number>
-Number of bytes size of the message buffers. Default is 65552 bytes, enough
-for 64 Kb packets, the maximum DNS message size. No message larger than this
-can be sent or received. Can be reduced to use less memory, but some requests
-for DNS data, such as for huge resource records, will result in a SERVFAIL
-reply to the client.
-.TP
-.B msg\-cache\-size: \fI<number>
-Number of bytes size of the message cache. Default is 4 megabytes.
-A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes
+This is the value put into datagrams over UDP towards peers.
+The actual buffer size is determined by
+\fI\%msg\-buffer\-size\fP (both for TCP and
+UDP).
+Do not set higher than that value.
+Setting to 512 bypasses even the most stringent path MTU problems, but is
+seen as extreme, since the amount of TCP fallback generated is excessive
+(probably also for this resolver, consider tuning
+\fI\%outgoing\-num\-tcp\fP).
+.sp
+Default: 1232 (\fI\%DNS Flag Day 2020 recommendation\fP)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B max\-udp\-size: \fI<number>\fP 
+Maximum UDP response size (not applied to TCP response).
+65536 disables the UDP response size maximum, and uses the choice from the
+client, always.
+Suggested values are 512 to 4096.
+.sp
+Default: 1232 (same as \fI\%edns\-buffer\-size\fP)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B stream\-wait\-size: \fI<number>\fP 
+Number of bytes size maximum to use for waiting stream buffers.
+A plain number is in bytes, append \(aqk\(aq, \(aqm\(aq or \(aqg\(aq for kilobytes, megabytes
 or gigabytes (1024*1024 bytes in a megabyte).
-.TP
-.B msg\-cache\-slabs: \fI<number>
-Number of slabs in the message cache. Slabs reduce lock contention by threads.
-Must be set to a power of 2. Setting (close) to the number of cpus is a
-reasonable guess.
-.TP
-.B num\-queries\-per\-thread: \fI<number>
+As TCP and TLS streams queue up multiple results, the amount of memory used
+for these buffers does not exceed this number, otherwise the responses are
+dropped.
+This manages the total memory usage of the server (under heavy use), the
+number of requests that can be queued up per connection is also limited,
+with further requests waiting in TCP buffers.
+.sp
+Default: 4m
+.UNINDENT
+.INDENT 0.0
+.TP
+.B msg\-buffer\-size: \fI<number>\fP 
+Number of bytes size of the message buffers.
+Default is 65552 bytes, enough for 64 Kb packets, the maximum DNS message
+size.
+No message larger than this can be sent or received.
+Can be reduced to use less memory, but some requests for DNS data, such as
+for huge resource records, will result in a SERVFAIL reply to the client.
+.sp
+Default: 65552
+.UNINDENT
+.INDENT 0.0
+.TP
+.B msg\-cache\-size: \fI<number>\fP 
+Number of bytes size of the message cache.
+A plain number is in bytes, append \(aqk\(aq, \(aqm\(aq or \(aqg\(aq for kilobytes, megabytes
+or gigabytes (1024*1024 bytes in a megabyte).
+.sp
+Default: 4m
+.UNINDENT
+.INDENT 0.0
+.TP
+.B msg\-cache\-slabs: \fI<number>\fP 
+Number of slabs in the message cache.
+Slabs reduce lock contention by threads.
+Must be set to a power of 2.
+Setting (close) to the number of cpus is a fairly good setting.
+If left unconfigured, it will be configured automatically to be a power of
+2 close to the number of configured threads in multi\-threaded environments.
+.sp
+Default: (unconfigured)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B num\-queries\-per\-thread: \fI<number>\fP 
 The number of queries that every thread will service simultaneously.
-If more queries arrive that need servicing, and no queries can be jostled out
-(see \fIjostle\-timeout\fR), then the queries are dropped. This forces
-the client to resend after a timeout; allowing the server time to work on
-the existing queries. Default depends on compile options, 512 or 1024.
-.TP
-.B jostle\-timeout: \fI<msec>
-Timeout used when the server is very busy.  Set to a value that usually
-results in one roundtrip to the authority servers.  If too many queries
-arrive, then 50% of the queries are allowed to run to completion, and
-the other 50% are replaced with the new incoming query if they have already
-spent more than their allowed time.  This protects against denial of
-service by slow queries or high query rates.  Default 200 milliseconds.
-The effect is that the qps for long-lasting queries is about
-(numqueriesperthread / 2) / (average time for such long queries) qps.
-The qps for short queries can be about (numqueriesperthread / 2)
-/ (jostletimeout in whole seconds) qps per thread, about (1024/2)*5 = 2560
-qps by default.
-.TP
-.B delay\-close: \fI<msec>
+If more queries arrive that need servicing, and no queries can be jostled
+out (see \fI\%jostle\-timeout\fP), then the
+queries are dropped.
+This forces the client to resend after a timeout; allowing the server time
+to work on the existing queries.
+Default depends on compile options.
+.sp
+Default: 2048 (libevent) / 512 (minievent) / 24 (windows)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B jostle\-timeout: \fI<msec>\fP 
+Timeout used when the server is very busy.
+Set to a value that usually results in one roundtrip to the authority
+servers.
+.sp
+If too many queries arrive, then 50% of the queries are allowed to run to
+completion, and the other 50% are replaced with the new incoming query if
+they have already spent more than their allowed time.
+This protects against denial of service by slow queries or high query
+rates.
+.sp
+The effect is that the qps for long\-lasting queries is about:
+.INDENT 7.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+(num\-queries\-per\-thread / 2) / (average time for such long queries) qps
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+The qps for short queries can be about:
+.INDENT 7.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+(num\-queries\-per\-thread / 2) / (jostle\-timeout in whole seconds) qps per thread
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+about (2048/2)*5 = 5120 qps by default.
+.sp
+Default: 200
+.UNINDENT
+.INDENT 0.0
+.TP
+.B delay\-close: \fI<msec>\fP 
 Extra delay for timeouted UDP ports before they are closed, in msec.
-Default is 0, and that disables it.  This prevents very delayed answer
-packets from the upstream (recursive) servers from bouncing against
-closed ports and setting off all sort of close-port counters, with
-eg. 1500 msec.  When timeouts happen you need extra sockets, it checks
-the ID and remote IP of packets, and unwanted packets are added to the
-unwanted packet counter.
-.TP
-.B udp\-connect: \fI<yes or no>
-Perform connect for UDP sockets that mitigates ICMP side channel leakage.
-Default is yes.
-.TP
-.B unknown\-server\-time\-limit: \fI<msec>
+This prevents very delayed answer packets from the upstream (recursive)
+servers from bouncing against closed ports and setting off all sort of
+close\-port counters, with eg. 1500 msec.
+When timeouts happen you need extra sockets, it checks the ID and remote IP
+of packets, and unwanted packets are added to the unwanted packet counter.
+.sp
+Default: 0 (disabled)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B udp\-connect: \fI<yes or no>\fP 
+Perform \fIconnect(2)\fP for UDP sockets that mitigates ICMP side channel
+leakage.
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B unknown\-server\-time\-limit: \fI<msec>\fP 
 The wait time in msec for waiting for an unknown server to reply.
 Increase this if you are behind a slow satellite link, to eg. 1128.
 That would then avoid re\-querying every initial query because it times out.
-Default is 376 msec.
-.TP
-.B discard\-timeout: \fI<msec>
-The wait time in msec where recursion requests are dropped. This is
-to stop a large number of replies from accumulating. They receive
-no reply, the work item continues to recurse. It is nice to be a bit
-larger than serve\-expired\-client\-timeout if that is enabled.
-A value of 1900 msec is suggested. The value 0 disables it.
-Default 1900 msec.
-.TP
-.B wait\-limit: \fI<number>
+.sp
+Default: 376
+.UNINDENT
+.INDENT 0.0
+.TP
+.B discard\-timeout: \fI<msec>\fP 
+The wait time in msec where recursion requests are dropped.
+This is to stop a large number of replies from accumulating.
+They receive no reply, the work item continues to recurse.
+It is nice to be a bit larger than
+\fI\%serve\-expired\-client\-timeout\fP
+if that is enabled.
+A value of \fB1900\fP msec is suggested.
+The value \fB0\fP disables it.
+.sp
+Default: 1900
+.UNINDENT
+.INDENT 0.0
+.TP
+.B wait\-limit: \fI<number>\fP 
 The number of replies that can wait for recursion, for an IP address.
 This makes a ratelimit per IP address of waiting replies for recursion.
 It stops very large amounts of queries waiting to be returned to one
-destination. The value 0 disables wait limits. Default is 1000.
+destination.
+The value \fB0\fP disables wait limits.
+.sp
+Default: 1000
+.UNINDENT
+.INDENT 0.0
 .TP
-.B wait\-limit\-cookie: \fI<number>
+.B wait\-limit\-cookie: \fI<number>\fP 
 The number of replies that can wait for recursion, for an IP address
-that sent the query with a valid DNS cookie. Since the cookie validates
-the client address, the limit can be higher. Default is 10000.
-.TP
-.B wait\-limit\-netblock: \fI<netblock> <number>
-The wait limit for the netblock. If not given the wait\-limit value is
-used. The most specific netblock is used to determine the limit. Useful for
-overriding the default for a specific, group or individual, server.
-The value -1 disables wait limits for the netblock.
-By default the loopback has a wait limit netblock of -1, it is not limited,
-because it is separated from the rest of network for spoofed packets.
-The loopback addresses 127.0.0.0/8 and ::1/128 are default at -1.
-.TP
-.B wait\-limit\-cookie\-netblock: \fI<netblock> <number>
-The wait limit for the netblock, when the query has a DNS cookie.
-If not given, the wait\-limit\-cookie value is used.
-The value -1 disables wait limits for the netblock.
-The loopback addresses 127.0.0.0/8 and ::1/128 are default at -1.
-.TP
-.B so\-rcvbuf: \fI<number>
-If not 0, then set the SO_RCVBUF socket option to get more buffer
-space on UDP port 53 incoming queries.  So that short spikes on busy
-servers do not drop packets (see counter in netstat \-su).  Default is
-0 (use system value).  Otherwise, the number of bytes to ask for, try
-"4m" on a busy server.  The OS caps it at a maximum, on linux Unbound
-needs root permission to bypass the limit, or the admin can use sysctl
-net.core.rmem_max.  On BSD change kern.ipc.maxsockbuf in /etc/sysctl.conf.
-On OpenBSD change header and recompile kernel. On Solaris ndd \-set
-/dev/udp udp_max_buf 8388608.
-.TP
-.B so\-sndbuf: \fI<number>
+that sent the query with a valid DNS Cookie.
+Since the cookie validates the client address, this limit can be higher.
+.sp
+Default: 10000
+.UNINDENT
+.INDENT 0.0
+.TP
+.B wait\-limit\-netblock: \fI<netblock>\fP \fI<number>\fP 
+The wait limit for the netblock.
+If not given the
+\fI\%wait\-limit\fP
+value is used.
+The most specific netblock is used to determine the limit.
+Useful for overriding the default for a specific, group or individual,
+server.
+The value \fB\-1\fP disables wait limits for the netblock.
+By default the loopback has a wait limit netblock of \fB\-1\fP, it is not
+limited, because it is separated from the rest of network for spoofed
+packets.
+The loopback addresses \fB127.0.0.0/8\fP and \fB::1/128\fP are default at \fB\-1\fP\&.
+.sp
+Default: (none)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B wait\-limit\-cookie\-netblock: \fI<netblock>\fP \fI<number>\fP 
+The wait limit for the netblock, when the query has a DNS Cookie.
+If not given, the
+\fI\%wait\-limit\-cookie\fP
+value is used.
+The value \fB\-1\fP disables wait limits for the netblock.
+The loopback addresses \fB127.0.0.0/8\fP and \fB::1/128\fP are default at \fB\-1\fP\&.
+.sp
+Default: (none)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B so\-rcvbuf: \fI<number>\fP 
+If not 0, then set the SO_RCVBUF socket option to get more buffer space on
+UDP port 53 incoming queries.
+So that short spikes on busy servers do not drop packets (see counter in
+\fBnetstat \-su\fP).
+Otherwise, the number of bytes to ask for, try \(dq4m\(dq on a busy server.
+.sp
+The OS caps it at a maximum, on linux Unbound needs root permission to
+bypass the limit, or the admin can use \fBsysctl net.core.rmem_max\fP\&.
+.sp
+On BSD change \fBkern.ipc.maxsockbuf\fP in \fB/etc/sysctl.conf\fP\&.
+.sp
+On OpenBSD change header and recompile kernel.
+.sp
+On Solaris \fBndd \-set /dev/udp udp_max_buf 8388608\fP\&.
+.sp
+Default: 0 (use system value)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B so\-sndbuf: \fI<number>\fP 
 If not 0, then set the SO_SNDBUF socket option to get more buffer space on
-UDP port 53 outgoing queries.  This for very busy servers handles spikes
-in answer traffic, otherwise 'send: resource temporarily unavailable'
-can get logged, the buffer overrun is also visible by netstat \-su.
-Default is 0 (use system value).  Specify the number of bytes to ask
-for, try "4m" on a very busy server.  The OS caps it at a maximum, on
-linux Unbound needs root permission to bypass the limit, or the admin
-can use sysctl net.core.wmem_max.  On BSD, Solaris changes are similar
-to so\-rcvbuf.
-.TP
-.B so\-reuseport: \fI<yes or no>
+UDP port 53 outgoing queries.
+This for very busy servers handles spikes in answer traffic, otherwise:
+.INDENT 7.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+send: resource temporarily unavailable
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+can get logged, the buffer overrun is also visible by \fBnetstat \-su\fP\&.
+If set to 0 it uses the system value.
+Specify the number of bytes to ask for, try \(dq8m\(dq on a very busy server.
+.sp
+It needs some space to be able to deal with packets that wait for local
+address resolution, from like ARP and NDP discovery, before they are sent
+out, hence it is elevated above the system default by default.
+.sp
+The OS caps it at a maximum, on linux Unbound needs root permission to
+bypass the limit, or the admin can use \fBsysctl net.core.wmem_max\fP\&.
+.sp
+On BSD, Solaris changes are similar to
+\fI\%so\-rcvbuf\fP\&.
+.sp
+Default: 4m
+.UNINDENT
+.INDENT 0.0
+.TP
+.B so\-reuseport: \fI<yes or no>\fP 
 If yes, then open dedicated listening sockets for incoming queries for each
-thread and try to set the SO_REUSEPORT socket option on each socket.  May
-distribute incoming queries to threads more evenly.  Default is yes.
-On Linux it is supported in kernels >= 3.9.  On other systems, FreeBSD, OSX
-it may also work.  You can enable it (on any platform and kernel),
-it then attempts to open the port and passes the option if it was available
-at compile time, if that works it is used, if it fails, it continues
-silently (unless verbosity 3) without the option.
+thread and try to set the SO_REUSEPORT socket option on each socket.
+May distribute incoming queries to threads more evenly.
+.sp
+On Linux it is supported in kernels >= 3.9.
+.sp
+On other systems, FreeBSD, OSX it may also work.
+.sp
+You can enable it (on any platform and kernel), it then attempts to open
+the port and passes the option if it was available at compile time, if that
+works it is used, if it fails, it continues silently (unless verbosity 3)
+without the option.
+.sp
 At extreme load it could be better to turn it off to distribute the queries
 evenly, reported for Linux systems (4.4.x).
-.TP
-.B ip\-transparent: \fI<yes or no>
-If yes, then use IP_TRANSPARENT socket option on sockets where Unbound
-is listening for incoming traffic.  Default no.  Allows you to bind to
-non\-local interfaces.  For example for non\-existent IP addresses that
-are going to exist later on, with host failover configuration.  This is
-a lot like interface\-automatic, but that one services all interfaces
-and with this option you can select which (future) interfaces Unbound
-provides service on.  This option needs Unbound to be started with root
-permissions on some systems.  The option uses IP_BINDANY on FreeBSD systems
-and SO_BINDANY on OpenBSD systems.
-.TP
-.B ip\-freebind: \fI<yes or no>
-If yes, then use IP_FREEBIND socket option on sockets where Unbound
-is listening to incoming traffic.  Default no.  Allows you to bind to
-IP addresses that are nonlocal or do not exist, like when the network
-interface or IP address is down.  Exists only on Linux, where the similar
-ip\-transparent option is also available.
-.TP
-.B ip-dscp: \fI<number>
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ip\-transparent: \fI<yes or no>\fP 
+If yes, then use IP_TRANSPARENT socket option on sockets where Unbound is
+listening for incoming traffic.
+Allows you to bind to non\-local interfaces.
+For example for non\-existent IP addresses that are going to exist later on,
+with host failover configuration.
+.sp
+This is a lot like
+\fI\%interface\-automatic\fP, but that one
+services all interfaces and with this option you can select which (future)
+interfaces Unbound provides service on.
+.sp
+This option needs Unbound to be started with root permissions on some
+systems.
+The option uses IP_BINDANY on FreeBSD systems and SO_BINDANY on OpenBSD
+systems.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ip\-freebind: \fI<yes or no>\fP 
+If yes, then use IP_FREEBIND socket option on sockets where Unbound is
+listening to incoming traffic.
+Allows you to bind to IP addresses that are nonlocal or do not exist, like
+when the network interface or IP address is down.
+.sp
+Exists only on Linux, where the similar
+\fI\%ip\-transparent\fP option is also
+available.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ip\-dscp: \fI<number>\fP 
 The value of the Differentiated Services Codepoint (DSCP) in the
 differentiated services field (DS) of the outgoing IP packet headers.
-The field replaces the outdated IPv4 Type-Of-Service field and the
-IPv6 traffic class field.
-.TP
-.B rrset\-cache\-size: \fI<number>
-Number of bytes size of the RRset cache. Default is 4 megabytes.
-A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes
+The field replaces the outdated IPv4 Type\-Of\-Service field and the IPv6
+traffic class field.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B rrset\-cache\-size: \fI<number>\fP 
+Number of bytes size of the RRset cache.
+A plain number is in bytes, append \(aqk\(aq, \(aqm\(aq or \(aqg\(aq for kilobytes, megabytes
 or gigabytes (1024*1024 bytes in a megabyte).
-.TP
-.B rrset\-cache\-slabs: \fI<number>
-Number of slabs in the RRset cache. Slabs reduce lock contention by threads.
+.sp
+Default: 4m
+.UNINDENT
+.INDENT 0.0
+.TP
+.B rrset\-cache\-slabs: \fI<number>\fP 
+Number of slabs in the RRset cache.
+Slabs reduce lock contention by threads.
 Must be set to a power of 2.
-.TP
-.B cache\-max\-ttl: \fI<seconds>
-Time to live maximum for RRsets and messages in the cache. Default is
-86400 seconds (1 day).  When the TTL expires, the cache item has expired.
+Setting (close) to the number of cpus is a fairly good setting.
+If left unconfigured, it will be configured automatically to be a power of
+2 close to the number of configured threads in multi\-threaded environments.
+.sp
+Default: (unconfigured)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B cache\-max\-ttl: \fI<seconds>\fP 
+Time to live maximum for RRsets and messages in the cache.
+When the TTL expires, the cache item has expired.
 Can be set lower to force the resolver to query for data often, and not
-trust (very large) TTL values.  Downstream clients also see the lower TTL.
-.TP
-.B cache\-min\-ttl: \fI<seconds>
-Time to live minimum for RRsets and messages in the cache. Default is 0.
+trust (very large) TTL values.
+Downstream clients also see the lower TTL.
+.sp
+Default: 86400 (1 day)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B cache\-min\-ttl: \fI<seconds>\fP 
+Time to live minimum for RRsets and messages in the cache.
 If the minimum kicks in, the data is cached for longer than the domain
 owner intended, and thus less queries are made to look up the data.
 Zero makes sure the data in the cache is as the domain owner intended,
 higher values, especially more than an hour or so, can lead to trouble as
 the data in the cache does not match up with the actual data any more.
+.sp
+Default: 0 (disabled)
+.UNINDENT
+.INDENT 0.0
 .TP
-.B cache\-max\-negative\-ttl: \fI<seconds>
+.B cache\-max\-negative\-ttl: \fI<seconds>\fP 
 Time to live maximum for negative responses, these have a SOA in the
-authority section that is limited in time.  Default is 3600.
-This applies to nxdomain and nodata answers.
+authority section that is limited in time.
+This applies to NXDOMAIN and NODATA answers.
+.sp
+Default: 3600
+.UNINDENT
+.INDENT 0.0
 .TP
-.B cache\-min\-negative\-ttl: \fI<seconds>
+.B cache\-min\-negative\-ttl: \fI<seconds>\fP 
 Time to live minimum for negative responses, these have a SOA in the
 authority section that is limited in time.
-Default is 0 (disabled).
-If this is disabled and \fBcache-min-ttl\fR is configured, it will take effect
-instead.
-In that case you can set this to 1 to honor the upstream TTL.
-This applies to nxdomain and nodata answers.
-.TP
-.B infra\-host\-ttl: \fI<seconds>
-Time to live for entries in the host cache. The host cache contains
-roundtrip timing, lameness and EDNS support information. Default is 900.
-.TP
-.B infra\-cache\-slabs: \fI<number>
-Number of slabs in the infrastructure cache. Slabs reduce lock contention
-by threads. Must be set to a power of 2.
-.TP
-.B infra\-cache\-numhosts: \fI<number>
-Number of hosts for which information is cached. Default is 10000.
-.TP
-.B infra\-cache\-min\-rtt: \fI<msec>
+If this is disabled and
+\fI\%cache\-min\-ttl\fP
+is configured, it will take effect instead.
+In that case you can set this to \fB1\fP to honor the upstream TTL.
+This applies to NXDOMAIN and NODATA answers.
+.sp
+Default: 0 (disabled)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B infra\-host\-ttl: \fI<seconds>\fP 
+Time to live for entries in the host cache.
+The host cache contains roundtrip timing, lameness and EDNS support
+information.
+.sp
+Default: 900
+.UNINDENT
+.INDENT 0.0
+.TP
+.B infra\-cache\-slabs: \fI<number>\fP 
+Number of slabs in the infrastructure cache.
+Slabs reduce lock contention by threads.
+Must be set to a power of 2.
+Setting (close) to the number of cpus is a fairly good setting.
+If left unconfigured, it will be configured automatically to be a power of
+2 close to the number of configured threads in multi\-threaded environments.
+.sp
+Default: (unconfigured)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B infra\-cache\-numhosts: \fI<number>\fP 
+Number of hosts for which information is cached.
+.sp
+Default: 10000
+.UNINDENT
+.INDENT 0.0
+.TP
+.B infra\-cache\-min\-rtt: \fI<msec>\fP 
 Lower limit for dynamic retransmit timeout calculation in infrastructure
-cache. Default is 50 milliseconds. Increase this value if using forwarders
-needing more time to do recursive name resolution.
-.TP
-.B infra\-cache\-max\-rtt: \fI<msec>
+cache.
+Increase this value if using forwarders needing more time to do recursive
+name resolution.
+.sp
+Default: 50
+.UNINDENT
+.INDENT 0.0
+.TP
+.B infra\-cache\-max\-rtt: \fI<msec>\fP 
 Upper limit for dynamic retransmit timeout calculation in infrastructure
-cache. Default is 2 minutes.
+cache.
+.sp
+Default: 120000 (2 minutes)
+.UNINDENT
+.INDENT 0.0
 .TP
-.B infra\-keep\-probing: \fI<yes or no>
+.B infra\-keep\-probing: \fI<yes or no>\fP 
 If enabled the server keeps probing hosts that are down, in the one probe
-at a time regime.  Default is no.  Hosts that are down, eg. they did
-not respond during the one probe at a time period, are marked as down and
-it may take \fBinfra\-host\-ttl\fR time to get probed again.
-.TP
-.B define\-tag: \fI<"list of tags">
-Define the tags that can be used with local\-zone and access\-control.
-Enclose the list between quotes ("") and put spaces between tags.
-.TP
-.B do\-ip4: \fI<yes or no>
-Enable or disable whether ip4 queries are answered or issued. Default is yes.
-.TP
-.B do\-ip6: \fI<yes or no>
-Enable or disable whether ip6 queries are answered or issued. Default is yes.
+at a time regime.
+Hosts that are down, eg. they did not respond during the one probe at a
+time period, are marked as down and it may take
+\fI\%infra\-host\-ttl\fP time to get probed
+again.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B define\-tag: \fI\(dq<list of tags>\(dq\fP 
+Define the tags that can be used with
+\fI\%local\-zone\fP and
+\fI\%access\-control\fP\&.
+Enclose the list between quotes (\fB\(dq\(dq\fP) and put spaces between tags.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B do\-ip4: \fI<yes or no>\fP 
+Enable or disable whether IPv4 queries are answered or issued.
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B do\-ip6: \fI<yes or no>\fP 
+Enable or disable whether IPv6 queries are answered or issued.
 If disabled, queries are not answered on IPv6, and queries are not sent on
-IPv6 to the internet nameservers.  With this option you can disable the
-IPv6 transport for sending DNS traffic, it does not impact the contents of
-the DNS traffic, which may have ip4 and ip6 addresses in it.
-.TP
-.B prefer\-ip4: \fI<yes or no>
+IPv6 to the internet nameservers.
+With this option you can disable the IPv6 transport for sending DNS
+traffic, it does not impact the contents of the DNS traffic, which may have
+IPv4 (A) and IPv6 (AAAA) addresses in it.
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B prefer\-ip4: \fI<yes or no>\fP 
 If enabled, prefer IPv4 transport for sending DNS queries to internet
-nameservers. Default is no.  Useful if the IPv6 netblock the server has,
-the entire /64 of that is not owned by one operator and the reputation of
-the netblock /64 is an issue, using IPv4 then uses the IPv4 filters that
-the upstream servers have.
-.TP
-.B prefer\-ip6: \fI<yes or no>
+nameservers.
+Useful if the IPv6 netblock the server has, the entire /64 of that is not
+owned by one operator and the reputation of the netblock /64 is an issue,
+using IPv4 then uses the IPv4 filters that the upstream servers have.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B prefer\-ip6: \fI<yes or no>\fP 
 If enabled, prefer IPv6 transport for sending DNS queries to internet
-nameservers. Default is no.
-.TP
-.B do\-udp: \fI<yes or no>
-Enable or disable whether UDP queries are answered or issued. Default is yes.
-.TP
-.B do\-tcp: \fI<yes or no>
-Enable or disable whether TCP queries are answered or issued. Default is yes.
-.TP
-.B tcp\-mss: \fI<number>
-Maximum segment size (MSS) of TCP socket on which the server responds
-to queries. Value lower than common MSS on Ethernet
-(1220 for example) will address path MTU problem.
+nameservers.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B do\-udp: \fI<yes or no>\fP 
+Enable or disable whether UDP queries are answered or issued.
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B do\-tcp: \fI<yes or no>\fP 
+Enable or disable whether TCP queries are answered or issued.
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B tcp\-mss: \fI<number>\fP 
+Maximum segment size (MSS) of TCP socket on which the server responds to
+queries.
+Value lower than common MSS on Ethernet (1220 for example) will address
+path MTU problem.
 Note that not all platform supports socket option to set MSS (TCP_MAXSEG).
-Default is system default MSS determined by interface MTU and
-negotiation between server and client.
-.TP
-.B outgoing\-tcp\-mss: \fI<number>
-Maximum segment size (MSS) of TCP socket for outgoing queries
-(from Unbound to other servers). Value lower than
-common MSS on Ethernet (1220 for example) will address path MTU problem.
+Default is system default MSS determined by interface MTU and negotiation
+between server and client.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B outgoing\-tcp\-mss: \fI<number>\fP 
+Maximum segment size (MSS) of TCP socket for outgoing queries (from Unbound
+to other servers).
+Value lower than common MSS on Ethernet (1220 for example) will address
+path MTU problem.
 Note that not all platform supports socket option to set MSS (TCP_MAXSEG).
-Default is system default MSS determined by interface MTU and
-negotiation between Unbound and other servers.
+Default is system default MSS determined by interface MTU and negotiation
+between Unbound and other servers.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B tcp-idle-timeout: \fI<msec>\fR
+.B tcp\-idle\-timeout: \fI<msec>\fP 
 The period Unbound will wait for a query on a TCP connection.
 If this timeout expires Unbound closes the connection.
-This option defaults to 30000 milliseconds.
-When the number of free incoming TCP buffers falls below 50% of the
-total number configured, the option value used is progressively
-reduced, first to 1% of the configured value, then to 0.2% of the
-configured value if the number of free buffers falls below 35% of the
-total number configured, and finally to 0 if the number of free buffers
-falls below 20% of the total number configured. A minimum timeout of
-200 milliseconds is observed regardless of the option value used.
-It will be overridden by \fBedns\-tcp\-keepalive\-timeout\fR if
-\fBedns\-tcp\-keepalive\fR is enabled.
-.TP
-.B tcp-reuse-timeout: \fI<msec>\fR
-The period Unbound will keep TCP persistent connections open to
-authority servers. This option defaults to 60000 milliseconds.
-.TP
-.B max-reuse-tcp-queries: \fI<number>\fR
+When the number of free incoming TCP buffers falls below 50% of the total
+number configured, the option value used is progressively reduced, first to
+1% of the configured value, then to 0.2% of the configured value if the
+number of free buffers falls below 35% of the total number configured, and
+finally to 0 if the number of free buffers falls below 20% of the total
+number configured.
+A minimum timeout of 200 milliseconds is observed regardless of the option
+value used.
+It will be overridden by
+\fI\%edns\-tcp\-keepalive\-timeout\fP
+if
+\fI\%edns\-tcp\-keepalive\fP
+is enabled.
+.sp
+Default: 30000 (30 seconds)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B tcp\-reuse\-timeout: \fI<msec>\fP 
+The period Unbound will keep TCP persistent connections open to authority
+servers.
+.sp
+Default: 60000 (60 seconds)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B max\-reuse\-tcp\-queries: \fI<number>\fP 
 The maximum number of queries that can be sent on a persistent TCP
 connection.
-This option defaults to 200 queries.
+.sp
+Default: 200
+.UNINDENT
+.INDENT 0.0
 .TP
-.B tcp-auth-query-timeout: \fI<number>\fR
+.B tcp\-auth\-query\-timeout: \fI<number>\fP 
 Timeout in milliseconds for TCP queries to auth servers.
-This option defaults to 3000 milliseconds.
-.TP
-.B edns-tcp-keepalive: \fI<yes or no>\fR
-Enable or disable EDNS TCP Keepalive. Default is no.
-.TP
-.B edns-tcp-keepalive-timeout: \fI<msec>\fR
-Overrides \fBtcp\-idle\-timeout\fR when \fBedns\-tcp\-keepalive\fR is enabled.
+.sp
+Default: 3000 (3 seconds)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B edns\-tcp\-keepalive: \fI<yes or no>\fP 
+Enable or disable EDNS TCP Keepalive.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B edns\-tcp\-keepalive\-timeout: \fI<msec>\fP 
+Overrides
+\fI\%tcp\-idle\-timeout\fP
+when
+\fI\%edns\-tcp\-keepalive\fP
+is enabled.
 If the client supports the EDNS TCP Keepalive option,
-Unbound sends the timeout value to the client to encourage it to
-close the connection before the server times out.
-This option defaults to 120000 milliseconds.
-.TP
-.B sock\-queue\-timeout: \fI<sec>\fR
+If the client supports the EDNS TCP Keepalive option, Unbound sends the
+timeout value to the client to encourage it to close the connection before
+the server times out.
+.sp
+Default: 120000 (2 minutes)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B sock\-queue\-timeout: \fI<sec>\fP 
 UDP queries that have waited in the socket buffer for a long time can be
-dropped. Default is 0, disabled. The time is set in seconds, 3 could be a
-good value to ignore old queries that likely the client does not need a reply
-for any more. This could happen if the host has not been able to service
-the queries for a while, i.e. Unbound is not running, and then is enabled
-again. It uses timestamp socket options.
-.TP
-.B tcp\-upstream: \fI<yes or no>
+dropped.
+The time is set in seconds, 3 could be a good value to ignore old queries
+that likely the client does not need a reply for any more.
+This could happen if the host has not been able to service the queries for
+a while, i.e. Unbound is not running, and then is enabled again.
+It uses timestamp socket options.
+The socket option is available on the Linux and FreeBSD platforms.
+.sp
+Default: 0 (disabled)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B tcp\-upstream: \fI<yes or no>\fP 
 Enable or disable whether the upstream queries use TCP only for transport.
-Default is no.  Useful in tunneling scenarios. If set to no you can specify
-TCP transport only for selected forward or stub zones using forward-tcp-upstream
-or stub-tcp-upstream respectively.
-.TP
-.B udp\-upstream\-without\-downstream: \fI<yes or no>
-Enable udp upstream even if do-udp is no.  Default is no, and this does not
-change anything.  Useful for TLS service providers, that want no udp downstream
-but use udp to fetch data upstream.
-.TP
-.B tls\-upstream: \fI<yes or no>
+Useful in tunneling scenarios.
+If set to no you can specify TCP transport only for selected forward or
+stub zones using
+\fI\%forward\-tcp\-upstream\fP or
+\fI\%stub\-tcp\-upstream\fP
+respectively.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B udp\-upstream\-without\-downstream: \fI<yes or no>\fP 
+Enable UDP upstream even if \fI\%do\-udp: no\fP is set.
+Useful for TLS service providers, that want no UDP downstream but use UDP
+to fetch data upstream.
+.sp
+Default: no (no changes)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B tls\-upstream: \fI<yes or no>\fP 
 Enabled or disable whether the upstream queries use TLS only for transport.
-Default is no.  Useful in tunneling scenarios.  The TLS contains plain DNS in
-TCP wireformat.  The other server must support this (see
-\fBtls\-service\-key\fR).
-If you enable this, also configure a tls\-cert\-bundle or use tls\-win\-cert or
-tls\-system\-cert to load CA certs, otherwise the connections cannot be
-authenticated. This option enables TLS for all of them, but if you do not set
-this you can configure TLS specifically for some forward zones with
-forward\-tls\-upstream.  And also with stub\-tls\-upstream.
-If the tls\-upstream option is enabled, it is for all the forwards and stubs,
-where the forward\-tls\-upstream and stub\-tls\-upstream options are ignored,
-as if they had been set to yes.
-.TP
-.B ssl\-upstream: \fI<yes or no>
-Alternate syntax for \fBtls\-upstream\fR.  If both are present in the config
-file the last is used.
-.TP
-.B tls\-service\-key: \fI<file>
-If enabled, the server provides DNS-over-TLS or DNS-over-HTTPS service on the
-TCP ports marked implicitly or explicitly for these services with tls\-port or
-https\-port. The file must contain the private key for the TLS session, the
-public certificate is in the tls\-service\-pem file and it must also be
-specified if tls\-service\-key is specified.  The default is "", turned off.
-Enabling or disabling this service requires a restart (a reload is not enough),
-because the key is read while root permissions are held and before chroot (if any).
-The ports enabled implicitly or explicitly via \fBtls\-port:\fR and
-\fBhttps\-port:\fR do not provide normal DNS TCP service. Unbound needs to be
-compiled with libnghttp2 in order to provide DNS-over-HTTPS.
-.TP
-.B ssl\-service\-key: \fI<file>
-Alternate syntax for \fBtls\-service\-key\fR.
-.TP
-.B tls\-service\-pem: \fI<file>
-The public key certificate pem file for the tls service.  Default is "",
-turned off.
-.TP
-.B ssl\-service\-pem: \fI<file>
-Alternate syntax for \fBtls\-service\-pem\fR.
-.TP
-.B tls\-port: \fI<number>
-The port number on which to provide TCP TLS service, default 853, only
-interfaces configured with that port number as @number get the TLS service.
-.TP
-.B ssl\-port: \fI<number>
-Alternate syntax for \fBtls\-port\fR.
-.TP
-.B tls\-cert\-bundle: \fI<file>
-If null or "", no file is used.  Set it to the certificate bundle file,
-for example "/etc/pki/tls/certs/ca\-bundle.crt".  These certificates are used
-for authenticating connections made to outside peers.  For example auth\-zone
-urls, and also DNS over TLS connections.  It is read at start up before
-permission drop and chroot.
-.TP
-.B ssl\-cert\-bundle: \fI<file>
-Alternate syntax for \fBtls\-cert\-bundle\fR.
-.TP
-.B tls\-win\-cert: \fI<yes or no>
-Add the system certificates to the cert bundle certificates for authentication.
-If no cert bundle, it uses only these certificates.  Default is no.
-On windows this option uses the certificates from the cert store.  Use
-the tls\-cert\-bundle option on other systems. On other systems, this option
-enables the system certificates.
-.TP
-.B tls\-system\-cert: \fI<yes or no>
-This the same setting as the tls\-win\-cert setting, under a different name.
+Useful in tunneling scenarios.
+The TLS contains plain DNS in TCP wireformat.
+The other server must support this (see
+\fI\%tls\-service\-key\fP).
+.sp
+If you enable this, also configure a
+\fI\%tls\-cert\-bundle\fP or use
+\fI\%tls\-win\-cert\fP or
+\fI\%tls\-system\-cert\fP to load CA certs,
+otherwise the connections cannot be authenticated.
+.sp
+This option enables TLS for all of them, but if you do not set this you can
+configure TLS specifically for some forward zones with
+\fI\%forward\-tls\-upstream\fP\&.
+And also with
+\fI\%stub\-tls\-upstream\fP\&.
+If the
+\fI\%tls\-upstream\fP
+option is enabled, it is for all the forwards and stubs, where the
+\fI\%forward\-tls\-upstream\fP
+and
+\fI\%stub\-tls\-upstream\fP
+options are ignored, as if they had been set to yes.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ssl\-upstream: \fI<yes or no>\fP 
+Alternate syntax for \fI\%tls\-upstream\fP\&.
+If both are present in the config file the last is used.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B tls\-service\-key: \fI<file>\fP 
+If enabled, the server provides DNS\-over\-TLS or DNS\-over\-HTTPS service on
+the TCP ports marked implicitly or explicitly for these services with
+\fI\%tls\-port\fP or
+\fI\%https\-port\fP\&.
+The file must contain the private key for the TLS session, the public
+certificate is in the \fI\%tls\-service\-pem\fP
+file and it must also be specified if
+\fI\%tls\-service\-key\fP is specified.
+Enabling or disabling this service requires a restart (a reload is not
+enough), because the key is read while root permissions are held and before
+chroot (if any).
+The ports enabled implicitly or explicitly via
+\fI\%tls\-port\fP and
+\fI\%https\-port\fP do not provide normal DNS TCP
+service.
+.sp
+\fBNOTE:\fP
+.INDENT 7.0
+.INDENT 3.5
+Unbound needs to be compiled with libnghttp2 in order to provide
+DNS\-over\-HTTPS.
+.UNINDENT
+.UNINDENT
+.sp
+Default: \(dq\(dq (disabled)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ssl\-service\-key: \fI<file>\fP 
+Alternate syntax for \fI\%tls\-service\-key\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B tls\-service\-pem: \fI<file>\fP 
+The public key certificate pem file for the tls service.
+.sp
+Default: \(dq\(dq (disabled)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ssl\-service\-pem: \fI<file>\fP 
+Alternate syntax for \fI\%tls\-service\-pem\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B tls\-port: \fI<number>\fP 
+The port number on which to provide TCP TLS service.
+Only interfaces configured with that port number as @number get the TLS
+service.
+.sp
+Default: 853
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ssl\-port: \fI<number>\fP 
+Alternate syntax for \fI\%tls\-port\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B tls\-cert\-bundle: \fI<file>\fP 
+If null or \fB\(dq\(dq\fP, no file is used.
+Set it to the certificate bundle file, for example
+\fB/etc/pki/tls/certs/ca\-bundle.crt\fP\&.
+These certificates are used for authenticating connections made to outside
+peers.
+For example \fI\%auth\-zone urls\fP, and also
+DNS\-over\-TLS connections.
+It is read at start up before permission drop and chroot.
+.sp
+Default: \(dq\(dq (disabled)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ssl\-cert\-bundle: \fI<file>\fP 
+Alternate syntax for \fI\%tls\-cert\-bundle\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B tls\-win\-cert: \fI<yes or no>\fP 
+Add the system certificates to the cert bundle certificates for
+authentication.
+If no cert bundle, it uses only these certificates.
+On windows this option uses the certificates from the cert store.
+Use the \fI\%tls\-cert\-bundle\fP option on
+other systems.
+On other systems, this option enables the system certificates.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B tls\-system\-cert: \fI<yes or no>\fP 
+This the same attribute as the
+\fI\%tls\-win\-cert\fP attribute, under a
+different name.
 Because it is not windows specific.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B tls\-additional\-port: \fI<portnr>\fP 
+List port numbers as
+\fI\%tls\-additional\-port\fP, and when
+interfaces are defined, eg. with the @port suffix, as this port number,
+they provide DNS\-over\-TLS service.
+Can list multiple, each on a new statement.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B tls\-additional\-port: \fI<portnr>
-List portnumbers as tls\-additional\-port, and when interfaces are defined,
-eg. with the @port suffix, as this port number, they provide dns over TLS
-service.  Can list multiple, each on a new statement.
-.TP
-.B tls-session-ticket-keys: \fI<file>
-If not "", lists files with 80 bytes of random contents that are used to
-perform TLS session resumption for clients using the Unbound server.
+.B tls\-session\-ticket\-keys: \fI<file>\fP 
+If not \fB\(dq\(dq\fP, lists files with 80 bytes of random contents that are used
+to perform TLS session resumption for clients using the Unbound server.
 These files contain the secret key for the TLS session tickets.
 First key use to encrypt and decrypt TLS session tickets.
-Other keys use to decrypt only.  With this you can roll over to new keys,
-by generating a new first file and allowing decrypt of the old file by
-listing it after the first file for some time, after the wait clients are not
-using the old key any more and the old key can be removed.
-One way to create the file is dd if=/dev/random bs=1 count=80 of=ticket.dat
-The first 16 bytes should be different from the old one if you create a second key, that is the name used to identify the key.  Then there is 32 bytes random
-data for an AES key and then 32 bytes random data for the HMAC key.
-.TP
-.B tls\-ciphers: \fI<string with cipher list>
-Set the list of ciphers to allow when serving TLS.  Use "" for defaults,
-and that is the default.
-.TP
-.B tls\-ciphersuites: \fI<string with ciphersuites list>
-Set the list of ciphersuites to allow when serving TLS.  This is for newer
-TLS 1.3 connections.  Use "" for defaults, and that is the default.
-.TP
-.B pad\-responses: \fI<yes or no>
+Other keys use to decrypt only.
+.sp
+With this you can roll over to new keys, by generating a new first file and
+allowing decrypt of the old file by listing it after the first file for
+some time, after the wait clients are not using the old key any more and
+the old key can be removed.
+One way to create the file is:
+.INDENT 7.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+dd if=/dev/random bs=1 count=80 of=ticket.dat
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+The first 16 bytes should be different from the old one if you create a
+second key, that is the name used to identify the key.
+Then there is 32 bytes random data for an AES key and then 32 bytes random
+data for the HMAC key.
+.sp
+Default: \(dq\(dq
+.UNINDENT
+.INDENT 0.0
+.TP
+.B tls\-ciphers: \fI<string with cipher list>\fP 
+Set the list of ciphers to allow when serving TLS.
+Use \fB\(dq\(dq\fP for default ciphers.
+.sp
+Default: \(dq\(dq
+.UNINDENT
+.INDENT 0.0
+.TP
+.B tls\-ciphersuites: \fI<string with ciphersuites list>\fP 
+Set the list of ciphersuites to allow when serving TLS.
+This is for newer TLS 1.3 connections.
+Use \fB\(dq\(dq\fP for default ciphersuites.
+.sp
+Default: \(dq\(dq
+.UNINDENT
+.INDENT 0.0
+.TP
+.B pad\-responses: \fI<yes or no>\fP 
 If enabled, TLS serviced queries that contained an EDNS Padding option will
 cause responses padded to the closest multiple of the size specified in
-\fBpad\-responses\-block\-size\fR.
-Default is yes.
-.TP
-.B pad\-responses\-block\-size: \fI<number>
-The block size with which to pad responses serviced over TLS. Only responses
-to padded queries will be padded.
-Default is 468.
-.TP
-.B pad\-queries: \fI<yes or no>
-If enabled, all queries sent over TLS upstreams will be padded to the closest
-multiple of the size specified in \fBpad\-queries\-block\-size\fR.
-Default is yes.
-.TP
-.B pad\-queries\-block\-size: \fI<number>
+\fI\%pad\-responses\-block\-size\fP\&.
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B pad\-responses\-block\-size: \fI<number>\fP 
+The block size with which to pad responses serviced over TLS.
+Only responses to padded queries will be padded.
+.sp
+Default: 468
+.UNINDENT
+.INDENT 0.0
+.TP
+.B pad\-queries: \fI<yes or no>\fP 
+If enabled, all queries sent over TLS upstreams will be padded to the
+closest multiple of the size specified in
+\fI\%pad\-queries\-block\-size\fP\&.
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B pad\-queries\-block\-size: \fI<number>\fP 
 The block size with which to pad queries sent over TLS upstreams.
-Default is 128.
+.sp
+Default: 128
+.UNINDENT
+.INDENT 0.0
 .TP
-.B tls\-use\-sni: \fI<yes or no>
+.B tls\-use\-sni: \fI<yes or no>\fP 
 Enable or disable sending the SNI extension on TLS connections.
-Default is yes.
+.sp
+\fBNOTE:\fP
+.INDENT 7.0
+.INDENT 3.5
 Changing the value requires a reload.
-.TP
-.B https\-port: \fI<number>
-The port number on which to provide DNS-over-HTTPS service, default 443, only
-interfaces configured with that port number as @number get the HTTPS service.
-.TP
-.B http\-endpoint: \fI<endpoint string>
-The HTTP endpoint to provide DNS-over-HTTPS service on. Default "/dns-query".
-.TP
-.B http\-max\-streams: \fI<number of streams>
+.UNINDENT
+.UNINDENT
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B https\-port: \fI<number>\fP 
+The port number on which to provide DNS\-over\-HTTPS service.
+Only interfaces configured with that port number as @number get the HTTPS
+service.
+.sp
+Default: 443
+.UNINDENT
+.INDENT 0.0
+.TP
+.B http\-endpoint: \fI<endpoint string>\fP 
+The HTTP endpoint to provide DNS\-over\-HTTPS service on.
+.sp
+Default: /dns\-query
+.UNINDENT
+.INDENT 0.0
+.TP
+.B http\-max\-streams: \fI<number of streams>\fP 
 Number used in the SETTINGS_MAX_CONCURRENT_STREAMS parameter in the HTTP/2
-SETTINGS frame for DNS-over-HTTPS connections. Default 100.
-.TP
-.B http\-query\-buffer\-size: \fI<size in bytes>
-Maximum number of bytes used for all HTTP/2 query buffers combined. These
-buffers contain (partial) DNS queries waiting for request stream completion.
-An RST_STREAM frame will be send to streams exceeding this limit. Default is 4
-megabytes. A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes,
-megabytes or gigabytes (1024*1024 bytes in a megabyte).
-.TP
-.B http\-response\-buffer\-size: \fI<size in bytes>
-Maximum number of bytes used for all HTTP/2 response buffers combined. These
-buffers contain DNS responses waiting to be written back to the clients.
-An RST_STREAM frame will be send to streams exceeding this limit. Default is 4
-megabytes. A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes,
-megabytes or gigabytes (1024*1024 bytes in a megabyte).
-.TP
-.B http\-nodelay: \fI<yes or no>
-Set TCP_NODELAY socket option on sockets used to provide DNS-over-HTTPS service.
-Ignored if the option is not available. Default is yes.
-.TP
-.B http\-notls\-downstream: \fI<yes or no>
-Disable use of TLS for the downstream DNS-over-HTTP connections.  Useful for
-local back end servers.  Default is no.
-.TP
-.B proxy\-protocol\-port: \fI<portnr>
-List port numbers as proxy\-protocol\-port, and when interfaces are defined,
-eg. with the @port suffix, as this port number, they support and expect PROXYv2.
-In this case the proxy address will only be used for the network communication
-and initial ACL (check if the proxy itself is denied/refused by configuration).
-The proxied address (if any) will then be used as the true client address and
-will be used where applicable for logging, ACL, DNSTAP, RPZ and IP ratelimiting.
+SETTINGS frame for DNS\-over\-HTTPS connections.
+.sp
+Default: 100
+.UNINDENT
+.INDENT 0.0
+.TP
+.B http\-query\-buffer\-size: \fI<size in bytes>\fP 
+Maximum number of bytes used for all HTTP/2 query buffers combined.
+These buffers contain (partial) DNS queries waiting for request stream
+completion.
+An RST_STREAM frame will be send to streams exceeding this limit.
+A plain number is in bytes, append \(aqk\(aq, \(aqm\(aq or \(aqg\(aq for kilobytes, megabytes
+or gigabytes (1024*1024 bytes in a megabyte).
+.sp
+Default: 4m
+.UNINDENT
+.INDENT 0.0
+.TP
+.B http\-response\-buffer\-size: \fI<size in bytes>\fP 
+Maximum number of bytes used for all HTTP/2 response buffers combined.
+These buffers contain DNS responses waiting to be written back to the
+clients.
+An RST_STREAM frame will be send to streams exceeding this limit.
+A plain number is in bytes, append \(aqk\(aq, \(aqm\(aq or \(aqg\(aq for kilobytes, megabytes
+or gigabytes (1024*1024 bytes in a megabyte).
+.sp
+Default: 4m
+.UNINDENT
+.INDENT 0.0
+.TP
+.B http\-nodelay: \fI<yes or no>\fP 
+Set TCP_NODELAY socket option on sockets used to provide DNS\-over\-HTTPS
+service.
+Ignored if the option is not available.
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B http\-notls\-downstream: \fI<yes or no>\fP 
+Disable use of TLS for the downstream DNS\-over\-HTTP connections.
+Useful for local back end servers.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B proxy\-protocol\-port: \fI<portnr>\fP 
+List port numbers as
+\fI\%proxy\-protocol\-port\fP, and when
+interfaces are defined, eg. with the @port suffix, as this port number,
+they support and expect PROXYv2.
+.sp
+In this case the proxy address will only be used for the network
+communication and initial ACL (check if the proxy itself is denied/refused
+by configuration).
+.sp
+The proxied address (if any) will then be used as the true client address
+and will be used where applicable for logging, ACL, DNSTAP, RPZ and IP
+ratelimiting.
+.sp
 PROXYv2 is supported for UDP and TCP/TLS listening interfaces.
+.sp
 There is no support for PROXYv2 on a DoH, DoQ or DNSCrypt listening interface.
+.sp
 Can list multiple, each on a new statement.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B quic\-port: \fI<number>
-The port number on which to provide DNS-over-QUIC service, default 853, only
-interfaces configured with that port number as @number get the QUIC service.
+.B quic\-port: \fI<number>\fP 
+The port number on which to provide DNS\-over\-QUIC service.
+Only interfaces configured with that port number as @number get the QUIC
+service.
 The interface uses QUIC for the UDP traffic on that port number.
-.TP
-.B quic\-size: \fI<size in bytes>
-Maximum number of bytes for all QUIC buffers and data combined. Default is 8
-megabytes. A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes,
-megabytes or gigabytes (1024*1024 bytes in a megabyte). New connections receive
-connection refused when the limit is exceeded. New streams are reset when the
-limit is exceeded.
-.TP
-.B use\-systemd: \fI<yes or no>
+.sp
+Default: 853
+.UNINDENT
+.INDENT 0.0
+.TP
+.B quic\-size: \fI<size in bytes>\fP 
+Maximum number of bytes for all QUIC buffers and data combined.
+A plain number is in bytes, append \(aqk\(aq, \(aqm\(aq or \(aqg\(aq for kilobytes, megabytes
+or gigabytes (1024*1024 bytes in a megabyte).
+New connections receive connection refused when the limit is exceeded.
+New streams are reset when the limit is exceeded.
+.sp
+Default: 8m
+.UNINDENT
+.INDENT 0.0
+.TP
+.B use\-systemd: \fI<yes or no>\fP 
 Enable or disable systemd socket activation.
-Default is no.
-.TP
-.B do\-daemonize: \fI<yes or no>
-Enable or disable whether the Unbound server forks into the background as
-a daemon.  Set the value to \fIno\fR when Unbound runs as systemd service.
-Default is yes.
-.TP
-.B tcp\-connection\-limit: \fI<IP netblock> <limit>
-Allow up to \fIlimit\fR simultaneous TCP connections from the given netblock.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B do\-daemonize: \fI<yes or no>\fP 
+Enable or disable whether the Unbound server forks into the background as a
+daemon.
+Set the value to no when Unbound runs as systemd service.
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B tcp\-connection\-limit: \fI<IP netblock> <limit>\fP 
+Allow up to limit simultaneous TCP connections from the given netblock.
 When at the limit, further connections are accepted but closed immediately.
 This option is experimental at this time.
+.sp
+Default: (disabled)
+.UNINDENT
+.INDENT 0.0
 .TP
-.B access\-control: \fI<IP netblock> <action>
+.B access\-control: \fI<IP netblock> <action>\fP 
 Specify treatment of incoming queries from their originating IP address.
 Queries can be allowed to have access to this server that gives DNS
-answers, or refused, with other actions possible. The IP address range
-can be specified as a netblock, it is possible to give the statement
-several times in order to specify the treatment of different netblocks.
-.IP
-The netblock is given as an IP4 or IP6 address with /size appended for a
-classless network block. The action can be \fIdeny\fR, \fIrefuse\fR,
-\fIallow\fR, \fIallow_setrd\fR, \fIallow_snoop\fR, \fIallow_cookie\fR,
-\fIdeny_non_local\fR or \fIrefuse_non_local\fR.
-The most specific netblock match is used, if none match \fIrefuse\fR is used.
+answers, or refused, with other actions possible.
+The IP address range can be specified as a netblock, it is possible to give
+the statement several times in order to specify the treatment of different
+netblocks.
+The netblock is given as an IPv4 or IPv6 address with /size appended for a
+classless network block.
+The most specific netblock match is used, if none match
+\fI\%refuse\fP is used.
 The order of the access\-control statements therefore does not matter.
-.IP
-The \fIdeny\fR action stops queries from hosts from that netblock.
-.IP
-The \fIrefuse\fR action stops queries too, but sends a DNS rcode REFUSED
-error message back.
-.IP
-The \fIallow\fR action gives access to clients from that netblock.
-It gives only access for recursion clients (which is
-what almost all clients need).  Nonrecursive queries are refused.
-.IP
-The \fIallow\fR action does allow nonrecursive queries to access the
-local\-data that is configured.  The reason is that this does not involve
-the Unbound server recursive lookup algorithm, and static data is served
-in the reply.  This supports normal operations where nonrecursive queries
-are made for the authoritative data.  For nonrecursive queries any replies
-from the dynamic cache are refused.
-.IP
-The \fIallow_setrd\fR action ignores the recursion desired (RD) bit and
-treats all requests as if the recursion desired bit is set.  Note that this
-behavior violates RFC 1034 which states that a name server should never perform
-recursive service unless asked via the RD bit since this interferes with
-trouble shooting of name servers and their databases. This prohibited behavior
-may be useful if another DNS server must forward requests for specific
-zones to a resolver DNS server, but only supports stub domains and
-sends queries to the resolver DNS server with the RD bit cleared.
-.IP
-The \fIallow_snoop\fR action gives nonrecursive access too.  This give
-both recursive and non recursive access.  The name \fIallow_snoop\fR refers
-to cache snooping, a technique to use nonrecursive queries to examine
-the cache contents (for malicious acts).  However, nonrecursive queries can
-also be a valuable debugging tool (when you want to examine the cache
-contents). In that case use \fIallow_snoop\fR for your administration host.
-.IP
-The \fIallow_cookie\fR action allows access only to UDP queries that contain a
-valid DNS Cookie as specified in RFC 7873 and RFC 9018, when the
-\fBanswer\-cookie\fR option is enabled.
-UDP queries containing only a DNS Client Cookie and no Server Cookie, or an
-invalid DNS Cookie, will receive a BADCOOKIE response including a newly
-generated DNS Cookie, allowing clients to retry with that DNS Cookie.
-The \fIallow_cookie\fR action will also accept requests over stateful
-transports, regardless of the presence of an DNS Cookie and regardless of the
-\fBanswer\-cookie\fR setting.
-UDP queries without a DNS Cookie receive REFUSED responses with the TC flag set,
-that may trigger fall back to TCP for those clients.
-.IP
+The action can be
+\fI\%deny\fP,
+\fI\%refuse\fP,
+\fI\%allow\fP,
+\fI\%allow_setrd\fP,
+\fI\%allow_snoop\fP,
+\fI\%allow_cookie\fP,
+\fI\%deny_non_local\fP or
+\fI\%refuse_non_local\fP\&.
+.INDENT 7.0
+.TP
+.B deny 
+Stops queries from hosts from that netblock.
+.UNINDENT
+.INDENT 7.0
+.TP
+.B refuse 
+Stops queries too, but sends a DNS rcode REFUSED error message back.
+.UNINDENT
+.INDENT 7.0
+.TP
+.B allow 
+Gives access to clients from that netblock.
+It gives only access for recursion clients (which is what almost all
+clients need).
+Non\-recursive queries are refused.
+.sp
+The \fI\%allow\fP action does
+allow non\-recursive queries to access the local\-data that is
+configured.
+The reason is that this does not involve the Unbound server recursive
+lookup algorithm, and static data is served in the reply.
+This supports normal operations where non\-recursive queries are made
+for the authoritative data.
+For non\-recursive queries any replies from the dynamic cache are
+refused.
+.UNINDENT
+.INDENT 7.0
+.TP
+.B allow_setrd 
+Ignores the recursion desired (RD) bit and treats all requests as if
+the recursion desired bit is set.
+.sp
+Note that this behavior violates \fI\%RFC 1034\fP which states that a name
+server should never perform recursive service unless asked via the RD
+bit since this interferes with trouble shooting of name servers and
+their databases.
+This prohibited behavior may be useful if another DNS server must
+forward requests for specific zones to a resolver DNS server, but only
+supports stub domains and sends queries to the resolver DNS server with
+the RD bit cleared.
+.UNINDENT
+.INDENT 7.0
+.TP
+.B allow_snoop 
+Gives non\-recursive access too.
+This gives both recursive and non recursive access.
+The name \fIallow_snoop\fP refers to cache snooping, a technique to use
+non\-recursive queries to examine the cache contents (for malicious
+acts).
+However, non\-recursive queries can also be a valuable debugging tool
+(when you want to examine the cache contents).
+.sp
+In that case use
+\fI\%allow_snoop\fP for
+your administration host.
+.UNINDENT
+.INDENT 7.0
+.TP
+.B allow_cookie 
+Allows access only to UDP queries that contain a valid DNS Cookie as
+specified in RFC 7873 and RFC 9018, when the
+\fI\%answer\-cookie\fP option is enabled.
+UDP queries containing only a DNS Client Cookie and no Server Cookie,
+or an invalid DNS Cookie, will receive a BADCOOKIE response including a
+newly generated DNS Cookie, allowing clients to retry with that DNS
+Cookie.
+The \fIallow_cookie\fP action will also accept requests over stateful
+transports, regardless of the presence of an DNS Cookie and regardless
+of the \fI\%answer\-cookie\fP setting.
+UDP queries without a DNS Cookie receive REFUSED responses with the TC
+flag set, that may trigger fall back to TCP for those clients.
+.UNINDENT
+.INDENT 7.0
+.TP
+.B deny_non_local 
+The
+\fI\%deny_non_local\fP
+action is for hosts that are only allowed to query for the
+authoritative \fI\%local\-data\fP, they are not
+allowed full recursion but only the static data.
+Messages that are disallowed are dropped.
+.UNINDENT
+.INDENT 7.0
+.TP
+.B refuse_non_local 
+The
+\fI\%refuse_non_local\fP
+action is for hosts that are only allowed to query for the
+authoritative \fI\%local\-data\fP, they are not
+allowed full recursion but only the static data.
+Messages that are disallowed receive error code REFUSED.
+.UNINDENT
+.sp
 By default only localhost (the 127.0.0.0/8 IP netblock, not the loopback
-interface) is implicitly \fIallow\fRed, the rest is \fIrefuse\fRd.
-The default is \fIrefuse\fRd, because that is protocol\-friendly. The DNS
-protocol is not designed to handle dropped packets due to policy, and
-dropping may result in (possibly excessive) retried queries.
-.IP
-The deny_non_local and refuse_non_local settings are for hosts that are
-only allowed to query for the authoritative local\-data, they are not
-allowed full recursion but only the static data.  With deny_non_local,
-messages that are disallowed are dropped, with refuse_non_local they
-receive error code REFUSED.
-.TP
-.B access\-control\-tag: \fI<IP netblock> <"list of tags">
-Assign tags to access-control elements. Clients using this access control
-element use localzones that are tagged with one of these tags. Tags must be
-defined in \fIdefine\-tags\fR.  Enclose list of tags in quotes ("") and put
-spaces between tags. If access\-control\-tag is configured for a netblock that
-does not have an access\-control, an access\-control element with action
-\fIallow\fR is configured for this netblock.
-.TP
-.B access\-control\-tag\-action: \fI<IP netblock> <tag> <action>
-Set action for particular tag for given access control element. If you have
-multiple tag values, the tag used to lookup the action is the first tag match
-between access\-control\-tag and local\-zone\-tag where "first" comes from the
-order of the define-tag values.
-.TP
-.B access\-control\-tag\-data: \fI<IP netblock> <tag> <"resource record string">
+interface) is implicitly \fIallowed\fP, the rest is refused.
+The default is \fIrefused\fP, because that is protocol\-friendly.
+The DNS protocol is not designed to handle dropped packets due to policy,
+and dropping may result in (possibly excessive) retried queries.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B access\-control\-tag: \fI<IP netblock> \(dq<list of tags>\(dq\fP 
+Assign tags to \fI\%access\-control\fP
+elements.
+Clients using this access control element use localzones that are tagged
+with one of these tags.
+.sp
+Tags must be defined in \fI\%define\-tag\fP\&.
+Enclose list of tags in quotes (\fB\(dq\(dq\fP) and put spaces between tags.
+.sp
+If \fI\%access\-control\-tag\fP is
+configured for a netblock that does not have an
+\fI\%access\-control\fP, an access\-control
+element with action \fI\%allow\fP
+is configured for this netblock.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B access\-control\-tag\-action: \fI<IP netblock> <tag> <action>\fP 
+Set action for particular tag for given access control element.
+If you have multiple tag values, the tag used to lookup the action is the
+first tag match between
+\fI\%access\-control\-tag\fP and
+\fI\%local\-zone\-tag\fP where \(dqfirst\(dq comes
+from the order of the \fI\%define\-tag\fP values.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B access\-control\-tag\-data: \fI<IP netblock> <tag> \(dq<resource record string>\(dq\fP 
 Set redirect data for particular tag for given access control element.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B access\-control\-view: \fI<IP netblock> <view name>
+.B access\-control\-view: \fI<IP netblock> <view name>\fP 
 Set view for given access control element.
-.TP
-.B interface\-action: \fI<ip address or interface name [@port]> <action>
-Similar to \fBaccess\-control:\fR but for interfaces.
-.IP
-The action is the same as the ones defined under \fBaccess\-control:\fR.
-Interfaces are \fIrefuse\fRd by default.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B interface\-action: \fI<ip address or interface name [@port]> <action>\fP 
+Similar to \fI\%access\-control\fP but for
+interfaces.
+.sp
+The action is the same as the ones defined under
+\fI\%access\-control\fP\&.
+.sp
+Default action for interfaces is
+\fI\%refuse\fP\&.
 By default only localhost (the 127.0.0.0/8 IP netblock, not the loopback
-interface) is implicitly \fIallow\fRed through the default
-\fBaccess\-control:\fR behavior.
-This also means that any attempt to use the \fBinterface-*:\fR options for the
-loopback interface will not work as they will be overridden by the implicit
-default "\fBaccess\-control:\fR 127.0.0.0/8 allow" option.
-.IP
-Note that the interface needs to be already specified with \fBinterface:\fR
-and that any \fBaccess-control*:\fR setting overrides all \fBinterface-*:\fR
-settings for targeted clients.
-.TP
-.B interface\-tag: \fI<ip address or interface name [@port]> <"list of tags">
-Similar to \fBaccess\-control-tag:\fR but for interfaces.
-.IP
-Note that the interface needs to be already specified with \fBinterface:\fR
-and that any \fBaccess-control*:\fR setting overrides all \fBinterface-*:\fR
-settings for targeted clients.
-.TP
-.B interface\-tag\-action: \fI<ip address or interface name [@port]> <tag> <action>
-Similar to \fBaccess\-control-tag-action:\fR but for interfaces.
-.IP
-Note that the interface needs to be already specified with \fBinterface:\fR
-and that any \fBaccess-control*:\fR setting overrides all \fBinterface-*:\fR
-settings for targeted clients.
-.TP
-.B interface\-tag\-data: \fI<ip address or interface name [@port]> <tag> <"resource record string">
-Similar to \fBaccess\-control-tag-data:\fR but for interfaces.
-.IP
-Note that the interface needs to be already specified with \fBinterface:\fR
-and that any \fBaccess-control*:\fR setting overrides all \fBinterface-*:\fR
-settings for targeted clients.
-.TP
-.B interface\-view: \fI<ip address or interface name [@port]> <view name>
-Similar to \fBaccess\-control-view:\fR but for interfaces.
-.IP
-Note that the interface needs to be already specified with \fBinterface:\fR
-and that any \fBaccess-control*:\fR setting overrides all \fBinterface-*:\fR
-settings for targeted clients.
-.TP
-.B chroot: \fI<directory>
-If chroot is enabled, you should pass the configfile (from the
-commandline) as a full path from the original root. After the
-chroot has been performed the now defunct portion of the config
+interface) is implicitly allowed through the default
+\fI\%access\-control\fP behavior.
+This also means that any attempt to use the \fBinterface\-*:\fP options for
+the loopback interface will not work as they will be overridden by the
+implicit default \(dqaccess\-control: 127.0.0.0/8 allow\(dq option.
+.sp
+\fBNOTE:\fP
+.INDENT 7.0
+.INDENT 3.5
+The interface needs to be already specified with
+\fI\%interface\fP and that any
+\fBaccess\-control*:\fP attribute overrides all \fBinterface\-*:\fP
+attributes for targeted clients.
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
+.TP
+.B interface\-tag: \fI<ip address or interface name [@port]> <\(dqlist of tags\(dq>\fP 
+Similar to \fI\%access\-control\-tag\fP but
+for interfaces.
+.sp
+\fBNOTE:\fP
+.INDENT 7.0
+.INDENT 3.5
+The interface needs to be already specified with
+\fI\%interface\fP and that any
+\fBaccess\-control*:\fP attribute overrides all \fBinterface\-*:\fP
+attributes for targeted clients.
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
+.TP
+.B interface\-tag\-action: \fI<ip address or interface name [@port]> <tag> <action>\fP 
+Similar to
+\fI\%access\-control\-tag\-action\fP
+but for interfaces.
+.sp
+\fBNOTE:\fP
+.INDENT 7.0
+.INDENT 3.5
+The interface needs to be already specified with
+\fI\%interface\fP and that any
+\fBaccess\-control*:\fP attribute overrides all \fBinterface\-*:\fP
+attributes for targeted clients.
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
+.TP
+.B interface\-tag\-data: \fI<ip address or interface name [@port]> <tag> <\(dqresource record string\(dq>\fP 
+Similar to
+\fI\%access\-control\-tag\-data\fP but
+for interfaces.
+.sp
+\fBNOTE:\fP
+.INDENT 7.0
+.INDENT 3.5
+The interface needs to be already specified with
+\fI\%interface\fP and that any
+\fBaccess\-control*:\fP attribute overrides all \fBinterface\-*:\fP
+attributes for targeted clients.
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
+.TP
+.B interface\-view: \fI<ip address or interface name [@port]> <view name>\fP 
+Similar to \fI\%access\-control\-view\fP
+but for interfaces.
+.sp
+\fBNOTE:\fP
+.INDENT 7.0
+.INDENT 3.5
+The interface needs to be already specified with
+\fI\%interface\fP and that any
+\fBaccess\-control*:\fP attribute overrides all \fBinterface\-*:\fP
+attributes for targeted clients.
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
+.TP
+.B chroot: \fI<directory>\fP 
+If \fI\%chroot\fP is enabled, you should pass the
+configfile (from the commandline) as a full path from the original root.
+After the chroot has been performed the now defunct portion of the config
 file path is removed to be able to reread the config after a reload.
-.IP
-All other file paths (working dir, logfile, roothints, and
-key files) can be specified in several ways:
-as an absolute path relative to the new root,
-as a relative path to the working directory, or
-as an absolute path relative to the original root.
+.sp
+All other file paths (working dir, logfile, roothints, and key files) can
+be specified in several ways: as an absolute path relative to the new root,
+as a relative path to the working directory, or as an absolute path
+relative to the original root.
 In the last case the path is adjusted to remove the unused portion.
-.IP
-The pidfile can be either a relative path to the working directory, or
-an absolute path relative to the original root. It is written just prior
-to chroot and dropping permissions. This allows the pidfile to be
-/var/run/unbound.pid and the chroot to be /var/unbound, for example. Note that
-Unbound is not able to remove the pidfile after termination when it is located
-outside of the chroot directory.
-.IP
-Additionally, Unbound may need to access /dev/urandom (for entropy)
+.sp
+The pidfile can be either a relative path to the working directory, or an
+absolute path relative to the original root.
+It is written just prior to chroot and dropping permissions.
+This allows the pidfile to be \fB/var/run/unbound.pid\fP and the chroot
+to be \fB/var/unbound\fP, for example.
+Note that Unbound is not able to remove the pidfile after termination when
+it is located outside of the chroot directory.
+.sp
+Additionally, Unbound may need to access \fB/dev/urandom\fP (for entropy)
 from inside the chroot.
-.IP
-If given a chroot is done to the given directory. The chroot is by default 
-set to "@UNBOUND_CHROOT_DIR@". If you give "" no chroot is performed.
-.TP
-.B username: \fI<name>
-If given, after binding the port the user privileges are dropped. Default is
-"@UNBOUND_USERNAME@". If you give username: "" no user change is performed.
-.IP
-If this user is not capable of binding the
-port, reloads (by signal HUP) will still retain the opened ports.
+.sp
+If given, a \fIchroot(2)\fP is done to the given directory.
+If you give \fB\(dq\(dq\fP no \fIchroot(2)\fP is performed.
+.sp
+Default: @UNBOUND_CHROOT_DIR@
+.UNINDENT
+.INDENT 0.0
+.TP
+.B username: \fI<name>\fP 
+If given, after binding the port the user privileges are dropped.
+If you give username: \fB\(dq\(dq\fP no user change is performed.
+.sp
+If this user is not capable of binding the port, reloads (by signal HUP)
+will still retain the opened ports.
 If you change the port number in the config file, and that new port number
 requires privileges, then a reload will fail; a restart is needed.
-.TP
-.B directory: \fI<directory>
-Sets the working directory for the program. Default is "@UNBOUND_RUN_DIR@".
-On Windows the string "%EXECUTABLE%" tries to change to the directory
-that unbound.exe resides in.
-If you give a server: directory: dir before include: file statements
-then those includes can be relative to the working directory.
-.TP
-.B logfile: \fI<filename>
-If "" is given, logging goes to stderr, or nowhere once daemonized.
+.sp
+Default: @UNBOUND_USERNAME@
+.UNINDENT
+.INDENT 0.0
+.TP
+.B directory: \fI<directory>\fP 
+Sets the working directory for the program.
+On Windows the string \(dq%EXECUTABLE%\(dq tries to change to the directory that
+\fBunbound.exe\fP resides in.
+If you give a \fI\%server: directory:
+<directory>\fP before
+\fI\%include\fP file statements then those includes
+can be relative to the working directory.
+.sp
+Default: @UNBOUND_RUN_DIR@
+.UNINDENT
+.INDENT 0.0
+.TP
+.B logfile: \fI<filename>\fP 
+If \fB\(dq\(dq\fP is given, logging goes to stderr, or nowhere once daemonized.
 The logfile is appended to, in the following format:
+.INDENT 7.0
+.INDENT 3.5
+.sp
 .nf
+.ft C
 [seconds since 1970] unbound[pid:tid]: type: message.
+.ft P
 .fi
-If this option is given, the use\-syslog is option is set to "no".
+.UNINDENT
+.UNINDENT
+.sp
+If this option is given, the \fI\%use\-syslog\fP
+attribute is internally set to \fBno\fP\&.
+.sp
 The logfile is reopened (for append) when the config file is reread, on
 SIGHUP.
-.TP
-.B use\-syslog: \fI<yes or no>
-Sets Unbound to send log messages to the syslogd, using
-\fIsyslog\fR(3).
-The log facility LOG_DAEMON is used, with identity "unbound".
-The logfile setting is overridden when use\-syslog is turned on.
-The default is to log to syslog.
-.TP
-.B log\-identity: \fI<string>
-If "" is given (default), then the name of the executable, usually "unbound"
-is used to report to the log.  Enter a string to override it
-with that, which is useful on systems that run more than one instance of
-Unbound, with different configurations, so that the logs can be easily
-distinguished against.
-.TP
-.B log\-time\-ascii: \fI<yes or no>
-Sets logfile lines to use a timestamp in UTC ascii. Default is no, which
-prints the seconds since 1970 in brackets. No effect if using syslog, in
-that case syslog formats the timestamp printed into the log files.
-.TP
-.B log\-time\-iso:\fR <yes or no>
-Log time in ISO8601 format, if \fBlog\-time\-ascii:\fR yes is also set.
-Default is no.
-.TP
-.B log\-queries: \fI<yes or no>
-Prints one line per query to the log, with the log timestamp and IP address,
-name, type and class.  Default is no.  Note that it takes time to print these
-lines which makes the server (significantly) slower.  Odd (nonprintable)
-characters in names are printed as '?'.
-.TP
-.B log\-replies: \fI<yes or no>
-Prints one line per reply to the log, with the log timestamp and IP address,
-name, type, class, return code, time to resolve, from cache and response size.
-Default is no.  Note that it takes time to print these
-lines which makes the server (significantly) slower.  Odd (nonprintable)
-characters in names are printed as '?'.
-.TP
-.B log\-tag\-queryreply: \fI<yes or no>
-Prints the word 'query' and 'reply' with log\-queries and log\-replies.
-This makes filtering logs easier.  The default is off (for backwards
-compatibility).
-.TP
-.B log\-destaddr: \fI<yes or no>
-Prints the destination address, port and type in the log\-replies output.
-This disambiguates what type of traffic, eg. udp or tcp, and to what local
+.sp
+Default: \(dq\(dq (disabled)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B use\-syslog: \fI<yes or no>\fP 
+Sets Unbound to send log messages to the syslogd, using \fIsyslog(3)\fP\&.
+The log facility LOG_DAEMON is used, with identity \(dqunbound\(dq.
+The logfile setting is overridden when
+\fI\%use\-syslog: yes\fP is set.
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B log\-identity: \fI<string>\fP 
+If \fB\(dq\(dq\fP is given, then the name of the executable, usually
+\(dqunbound\(dq is used to report to the log.
+Enter a string to override it with that, which is useful on systems that
+run more than one instance of Unbound, with different configurations, so
+that the logs can be easily distinguished against.
+.sp
+Default: \(dq\(dq
+.UNINDENT
+.INDENT 0.0
+.TP
+.B log\-time\-ascii: \fI<yes or no>\fP 
+Sets logfile lines to use a timestamp in UTC ASCII.
+No effect if using syslog, in that case syslog formats the timestamp
+printed into the log files.
+.sp
+Default: no (prints the seconds since 1970 in brackets)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B log\-time\-iso: \fI<yes or no>\fP 
+Log time in ISO8601 format, if
+\fI\%log\-time\-ascii: yes\fP
+is also set.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B log\-queries: \fI<yes or no>\fP 
+Prints one line per query to the log, with the log timestamp and IP
+address, name, type and class.
+Note that it takes time to print these lines which makes the server
+(significantly) slower.
+Odd (nonprintable) characters in names are printed as \fB\(aq?\(aq\fP\&.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B log\-replies: \fI<yes or no>\fP 
+Prints one line per reply to the log, with the log timestamp and IP
+address, name, type, class, return code, time to resolve, from cache and
+response size.
+Note that it takes time to print these lines which makes the server
+(significantly) slower.
+Odd (nonprintable) characters in names are printed as \fB\(aq?\(aq\fP\&.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B log\-tag\-queryreply: \fI<yes or no>\fP 
+Prints the word \(aqquery\(aq and \(aqreply\(aq with
+\fI\%log\-queries\fP and
+\fI\%log\-replies\fP\&.
+This makes filtering logs easier.
+.sp
+Default: no (backwards compatible)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B log\-destaddr: \fI<yes or no>\fP 
+Prints the destination address, port and type in the
+\fI\%log\-replies\fP output.
+This disambiguates what type of traffic, eg. UDP or TCP, and to what local
 port the traffic was sent to.
-.TP
-.B log\-local\-actions: \fI<yes or no>
-Print log lines to inform about local zone actions.  These lines are like the
-local\-zone type inform prints out, but they are also printed for the other
-types of local zones.
-.TP
-.B log\-servfail: \fI<yes or no>
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B log\-local\-actions: \fI<yes or no>\fP 
+Print log lines to inform about local zone actions.
+These lines are like the \fI\%local\-zone type
+inform\fP print outs, but they are also
+printed for the other types of local zones.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B log\-servfail: \fI<yes or no>\fP 
 Print log lines that say why queries return SERVFAIL to clients.
 This is separate from the verbosity debug logs, much smaller, and printed
 at the error level, not the info level of debug info from verbosity.
-.TP
-.B pidfile: \fI<filename>
-The process id is written to the file. Default is "@UNBOUND_PIDFILE@".
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B pidfile: \fI<filename>\fP 
+The process id is written to the file.
+Default is \fB\(dq@UNBOUND_PIDFILE@\(dq\fP\&.
 So,
+.INDENT 7.0
+.INDENT 3.5
+.sp
 .nf
-kill \-HUP `cat @UNBOUND_PIDFILE@`
+.ft C
+kill \-HUP \(gacat @UNBOUND_PIDFILE@\(ga
+.ft P
 .fi
+.UNINDENT
+.UNINDENT
+.sp
 triggers a reload,
+.INDENT 7.0
+.INDENT 3.5
+.sp
 .nf
-kill \-TERM `cat @UNBOUND_PIDFILE@`
+.ft C
+kill \-TERM \(gacat @UNBOUND_PIDFILE@\(ga
+.ft P
 .fi
+.UNINDENT
+.UNINDENT
+.sp
 gracefully terminates.
-.TP
-.B root\-hints: \fI<filename>
-Read the root hints from this file. Default is nothing, using builtin hints
-for the IN class. The file has the format of zone files, with root
-nameserver names and addresses only. The default may become outdated,
-when servers change, therefore it is good practice to use a root\-hints file.
-.TP
-.B hide\-identity: \fI<yes or no>
-If enabled id.server and hostname.bind queries are refused.
-.TP
-.B identity: \fI<string>
-Set the identity to report. If set to "", the default, then the hostname
-of the server is returned.
-.TP
-.B hide\-version: \fI<yes or no>
-If enabled version.server and version.bind queries are refused.
-.TP
-.B version: \fI<string>
-Set the version to report. If set to "", the default, then the package
-version is returned.
-.TP
-.B hide\-http\-user\-agent: \fI<yes or no>
-If enabled the HTTP header User-Agent is not set. Use with caution as some
-webserver configurations may reject HTTP requests lacking this header.
+.sp
+Default: @UNBOUND_PIDFILE@
+.UNINDENT
+.INDENT 0.0
+.TP
+.B root\-hints: \fI<filename>\fP 
+Read the root hints from this file.
+Default is nothing, using builtin hints for the IN class.
+The file has the format of zone files, with root nameserver names and
+addresses only.
+The default may become outdated, when servers change, therefore it is good
+practice to use a root hints file.
+.sp
+Default: \(dq\(dq
+.UNINDENT
+.INDENT 0.0
+.TP
+.B hide\-identity: \fI<yes or no>\fP 
+If enabled \(aqid.server\(aq and \(aqhostname.bind\(aq queries are REFUSED.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B identity: \fI<string>\fP 
+Set the identity to report.
+If set to \fB\(dq\(dq\fP, then the hostname of the server is returned.
+.sp
+Default: \(dq\(dq
+.UNINDENT
+.INDENT 0.0
+.TP
+.B hide\-version: \fI<yes or no>\fP 
+If enabled \(aqversion.server\(aq and \(aqversion.bind\(aq queries are REFUSED.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B version: \fI<string>\fP 
+Set the version to report.
+If set to \fB\(dq\(dq\fP, then the package version is returned.
+.sp
+Default: \(dq\(dq
+.UNINDENT
+.INDENT 0.0
+.TP
+.B hide\-http\-user\-agent: \fI<yes or no>\fP 
+If enabled the HTTP header User\-Agent is not set.
+Use with caution as some webserver configurations may reject HTTP requests
+lacking this header.
 If needed, it is better to explicitly set the
-.B http\-user\-agent
-below.
-.TP
-.B http\-user\-agent: \fI<string>
-Set the HTTP User-Agent header for outgoing HTTP requests. If set to "",
-the default, then the package name and version are used.
-.TP
-.B nsid:\fR <string>
-Add the specified nsid to the EDNS section of the answer when queried
-with an NSID EDNS enabled packet.  As a sequence of hex characters or
-with ascii_ prefix and then an ascii string.
-.TP
-.B hide\-trustanchor: \fI<yes or no>
-If enabled trustanchor.unbound queries are refused.
-.TP
-.B target\-fetch\-policy: \fI<"list of numbers">
+\fI\%http\-user\-agent\fP below.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B http\-user\-agent: \fI<string>\fP 
+Set the HTTP User\-Agent header for outgoing HTTP requests.
+If set to \fB\(dq\(dq\fP, then the package name and version are used.
+.sp
+Default: \(dq\(dq
+.UNINDENT
+.INDENT 0.0
+.TP
+.B nsid: \fI<string>\fP 
+Add the specified nsid to the EDNS section of the answer when queried with
+an NSID EDNS enabled packet.
+As a sequence of hex characters or with \(aqascii_\(aq prefix and then an ASCII
+string.
+.sp
+Default: (disabled)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B hide\-trustanchor: \fI<yes or no>\fP 
+If enabled \(aqtrustanchor.unbound\(aq queries are REFUSED.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B target\-fetch\-policy: \fI<\(dqlist of numbers\(dq>\fP 
 Set the target fetch policy used by Unbound to determine if it should fetch
-nameserver target addresses opportunistically. The policy is described per
+nameserver target addresses opportunistically.
+The policy is described per dependency depth.
+.sp
+The number of values determines the maximum dependency depth that Unbound
+will pursue in answering a query.
+A value of \-1 means to fetch all targets opportunistically for that
 dependency depth.
-.IP
-The number of values determines the maximum dependency depth
-that Unbound will pursue in answering a query.
-A value of \-1 means to fetch all targets opportunistically for that dependency
-depth. A value of 0 means to fetch on demand only. A positive value fetches
-that many targets opportunistically.
-.IP
-Enclose the list between quotes ("") and put spaces between numbers.
-The default is "3 2 1 0 0". Setting all zeroes, "0 0 0 0 0" gives behaviour
-closer to that of BIND 9, while setting "\-1 \-1 \-1 \-1 \-1" gives behaviour
-rumoured to be closer to that of BIND 8.
-.TP
-.B harden\-short\-bufsize: \fI<yes or no>
-Very small EDNS buffer sizes from queries are ignored. Default is yes, as
-described in the standard.
-.TP
-.B harden\-large\-queries: \fI<yes or no>
-Very large queries are ignored. Default is no, since it is legal protocol
-wise to send these, and could be necessary for operation if TSIG or EDNS
-payload is very large.
-.TP
-.B harden\-glue: \fI<yes or no>
-Will trust glue only if it is within the servers authority. Default is yes.
-.TP
-.B harden\-unverified\-glue: \fI<yes or no>
-Will trust only in-zone glue. Will try to resolve all out of zone
-(\fI<unverfied>) glue. Will fallback to the original glue if unable to resolve.
-Default is no.
-.TP
-.B harden\-dnssec\-stripped: \fI<yes or no>
-Require DNSSEC data for trust\-anchored zones, if such data is absent,
-the zone becomes bogus. If turned off, and no DNSSEC data is received
-(or the DNSKEY data fails to validate), then the zone is made insecure,
-this behaves like there is no trust anchor. You could turn this off if
-you are sometimes behind an intrusive firewall (of some sort) that
-removes DNSSEC data from packets, or a zone changes from signed to
-unsigned to badly signed often. If turned off you run the risk of a
-downgrade attack that disables security for a zone. Default is yes.
-.TP
-.B harden\-below\-nxdomain: \fI<yes or no>
-From RFC 8020 (with title "NXDOMAIN: There Really Is Nothing Underneath"),
-returns nxdomain to queries for a name
-below another name that is already known to be nxdomain.  DNSSEC mandates
-noerror for empty nonterminals, hence this is possible.  Very old software
-might return nxdomain for empty nonterminals (that usually happen for reverse
-IP address lookups), and thus may be incompatible with this.  To try to avoid
-this only DNSSEC-secure nxdomains are used, because the old software does not
-have DNSSEC.  Default is yes.
-The nxdomain must be secure, this means nsec3 with optout is insufficient.
-.TP
-.B harden\-referral\-path: \fI<yes or no>
+A value of 0 means to fetch on demand only.
+A positive value fetches that many targets opportunistically.
+.sp
+Enclose the list between quotes (\fB\(dq\(dq\fP) and put spaces between numbers.
+Setting all zeroes, \(dq0 0 0 0 0\(dq gives behaviour closer to that of BIND 9,
+while setting \(dq\-1 \-1 \-1 \-1 \-1\(dq gives behaviour rumoured to be closer to
+that of BIND 8.
+.sp
+Default:  \(dq3 2 1 0 0\(dq
+.UNINDENT
+.INDENT 0.0
+.TP
+.B harden\-short\-bufsize: \fI<yes or no>\fP 
+Very small EDNS buffer sizes from queries are ignored.
+.sp
+Default: yes (as described in the standard)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B harden\-large\-queries: \fI<yes or no>\fP 
+Very large queries are ignored.
+Default is no, since it is legal protocol wise to send these, and could be
+necessary for operation if TSIG or EDNS payload is very large.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B harden\-glue: \fI<yes or no>\fP 
+Will trust glue only if it is within the servers authority.
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B harden\-unverified\-glue: \fI<yes or no>\fP 
+Will trust only in\-zone glue.
+Will try to resolve all out of zone (\fIunverified\fP) glue.
+Will fallback to the original glue if unable to resolve.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B harden\-dnssec\-stripped: \fI<yes or no>\fP 
+Require DNSSEC data for trust\-anchored zones, if such data is absent, the
+zone becomes bogus.
+If turned off, and no DNSSEC data is received (or the DNSKEY data fails to
+validate), then the zone is made insecure, this behaves like there is no
+trust anchor.
+You could turn this off if you are sometimes behind an intrusive firewall
+(of some sort) that removes DNSSEC data from packets, or a zone changes
+from signed to unsigned to badly signed often.
+If turned off you run the risk of a downgrade attack that disables security
+for a zone.
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B harden\-below\-nxdomain: \fI<yes or no>\fP 
+From \fI\%RFC 8020\fP (with title \(dqNXDOMAIN: There Really Is Nothing
+Underneath\(dq), returns NXDOMAIN to queries for a name below another name
+that is already known to be NXDOMAIN.
+DNSSEC mandates NOERROR for empty nonterminals, hence this is possible.
+Very old software might return NXDOMAIN for empty nonterminals (that
+usually happen for reverse IP address lookups), and thus may be
+incompatible with this.
+To try to avoid this only DNSSEC\-secure NXDOMAINs are used, because the old
+software does not have DNSSEC.
+.sp
+\fBNOTE:\fP
+.INDENT 7.0
+.INDENT 3.5
+The NXDOMAIN must be secure, this means NSEC3 with optout is
+insufficient.
+.UNINDENT
+.UNINDENT
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B harden\-referral\-path: \fI<yes or no>\fP 
 Harden the referral path by performing additional queries for
-infrastructure data.  Validates the replies if trust anchors are configured
-and the zones are signed.  This enforces DNSSEC validation on nameserver
-NS sets and the nameserver addresses that are encountered on the referral
-path to the answer.
-Default no, because it burdens the authority servers, and it is
-not RFC standard, and could lead to performance problems because of the
-extra query load that is generated.  Experimental option.
-If you enable it consider adding more numbers after the target\-fetch\-policy
-to increase the max depth that is checked to.
-.TP
-.B harden\-algo\-downgrade: \fI<yes or no>
-Harden against algorithm downgrade when multiple algorithms are
-advertised in the DS record.
-This works by first choosing only the strongest DS digest type as per RFC 4509
-(Unbound treats the highest algorithm as the strongest) and then
-expecting signatures from all the advertised signing algorithms from the chosen
-DS(es) to be present.
-If no, allows any one supported algorithm to validate the zone, even if other advertised algorithms are broken.
-Default is no.
-RFC 6840 mandates that zone signers must produce zones signed with all
+infrastructure data.
+Validates the replies if trust anchors are configured and the zones are
+signed.
+This enforces DNSSEC validation on nameserver NS sets and the nameserver
+addresses that are encountered on the referral path to the answer.
+Default is off, because it burdens the authority servers, and it is not RFC
+standard, and could lead to performance problems because of the extra query
+load that is generated.
+Experimental option.
+If you enable it consider adding more numbers after the
+\fI\%target\-fetch\-policy\fP to increase
+the max depth that is checked to.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B harden\-algo\-downgrade: \fI<yes or no>\fP 
+Harden against algorithm downgrade when multiple algorithms are advertised
+in the DS record.
+This works by first choosing only the strongest DS digest type as per
+\fI\%RFC 4509\fP (Unbound treats the highest algorithm as the strongest) and
+then expecting signatures from all the advertised signing algorithms from
+the chosen DS(es) to be present.
+If no, allows any one supported algorithm to validate the zone, even if
+other advertised algorithms are broken.
+\fI\%RFC 6840\fP mandates that zone signers must produce zones signed with all
 advertised algorithms, but sometimes they do not.
-RFC 6840 also clarifies that this requirement is not for validators and
+\fI\%RFC 6840\fP also clarifies that this requirement is not for validators and
 validators should accept any single valid path.
-It should thus be explicitly noted that this option violates RFC 6840 for
-DNSSEC validation and should only be used to perform a signature
+It should thus be explicitly noted that this option violates \fI\%RFC 6840\fP
+for DNSSEC validation and should only be used to perform a signature
 completeness test to support troubleshooting.
-Using this option may break DNSSEC resolution with non-RFC6840-conforming
-signers and/or in multi-signer configurations that don't send all the
-advertised signatures.
-.TP
-.B harden\-unknown\-additional: \fI<yes or no>
+.sp
+\fBWARNING:\fP
+.INDENT 7.0
+.INDENT 3.5
+Using this option may break DNSSEC resolution with non \fI\%RFC 6840\fP
+conforming signers and/or in multi\-signer configurations that don\(aqt
+send all the advertised signatures.
+.UNINDENT
+.UNINDENT
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B harden\-unknown\-additional: \fI<yes or no>\fP 
 Harden against unknown records in the authority section and additional
-section. Default is no. If no, such records are copied from the upstream
-and presented to the client together with the answer. If yes, it could
-hamper future protocol developments that want to add records.
-.TP
-.B use\-caps\-for\-id: \fI<yes or no>
+section.
+If no, such records are copied from the upstream and presented to the
+client together with the answer.
+If yes, it could hamper future protocol developments that want to add
+records.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B use\-caps\-for\-id: \fI<yes or no>\fP 
 Use 0x20\-encoded random bits in the query to foil spoof attempts.
-This perturbs the lowercase and uppercase of query names sent to
-authority servers and checks if the reply still has the correct casing.
-Disabled by default.
+This perturbs the lowercase and uppercase of query names sent to authority
+servers and checks if the reply still has the correct casing.
 This feature is an experimental implementation of draft dns\-0x20.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
 .TP
-.B caps\-exempt: \fI<domain>
+.B caps\-exempt: \fI<domain>\fP 
 Exempt the domain so that it does not receive caps\-for\-id perturbed
-queries.  For domains that do not support 0x20 and also fail with fallback
-because they keep sending different answers, like some load balancers.
+queries.
+For domains that do not support 0x20 and also fail with fallback because
+they keep sending different answers, like some load balancers.
 Can be given multiple times, for different domains.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B caps\-whitelist: \fI<domain>
-Alternate syntax for \fBcaps\-exempt\fR.
+.B caps\-whitelist: \fI<domain>\fP 
+Alternate syntax for \fI\%caps\-exempt\fP\&.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B qname\-minimisation: \fI<yes or no>
+.B qname\-minimisation: \fI<yes or no>\fP 
 Send minimum amount of information to upstream servers to enhance privacy.
 Only send minimum required labels of the QNAME and set QTYPE to A when
-possible. Best effort approach; full QNAME and original QTYPE will be sent when
+possible.
+Best effort approach; full QNAME and original QTYPE will be sent when
 upstream replies with a RCODE other than NOERROR, except when receiving
-NXDOMAIN from a DNSSEC signed zone. Default is yes.
-.TP
-.B qname\-minimisation\-strict: \fI<yes or no>
-QNAME minimisation in strict mode. Do not fall-back to sending full QNAME to
-potentially broken nameservers. A lot of domains will not be resolvable when
-this option in enabled. Only use if you know what you are doing.
-This option only has effect when qname-minimisation is enabled. Default is no.
-.TP
-.B aggressive\-nsec: \fI<yes or no>
-Aggressive NSEC uses the DNSSEC NSEC chain to synthesize NXDOMAIN
-and other denials, using information from previous NXDOMAINs answers.
-Default is yes.  It helps to reduce the query rate towards targets that get
-a very high nonexistent name lookup rate.
-.TP
-.B private\-address: \fI<IP address or subnet>
-Give IPv4 of IPv6 addresses or classless subnets. These are addresses
-on your private network, and are not allowed to be returned for
-public internet names.  Any occurrence of such addresses are removed
-from DNS answers. Additionally, the DNSSEC validator may mark the
-answers bogus. This protects against so\-called DNS Rebinding, where
-a user browser is turned into a network proxy, allowing remote access
-through the browser to other parts of your private network.  Some names
-can be allowed to contain your private addresses, by default all the
-\fBlocal\-data\fR that you configured is allowed to, and you can specify
-additional names using \fBprivate\-domain\fR.  No private addresses are
-enabled by default.  We consider to enable this for the RFC1918 private
-IP address space by default in later releases. That would enable private
-addresses for 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 169.254.0.0/16
-fd00::/8 and fe80::/10, since the RFC standards say these addresses
-should not be visible on the public internet.  Turning on 127.0.0.0/8
-would hinder many spamblocklists as they use that.  Adding ::ffff:0:0/96
-stops IPv4-mapped IPv6 addresses from bypassing the filter.
-.TP
-.B private\-domain: \fI<domain name>
+NXDOMAIN from a DNSSEC signed zone.
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B qname\-minimisation\-strict: \fI<yes or no>\fP 
+QNAME minimisation in strict mode.
+Do not fall\-back to sending full QNAME to potentially broken nameservers.
+A lot of domains will not be resolvable when this option in enabled.
+Only use if you know what you are doing.
+This option only has effect when
+\fI\%qname\-minimisation\fP is enabled.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B aggressive\-nsec: \fI<yes or no>\fP 
+Aggressive NSEC uses the DNSSEC NSEC chain to synthesize NXDOMAIN and other
+denials, using information from previous NXDOMAINs answers.
+It helps to reduce the query rate towards targets that get a very high
+nonexistent name lookup rate.
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B private\-address: \fI<IP address or subnet>\fP 
+Give IPv4 of IPv6 addresses or classless subnets.
+These are addresses on your private network, and are not allowed to be
+returned for public internet names.
+Any occurrence of such addresses are removed from DNS answers.
+Additionally, the DNSSEC validator may mark the answers bogus.
+This protects against so\-called DNS Rebinding, where a user browser is
+turned into a network proxy, allowing remote access through the browser to
+other parts of your private network.
+.sp
+Some names can be allowed to contain your private addresses, by default all
+the \fI\%local\-data\fP that you configured is
+allowed to, and you can specify additional names using
+\fI\%private\-domain\fP\&.
+No private addresses are enabled by default.
+.sp
+We consider to enable this for the \fI\%RFC 1918\fP private IP address space by
+default in later releases.
+That would enable private addresses for \fB10.0.0.0/8\fP, \fB172.16.0.0/12\fP,
+\fB192.168.0.0/16\fP, \fB169.254.0.0/16\fP, \fBfd00::/8\fP and \fBfe80::/10\fP,
+since the RFC standards say these addresses should not be visible on the
+public internet.
+.sp
+Turning on \fB127.0.0.0/8\fP would hinder many spamblocklists as they use
+that.
+Adding \fB::ffff:0:0/96\fP stops IPv4\-mapped IPv6 addresses from bypassing
+the filter.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B private\-domain: \fI<domain name>\fP 
 Allow this domain, and all its subdomains to contain private addresses.
 Give multiple times to allow multiple domain names to contain private
-addresses. Default is none.
-.TP
-.B unwanted\-reply\-threshold: \fI<number>
-If set, a total number of unwanted replies is kept track of in every thread.
-When it reaches the threshold, a defensive action is taken and a warning
-is printed to the log.  The defensive action is to clear the rrset and
-message caches, hopefully flushing away any poison.  A value of 10 million
-is suggested.  Default is 0 (turned off).
-.TP
-.B do\-not\-query\-address: \fI<IP address>
-Do not query the given IP address. Can be IP4 or IP6. Append /num to
-indicate a classless delegation netblock, for example like
-10.2.3.4/24 or 2001::11/64.
-.TP
-.B do\-not\-query\-localhost: \fI<yes or no>
-If yes, localhost is added to the do\-not\-query\-address entries, both
-IP6 ::1 and IP4 127.0.0.1/8. If no, then localhost can be used to send
-queries to. Default is yes.
-.TP
-.B prefetch: \fI<yes or no>
-If yes, cache hits on message cache elements that are on their last 10 percent
-of their TTL value trigger a prefetch to keep the cache up to date.
-Default is no.
-Turning it on gives about 10 percent more traffic and load on the machine, but
-popular items do not expire from the cache.
-.TP
-.B prefetch\-key: \fI<yes or no>
+addresses.
+.sp
+Default: (none)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B unwanted\-reply\-threshold: \fI<number>\fP 
+If set, a total number of unwanted replies is kept track of in every
+thread.
+When it reaches the threshold, a defensive action is taken and a warning is
+printed to the log.
+The defensive action is to clear the rrset and message caches, hopefully
+flushing away any poison.
+A value of 10 million is suggested.
+.sp
+Default: 0 (disabled)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B do\-not\-query\-address: \fI<IP address>\fP 
+Do not query the given IP address.
+Can be IPv4 or IPv6.
+Append /num to indicate a classless delegation netblock, for example like
+\fB10.2.3.4/24\fP or \fB2001::11/64\fP\&.
+.sp
+Default: (none)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B do\-not\-query\-localhost: \fI<yes or no>\fP 
+If yes, localhost is added to the
+\fI\%do\-not\-query\-address\fP entries,
+both IPv6 \fB::1\fP and IPv4 \fB127.0.0.1/8\fP\&.
+If no, then localhost can be used to send queries to.
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B prefetch: \fI<yes or no>\fP 
+If yes, cache hits on message cache elements that are on their last 10
+percent of their TTL value trigger a prefetch to keep the cache up to date.
+Turning it on gives about 10 percent more traffic and load on the machine,
+but popular items do not expire from the cache.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B prefetch\-key: \fI<yes or no>\fP 
 If yes, fetch the DNSKEYs earlier in the validation process, when a DS
-record is encountered.  This lowers the latency of requests.  It does use
-a little more CPU.  Also if the cache is set to 0, it is no use. Default is no.
-.TP
-.B deny\-any: \fI<yes or no>
-If yes, deny queries of type ANY with an empty response.  Default is no.
+record is encountered.
+This lowers the latency of requests.
+It does use a little more CPU.
+Also if the cache is set to 0, it is no use.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B deny\-any: \fI<yes or no>\fP 
+If yes, deny queries of type ANY with an empty response.
 If disabled, Unbound responds with a short list of resource records if some
 can be found in the cache and makes the upstream type ANY query if there
 are none.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
 .TP
-.B rrset\-roundrobin: \fI<yes or no>
+.B rrset\-roundrobin: \fI<yes or no>\fP 
 If yes, Unbound rotates RRSet order in response (the random number is taken
-from the query ID, for speed and thread safety).  Default is yes.
+from the query ID, for speed and thread safety).
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
 .TP
-.B minimal-responses: \fI<yes or no>
+.B minimal\-responses: \fI<yes or no>\fP 
 If yes, Unbound does not insert authority/additional sections into response
-messages when those sections are not required.  This reduces response
-size significantly, and may avoid TCP fallback for some responses which may
-cause a slight speedup.  The default is yes, even though the DNS
-protocol RFCs mandate these sections, and the additional content could
-save roundtrips for clients that use the additional content.
+messages when those sections are not required.
+This reduces response size significantly, and may avoid TCP fallback for
+some responses which may cause a slight speedup.
+The default is yes, even though the DNS protocol RFCs mandate these
+sections, and the additional content could save roundtrips for clients that
+use the additional content.
 However these sections are hardly used by clients.
 Enabling prefetch can benefit clients that need the additional content
 by trying to keep that content fresh in the cache.
-.TP
-.B disable-dnssec-lame-check: \fI<yes or no>
-If true, disables the DNSSEC lameness check in the iterator.  This check
-sees if RRSIGs are present in the answer, when dnssec is expected,
-and retries another authority if RRSIGs are unexpectedly missing.
-The validator will insist in RRSIGs for DNSSEC signed domains regardless
-of this setting, if a trust anchor is loaded.
-.TP
-.B module\-config: \fI<"module names">
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B disable\-dnssec\-lame\-check: \fI<yes or no>\fP 
+If yes, disables the DNSSEC lameness check in the iterator.
+This check sees if RRSIGs are present in the answer, when DNSSEC is
+expected, and retries another authority if RRSIGs are unexpectedly missing.
+The validator will insist in RRSIGs for DNSSEC signed domains regardless of
+this setting, if a trust anchor is loaded.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B module\-config: \fI\(dq<module names>\(dq\fP 
 Module configuration, a list of module names separated by spaces, surround
-the string with quotes (""). The modules can be \fIrespip\fR,
-\fIvalidator\fR, or \fIiterator\fR (and possibly more, see below).
-Setting this to just "\fIiterator\fR" will result in a non\-validating
-server.
-Setting this to "\fIvalidator iterator\fR" will turn on DNSSEC validation.
-The ordering of the modules is significant, the order decides the
-order of processing.
-You must also set \fItrust\-anchors\fR for validation to be useful.
-Adding \fIrespip\fR to the front will cause RPZ processing to be done on
-all queries.
-The default is "\fIvalidator iterator\fR".
-.IP
+the string with quotes (\fB\(dq\(dq\fP).
+The modules can be \fBrespip\fP, \fBvalidator\fP, or \fBiterator\fP (and possibly
+more, see below).
+.sp
+\fBNOTE:\fP
+.INDENT 7.0
+.INDENT 3.5
+The ordering of the modules is significant, the order decides the order
+of processing.
+.UNINDENT
+.UNINDENT
+.sp
+Setting this to just \(dqiterator\(dq will result in a non\-validating server.
+Setting this to \(dqvalidator iterator\(dq will turn on DNSSEC validation.
+.sp
+\fBNOTE:\fP
+.INDENT 7.0
+.INDENT 3.5
+You must also set trust\-anchors for validation to be useful.
+.UNINDENT
+.UNINDENT
+.sp
+Adding \fBrespip\fP to the front will cause RPZ processing to be done on all
+queries.
+.sp
 Most modules that need to be listed here have to be listed at the beginning
-of the line.  The subnetcachedb module has to be listed just before
-the iterator.
-The python module can be listed in different places, it then processes the
-output of the module it is just before. The dynlib module can be listed pretty
-much anywhere, it is only a very thin wrapper that allows dynamic libraries to
-run in its place.
-.TP
-.B trust\-anchor\-file: \fI<filename>
-File with trusted keys for validation. Both DS and DNSKEY entries can appear
-in the file. The format of the file is the standard DNS Zone file format.
-Default is "", or no trust anchor file.
-.TP
-.B auto\-trust\-anchor\-file: \fI<filename>
-File with trust anchor for one zone, which is tracked with RFC5011 probes.
+of the line.
+.sp
+The \fBsubnetcache\fP module has to be listed just before the iterator.
+.sp
+The \fBpython\fP module can be listed in different places, it then processes
+the output of the module it is just before.
+.sp
+The \fBdynlib\fP module can be listed pretty much anywhere, it is only a very
+thin wrapper that allows dynamic libraries to run in its place.
+.sp
+Default: \(dqvalidator iterator\(dq
+.UNINDENT
+.INDENT 0.0
+.TP
+.B trust\-anchor\-file: \fI<filename>\fP 
+File with trusted keys for validation.
+Both DS and DNSKEY entries can appear in the file.
+The format of the file is the standard DNS Zone file format.
+.sp
+Default: \(dq\(dq (no trust anchor file)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B auto\-trust\-anchor\-file: \fI<filename>\fP 
+File with trust anchor for one zone, which is tracked with \fI\%RFC 5011\fP
+probes.
 The probes are run several times per month, thus the machine must be online
-frequently.  The initial file can be one with contents as described in
-\fBtrust\-anchor\-file\fR.  The file is written to when the anchor is updated,
-so the Unbound user must have write permission.  Write permission to the file,
-but also to the directory it is in (to create a temporary file, which is
-necessary to deal with filesystem full events), it must also be inside the
-chroot (if that is used).
-.TP
-.B trust\-anchor: \fI<"Resource Record">
-A DS or DNSKEY RR for a key to use for validation. Multiple entries can be
-given to specify multiple trusted keys, in addition to the trust\-anchor\-files.
-The resource record is entered in the same format as 'dig' or 'drill' prints
-them, the same format as in the zone file. Has to be on a single line, with
-"" around it. A TTL can be specified for ease of cut and paste, but is ignored.
+frequently.
+The initial file can be one with contents as described in
+\fI\%trust\-anchor\-file\fP\&.
+The file is written to when the anchor is updated, so the Unbound user must
+have write permission.
+Write permission to the file, but also to the directory it is in (to create
+a temporary file, which is necessary to deal with filesystem full events),
+it must also be inside the \fI\%chroot\fP (if that is
+used).
+.sp
+Default: \(dq\(dq (no auto trust anchor file)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B trust\-anchor: \fI\(dq<Resource Record>\(dq\fP 
+A DS or DNSKEY RR for a key to use for validation.
+Multiple entries can be given to specify multiple trusted keys, in addition
+to the \fI\%trust\-anchor\-file\fP\&.
+The resource record is entered in the same format as \fIdig(1)\fP or \fIdrill(1)\fP
+prints them, the same format as in the zone file.
+Has to be on a single line, with \fB\(dq\(dq\fP around it.
+A TTL can be specified for ease of cut and paste, but is ignored.
 A class can be specified, but class IN is default.
-.TP
-.B trusted\-keys\-file: \fI<filename>
-File with trusted keys for validation. Specify more than one file
-with several entries, one file per entry. Like \fBtrust\-anchor\-file\fR
-but has a different file format. Format is BIND\-9 style format,
-the trusted\-keys { name flag proto algo "key"; }; clauses are read.
+.sp
+Default: (none)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B trusted\-keys\-file: \fI<filename>\fP 
+File with trusted keys for validation.
+Specify more than one file with several entries, one file per entry.
+Like \fI\%trust\-anchor\-file\fP but has a
+different file format.
+Format is BIND\-9 style format, the \fBtrusted\-keys { name flag proto algo
+\(dqkey\(dq; };\fP clauses are read.
 It is possible to use wildcards with this statement, the wildcard is
 expanded on start and on reload.
-.TP
-.B trust\-anchor\-signaling: \fI<yes or no>
-Send RFC8145 key tag query after trust anchor priming. Default is yes.
-.TP
-.B root\-key\-sentinel: \fI<yes or no>
-Root key trust anchor sentinel. Default is yes.
-.TP
-.B domain\-insecure: \fI<domain name>
-Sets domain name to be insecure, DNSSEC chain of trust is ignored towards
-the domain name.  So a trust anchor above the domain name can not make the
-domain secure with a DS record, such a DS record is then ignored.
-Can be given multiple times
-to specify multiple domains that are treated as if unsigned.  If you set
-trust anchors for the domain they override this setting (and the domain
-is secured).
-.IP
+.sp
+Default: \(dq\(dq (no trusted keys file)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B trust\-anchor\-signaling: \fI<yes or no>\fP 
+Send \fI\%RFC 8145\fP key tag query after trust anchor priming.
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B root\-key\-sentinel: \fI<yes or no>\fP 
+Root key trust anchor sentinel.
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B domain\-insecure: \fI<domain name>\fP 
+Sets \fI<domain name>\fP to be insecure, DNSSEC chain of trust is ignored
+towards the \fI<domain name>\fP\&.
+So a trust anchor above the domain name can not make the domain secure with
+a DS record, such a DS record is then ignored.
+Can be given multiple times to specify multiple domains that are treated as
+if unsigned.
+If you set trust anchors for the domain they override this setting (and the
+domain is secured).
+.sp
 This can be useful if you want to make sure a trust anchor for external
-lookups does not affect an (unsigned) internal domain.  A DS record
-externally can create validation failures for that internal domain.
-.TP
-.B val\-override\-date: \fI<rrsig\-style date spec>
-Default is "" or "0", which disables this debugging feature. If enabled by
-giving a RRSIG style date, that date is used for verifying RRSIG inception
-and expiration dates, instead of the current date. Do not set this unless
-you are debugging signature inception and expiration. The value \-1 ignores
-the date altogether, useful for some special applications.
-.TP
-.B val\-sig\-skew\-min: \fI<seconds>
+lookups does not affect an (unsigned) internal domain.
+A DS record externally can create validation failures for that internal
+domain.
+.sp
+Default: (none)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B val\-override\-date: \fI<rrsig\-style date spec>\fP 
+.sp
+\fBWARNING:\fP
+.INDENT 7.0
+.INDENT 3.5
+Debugging feature!
+.UNINDENT
+.UNINDENT
+.sp
+If enabled by giving a RRSIG style date, that date is used for verifying
+RRSIG inception and expiration dates, instead of the current date.
+Do not set this unless you are debugging signature inception and
+expiration.
+The value \-1 ignores the date altogether, useful for some special
+applications.
+.sp
+Default: 0 (disabled)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B val\-sig\-skew\-min: \fI<seconds>\fP 
 Minimum number of seconds of clock skew to apply to validated signatures.
-A value of 10% of the signature lifetime (expiration \- inception) is
-used, capped by this setting.  Default is 3600 (1 hour) which allows for
-daylight savings differences.  Lower this value for more strict checking
-of short lived signatures.
-.TP
-.B val\-sig\-skew\-max: \fI<seconds>
+A value of 10% of the signature lifetime (expiration \- inception) is used,
+capped by this setting.
+Default is 3600 (1 hour) which allows for daylight savings differences.
+Lower this value for more strict checking of short lived signatures.
+.sp
+Default: 3600 (1 hour)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B val\-sig\-skew\-max: \fI<seconds>\fP 
 Maximum number of seconds of clock skew to apply to validated signatures.
-A value of 10% of the signature lifetime (expiration \- inception)
-is used, capped by this setting.  Default is 86400 (24 hours) which
-allows for timezone setting problems in stable domains.  Setting both
-min and max very low disables the clock skew allowances.  Setting both
-min and max very high makes the validator check the signature timestamps
-less strictly.
-.TP
-.B val\-max\-restart: \fI<number>
-The maximum number the validator should restart validation with
-another authority in case of failed validation. Default is 5.
-.TP
-.B val\-bogus\-ttl: \fI<number>
-The time to live for bogus data. This is data that has failed validation;
-due to invalid signatures or other checks. The TTL from that data cannot be
-trusted, and this value is used instead. The value is in seconds, default 60.
+A value of 10% of the signature lifetime (expiration \- inception) is used,
+capped by this setting.
+Default is 86400 (24 hours) which allows for timezone setting problems in
+stable domains.
+Setting both min and max very low disables the clock skew allowances.
+Setting both min and max very high makes the validator check the signature
+timestamps less strictly.
+.sp
+Default: 86400 (24 hours)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B val\-max\-restart: \fI<number>\fP 
+The maximum number the validator should restart validation with another
+authority in case of failed validation.
+.sp
+Default: 5
+.UNINDENT
+.INDENT 0.0
+.TP
+.B val\-bogus\-ttl: \fI<seconds>\fP 
+The time to live for bogus data.
+This is data that has failed validation; due to invalid signatures or other
+checks.
+The TTL from that data cannot be trusted, and this value is used instead.
 The time interval prevents repeated revalidation of bogus data.
+.sp
+Default: 60
+.UNINDENT
+.INDENT 0.0
 .TP
-.B val\-clean\-additional: \fI<yes or no>
+.B val\-clean\-additional: \fI<yes or no>\fP 
 Instruct the validator to remove data from the additional section of secure
-messages that are not signed properly. Messages that are insecure, bogus,
-indeterminate or unchecked are not affected. Default is yes. Use this setting
-to protect the users that rely on this validator for authentication from
-potentially bad data in the additional section.
-.TP
-.B val\-log\-level: \fI<number>
-Have the validator print validation failures to the log.  Regardless of
-the verbosity setting.  Default is 0, off.  At 1, for every user query
-that fails a line is printed to the logs.  This way you can monitor what
-happens with validation.  Use a diagnosis tool, such as dig or drill,
-to find out why validation is failing for these queries.  At 2, not only
-the query that failed is printed but also the reason why Unbound thought
-it was wrong and which server sent the faulty data.
-.TP
-.B val\-permissive\-mode: \fI<yes or no>
-Instruct the validator to mark bogus messages as indeterminate. The security
-checks are performed, but if the result is bogus (failed security), the
-reply is not withheld from the client with SERVFAIL as usual. The client
-receives the bogus data. For messages that are found to be secure the AD bit
-is set in replies. Also logging is performed as for full validation.
-The default value is "no".
-.TP
-.B ignore\-cd\-flag: \fI<yes or no>
-Instruct Unbound to ignore the CD flag from clients and refuse to
-return bogus answers to them.  Thus, the CD (Checking Disabled) flag
-does not disable checking any more.  This is useful if legacy (w2008)
-servers that set the CD flag but cannot validate DNSSEC themselves are
-the clients, and then Unbound provides them with DNSSEC protection.
-The default value is "no".
-.TP
-.B disable\-edns\-do: \fI<yes or no>
+messages that are not signed properly.
+Messages that are insecure, bogus, indeterminate or unchecked are not
+affected.
+Use this setting to protect the users that rely on this validator for
+authentication from potentially bad data in the additional section.
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B val\-log\-level: \fI<number>\fP 
+Have the validator print validation failures to the log.
+Regardless of the verbosity setting.
+.sp
+At 1, for every user query that fails a line is printed to the logs.
+This way you can monitor what happens with validation.
+Use a diagnosis tool, such as dig or drill, to find out why validation is
+failing for these queries.
+.sp
+At 2, not only the query that failed is printed but also the reason why
+Unbound thought it was wrong and which server sent the faulty data.
+.sp
+Default: 0 (disabled)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B val\-permissive\-mode: \fI<yes or no>\fP 
+Instruct the validator to mark bogus messages as indeterminate.
+The security checks are performed, but if the result is bogus (failed
+security), the reply is not withheld from the client with SERVFAIL as
+usual.
+The client receives the bogus data.
+For messages that are found to be secure the AD bit is set in replies.
+Also logging is performed as for full validation.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ignore\-cd\-flag: \fI<yes or no>\fP 
+Instruct Unbound to ignore the CD flag from clients and refuse to return
+bogus answers to them.
+Thus, the CD (Checking Disabled) flag does not disable checking any more.
+This is useful if legacy (w2008) servers that set the CD flag but cannot
+validate DNSSEC themselves are the clients, and then Unbound provides them
+with DNSSEC protection.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B disable\-edns\-do: \fI<yes or no>\fP 
 Disable the EDNS DO flag in upstream requests.
-It breaks DNSSEC validation for Unbound's clients.
+It breaks DNSSEC validation for Unbound\(aqs clients.
 This results in the upstream name servers to not include DNSSEC records in
 their replies and could be helpful for devices that cannot handle DNSSEC
 information.
@@ -1399,1255 +2553,2187 @@ If this option is enabled but Unbound is already configured for DNSSEC
 validation (i.e., the validator module is enabled; default) this option is
 implicitly turned off with a warning as to not break DNSSEC validation in
 Unbound.
-Default is no.
-.TP
-.B serve\-expired: \fI<yes or no>
-If enabled, Unbound attempts to serve old responses from cache with a
-TTL of \fBserve\-expired\-reply\-ttl\fR in the response.
-By default the expired answer will be used after a resolution attempt errored
-out or is taking more than serve\-expired\-client\-timeout to resolve.
-Default is "no".
-.TP
-.B serve\-expired\-ttl: \fI<seconds>
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B serve\-expired: \fI<yes or no>\fP 
+If enabled, Unbound attempts to serve old responses from cache with a TTL
+of \fI\%serve\-expired\-reply\-ttl\fP in
+the response.
+By default the expired answer will be used after a resolution attempt
+errored out or is taking more than
+\fI\%serve\-expired\-client\-timeout\fP
+to resolve.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B serve\-expired\-ttl: \fI<seconds>\fP 
 Limit serving of expired responses to configured seconds after expiration.
-0 disables the limit.
-This option only applies when \fBserve\-expired\fR is enabled.
+\fB0\fP disables the limit.
+This option only applies when
+\fI\%serve\-expired\fP is enabled.
 A suggested value per RFC 8767 is between 86400 (1 day) and 259200 (3 days).
 The default is 86400.
-.TP
-.B serve\-expired\-ttl\-reset: \fI<yes or no>
-Set the TTL of expired records to the \fBserve\-expired\-ttl\fR value after a
-failed attempt to retrieve the record from upstream.  This makes sure that the
-expired records will be served as long as there are queries for it.  Default is
-"no".
-.TP
-.B serve\-expired\-reply\-ttl: \fI<seconds>
-TTL value to use when replying with expired data.  If
-\fBserve\-expired\-client\-timeout\fR is also used then it is RECOMMENDED to
-use 30 as the value (RFC 8767).  The default is 30.
-.TP
-.B serve\-expired\-client\-timeout: \fI<msec>
+.sp
+Default: 86400
+.UNINDENT
+.INDENT 0.0
+.TP
+.B serve\-expired\-ttl\-reset: \fI<yes or no>\fP 
+Set the TTL of expired records to the
+\fI\%serve\-expired\-ttl\fP value after a
+failed attempt to retrieve the record from upstream.
+This makes sure that the expired records will be served as long as there
+are queries for it.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B serve\-expired\-reply\-ttl: \fI<seconds>\fP 
+TTL value to use when replying with expired data.
+If
+\fI\%serve\-expired\-client\-timeout\fP
+is also used then it is RECOMMENDED to use 30 as the value (\fI\%RFC 8767\fP).
+.sp
+Default: 30
+.UNINDENT
+.INDENT 0.0
+.TP
+.B serve\-expired\-client\-timeout: \fI<msec>\fP 
 Time in milliseconds before replying to the client with expired data.
-This essentially enables the serve-stale behavior as specified in
-RFC 8767 that first tries to resolve before immediately
-responding with expired data.
-Setting this to 0 will disable this behavior and instead serve the expired
-record immediately from the cache before attempting to refresh it via
-resolution.
-Default is 1800.
-.TP
-.B serve\-original\-ttl: \fI<yes or no>
+This essentially enables the serve\-stale behavior as specified in
+\fI\%RFC 8767\fP that first tries to resolve before immediately responding with
+expired data.
+Setting this to \fB0\fP will disable this behavior and instead serve the
+expired record immediately from the cache before attempting to refresh it
+via resolution.
+.sp
+Default: 1800
+.UNINDENT
+.INDENT 0.0
+.TP
+.B serve\-original\-ttl: \fI<yes or no>\fP 
 If enabled, Unbound will always return the original TTL as received from
-the upstream name server rather than the decrementing TTL as
-stored in the cache.  This feature may be useful if Unbound serves as a
-front-end to a hidden authoritative name server. Enabling this feature does
-not impact cache expiry, it only changes the TTL Unbound embeds in responses to
-queries. Note that enabling this feature implicitly disables enforcement of
-the configured minimum and maximum TTL, as it is assumed users who enable this
-feature do not want Unbound to change the TTL obtained from an upstream server.
-Thus, the values set using \fBcache\-min\-ttl\fR and \fBcache\-max\-ttl\fR are
-ignored.
-Default is "no".
-.TP
-.B val\-nsec3\-keysize\-iterations: \fI<"list of values">
+the upstream name server rather than the decrementing TTL as stored in the
+cache.
+This feature may be useful if Unbound serves as a front\-end to a hidden
+authoritative name server.
+.sp
+Enabling this feature does not impact cache expiry, it only changes the TTL
+Unbound embeds in responses to queries.
+.sp
+\fBNOTE:\fP
+.INDENT 7.0
+.INDENT 3.5
+Enabling this feature implicitly disables enforcement of the configured
+minimum and maximum TTL, as it is assumed users who enable this feature
+do not want Unbound to change the TTL obtained from an upstream server.
+.UNINDENT
+.UNINDENT
+.sp
+\fBNOTE:\fP
+.INDENT 7.0
+.INDENT 3.5
+The values set using \fI\%cache\-min\-ttl\fP
+and \fI\%cache\-max\-ttl\fP are ignored.
+.UNINDENT
+.UNINDENT
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B val\-nsec3\-keysize\-iterations: <\(dqlist of values\(dq> 
 List of keysize and iteration count values, separated by spaces, surrounded
-by quotes. Default is "1024 150 2048 150 4096 150". This determines the
-maximum allowed NSEC3 iteration count before a message is simply marked
-insecure instead of performing the many hashing iterations. The list must
-be in ascending order and have at least one entry. If you set it to
-"1024 65535" there is no restriction to NSEC3 iteration values.
-This table must be kept short; a very long list could cause slower operation.
-.TP
-.B zonemd\-permissive\-mode: \fI<yes or no>
-If enabled the ZONEMD verification failures are only logged and do not cause
-the zone to be blocked and only return servfail.  Useful for testing out
-if it works, or if the operator only wants to be notified of a problem without
-disrupting service.  Default is no.
-.TP
-.B add\-holddown: \fI<seconds>
-Instruct the \fBauto\-trust\-anchor\-file\fR probe mechanism for RFC5011
-autotrust updates to add new trust anchors only after they have been
-visible for this time.  Default is 30 days as per the RFC.
-.TP
-.B del\-holddown: \fI<seconds>
-Instruct the \fBauto\-trust\-anchor\-file\fR probe mechanism for RFC5011
-autotrust updates to remove revoked trust anchors after they have been
-kept in the revoked list for this long.  Default is 30 days as per
-the RFC.
-.TP
-.B keep\-missing: \fI<seconds>
-Instruct the \fBauto\-trust\-anchor\-file\fR probe mechanism for RFC5011
-autotrust updates to remove missing trust anchors after they have been
-unseen for this long.  This cleans up the state file if the target zone
-does not perform trust anchor revocation, so this makes the auto probe
-mechanism work with zones that perform regular (non\-5011) rollovers.
-The default is 366 days.  The value 0 does not remove missing anchors,
-as per the RFC.
-.TP
-.B permit\-small\-holddown: \fI<yes or no>
-Debug option that allows the autotrust 5011 rollover timers to assume
-very small values.  Default is no.
-.TP
-.B key\-cache\-size: \fI<number>
-Number of bytes size of the key cache. Default is 4 megabytes.
-A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes
+by quotes.
+This determines the maximum allowed NSEC3 iteration count before a message
+is simply marked insecure instead of performing the many hashing
+iterations.
+The list must be in ascending order and have at least one entry.
+If you set it to \(dq1024 65535\(dq there is no restriction to NSEC3 iteration
+values.
+.sp
+\fBNOTE:\fP
+.INDENT 7.0
+.INDENT 3.5
+This table must be kept short; a very long list could cause slower
+operation.
+.UNINDENT
+.UNINDENT
+.sp
+Default: \(dq1024 150 2048 150 4096 150\(dq
+.UNINDENT
+.INDENT 0.0
+.TP
+.B zonemd\-permissive\-mode: \fI<yes or no>\fP 
+If enabled the ZONEMD verification failures are only logged and do not
+cause the zone to be blocked and only return servfail.
+Useful for testing out if it works, or if the operator only wants to be
+notified of a problem without disrupting service.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B add\-holddown: \fI<seconds>\fP 
+Instruct the
+\fI\%auto\-trust\-anchor\-file\fP probe
+mechanism for \fI\%RFC 5011\fP autotrust updates to add new trust anchors only
+after they have been visible for this time.
+.sp
+Default: 2592000 (30 days as per the RFC)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B del\-holddown: \fI<seconds>\fP 
+Instruct the
+\fI\%auto\-trust\-anchor\-file\fP probe
+mechanism for \fI\%RFC 5011\fP autotrust updates to remove revoked trust anchors
+after they have been kept in the revoked list for this long.
+.sp
+Default: 2592000 (30 days as per the RFC)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B keep\-missing: \fI<seconds>\fP 
+Instruct the
+\fI\%auto\-trust\-anchor\-file\fP probe
+mechanism for \fI\%RFC 5011\fP autotrust updates to remove missing trust anchors
+after they have been unseen for this long.
+This cleans up the state file if the target zone does not perform trust
+anchor revocation, so this makes the auto probe mechanism work with zones
+that perform regular (non\-5011) rollovers.
+The value 0 does not remove missing anchors, as per the RFC.
+.sp
+Default: 31622400 (366 days)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B permit\-small\-holddown: \fI<yes or no>\fP 
+Debug option that allows the autotrust 5011 rollover timers to assume very
+small values.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B key\-cache\-size: \fI<number>\fP 
+Number of bytes size of the key cache.
+A plain number is in bytes, append \(aqk\(aq, \(aqm\(aq or \(aqg\(aq for kilobytes, megabytes
 or gigabytes (1024*1024 bytes in a megabyte).
-.TP
-.B key\-cache\-slabs: \fI<number>
-Number of slabs in the key cache. Slabs reduce lock contention by threads.
-Must be set to a power of 2. Setting (close) to the number of cpus is a
-reasonable guess.
-.TP
-.B neg\-cache\-size: \fI<number>
-Number of bytes size of the aggressive negative cache. Default is 1 megabyte.
-A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes
+.sp
+Default: 4m
+.UNINDENT
+.INDENT 0.0
+.TP
+.B key\-cache\-slabs: \fI<number>\fP 
+Number of slabs in the key cache.
+Slabs reduce lock contention by threads.
+Must be set to a power of 2.
+Setting (close) to the number of cpus is a fairly good setting.
+If left unconfigured, it will be configured automatically to be a power of
+2 close to the number of configured threads in multi\-threaded environments.
+.sp
+Default: (unconfigured)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B neg\-cache\-size: \fI<number>\fP 
+Number of bytes size of the aggressive negative cache.
+A plain number is in bytes, append \(aqk\(aq, \(aqm\(aq or \(aqg\(aq for kilobytes, megabytes
 or gigabytes (1024*1024 bytes in a megabyte).
-.TP
-.B unblock\-lan\-zones: \fI<yes or no>
-Default is disabled.  If enabled, then for private address space,
-the reverse lookups are no longer filtered.  This allows Unbound when
-running as dns service on a host where it provides service for that host,
-to put out all of the queries for the 'lan' upstream.  When enabled,
-only localhost, 127.0.0.1 reverse and ::1 reverse zones are configured
-with default local zones.  Disable the option when Unbound is running
-as a (DHCP-) DNS network resolver for a group of machines, where such
-lookups should be filtered (RFC compliance), this also stops potential
-data leakage about the local network to the upstream DNS servers.
-.TP
-.B insecure\-lan\-zones: \fI<yes or no>
-Default is disabled.  If enabled, then reverse lookups in private
-address space are not validated.  This is usually required whenever
-\fIunblock\-lan\-zones\fR is used.
-.TP
-.B local\-zone: \fI<zone> <type>
-Configure a local zone. The type determines the answer to give if
-there is no match from local\-data. The types are deny, refuse, static,
-transparent, redirect, nodefault, typetransparent, inform, inform_deny,
-inform_redirect, always_transparent, block_a, always_refuse, always_nxdomain,
-always_null, noview, and are explained below. After that the default settings
-are listed. Use local\-data: to enter data into the local zone. Answers for
-local zones are authoritative DNS answers. By default the zones are class IN.
-.IP
-If you need more complicated authoritative data, with referrals, wildcards,
-CNAME/DNAME support, or DNSSEC authoritative service, setup a stub\-zone for
-it as detailed in the stub zone section below. A stub\-zone can be used to
-have unbound send queries to another server, an authoritative server, to
-fetch the information. With a forward\-zone, unbound sends queries to a server
-that is a recursive server to fetch the information. With an auth\-zone a
-zone can be loaded from file and used, it can be used like a local\-zone
-for users downstream, or the auth\-zone information can be used to fetch
-information from when resolving like it is an upstream server. The
-forward\-zone and auth\-zone options are described in their sections below.
-If you want to perform filtering of the information that the users can fetch,
-the local\-zone and local\-data statements allow for this, but also the
-rpz functionality can be used, described in the RPZ section.
-.TP 10
-\h'5'\fIdeny\fR
+.sp
+Default: 1m
+.UNINDENT
+.INDENT 0.0
+.TP
+.B unblock\-lan\-zones: \fI<yes or no>\fP 
+If enabled, then for private address space, the reverse lookups are no
+longer filtered.
+This allows Unbound when running as dns service on a host where it provides
+service for that host, to put out all of the queries for the \(aqlan\(aq
+upstream.
+When enabled, only localhost, \fB127.0.0.1\fP reverse and \fB::1\fP reverse
+zones are configured with default local zones.
+Disable the option when Unbound is running as a (DHCP\-) DNS network
+resolver for a group of machines, where such lookups should be filtered
+(RFC compliance), this also stops potential data leakage about the local
+network to the upstream DNS servers.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B insecure\-lan\-zones: \fI<yes or no>\fP 
+If enabled, then reverse lookups in private address space are not
+validated.
+This is usually required whenever
+\fI\%unblock\-lan\-zones\fP is used.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B local\-zone: \fI<zone> <type>\fP 
+Configure a local zone.
+The type determines the answer to give if there is no match from
+\fI\%local\-data\fP\&.
+The types are
+\fI\%deny\fP,
+\fI\%refuse\fP,
+\fI\%static\fP,
+\fI\%transparent\fP,
+\fI\%redirect\fP,
+\fI\%nodefault\fP,
+\fI\%typetransparent\fP,
+\fI\%inform\fP,
+\fI\%inform_deny\fP,
+\fI\%inform_redirect\fP,
+\fI\%always_transparent\fP,
+\fI\%block_a\fP,
+\fI\%always_refuse\fP,
+\fI\%always_nxdomain\fP,
+\fI\%always_null\fP,
+\fI\%noview\fP,
+and are explained below.
+After that the default settings are listed.
+Use \fI\%local\-data\fP to enter data into the
+local zone.
+Answers for local zones are authoritative DNS answers.
+By default the zones are class IN.
+.sp
+If you need more complicated authoritative data, with referrals,
+wildcards, CNAME/DNAME support, or DNSSEC authoritative service,
+setup a \fI\%stub\-zone\fP for it as detailed in the
+stub zone section below.
+A \fI\%stub\-zone\fP can be used to have unbound
+send queries to another server, an authoritative server, to fetch the
+information.
+With a \fI\%forward\-zone\fP, unbound sends
+queries to a server that is a recursive server to fetch the information.
+With an \fI\%auth\-zone\fP a zone can be loaded from
+file and used, it can be used like a local zone for users downstream, or
+the \fI\%auth\-zone\fP information can be used to fetch
+information from when resolving like it is an upstream server.
+The \fI\%forward\-zone\fP and
+\fI\%auth\-zone\fP options are described in their
+sections below.
+If you want to perform filtering of the information that the users can
+fetch, the \fI\%local\-zone\fP and
+\fI\%local\-data\fP statements allow for this, but
+also the \fI\%rpz\fP functionality can be used, described
+in the RPZ section.
+.INDENT 7.0
+.TP
+.B deny 
 Do not send an answer, drop the query.
 If there is a match from local data, the query is answered.
-.TP 10
-\h'5'\fIrefuse\fR
+.UNINDENT
+.INDENT 7.0
+.TP
+.B refuse 
 Send an error message reply, with rcode REFUSED.
 If there is a match from local data, the query is answered.
-.TP 10
-\h'5'\fIstatic\fR
-If there is a match from local data, the query is answered.
-Otherwise, the query is answered with nodata or nxdomain.
-For a negative answer a SOA is included in the answer if present
-as local\-data for the zone apex domain.
-.TP 10
-\h'5'\fItransparent\fR
+.UNINDENT
+.INDENT 7.0
+.TP
+.B static 
 If there is a match from local data, the query is answered.
-Otherwise if the query has a different name, the query is resolved normally.
-If the query is for a name given in localdata but no such type of data is
-given in localdata, then a noerror nodata answer is returned.
-If no local\-zone is given local\-data causes a transparent zone
+Otherwise, the query is answered with NODATA or NXDOMAIN.
+For a negative answer a SOA is included in the answer if present as
+\fI\%local\-data\fP for the zone apex domain.
+.UNINDENT
+.INDENT 7.0
+.TP
+.B transparent 
+If there is a match from \fI\%local\-data\fP,
+the query is answered.
+Otherwise if the query has a different name, the query is resolved
+normally.
+If the query is for a name given in
+\fI\%local\-data\fP but no such type of data is
+given in localdata, then a NOERROR NODATA answer is returned.
+If no \fI\%local\-zone\fP is given
+\fI\%local\-data\fP causes a transparent zone
 to be created by default.
-.TP 10
-\h'5'\fItypetransparent\fR
-If there is a match from local data, the query is answered.  If the query
-is for a different name, or for the same name but for a different type,
-the query is resolved normally.  So, similar to transparent but types
-that are not listed in local data are resolved normally, so if an A record
-is in the local data that does not cause a nodata reply for AAAA queries.
-.TP 10
-\h'5'\fIredirect\fR
+.UNINDENT
+.INDENT 7.0
+.TP
+.B typetransparent 
+If there is a match from local data, the query is answered.
+If the query is for a different name, or for the same name but for a
+different type, the query is resolved normally.
+So, similar to
+\fI\%transparent\fP but types
+that are not listed in local data are resolved normally, so if an A
+record is in the local data that does not cause a NODATA reply for AAAA
+queries.
+.UNINDENT
+.INDENT 7.0
+.TP
+.B redirect 
 The query is answered from the local data for the zone name.
 There may be no local data beneath the zone name.
-This answers queries for the zone, and all subdomains of the zone
-with the local data for the zone.
-It can be used to redirect a domain to return a different address record
-to the end user, with
-local\-zone: "example.com." redirect and
-local\-data: "example.com. A 127.0.0.1"
-queries for www.example.com and www.foo.example.com are redirected, so
-that users with web browsers cannot access sites with suffix example.com.
-.TP 10
-\h'5'\fIinform\fR
-The query is answered normally, same as transparent.  The client IP
-address (@portnumber) is printed to the logfile.  The log message is:
-timestamp, unbound-pid, info: zonename inform IP@port queryname type
-class.  This option can be used for normal resolution, but machines
-looking up infected names are logged, eg. to run antivirus on them.
-.TP 10
-\h'5'\fIinform_deny\fR
-The query is dropped, like 'deny', and logged, like 'inform'.  Ie. find
-infected machines without answering the queries.
-.TP 10
-\h'5'\fIinform_redirect\fR
-The query is redirected, like 'redirect', and logged, like 'inform'.
+This answers queries for the zone, and all subdomains of the zone with
+the local data for the zone.
+It can be used to redirect a domain to return a different address
+record to the end user, with:
+.INDENT 7.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+local\-zone: \(dqexample.com.\(dq redirect
+local\-data: \(dqexample.com. A 127.0.0.1\(dq
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+queries for \fBwww.example.com\fP and \fBwww.foo.example.com\fP are
+redirected, so that users with web browsers cannot access sites with
+suffix example.com.
+.UNINDENT
+.INDENT 7.0
+.TP
+.B inform 
+The query is answered normally, same as
+\fI\%transparent\fP\&.
+The client IP address (@portnumber) is printed to the logfile.
+The log message is:
+.INDENT 7.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+timestamp, unbound\-pid, info: zonename inform IP@port queryname type class.
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+This option can be used for normal resolution, but machines looking up
+infected names are logged, eg. to run antivirus on them.
+.UNINDENT
+.INDENT 7.0
+.TP
+.B inform_deny 
+The query is dropped, like
+\fI\%deny\fP, and logged, like
+\fI\%inform\fP\&.
+Ie. find infected machines without answering the queries.
+.UNINDENT
+.INDENT 7.0
+.TP
+.B inform_redirect 
+The query is redirected, like
+\fI\%redirect\fP, and logged,
+like \fI\%inform\fP\&.
 Ie. answer queries with fixed data and also log the machines that ask.
-.TP 10
-\h'5'\fIalways_transparent\fR
-Like transparent, but ignores local data and resolves normally.
-.TP 10
-\h'5'\fIblock_a\fR
-Like transparent, but ignores local data and resolves normally all query
-types excluding A. For A queries it unconditionally returns NODATA.
-Useful in cases when there is a need to explicitly force all apps to use
-IPv6 protocol and avoid any queries to IPv4.
-.TP 10
-\h'5'\fIalways_refuse\fR
-Like refuse, but ignores local data and refuses the query.
-.TP 10
-\h'5'\fIalways_nxdomain\fR
-Like static, but ignores local data and returns nxdomain for the query.
-.TP 10
-\h'5'\fIalways_nodata\fR
-Like static, but ignores local data and returns nodata for the query.
-.TP 10
-\h'5'\fIalways_deny\fR
-Like deny, but ignores local data and drops the query.
-.TP 10
-\h'5'\fIalways_null\fR
-Always returns 0.0.0.0 or ::0 for every name in the zone.  Like redirect
-with zero data for A and AAAA.  Ignores local data in the zone.  Used for
-some block lists.
-.TP 10
-\h'5'\fInoview\fR
-Breaks out of that view and moves towards the global local zones for answer
-to the query.  If the view first is no, it'll resolve normally.  If view first
-is enabled, it'll break perform that step and check the global answers.
+.UNINDENT
+.INDENT 7.0
+.TP
+.B always_transparent 
+Like \fI\%transparent\fP, but
+ignores local data and resolves normally.
+.UNINDENT
+.INDENT 7.0
+.TP
+.B block_a 
+Like \fI\%transparent\fP, but
+ignores local data and resolves normally all query types excluding A.
+For A queries it unconditionally returns NODATA.
+Useful in cases when there is a need to explicitly force all apps to
+use IPv6 protocol and avoid any queries to IPv4.
+.UNINDENT
+.INDENT 7.0
+.TP
+.B always_refuse 
+Like \fI\%refuse\fP, but ignores
+local data and refuses the query.
+.UNINDENT
+.INDENT 7.0
+.TP
+.B always_nxdomain 
+Like \fI\%static\fP, but ignores
+local data and returns NXDOMAIN for the query.
+.UNINDENT
+.INDENT 7.0
+.TP
+.B always_nodata 
+Like \fI\%static\fP, but ignores
+local data and returns NODATA for the query.
+.UNINDENT
+.INDENT 7.0
+.TP
+.B always_deny 
+Like \fI\%deny\fP, but ignores local
+data and drops the query.
+.UNINDENT
+.INDENT 7.0
+.TP
+.B always_null 
+Always returns \fB0.0.0.0\fP or \fB::0\fP for every name in the zone.
+Like \fI\%redirect\fP with zero
+data for A and AAAA.
+Ignores local data in the zone.
+Used for some block lists.
+.UNINDENT
+.INDENT 7.0
+.TP
+.B noview 
+Breaks out of that view and moves towards the global local zones for
+answer to the query.
+If the \fI\%view\-first\fP is no, it\(aqll
+resolve normally.
+If \fI\%view\-first\fP is enabled, it\(aqll
+break perform that step and check the global answers.
 For when the view has view specific overrides but some zone has to be
 answered from global local zone contents.
-.TP 10
-\h'5'\fInodefault\fR
-Used to turn off default contents for AS112 zones. The other types
-also turn off default contents for the zone. The 'nodefault' option
-has no other effect than turning off default contents for the
-given zone.  Use \fInodefault\fR if you use exactly that zone, if you want to
-use a subzone, use \fItransparent\fR.
-.P
-The default zones are localhost, reverse 127.0.0.1 and ::1, the home.arpa,
-the resolver.arpa, the service.arpa,
-the onion, test, invalid and the AS112 zones. The AS112 zones are reverse
-DNS zones for private use and reserved IP addresses for which the servers
-on the internet cannot provide correct answers. They are configured by
-default to give nxdomain (no reverse information) answers. The defaults
-can be turned off by specifying your own local\-zone of that name, or
-using the 'nodefault' type. Below is a list of the default zone contents.
-.TP 10
-\h'5'\fIlocalhost\fR
-The IP4 and IP6 localhost information is given. NS and SOA records are provided
-for completeness and to satisfy some DNS update tools. Default content:
+.UNINDENT
+.INDENT 7.0
+.TP
+.B nodefault 
+Used to turn off default contents for AS112 zones.
+The other types also turn off default contents for the zone.
+The \fI\%nodefault\fP option has
+no other effect than turning off default contents for the given zone.
+Use \fI\%nodefault\fP if you use
+exactly that zone, if you want to use a subzone, use
+\fI\%transparent\fP\&.
+.UNINDENT
+.sp
+The default zones are localhost, reverse \fB127.0.0.1\fP and \fB::1\fP, the
+\fBhome.arpa\fP, \fBresolver.arpa\fP, \fBservice.arpa\fP, \fBonion\fP, \fBtest\fP,
+\fBinvalid\fP and the AS112 zones.
+The AS112 zones are reverse DNS zones for private use and reserved IP
+addresses for which the servers on the internet cannot provide correct
+answers.
+They are configured by default to give NXDOMAIN (no reverse information)
+answers.
+.sp
+The defaults can be turned off by specifying your own
+\fI\%local\-zone\fP of that name, or using the
+\fI\%nodefault\fP type.
+Below is a list of the default zone contents.
+.INDENT 7.0
+.TP
+.B localhost 
+The IPv4 and IPv6 localhost information is given.
+NS and SOA records are provided for completeness and to satisfy some
+DNS update tools.
+Default content:
+.INDENT 7.0
+.INDENT 3.5
+.sp
 .nf
-local\-zone: "localhost." redirect
-local\-data: "localhost. 10800 IN NS localhost."
-local\-data: "localhost. 10800 IN
-    SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
-local\-data: "localhost. 10800 IN A 127.0.0.1"
-local\-data: "localhost. 10800 IN AAAA ::1"
+.ft C
+local\-zone: \(dqlocalhost.\(dq redirect
+local\-data: \(dqlocalhost. 10800 IN NS localhost.\(dq
+local\-data: \(dqlocalhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800\(dq
+local\-data: \(dqlocalhost. 10800 IN A 127.0.0.1\(dq
+local\-data: \(dqlocalhost. 10800 IN AAAA ::1\(dq
+.ft P
 .fi
-.TP 10
-\h'5'\fIreverse IPv4 loopback\fR
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.INDENT 7.0
+.TP
+.B reverse IPv4 loopback 
 Default content:
+.INDENT 7.0
+.INDENT 3.5
+.sp
 .nf
-local\-zone: "127.in\-addr.arpa." static
-local\-data: "127.in\-addr.arpa. 10800 IN NS localhost."
-local\-data: "127.in\-addr.arpa. 10800 IN
-    SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
-local\-data: "1.0.0.127.in\-addr.arpa. 10800 IN
-    PTR localhost."
+.ft C
+local\-zone: \(dq127.in\-addr.arpa.\(dq static
+local\-data: \(dq127.in\-addr.arpa. 10800 IN NS localhost.\(dq
+local\-data: \(dq127.in\-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800\(dq
+local\-data: \(dq1.0.0.127.in\-addr.arpa. 10800 IN PTR localhost.\(dq
+.ft P
 .fi
-.TP 10
-\h'5'\fIreverse IPv6 loopback\fR
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.INDENT 7.0
+.TP
+.B reverse IPv6 loopback 
 Default content:
+.INDENT 7.0
+.INDENT 3.5
+.sp
 .nf
-local\-zone: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
-    0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." static
-local\-data: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
-    0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN
-    NS localhost."
-local\-data: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
-    0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN
-    SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
-local\-data: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
-    0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN
-    PTR localhost."
+.ft C
+local\-zone: \(dq1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.\(dq static
+local\-data: \(dq1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN NS localhost.\(dq
+local\-data: \(dq1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800\(dq
+local\-data: \(dq1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN PTR localhost.\(dq
+.ft P
 .fi
-.TP 10
-\h'5'\fIhome.arpa (RFC 8375)\fR
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.INDENT 7.0
+.TP
+home.arpa (\fI\%RFC 8375\fP) 
 Default content:
+.INDENT 7.0
+.INDENT 3.5
+.sp
 .nf
-local\-zone: "home.arpa." static
-local\-data: "home.arpa. 10800 IN NS localhost."
-local\-data: "home.arpa. 10800 IN
-    SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
+.ft C
+local\-zone: \(dqhome.arpa.\(dq static
+local\-data: \(dqhome.arpa. 10800 IN NS localhost.\(dq
+local\-data: \(dqhome.arpa. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800\(dq
+.ft P
 .fi
-.TP 10
-\h'5'\fIresolver.arpa (RFC 9462)\fR
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.INDENT 7.0
+.TP
+resolver.arpa (\fI\%RFC 9462\fP) 
 Default content:
+.INDENT 7.0
+.INDENT 3.5
+.sp
 .nf
-local\-zone: "resolver.arpa." static
-local\-data: "resolver.arpa. 10800 IN NS localhost."
-local\-data: "resolver.arpa. 10800 IN
-    SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
+.ft C
+local\-zone: \(dqresolver.arpa.\(dq static
+local\-data: \(dqresolver.arpa. 10800 IN NS localhost.\(dq
+local\-data: \(dqresolver.arpa. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800\(dq
+.ft P
 .fi
-.TP 10
-\h'5'\fIservice.arpa (draft-ietf-dnssd-srp-25)\fR
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.INDENT 7.0
+.TP
+.B service.arpa (draft\-ietf\-dnssd\-srp\-25) 
 Default content:
+.INDENT 7.0
+.INDENT 3.5
+.sp
 .nf
-local\-zone: "service.arpa." static
-local\-data: "service.arpa. 10800 IN NS localhost."
-local\-data: "service.arpa. 10800 IN
-    SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
+.ft C
+local\-zone: \(dqservice.arpa.\(dq static
+local\-data: \(dqservice.arpa. 10800 IN NS localhost.\(dq
+local\-data: \(dqservice.arpa. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800\(dq
+.ft P
 .fi
-.TP 10
-\h'5'\fIonion (RFC 7686)\fR
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.INDENT 7.0
+.TP
+onion (\fI\%RFC 7686\fP) 
 Default content:
+.INDENT 7.0
+.INDENT 3.5
+.sp
 .nf
-local\-zone: "onion." static
-local\-data: "onion. 10800 IN NS localhost."
-local\-data: "onion. 10800 IN
-    SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
+.ft C
+local\-zone: \(dqonion.\(dq static
+local\-data: \(dqonion. 10800 IN NS localhost.\(dq
+local\-data: \(dqonion. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800\(dq
+.ft P
 .fi
-.TP 10
-\h'5'\fItest (RFC 6761)\fR
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.INDENT 7.0
+.TP
+test (\fI\%RFC 6761\fP) 
 Default content:
+.INDENT 7.0
+.INDENT 3.5
+.sp
 .nf
-local\-zone: "test." static
-local\-data: "test. 10800 IN NS localhost."
-local\-data: "test. 10800 IN
-    SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
+.ft C
+local\-zone: \(dqtest.\(dq static
+local\-data: \(dqtest. 10800 IN NS localhost.\(dq
+local\-data: \(dqtest. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800\(dq
+.ft P
 .fi
-.TP 10
-\h'5'\fIinvalid (RFC 6761)\fR
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.INDENT 7.0
+.TP
+invalid (\fI\%RFC 6761\fP) 
 Default content:
+.INDENT 7.0
+.INDENT 3.5
+.sp
 .nf
-local\-zone: "invalid." static
-local\-data: "invalid. 10800 IN NS localhost."
-local\-data: "invalid. 10800 IN
-    SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
+.ft C
+local\-zone: \(dqinvalid.\(dq static
+local\-data: \(dqinvalid. 10800 IN NS localhost.\(dq
+local\-data: \(dqinvalid. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800\(dq
+.ft P
 .fi
-.TP 10
-\h'5'\fIreverse RFC1918 local use zones\fR
-Reverse data for zones 10.in\-addr.arpa, 16.172.in\-addr.arpa to
-31.172.in\-addr.arpa, 168.192.in\-addr.arpa.
-The \fBlocal\-zone:\fR is set static and as \fBlocal\-data:\fR SOA and NS
-records are provided.
-.TP 10
-\h'5'\fIreverse RFC3330 IP4 this, link\-local, testnet and broadcast\fR
-Reverse data for zones 0.in\-addr.arpa, 254.169.in\-addr.arpa,
-2.0.192.in\-addr.arpa (TEST NET 1), 100.51.198.in\-addr.arpa (TEST NET 2),
-113.0.203.in\-addr.arpa (TEST NET 3), 255.255.255.255.in\-addr.arpa.
-And from 64.100.in\-addr.arpa to 127.100.in\-addr.arpa (Shared Address Space).
-.TP 10
-\h'5'\fIreverse RFC4291 IP6 unspecified\fR
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.INDENT 7.0
+.TP
+reverse local use zones (\fI\%RFC 1918\fP) 
+Reverse data for zones \fB10.in\-addr.arpa\fP, \fB16.172.in\-addr.arpa\fP to
+\fB31.172.in\-addr.arpa\fP, \fB168.192.in\-addr.arpa\fP\&.
+The \fI\%local\-zone\fP is set static and as
+\fI\%local\-data\fP SOA and NS records are
+provided.
+.UNINDENT
+.INDENT 7.0
+.TP
+special\-use IPv4 Addresses (\fI\%RFC 3330\fP) 
+Reverse data for zones \fB0.in\-addr.arpa\fP (this), \fB254.169.in\-addr.arpa\fP (link\-local),
+\fB2.0.192.in\-addr.arpa\fP (TEST NET 1), \fB100.51.198.in\-addr.arpa\fP
+(TEST NET 2), \fB113.0.203.in\-addr.arpa\fP (TEST NET 3),
+\fB255.255.255.255.in\-addr.arpa\fP (broadcast).
+And from \fB64.100.in\-addr.arpa\fP to \fB127.100.in\-addr.arpa\fP (Shared
+Address Space).
+.UNINDENT
+.INDENT 7.0
+.TP
+reverse IPv6 unspecified (\fI\%RFC 4291\fP) 
 Reverse data for zone
+\fB0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.\fP
+.UNINDENT
+.INDENT 7.0
+.TP
+reverse IPv6 Locally Assigned Local Addresses (\fI\%RFC 4193\fP) 
+Reverse data for zone \fBD.F.ip6.arpa\fP\&.
+.UNINDENT
+.INDENT 7.0
+.TP
+reverse IPv6 Link Local Addresses (\fI\%RFC 4291\fP) 
+Reverse data for zones \fB8.E.F.ip6.arpa\fP to \fBB.E.F.ip6.arpa\fP\&.
+.UNINDENT
+.INDENT 7.0
+.TP
+.B reverse IPv6 Example Prefix 
+Reverse data for zone \fB8.B.D.0.1.0.0.2.ip6.arpa\fP\&.
+This zone is used for tutorials and examples.
+You can remove the block on this zone with:
+.INDENT 7.0
+.INDENT 3.5
+.sp
 .nf
-0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
-0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.
-.fi
-.TP 10
-\h'5'\fIreverse RFC4193 IPv6 Locally Assigned Local Addresses\fR
-Reverse data for zone D.F.ip6.arpa.
-.TP 10
-\h'5'\fIreverse RFC4291 IPv6 Link Local Addresses\fR
-Reverse data for zones 8.E.F.ip6.arpa to B.E.F.ip6.arpa.
-.TP 10
-\h'5'\fIreverse IPv6 Example Prefix\fR
-Reverse data for zone 8.B.D.0.1.0.0.2.ip6.arpa. This zone is used for
-tutorials and examples. You can remove the block on this zone with:
-.nf
-  local\-zone: 8.B.D.0.1.0.0.2.ip6.arpa. nodefault
+.ft C
+local\-zone: 8.B.D.0.1.0.0.2.ip6.arpa. nodefault
+.ft P
 .fi
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.sp
 You can also selectively unblock a part of the zone by making that part
-transparent with a local\-zone statement.
+transparent with a \fI\%local\-zone\fP statement.
 This also works with the other default zones.
-.\" End of local-zone listing.
-.TP 5
-.B local\-data: \fI"<resource record string>"
+.UNINDENT
+.INDENT 0.0
+.TP
+.B local\-data: \fI\(dq<resource record string>\(dq\fP 
 Configure local data, which is served in reply to queries for it.
-The query has to match exactly unless you configure the local\-zone as
-redirect. If not matched exactly, the local\-zone type determines
-further processing. If local\-data is configured that is not a subdomain of
-a local\-zone, a transparent local\-zone is configured.
-For record types such as TXT, use single quotes, as in
-local\-data: 'example. TXT "text"'.
-.IP
-If you need more complicated authoritative data, with referrals, wildcards,
-CNAME/DNAME support, or DNSSEC authoritative service, setup a stub\-zone for
-it as detailed in the stub zone section below.
-.TP 5
-.B local\-data\-ptr: \fI"IPaddr name"
+The query has to match exactly unless you configure the
+\fI\%local\-zone\fP as redirect.
+If not matched exactly, the \fI\%local\-zone\fP
+type determines further processing.
+If \fI\%local\-data\fP is configured that is not a
+subdomain of a \fI\%local\-zone\fP, a
+\fI\%transparent local\-zone\fP is
+configured.
+For record types such as TXT, use single quotes, as in:
+.INDENT 7.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+local\-data: \(aqexample. TXT \(dqtext\(dq\(aq
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+\fBNOTE:\fP
+.INDENT 7.0
+.INDENT 3.5
+If you need more complicated authoritative data, with referrals,
+wildcards, CNAME/DNAME support, or DNSSEC authoritative service, setup
+a \fI\%stub\-zone\fP for it as detailed in the stub
+zone section below.
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
+.TP
+.B local\-data\-ptr: \fI\(dqIPaddr name\(dq\fP 
 Configure local data shorthand for a PTR record with the reversed IPv4 or
-IPv6 address and the host name.  For example "192.0.2.4 www.example.com".
-TTL can be inserted like this: "2001:DB8::4 7200 www.example.com"
-.TP 5
-.B local\-zone\-tag: \fI<zone> <"list of tags">
-Assign tags to localzones. Tagged localzones will only be applied when the
-used access-control element has a matching tag. Tags must be defined in
-\fIdefine\-tags\fR.  Enclose list of tags in quotes ("") and put spaces between
-tags.  When there are multiple tags it checks if the intersection of the
-list of tags for the query and local\-zone\-tag is non-empty.
-.TP 5
-.B local\-zone\-override: \fI<zone> <IP netblock> <type>
-Override the localzone type for queries from addresses matching netblock.
-Use this localzone type, regardless the type configured for the local-zone
+IPv6 address and the host name.
+For example \fB\(dq192.0.2.4 www.example.com\(dq\fP\&.
+TTL can be inserted like this: \fB\(dq2001:DB8::4 7200 www.example.com\(dq\fP
+.UNINDENT
+.INDENT 0.0
+.TP
+.B local\-zone\-tag: \fI<zone> <\(dqlist of tags\(dq>\fP 
+Assign tags to local zones.
+Tagged localzones will only be applied when the used
+\fI\%access\-control\fP element has a matching
+tag.
+Tags must be defined in \fI\%define\-tag\fP\&.
+Enclose list of tags in quotes (\fB\(dq\(dq\fP) and put spaces between tags.
+When there are multiple tags it checks if the intersection of the list of
+tags for the query and \fI\%local\-zone\-tag\fP
+is non\-empty.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B local\-zone\-override: \fI<zone> <IP netblock> <type>\fP 
+Override the local zone type for queries from addresses matching netblock.
+Use this localzone type, regardless the type configured for the local zone
 (both tagged and untagged) and regardless the type configured using
-access\-control\-tag\-action.
-.TP 5
-.B response\-ip: \fI<IP-netblock> <action>
-This requires use of the "respip" module.
-.IP
-If the IP address in an AAAA or A RR in the answer section of a
-response matches the specified IP netblock, the specified action will
-apply.
-\fI<action>\fR has generally the same semantics as that for
-\fIaccess-control-tag-action\fR, but there are some exceptions.
-.IP
-Actions for \fIresponse-ip\fR are different from those for
-\fIlocal-zone\fR in that in case of the former there is no point of
-such conditions as "the query matches it but there is no local data".
-Because of this difference, the semantics of \fIresponse-ip\fR actions
-are modified or simplified as follows: The \fIstatic, refuse,
-transparent, typetransparent,\fR and \fInodefault\fR actions are
-invalid for \fIresponse-ip\fR.
-Using any of these will cause the configuration to be rejected as
-faulty. The \fIdeny\fR action is non-conditional, i.e. it always
-results in dropping the corresponding query.
-The resolution result before applying the deny action is still cached
-and can be used for other queries.
-.TP 5
-.B response-ip-data: \fI<IP-netblock> <"resource record string">
-This requires use of the "respip" module.
-.IP
-This specifies the action data for \fIresponse-ip\fR with action being
-to redirect as specified by "\fIresource record string\fR".  "Resource
-record string" is similar to that of \fIaccess-control-tag-action\fR,
+\fI\%access\-control\-tag\-action\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B response\-ip: \fI<IP\-netblock> <action>\fP 
+This requires use of the \fBrespip\fP module.
+.sp
+If the IP address in an AAAA or A RR in the answer section of a response
+matches the specified IP netblock, the specified action will apply.
+\fI<action>\fP has generally the same semantics as that for
+\fI\%access\-control\-tag\-action\fP,
+but there are some exceptions.
+.sp
+Actions for \fI\%response\-ip\fP are different
+from those for \fI\%local\-zone\fP in that in case
+of the former there is no point of such conditions as \(dqthe query matches it
+but there is no local data\(dq.
+Because of this difference, the semantics of
+\fI\%response\-ip\fP actions are modified or
+simplified as follows: The \fIstatic\fP, \fIrefuse\fP, \fItransparent\fP,
+\fItypetransparent\fP, and \fInodefault\fP actions are invalid for \fIresponse\-ip\fP\&.
+Using any of these will cause the configuration to be rejected as faulty.
+The \fIdeny\fP action is non\-conditional, i.e. it always results in dropping
+the corresponding query.
+The resolution result before applying the \fIdeny\fP action is still cached and
+can be used for other queries.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B response\-ip\-data: \fI<IP\-netblock> <\(dqresource record string\(dq>\fP 
+This requires use of the \fBrespip\fP module.
+.sp
+This specifies the action data for
+\fI\%response\-ip\fP with action being to redirect
+as specified by \fI<\(dqresource record string\(dq>\fP\&.
+\fI<\(dqResource record string\(dq>\fP is similar to that of
+\fI\%access\-control\-tag\-action\fP,
 but it must be of either AAAA, A or CNAME types.
-If the IP-netblock is an IPv6/IPv4 prefix, the record
-must be AAAA/A respectively, unless it is a CNAME (which can be used
-for both versions of IP netblocks).  If it is CNAME there must not be
-more than one \fIresponse-ip-data\fR for the same IP-netblock.
+If the \fI<IP\-netblock>\fP is an IPv6/IPv4 prefix, the record must be AAAA/A
+respectively, unless it is a CNAME (which can be used for both versions of
+IP netblocks).
+If it is CNAME there must not be more than one
+\fI\%response\-ip\-data\fP for the same
+\fI<IP\-netblock>\fP\&.
 Also, CNAME and other types of records must not coexist for the same
-IP-netblock, following the normal rules for CNAME records.
+\fI<IP\-netblock>\fP, following the normal rules for CNAME records.
 The textual domain name for the CNAME does not have to be explicitly
-terminated with a dot ("."); the root name is assumed to be the origin
+terminated with a dot (\fB\(dq.\(dq\fP); the root name is assumed to be the origin
 for the name.
-.TP 5
-.B response-ip-tag: \fI<IP-netblock> <"list of tags">
-This requires use of the "respip" module.
-.IP
-Assign tags to response IP-netblocks.  If the IP address in an AAAA or
-A RR in the answer section of a response matches the specified
-IP-netblock, the specified tags are assigned to the IP address.
-Then, if an \fIaccess-control-tag\fR is defined for the client and it
-includes one of the tags for the response IP, the corresponding
-\fIaccess-control-tag-action\fR will apply.
-Tag matching rule is the same as that for \fIaccess-control-tag\fR and
-\fIlocal-zones\fR.
-Unlike \fIlocal-zone-tag\fR, \fIresponse-ip-tag\fR can be defined for
-an IP-netblock even if no \fIresponse-ip\fR is defined for that
-netblock.
-If multiple \fIresponse-ip-tag\fR options are specified for the same
-IP-netblock in different statements, all but the first will be
-ignored.
-However, this will not be flagged as a configuration error, but the
-result is probably not what was intended.
-.IP
+.UNINDENT
+.INDENT 0.0
+.TP
+.B response\-ip\-tag: \fI<IP\-netblock> <\(dqlist of tags\(dq>\fP 
+This requires use of the \fBrespip\fP module.
+.sp
+Assign tags to response \fI<IP\-netblock>\fP\&.
+If the IP address in an AAAA or A RR in the answer section of a response
+matches the specified \fI<IP\-netblock>\fP, the specified tags are assigned to
+the IP address.
+Then, if an \fI\%access\-control\-tag\fP is
+defined for the client and it includes one of the tags for the response IP,
+the corresponding
+\fI\%access\-control\-tag\-action\fP
+will apply.
+Tag matching rule is the same as that for
+\fI\%access\-control\-tag\fP and
+\fI\%local\-zone\fP\&.
+Unlike \fI\%local\-zone\-tag\fP,
+\fI\%response\-ip\-tag\fP can be defined for an
+\fI<IP\-netblock>\fP even if no \fI\%response\-ip\fP is
+defined for that netblock.
+If multiple \fI\%response\-ip\-tag\fP options
+are specified for the same \fI<IP\-netblock>\fP in different statements, all but
+the first will be ignored.
+However, this will not be flagged as a configuration error, but the result
+is probably not what was intended.
+.sp
 Actions specified in an
-\fIaccess-control-tag-action\fR that has a matching tag with
-\fIresponse-ip-tag\fR can be those that are "invalid" for
-\fIresponse-ip\fR listed above, since \fIaccess-control-tag-action\fRs
+\fI\%access\-control\-tag\-action\fP
+that has a matching tag with
+\fI\%response\-ip\-tag\fP can be those that are
+\(dqinvalid\(dq for \fI\%response\-ip\fP listed above,
+since
+\fI\%access\-control\-tag\-action\fP
 can be shared with local zones.
-For these actions, if they behave differently depending on whether
-local data exists or not in case of local zones, the behavior for
-\fIresponse-ip-data\fR will generally result in NOERROR/NODATA instead
-of NXDOMAIN, since the \fIresponse-ip\fR data are inherently type
-specific, and non-existence of data does not indicate anything about
-the existence or non-existence of the qname itself.
-For example, if the matching tag action is \fIstatic\fR but there is
-no data for the corresponding \fIresponse-ip\fR configuration, then
-the result will be NOERROR/NODATA.
+For these actions, if they behave differently depending on whether local
+data exists or not in case of local zones, the behavior for
+\fI\%response\-ip\-data\fP will generally
+result in NOERROR/NODATA instead of NXDOMAIN, since the
+\fI\%response\-ip\fP data are inherently type
+specific, and non\-existence of data does not indicate anything about the
+existence or non\-existence of the qname itself.
+For example, if the matching tag action is static but there is no data for
+the corresponding \fI\%response\-ip\fP
+configuration, then the result will be NOERROR/NODATA.
 The only case where NXDOMAIN is returned is when an
-\fIalways_nxdomain\fR action applies.
-.TP 5
-.B ratelimit: \fI<number or 0>
+\fI\%always_nxdomain\fP
+action applies.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ratelimit: \fI<number or 0>\fP 
 Enable ratelimiting of queries sent to nameserver for performing recursion.
-If 0, the default, it is disabled.  This option is experimental at this time.
-The ratelimit is in queries per second that are allowed.  More queries are
-turned away with an error (servfail).  This stops recursive floods, eg. random
-query names, but not spoofed reflection floods.  Cached responses are not
-ratelimited by this setting.  The zone of the query is determined by examining
-the nameservers for it, the zone name is used to keep track of the rate.
+0 disables the feature.
+This option is experimental at this time.
+.sp
+The ratelimit is in queries per second that are allowed.
+More queries are turned away with an error (SERVFAIL).
+Cached responses are not ratelimited by this setting.
+.sp
+This stops recursive floods, eg. random query names, but not spoofed
+reflection floods.
+The zone of the query is determined by examining the nameservers for it,
+the zone name is used to keep track of the rate.
 For example, 1000 may be a suitable value to stop the server from being
-overloaded with random names, and keeps Unbound from sending traffic to the
-nameservers for those zones.  Configured forwarders are excluded from
-ratelimiting.
-.TP 5
-.B ratelimit\-size: \fI<memory size>
+overloaded with random names, and keeps unbound from sending traffic to the
+nameservers for those zones.
+.sp
+\fBNOTE:\fP
+.INDENT 7.0
+.INDENT 3.5
+Configured forwarders are excluded from ratelimiting.
+.UNINDENT
+.UNINDENT
+.sp
+Default: 0
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ratelimit\-size: \fI<memory size>\fP 
 Give the size of the data structure in which the current ongoing rates are
-kept track in.  Default 4m.  In bytes or use m(mega), k(kilo), g(giga).
-The ratelimit structure is small, so this data structure likely does
-not need to be large.
-.TP 5
-.B ratelimit\-slabs: \fI<number>
-Give power of 2 number of slabs, this is used to reduce lock contention
-in the ratelimit tracking data structure.  Close to the number of cpus is
-a fairly good setting.
-.TP 5
-.B ratelimit\-factor: \fI<number>
+kept track in.
+In bytes or use m(mega), k(kilo), g(giga).
+The ratelimit structure is small, so this data structure likely does not
+need to be large.
+.sp
+Default: 4m
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ratelimit\-slabs: \fI<number>\fP 
+Number of slabs in the ratelimit tracking data structure.
+Slabs reduce lock contention by threads.
+Must be set to a power of 2.
+Setting (close) to the number of cpus is a fairly good setting.
+If left unconfigured, it will be configured automatically to be a power of
+2 close to the number of configured threads in multi\-threaded environments.
+.sp
+Default: (unconfigured)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ratelimit\-factor: \fI<number>\fP 
 Set the amount of queries to rate limit when the limit is exceeded.
 If set to 0, all queries are dropped for domains where the limit is
-exceeded.  If set to another value, 1 in that number is allowed through
-to complete.  Default is 10, allowing 1/10 traffic to flow normally.
-This can make ordinary queries complete (if repeatedly queried for),
-and enter the cache, whilst also mitigating the traffic flow by the
-factor given.
-.TP 5
-.B ratelimit\-backoff: \fI<yes or no>
-If enabled, the ratelimit is treated as a hard failure instead of the default
-maximum allowed constant rate.  When the limit is reached, traffic is
-ratelimited and demand continues to be kept track of for a 2 second rate
-window.  No traffic is allowed, except for ratelimit\-factor, until demand
-decreases below the configured ratelimit for a 2 second rate window.  Useful to
-set ratelimit to a suspicious rate to aggressively limit unusually high
-traffic.  Default is off.
-.TP 5
-.B ratelimit\-for\-domain: \fI<domain> <number qps or 0>
-Override the global ratelimit for an exact match domain name with the listed
-number.  You can give this for any number of names.  For example, for
-a top\-level\-domain you may want to have a higher limit than other names.
+exceeded.
+If set to another value, 1 in that number is allowed through to complete.
+Default is 10, allowing 1/10 traffic to flow normally.
+This can make ordinary queries complete (if repeatedly queried for), and
+enter the cache, whilst also mitigating the traffic flow by the factor
+given.
+.sp
+Default: 10
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ratelimit\-backoff: \fI<yes or no>\fP 
+If enabled, the ratelimit is treated as a hard failure instead of the
+default maximum allowed constant rate.
+When the limit is reached, traffic is ratelimited and demand continues to
+be kept track of for a 2 second rate window.
+No traffic is allowed, except for
+\fI\%ratelimit\-factor\fP, until demand
+decreases below the configured ratelimit for a 2 second rate window.
+Useful to set \fI\%ratelimit\fP to a suspicious
+rate to aggressively limit unusually high traffic.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ratelimit\-for\-domain: \fI<domain> <number qps or 0>\fP 
+Override the global \fI\%ratelimit\fP for an exact
+match domain name with the listed number.
+You can give this for any number of names.
+For example, for a top\-level\-domain you may want to have a higher limit
+than other names.
 A value of 0 will disable ratelimiting for that domain.
-.TP 5
-.B ratelimit\-below\-domain: \fI<domain> <number qps or 0>
-Override the global ratelimit for a domain name that ends in this name.
-You can give this multiple times, it then describes different settings
-in different parts of the namespace.  The closest matching suffix is used
-to determine the qps limit.  The rate for the exact matching domain name
-is not changed, use ratelimit\-for\-domain to set that, you might want
-to use different settings for a top\-level\-domain and subdomains.
-A value of 0 will disable ratelimiting for domain names that end in this name.
-.TP 5
-.B ip\-ratelimit: \fI<number or 0>
-Enable global ratelimiting of queries accepted per IP address.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ratelimit\-below\-domain: \fI<domain> <number qps or 0>\fP 
+Override the global \fI\%ratelimit\fP for a domain
+name that ends in this name.
+You can give this multiple times, it then describes different settings in
+different parts of the namespace.
+The closest matching suffix is used to determine the qps limit.
+The rate for the exact matching domain name is not changed, use
+\fI\%ratelimit\-for\-domain\fP to set
+that, you might want to use different settings for a top\-level\-domain and
+subdomains.
+A value of 0 will disable ratelimiting for domain names that end in this
+name.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ip\-ratelimit: \fI<number or 0>\fP 
+Enable global ratelimiting of queries accepted per ip address.
 This option is experimental at this time.
-The ratelimit is in queries per second that are allowed.  More queries are
-completely dropped and will not receive a reply, SERVFAIL or otherwise.
-IP ratelimiting happens before looking in the cache. This may be useful for
-mitigating amplification attacks.
+The ratelimit is in queries per second that are allowed.
+More queries are completely dropped and will not receive a reply, SERVFAIL
+or otherwise.
+IP ratelimiting happens before looking in the cache.
+This may be useful for mitigating amplification attacks.
 Clients with a valid DNS Cookie will bypass the ratelimit.
-If a ratelimit for such clients is still needed, \fBip\-ratelimit\-cookie\fR
+If a ratelimit for such clients is still needed,
+\fI\%ip\-ratelimit\-cookie\fP
 can be used instead.
-Default is 0 (disabled).
-.TP 5
-.B ip\-ratelimit\-cookie: \fI<number or 0>
-Enable global ratelimiting of queries accepted per IP address with a valid DNS
-Cookie.
+.sp
+Default: 0 (disabled)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ip\-ratelimit\-cookie: \fI<number or 0>\fP 
+Enable global ratelimiting of queries accepted per IP address with a valid
+DNS Cookie.
 This option is experimental at this time.
 The ratelimit is in queries per second that are allowed.
-More queries are completely dropped and will not receive a reply, SERVFAIL or
-otherwise.
+More queries are completely dropped and will not receive a reply, SERVFAIL
+or otherwise.
 IP ratelimiting happens before looking in the cache.
-This option could be useful in combination with \fIallow_cookie\fR in an
+This option could be useful in combination with
+\fI\%allow_cookie\fP, in an
 attempt to mitigate other amplification attacks than UDP reflections (e.g.,
-attacks targeting Unbound itself) which are already handled with DNS Cookies.
-If used, the value is suggested to be higher than \fBip\-ratelimit\fR e.g.,
-tenfold.
-Default is 0 (disabled).
-.TP 5
-.B ip\-ratelimit\-size: \fI<memory size>
+attacks targeting Unbound itself) which are already handled with DNS
+Cookies.
+If used, the value is suggested to be higher than
+\fI\%ip\-ratelimit\fP e.g., tenfold.
+.sp
+Default: 0 (disabled)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ip\-ratelimit\-size: \fI<memory size>\fP 
 Give the size of the data structure in which the current ongoing rates are
-kept track in.  Default 4m.  In bytes or use m(mega), k(kilo), g(giga).
-The ip ratelimit structure is small, so this data structure likely does
-not need to be large.
-.TP 5
-.B ip\-ratelimit\-slabs: \fI<number>
-Give power of 2 number of slabs, this is used to reduce lock contention
-in the ip ratelimit tracking data structure.  Close to the number of cpus is
-a fairly good setting.
-.TP 5
-.B ip\-ratelimit\-factor: \fI<number>
+kept track in.
+In bytes or use m(mega), k(kilo), g(giga).
+The IP ratelimit structure is small, so this data structure likely does not
+need to be large.
+.sp
+Default: 4m
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ip\-ratelimit\-slabs: \fI<number>\fP 
+Number of slabs in the ip ratelimit tracking data structure.
+Slabs reduce lock contention by threads.
+Must be set to a power of 2.
+Setting (close) to the number of cpus is a fairly good setting.
+If left unconfigured, it will be configured automatically to be a power of
+2 close to the number of configured threads in multi\-threaded environments.
+.sp
+Default: (unconfigured)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ip\-ratelimit\-factor: \fI<number>\fP 
 Set the amount of queries to rate limit when the limit is exceeded.
 If set to 0, all queries are dropped for addresses where the limit is
-exceeded.  If set to another value, 1 in that number is allowed through
-to complete.  Default is 10, allowing 1/10 traffic to flow normally.
-This can make ordinary queries complete (if repeatedly queried for),
-and enter the cache, whilst also mitigating the traffic flow by the
-factor given.
-.TP 5
-.B ip\-ratelimit\-backoff: \fI<yes or no>
-If enabled, the ratelimit is treated as a hard failure instead of the default
-maximum allowed constant rate.  When the limit is reached, traffic is
-ratelimited and demand continues to be kept track of for a 2 second rate
-window.  No traffic is allowed, except for ip\-ratelimit\-factor, until demand
-decreases below the configured ratelimit for a 2 second rate window.  Useful to
-set ip\-ratelimit to a suspicious rate to aggressively limit unusually high
-traffic.  Default is off.
-.TP 5
-.B outbound\-msg\-retry: \fI<number>
-The number of retries, per upstream nameserver in a delegation, that Unbound
-will attempt in case a throwaway response is received.
+exceeded.
+If set to another value, 1 in that number is allowed through to complete.
+Default is 10, allowing 1/10 traffic to flow normally.
+This can make ordinary queries complete (if repeatedly queried for), and
+enter the cache, whilst also mitigating the traffic flow by the factor
+given.
+.sp
+Default: 10
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ip\-ratelimit\-backoff: \fI<yes or no>\fP 
+If enabled, the rate limit is treated as a hard failure instead of the
+default maximum allowed constant rate.
+When the limit is reached, traffic is ratelimited and demand continues to
+be kept track of for a 2 second rate window.
+No traffic is allowed, except for
+\fI\%ip\-ratelimit\-factor\fP, until demand
+decreases below the configured ratelimit for a 2 second rate window.
+Useful to set \fI\%ip\-ratelimit\fP to a
+suspicious rate to aggressively limit unusually high traffic.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B outbound\-msg\-retry: \fI<number>\fP 
+The number of retries, per upstream nameserver in a delegation, that
+Unbound will attempt in case a throwaway response is received.
 No response (timeout) contributes to the retry counter.
-If a forward/stub zone is used, this is the number of retries per nameserver in
-the zone.
-Default is 5.
-.TP 5
-.B max\-sent\-count: \fI<number>
-Hard limit on the number of outgoing queries Unbound will make while resolving
-a name, making sure large NS sets do not loop.
+If a forward/stub zone is used, this is the number of retries per
+nameserver in the zone.
+.sp
+Default: 5
+.UNINDENT
+.INDENT 0.0
+.TP
+.B max\-sent\-count: \fI<number>\fP 
+Hard limit on the number of outgoing queries Unbound will make while
+resolving a name, making sure large NS sets do not loop.
 Results in SERVFAIL when reached.
 It resets on query restarts (e.g., CNAME) and referrals.
-Default is 32.
-.TP 5
-.B max\-query\-restarts: \fI<number>
-Hard limit on the number of times Unbound is allowed to restart a query upon
-encountering a CNAME record.
+.sp
+Default: 32
+.UNINDENT
+.INDENT 0.0
+.TP
+.B max\-query\-restarts: \fI<number>\fP 
+Hard limit on the number of times Unbound is allowed to restart a query
+upon encountering a CNAME record.
 Results in SERVFAIL when reached.
 Changing this value needs caution as it can allow long CNAME chains to be
 accepted, where Unbound needs to verify (resolve) each link individually.
-Default is 11.
-.TP 5
-.B iter\-scrub\-ns: \fI<number>
+.sp
+Default: 11
+.UNINDENT
+.INDENT 0.0
+.TP
+.B iter\-scrub\-ns: \fI<number>\fP 
 Limit on the number of NS records allowed in an rrset of type NS, from the
-iterator scrubber. This protects the internals of the resolver from overly
-large NS sets. Default is 20.
-.TP 5
-.B iter\-scrub\-cname: \fI<number>
+iterator scrubber.
+This protects the internals of the resolver from overly large NS sets.
+.sp
+Default: 20
+.UNINDENT
+.INDENT 0.0
+.TP
+.B iter\-scrub\-cname: \fI<number>\fP 
 Limit on the number of CNAME, DNAME records in an answer, from the iterator
-scrubber. This protects the internals of the resolver from overly long
-indirection chains. Clips off the remainder of the reply packet at that point.
-Default is 11.
-.TP 5
-.B max\-global\-quota: \fI<number>
+scrubber.
+This protects the internals of the resolver from overly long indirection
+chains.
+Clips off the remainder of the reply packet at that point.
+.sp
+Default: 11
+.UNINDENT
+.INDENT 0.0
+.TP
+.B max\-global\-quota: \fI<number>\fP 
 Limit on the number of upstream queries sent out for an incoming query and
-its subqueries from recursion. It is not reset during the resolution. When
-it is exceeded the query is failed and the lookup process stops.
-Default is 200.
-.TP 5
-.B fast\-server\-permil: \fI<number>
+its subqueries from recursion.
+It is not reset during the resolution.
+When it is exceeded the query is failed and the lookup process stops.
+.sp
+Default: 200
+.UNINDENT
+.INDENT 0.0
+.TP
+.B fast\-server\-permil: \fI<number>\fP 
 Specify how many times out of 1000 to pick from the set of fastest servers.
-0 turns the feature off.  A value of 900 would pick from the fastest
-servers 90 percent of the time, and would perform normal exploration of random
-servers for the remaining time. When prefetch is enabled (or serve\-expired),
-such prefetches are not sped up, because there is no one waiting for it, and it
-presents a good moment to perform server exploration. The
-\fBfast\-server\-num\fR option can be used to specify the size of the fastest
-servers set. The default for fast\-server\-permil is 0.
-.TP 5
-.B fast\-server\-num: \fI<number>
-Set the number of servers that should be used for fast server selection. Only
-use the fastest specified number of servers with the fast\-server\-permil
-option, that turns this on or off. The default is to use the fastest 3 servers.
-.TP 5
-.B answer\-cookie: \fI<yes or no>
+0 turns the feature off.
+A value of 900 would pick from the fastest servers 90 percent of the time,
+and would perform normal exploration of random servers for the remaining
+time.
+When \fI\%prefetch\fP is enabled (or
+\fI\%serve\-expired\fP), such prefetches are not
+sped up, because there is no one waiting for it, and it presents a good
+moment to perform server exploration.
+The \fI\%fast\-server\-num\fP option can be
+used to specify the size of the fastest servers set.
+.sp
+Default: 0
+.UNINDENT
+.INDENT 0.0
+.TP
+.B fast\-server\-num: \fI<number>\fP 
+Set the number of servers that should be used for fast server selection.
+Only use the fastest specified number of servers with the
+\fI\%fast\-server\-permil\fP option, that
+turns this on or off.
+.sp
+Default: 3
+.UNINDENT
+.INDENT 0.0
+.TP
+.B answer\-cookie: \fI<yes or no>\fP 
 If enabled, Unbound will answer to requests containing DNS Cookies as
 specified in RFC 7873 and RFC 9018.
-Default is no.
-.TP 5
-.B cookie\-secret: \fI<128 bit hex string>
-Server's secret for DNS Cookie generation.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B cookie\-secret: \fI\(dq<128 bit hex string>\(dq\fP 
+Server\(aqs secret for DNS Cookie generation.
 Useful to explicitly set for servers in an anycast deployment that need to
-share the secret in order to verify each other's Server Cookies.
-An example hex string would be "000102030405060708090a0b0c0d0e0f".
-Default is a 128 bits random secret generated at startup time.
-This option is ignored if a \fBcookie\-secret\-file\fR is
-present.  In that case the secrets from that file are used in DNS Cookie
+share the secret in order to verify each other\(aqs Server Cookies.
+An example hex string would be \(dq000102030405060708090a0b0c0d0e0f\(dq.
+.sp
+\fBNOTE:\fP
+.INDENT 7.0
+.INDENT 3.5
+This option is ignored if a
+\fI\%cookie\-secret\-file\fP is present.
+In that case the secrets from that file are used in DNS Cookie
 calculations.
-.TP 5
-.B cookie\-secret\-file: \fI<filename>
-File from which the secrets are read used in DNS Cookie calculations. When this
-file exists, the secrets in this file are used and the secret specified by the
-\fBcookie-secret\fR option is ignored.
-Enable it by setting a filename, like "/usr/local/etc/unbound_cookiesecrets.txt".
-The content of this file must be manipulated with the \fBadd_cookie_secret\fR,
-\fBdrop_cookie_secret\fR and \fBactivate_cookie_secret\fR commands to the
-\fIunbound\-control\fR(8) tool. Please see that manpage on how to perform a
-safe cookie secret rollover.
-Default is "" (disabled).
-.TP 5
-.B edns\-client\-string: \fI<IP netblock> <string>
-Include an EDNS0 option containing configured ascii string in queries with
-destination address matching the configured IP netblock.  This configuration
-option can be used multiple times. The most specific match will be used.
-.TP 5
-.B edns\-client\-string\-opcode: \fI<opcode>
-EDNS0 option code for the \fIedns\-client\-string\fR option, from 0 to 65535.
-A value from the `Reserved for Local/Experimental` range (65001-65534) should
-be used.  Default is 65001.
-.TP 5
-.B ede: \fI<yes or no>
-If enabled, Unbound will respond with Extended DNS Error codes (RFC8914).
-These EDEs provide additional information with a response mainly for, but not
-limited to, DNS and DNSSEC errors.
-
-When the \fBval-log-level\fR option is also set to \fB2\fR, responses with
-Extended DNS Errors concerning DNSSEC failures will also contain a descriptive
-text message about the reason for the failure.
-Default is "no".
-.TP 5
-.B ede\-serve\-expired: \fI<yes or no>
-If enabled, Unbound will attach an Extended DNS Error (RFC8914) Code 3 - Stale
-Answer as EDNS0 option to the expired response.
-The \fBede\fR option needs to be enabled as well for this to work.
-Default is "no".
-.TP 5
-.B dns\-error\-reporting: \fI<yes or no>
-If enabled, Unbound will send DNS Error Reports (RFC9567).
-The name servers need to express support by attaching the Report-Channel EDNS0
-option on their replies specifying the reporting agent for the zone.
+.UNINDENT
+.UNINDENT
+.sp
+Default: 128 bits random secret generated at startup time
+.UNINDENT
+.INDENT 0.0
+.TP
+.B cookie\-secret\-file: \fI<filename>\fP 
+File from which the secrets are read used in DNS Cookie calculations.
+When this file exists, the secrets in this file are used and the secret
+specified by the
+\fI\%cookie\-secret\fP option is ignored.
+Enable it by setting a filename, like
+\(dq/usr/local/etc/unbound_cookiesecrets.txt\(dq.
+The content of this file must be manipulated with the
+\fI\%add_cookie_secret\fP,
+\fI\%drop_cookie_secret\fP and
+\fI\%activate_cookie_secret\fP
+commands to the \fI\%unbound\-control(8)\fP tool.
+Please see that manpage on how to perform a safe cookie secret rollover.
+.sp
+Default: \(dq\(dq (disabled)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B edns\-client\-string: \fI<IP netblock> <string>\fP 
+Include an EDNS0 option containing configured ASCII string in queries with
+destination address matching the configured \fI<IP netblock>\fP\&.
+This configuration option can be used multiple times.
+The most specific match will be used.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B edns\-client\-string\-opcode: \fI<opcode>\fP 
+EDNS0 option code for the
+\fI\%edns\-client\-string\fP option, from 0
+to 65535.
+A value from the \(aqReserved for Local/Experimental\(aq range (65001\-65534)
+should be used.
+.sp
+Default: 65001
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ede: \fI<yes or no>\fP 
+If enabled, Unbound will respond with Extended DNS Error codes
+(\fI\%RFC 8914\fP).
+These EDEs provide additional information with a response mainly for, but
+not limited to, DNS and DNSSEC errors.
+.sp
+When the \fI\%val\-log\-level\fP option is also
+set to \fB2\fP, responses with Extended DNS Errors concerning DNSSEC failures
+will also contain a descriptive text message about the reason for the
+failure.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ede\-serve\-expired: \fI<yes or no>\fP 
+If enabled, Unbound will attach an Extended DNS Error (\fI\%RFC 8914\fP) \fICode 3
+\- Stale Answer\fP as EDNS0 option to the expired response.
+.sp
+\fBNOTE:\fP
+.INDENT 7.0
+.INDENT 3.5
+\fI\%ede: yes\fP needs to be set as well for this to
+work.
+.UNINDENT
+.UNINDENT
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dns\-error\-reporting: \fI<yes or no>\fP 
+If enabled, Unbound will send DNS Error Reports (\fI\%RFC 9567\fP).
+The name servers need to express support by attaching the Report\-Channel
+EDNS0 option on their replies specifying the reporting agent for the zone.
 Any errors encountered during resolution that would result in Unbound
-generating an Extended DNS Error (RFC8914) will be reported to the zone's
-reporting agent.
-The \fBede\fR option does not need to be enabled for this to work.
-It is advised that the \fBqname\-minimisation\fR option is also enabled to
-increase privacy on the outgoing reports.
-Default is "no".
-.SS "Remote Control Options"
-In the
-.B remote\-control:
-clause are the declarations for the remote control facility.  If this is
-enabled, the \fIunbound\-control\fR(8) utility can be used to send
-commands to the running Unbound server.  The server uses these clauses
-to setup TLSv1 security for the connection.  The
-\fIunbound\-control\fR(8) utility also reads the \fBremote\-control\fR
-section for options.  To setup the correct self\-signed certificates use the
-\fIunbound\-control\-setup\fR(8) utility.
-.TP 5
-.B control\-enable: \fI<yes or no>
-The option is used to enable remote control, default is "no".
+generating an Extended DNS Error (\fI\%RFC 8914\fP) will be reported to the
+zone\(aqs reporting agent.
+.sp
+The \fI\%ede\fP option does not need to be enabled for
+this to work.
+.sp
+It is advised that the
+\fI\%qname\-minimisation\fP option is also
+enabled to increase privacy on the outgoing reports.
+.sp
+Default: no
+.UNINDENT
+.SS Remote Control Options
+.sp
+In the \fBremote\-control:\fP clause are the declarations for the remote control
+facility.
+If this is enabled, the \fI\%unbound\-control(8)\fP
+utility can be used to send commands to the running Unbound server.
+The server uses these clauses to setup TLSv1 security for the connection.
+The \fI\%unbound\-control(8)\fP utility also reads the
+\fBremote\-control:\fP section for options.
+To setup the correct self\-signed certificates use the
+\fIunbound\-control\-setup(8)\fP utility.
+.INDENT 0.0
+.TP
+.B control\-enable: \fI<yes or no>\fP 
+The option is used to enable remote control.
 If turned off, the server does not listen for control commands.
-.TP 5
-.B control\-interface: \fI<ip address or interface name or path>
-Give IPv4 or IPv6 addresses or local socket path to listen on for
-control commands.
-If an interface name is used instead of an ip address, the list of ip addresses
-on that interface are used.
-By default localhost (127.0.0.1 and ::1) is listened to.
-Use 0.0.0.0 and ::0 to listen to all interfaces.
-If you change this and permissions have been dropped, you must restart
-the server for the change to take effect.
-.IP
-If you set it to an absolute path, a unix domain socket is used. This socket
-does not use the certificates and keys, so those files need not be present.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B control\-interface: \fI<IP address or interface name or path>\fP 
+Give IPv4 or IPv6 addresses or local socket path to listen on for control
+commands.
+If an interface name is used instead of an IP address, the list of IP
+addresses on that interface are used.
+.sp
+By default localhost (\fB127.0.0.1\fP and \fB::1\fP) is listened to.
+Use \fB0.0.0.0\fP and \fB::0\fP to listen to all interfaces.
+If you change this and permissions have been dropped, you must restart the
+server for the change to take effect.
+.sp
+If you set it to an absolute path, a unix domain socket is used.
+This socket does not use the certificates and keys, so those files need not
+be present.
 To restrict access, Unbound sets permissions on the file to the user and
-group that is configured, the access bits are set to allow the group members
-to access the control socket file.  Put users that need to access the socket
-in the that group.  To restrict access further, create a directory to put
-the control socket in and restrict access to that directory.
-.TP 5
-.B control\-port: \fI<port number>
-The port number to listen on for IPv4 or IPv6 control interfaces,
-default is 8953.
+group that is configured, the access bits are set to allow the group
+members to access the control socket file.
+Put users that need to access the socket in the that group.
+To restrict access further, create a directory to put the control socket in
+and restrict access to that directory.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B control\-port: \fI<port number>\fP 
+The port number to listen on for IPv4 or IPv6 control interfaces.
+.sp
+\fBNOTE:\fP
+.INDENT 7.0
+.INDENT 3.5
 If you change this and permissions have been dropped, you must restart
 the server for the change to take effect.
-.TP 5
-.B control\-use\-cert: \fI<yes or no>
-For localhost control-interface you can disable the use of TLS by setting
-this option to "no", default is "yes".  For local sockets, TLS is disabled
-and the value of this option is ignored.
-.TP 5
-.B server\-key\-file: \fI<private key file>
-Path to the server private key, by default unbound_server.key.
-This file is generated by the \fIunbound\-control\-setup\fR utility.
-This file is used by the Unbound server, but not by \fIunbound\-control\fR.
-.TP 5
-.B server\-cert\-file: \fI<certificate file.pem>
-Path to the server self signed certificate, by default unbound_server.pem.
-This file is generated by the \fIunbound\-control\-setup\fR utility.
-This file is used by the Unbound server, and also by \fIunbound\-control\fR.
-.TP 5
-.B control\-key\-file: \fI<private key file>
-Path to the control client private key, by default unbound_control.key.
-This file is generated by the \fIunbound\-control\-setup\fR utility.
-This file is used by \fIunbound\-control\fR.
-.TP 5
-.B control\-cert\-file: \fI<certificate file.pem>
-Path to the control client certificate, by default unbound_control.pem.
+.UNINDENT
+.UNINDENT
+.sp
+Default: 8953
+.UNINDENT
+.INDENT 0.0
+.TP
+.B control\-use\-cert: \fI<yes or no>\fP 
+For localhost
+\fI\%control\-interface\fP you can
+disable the use of TLS by setting this option to \(dqno\(dq.
+For local sockets, TLS is disabled and the value of this option is ignored.
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B server\-key\-file: \fI<private key file>\fP 
+Path to the server private key.
+This file is generated by the
+\fI\%unbound\-control\-setup(8)\fP utility.
+This file is used by the Unbound server, but not by
+\fI\%unbound\-control(8)\fP\&.
+.sp
+Default: unbound_server.key
+.UNINDENT
+.INDENT 0.0
+.TP
+.B server\-cert\-file: \fI<certificate file.pem>\fP 
+Path to the server self signed certificate.
+This file is generated by the
+\fI\%unbound\-control\-setup(8)\fP utility.
+This file is used by the Unbound server, and also by
+\fI\%unbound\-control(8)\fP\&.
+.sp
+Default: unbound_server.pem
+.UNINDENT
+.INDENT 0.0
+.TP
+.B control\-key\-file: \fI<private key file>\fP 
+Path to the control client private key.
+This file is generated by the
+\fI\%unbound\-control\-setup(8)\fP utility.
+This file is used by \fI\%unbound\-control(8)\fP\&.
+.sp
+Default: unbound_control.key
+.UNINDENT
+.INDENT 0.0
+.TP
+.B control\-cert\-file: \fI<certificate file.pem>\fP 
+Path to the control client certificate.
 This certificate has to be signed with the server certificate.
-This file is generated by the \fIunbound\-control\-setup\fR utility.
-This file is used by \fIunbound\-control\fR.
-.SS "Stub Zone Options"
-.LP
-There may be multiple
-.B stub\-zone:
-clauses. Each with a name: and zero or more hostnames or IP addresses.
-For the stub zone this list of nameservers is used. Class IN is assumed.
-The servers should be authority servers, not recursors; Unbound performs
-the recursive processing itself for stub zones.
-.P
-The stub zone can be used to configure authoritative data to be used
-by the resolver that cannot be accessed using the public internet servers.
-This is useful for company\-local data or private zones. Setup an
-authoritative server on a different host (or different port). Enter a config
-entry for Unbound with
-.B stub\-addr:
-<ip address of host[@port]>.
-The Unbound resolver can then access the data, without referring to the
-public internet for it.
-.P
-This setup allows DNSSEC signed zones to be served by that
-authoritative server, in which case a trusted key entry with the public key
-can be put in config, so that Unbound can validate the data and set the AD
-bit on replies for the private zone (authoritative servers do not set the
-AD bit).  This setup makes Unbound capable of answering queries for the
-private zone, and can even set the AD bit ('authentic'), but the AA
-('authoritative') bit is not set on these replies.
-.P
-Consider adding \fBserver:\fR statements for \fBdomain\-insecure:\fR and
-for \fBlocal\-zone:\fI name nodefault\fR for the zone if it is a locally
-served zone.  The insecure clause stops DNSSEC from invalidating the
-zone.  The local zone nodefault (or \fItransparent\fR) clause makes the
-(reverse\-) zone bypass Unbound's filtering of RFC1918 zones.
-.TP
-.B name: \fI<domain name>
-Name of the stub zone. This is the full domain name of the zone.
-.TP
-.B stub\-host: \fI<domain name>
-Name of stub zone nameserver. Is itself resolved before it is used.
-To use a nondefault port for DNS communication append '@' with the port number.
-If tls is enabled, then you can append a '#' and a name, then it'll check the
-tls authentication certificates with that name.  If you combine the '@'
-and '#', the '@' comes first.  If only '#' is used the default port is the
-configured tls\-port.
-.TP
-.B stub\-addr: \fI<IP address>
-IP address of stub zone nameserver. Can be IP 4 or IP 6.
-To use a nondefault port for DNS communication append '@' with the port number.
-If tls is enabled, then you can append a '#' and a name, then it'll check the
-tls authentication certificates with that name.  If you combine the '@'
-and '#', the '@' comes first.  If only '#' is used the default port is the
-configured tls\-port.
-.TP
-.B stub\-prime: \fI<yes or no>
-This option is by default no.  If enabled it performs NS set priming,
-which is similar to root hints, where it starts using the list of nameservers
-currently published by the zone.  Thus, if the hint list is slightly outdated,
-the resolver picks up a correct list online.
-.TP
-.B stub\-first: \fI<yes or no>
+This file is generated by the
+\fI\%unbound\-control\-setup(8)\fP utility.
+This file is used by \fI\%unbound\-control(8)\fP\&.
+.sp
+Default: unbound_control.pem
+.UNINDENT
+.SS Stub Zone Options
+.sp
+There may be multiple \fBstub\-zone:\fP clauses.
+Each with a \fI\%name\fP and zero or more hostnames or
+IP addresses.
+For the stub zone this list of nameservers is used.
+Class IN is assumed.
+The servers should be authority servers, not recursors; Unbound performs the
+recursive processing itself for stub zones.
+.sp
+The stub zone can be used to configure authoritative data to be used by the
+resolver that cannot be accessed using the public internet servers.
+This is useful for company\-local data or private zones.
+Setup an authoritative server on a different host (or different port).
+Enter a config entry for Unbound with:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+stub\-addr: <ip address of host[@port]>
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+The Unbound resolver can then access the data, without referring to the public
+internet for it.
+.sp
+This setup allows DNSSEC signed zones to be served by that authoritative
+server, in which case a trusted key entry with the public key can be put in
+config, so that Unbound can validate the data and set the AD bit on replies for
+the private zone (authoritative servers do not set the AD bit).
+This setup makes Unbound capable of answering queries for the private zone, and
+can even set the AD bit (\(aqauthentic\(aq), but the AA (\(aqauthoritative\(aq) bit is not
+set on these replies.
+.sp
+Consider adding \fI\%server\fP statements for
+\fI\%domain\-insecure\fP and for
+\fI\%local\-zone: <name> nodefault\fP
+for the zone if it is a locally served zone.
+The insecure clause stops DNSSEC from invalidating the zone.
+The \fI\%local\-zone: nodefault\fP (or
+\fI\%transparent\fP) clause makes the
+(reverse\-) zone bypass Unbound\(aqs filtering of \fI\%RFC 1918\fP zones.
+.INDENT 0.0
+.TP
+.B name: \fI<domain name>\fP 
+Name of the stub zone.
+This is the full domain name of the zone.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B stub\-host: \fI<domain name>\fP 
+Name of stub zone nameserver.
+Is itself resolved before it is used.
+.sp
+To use a non\-default port for DNS communication append \fB\(aq@\(aq\fP with the
+port number.
+.sp
+If TLS is enabled, then you can append a \fB\(aq#\(aq\fP and a name, then it\(aqll
+check the TLS authentication certificates with that name.
+.sp
+If you combine the \fB\(aq@\(aq\fP and \fB\(aq#\(aq\fP, the \fB\(aq@\(aq\fP comes first.
+If only \fB\(aq#\(aq\fP is used the default port is the configured
+\fI\%tls\-port\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B stub\-addr: \fI<IP address>\fP 
+IP address of stub zone nameserver.
+Can be IPv4 or IPv6.
+.sp
+To use a non\-default port for DNS communication append \fB\(aq@\(aq\fP with the
+port number.
+.sp
+If TLS is enabled, then you can append a \fB\(aq#\(aq\fP and a name, then it\(aqll
+check the tls authentication certificates with that name.
+.sp
+If you combine the \fB\(aq@\(aq\fP and \fB\(aq#\(aq\fP, the \fB\(aq@\(aq\fP comes first.
+If only \fB\(aq#\(aq\fP is used the default port is the configured
+\fI\%tls\-port\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B stub\-prime: \fI<yes or no>\fP 
+If enabled it performs NS set priming, which is similar to root hints,
+where it starts using the list of nameservers currently published by the
+zone.
+Thus, if the hint list is slightly outdated, the resolver picks up a
+correct list online.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B stub\-first: \fI<yes or no>\fP 
 If enabled, a query is attempted without the stub clause if it fails.
-The data could not be retrieved and would have caused SERVFAIL because
-the servers are unreachable, instead it is tried without this clause.
-The default is no.
-.TP
-.B stub\-tls\-upstream: \fI<yes or no>
+The data could not be retrieved and would have caused SERVFAIL because the
+servers are unreachable, instead it is tried without this clause.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B stub\-tls\-upstream: \fI<yes or no>\fP 
 Enabled or disable whether the queries to this stub use TLS for transport.
-Default is no.
-.TP
-.B stub\-ssl\-upstream: \fI<yes or no>
-Alternate syntax for \fBstub\-tls\-upstream\fR.
-.TP
-.B stub\-tcp\-upstream: \fI<yes or no>
-If it is set to "yes" then upstream queries use TCP only for transport regardless of global flag tcp-upstream.
-Default is no.
-.TP
-.B stub\-no\-cache: \fI<yes or no>
-Default is no.  If enabled, data inside the stub is not cached.  This is
-useful when you want immediate changes to be visible.
-.SS "Forward Zone Options"
-.LP
-There may be multiple
-.B forward\-zone:
-clauses. Each with a \fBname:\fR and zero or more hostnames or IP
-addresses.  For the forward zone this list of nameservers is used to
-forward the queries to. The servers listed as \fBforward\-host:\fR and
-\fBforward\-addr:\fR have to handle further recursion for the query.  Thus,
-those servers are not authority servers, but are (just like Unbound is)
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B stub\-ssl\-upstream: \fI<yes or no>\fP 
+Alternate syntax for
+\fI\%stub\-tls\-upstream\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B stub\-tcp\-upstream: \fI<yes or no>\fP 
+If it is set to \(dqyes\(dq then upstream queries use TCP only for transport
+regardless of global flag \fI\%tcp\-upstream\fP\&.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B stub\-no\-cache: \fI<yes or no>\fP 
+If enabled, data inside the stub is not cached.
+This is useful when you want immediate changes to be visible.
+.sp
+Default: no
+.UNINDENT
+.SS Forward Zone Options
+.sp
+There may be multiple \fBforward\-zone:\fP clauses.
+Each with a \fI\%name\fP and zero or more hostnames
+or IP addresses.
+For the forward zone this list of nameservers is used to forward the queries
+to.
+The servers listed as \fI\%forward\-host\fP
+and \fI\%forward\-addr\fP have to handle
+further recursion for the query.
+Thus, those servers are not authority servers, but are (just like Unbound is)
 recursive servers too; Unbound does not perform recursion itself for the
-forward zone, it lets the remote server do it.  Class IN is assumed.
-CNAMEs are chased by Unbound itself, asking the remote server for every
-name in the indirection chain, to protect the local cache from illegal
-indirect referenced items.
-A forward\-zone entry with name "." and a forward\-addr target will
-forward all queries to that other server (unless it can answer from
-the cache).
-.TP
-.B name: \fI<domain name>
-Name of the forward zone. This is the full domain name of the zone.
-.TP
-.B forward\-host: \fI<domain name>
-Name of server to forward to. Is itself resolved before it is used.
-To use a nondefault port for DNS communication append '@' with the port number.
-If tls is enabled, then you can append a '#' and a name, then it'll check the
-tls authentication certificates with that name.  If you combine the '@'
-and '#', the '@' comes first.  If only '#' is used the default port is the
-configured tls\-port.
-.TP
-.B forward\-addr: \fI<IP address>
-IP address of server to forward to. Can be IP 4 or IP 6.
-To use a nondefault port for DNS communication append '@' with the port number.
-If tls is enabled, then you can append a '#' and a name, then it'll check the
-tls authentication certificates with that name.  If you combine the '@'
-and '#', the '@' comes first.  If only '#' is used the default port is the
-configured tls\-port.
-.IP
+forward zone, it lets the remote server do it.
+Class IN is assumed.
+CNAMEs are chased by Unbound itself, asking the remote server for every name in
+the indirection chain, to protect the local cache from illegal indirect
+referenced items.
+A \fI\%forward\-zone\fP entry with name
+\fB\(dq.\(dq\fP and a \fI\%forward\-addr\fP target
+will forward all queries to that other server (unless it can answer from the
+cache).
+.INDENT 0.0
+.TP
+.B name: \fI<domain name>\fP 
+Name of the forward zone.
+This is the full domain name of the zone.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B forward\-host: \fI<domain name>\fP 
+Name of server to forward to.
+Is itself resolved before it is used.
+.sp
+To use a non\-default port for DNS communication append \fB\(aq@\(aq\fP with the
+port number.
+.sp
+If TLS is enabled, then you can append a \fB\(aq#\(aq\fP and a name, then it\(aqll
+check the TLS authentication certificates with that name.
+.sp
+If you combine the \fB\(aq@\(aq\fP and \fB\(aq#\(aq\fP, the \fB\(aq@\(aq\fP comes first.
+If only \fB\(aq#\(aq\fP is used the default port is the configured
+\fI\%tls\-port\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B forward\-addr: \fI<IP address>\fP 
+IP address of server to forward to.
+Can be IPv4 or IPv6.
+.sp
+To use a non\-default port for DNS communication append \fB\(aq@\(aq\fP with the
+port number.
+.sp
+If TLS is enabled, then you can append a \fB\(aq#\(aq\fP and a name, then it\(aqll
+check the tls authentication certificates with that name.
+.sp
+If you combine the \fB\(aq@\(aq\fP and \fB\(aq#\(aq\fP, the \fB\(aq@\(aq\fP comes first.
+If only \fB\(aq#\(aq\fP is used the default port is the configured
+\fI\%tls\-port\fP\&.
+.sp
 At high verbosity it logs the TLS certificate, with TLS enabled.
-If you leave out the '#' and auth name from the forward\-addr, any
-name is accepted.  The cert must also match a CA from the tls\-cert\-bundle.
-.TP
-.B forward\-first: \fI<yes or no>
+If you leave out the \fB\(aq#\(aq\fP and auth name from the
+\fI\%forward\-addr\fP, any name is
+accepted.
+The cert must also match a CA from the
+\fI\%tls\-cert\-bundle\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B forward\-first: \fI<yes or no>\fP 
 If a forwarded query is met with a SERVFAIL error, and this option is
 enabled, Unbound will fall back to normal recursive resolution for this
-query as if no query forwarding had been specified.  The default is "no".
-.TP
-.B forward\-tls\-upstream: \fI<yes or no>
-Enabled or disable whether the queries to this forwarder use TLS for transport.
-Default is no.
-If you enable this, also configure a tls\-cert\-bundle or use tls\-win\-cert to
-load CA certs, otherwise the connections cannot be authenticated.
-.TP
-.B forward\-ssl\-upstream: \fI<yes or no>
-Alternate syntax for \fBforward\-tls\-upstream\fR.
-.TP
-.B forward\-tcp\-upstream: \fI<yes or no>
-If it is set to "yes" then upstream queries use TCP only for transport regardless of global flag tcp-upstream.
-Default is no.
-.TP
-.B forward\-no\-cache: \fI<yes or no>
-Default is no.  If enabled, data inside the forward is not cached.  This is
-useful when you want immediate changes to be visible.
-.SS "Authority Zone Options"
-.LP
-Authority zones are configured with \fBauth\-zone:\fR, and each one must
-have a \fBname:\fR.  There can be multiple ones, by listing multiple auth\-zone clauses, each with a different name, pertaining to that part of the namespace.
+query as if no query forwarding had been specified.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B forward\-tls\-upstream: \fI<yes or no>\fP 
+Enabled or disable whether the queries to this forwarder use TLS for
+transport.
+If you enable this, also configure a
+\fI\%tls\-cert\-bundle\fP or use
+\fI\%tls\-win\-cert\fP to load CA certs, otherwise
+the connections cannot be authenticated.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B forward\-ssl\-upstream: \fI<yes or no>\fP 
+Alternate syntax for
+\fI\%forward\-tls\-upstream\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B forward\-tcp\-upstream: \fI<yes or no>\fP 
+If it is set to \(dqyes\(dq then upstream queries use TCP only for transport
+regardless of global flag \fI\%tcp\-upstream\fP\&.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B forward\-no\-cache: \fI<yes or no>\fP 
+If enabled, data inside the forward is not cached.
+This is useful when you want immediate changes to be visible.
+.sp
+Default: no
+.UNINDENT
+.SS Authority Zone Options
+.sp
+Authority zones are configured with \fBauth\-zone:\fP, and each one must have a
+\fI\%name\fP\&.
+There can be multiple ones, by listing multiple auth\-zone clauses, each with a
+different name, pertaining to that part of the namespace.
 The authority zone with the name closest to the name looked up is used.
-Authority zones can be processed on two distinct, non-exclusive, configurable
+Authority zones can be processed on two distinct, non\-exclusive, configurable
 stages.
-.LP
-With \fBfor\-downstream:\fR \fIyes\fR (default), authority zones are processed
-after \fBlocal\-zones\fR and before cache.
+.sp
+With \fI\%for\-downstream: yes\fP (default),
+authority zones are processed after \fBlocal\-zones\fP and before cache.
 When used in this manner, Unbound responds like an authority server with no
 further processing other than returning an answer from the zone contents.
 A notable example, in this case, is CNAME records which are returned verbatim
 to downstream clients without further resolution.
-.LP
-With \fBfor\-upstream:\fR \fIyes\fR (default), authority zones are processed
-after the cache lookup, just before going to the network to fetch
-information for recursion.
+.sp
+With \fI\%for\-upstream: yes\fP (default),
+authority zones are processed after the cache lookup, just before going to the
+network to fetch information for recursion.
 When used in this manner they provide a local copy of an authority server
 that speeds up lookups for that data during resolving.
-.LP
+.sp
 If both options are enabled (default), client queries for an authority zone are
 answered authoritatively from Unbound, while internal queries that require data
 from the authority zone consult the local zone data instead of going to the
 network.
-.LP
-An interesting configuration is \fBfor\-downstream:\fR \fIno\fR,
-\fBfor\-upstream:\fR \fIyes\fR that allows for hyperlocal behavior where both
-client and internal queries consult the local zone data while resolving.
+.sp
+An interesting configuration is
+\fI\%for\-downstream: no\fP,
+\fI\%for\-upstream: yes\fP
+that allows for hyperlocal behavior where both client and internal queries
+consult the local zone data while resolving.
 In this case, the aforementioned CNAME example will result in a thoroughly
 resolved answer.
-.LP
-Authority zones can be read from zonefile.  And can be kept updated via
-AXFR and IXFR.  After update the zonefile is rewritten.  The update mechanism
-uses the SOA timer values and performs SOA UDP queries to detect zone changes.
-.LP
+.sp
+Authority zones can be read from zonefile.
+And can be kept updated via AXFR and IXFR.
+After update the zonefile is rewritten.
+The update mechanism uses the SOA timer values and performs SOA UDP queries to
+detect zone changes.
+.sp
 If the update fetch fails, the timers in the SOA record are used to time
-another fetch attempt.  Until the SOA expiry timer is reached.  Then the
-zone is expired.  When a zone is expired, queries are SERVFAIL, and
-any new serial number is accepted from the primary (even if older), and if
-fallback is enabled, the fallback activates to fetch from the upstream instead
-of the SERVFAIL.
-.TP
-.B name: \fI<zone name>
+another fetch attempt.
+Until the SOA expiry timer is reached.
+Then the zone is expired.
+When a zone is expired, queries are SERVFAIL, and any new serial number is
+accepted from the primary (even if older), and if fallback is enabled, the
+fallback activates to fetch from the upstream instead of the SERVFAIL.
+.INDENT 0.0
+.TP
+.B name: \fI<zone name>\fP 
 Name of the authority zone.
-.TP
-.B primary: \fI<IP address or host name>
-Where to download a copy of the zone from, with AXFR and IXFR.  Multiple
-primaries can be specified.  They are all tried if one fails.
-To use a nondefault port for DNS communication append '@' with the port number.
-You can append a '#' and a name, then AXFR over TLS can be used and the tls authentication certificates will be checked with that name.  If you combine
-the '@' and '#', the '@' comes first.
-If you point it at another Unbound instance, it would not work because
-that does not support AXFR/IXFR for the zone, but if you used \fBurl:\fR to download
-the zonefile as a text file from a webserver that would work.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B primary: \fI<IP address or host name>\fP 
+Where to download a copy of the zone from, with AXFR and IXFR.
+Multiple primaries can be specified.
+They are all tried if one fails.
+.sp
+To use a non\-default port for DNS communication append \fB\(aq@\(aq\fP with the
+port number.
+.sp
+You can append a \fB\(aq#\(aq\fP and a name, then AXFR over TLS can be used and the
+TLS authentication certificates will be checked with that name.
+.sp
+If you combine the \fB\(aq@\(aq\fP and \fB\(aq#\(aq\fP, the \fB\(aq@\(aq\fP comes first.
+If you point it at another Unbound instance, it would not work because that
+does not support AXFR/IXFR for the zone, but if you used
+\fI\%url\fP to download the zonefile as a text file
+from a webserver that would work.
+.sp
 If you specify the hostname, you cannot use the domain from the zonefile,
 because it may not have that when retrieving that data, instead use a plain
 IP address to avoid a circular dependency on retrieving that IP address.
-.TP
-.B master: \fI<IP address or host name>
-Alternate syntax for \fBprimary\fR.
-.TP
-.B url: \fI<url to zonefile>
-Where to download a zonefile for the zone.  With http or https.  An example
-for the url is "http://www.example.com/example.org.zone".  Multiple url
-statements can be given, they are tried in turn.  If only urls are given
-the SOA refresh timer is used to wait for making new downloads.  If also
-primaries are listed, the primaries are first probed with UDP SOA queries to
-see if the SOA serial number has changed, reducing the number of downloads.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B master: \fI<IP address or host name>\fP 
+Alternate syntax for \fI\%primary\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B url: \fI<URL to zone file>\fP 
+Where to download a zonefile for the zone.
+With HTTP or HTTPS.
+An example for the url is:
+.INDENT 7.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+http://www.example.com/example.org.zone
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+Multiple url statements can be given, they are tried in turn.
+.sp
+If only urls are given the SOA refresh timer is used to wait for making new
+downloads.
+If also primaries are listed, the primaries are first probed with UDP SOA
+queries to see if the SOA serial number has changed, reducing the number of
+downloads.
 If none of the urls work, the primaries are tried with IXFR and AXFR.
-For https, the \fBtls\-cert\-bundle\fR and the hostname from the url are used
-to authenticate the connection.
+.sp
+For HTTPS, the \fI\%tls\-cert\-bundle\fP and
+the hostname from the url are used to authenticate the connection.
+.sp
 If you specify a hostname in the URL, you cannot use the domain from the
 zonefile, because it may not have that when retrieving that data, instead
 use a plain IP address to avoid a circular dependency on retrieving that IP
-address.  Avoid dependencies on name lookups by using a notation like
-"http://192.0.2.1/unbound-primaries/example.com.zone", with an explicit IP address.
-.TP
-.B allow\-notify: \fI<IP address or host name or netblockIP/prefix>
-With allow\-notify you can specify additional sources of notifies.
+address.
+.sp
+Avoid dependencies on name lookups by using a notation like
+\fB\(dqhttp://192.0.2.1/unbound\-primaries/example.com.zone\(dq\fP, with an explicit
+IP address.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B allow\-notify: \fI<IP address or host name or netblockIP/prefix>\fP 
+With \fI\%allow\-notify\fP you can specify
+additional sources of notifies.
 When notified, the server attempts to first probe and then zone transfer.
-If the notify is from a primary, it first attempts that primary.  Otherwise
-other primaries are attempted.  If there are no primaries, but only urls, the
-file is downloaded when notified.  The primaries from primary: and url:
-statements are allowed notify by default.
-.TP
-.B fallback\-enabled: \fI<yes or no>
-Default no.  If enabled, Unbound falls back to querying the internet as
-a resolver for this zone when lookups fail.  For example for DNSSEC
-validation failures.
-.TP
-.B for\-downstream: \fI<yes or no>
-Default yes.  If enabled, Unbound serves authority responses to
-downstream clients for this zone.  This option makes Unbound behave, for
-the queries with names in this zone, like one of the authority servers for
-that zone.  Turn it off if you want Unbound to provide recursion for the
-zone but have a local copy of zone data.  If for\-downstream is no and
-for\-upstream is yes, then Unbound will DNSSEC validate the contents of the
-zone before serving the zone contents to clients and store validation
-results in the cache.
-.TP
-.B for\-upstream: \fI<yes or no>
-Default yes.  If enabled, Unbound fetches data from this data collection
-for answering recursion queries.  Instead of sending queries over the internet
-to the authority servers for this zone, it'll fetch the data directly from
-the zone data.  Turn it on when you want Unbound to provide recursion for
-downstream clients, and use the zone data as a local copy to speed up lookups.
-.TP
-.B zonemd\-check: \fI<yes or no>
-Enable this option to check ZONEMD records in the zone. Default is disabled.
-The ZONEMD record is a checksum over the zone data. This includes glue in
-the zone and data from the zone file, and excludes comments from the zone file.
+If the notify is from a primary, it first attempts that primary.
+Otherwise other primaries are attempted.
+If there are no primaries, but only urls, the file is downloaded when
+notified.
+.sp
+\fBNOTE:\fP
+.INDENT 7.0
+.INDENT 3.5
+The primaries from \fI\%primary\fP and
+\fI\%url\fP statements are allowed notify by
+default.
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
+.TP
+.B fallback\-enabled: \fI<yes or no>\fP 
+If enabled, Unbound falls back to querying the internet as a resolver for
+this zone when lookups fail.
+For example for DNSSEC validation failures.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B for\-downstream: \fI<yes or no>\fP 
+If enabled, Unbound serves authority responses to downstream clients for
+this zone.
+This option makes Unbound behave, for the queries with names in this zone,
+like one of the authority servers for that zone.
+.sp
+Turn it off if you want Unbound to provide recursion for the zone but have
+a local copy of zone data.
+.sp
+If \fI\%for\-downstream: no\fP and
+\fI\%for\-upstream: yes\fP are set, then
+Unbound will DNSSEC validate the contents of the zone before serving the
+zone contents to clients and store validation results in the cache.
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B for\-upstream: \fI<yes or no>\fP 
+If enabled, Unbound fetches data from this data collection for answering
+recursion queries.
+Instead of sending queries over the internet to the authority servers for
+this zone, it\(aqll fetch the data directly from the zone data.
+.sp
+Turn it on when you want Unbound to provide recursion for downstream
+clients, and use the zone data as a local copy to speed up lookups.
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B zonemd\-check: \fI<yes or no>\fP 
+Enable this option to check ZONEMD records in the zone.
+The ZONEMD record is a checksum over the zone data.
+This includes glue in the zone and data from the zone file, and excludes
+comments from the zone file.
 When there is a DNSSEC chain of trust, DNSSEC signatures are checked too.
-.TP
-.B zonemd\-reject\-absence: \fI<yes or no>
-Enable this option to reject the absence of the ZONEMD record.  Without it,
-when zonemd is not there it is not checked.  It is useful to enable for a
-nonDNSSEC signed zone where the operator wants to require the verification
-of a ZONEMD, hence a missing ZONEMD is a failure.  The action upon
-failure is controlled by the \fBzonemd\-permissive\-mode\fR option, for
-log only or also block the zone.  The default is no.
-.IP
-Without the option absence of a ZONEMD is only a failure when the zone is
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B zonemd\-reject\-absence: \fI<yes or no>\fP 
+Enable this option to reject the absence of the ZONEMD record.
+Without it, when ZONEMD is not there it is not checked.
+.sp
+It is useful to enable for a non\-DNSSEC signed zone where the operator
+wants to require the verification of a ZONEMD, hence a missing ZONEMD is a
+failure.
+.sp
+The action upon failure is controlled by the
+\fI\%zonemd\-permissive\-mode\fP option,
+for log only or also block the zone.
+.sp
+Without the option, absence of a ZONEMD is only a failure when the zone is
 DNSSEC signed, and we have a trust anchor, and the DNSSEC verification of
-the absence of the ZONEMD fails.  With the option enabled, the absence of
-a ZONEMD is always a failure, also for nonDNSSEC signed zones.
-.TP
-.B zonefile: \fI<filename>
-The filename where the zone is stored.  If not given then no zonefile is used.
+the absence of the ZONEMD fails.
+With the option enabled, the absence of a ZONEMD is always a failure, also
+for nonDNSSEC signed zones.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B zonefile: \fI<filename>\fP 
+The filename where the zone is stored.
+If not given then no zonefile is used.
 If the file does not exist or is empty, Unbound will attempt to fetch zone
 data (eg. from the primary servers).
-.SS "View Options"
-.LP
-There may be multiple
-.B view:
-clauses. Each with a \fBname:\fR and zero or more \fBlocal\-zone\fR and
-\fBlocal\-data\fR elements. Views can also contain view\-first,
-response\-ip, response\-ip\-data and local\-data\-ptr elements.
-View can be mapped to requests by specifying the
-view name in an \fBaccess\-control\-view\fR element. Options from matching
-views will override global options. Global options will be used if no matching
-view is found, or when the matching view does not have the option specified.
-.TP
-.B name: \fI<view name>
-Name of the view. Must be unique. This name is used in access\-control\-view
-elements.
-.TP
-.B local\-zone: \fI<zone> <type>
-View specific local\-zone elements. Has the same types and behaviour as the
-global local\-zone elements. When there is at least one local\-zone specified
-and view\-first is no, the default local-zones will be added to this view.
-Defaults can be disabled using the nodefault type. When view\-first is yes or
-when a view does not have a local\-zone, the global local\-zone will be used
-including it's default zones.
-.TP
-.B local\-data: \fI"<resource record string>"
-View specific local\-data elements. Has the same behaviour as the global
-local\-data elements.
-.TP
-.B local\-data\-ptr: \fI"IPaddr name"
-View specific local\-data\-ptr elements. Has the same behaviour as the global
-local\-data\-ptr elements.
-.TP
-.B view\-first: \fI<yes or no>
-If enabled, it attempts to use the global local\-zone and local\-data if there
-is no match in the view specific options.
-The default is no.
-.SS "Python Module Options"
-.LP
-The
-.B python:
-clause gives the settings for the \fIpython\fR(1) script module.  This module
-acts like the iterator and validator modules do, on queries and answers.
-To enable the script module it has to be compiled into the daemon,
-and the word "python" has to be put in the \fBmodule\-config:\fR option
-(usually first, or between the validator and iterator). Multiple instances of
-the python module are supported by adding the word "python" more than once.
-.LP
-If the \fBchroot:\fR option is enabled, you should make sure Python's
-library directory structure is bind mounted in the new root environment, see
-\fImount\fR(8).  Also the \fBpython\-script:\fR path should be specified as an
-absolute path relative to the new root, or as a relative path to the working
+.UNINDENT
+.SS View Options
+.sp
+There may be multiple \fBview:\fP clauses.
+Each with a \fI\%name\fP and zero or more
+\fI\%local\-zone\fP and
+\fI\%local\-data\fP attributes.
+Views can also contain \fI\%view\-first\fP,
+\fI\%response\-ip\fP,
+\fI\%response\-ip\-data\fP and
+\fI\%local\-data\-ptr\fP attributes.
+View can be mapped to requests by specifying the view name in an
+\fI\%access\-control\-view\fP attribute.
+Options from matching views will override global options.
+Global options will be used if no matching view is found, or when the matching
+view does not have the option specified.
+.INDENT 0.0
+.TP
+.B name: \fI<view name>\fP 
+Name of the view.
+Must be unique.
+This name is used in the
+\fI\%access\-control\-view\fP attribute.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B local\-zone: \fI<zone> <type>\fP 
+View specific local zone elements.
+Has the same types and behaviour as the global
+\fI\%local\-zone\fP elements.
+When there is at least one \fIlocal\-zone:\fP specified and \fI\%view\-first:
+no\fP is set, the default local\-zones will be
+added to this view.
+Defaults can be disabled using the nodefault type.
+When \fI\%view\-first: yes\fP is set or when a
+view does not have a \fI\%local\-zone\fP, the
+global \fI\%local\-zone\fP will be used including
+it\(aqs default zones.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B local\-data: \fI\(dq<resource record string>\(dq\fP 
+View specific local data elements.
+Has the same behaviour as the global
+\fI\%local\-data\fP elements.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B local\-data\-ptr: \fI\(dqIPaddr name\(dq\fP 
+View specific local\-data\-ptr elements.
+Has the same behaviour as the global
+\fI\%local\-data\-ptr\fP elements.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B view\-first: \fI<yes or no>\fP 
+If enabled, it attempts to use the global
+\fI\%local\-zone\fP and
+\fI\%local\-data\fP if there is no match in the
+view specific options.
+.sp
+Default: no
+.UNINDENT
+.SS Python Module Options
+.sp
+The \fBpython:\fP clause gives the settings for the \fIpython(1)\fP script module.
+This module acts like the iterator and validator modules do, on queries and
+answers.
+To enable the script module it has to be compiled into the daemon, and the word
+\fBpython\fP has to be put in the
+\fI\%module\-config\fP option (usually first, or
+between the validator and iterator).
+Multiple instances of the python module are supported by adding the word
+\fBpython\fP more than once.
+.sp
+If the \fI\%chroot\fP option is enabled, you should make
+sure Python\(aqs library directory structure is bind mounted in the new root
+environment, see \fImount(8)\fP\&.
+Also the \fI\%python\-script\fP path should
+be specified as an absolute path relative to the new root, or as a relative
+path to the working directory.
+.INDENT 0.0
+.TP
+.B python\-script: \fI<python file>\fP 
+The script file to load.
+Repeat this option for every python module instance added to the
+\fI\%module\-config\fP option.
+.UNINDENT
+.SS Dynamic Library Module Options
+.sp
+The \fBdynlib:\fP clause gives the settings for the \fBdynlib\fP module.
+This module is only a very small wrapper that allows dynamic modules to be
+loaded on runtime instead of being compiled into the application.
+To enable the dynlib module it has to be compiled into the daemon, and the word
+\fBdynlib\fP has to be put in the
+\fI\%module\-config\fP attribute.
+Multiple instances of dynamic libraries are supported by adding the word
+\fBdynlib\fP more than once.
+.sp
+The \fI\%dynlib\-file\fP path should be
+specified as an absolute path relative to the new path set by
+\fI\%chroot\fP, or as a relative path to the working
 directory.
-.TP
-.B python\-script: \fI<python file>\fR
-The script file to load. Repeat this option for every python module instance
-added to the \fBmodule\-config:\fR option.
-.SS "Dynamic Library Module Options"
-.LP
-The
-.B dynlib:
-clause gives the settings for the \fIdynlib\fR module.  This module is only
-a very small wrapper that allows dynamic modules to be loaded on runtime
-instead of being compiled into the application. To enable the dynlib module it
-has to be compiled into the daemon, and the word "dynlib" has to be put in the
-\fBmodule\-config:\fR option. Multiple instances of dynamic libraries are
-supported by adding the word "dynlib" more than once.
-.LP
-The \fBdynlib\-file:\fR path should be specified as an absolute path relative
-to the new path set by \fBchroot:\fR option, or as a relative path to the
-working directory.
-.TP
-.B dynlib\-file: \fI<dynlib file>\fR
-The dynamic library file to load. Repeat this option for every dynlib module
-instance added to the \fBmodule\-config:\fR option.
-.SS "DNS64 Module Options"
-.LP
-The dns64 module must be configured in the \fBmodule\-config:\fR directive
-e.g., "dns64 validator iterator" and be compiled into the daemon to be
-enabled.  These settings go in the \fBserver:\fR section.
-.TP
-.B dns64\-prefix: \fI<IPv6 prefix>\fR
+.INDENT 0.0
+.TP
+.B dynlib\-file: \fI<dynlib file>\fP 
+The dynamic library file to load.
+Repeat this option for every dynlib module instance added to the
+\fI\%module\-config\fP option.
+.UNINDENT
+.SS DNS64 Module Options
+.sp
+The \fBdns64\fP module must be configured in the
+\fI\%module\-config\fP directive, e.g.:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+module\-config: \(dqdns64 validator iterator\(dq
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+and be compiled into the daemon to be enabled.
+.sp
+\fBNOTE:\fP
+.INDENT 0.0
+.INDENT 3.5
+These settings go in the \fI\%server:\fP section.
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dns64\-prefix: \fI<IPv6 prefix>\fP 
 This sets the DNS64 prefix to use to synthesize AAAA records with.
-It must be /96 or shorter.  The default prefix is 64:ff9b::/96.
-.TP
-.B dns64\-synthall: \fI<yes or no>\fR
-Debug option, default no.  If enabled, synthesize all AAAA records
-despite the presence of actual AAAA records.
-.TP
-.B dns64\-ignore\-aaaa: \fI<name>\fR
-List domain for which the AAAA records are ignored and the A record is
-used by dns64 processing instead.  Can be entered multiple times, list a
-new domain for which it applies, one per line.  Applies also to names
-underneath the name given.
-.SS "NAT64 Operation"
-.LP
-NAT64 operation allows using a NAT64 prefix for outbound requests to IPv4-only
-servers.  It is controlled by two options in the \fBserver:\fR section:
-.TP
-.B do\-nat64: \fI<yes or no>\fR
-Use NAT64 to reach IPv4-only servers.
-Consider also enabling \fBprefer\-ip6\fR to prefer native IPv6 connections to
-nameservers.
-Default no.
-.TP
-.B nat64\-prefix: \fI<IPv6 prefix>\fR
-Use a specific NAT64 prefix to reach IPv4-only servers.  Defaults to using
-the prefix configured in \fBdns64\-prefix\fR, which in turn defaults to
-64:ff9b::/96.  The prefix length must be one of /32, /40, /48, /56, /64 or /96.
-.SS "DNSCrypt Options"
-.LP
-The
-.B dnscrypt:
-clause gives the settings of the dnscrypt channel. While those options are
-available, they are only meaningful if Unbound was compiled with
-\fB\-\-enable\-dnscrypt\fR.
+It must be /96 or shorter.
+.sp
+Default: 64:ff9b::/96
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dns64\-synthall: \fI<yes or no>\fP 
+.sp
+\fBWARNING:\fP
+.INDENT 7.0
+.INDENT 3.5
+Debugging feature!
+.UNINDENT
+.UNINDENT
+.sp
+If enabled, synthesize all AAAA records despite the presence of actual AAAA
+records.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dns64\-ignore\-aaaa: \fI<domain name>\fP 
+List domain for which the AAAA records are ignored and the A record is used
+by DNS64 processing instead.
+Can be entered multiple times, list a new domain for which it applies, one
+per line.
+Applies also to names underneath the name given.
+.UNINDENT
+.SS NAT64 Operation
+.sp
+NAT64 operation allows using a NAT64 prefix for outbound requests to IPv4\-only
+servers.
+It is controlled by two options in the
+\fI\%server:\fP section:
+.INDENT 0.0
+.TP
+.B do\-nat64: \fI<yes or no>\fP 
+Use NAT64 to reach IPv4\-only servers.
+Consider also enabling \fI\%prefer\-ip6\fP
+to prefer native IPv6 connections to nameservers.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B nat64\-prefix: \fI<IPv6 prefix>\fP 
+Use a specific NAT64 prefix to reach IPv4\-only servers.
+The prefix length must be one of /32, /40, /48, /56, /64 or /96.
+.sp
+Default: 64:ff9b::/96 (same as \fI\%dns64\-prefix\fP)
+.UNINDENT
+.SS DNSCrypt Options
+.sp
+The \fBdnscrypt:\fP clause gives the settings of the dnscrypt channel.
+While those options are available, they are only meaningful if Unbound was
+compiled with \fB\-\-enable\-dnscrypt\fP\&.
 Currently certificate and secret/public keys cannot be generated by Unbound.
-You can use dnscrypt-wrapper to generate those: https://github.com/cofyc/\
-dnscrypt-wrapper/blob/master/README.md#usage
-.TP
-.B dnscrypt\-enable: \fI<yes or no>\fR
-Whether or not the \fBdnscrypt\fR config should be enabled. You may define
-configuration but not activate it.
-The default is no.
-.TP
-.B dnscrypt\-port: \fI<port number>
-On which port should \fBdnscrypt\fR should be activated. Note that you should
-have a matching \fBinterface\fR option defined in the \fBserver\fR section for
-this port.
-.TP
-.B dnscrypt\-provider: \fI<provider name>\fR
-The provider name to use to distribute certificates. This is of the form:
-\fB2.dnscrypt-cert.example.com.\fR. The name \fIMUST\fR end with a dot.
-.TP
-.B dnscrypt\-secret\-key: \fI<path to secret key file>\fR
-Path to the time limited secret key file. This option may be specified multiple
-times.
-.TP
-.B dnscrypt\-provider\-cert: \fI<path to cert file>\fR
-Path to the certificate related to the \fBdnscrypt\-secret\-key\fRs.
+You can use dnscrypt\-wrapper to generate those:
+\fI\%https://github.com/cofyc/dnscrypt\-wrapper/blob/master/README.md#usage\fP
+.INDENT 0.0
+.TP
+.B dnscrypt\-enable: \fI<yes or no>\fP 
+Whether or not the dnscrypt config should be enabled.
+You may define configuration but not activate it.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnscrypt\-port: \fI<port number>\fP 
+On which port should dnscrypt should be activated.
+.sp
+\fBNOTE:\fP
+.INDENT 7.0
+.INDENT 3.5
+There should be a matching interface option defined in the
+\fI\%server:\fP section for this port.
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnscrypt\-provider: \fI<provider name>\fP 
+The provider name to use to distribute certificates.
+This is of the form:
+.INDENT 7.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+2.dnscrypt\-cert.example.com.
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+\fBIMPORTANT:\fP
+.INDENT 7.0
+.INDENT 3.5
+The name \fIMUST\fP end with a dot.
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnscrypt\-secret\-key: \fI<path to secret key file>\fP 
+Path to the time limited secret key file.
 This option may be specified multiple times.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B dnscrypt\-provider\-cert\-rotated: \fI<path to cert file>\fR
-Path to a certificate that we should be able to serve existing connection from
-but do not want to advertise over \fBdnscrypt\-provider\fR's TXT record certs
-distribution.
-A typical use case is when rotating certificates, existing clients may still use
-the client magic from the old cert in their queries until they fetch and update
-the new cert. Likewise, it would allow one to prime the new cert/key without
-distributing the new cert yet, this can be useful when using a network of
-servers using anycast and on which the configuration may not get updated at the
-exact same time. By priming the cert, the servers can handle both old and new
-certs traffic while distributing only one.
+.B dnscrypt\-provider\-cert: \fI<path to cert file>\fP 
+Path to the certificate related to the
+\fI\%dnscrypt\-secret\-key\fP\&.
 This option may be specified multiple times.
-.TP
-.B dnscrypt\-shared\-secret\-cache\-size: \fI<memory size>
-Give the size of the data structure in which the shared secret keys are kept
-in.  Default 4m.  In bytes or use m(mega), k(kilo), g(giga).
-The shared secret cache is used when a same client is making multiple queries
-using the same public key. It saves a substantial amount of CPU.
-.TP
-.B dnscrypt\-shared\-secret\-cache\-slabs: \fI<number>
-Give power of 2 number of slabs, this is used to reduce lock contention
-in the dnscrypt shared secrets cache.  Close to the number of cpus is
-a fairly good setting.
-.TP
-.B dnscrypt\-nonce\-cache\-size: \fI<memory size>
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnscrypt\-provider\-cert\-rotated: \fI<path to cert file>\fP 
+Path to a certificate that we should be able to serve existing connection
+from but do not want to advertise over
+\fI\%dnscrypt\-provider\fP \(aqs TXT
+record certs distribution.
+.sp
+A typical use case is when rotating certificates, existing clients may
+still use the client magic from the old cert in their queries until they
+fetch and update the new cert.
+Likewise, it would allow one to prime the new cert/key without distributing
+the new cert yet, this can be useful when using a network of servers using
+anycast and on which the configuration may not get updated at the exact
+same time.
+.sp
+By priming the cert, the servers can handle both old and new certs traffic
+while distributing only one.
+.sp
+This option may be specified multiple times.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnscrypt\-shared\-secret\-cache\-size: \fI<memory size>\fP 
+Give the size of the data structure in which the shared secret keys are
+kept in.
+In bytes or use m(mega), k(kilo), g(giga).
+The shared secret cache is used when a same client is making multiple
+queries using the same public key.
+It saves a substantial amount of CPU.
+.sp
+Default: 4m
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnscrypt\-shared\-secret\-cache\-slabs: \fI<number>\fP 
+Number of slabs in the dnscrypt shared secrets cache.
+Slabs reduce lock contention by threads.
+Must be set to a power of 2.
+Setting (close) to the number of cpus is a fairly good setting.
+If left unconfigured, it will be configured automatically to be a power of
+2 close to the number of configured threads in multi\-threaded environments.
+.sp
+Default: (unconfigured)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnscrypt\-nonce\-cache\-size: \fI<memory size>\fP 
 Give the size of the data structure in which the client nonces are kept in.
-Default 4m. In bytes or use m(mega), k(kilo), g(giga).
-The nonce cache is used to prevent dnscrypt message replaying. Client nonce
-should be unique for any pair of client pk/server sk.
-.TP
-.B dnscrypt\-nonce\-cache\-slabs: \fI<number>
-Give power of 2 number of slabs, this is used to reduce lock contention
-in the dnscrypt nonce cache.  Close to the number of cpus is
-a fairly good setting.
-.SS "EDNS Client Subnet Module Options"
-.LP
-The ECS module must be configured in the \fBmodule\-config:\fR directive e.g.,
-"subnetcache validator iterator" and be compiled into the daemon to be
-enabled.  These settings go in the \fBserver:\fR section.
-.LP
+In bytes or use m(mega), k(kilo), g(giga).
+The nonce cache is used to prevent dnscrypt message replaying.
+Client nonce should be unique for any pair of client pk/server sk.
+.sp
+Default: 4m
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnscrypt\-nonce\-cache\-slabs: \fI<number>\fP 
+Number of slabs in the dnscrypt nonce cache.
+Slabs reduce lock contention by threads.
+Must be set to a power of 2.
+Setting (close) to the number of cpus is a fairly good setting.
+If left unconfigured, it will be configured automatically to be a power of
+2 close to the number of configured threads in multi\-threaded environments.
+.sp
+Default: (unconfigured)
+.UNINDENT
+.SS EDNS Client Subnet Module Options
+.sp
+The ECS module must be configured in the
+\fI\%module\-config\fP directive, e.g.:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+module\-config: \(dqsubnetcache validator iterator\(dq
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+and be compiled into the daemon to be enabled.
+.sp
+\fBNOTE:\fP
+.INDENT 0.0
+.INDENT 3.5
+These settings go in the \fI\%server:\fP section.
+.UNINDENT
+.UNINDENT
+.sp
 If the destination address is allowed in the configuration Unbound will add the
-EDNS0 option to the query containing the relevant part of the client's address.
-When an answer contains the ECS option the response and the option are placed in
-a specialized cache. If the authority indicated no support, the response is
-stored in the regular cache.
-.LP
+EDNS0 option to the query containing the relevant part of the client\(aqs address.
+When an answer contains the ECS option the response and the option are placed
+in a specialized cache.
+If the authority indicated no support, the response is stored in the regular
+cache.
+.sp
 Additionally, when a client includes the option in its queries, Unbound will
 forward the option when sending the query to addresses that are explicitly
-allowed in the configuration using \fBsend\-client\-subnet\fR. The option will
-always be forwarded, regardless the allowed addresses, if
-\fBclient\-subnet\-always\-forward\fR is set to yes. In this case the lookup in
-the regular cache is skipped.
-.LP
-The maximum size of the ECS cache is controlled by 'msg-cache-size' in the
-configuration file. On top of that, for each query only 100 different subnets
-are allowed to be stored for each address family. Exceeding that number, older
-entries will be purged from cache.
-.LP
+allowed in the configuration using
+\fI\%send\-client\-subnet\fP\&.
+The option will always be forwarded, regardless the allowed addresses, when
+\fI\%client\-subnet\-always\-forward: yes\fP
+is set.
+In this case the lookup in the regular cache is skipped.
+.sp
+The maximum size of the ECS cache is controlled by
+\fI\%msg\-cache\-size\fP in the configuration file.
+On top of that, for each query only 100 different subnets are allowed to be
+stored for each address family.
+Exceeding that number, older entries will be purged from cache.
+.sp
 Note that due to the nature of how EDNS Client Subnet works, by segregating the
 client IP space in order to try and have tailored responses for prefixes of
 unknown sizes, resolution and cache response performance are impacted as a
@@ -2656,416 +4742,706 @@ Usage of the subnetcache module should only be enabled in installations that
 require such functionality where the resolver and the clients belong to
 different networks.
 An example of that is an open resolver installation.
-.LP
-This module does not interact with the \fBserve\-expired*\fR and
-\fBprefetch:\fR options.
-.TP
-.B send\-client\-subnet: \fI<IP address>\fR
-Send client source address to this authority. Append /num to indicate a
-classless delegation netblock, for example like 10.2.3.4/24 or 2001::11/64. Can
-be given multiple times. Authorities not listed will not receive edns-subnet
-information, unless domain in query is specified in \fBclient\-subnet\-zone\fR.
-.TP
-.B client\-subnet\-zone: \fI<domain>\fR
-Send client source address in queries for this domain and its subdomains. Can be
-given multiple times. Zones not listed will not receive edns-subnet information,
-unless hosted by authority specified in \fBsend\-client\-subnet\fR.
-.TP
-.B client\-subnet\-always\-forward: \fI<yes or no>\fR
+.sp
+This module does not interact with the
+\fI\%serve\-expired*\fP and
+\fI\%prefetch\fP options.
+.INDENT 0.0
+.TP
+.B send\-client\-subnet: \fI<IP address>\fP 
+Send client source address to this authority.
+Append /num to indicate a classless delegation netblock, for example like
+\fB10.2.3.4/24\fP or \fB2001::11/64\fP\&.
+Can be given multiple times.
+Authorities not listed will not receive edns\-subnet information, unless
+domain in query is specified in
+\fI\%client\-subnet\-zone\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B client\-subnet\-zone: \fI<domain>\fP 
+Send client source address in queries for this domain and its subdomains.
+Can be given multiple times.
+Zones not listed will not receive edns\-subnet information, unless hosted by
+authority specified in
+\fI\%send\-client\-subnet\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B client\-subnet\-always\-forward: \fI<yes or no>\fP 
 Specify whether the ECS address check (configured using
-\fBsend\-client\-subnet\fR) is applied for all queries, even if the triggering
-query contains an ECS record, or only for queries for which the ECS record is
-generated using the querier address (and therefore did not contain ECS data in
-the client query). If enabled, the address check is skipped when the client
-query contains an ECS record. And the lookup in the regular cache is skipped.
-Default is no.
-.TP
-.B max\-client\-subnet\-ipv6: \fI<number>\fR
-Specifies the maximum prefix length of the client source address we are willing
-to expose to third parties for IPv6.  Defaults to 56.
-.TP
-.B max\-client\-subnet\-ipv4: \fI<number>\fR
-Specifies the maximum prefix length of the client source address we are willing
-to expose to third parties for IPv4. Defaults to 24.
-.TP
-.B min\-client\-subnet\-ipv6: \fI<number>\fR
-Specifies the minimum prefix length of the IPv6 source mask we are willing to
-accept in queries. Shorter source masks result in REFUSED answers. Source mask
-of 0 is always accepted. Default is 0.
-.TP
-.B min\-client\-subnet\-ipv4: \fI<number>\fR
-Specifies the minimum prefix length of the IPv4 source mask we are willing to
-accept in queries. Shorter source masks result in REFUSED answers. Source mask
-of 0 is always accepted. Default is 0.
-.TP
-.B max\-ecs\-tree\-size\-ipv4: \fI<number>\fR
-Specifies the maximum number of subnets ECS answers kept in the ECS radix tree.
-This number applies for each qname/qclass/qtype tuple. Defaults to 100.
-.TP
-.B max\-ecs\-tree\-size\-ipv6: \fI<number>\fR
-Specifies the maximum number of subnets ECS answers kept in the ECS radix tree.
-This number applies for each qname/qclass/qtype tuple. Defaults to 100.
-.SS "Opportunistic IPsec Support Module Options"
-.LP
-The IPsec module must be configured in the \fBmodule\-config:\fR directive
-e.g., "ipsecmod validator iterator" and be compiled into Unbound by using
-\fB\-\-enable\-ipsecmod\fR to be enabled.
-These settings go in the \fBserver:\fR section.
-.LP
+\fI\%send\-client\-subnet\fP) is applied
+for all queries, even if the triggering query contains an ECS record, or
+only for queries for which the ECS record is generated using the querier
+address (and therefore did not contain ECS data in the client query).
+If enabled, the address check is skipped when the client query contains an
+ECS record.
+And the lookup in the regular cache is skipped.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B max\-client\-subnet\-ipv6: \fI<number>\fP 
+Specifies the maximum prefix length of the client source address we are
+willing to expose to third parties for IPv6.
+.sp
+Default: 56
+.UNINDENT
+.INDENT 0.0
+.TP
+.B max\-client\-subnet\-ipv4: \fI<number>\fP 
+Specifies the maximum prefix length of the client source address we are
+willing to expose to third parties for IPv4.
+.sp
+Default: 24
+.UNINDENT
+.INDENT 0.0
+.TP
+.B min\-client\-subnet\-ipv6: \fI<number>\fP 
+Specifies the minimum prefix length of the IPv6 source mask we are willing
+to accept in queries.
+Shorter source masks result in REFUSED answers.
+Source mask of 0 is always accepted.
+.sp
+Default: 0
+.UNINDENT
+.INDENT 0.0
+.TP
+.B min\-client\-subnet\-ipv4: \fI<number>\fP 
+Specifies the minimum prefix length of the IPv4 source mask we are willing
+to accept in queries.
+Shorter source masks result in REFUSED answers.
+Source mask of 0 is always accepted.
+Default: 0
+.UNINDENT
+.INDENT 0.0
+.TP
+.B max\-ecs\-tree\-size\-ipv4: \fI<number>\fP 
+Specifies the maximum number of subnets ECS answers kept in the ECS radix
+tree.
+This number applies for each qname/qclass/qtype tuple.
+.sp
+Default: 100
+.UNINDENT
+.INDENT 0.0
+.TP
+.B max\-ecs\-tree\-size\-ipv6: \fI<number>\fP 
+Specifies the maximum number of subnets ECS answers kept in the ECS radix
+tree.
+This number applies for each qname/qclass/qtype tuple.
+.sp
+Default: 100
+.UNINDENT
+.SS Opportunistic IPsec Support Module Options
+.sp
+The IPsec module must be configured in the
+\fI\%module\-config\fP directive, e.g.:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+module\-config: \(dqipsecmod validator iterator\(dq
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+and be compiled into Unbound by using \fB\-\-enable\-ipsecmod\fP to be enabled.
+.sp
+\fBNOTE:\fP
+.INDENT 0.0
+.INDENT 3.5
+These settings go in the \fI\%server:\fP section.
+.UNINDENT
+.UNINDENT
+.sp
 When Unbound receives an A/AAAA query that is not in the cache and finds a
 valid answer, it will withhold returning the answer and instead will generate
-an IPSECKEY subquery for the same domain name.  If an answer was found, Unbound
-will call an external hook passing the following arguments:
-.TP 10
-\h'5'\fIQNAME\fR
-Domain name of the A/AAAA and IPSECKEY query.  In string format.
-.TP 10
-\h'5'\fIIPSECKEY TTL\fR
+an IPSECKEY subquery for the same domain name.
+If an answer was found, Unbound will call an external hook passing the
+following arguments:
+.INDENT 0.0
+.TP
+.B QNAME
+Domain name of the A/AAAA and IPSECKEY query.
+In string format.
+.TP
+.B IPSECKEY TTL
 TTL of the IPSECKEY RRset.
-.TP 10
-\h'5'\fIA/AAAA\fR
-String of space separated IP addresses present in the A/AAAA RRset.  The IP
-addresses are in string format.
-.TP 10
-\h'5'\fIIPSECKEY\fR
-String of space separated IPSECKEY RDATA present in the IPSECKEY RRset.  The
-IPSECKEY RDATA are in DNS presentation format.
-.LP
-The A/AAAA answer is then cached and returned to the client.  If the external
-hook was called the TTL changes to ensure it doesn't surpass
-\fBipsecmod-max-ttl\fR.
-.LP
-The same procedure is also followed when \fBprefetch:\fR is used, but the
-A/AAAA answer is given to the client before the hook is called.
-\fBipsecmod-max-ttl\fR ensures that the A/AAAA answer given from cache is still
-relevant for opportunistic IPsec.
-.TP
-.B ipsecmod-enabled: \fI<yes or no>\fR
-Specifies whether the IPsec module is enabled or not.  The IPsec module still
-needs to be defined in the \fBmodule\-config:\fR directive.  This option
-facilitates turning on/off the module without restarting/reloading Unbound.
-Defaults to yes.
-.TP
-.B ipsecmod\-hook: \fI<filename>\fR
-Specifies the external hook that Unbound will call with \fIsystem\fR(3).  The
-file can be specified as an absolute/relative path.  The file needs the proper
-permissions to be able to be executed by the same user that runs Unbound.  It
-must be present when the IPsec module is defined in the \fBmodule\-config:\fR
-directive.
-.TP
-.B ipsecmod-strict: \fI<yes or no>\fR
-If enabled Unbound requires the external hook to return a success value of 0.
-Failing to do so Unbound will reply with SERVFAIL.  The A/AAAA answer will also
-not be cached.  Defaults to no.
-.TP
-.B ipsecmod\-max-ttl: \fI<seconds>\fR
-Time to live maximum for A/AAAA cached records after calling the external hook.
-Defaults to 3600.
-.TP
-.B ipsecmod-ignore-bogus: \fI<yes or no>\fR
-Specifies the behaviour of Unbound when the IPSECKEY answer is bogus.  If set
-to yes, the hook will be called and the A/AAAA answer will be returned to the
-client.  If set to no, the hook will not be called and the answer to the
-A/AAAA query will be SERVFAIL.  Mainly used for testing.  Defaults to no.
-.TP
-.B ipsecmod\-allow: \fI<domain>\fR
-Allow the ipsecmod functionality for the domain so that the module logic will be
-executed.  Can be given multiple times, for different domains.  If the option is
-not specified, all domains are treated as being allowed (default).
-.TP
-.B ipsecmod\-whitelist: \fI<domain>
-Alternate syntax for \fBipsecmod\-allow\fR.
-.SS "Cache DB Module Options"
-.LP
-The Cache DB module must be configured in the \fBmodule\-config:\fR directive
-e.g., "validator cachedb iterator" and be compiled into the daemon
-with \fB\-\-enable\-cachedb\fR.
-If this module is enabled and configured, the specified backend database
-works as a second level cache:
-When Unbound cannot find an answer to a query in its built-in in-memory
-cache, it consults the specified backend.
-If it finds a valid answer in the backend, Unbound uses it to respond
-to the query without performing iterative DNS resolution.
-If Unbound cannot even find an answer in the backend, it resolves the
-query as usual, and stores the answer in the backend.
-.P
-This module interacts with the \fBserve\-expired\-*\fR options and will reply
-with expired data if Unbound is configured for that.
-.P
-If Unbound was built with
-\fB\-\-with\-libhiredis\fR
-on a system that has installed the hiredis C client library of Redis,
-then the "redis" backend can be used.
-This backend communicates with the specified Redis server over a TCP
-connection to store and retrieve cache data.
-It can be used as a persistent and/or shared cache backend.
-It should be noted that Unbound never removes data stored in the Redis server,
-even if some data have expired in terms of DNS TTL or the Redis server has
-cached too much data;
-if necessary the Redis server must be configured to limit the cache size,
-preferably with some kind of least-recently-used eviction policy.
-Additionally, the \fBredis\-expire\-records\fR option can be used in order to
-set the relative DNS TTL of the message as timeout to the Redis records; keep
-in mind that some additional memory is used per key and that the expire
-information is stored as absolute Unix timestamps in Redis (computer time must
-be stable).
-This backend uses synchronous communication with the Redis server
-based on the assumption that the communication is stable and sufficiently
-fast.
-The thread waiting for a response from the Redis server cannot handle
-other DNS queries.
-Although the backend has the ability to reconnect to the server when
-the connection is closed unexpectedly and there is a configurable timeout
-in case the server is overly slow or hangs up, these cases are assumed
-to be very rare.
-If connection close or timeout happens too often, Unbound will be
-effectively unusable with this backend.
-It's the administrator's responsibility to make the assumption hold.
-.P
-The
-.B cachedb:
-clause gives custom settings of the cache DB module.
 .TP
-.B backend: \fI<backend name>\fR
+.B A/AAAA
+String of space separated IP addresses present in the A/AAAA RRset.
+The IP addresses are in string format.
+.TP
+.B IPSECKEY
+String of space separated IPSECKEY RDATA present in the IPSECKEY RRset.
+The IPSECKEY RDATA are in DNS presentation format.
+.UNINDENT
+.sp
+The A/AAAA answer is then cached and returned to the client.
+If the external hook was called the TTL changes to ensure it doesn\(aqt surpass
+\fI\%ipsecmod\-max\-ttl\fP\&.
+.sp
+The same procedure is also followed when
+\fI\%prefetch: yes\fP is set, but the A/AAAA answer is
+given to the client before the hook is called.
+\fI\%ipsecmod\-max\-ttl\fP ensures that the A/AAAA
+answer given from cache is still relevant for opportunistic IPsec.
+.INDENT 0.0
+.TP
+.B ipsecmod\-enabled: \fI<yes or no>\fP 
+Specifies whether the IPsec module is enabled or not.
+The IPsec module still needs to be defined in the
+\fI\%module\-config\fP directive.
+This option facilitates turning on/off the module without
+restarting/reloading Unbound.
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ipsecmod\-hook: \fI<filename>\fP 
+Specifies the external hook that Unbound will call with \fIsystem(3)\fP\&.
+The file can be specified as an absolute/relative path.
+The file needs the proper permissions to be able to be executed by the same
+user that runs Unbound.
+It must be present when the IPsec module is defined in the
+\fI\%module\-config\fP directive.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ipsecmod\-strict: \fI<yes or no>\fP 
+If enabled Unbound requires the external hook to return a success value of
+0.
+Failing to do so Unbound will reply with SERVFAIL.
+The A/AAAA answer will also not be cached.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ipsecmod\-max\-ttl: \fI<seconds>\fP 
+Time to live maximum for A/AAAA cached records after calling the external
+hook.
+.sp
+Default: 3600
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ipsecmod\-ignore\-bogus: \fI<yes or no>\fP 
+Specifies the behaviour of Unbound when the IPSECKEY answer is bogus.
+If set to yes, the hook will be called and the A/AAAA answer will be
+returned to the client.
+If set to no, the hook will not be called and the answer to the A/AAAA
+query will be SERVFAIL.
+Mainly used for testing.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ipsecmod\-allow: \fI<domain>\fP 
+Allow the IPsec module functionality for the domain so that the module
+logic will be executed.
+Can be given multiple times, for different domains.
+If the option is not specified, all domains are treated as being allowed
+(default).
+.UNINDENT
+.INDENT 0.0
+.TP
+.B ipsecmod\-whitelist: \fI<domain>\fP 
+Alternate syntax for \fI\%ipsecmod\-allow\fP\&.
+.UNINDENT
+.SS Cache DB Module Options
+.sp
+The Cache DB module must be configured in the
+\fI\%module\-config\fP directive, e.g.:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+module\-config: \(dqvalidator cachedb iterator\(dq
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+and be compiled into the daemon with \fB\-\-enable\-cachedb\fP\&.
+.sp
+If this module is enabled and configured, the specified backend database works
+as a second level cache; when Unbound cannot find an answer to a query in its
+built\-in in\-memory cache, it consults the specified backend.
+If it finds a valid answer in the backend, Unbound uses it to respond to the
+query without performing iterative DNS resolution.
+If Unbound cannot even find an answer in the backend, it resolves the query as
+usual, and stores the answer in the backend.
+.sp
+This module interacts with the \fIserve\-expired\-*\fP options and will reply with
+expired data if Unbound is configured for that.
+.sp
+If Unbound was built with \fB\-\-with\-libhiredis\fP on a system that has installed
+the hiredis C client library of Redis, then the \fBredis\fP backend can be used.
+This backend communicates with the specified Redis server over a TCP connection
+to store and retrieve cache data.
+It can be used as a persistent and/or shared cache backend.
+.sp
+\fBNOTE:\fP
+.INDENT 0.0
+.INDENT 3.5
+Unbound never removes data stored in the Redis server, even if some data
+have expired in terms of DNS TTL or the Redis server has cached too much
+data; if necessary the Redis server must be configured to limit the cache
+size, preferably with some kind of least\-recently\-used eviction policy.
+.UNINDENT
+.UNINDENT
+.sp
+Additionally, the
+\fI\%redis\-expire\-records\fP option
+can be used in order to set the relative DNS TTL of the message as timeout to
+the Redis records; keep in mind that some additional memory is used per key and
+that the expire information is stored as absolute Unix timestamps in Redis
+(computer time must be stable).
+.sp
+This backend uses synchronous communication with the Redis server based on the
+assumption that the communication is stable and sufficiently fast.
+The thread waiting for a response from the Redis server cannot handle other DNS
+queries.
+Although the backend has the ability to reconnect to the server when the
+connection is closed unexpectedly and there is a configurable timeout in case
+the server is overly slow or hangs up, these cases are assumed to be very rare.
+If connection close or timeout happens too often, Unbound will be effectively
+unusable with this backend.
+It\(aqs the administrator\(aqs responsibility to make the assumption hold.
+.sp
+The \fBcachedb:\fP clause gives custom settings of the cache DB module.
+.INDENT 0.0
+.TP
+.B backend: \fI<backend name>\fP 
 Specify the backend database name.
-The default database is the in-memory backend named "testframe", which,
+The default database is the in\-memory backend named \fBtestframe\fP, which,
 as the name suggests, is not of any practical use.
-Depending on the build-time configuration, "redis" backend may also be
+Depending on the build\-time configuration, \fBredis\fP backend may also be
 used as described above.
+.sp
+Default: testframe
+.UNINDENT
+.INDENT 0.0
 .TP
-.B secret-seed: \fI<"secret string">\fR
+.B secret\-seed: \fI\(dq<secret string>\(dq\fP 
 Specify a seed to calculate a hash value from query information.
 This value will be used as the key of the corresponding answer for the
-backend database and can be customized if the hash should not be predictable
-operationally.
-If the backend database is shared by multiple Unbound instances,
-all instances must use the same secret seed.
-This option defaults to "default".
-.TP
-.B cachedb-no-store: \fI<yes or no>\fR
-If the backend should be read from, but not written to. This makes this
-instance not store dns messages in the backend. But if data is available it
-is retrieved. The default is no.
-.TP
-.B cachedb-check-when-serve-expired: \fI<yes or no>\fR
+backend database and can be customized if the hash should not be
+predictable operationally.
+If the backend database is shared by multiple Unbound instances, all
+instances must use the same secret seed.
+.sp
+Default: \(dqdefault\(dq
+.UNINDENT
+.INDENT 0.0
+.TP
+.B cachedb\-no\-store: \fI<yes or no>\fP 
+If the backend should be read from, but not written to.
+This makes this instance not store dns messages in the backend.
+But if data is available it is retrieved.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B cachedb\-check\-when\-serve\-expired: \fI<yes or no>\fP 
 If enabled, the cachedb is checked before an expired response is returned.
-When \fBserve\-expired\fR is enabled, without \fBserve\-expired\-client\-timeout\fR, it then
-does not immediately respond with an expired response from cache, but instead
-first checks the cachedb for valid contents, and if so returns it. If the
-cachedb also has no valid contents, the serve expired response is sent.
-If also \fBserve\-expired\-client\-timeout\fR is enabled, the expired response
-is delayed until the timeout expires. Unless the lookup succeeds within the
-timeout. The default is yes.
-.P
-The following
-.B cachedb
-options are specific to the redis backend.
-.TP
-.B redis-server-host: \fI<server address or name>\fR
+When
+\fI\%serve\-expired\fP
+is enabled, without
+\fI\%serve\-expired\-client\-timeout\fP
+, it then does not immediately respond with an expired response from cache,
+but instead first checks the cachedb for valid contents, and if so returns it.
+If the cachedb also has no valid contents, the serve expired response is sent.
+If also
+\fI\%serve\-expired\-client\-timeout\fP
+is enabled, the expired response is delayed until the timeout expires.
+Unless the lookup succeeds within the timeout.
+.sp
+Default: yes
+.UNINDENT
+.sp
+The following \fBcachedb:\fP options are specific to the \fBredis\fP backend.
+.INDENT 0.0
+.TP
+.B redis\-server\-host: \fI<server address or name>\fP 
 The IP (either v6 or v4) address or domain name of the Redis server.
-In general an IP address should be specified as otherwise Unbound will have to
-resolve the name of the server every time it establishes a connection
-to the server.
-This option defaults to "127.0.0.1".
-.TP
-.B redis-server-port: \fI<port number>\fR
+In general an IP address should be specified as otherwise Unbound will have
+to resolve the name of the server every time it establishes a connection to
+the server.
+.sp
+Default: 127.0.0.1
+.UNINDENT
+.INDENT 0.0
+.TP
+.B redis\-server\-port: \fI<port number>\fP 
 The TCP port number of the Redis server.
-This option defaults to 6379.
-.TP
-.B redis-server-path: \fI<unix socket path>\fR
-The unix socket path to connect to the Redis server. Off by default, and it
-can be set to "" to turn this off. Unix sockets may have better throughput
-than the IP address option.
-.TP
-.B redis-server-password: \fI"<password>"\fR
+.sp
+Default: 6379
+.UNINDENT
+.INDENT 0.0
+.TP
+.B redis\-server\-path: \fI<unix socket path>\fP 
+The unix socket path to connect to the Redis server.
+Unix sockets may have better throughput than the IP address option.
+.sp
+Default: \(dq\(dq (disabled)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B redis\-server\-password: \fI\(dq<password>\(dq\fP 
 The Redis AUTH password to use for the Redis server.
 Only relevant if Redis is configured for client password authorisation.
-Off by default, and it can be set to "" to turn this off.
-.TP
-.B redis-timeout: \fI<msec>\fR
-The period until when Unbound waits for a response from the Redis sever.
-If this timeout expires Unbound closes the connection, treats it as
-if the Redis server does not have the requested data, and will try to
-re-establish a new connection later.
-This option defaults to 100 milliseconds.
-.TP
-.B redis-command-timeout: \fI<msec>\fR
+.sp
+Default: \(dq\(dq (disabled)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B redis\-timeout: \fI<msec>\fP 
+The period until when Unbound waits for a response from the Redis server.
+If this timeout expires Unbound closes the connection, treats it as if the
+Redis server does not have the requested data, and will try to re\-establish
+a new connection later.
+.sp
+Default: 100
+.UNINDENT
+.INDENT 0.0
+.TP
+.B redis\-command\-timeout: \fI<msec>\fP 
 The timeout to use for Redis commands, in milliseconds.
-If 0, it uses the \fBredis\-timeout\fR value.
-The default is 0.
-.TP
-.B redis-connect-timeout: \fI<msec>\fR
+If \fB0\fP, it uses the
+\fI\%redis\-timeout\fP
+value.
+.sp
+Default: 0
+.UNINDENT
+.INDENT 0.0
+.TP
+.B redis\-connect\-timeout: \fI<msec>\fP 
 The timeout to use for Redis connection set up, in milliseconds.
-If 0, it uses the \fBredis\-timeout\fR value.
-The default is 0.
-.TP
-.B redis-expire-records: \fI<yes or no>
-If Redis record expiration is enabled.  If yes, Unbound sets timeout for Redis
-records so that Redis can evict keys that have expired automatically.  If
-Unbound is configured with \fBserve-expired\fR and \fBserve-expired-ttl\fR is 0,
-this option is internally reverted to "no".  Redis SETEX support is required
-for this option (Redis >= 2.0.0).
-This option defaults to no.
-.TP
-.B redis-logical-db: \fI<logical database index>
+If \fB0\fP, it uses the
+\fI\%redis\-timeout\fP
+value.
+.sp
+Default: 0
+.UNINDENT
+.INDENT 0.0
+.TP
+.B redis\-expire\-records: \fI<yes or no>\fP 
+If Redis record expiration is enabled.
+If yes, Unbound sets timeout for Redis records so that Redis can evict keys
+that have expired automatically.
+If Unbound is configured with
+\fI\%serve\-expired\fP and
+\fI\%serve\-expired\-ttl: 0\fP, this option is
+internally reverted to \(dqno\(dq.
+.sp
+\fBNOTE:\fP
+.INDENT 7.0
+.INDENT 3.5
+Redis \(dqSET ... EX\(dq support is required for this option (Redis >= 2.6.12).
+.UNINDENT
+.UNINDENT
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B redis\-logical\-db: \fI<logical database index>\fP 
 The logical database in Redis to use.
-These are databases in the same Redis instance sharing the same configuration
-and persisted in the same RDB/AOF file.
+These are databases in the same Redis instance sharing the same
+configuration and persisted in the same RDB/AOF file.
 If unsure about using this option, Redis documentation
-(https://redis.io/commands/select/) suggests not to use a single Redis instance
-for multiple unrelated applications.
+(\fI\%https://redis.io/commands/select/\fP) suggests not to use a single Redis
+instance for multiple unrelated applications.
 The default database in Redis is 0 while other logical databases need to be
-explicitly SELECT'ed upon connecting.
-This option defaults to 0.
-.TP
-.B redis-replica-server-host: \fI<server address or name>\fR
-The IP (either v6 or v4) address or domain name of the Redis replica server.
-In general an IP address should be specified as otherwise Unbound will have to
-resolve the name of the server every time it establishes a connection
-to the server.
-This server is treated as a read-only replica server
-(https://redis.io/docs/management/replication/#read-only-replica).
-If specified, all Redis read commands will go to this replica server, while
-the write commands will go to the \fBredis-server-host\fR.
-This option defaults to "" (disabled).
+explicitly SELECT\(aqed upon connecting.
+.sp
+Default: 0
+.UNINDENT
+.INDENT 0.0
 .TP
-.B redis-replica-server-port: \fI<port number>\fR
+.B redis\-replica\-server\-host: \fI<server address or name>\fP 
+The IP (either v6 or v4) address or domain name of the Redis server.
+In general an IP address should be specified as otherwise Unbound will have
+to resolve the name of the server every time it establishes a connection to
+the server.
+.sp
+This server is treated as a read\-only replica server
+(\fI\%https://redis.io/docs/management/replication/#read\-only\-replica\fP).
+If specified, all Redis read commands will go to this replica server, while
+the write commands will go to the
+\fI\%redis\-server\-host\fP\&.
+.sp
+Default: \(dq\(dq (disabled).
+.UNINDENT
+.INDENT 0.0
+.TP
+.B redis\-replica\-server\-port: \fI<port number>\fP 
 The TCP port number of the Redis replica server.
-This option defaults to 6379.
-.TP
-.B redis-replica-server-path: \fI<unix socket path>\fR
-The unix socket path to connect to the Redis server. Off by default, and it
-can be set to "" to turn this off. Unix sockets may have better throughput
-than the IP address option.
-.TP
-.B redis-replica-server-password: \fI"<password>"\fR
-The Redis AUTH password to use for the Redis replica server.
+.sp
+Default: 6379
+.UNINDENT
+.INDENT 0.0
+.TP
+.B redis\-replica\-server\-path: \fI<unix socket path>\fP 
+The unix socket path to connect to the Redis replica server.
+Unix sockets may have better throughput than the IP address option.
+.sp
+Default: \(dq\(dq (disabled)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B redis\-replica\-server\-password: \fI\(dq<password>\(dq\fP 
+The Redis AUTH password to use for the Redis server.
 Only relevant if Redis is configured for client password authorisation.
-Off by default, and it can be set to "" to turn this off.
+.sp
+Default: \(dq\(dq (disabled)
+.UNINDENT
+.INDENT 0.0
 .TP
-.B redis-replica-timeout: \fI<msec>\fR
-The period until when Unbound waits for a response from the Redis replica sever.
-If this timeout expires Unbound closes the connection, treats it as
-if the Redis replica server does not have the requested data, and will try to
-re-establish a new connection later.
-This option defaults to 100 milliseconds.
-.TP
-.B redis-replica-command-timeout: \fI<msec>\fR
+.B redis\-replica\-timeout: \fI<msec>\fP 
+The period until when Unbound waits for a response from the Redis replica
+server.
+If this timeout expires Unbound closes the connection, treats it as if the
+Redis server does not have the requested data, and will try to re\-establish
+a new connection later.
+.sp
+Default: 100
+.UNINDENT
+.INDENT 0.0
+.TP
+.B redis\-replica\-command\-timeout: \fI<msec>\fP 
 The timeout to use for Redis replica commands, in milliseconds.
-If 0, it uses the \fBredis\-replica\-timeout\fR value.
-The default is 0.
-.TP
-.B redis-replica-connect-timeout: \fI<msec>\fR
+If \fB0\fP, it uses the
+\fI\%redis\-replica\-timeout\fP
+value.
+.sp
+Default: 0
+.UNINDENT
+.INDENT 0.0
+.TP
+.B redis\-replica\-connect\-timeout: \fI<msec>\fP 
 The timeout to use for Redis replica connection set up, in milliseconds.
-If 0, it uses the \fBredis\-replica\-timeout\fR value.
-The default is 0.
-.TP
-.B redis-replica-logical-db: \fI<logical database index>
-Same as \fBredis-logical-db\fR but for the Redis replica server.
-This option defaults to 0.
+If \fB0\fP, it uses the
+\fI\%redis\-replica\-timeout\fP
+value.
+.sp
+Default: 0
+.UNINDENT
+.INDENT 0.0
+.TP
+.B redis\-replica\-logical\-db: \fI<logical database index>\fP 
+Same as \fI\%redis\-logical\-db\fP but
+for the Redis replica server.
+.sp
+Default: 0
+.UNINDENT
 .SS DNSTAP Logging Options
-DNSTAP support, when compiled in by using \fB\-\-enable\-dnstap\fR, is enabled
-in the \fBdnstap:\fR section.
-This starts an extra thread (when compiled with threading) that writes
-the log information to the destination.  If Unbound is compiled without
-threading it does not spawn a thread, but connects per-process to the
-destination.
-.TP
-.B dnstap-enable: \fI<yes or no>
-If dnstap is enabled.  Default no.  If yes, it connects to the dnstap server
-and if any of the dnstap-log-..-messages options is enabled it sends logs
-for those messages to the server.
-.TP
-.B dnstap-bidirectional: \fI<yes or no>
-Use frame streams in bidirectional mode to transfer DNSTAP messages. Default is
-yes.
-.TP
-.B dnstap-socket-path: \fI<file name>
+.sp
+DNSTAP support, when compiled in by using \fB\-\-enable\-dnstap\fP, is enabled in
+the \fBdnstap:\fP section.
+This starts an extra thread (when compiled with threading) that writes the log
+information to the destination.
+If Unbound is compiled without threading it does not spawn a thread, but
+connects per\-process to the destination.
+.INDENT 0.0
+.TP
+.B dnstap\-enable: \fI<yes or no>\fP 
+If dnstap is enabled.
+If yes, it connects to the DNSTAP server and if any of the
+\fIdnstap\-log\-..\-messages:\fP options is enabled it sends logs for those
+messages to the server.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnstap\-bidirectional: \fI<yes or no>\fP 
+Use frame streams in bidirectional mode to transfer DNSTAP messages.
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnstap\-socket\-path: \fI<file name>\fP 
 Sets the unix socket file name for connecting to the server that is
-listening on that socket.  Default is "@DNSTAP_SOCKET_PATH@".
-.TP
-.B dnstap-ip: \fI<IPaddress[@port]>
-If "", the unix socket is used, if set with an IP address (IPv4 or IPv6)
-that address is used to connect to the server.
-.TP
-.B dnstap-tls: \fI<yes or no>
-Set this to use TLS to connect to the server specified in \fBdnstap-ip\fR.
-The default is yes.  If set to no, TCP is used to connect to the server.
-.TP
-.B dnstap-tls-server-name: \fI<name of TLS authentication>
-The TLS server name to authenticate the server with.  Used when \fBdnstap-tls\fR is enabled.  If "" it is ignored, default "".
-.TP
-.B dnstap-tls-cert-bundle: \fI<file name of cert bundle>
-The pem file with certs to verify the TLS server certificate. If "" the
-server default cert bundle is used, or the windows cert bundle on windows.
-Default is "".
-.TP
-.B dnstap-tls-client-key-file: \fI<file name>
-The client key file for TLS client authentication. If "" client
-authentication is not used.  Default is "".
-.TP
-.B dnstap-tls-client-cert-file: \fI<file name>
-The client cert file for TLS client authentication.  Default is "".
-.TP
-.B dnstap-send-identity: \fI<yes or no>
+listening on that socket.
+.sp
+Default: @DNSTAP_SOCKET_PATH@
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnstap\-ip: \fI<IPaddress[@port]>\fP 
+If \fB\(dq\(dq\fP, the unix socket is used, if set with an IP address (IPv4 or
+IPv6) that address is used to connect to the server.
+.sp
+Default: \(dq\(dq
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnstap\-tls: \fI<yes or no>\fP 
+Set this to use TLS to connect to the server specified in
+\fI\%dnstap\-ip\fP\&.
+If set to no, TCP is used to connect to the server.
+.sp
+Default: yes
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnstap\-tls\-server\-name: \fI<name of TLS authentication>\fP 
+The TLS server name to authenticate the server with.
+Used when \fI\%dnstap\-tls: yes\fP is set.
+If \fB\(dq\(dq\fP it is ignored.
+.sp
+Default: \(dq\(dq
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnstap\-tls\-cert\-bundle: \fI<file name of cert bundle>\fP 
+The pem file with certs to verify the TLS server certificate.
+If \fB\(dq\(dq\fP the server default cert bundle is used, or the windows cert
+bundle on windows.
+.sp
+Default: \(dq\(dq
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnstap\-tls\-client\-key\-file: \fI<file name>\fP 
+The client key file for TLS client authentication.
+If \fB\(dq\(dq\fP client authentication is not used.
+.sp
+Default: \(dq\(dq
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnstap\-tls\-client\-cert\-file: \fI<file name>\fP 
+The client cert file for TLS client authentication.
+.sp
+Default: \(dq\(dq
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnstap\-send\-identity: \fI<yes or no>\fP 
 If enabled, the server identity is included in the log messages.
-Default is no.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
 .TP
-.B dnstap-send-version: \fI<yes or no>
+.B dnstap\-send\-version: \fI<yes or no>\fP 
 If enabled, the server version if included in the log messages.
-Default is no.
-.TP
-.B dnstap-identity: \fI<string>
-The identity to send with messages, if "" the hostname is used.
-Default is "".
-.TP
-.B dnstap-version: \fI<string>
-The version to send with messages, if "" the package version is used.
-Default is "".
-.TP
-.B dnstap-sample-rate: \fI<number>
-The sample rate for log of messages, it logs only 1/N messages. With 0 it
-is disabled. Default is 0. This is useful in a high volume environment,
-where log functionality would otherwise not be reliable. For example 10
-would spend only 1/10th time on logging, and 100 would only spend a
-hundredth of the time on logging.
-.TP
-.B dnstap-log-resolver-query-messages: \fI<yes or no>
-Enable to log resolver query messages.  Default is no.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnstap\-identity: \fI<string>\fP 
+The identity to send with messages, if \fB\(dq\(dq\fP the hostname is used.
+.sp
+Default: \(dq\(dq
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnstap\-version: \fI<string>\fP 
+The version to send with messages, if \fB\(dq\(dq\fP the package version is used.
+.sp
+Default: \(dq\(dq
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnstap\-sample\-rate: \fI<number>\fP 
+The sample rate for log of messages, it logs only 1/N messages.
+With 0 it is disabled.
+This is useful in a high volume environment, where log functionality would
+otherwise not be reliable.
+For example 10 would spend only 1/10th time on logging, and 100 would only
+spend a hundredth of the time on logging.
+.sp
+Default: 0 (disabled)
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnstap\-log\-resolver\-query\-messages: \fI<yes or no>\fP 
+Enable to log resolver query messages.
 These are messages from Unbound to upstream servers.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
 .TP
-.B dnstap-log-resolver-response-messages: \fI<yes or no>
-Enable to log resolver response messages.  Default is no.
+.B dnstap\-log\-resolver\-response\-messages: \fI<yes or no>\fP 
+Enable to log resolver response messages.
 These are replies from upstream servers to Unbound.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
 .TP
-.B dnstap-log-client-query-messages: \fI<yes or no>
-Enable to log client query messages.  Default is no.
+.B dnstap\-log\-client\-query\-messages: \fI<yes or no>\fP 
+Enable to log client query messages.
 These are client queries to Unbound.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
 .TP
-.B dnstap-log-client-response-messages: \fI<yes or no>
-Enable to log client response messages.  Default is no.
+.B dnstap\-log\-client\-response\-messages: \fI<yes or no>\fP 
+Enable to log client response messages.
 These are responses from Unbound to clients.
-.TP
-.B dnstap-log-forwarder-query-messages: \fI<yes or no>
-Enable to log forwarder query messages.  Default is no.
-.TP
-.B dnstap-log-forwarder-response-messages: \fI<yes or no>
-Enable to log forwarder response messages.  Default is no.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnstap\-log\-forwarder\-query\-messages: \fI<yes or no>\fP 
+Enable to log forwarder query messages.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B dnstap\-log\-forwarder\-response\-messages: \fI<yes or no>\fP 
+Enable to log forwarder response messages.
+.sp
+Default: no
+.UNINDENT
 .SS Response Policy Zone Options
-.LP
-Response Policy Zones are configured with \fBrpz:\fR, and each one must have a
-\fBname:\fR. There can be multiple ones, by listing multiple RPZ clauses, each
-with a different name. RPZ clauses are applied in order of configuration and
-any match from an earlier RPZ zone will terminate the RPZ lookup. Note that a
-PASSTHRU action is still considered a match.
-The \fBrespip\fR module needs to be added to the \fBmodule-config\fR, e.g.:
-\fBmodule-config: "respip validator iterator"\fR.
-.P
+.sp
+Response Policy Zones are configured with \fBrpz:\fP, and each one must have a
+\fI\%name\fP attribute.
+There can be multiple ones, by listing multiple RPZ clauses, each with a
+different name.
+RPZ clauses are applied in order of configuration and any match from an earlier
+RPZ zone will terminate the RPZ lookup.
+Note that a PASSTHRU action is still considered a match.
+The respip module needs to be added to the
+\fI\%module\-config\fP, e.g.:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+module\-config: \(dqrespip validator iterator\(dq
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
 QNAME, Response IP Address, nsdname, nsip and clientip triggers are supported.
 Supported actions are: NXDOMAIN, NODATA, PASSTHRU, DROP, Local Data, tcp\-only
-and drop.  RPZ QNAME triggers are applied after \fBlocal\-zones\fR and
-before \fBauth\-zones\fR.
-.P
+and drop.
+RPZ QNAME triggers are applied after any
+\fI\%local\-zone\fP and before any
+\fI\%auth\-zone\fP\&.
+.sp
 The RPZ zone is a regular DNS zone formatted with a SOA start record as usual.
 The items in the zone are entries, that specify what to act on (the trigger)
 and what to do (the action).
@@ -3073,167 +5449,278 @@ The trigger to act on is recorded in the name, the action to do is recorded as
 the resource record.
 The names all end in the zone name, so you could type the trigger names without
 a trailing dot in the zonefile.
-.P
-An example RPZ record, that answers example.com with NXDOMAIN
+.sp
+An example RPZ record, that answers \fBexample.com\fP with \fBNXDOMAIN\fP:
+.INDENT 0.0
+.INDENT 3.5
+.sp
 .nf
-	example.com CNAME .
+.ft C
+example.com CNAME .
+.ft P
 .fi
-.P
+.UNINDENT
+.UNINDENT
+.sp
 The triggers are encoded in the name on the left
+.INDENT 0.0
+.INDENT 3.5
+.sp
 .nf
-	name                          query name
-	netblock.rpz-client-ip        client IP address
-	netblock.rpz-ip               response IP address in the answer
-	name.rpz-nsdname              nameserver name
-	netblock.rpz-nsip             nameserver IP address
+.ft C
+name                          query name
+netblock.rpz\-client\-ip        client IP address
+netblock.rpz\-ip               response IP address in the answer
+name.rpz\-nsdname              nameserver name
+netblock.rpz\-nsip             nameserver IP address
+.ft P
 .fi
-The netblock is written as <netblocklen>.<ip address in reverse>.
-For IPv6 use 'zz' for '::'.  Specify individual addresses with scope length
-of 32 or 128.  For example, 24.10.100.51.198.rpz-ip is 198.51.100.10/24 and
-32.10.zz.db8.2001.rpz-ip is 2001:db8:0:0:0:0:0:10/32.
-.P
+.UNINDENT
+.UNINDENT
+.sp
+The netblock is written as \fB<netblocklen>.<ip address in reverse>\fP\&.
+For IPv6 use \fB\(aqzz\(aq\fP for \fB\(aq::\(aq\fP\&.
+Specify individual addresses with scope length of 32 or 128.
+For example, \fB24.10.100.51.198.rpz\-ip\fP is \fB198.51.100.10/24\fP and
+\fB32.10.zz.db8.2001.rpz\-ip\fP is \fB2001:db8:0:0:0:0:0:10/32\fP\&.
+.sp
 The actions are specified with the record on the right
+.INDENT 0.0
+.INDENT 3.5
+.sp
 .nf
-	CNAME .                      nxdomain reply
-	CNAME *.                     nodata reply
-	CNAME rpz-passthru.          do nothing, allow to continue
-	CNAME rpz-drop.              the query is dropped
-	CNAME rpz-tcp-only.          answer over TCP
-	A 192.0.2.1                  answer with this IP address
+.ft C
+CNAME .                      nxdomain reply
+CNAME *.                     nodata reply
+CNAME rpz\-passthru.          do nothing, allow to continue
+CNAME rpz\-drop.              the query is dropped
+CNAME rpz\-tcp\-only.          answer over TCP
+A 192.0.2.1                  answer with this IP address
+.ft P
 .fi
-Other records like AAAA, TXT and other CNAMEs (not rpz-..) can also be used to
+.UNINDENT
+.UNINDENT
+.sp
+Other records like AAAA, TXT and other CNAMEs (not rpz\-..) can also be used to
 answer queries with that content.
-.P
-The RPZ zones can be configured in the config file with these settings in the \fBrpz:\fR block.
+.sp
+The RPZ zones can be configured in the config file with these settings in the
+\fBrpz:\fP block.
+.INDENT 0.0
 .TP
-.B name: \fI<zone name>
+.B name: \fI<zone name>\fP 
 Name of the authority zone.
-.TP
-.B primary: \fI<IP address or host name>
-Where to download a copy of the zone from, with AXFR and IXFR.  Multiple
-primaries can be specified.  They are all tried if one fails.
-To use a nondefault port for DNS communication append '@' with the port number.
-You can append a '#' and a name, then AXFR over TLS can be used and the tls authentication certificates will be checked with that name.  If you combine
-the '@' and '#', the '@' comes first.
-If you point it at another Unbound instance, it would not work because
-that does not support AXFR/IXFR for the zone, but if you used \fBurl:\fR to download
-the zonefile as a text file from a webserver that would work.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B primary: \fI<IP address or host name>\fP 
+Where to download a copy of the zone from, with AXFR and IXFR.
+Multiple primaries can be specified.
+They are all tried if one fails.
+.sp
+To use a non\-default port for DNS communication append \fB\(aq@\(aq\fP with the
+port number.
+.sp
+You can append a \fB\(aq#\(aq\fP and a name, then AXFR over TLS can be used and the
+TLS authentication certificates will be checked with that name.
+.sp
+If you combine the \fB\(aq@\(aq\fP and \fB\(aq#\(aq\fP, the \fB\(aq@\(aq\fP comes first.
+If you point it at another Unbound instance, it would not work because that
+does not support AXFR/IXFR for the zone, but if you used
+\fI\%url\fP to download the zonefile as a text file
+from a webserver that would work.
+.sp
 If you specify the hostname, you cannot use the domain from the zonefile,
 because it may not have that when retrieving that data, instead use a plain
 IP address to avoid a circular dependency on retrieving that IP address.
-.TP
-.B master: \fI<IP address or host name>
-Alternate syntax for \fBprimary\fR.
-.TP
-.B url: \fI<url to zonefile>
-Where to download a zonefile for the zone.  With http or https.  An example
-for the url is "http://www.example.com/example.org.zone".  Multiple url
-statements can be given, they are tried in turn.  If only urls are given
-the SOA refresh timer is used to wait for making new downloads.  If also
-primaries are listed, the primaries are first probed with UDP SOA queries to
-see if the SOA serial number has changed, reducing the number of downloads.
-If none of the urls work, the primaries are tried with IXFR and AXFR.
-For https, the \fBtls\-cert\-bundle\fR and the hostname from the url are used
-to authenticate the connection.
-.TP
-.B allow\-notify: \fI<IP address or host name or netblockIP/prefix>
-With allow\-notify you can specify additional sources of notifies.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B master: \fI<IP address or host name>\fP 
+Alternate syntax for \fI\%primary\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B url: \fI<url to zonefile>\fP 
+Where to download a zonefile for the zone.
+With HTTP or HTTPS.
+An example for the url is:
+.INDENT 7.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+http://www.example.com/example.org.zone
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+Multiple url statements can be given, they are tried in turn.
+.sp
+If only urls are given the SOA refresh timer is used to wait for making new
+downloads.
+If also primaries are listed, the primaries are first probed with UDP SOA
+queries to see if the SOA serial number has changed, reducing the number of
+downloads.
+If none of the URLs work, the primaries are tried with IXFR and AXFR.
+.sp
+For HTTPS, the \fI\%tls\-cert\-bundle\fP and
+the hostname from the url are used to authenticate the connection.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B allow\-notify: \fI<IP address or host name or netblockIP/prefix>\fP 
+With \fI\%allow\-notify\fP you can specify
+additional sources of notifies.
 When notified, the server attempts to first probe and then zone transfer.
-If the notify is from a primary, it first attempts that primary.  Otherwise
-other primaries are attempted.  If there are no primaries, but only urls, the
-file is downloaded when notified.  The primaries from primary: and url:
-statements are allowed notify by default.
-.TP
-.B zonefile: \fI<filename>
-The filename where the zone is stored.  If not given then no zonefile is used.
+If the notify is from a primary, it first attempts that primary.
+Otherwise other primaries are attempted.
+If there are no primaries, but only urls, the file is downloaded when
+notified.
+.sp
+\fBNOTE:\fP
+.INDENT 7.0
+.INDENT 3.5
+The primaries from \fI\%primary\fP and
+\fI\%url\fP statements are allowed notify by
+default.
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
+.TP
+.B zonefile: \fI<filename>\fP 
+The filename where the zone is stored.
+If not given then no zonefile is used.
 If the file does not exist or is empty, Unbound will attempt to fetch zone
 data (eg. from the primary servers).
+.UNINDENT
+.INDENT 0.0
 .TP
-.B rpz\-action\-override: \fI<action>
-Always use this RPZ action for matching triggers from this zone. Possible action
-are: nxdomain, nodata, passthru, drop, disabled and cname.
+.B rpz\-action\-override: \fI<action>\fP 
+Always use this RPZ action for matching triggers from this zone.
+Possible actions are: \fInxdomain\fP, \fInodata\fP, \fIpassthru\fP, \fIdrop\fP, \fIdisabled\fP
+and \fIcname\fP\&.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B rpz\-cname\-override: \fI<domain>
+.B rpz\-cname\-override: \fI<domain>\fP 
 The CNAME target domain to use if the cname action is configured for
-\fBrpz\-action\-override\fR.
-.TP
-.B rpz\-log: \fI<yes or no>
-Log all applied RPZ actions for this RPZ zone. Default is no.
-.TP
-.B rpz\-log\-name: \fI<name>
+\fI\%rpz\-action\-override\fP\&.
+.UNINDENT
+.INDENT 0.0
+.TP
+.B rpz\-log: \fI<yes or no>\fP 
+Log all applied RPZ actions for this RPZ zone.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B rpz\-log\-name: \fI<name>\fP 
 Specify a string to be part of the log line, for easy referencing.
+.UNINDENT
+.INDENT 0.0
 .TP
-.B rpz\-signal\-nxdomain\-ra: \fI<yes or no>
-Signal when a query is blocked by the RPZ with NXDOMAIN with an unset RA flag.
+.B rpz\-signal\-nxdomain\-ra: \fI<yes or no>\fP 
+Signal when a query is blocked by the RPZ with NXDOMAIN with an unset RA
+flag.
 This allows certain clients, like dnsmasq, to infer that the domain is
-externally blocked. Default is no.
+externally blocked.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
 .TP
-.B for\-downstream: \fI<yes or no>
+.B for\-downstream: \fI<yes or no>\fP 
 If enabled the zone is authoritatively answered for and queries for the RPZ
-zone information are answered to downstream clients. This is useful for
-monitoring scripts, that can then access the SOA information to check if
-the RPZ information is up to date. Default is no.
-.TP
-.B tags: \fI<list of tags>
-Limit the policies from this RPZ clause to clients with a matching tag. Tags
-need to be defined in \fBdefine\-tag\fR and can be assigned to client addresses
-using \fBaccess\-control\-tag\fR. Enclose list of tags in quotes ("") and put
-spaces between tags. If no tags are specified the policies from this clause will
-be applied for all clients.
-.SH "MEMORY CONTROL EXAMPLE"
-In the example config settings below memory usage is reduced. Some service
-levels are lower, notable very large data and a high TCP load are no longer
-supported. Very large data and high TCP loads are exceptional for the DNS.
+zone information are answered to downstream clients.
+This is useful for monitoring scripts, that can then access the SOA
+information to check if the RPZ information is up to date.
+.sp
+Default: no
+.UNINDENT
+.INDENT 0.0
+.TP
+.B tags: \fI\(dq<list of tags>\(dq\fP 
+Limit the policies from this RPZ clause to clients with a matching tag.
+.sp
+Tags need to be defined in \fI\%define\-tag\fP and
+can be assigned to client addresses using
+\fI\%access\-control\-tag\fP or
+\fI\%interface\-tag\fP\&.
+Enclose list of tags in quotes (\fB\(dq\(dq\fP) and put spaces between tags.
+.sp
+If no tags are specified the policies from this clause will be applied for
+all clients.
+.UNINDENT
+.SH MEMORY CONTROL EXAMPLE
+.sp
+In the example config settings below memory usage is reduced.
+Some service levels are lower, notable very large data and a high TCP load are
+no longer supported.
+Very large data and high TCP loads are exceptional for the DNS.
 DNSSEC validation is enabled, just add trust anchors.
-If you do not have to worry about programs using more than 3 Mb of memory,
-the below example is not for you. Use the defaults to receive full service,
-which on BSD\-32bit tops out at 30\-40 Mb after heavy usage.
-.P
+If you do not have to worry about programs using more than 3 Mb of memory, the
+below example is not for you.
+Use the defaults to receive full service, which on BSD\-32bit tops out at 30\-40
+Mb after heavy usage.
+.INDENT 0.0
+.INDENT 3.5
+.sp
 .nf
+.ft C
 # example settings that reduce memory usage
 server:
-	num\-threads: 1
-	outgoing\-num\-tcp: 1	# this limits TCP service, uses less buffers.
-	incoming\-num\-tcp: 1
-	outgoing\-range: 60	# uses less memory, but less performance.
-	msg\-buffer\-size: 8192   # note this limits service, 'no huge stuff'.
-	msg\-cache\-size: 100k
-	msg\-cache\-slabs: 1
-	rrset\-cache\-size: 100k
-	rrset\-cache\-slabs: 1
-	infra\-cache\-numhosts: 200
-	infra\-cache\-slabs: 1
-	key\-cache\-size: 100k
-	key\-cache\-slabs: 1
-	neg\-cache\-size: 10k
-	num\-queries\-per\-thread: 30
-	target\-fetch\-policy: "2 1 0 0 0 0"
-	harden\-large\-queries: "yes"
-	harden\-short\-bufsize: "yes"
+    num\-threads: 1
+    outgoing\-num\-tcp: 1 # this limits TCP service, uses less buffers.
+    incoming\-num\-tcp: 1
+    outgoing\-range: 60  # uses less memory, but less performance.
+    msg\-buffer\-size: 8192   # note this limits service, \(aqno huge stuff\(aq.
+    msg\-cache\-size: 100k
+    msg\-cache\-slabs: 1
+    rrset\-cache\-size: 100k
+    rrset\-cache\-slabs: 1
+    infra\-cache\-numhosts: 200
+    infra\-cache\-slabs: 1
+    key\-cache\-size: 100k
+    key\-cache\-slabs: 1
+    neg\-cache\-size: 10k
+    num\-queries\-per\-thread: 30
+    target\-fetch\-policy: \(dq2 1 0 0 0 0\(dq
+    harden\-large\-queries: \(dqyes\(dq
+    harden\-short\-bufsize: \(dqyes\(dq
+.ft P
 .fi
-.SH "FILES"
+.UNINDENT
+.UNINDENT
+.SH FILES
+.INDENT 0.0
 .TP
-.I @UNBOUND_RUN_DIR@
+.B @UNBOUND_RUN_DIR@
 default Unbound working directory.
 .TP
-.I @UNBOUND_CHROOT_DIR@
-default
-\fIchroot\fR(2)
-location.
+.B @UNBOUND_CHROOT_DIR@
+default \fIchroot(2)\fP location.
 .TP
-.I @ub_conf_file@
+.B @ub_conf_file@
 Unbound configuration file.
 .TP
-.I @UNBOUND_PIDFILE@
+.B @UNBOUND_PIDFILE@
 default Unbound pidfile with process ID of the running daemon.
 .TP
-.I unbound.log
-Unbound log file. default is to log to
-\fIsyslog\fR(3).
-.SH "SEE ALSO"
-\fIunbound\fR(8),
-\fIunbound\-checkconf\fR(8).
-.SH "AUTHORS"
-.B Unbound
-was written by NLnet Labs. Please see CREDITS file
-in the distribution for further details.
+.B unbound.log
+Unbound log file.
+Default is to log to \fIsyslog(3)\fP\&.
+.UNINDENT
+.SH SEE ALSO
+.sp
+\fI\%unbound(8)\fP,
+\fI\%unbound\-checkonf(8)\fP\&.
+.SH AUTHOR
+Unbound developers are mentioned in the CREDITS file in the distribution.
+.SH COPYRIGHT
+1999-2025, NLnet Labs
+.\" Generated by docutils manpage writer.
+.
diff --git a/contrib/unbound/doc/unbound.conf.rst b/contrib/unbound/doc/unbound.conf.rst
new file mode 100644
index 000000000000..ad8404e113cf
--- /dev/null
+++ b/contrib/unbound/doc/unbound.conf.rst
@@ -0,0 +1,4997 @@
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+unbound.conf(5)
+===============
+
+Synopsis
+--------
+
+**unbound.conf**
+
+Description
+-----------
+
+**unbound.conf** is used to configure :doc:`unbound(8)</manpages/unbound>`.
+The file format has attributes and values.
+Some attributes have attributes inside them.
+The notation is: ``attribute: value``.
+
+Comments start with ``#`` and last to the end of line.
+Empty lines are ignored as is whitespace at the beginning of a line.
+
+The utility :doc:`unbound-checkconf(8)</manpages/unbound-checkconf>` can be
+used to check ``unbound.conf`` prior to usage.
+
+Example
+-------
+
+An example config file is shown below.
+Copy this to :file:`/etc/unbound/unbound.conf` and start the server with:
+
+.. code-block:: text
+
+    $ unbound -c /etc/unbound/unbound.conf
+
+Most settings are the defaults.
+Stop the server with:
+
+.. code-block:: text
+
+    $ kill `cat /etc/unbound/unbound.pid`
+
+Below is a minimal config file.
+The source distribution contains an extensive :file:`example.conf` file with
+all the options.
+
+.. code-block:: text
+
+    # unbound.conf(5) config file for unbound(8).
+    server:
+        directory: "/etc/unbound"
+        username: unbound
+        # make sure unbound can access entropy from inside the chroot.
+        # e.g. on linux the use these commands (on BSD, devfs(8) is used):
+        #      mount --bind -n /dev/urandom /etc/unbound/dev/urandom
+        # and  mount --bind -n /dev/log /etc/unbound/dev/log
+        chroot: "/etc/unbound"
+        # logfile: "/etc/unbound/unbound.log"  #uncomment to use logfile.
+        pidfile: "/etc/unbound/unbound.pid"
+        # verbosity: 1      # uncomment and increase to get more logging.
+        # listen on all interfaces, answer queries from the local subnet.
+        interface: 0.0.0.0
+        interface: ::0
+        access-control: 10.0.0.0/8 allow
+        access-control: 2001:DB8::/64 allow
+
+File Format
+-----------
+
+There must be whitespace between keywords.
+Attribute keywords end with a colon ``':'``.
+An attribute is followed by a value, or its containing attributes in which case
+it is referred to as a clause.
+Clauses can be repeated throughout the file (or included files) to group
+attributes under the same clause.
+
+.. _unbound.conf.include:
+
+Files can be included using the **include:** directive.
+It can appear anywhere, it accepts a single file name as argument.
+Processing continues as if the text from the included file was copied into the
+config file at that point.
+If also using :ref:`chroot<unbound.conf.chroot>`, using full path names for
+the included files works, relative pathnames for the included names work if the
+directory where the daemon is started equals its chroot/working directory or is
+specified before the include statement with :ref:`directory:
+dir<unbound.conf.directory>`.
+Wildcards can be used to include multiple files, see *glob(7)*.
+
+.. _unbound.conf.include-toplevel:
+
+For a more structural include option, the **include-toplevel:** directive can
+be used.
+This closes whatever clause is currently active (if any) and forces the use of
+clauses in the included files and right after this directive.
+
+.. _unbound.conf.server:
+
+Server Options
+^^^^^^^^^^^^^^
+
+These options are part of the **server:** clause.
+
+
+@@UAHL@unbound.conf@verbosity@@: *<number>*
+    The verbosity level.
+
+    Level 0
+        No verbosity, only errors.
+
+    Level 1
+        Gives operational information.
+
+    Level 2
+        Gives detailed operational information including short information per
+        query.
+
+    Level 3
+        Gives query level information, output per query.
+
+    Level 4
+        Gives algorithm level information.
+
+    Level 5
+        Logs client identification for cache misses.
+
+    The verbosity can also be increased from the command line and during run
+    time via remote control. See :doc:`unbound(8)</manpages/unbound>` and
+    :doc:`unbound-control(8)</manpages/unbound-control>` respectively.
+
+    Default: 1
+
+
+@@UAHL@unbound.conf@statistics-interval@@: *<seconds>*
+    The number of seconds between printing statistics to the log for every
+    thread.
+    Disable with value ``0`` or ``""``.
+    The histogram statistics are only printed if replies were sent during the
+    statistics interval, requestlist statistics are printed for every interval
+    (but can be 0).
+    This is because the median calculation requires data to be present.
+
+    Default: 0 (disabled)
+
+
+@@UAHL@unbound.conf@statistics-cumulative@@: *<yes or no>*
+    If enabled, statistics are cumulative since starting Unbound, without
+    clearing the statistics counters after logging the statistics.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@extended-statistics@@: *<yes or no>*
+    If enabled, extended statistics are printed from
+    :doc:`unbound-control(8)</manpages/unbound-control>`.
+    The counters are listed in
+    :doc:`unbound-control(8)</manpages/unbound-control>`.
+    Keeping track of more statistics takes time.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@statistics-inhibit-zero@@: *<yes or no>*
+    If enabled, selected extended statistics with a value of 0 are inhibited
+    from printing with
+    :doc:`unbound-control(8)</manpages/unbound-control>`.
+    These are query types, query classes, query opcodes, answer rcodes
+    (except NOERROR, FORMERR, SERVFAIL, NXDOMAIN, NOTIMPL, REFUSED)
+    and PRZ actions.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf@num-threads@@: *<number>*
+    The number of threads to create to serve clients. Use 1 for no threading.
+
+    Default: 1
+
+
+@@UAHL@unbound.conf@port@@: *<port number>*
+    The port number on which the server responds to queries.
+
+    Default: 53
+
+
+@@UAHL@unbound.conf@interface@@: *<IP address or interface name[@port]>*
+    Interface to use to connect to the network.
+    This interface is listened to for queries from clients, and answers to
+    clients are given from it.
+    Can be given multiple times to work on several interfaces.
+    If none are given the default is to listen on localhost.
+
+    If an interface name is used instead of an IP address, the list of IP
+    addresses on that interface are used.
+    The interfaces are not changed on a reload (``kill -HUP``) but only on
+    restart.
+
+    A port number can be specified with @port (without spaces between interface
+    and port number), if not specified the default port (from
+    :ref:`port<unbound.conf.port>`) is used.
+
+
+@@UAHL@unbound.conf@ip-address@@: *<IP address or interface name[@port]>*
+    Same as :ref:`interface<unbound.conf.interface>` (for ease of
+    compatibility with :external+nsd:doc:`manpages/nsd.conf`).
+
+
+@@UAHL@unbound.conf@interface-automatic@@: *<yes or no>*
+    Listen on all addresses on all (current and future) interfaces, detect the
+    source interface on UDP queries and copy them to replies.
+    This is a lot like :ref:`ip-transparent<unbound.conf.ip-transparent>`, but
+    this option services all interfaces whilst with
+    :ref:`ip-transparent<unbound.conf.ip-transparent>` you can select which
+    (future) interfaces Unbound provides service on.
+    This feature is experimental, and needs support in your OS for particular
+    socket options.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@interface-automatic-ports@@: *"<string>"*
+    List the port numbers that
+    :ref:`interface-automatic<unbound.conf.interface-automatic>` listens on.
+    If empty, the default port is listened on.
+    The port numbers are separated by spaces in the string.
+
+    This can be used to have interface automatic to deal with the interface,
+    and listen on the normal port number, by including it in the list, and
+    also HTTPS or DNS-over-TLS port numbers by putting them in the list as
+    well.
+
+    Default: ""
+
+
+@@UAHL@unbound.conf@outgoing-interface@@: *<IPv4/IPv6 address or IPv6 netblock>*
+    Interface to use to connect to the network.
+    This interface is used to send queries to authoritative servers and receive
+    their replies.
+    Can be given multiple times to work on several interfaces.
+    If none are given the default (all) is used.
+    You can specify the same interfaces in
+    :ref:`interface<unbound.conf.interface>` and
+    :ref:`outgoing-interface<unbound.conf.outgoing-interface>` lines, the
+    interfaces are then used for both purposes.
+    Outgoing queries are sent via a random outgoing interface to counter
+    spoofing.
+
+    If an IPv6 netblock is specified instead of an individual IPv6 address,
+    outgoing UDP queries will use a randomised source address taken from the
+    netblock to counter spoofing.
+    Requires the IPv6 netblock to be routed to the host running Unbound, and
+    requires OS support for unprivileged non-local binds (currently only
+    supported on Linux).
+    Several netblocks may be specified with multiple
+    :ref:`outgoing-interface<unbound.conf.outgoing-interface>` options, but do
+    not specify both an individual IPv6 address and an IPv6 netblock, or the
+    randomisation will be compromised.
+    Consider combining with :ref:`prefer-ip6: yes<unbound.conf.prefer-ip6>` to
+    increase the likelihood of IPv6 nameservers being selected for queries.
+    On Linux you need these two commands to be able to use the freebind socket
+    option to receive traffic for the ip6 netblock:
+
+    .. code-block:: text
+
+        ip -6 addr add mynetblock/64 dev lo && \
+        ip -6 route add local mynetblock/64 dev lo
+
+
+@@UAHL@unbound.conf@outgoing-range@@: *<number>*
+    Number of ports to open.
+    This number of file descriptors can be opened per thread.
+    Must be at least 1.
+    Default depends on compile options.
+    Larger numbers need extra resources from the operating system.
+    For performance a very large value is best, use libevent to make this
+    possible.
+
+    Default: 4096 (libevent) / 960 (minievent) / 48 (windows)
+
+
+@@UAHL@unbound.conf@outgoing-port-permit@@: *<port number or range>*
+    Permit Unbound to open this port or range of ports for use to send queries.
+    A larger number of permitted outgoing ports increases resilience against
+    spoofing attempts.
+    Make sure these ports are not needed by other daemons.
+    By default only ports above 1024 that have not been assigned by IANA are
+    used.
+    Give a port number or a range of the form "low-high", without spaces.
+
+    The :ref:`outgoing-port-permit<unbound.conf.outgoing-port-permit>` and
+    :ref:`outgoing-port-avoid<unbound.conf.outgoing-port-avoid>` statements
+    are processed in the line order of the config file, adding the permitted
+    ports and subtracting the avoided ports from the set of allowed ports.
+    The processing starts with the non IANA allocated ports above 1024 in the
+    set of allowed ports.
+
+
+@@UAHL@unbound.conf@outgoing-port-avoid@@: *<port number or range>*
+    Do not permit Unbound to open this port or range of ports for use to send
+    queries.
+    Use this to make sure Unbound does not grab a port that another daemon
+    needs.
+    The port is avoided on all outgoing interfaces, both IPv4 and IPv6.
+    By default only ports above 1024 that have not been assigned by IANA are
+    used.
+    Give a port number or a range of the form "low-high", without spaces.
+
+
+@@UAHL@unbound.conf@outgoing-num-tcp@@: *<number>*
+    Number of outgoing TCP buffers to allocate per thread.
+    If set to 0, or if :ref:`do-tcp: no<unbound.conf.do-tcp>` is set, no TCP
+    queries to authoritative servers are done.
+    For larger installations increasing this value is a good idea.
+
+    Default: 10
+
+
+@@UAHL@unbound.conf@incoming-num-tcp@@: *<number>*
+    Number of incoming TCP buffers to allocate per thread.
+    If set to 0, or if :ref:`do-tcp: no<unbound.conf.do-tcp>` is set, no TCP
+    queries from clients are accepted.
+    For larger installations increasing this value is a good idea.
+
+    Default: 10
+
+
+@@UAHL@unbound.conf@edns-buffer-size@@: *<number>*
+    Number of bytes size to advertise as the EDNS reassembly buffer size.
+    This is the value put into datagrams over UDP towards peers.
+    The actual buffer size is determined by
+    :ref:`msg-buffer-size<unbound.conf.msg-buffer-size>` (both for TCP and
+    UDP).
+    Do not set higher than that value.
+    Setting to 512 bypasses even the most stringent path MTU problems, but is
+    seen as extreme, since the amount of TCP fallback generated is excessive
+    (probably also for this resolver, consider tuning
+    :ref:`outgoing-num-tcp<unbound.conf.outgoing-num-tcp>`).
+
+    Default: 1232 (`DNS Flag Day 2020 recommendation
+    <https://dnsflagday.net/2020/>`__)
+
+
+@@UAHL@unbound.conf@max-udp-size@@: *<number>*
+    Maximum UDP response size (not applied to TCP response).
+    65536 disables the UDP response size maximum, and uses the choice from the
+    client, always.
+    Suggested values are 512 to 4096.
+
+    Default: 1232 (same as :ref:`edns-buffer-size<unbound.conf.edns-buffer-size>`)
+
+
+@@UAHL@unbound.conf@stream-wait-size@@: *<number>*
+    Number of bytes size maximum to use for waiting stream buffers.
+    A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes
+    or gigabytes (1024*1024 bytes in a megabyte).
+    As TCP and TLS streams queue up multiple results, the amount of memory used
+    for these buffers does not exceed this number, otherwise the responses are
+    dropped.
+    This manages the total memory usage of the server (under heavy use), the
+    number of requests that can be queued up per connection is also limited,
+    with further requests waiting in TCP buffers.
+
+    Default: 4m
+
+
+@@UAHL@unbound.conf@msg-buffer-size@@: *<number>*
+    Number of bytes size of the message buffers.
+    Default is 65552 bytes, enough for 64 Kb packets, the maximum DNS message
+    size.
+    No message larger than this can be sent or received.
+    Can be reduced to use less memory, but some requests for DNS data, such as
+    for huge resource records, will result in a SERVFAIL reply to the client.
+
+    Default: 65552
+
+
+@@UAHL@unbound.conf@msg-cache-size@@: *<number>*
+    Number of bytes size of the message cache.
+    A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes
+    or gigabytes (1024*1024 bytes in a megabyte).
+
+    Default: 4m
+
+
+@@UAHL@unbound.conf@msg-cache-slabs@@: *<number>*
+    Number of slabs in the message cache.
+    Slabs reduce lock contention by threads.
+    Must be set to a power of 2.
+    Setting (close) to the number of cpus is a fairly good setting.
+    If left unconfigured, it will be configured automatically to be a power of
+    2 close to the number of configured threads in multi-threaded environments.
+
+    Default: (unconfigured)
+
+
+@@UAHL@unbound.conf@num-queries-per-thread@@: *<number>*
+    The number of queries that every thread will service simultaneously.
+    If more queries arrive that need servicing, and no queries can be jostled
+    out (see :ref:`jostle-timeout<unbound.conf.jostle-timeout>`), then the
+    queries are dropped.
+    This forces the client to resend after a timeout; allowing the server time
+    to work on the existing queries.
+    Default depends on compile options.
+
+    Default: 2048 (libevent) / 512 (minievent) / 24 (windows)
+
+
+@@UAHL@unbound.conf@jostle-timeout@@: *<msec>*
+    Timeout used when the server is very busy.
+    Set to a value that usually results in one roundtrip to the authority
+    servers.
+
+    If too many queries arrive, then 50% of the queries are allowed to run to
+    completion, and the other 50% are replaced with the new incoming query if
+    they have already spent more than their allowed time.
+    This protects against denial of service by slow queries or high query
+    rates.
+
+    The effect is that the qps for long-lasting queries is about:
+
+    .. code-block:: text
+
+        (num-queries-per-thread / 2) / (average time for such long queries) qps
+
+    The qps for short queries can be about:
+
+    .. code-block:: text
+
+        (num-queries-per-thread / 2) / (jostle-timeout in whole seconds) qps per thread
+
+    about (2048/2)*5 = 5120 qps by default.
+
+    Default: 200
+
+
+@@UAHL@unbound.conf@delay-close@@: *<msec>*
+    Extra delay for timeouted UDP ports before they are closed, in msec.
+    This prevents very delayed answer packets from the upstream (recursive)
+    servers from bouncing against closed ports and setting off all sort of
+    close-port counters, with eg. 1500 msec.
+    When timeouts happen you need extra sockets, it checks the ID and remote IP
+    of packets, and unwanted packets are added to the unwanted packet counter.
+
+    Default: 0 (disabled)
+
+
+@@UAHL@unbound.conf@udp-connect@@: *<yes or no>*
+    Perform *connect(2)* for UDP sockets that mitigates ICMP side channel
+    leakage.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf@unknown-server-time-limit@@: *<msec>*
+    The wait time in msec for waiting for an unknown server to reply.
+    Increase this if you are behind a slow satellite link, to eg. 1128.
+    That would then avoid re-querying every initial query because it times out.
+
+    Default: 376
+
+
+@@UAHL@unbound.conf@discard-timeout@@: *<msec>*
+    The wait time in msec where recursion requests are dropped.
+    This is to stop a large number of replies from accumulating.
+    They receive no reply, the work item continues to recurse.
+    It is nice to be a bit larger than
+    :ref:`serve-expired-client-timeout<unbound.conf.serve-expired-client-timeout>`
+    if that is enabled.
+    A value of ``1900`` msec is suggested.
+    The value ``0`` disables it.
+
+    Default: 1900
+
+
+@@UAHL@unbound.conf@wait-limit@@: *<number>*
+    The number of replies that can wait for recursion, for an IP address.
+    This makes a ratelimit per IP address of waiting replies for recursion.
+    It stops very large amounts of queries waiting to be returned to one
+    destination.
+    The value ``0`` disables wait limits.
+
+    Default: 1000
+
+
+@@UAHL@unbound.conf@wait-limit-cookie@@: *<number>*
+    The number of replies that can wait for recursion, for an IP address
+    that sent the query with a valid DNS Cookie.
+    Since the cookie validates the client address, this limit can be higher.
+
+    Default: 10000
+
+
+@@UAHL@unbound.conf@wait-limit-netblock@@: *<netblock>* *<number>*
+    The wait limit for the netblock.
+    If not given the
+    :ref:`wait-limit<unbound.conf.wait-limit>`
+    value is used.
+    The most specific netblock is used to determine the limit.
+    Useful for overriding the default for a specific, group or individual,
+    server.
+    The value ``-1`` disables wait limits for the netblock.
+    By default the loopback has a wait limit netblock of ``-1``, it is not
+    limited, because it is separated from the rest of network for spoofed
+    packets.
+    The loopback addresses ``127.0.0.0/8`` and ``::1/128`` are default at ``-1``.
+
+    Default: (none)
+
+
+@@UAHL@unbound.conf@wait-limit-cookie-netblock@@: *<netblock>* *<number>*
+    The wait limit for the netblock, when the query has a DNS Cookie.
+    If not given, the
+    :ref:`wait-limit-cookie<unbound.conf.wait-limit-cookie>`
+    value is used.
+    The value ``-1`` disables wait limits for the netblock.
+    The loopback addresses ``127.0.0.0/8`` and ``::1/128`` are default at ``-1``.
+
+    Default: (none)
+
+
+@@UAHL@unbound.conf@so-rcvbuf@@: *<number>*
+    If not 0, then set the SO_RCVBUF socket option to get more buffer space on
+    UDP port 53 incoming queries.
+    So that short spikes on busy servers do not drop packets (see counter in
+    ``netstat -su``).
+    Otherwise, the number of bytes to ask for, try "4m" on a busy server.
+
+    The OS caps it at a maximum, on linux Unbound needs root permission to
+    bypass the limit, or the admin can use ``sysctl net.core.rmem_max``.
+
+    On BSD change ``kern.ipc.maxsockbuf`` in ``/etc/sysctl.conf``.
+
+    On OpenBSD change header and recompile kernel.
+
+    On Solaris ``ndd -set /dev/udp udp_max_buf 8388608``.
+
+    Default: 0 (use system value)
+
+
+@@UAHL@unbound.conf@so-sndbuf@@: *<number>*
+    If not 0, then set the SO_SNDBUF socket option to get more buffer space on
+    UDP port 53 outgoing queries.
+    This for very busy servers handles spikes in answer traffic, otherwise:
+
+    .. code-block:: text
+
+        send: resource temporarily unavailable
+
+    can get logged, the buffer overrun is also visible by ``netstat -su``.
+    If set to 0 it uses the system value.
+    Specify the number of bytes to ask for, try "8m" on a very busy server.
+
+    It needs some space to be able to deal with packets that wait for local
+    address resolution, from like ARP and NDP discovery, before they are sent
+    out, hence it is elevated above the system default by default.
+
+    The OS caps it at a maximum, on linux Unbound needs root permission to
+    bypass the limit, or the admin can use ``sysctl net.core.wmem_max``.
+
+    On BSD, Solaris changes are similar to
+    :ref:`so-rcvbuf<unbound.conf.so-rcvbuf>`.
+
+    Default: 4m
+
+
+@@UAHL@unbound.conf@so-reuseport@@: *<yes or no>*
+    If yes, then open dedicated listening sockets for incoming queries for each
+    thread and try to set the SO_REUSEPORT socket option on each socket.
+    May distribute incoming queries to threads more evenly.
+
+    On Linux it is supported in kernels >= 3.9.
+
+    On other systems, FreeBSD, OSX it may also work.
+
+    You can enable it (on any platform and kernel), it then attempts to open
+    the port and passes the option if it was available at compile time, if that
+    works it is used, if it fails, it continues silently (unless verbosity 3)
+    without the option.
+
+    At extreme load it could be better to turn it off to distribute the queries
+    evenly, reported for Linux systems (4.4.x).
+
+    Default: yes
+
+
+@@UAHL@unbound.conf@ip-transparent@@: *<yes or no>*
+    If yes, then use IP_TRANSPARENT socket option on sockets where Unbound is
+    listening for incoming traffic.
+    Allows you to bind to non-local interfaces.
+    For example for non-existent IP addresses that are going to exist later on,
+    with host failover configuration.
+
+    This is a lot like
+    :ref:`interface-automatic<unbound.conf.interface-automatic>`, but that one
+    services all interfaces and with this option you can select which (future)
+    interfaces Unbound provides service on.
+
+    This option needs Unbound to be started with root permissions on some
+    systems.
+    The option uses IP_BINDANY on FreeBSD systems and SO_BINDANY on OpenBSD
+    systems.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@ip-freebind@@: *<yes or no>*
+    If yes, then use IP_FREEBIND socket option on sockets where Unbound is
+    listening to incoming traffic.
+    Allows you to bind to IP addresses that are nonlocal or do not exist, like
+    when the network interface or IP address is down.
+
+    Exists only on Linux, where the similar
+    :ref:`ip-transparent<unbound.conf.ip-transparent>` option is also
+    available.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@ip-dscp@@: *<number>*
+    The value of the Differentiated Services Codepoint (DSCP) in the
+    differentiated services field (DS) of the outgoing IP packet headers.
+    The field replaces the outdated IPv4 Type-Of-Service field and the IPv6
+    traffic class field.
+
+
+@@UAHL@unbound.conf@rrset-cache-size@@: *<number>*
+    Number of bytes size of the RRset cache.
+    A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes
+    or gigabytes (1024*1024 bytes in a megabyte).
+
+    Default: 4m
+
+
+@@UAHL@unbound.conf@rrset-cache-slabs@@: *<number>*
+    Number of slabs in the RRset cache.
+    Slabs reduce lock contention by threads.
+    Must be set to a power of 2.
+    Setting (close) to the number of cpus is a fairly good setting.
+    If left unconfigured, it will be configured automatically to be a power of
+    2 close to the number of configured threads in multi-threaded environments.
+
+    Default: (unconfigured)
+
+
+@@UAHL@unbound.conf@cache-max-ttl@@: *<seconds>*
+    Time to live maximum for RRsets and messages in the cache.
+    When the TTL expires, the cache item has expired.
+    Can be set lower to force the resolver to query for data often, and not
+    trust (very large) TTL values.
+    Downstream clients also see the lower TTL.
+
+
+    Default: 86400 (1 day)
+
+
+@@UAHL@unbound.conf@cache-min-ttl@@: *<seconds>*
+    Time to live minimum for RRsets and messages in the cache.
+    If the minimum kicks in, the data is cached for longer than the domain
+    owner intended, and thus less queries are made to look up the data.
+    Zero makes sure the data in the cache is as the domain owner intended,
+    higher values, especially more than an hour or so, can lead to trouble as
+    the data in the cache does not match up with the actual data any more.
+
+    Default: 0 (disabled)
+
+
+@@UAHL@unbound.conf@cache-max-negative-ttl@@: *<seconds>*
+    Time to live maximum for negative responses, these have a SOA in the
+    authority section that is limited in time.
+    This applies to NXDOMAIN and NODATA answers.
+
+    Default: 3600
+
+
+@@UAHL@unbound.conf@cache-min-negative-ttl@@: *<seconds>*
+    Time to live minimum for negative responses, these have a SOA in the
+    authority section that is limited in time.
+    If this is disabled and
+    :ref:`cache-min-ttl<unbound.conf.cache-min-ttl>`
+    is configured, it will take effect instead.
+    In that case you can set this to ``1`` to honor the upstream TTL.
+    This applies to NXDOMAIN and NODATA answers.
+
+    Default: 0 (disabled)
+
+
+@@UAHL@unbound.conf@infra-host-ttl@@: *<seconds>*
+    Time to live for entries in the host cache.
+    The host cache contains roundtrip timing, lameness and EDNS support
+    information.
+
+    Default: 900
+
+
+@@UAHL@unbound.conf@infra-cache-slabs@@: *<number>*
+    Number of slabs in the infrastructure cache.
+    Slabs reduce lock contention by threads.
+    Must be set to a power of 2.
+    Setting (close) to the number of cpus is a fairly good setting.
+    If left unconfigured, it will be configured automatically to be a power of
+    2 close to the number of configured threads in multi-threaded environments.
+
+    Default: (unconfigured)
+
+
+@@UAHL@unbound.conf@infra-cache-numhosts@@: *<number>*
+    Number of hosts for which information is cached.
+
+    Default: 10000
+
+
+@@UAHL@unbound.conf@infra-cache-min-rtt@@: *<msec>*
+    Lower limit for dynamic retransmit timeout calculation in infrastructure
+    cache.
+    Increase this value if using forwarders needing more time to do recursive
+    name resolution.
+
+    Default: 50
+
+
+@@UAHL@unbound.conf@infra-cache-max-rtt@@: *<msec>*
+    Upper limit for dynamic retransmit timeout calculation in infrastructure
+    cache.
+
+    Default: 120000 (2 minutes)
+
+
+@@UAHL@unbound.conf@infra-keep-probing@@: *<yes or no>*
+    If enabled the server keeps probing hosts that are down, in the one probe
+    at a time regime.
+    Hosts that are down, eg. they did not respond during the one probe at a
+    time period, are marked as down and it may take
+    :ref:`infra-host-ttl<unbound.conf.infra-host-ttl>` time to get probed
+    again.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@define-tag@@: *"<list of tags>"*
+    Define the tags that can be used with
+    :ref:`local-zone<unbound.conf.local-zone>` and
+    :ref:`access-control<unbound.conf.access-control>`.
+    Enclose the list between quotes (``""``) and put spaces between tags.
+
+
+@@UAHL@unbound.conf@do-ip4@@: *<yes or no>*
+    Enable or disable whether IPv4 queries are answered or issued.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf@do-ip6@@: *<yes or no>*
+    Enable or disable whether IPv6 queries are answered or issued.
+    If disabled, queries are not answered on IPv6, and queries are not sent on
+    IPv6 to the internet nameservers.
+    With this option you can disable the IPv6 transport for sending DNS
+    traffic, it does not impact the contents of the DNS traffic, which may have
+    IPv4 (A) and IPv6 (AAAA) addresses in it.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf@prefer-ip4@@: *<yes or no>*
+    If enabled, prefer IPv4 transport for sending DNS queries to internet
+    nameservers.
+    Useful if the IPv6 netblock the server has, the entire /64 of that is not
+    owned by one operator and the reputation of the netblock /64 is an issue,
+    using IPv4 then uses the IPv4 filters that the upstream servers have.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@prefer-ip6@@: *<yes or no>*
+    If enabled, prefer IPv6 transport for sending DNS queries to internet
+    nameservers.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@do-udp@@: *<yes or no>*
+    Enable or disable whether UDP queries are answered or issued.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf@do-tcp@@: *<yes or no>*
+    Enable or disable whether TCP queries are answered or issued.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf@tcp-mss@@: *<number>*
+    Maximum segment size (MSS) of TCP socket on which the server responds to
+    queries.
+    Value lower than common MSS on Ethernet (1220 for example) will address
+    path MTU problem.
+    Note that not all platform supports socket option to set MSS (TCP_MAXSEG).
+    Default is system default MSS determined by interface MTU and negotiation
+    between server and client.
+
+
+@@UAHL@unbound.conf@outgoing-tcp-mss@@: *<number>*
+    Maximum segment size (MSS) of TCP socket for outgoing queries (from Unbound
+    to other servers).
+    Value lower than common MSS on Ethernet (1220 for example) will address
+    path MTU problem.
+    Note that not all platform supports socket option to set MSS (TCP_MAXSEG).
+    Default is system default MSS determined by interface MTU and negotiation
+    between Unbound and other servers.
+
+
+@@UAHL@unbound.conf@tcp-idle-timeout@@: *<msec>*
+    The period Unbound will wait for a query on a TCP connection.
+    If this timeout expires Unbound closes the connection.
+    When the number of free incoming TCP buffers falls below 50% of the total
+    number configured, the option value used is progressively reduced, first to
+    1% of the configured value, then to 0.2% of the configured value if the
+    number of free buffers falls below 35% of the total number configured, and
+    finally to 0 if the number of free buffers falls below 20% of the total
+    number configured.
+    A minimum timeout of 200 milliseconds is observed regardless of the option
+    value used.
+    It will be overridden by
+    :ref:`edns-tcp-keepalive-timeout<unbound.conf.edns-tcp-keepalive-timeout>`
+    if
+    :ref:`edns-tcp-keepalive<unbound.conf.edns-tcp-keepalive>`
+    is enabled.
+
+    Default: 30000 (30 seconds)
+
+
+@@UAHL@unbound.conf@tcp-reuse-timeout@@: *<msec>*
+    The period Unbound will keep TCP persistent connections open to authority
+    servers.
+
+    Default: 60000 (60 seconds)
+
+
+@@UAHL@unbound.conf@max-reuse-tcp-queries@@: *<number>*
+    The maximum number of queries that can be sent on a persistent TCP
+    connection.
+
+    Default: 200
+
+
+@@UAHL@unbound.conf@tcp-auth-query-timeout@@: *<number>*
+    Timeout in milliseconds for TCP queries to auth servers.
+
+    Default: 3000 (3 seconds)
+
+
+@@UAHL@unbound.conf@edns-tcp-keepalive@@: *<yes or no>*
+    Enable or disable EDNS TCP Keepalive.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@edns-tcp-keepalive-timeout@@: *<msec>*
+    Overrides
+    :ref:`tcp-idle-timeout<unbound.conf.tcp-idle-timeout>`
+    when
+    :ref:`edns-tcp-keepalive<unbound.conf.edns-tcp-keepalive>`
+    is enabled.
+    If the client supports the EDNS TCP Keepalive option,
+    If the client supports the EDNS TCP Keepalive option, Unbound sends the
+    timeout value to the client to encourage it to close the connection before
+    the server times out.
+
+    Default: 120000 (2 minutes)
+
+
+@@UAHL@unbound.conf@sock-queue-timeout@@: *<sec>*
+    UDP queries that have waited in the socket buffer for a long time can be
+    dropped.
+    The time is set in seconds, 3 could be a good value to ignore old queries
+    that likely the client does not need a reply for any more.
+    This could happen if the host has not been able to service the queries for
+    a while, i.e. Unbound is not running, and then is enabled again.
+    It uses timestamp socket options.
+    The socket option is available on the Linux and FreeBSD platforms.
+
+    Default: 0 (disabled)
+
+
+@@UAHL@unbound.conf@tcp-upstream@@: *<yes or no>*
+    Enable or disable whether the upstream queries use TCP only for transport.
+    Useful in tunneling scenarios.
+    If set to no you can specify TCP transport only for selected forward or
+    stub zones using
+    :ref:`forward-tcp-upstream<unbound.conf.forward.forward-tcp-upstream>` or
+    :ref:`stub-tcp-upstream<unbound.conf.stub.stub-tcp-upstream>`
+    respectively.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@udp-upstream-without-downstream@@: *<yes or no>*
+    Enable UDP upstream even if :ref:`do-udp: no<unbound.conf.do-udp>` is set.
+    Useful for TLS service providers, that want no UDP downstream but use UDP
+    to fetch data upstream.
+
+    Default: no (no changes)
+
+
+@@UAHL@unbound.conf@tls-upstream@@: *<yes or no>*
+    Enabled or disable whether the upstream queries use TLS only for transport.
+    Useful in tunneling scenarios.
+    The TLS contains plain DNS in TCP wireformat.
+    The other server must support this (see
+    :ref:`tls-service-key<unbound.conf.tls-service-key>`).
+
+    If you enable this, also configure a
+    :ref:`tls-cert-bundle<unbound.conf.tls-cert-bundle>` or use
+    :ref:`tls-win-cert<unbound.conf.tls-win-cert>` or
+    :ref:`tls-system-cert<unbound.conf.tls-system-cert>` to load CA certs,
+    otherwise the connections cannot be authenticated.
+
+    This option enables TLS for all of them, but if you do not set this you can
+    configure TLS specifically for some forward zones with
+    :ref:`forward-tls-upstream<unbound.conf.forward.forward-tls-upstream>`.
+    And also with
+    :ref:`stub-tls-upstream<unbound.conf.stub.stub-tls-upstream>`.
+    If the
+    :ref:`tls-upstream<unbound.conf.tls-upstream>`
+    option is enabled, it is for all the forwards and stubs, where the
+    :ref:`forward-tls-upstream<unbound.conf.forward.forward-tls-upstream>`
+    and
+    :ref:`stub-tls-upstream<unbound.conf.stub.stub-tls-upstream>`
+    options are ignored, as if they had been set to yes.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@ssl-upstream@@: *<yes or no>*
+    Alternate syntax for :ref:`tls-upstream<unbound.conf.tls-upstream>`.
+    If both are present in the config file the last is used.
+
+
+@@UAHL@unbound.conf@tls-service-key@@: *<file>*
+    If enabled, the server provides DNS-over-TLS or DNS-over-HTTPS service on
+    the TCP ports marked implicitly or explicitly for these services with
+    :ref:`tls-port<unbound.conf.tls-port>` or
+    :ref:`https-port<unbound.conf.https-port>`.
+    The file must contain the private key for the TLS session, the public
+    certificate is in the :ref:`tls-service-pem<unbound.conf.tls-service-pem>`
+    file and it must also be specified if
+    :ref:`tls-service-key<unbound.conf.tls-service-key>` is specified.
+    Enabling or disabling this service requires a restart (a reload is not
+    enough), because the key is read while root permissions are held and before
+    chroot (if any).
+    The ports enabled implicitly or explicitly via
+    :ref:`tls-port<unbound.conf.tls-port>` and
+    :ref:`https-port<unbound.conf.https-port>` do not provide normal DNS TCP
+    service.
+
+    .. note::
+        Unbound needs to be compiled with libnghttp2 in order to provide
+        DNS-over-HTTPS.
+
+    Default: "" (disabled)
+
+
+@@UAHL@unbound.conf@ssl-service-key@@: *<file>*
+    Alternate syntax for :ref:`tls-service-key<unbound.conf.tls-service-key>`.
+
+
+@@UAHL@unbound.conf@tls-service-pem@@: *<file>*
+    The public key certificate pem file for the tls service.
+
+    Default: "" (disabled)
+
+
+@@UAHL@unbound.conf@ssl-service-pem@@: *<file>*
+    Alternate syntax for :ref:`tls-service-pem<unbound.conf.tls-service-pem>`.
+
+
+@@UAHL@unbound.conf@tls-port@@: *<number>*
+    The port number on which to provide TCP TLS service.
+    Only interfaces configured with that port number as @number get the TLS
+    service.
+
+    Default: 853
+
+
+@@UAHL@unbound.conf@ssl-port@@: *<number>*
+    Alternate syntax for :ref:`tls-port<unbound.conf.tls-port>`.
+
+
+@@UAHL@unbound.conf@tls-cert-bundle@@: *<file>*
+    If null or ``""``, no file is used.
+    Set it to the certificate bundle file, for example
+    :file:`/etc/pki/tls/certs/ca-bundle.crt`.
+    These certificates are used for authenticating connections made to outside
+    peers.
+    For example :ref:`auth-zone urls<unbound.conf.auth.url>`, and also
+    DNS-over-TLS connections.
+    It is read at start up before permission drop and chroot.
+
+    Default: "" (disabled)
+
+
+@@UAHL@unbound.conf@ssl-cert-bundle@@: *<file>*
+    Alternate syntax for :ref:`tls-cert-bundle<unbound.conf.tls-cert-bundle>`.
+
+
+@@UAHL@unbound.conf@tls-win-cert@@: *<yes or no>*
+    Add the system certificates to the cert bundle certificates for
+    authentication.
+    If no cert bundle, it uses only these certificates.
+    On windows this option uses the certificates from the cert store.
+    Use the :ref:`tls-cert-bundle<unbound.conf.tls-cert-bundle>` option on
+    other systems.
+    On other systems, this option enables the system certificates.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@tls-system-cert@@: *<yes or no>*
+    This the same attribute as the
+    :ref:`tls-win-cert<unbound.conf.tls-win-cert>` attribute, under a
+    different name.
+    Because it is not windows specific.
+
+
+@@UAHL@unbound.conf@tls-additional-port@@: *<portnr>*
+    List port numbers as
+    :ref:`tls-additional-port<unbound.conf.tls-additional-port>`, and when
+    interfaces are defined, eg. with the @port suffix, as this port number,
+    they provide DNS-over-TLS service.
+    Can list multiple, each on a new statement.
+
+
+@@UAHL@unbound.conf@tls-session-ticket-keys@@: *<file>*
+    If not ``""``, lists files with 80 bytes of random contents that are used
+    to perform TLS session resumption for clients using the Unbound server.
+    These files contain the secret key for the TLS session tickets.
+    First key use to encrypt and decrypt TLS session tickets.
+    Other keys use to decrypt only.
+
+    With this you can roll over to new keys, by generating a new first file and
+    allowing decrypt of the old file by listing it after the first file for
+    some time, after the wait clients are not using the old key any more and
+    the old key can be removed.
+    One way to create the file is:
+
+    .. code-block:: text
+
+        dd if=/dev/random bs=1 count=80 of=ticket.dat
+
+    The first 16 bytes should be different from the old one if you create a
+    second key, that is the name used to identify the key.
+    Then there is 32 bytes random data for an AES key and then 32 bytes random
+    data for the HMAC key.
+
+    Default: ""
+
+
+@@UAHL@unbound.conf@tls-ciphers@@: *<string with cipher list>*
+    Set the list of ciphers to allow when serving TLS.
+    Use ``""`` for default ciphers.
+
+    Default: ""
+
+
+@@UAHL@unbound.conf@tls-ciphersuites@@: *<string with ciphersuites list>*
+    Set the list of ciphersuites to allow when serving TLS.
+    This is for newer TLS 1.3 connections.
+    Use ``""`` for default ciphersuites.
+
+    Default: ""
+
+
+@@UAHL@unbound.conf@pad-responses@@: *<yes or no>*
+    If enabled, TLS serviced queries that contained an EDNS Padding option will
+    cause responses padded to the closest multiple of the size specified in
+    :ref:`pad-responses-block-size<unbound.conf.pad-responses-block-size>`.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf@pad-responses-block-size@@: *<number>*
+    The block size with which to pad responses serviced over TLS.
+    Only responses to padded queries will be padded.
+
+    Default: 468
+
+
+@@UAHL@unbound.conf@pad-queries@@: *<yes or no>*
+    If enabled, all queries sent over TLS upstreams will be padded to the
+    closest multiple of the size specified in
+    :ref:`pad-queries-block-size<unbound.conf.pad-queries-block-size>`.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf@pad-queries-block-size@@: *<number>*
+    The block size with which to pad queries sent over TLS upstreams.
+
+    Default: 128
+
+
+@@UAHL@unbound.conf@tls-use-sni@@: *<yes or no>*
+    Enable or disable sending the SNI extension on TLS connections.
+
+    .. note:: Changing the value requires a reload.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf@https-port@@: *<number>*
+    The port number on which to provide DNS-over-HTTPS service.
+    Only interfaces configured with that port number as @number get the HTTPS
+    service.
+
+    Default: 443
+
+
+@@UAHL@unbound.conf@http-endpoint@@: *<endpoint string>*
+    The HTTP endpoint to provide DNS-over-HTTPS service on.
+
+    Default: /dns-query
+
+
+@@UAHL@unbound.conf@http-max-streams@@: *<number of streams>*
+    Number used in the SETTINGS_MAX_CONCURRENT_STREAMS parameter in the HTTP/2
+    SETTINGS frame for DNS-over-HTTPS connections.
+
+    Default: 100
+
+
+@@UAHL@unbound.conf@http-query-buffer-size@@: *<size in bytes>*
+    Maximum number of bytes used for all HTTP/2 query buffers combined.
+    These buffers contain (partial) DNS queries waiting for request stream
+    completion.
+    An RST_STREAM frame will be send to streams exceeding this limit.
+    A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes
+    or gigabytes (1024*1024 bytes in a megabyte).
+
+    Default: 4m
+
+
+@@UAHL@unbound.conf@http-response-buffer-size@@: *<size in bytes>*
+    Maximum number of bytes used for all HTTP/2 response buffers combined.
+    These buffers contain DNS responses waiting to be written back to the
+    clients.
+    An RST_STREAM frame will be send to streams exceeding this limit.
+    A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes
+    or gigabytes (1024*1024 bytes in a megabyte).
+
+    Default: 4m
+
+
+@@UAHL@unbound.conf@http-nodelay@@: *<yes or no>*
+    Set TCP_NODELAY socket option on sockets used to provide DNS-over-HTTPS
+    service.
+    Ignored if the option is not available.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf@http-notls-downstream@@: *<yes or no>*
+    Disable use of TLS for the downstream DNS-over-HTTP connections.
+    Useful for local back end servers.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@proxy-protocol-port@@: *<portnr>*
+    List port numbers as
+    :ref:`proxy-protocol-port<unbound.conf.proxy-protocol-port>`, and when
+    interfaces are defined, eg. with the @port suffix, as this port number,
+    they support and expect PROXYv2.
+
+    In this case the proxy address will only be used for the network
+    communication and initial ACL (check if the proxy itself is denied/refused
+    by configuration).
+
+    The proxied address (if any) will then be used as the true client address
+    and will be used where applicable for logging, ACL, DNSTAP, RPZ and IP
+    ratelimiting.
+
+    PROXYv2 is supported for UDP and TCP/TLS listening interfaces.
+
+    There is no support for PROXYv2 on a DoH, DoQ or DNSCrypt listening interface.
+
+    Can list multiple, each on a new statement.
+
+
+@@UAHL@unbound.conf@quic-port@@: *<number>*
+    The port number on which to provide DNS-over-QUIC service.
+    Only interfaces configured with that port number as @number get the QUIC
+    service.
+    The interface uses QUIC for the UDP traffic on that port number.
+
+    Default: 853
+
+
+@@UAHL@unbound.conf@quic-size@@: *<size in bytes>*
+    Maximum number of bytes for all QUIC buffers and data combined.
+    A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes
+    or gigabytes (1024*1024 bytes in a megabyte).
+    New connections receive connection refused when the limit is exceeded.
+    New streams are reset when the limit is exceeded.
+
+    Default: 8m
+
+
+@@UAHL@unbound.conf@use-systemd@@: *<yes or no>*
+    Enable or disable systemd socket activation.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@do-daemonize@@: *<yes or no>*
+    Enable or disable whether the Unbound server forks into the background as a
+    daemon.
+    Set the value to no when Unbound runs as systemd service.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf@tcp-connection-limit@@: *<IP netblock> <limit>*
+    Allow up to limit simultaneous TCP connections from the given netblock.
+    When at the limit, further connections are accepted but closed immediately.
+    This option is experimental at this time.
+
+    Default: (disabled)
+
+
+@@UAHL@unbound.conf@access-control@@: *<IP netblock> <action>*
+    Specify treatment of incoming queries from their originating IP address.
+    Queries can be allowed to have access to this server that gives DNS
+    answers, or refused, with other actions possible.
+    The IP address range can be specified as a netblock, it is possible to give
+    the statement several times in order to specify the treatment of different
+    netblocks.
+    The netblock is given as an IPv4 or IPv6 address with /size appended for a
+    classless network block.
+    The most specific netblock match is used, if none match
+    :ref:`refuse<unbound.conf.access-control.action.refuse>` is used.
+    The order of the access-control statements therefore does not matter.
+    The action can be
+    :ref:`deny<unbound.conf.access-control.action.deny>`,
+    :ref:`refuse<unbound.conf.access-control.action.refuse>`,
+    :ref:`allow<unbound.conf.access-control.action.allow>`,
+    :ref:`allow_setrd<unbound.conf.access-control.action.allow_setrd>`,
+    :ref:`allow_snoop<unbound.conf.access-control.action.allow_snoop>`,
+    :ref:`allow_cookie<unbound.conf.access-control.action.allow_cookie>`,
+    :ref:`deny_non_local<unbound.conf.access-control.action.deny_non_local>` or
+    :ref:`refuse_non_local<unbound.conf.access-control.action.refuse_non_local>`.
+
+
+    @@UAHL@unbound.conf.access-control.action@deny@@
+        Stops queries from hosts from that netblock.
+
+    @@UAHL@unbound.conf.access-control.action@refuse@@
+        Stops queries too, but sends a DNS rcode REFUSED error message back.
+
+    @@UAHL@unbound.conf.access-control.action@allow@@
+        Gives access to clients from that netblock.
+        It gives only access for recursion clients (which is what almost all
+        clients need).
+        Non-recursive queries are refused.
+
+        The :ref:`allow<unbound.conf.access-control.action.allow>` action does
+        allow non-recursive queries to access the local-data that is
+        configured.
+        The reason is that this does not involve the Unbound server recursive
+        lookup algorithm, and static data is served in the reply.
+        This supports normal operations where non-recursive queries are made
+        for the authoritative data.
+        For non-recursive queries any replies from the dynamic cache are
+        refused.
+
+    @@UAHL@unbound.conf.access-control.action@allow_setrd@@
+        Ignores the recursion desired (RD) bit and treats all requests as if
+        the recursion desired bit is set.
+
+        Note that this behavior violates :rfc:`1034` which states that a name
+        server should never perform recursive service unless asked via the RD
+        bit since this interferes with trouble shooting of name servers and
+        their databases.
+        This prohibited behavior may be useful if another DNS server must
+        forward requests for specific zones to a resolver DNS server, but only
+        supports stub domains and sends queries to the resolver DNS server with
+        the RD bit cleared.
+
+    @@UAHL@unbound.conf.access-control.action@allow_snoop@@
+        Gives non-recursive access too.
+        This gives both recursive and non recursive access.
+        The name *allow_snoop* refers to cache snooping, a technique to use
+        non-recursive queries to examine the cache contents (for malicious
+        acts).
+        However, non-recursive queries can also be a valuable debugging tool
+        (when you want to examine the cache contents).
+
+        In that case use
+        :ref:`allow_snoop<unbound.conf.access-control.action.allow_snoop>` for
+        your administration host.
+
+    @@UAHL@unbound.conf.access-control.action@allow_cookie@@
+        Allows access only to UDP queries that contain a valid DNS Cookie as
+        specified in RFC 7873 and RFC 9018, when the
+        :ref:`answer-cookie<unbound.conf.answer-cookie>` option is enabled.
+        UDP queries containing only a DNS Client Cookie and no Server Cookie,
+        or an invalid DNS Cookie, will receive a BADCOOKIE response including a
+        newly generated DNS Cookie, allowing clients to retry with that DNS
+        Cookie.
+        The *allow_cookie* action will also accept requests over stateful
+        transports, regardless of the presence of an DNS Cookie and regardless
+        of the :ref:`answer-cookie<unbound.conf.answer-cookie>` setting.
+        UDP queries without a DNS Cookie receive REFUSED responses with the TC
+        flag set, that may trigger fall back to TCP for those clients.
+
+    @@UAHL@unbound.conf.access-control.action@deny_non_local@@
+        The
+        :ref:`deny_non_local<unbound.conf.access-control.action.deny_non_local>`
+        action is for hosts that are only allowed to query for the
+        authoritative :ref:`local-data<unbound.conf.local-data>`, they are not
+        allowed full recursion but only the static data.
+        Messages that are disallowed are dropped.
+
+    @@UAHL@unbound.conf.access-control.action@refuse_non_local@@
+        The
+        :ref:`refuse_non_local<unbound.conf.access-control.action.refuse_non_local>`
+        action is for hosts that are only allowed to query for the
+        authoritative :ref:`local-data<unbound.conf.local-data>`, they are not
+        allowed full recursion but only the static data.
+        Messages that are disallowed receive error code REFUSED.
+
+
+    By default only localhost (the 127.0.0.0/8 IP netblock, not the loopback
+    interface) is implicitly *allowed*, the rest is refused.
+    The default is *refused*, because that is protocol-friendly.
+    The DNS protocol is not designed to handle dropped packets due to policy,
+    and dropping may result in (possibly excessive) retried queries.
+
+
+@@UAHL@unbound.conf@access-control-tag@@: *<IP netblock> "<list of tags>"*
+    Assign tags to :ref:`access-control<unbound.conf.access-control>`
+    elements.
+    Clients using this access control element use localzones that are tagged
+    with one of these tags.
+
+    Tags must be defined in :ref:`define-tag<unbound.conf.define-tag>`.
+    Enclose list of tags in quotes (``""``) and put spaces between tags.
+
+    If :ref:`access-control-tag<unbound.conf.access-control-tag>` is
+    configured for a netblock that does not have an
+    :ref:`access-control<unbound.conf.access-control>`, an access-control
+    element with action :ref:`allow<unbound.conf.access-control.action.allow>`
+    is configured for this netblock.
+
+
+@@UAHL@unbound.conf@access-control-tag-action@@: *<IP netblock> <tag> <action>*
+    Set action for particular tag for given access control element.
+    If you have multiple tag values, the tag used to lookup the action is the
+    first tag match between
+    :ref:`access-control-tag<unbound.conf.access-control-tag>` and
+    :ref:`local-zone-tag<unbound.conf.local-zone-tag>` where "first" comes
+    from the order of the :ref:`define-tag<unbound.conf.define-tag>` values.
+
+
+@@UAHL@unbound.conf@access-control-tag-data@@: *<IP netblock> <tag> "<resource record string>"*
+    Set redirect data for particular tag for given access control element.
+
+
+@@UAHL@unbound.conf@access-control-view@@: *<IP netblock> <view name>*
+    Set view for given access control element.
+
+
+@@UAHL@unbound.conf@interface-action@@: *<ip address or interface name [@port]> <action>*
+    Similar to :ref:`access-control<unbound.conf.access-control>` but for
+    interfaces.
+
+    The action is the same as the ones defined under
+    :ref:`access-control<unbound.conf.access-control>`.
+
+    Default action for interfaces is
+    :ref:`refuse<unbound.conf.access-control.action.refuse>`.
+    By default only localhost (the 127.0.0.0/8 IP netblock, not the loopback
+    interface) is implicitly allowed through the default
+    :ref:`access-control<unbound.conf.access-control>` behavior.
+    This also means that any attempt to use the **interface-\*:** options for
+    the loopback interface will not work as they will be overridden by the
+    implicit default "access-control: 127.0.0.0/8 allow" option.
+
+    .. note::
+        The interface needs to be already specified with
+        :ref:`interface<unbound.conf.interface>` and that any
+        **access-control\*:** attribute overrides all **interface-\*:**
+        attributes for targeted clients.
+
+
+@@UAHL@unbound.conf@interface-tag@@: *<ip address or interface name [@port]> <"list of tags">*
+    Similar to :ref:`access-control-tag<unbound.conf.access-control-tag>` but
+    for interfaces.
+
+    .. note::
+        The interface needs to be already specified with
+        :ref:`interface<unbound.conf.interface>` and that any
+        **access-control\*:** attribute overrides all **interface-\*:**
+        attributes for targeted clients.
+
+
+@@UAHL@unbound.conf@interface-tag-action@@: *<ip address or interface name [@port]> <tag> <action>*
+    Similar to
+    :ref:`access-control-tag-action<unbound.conf.access-control-tag-action>`
+    but for interfaces.
+
+    .. note::
+        The interface needs to be already specified with
+        :ref:`interface<unbound.conf.interface>` and that any
+        **access-control\*:** attribute overrides all **interface-\*:**
+        attributes for targeted clients.
+
+
+@@UAHL@unbound.conf@interface-tag-data@@: *<ip address or interface name [@port]> <tag> <"resource record string">*
+    Similar to
+    :ref:`access-control-tag-data<unbound.conf.access-control-tag-data>` but
+    for interfaces.
+
+    .. note::
+        The interface needs to be already specified with
+        :ref:`interface<unbound.conf.interface>` and that any
+        **access-control\*:** attribute overrides all **interface-\*:**
+        attributes for targeted clients.
+
+
+@@UAHL@unbound.conf@interface-view@@: *<ip address or interface name [@port]> <view name>*
+    Similar to :ref:`access-control-view<unbound.conf.access-control-view>`
+    but for interfaces.
+
+    .. note::
+        The interface needs to be already specified with
+        :ref:`interface<unbound.conf.interface>` and that any
+        **access-control\*:** attribute overrides all **interface-\*:**
+        attributes for targeted clients.
+
+
+@@UAHL@unbound.conf@chroot@@: *<directory>*
+    If :ref:`chroot<unbound.conf.chroot>` is enabled, you should pass the
+    configfile (from the commandline) as a full path from the original root.
+    After the chroot has been performed the now defunct portion of the config
+    file path is removed to be able to reread the config after a reload.
+
+    All other file paths (working dir, logfile, roothints, and key files) can
+    be specified in several ways: as an absolute path relative to the new root,
+    as a relative path to the working directory, or as an absolute path
+    relative to the original root.
+    In the last case the path is adjusted to remove the unused portion.
+
+    The pidfile can be either a relative path to the working directory, or an
+    absolute path relative to the original root.
+    It is written just prior to chroot and dropping permissions.
+    This allows the pidfile to be :file:`/var/run/unbound.pid` and the chroot
+    to be :file:`/var/unbound`, for example.
+    Note that Unbound is not able to remove the pidfile after termination when
+    it is located outside of the chroot directory.
+
+    Additionally, Unbound may need to access :file:`/dev/urandom` (for entropy)
+    from inside the chroot.
+
+    If given, a *chroot(2)* is done to the given directory.
+    If you give ``""`` no *chroot(2)* is performed.
+
+    Default: @UNBOUND_CHROOT_DIR@
+
+
+@@UAHL@unbound.conf@username@@: *<name>*
+    If given, after binding the port the user privileges are dropped.
+    If you give username: ``""`` no user change is performed.
+
+    If this user is not capable of binding the port, reloads (by signal HUP)
+    will still retain the opened ports.
+    If you change the port number in the config file, and that new port number
+    requires privileges, then a reload will fail; a restart is needed.
+
+    Default: @UNBOUND_USERNAME@
+
+
+@@UAHL@unbound.conf@directory@@: *<directory>*
+    Sets the working directory for the program.
+    On Windows the string "%EXECUTABLE%" tries to change to the directory that
+    :command:`unbound.exe` resides in.
+    If you give a :ref:`server: directory:
+    \<directory\><unbound.conf.directory>` before
+    :ref:`include<unbound.conf.include>` file statements then those includes
+    can be relative to the working directory.
+
+    Default: @UNBOUND_RUN_DIR@
+
+
+@@UAHL@unbound.conf@logfile@@: *<filename>*
+    If ``""`` is given, logging goes to stderr, or nowhere once daemonized.
+    The logfile is appended to, in the following format:
+
+    .. code-block:: text
+
+        [seconds since 1970] unbound[pid:tid]: type: message.
+
+    If this option is given, the :ref:`use-syslog<unbound.conf.use-syslog>`
+    attribute is internally set to ``no``.
+
+    The logfile is reopened (for append) when the config file is reread, on
+    SIGHUP.
+
+    Default: "" (disabled)
+
+
+@@UAHL@unbound.conf@use-syslog@@: *<yes or no>*
+    Sets Unbound to send log messages to the syslogd, using *syslog(3)*.
+    The log facility LOG_DAEMON is used, with identity "unbound".
+    The logfile setting is overridden when
+    :ref:`use-syslog: yes<unbound.conf.use-syslog>` is set.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf@log-identity@@: *<string>*
+    If ``""`` is given, then the name of the executable, usually
+    "unbound" is used to report to the log.
+    Enter a string to override it with that, which is useful on systems that
+    run more than one instance of Unbound, with different configurations, so
+    that the logs can be easily distinguished against.
+
+    Default: ""
+
+
+@@UAHL@unbound.conf@log-time-ascii@@: *<yes or no>*
+    Sets logfile lines to use a timestamp in UTC ASCII.
+    No effect if using syslog, in that case syslog formats the timestamp
+    printed into the log files.
+
+    Default: no (prints the seconds since 1970 in brackets)
+
+
+@@UAHL@unbound.conf@log-time-iso@@: *<yes or no>*
+    Log time in ISO8601 format, if
+    :ref:`log-time-ascii: yes<unbound.conf.log-time-ascii>`
+    is also set.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@log-queries@@: *<yes or no>*
+    Prints one line per query to the log, with the log timestamp and IP
+    address, name, type and class.
+    Note that it takes time to print these lines which makes the server
+    (significantly) slower.
+    Odd (nonprintable) characters in names are printed as ``'?'``.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@log-replies@@: *<yes or no>*
+    Prints one line per reply to the log, with the log timestamp and IP
+    address, name, type, class, return code, time to resolve, from cache and
+    response size.
+    Note that it takes time to print these lines which makes the server
+    (significantly) slower.
+    Odd (nonprintable) characters in names are printed as ``'?'``.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@log-tag-queryreply@@: *<yes or no>*
+    Prints the word 'query' and 'reply' with
+    :ref:`log-queries<unbound.conf.log-queries>` and
+    :ref:`log-replies<unbound.conf.log-replies>`.
+    This makes filtering logs easier.
+
+    Default: no (backwards compatible)
+
+
+@@UAHL@unbound.conf@log-destaddr@@: *<yes or no>*
+    Prints the destination address, port and type in the
+    :ref:`log-replies<unbound.conf.log-replies>` output.
+    This disambiguates what type of traffic, eg. UDP or TCP, and to what local
+    port the traffic was sent to.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@log-local-actions@@: *<yes or no>*
+    Print log lines to inform about local zone actions.
+    These lines are like the :ref:`local-zone type
+    inform<unbound.conf.local-zone.type.inform>` print outs, but they are also
+    printed for the other types of local zones.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@log-servfail@@: *<yes or no>*
+    Print log lines that say why queries return SERVFAIL to clients.
+    This is separate from the verbosity debug logs, much smaller, and printed
+    at the error level, not the info level of debug info from verbosity.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@pidfile@@: *<filename>*
+    The process id is written to the file.
+    Default is :file:`"@UNBOUND_PIDFILE@"`.
+    So,
+
+    .. code-block:: text
+
+        kill -HUP `cat @UNBOUND_PIDFILE@`
+
+    triggers a reload,
+
+    .. code-block:: text
+
+        kill -TERM `cat @UNBOUND_PIDFILE@`
+
+    gracefully terminates.
+
+    Default: @UNBOUND_PIDFILE@
+
+
+@@UAHL@unbound.conf@root-hints@@: *<filename>*
+    Read the root hints from this file.
+    Default is nothing, using builtin hints for the IN class.
+    The file has the format of zone files, with root nameserver names and
+    addresses only.
+    The default may become outdated, when servers change, therefore it is good
+    practice to use a root hints file.
+
+    Default: ""
+
+
+@@UAHL@unbound.conf@hide-identity@@: *<yes or no>*
+    If enabled 'id.server' and 'hostname.bind' queries are REFUSED.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@identity@@: *<string>*
+    Set the identity to report.
+    If set to ``""``, then the hostname of the server is returned.
+
+    Default: ""
+
+
+@@UAHL@unbound.conf@hide-version@@: *<yes or no>*
+    If enabled 'version.server' and 'version.bind' queries are REFUSED.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@version@@: *<string>*
+    Set the version to report.
+    If set to ``""``, then the package version is returned.
+
+    Default: ""
+
+
+@@UAHL@unbound.conf@hide-http-user-agent@@: *<yes or no>*
+    If enabled the HTTP header User-Agent is not set.
+    Use with caution as some webserver configurations may reject HTTP requests
+    lacking this header.
+    If needed, it is better to explicitly set the
+    :ref:`http-user-agent<unbound.conf.http-user-agent>` below.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@http-user-agent@@: *<string>*
+    Set the HTTP User-Agent header for outgoing HTTP requests.
+    If set to ``""``, then the package name and version are used.
+
+    Default: ""
+
+
+@@UAHL@unbound.conf@nsid@@: *<string>*
+    Add the specified nsid to the EDNS section of the answer when queried with
+    an NSID EDNS enabled packet.
+    As a sequence of hex characters or with 'ascii\_' prefix and then an ASCII
+    string.
+
+    Default: (disabled)
+
+
+@@UAHL@unbound.conf@hide-trustanchor@@: *<yes or no>*
+    If enabled 'trustanchor.unbound' queries are REFUSED.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@target-fetch-policy@@: *<"list of numbers">*
+    Set the target fetch policy used by Unbound to determine if it should fetch
+    nameserver target addresses opportunistically.
+    The policy is described per dependency depth.
+
+    The number of values determines the maximum dependency depth that Unbound
+    will pursue in answering a query.
+    A value of -1 means to fetch all targets opportunistically for that
+    dependency depth.
+    A value of 0 means to fetch on demand only.
+    A positive value fetches that many targets opportunistically.
+
+    Enclose the list between quotes (``""``) and put spaces between numbers.
+    Setting all zeroes, "0 0 0 0 0" gives behaviour closer to that of BIND 9,
+    while setting "-1 -1 -1 -1 -1" gives behaviour rumoured to be closer to
+    that of BIND 8.
+
+    Default:  "3 2 1 0 0"
+
+
+@@UAHL@unbound.conf@harden-short-bufsize@@: *<yes or no>*
+    Very small EDNS buffer sizes from queries are ignored.
+
+    Default: yes (as described in the standard)
+
+
+@@UAHL@unbound.conf@harden-large-queries@@: *<yes or no>*
+    Very large queries are ignored.
+    Default is no, since it is legal protocol wise to send these, and could be
+    necessary for operation if TSIG or EDNS payload is very large.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@harden-glue@@: *<yes or no>*
+    Will trust glue only if it is within the servers authority.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf@harden-unverified-glue@@: *<yes or no>*
+    Will trust only in-zone glue.
+    Will try to resolve all out of zone (*unverified*) glue.
+    Will fallback to the original glue if unable to resolve.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@harden-dnssec-stripped@@: *<yes or no>*
+    Require DNSSEC data for trust-anchored zones, if such data is absent, the
+    zone becomes bogus.
+    If turned off, and no DNSSEC data is received (or the DNSKEY data fails to
+    validate), then the zone is made insecure, this behaves like there is no
+    trust anchor.
+    You could turn this off if you are sometimes behind an intrusive firewall
+    (of some sort) that removes DNSSEC data from packets, or a zone changes
+    from signed to unsigned to badly signed often.
+    If turned off you run the risk of a downgrade attack that disables security
+    for a zone.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf@harden-below-nxdomain@@: *<yes or no>*
+    From :rfc:`8020` (with title "NXDOMAIN: There Really Is Nothing
+    Underneath"), returns NXDOMAIN to queries for a name below another name
+    that is already known to be NXDOMAIN.
+    DNSSEC mandates NOERROR for empty nonterminals, hence this is possible.
+    Very old software might return NXDOMAIN for empty nonterminals (that
+    usually happen for reverse IP address lookups), and thus may be
+    incompatible with this.
+    To try to avoid this only DNSSEC-secure NXDOMAINs are used, because the old
+    software does not have DNSSEC.
+
+    .. note::
+        The NXDOMAIN must be secure, this means NSEC3 with optout is
+        insufficient.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf@harden-referral-path@@: *<yes or no>*
+    Harden the referral path by performing additional queries for
+    infrastructure data.
+    Validates the replies if trust anchors are configured and the zones are
+    signed.
+    This enforces DNSSEC validation on nameserver NS sets and the nameserver
+    addresses that are encountered on the referral path to the answer.
+    Default is off, because it burdens the authority servers, and it is not RFC
+    standard, and could lead to performance problems because of the extra query
+    load that is generated.
+    Experimental option.
+    If you enable it consider adding more numbers after the
+    :ref:`target-fetch-policy<unbound.conf.target-fetch-policy>` to increase
+    the max depth that is checked to.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@harden-algo-downgrade@@: *<yes or no>*
+    Harden against algorithm downgrade when multiple algorithms are advertised
+    in the DS record.
+    This works by first choosing only the strongest DS digest type as per
+    :rfc:`4509` (Unbound treats the highest algorithm as the strongest) and
+    then expecting signatures from all the advertised signing algorithms from
+    the chosen DS(es) to be present.
+    If no, allows any one supported algorithm to validate the zone, even if
+    other advertised algorithms are broken.
+    :rfc:`6840` mandates that zone signers must produce zones signed with all
+    advertised algorithms, but sometimes they do not.
+    :rfc:`6840` also clarifies that this requirement is not for validators and
+    validators should accept any single valid path.
+    It should thus be explicitly noted that this option violates :rfc:`6840`
+    for DNSSEC validation and should only be used to perform a signature
+    completeness test to support troubleshooting.
+
+    .. warning::
+        Using this option may break DNSSEC resolution with non :rfc:`6840`
+        conforming signers and/or in multi-signer configurations that don't
+        send all the advertised signatures.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@harden-unknown-additional@@: *<yes or no>*
+    Harden against unknown records in the authority section and additional
+    section.
+    If no, such records are copied from the upstream and presented to the
+    client together with the answer.
+    If yes, it could hamper future protocol developments that want to add
+    records.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@use-caps-for-id@@: *<yes or no>*
+    Use 0x20-encoded random bits in the query to foil spoof attempts.
+    This perturbs the lowercase and uppercase of query names sent to authority
+    servers and checks if the reply still has the correct casing.
+    This feature is an experimental implementation of draft dns-0x20.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@caps-exempt@@: *<domain>*
+    Exempt the domain so that it does not receive caps-for-id perturbed
+    queries.
+    For domains that do not support 0x20 and also fail with fallback because
+    they keep sending different answers, like some load balancers.
+    Can be given multiple times, for different domains.
+
+
+@@UAHL@unbound.conf@caps-whitelist@@: *<domain>*
+    Alternate syntax for :ref:`caps-exempt<unbound.conf.caps-exempt>`.
+
+
+@@UAHL@unbound.conf@qname-minimisation@@: *<yes or no>*
+    Send minimum amount of information to upstream servers to enhance privacy.
+    Only send minimum required labels of the QNAME and set QTYPE to A when
+    possible.
+    Best effort approach; full QNAME and original QTYPE will be sent when
+    upstream replies with a RCODE other than NOERROR, except when receiving
+    NXDOMAIN from a DNSSEC signed zone.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf@qname-minimisation-strict@@: *<yes or no>*
+    QNAME minimisation in strict mode.
+    Do not fall-back to sending full QNAME to potentially broken nameservers.
+    A lot of domains will not be resolvable when this option in enabled.
+    Only use if you know what you are doing.
+    This option only has effect when
+    :ref:`qname-minimisation<unbound.conf.qname-minimisation>` is enabled.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@aggressive-nsec@@: *<yes or no>*
+    Aggressive NSEC uses the DNSSEC NSEC chain to synthesize NXDOMAIN and other
+    denials, using information from previous NXDOMAINs answers.
+    It helps to reduce the query rate towards targets that get a very high
+    nonexistent name lookup rate.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf@private-address@@: *<IP address or subnet>*
+    Give IPv4 of IPv6 addresses or classless subnets.
+    These are addresses on your private network, and are not allowed to be
+    returned for public internet names.
+    Any occurrence of such addresses are removed from DNS answers.
+    Additionally, the DNSSEC validator may mark the answers bogus.
+    This protects against so-called DNS Rebinding, where a user browser is
+    turned into a network proxy, allowing remote access through the browser to
+    other parts of your private network.
+
+    Some names can be allowed to contain your private addresses, by default all
+    the :ref:`local-data<unbound.conf.local-data>` that you configured is
+    allowed to, and you can specify additional names using
+    :ref:`private-domain<unbound.conf.private-domain>`.
+    No private addresses are enabled by default.
+
+    We consider to enable this for the :rfc:`1918` private IP address space by
+    default in later releases.
+    That would enable private addresses for ``10.0.0.0/8``, ``172.16.0.0/12``,
+    ``192.168.0.0/16``, ``169.254.0.0/16``, ``fd00::/8`` and ``fe80::/10``,
+    since the RFC standards say these addresses should not be visible on the
+    public internet.
+
+    Turning on ``127.0.0.0/8`` would hinder many spamblocklists as they use
+    that.
+    Adding ``::ffff:0:0/96`` stops IPv4-mapped IPv6 addresses from bypassing
+    the filter.
+
+
+@@UAHL@unbound.conf@private-domain@@: *<domain name>*
+    Allow this domain, and all its subdomains to contain private addresses.
+    Give multiple times to allow multiple domain names to contain private
+    addresses.
+
+    Default: (none)
+
+
+@@UAHL@unbound.conf@unwanted-reply-threshold@@: *<number>*
+    If set, a total number of unwanted replies is kept track of in every
+    thread.
+    When it reaches the threshold, a defensive action is taken and a warning is
+    printed to the log.
+    The defensive action is to clear the rrset and message caches, hopefully
+    flushing away any poison.
+    A value of 10 million is suggested.
+
+    Default: 0 (disabled)
+
+
+@@UAHL@unbound.conf@do-not-query-address@@: *<IP address>*
+    Do not query the given IP address.
+    Can be IPv4 or IPv6.
+    Append /num to indicate a classless delegation netblock, for example like
+    ``10.2.3.4/24`` or ``2001::11/64``.
+
+    Default: (none)
+
+
+@@UAHL@unbound.conf@do-not-query-localhost@@: *<yes or no>*
+    If yes, localhost is added to the
+    :ref:`do-not-query-address<unbound.conf.do-not-query-address>` entries,
+    both IPv6 ``::1`` and IPv4 ``127.0.0.1/8``.
+    If no, then localhost can be used to send queries to.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf@prefetch@@: *<yes or no>*
+    If yes, cache hits on message cache elements that are on their last 10
+    percent of their TTL value trigger a prefetch to keep the cache up to date.
+    Turning it on gives about 10 percent more traffic and load on the machine,
+    but popular items do not expire from the cache.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@prefetch-key@@: *<yes or no>*
+    If yes, fetch the DNSKEYs earlier in the validation process, when a DS
+    record is encountered.
+    This lowers the latency of requests.
+    It does use a little more CPU.
+    Also if the cache is set to 0, it is no use.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@deny-any@@: *<yes or no>*
+    If yes, deny queries of type ANY with an empty response.
+    If disabled, Unbound responds with a short list of resource records if some
+    can be found in the cache and makes the upstream type ANY query if there
+    are none.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@rrset-roundrobin@@: *<yes or no>*
+    If yes, Unbound rotates RRSet order in response (the random number is taken
+    from the query ID, for speed and thread safety).
+
+    Default: yes
+
+
+@@UAHL@unbound.conf@minimal-responses@@: *<yes or no>*
+    If yes, Unbound does not insert authority/additional sections into response
+    messages when those sections are not required.
+    This reduces response size significantly, and may avoid TCP fallback for
+    some responses which may cause a slight speedup.
+    The default is yes, even though the DNS protocol RFCs mandate these
+    sections, and the additional content could save roundtrips for clients that
+    use the additional content.
+    However these sections are hardly used by clients.
+    Enabling prefetch can benefit clients that need the additional content
+    by trying to keep that content fresh in the cache.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf@disable-dnssec-lame-check@@: *<yes or no>*
+    If yes, disables the DNSSEC lameness check in the iterator.
+    This check sees if RRSIGs are present in the answer, when DNSSEC is
+    expected, and retries another authority if RRSIGs are unexpectedly missing.
+    The validator will insist in RRSIGs for DNSSEC signed domains regardless of
+    this setting, if a trust anchor is loaded.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@module-config@@: *"<module names>"*
+    Module configuration, a list of module names separated by spaces, surround
+    the string with quotes (``""``).
+    The modules can be ``respip``, ``validator``, or ``iterator`` (and possibly
+    more, see below).
+
+    .. note::
+        The ordering of the modules is significant, the order decides the order
+        of processing.
+
+    Setting this to just "iterator" will result in a non-validating server.
+    Setting this to "validator iterator" will turn on DNSSEC validation.
+
+    .. note::
+        You must also set trust-anchors for validation to be useful.
+
+    Adding ``respip`` to the front will cause RPZ processing to be done on all
+    queries.
+
+    Most modules that need to be listed here have to be listed at the beginning
+    of the line.
+
+    The ``subnetcache`` module has to be listed just before the iterator.
+
+    The ``python`` module can be listed in different places, it then processes
+    the output of the module it is just before.
+
+    The ``dynlib`` module can be listed pretty much anywhere, it is only a very
+    thin wrapper that allows dynamic libraries to run in its place.
+
+    Default: "validator iterator"
+
+
+@@UAHL@unbound.conf@trust-anchor-file@@: *<filename>*
+    File with trusted keys for validation.
+    Both DS and DNSKEY entries can appear in the file.
+    The format of the file is the standard DNS Zone file format.
+
+    Default: "" (no trust anchor file)
+
+
+@@UAHL@unbound.conf@auto-trust-anchor-file@@: *<filename>*
+    File with trust anchor for one zone, which is tracked with :rfc:`5011`
+    probes.
+    The probes are run several times per month, thus the machine must be online
+    frequently.
+    The initial file can be one with contents as described in
+    :ref:`trust-anchor-file<unbound.conf.trust-anchor-file>`.
+    The file is written to when the anchor is updated, so the Unbound user must
+    have write permission.
+    Write permission to the file, but also to the directory it is in (to create
+    a temporary file, which is necessary to deal with filesystem full events),
+    it must also be inside the :ref:`chroot<unbound.conf.chroot>` (if that is
+    used).
+
+    Default: "" (no auto trust anchor file)
+
+
+@@UAHL@unbound.conf@trust-anchor@@: *"<Resource Record>"*
+    A DS or DNSKEY RR for a key to use for validation.
+    Multiple entries can be given to specify multiple trusted keys, in addition
+    to the :ref:`trust-anchor-file<unbound.conf.trust-anchor-file>`.
+    The resource record is entered in the same format as *dig(1)* or *drill(1)*
+    prints them, the same format as in the zone file.
+    Has to be on a single line, with ``""`` around it.
+    A TTL can be specified for ease of cut and paste, but is ignored.
+    A class can be specified, but class IN is default.
+
+    Default: (none)
+
+
+@@UAHL@unbound.conf@trusted-keys-file@@: *<filename>*
+    File with trusted keys for validation.
+    Specify more than one file with several entries, one file per entry.
+    Like :ref:`trust-anchor-file<unbound.conf.trust-anchor-file>` but has a
+    different file format.
+    Format is BIND-9 style format, the ``trusted-keys { name flag proto algo
+    "key"; };`` clauses are read.
+    It is possible to use wildcards with this statement, the wildcard is
+    expanded on start and on reload.
+
+    Default: "" (no trusted keys file)
+
+
+@@UAHL@unbound.conf@trust-anchor-signaling@@: *<yes or no>*
+    Send :rfc:`8145` key tag query after trust anchor priming.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf@root-key-sentinel@@: *<yes or no>*
+    Root key trust anchor sentinel.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf@domain-insecure@@: *<domain name>*
+    Sets *<domain name>* to be insecure, DNSSEC chain of trust is ignored
+    towards the *<domain name>*.
+    So a trust anchor above the domain name can not make the domain secure with
+    a DS record, such a DS record is then ignored.
+    Can be given multiple times to specify multiple domains that are treated as
+    if unsigned.
+    If you set trust anchors for the domain they override this setting (and the
+    domain is secured).
+
+    This can be useful if you want to make sure a trust anchor for external
+    lookups does not affect an (unsigned) internal domain.
+    A DS record externally can create validation failures for that internal
+    domain.
+
+    Default: (none)
+
+
+@@UAHL@unbound.conf@val-override-date@@: *<rrsig-style date spec>*
+    .. warning:: Debugging feature!
+
+    If enabled by giving a RRSIG style date, that date is used for verifying
+    RRSIG inception and expiration dates, instead of the current date.
+    Do not set this unless you are debugging signature inception and
+    expiration.
+    The value -1 ignores the date altogether, useful for some special
+    applications.
+
+    Default: 0 (disabled)
+
+
+@@UAHL@unbound.conf@val-sig-skew-min@@: *<seconds>*
+    Minimum number of seconds of clock skew to apply to validated signatures.
+    A value of 10% of the signature lifetime (expiration - inception) is used,
+    capped by this setting.
+    Default is 3600 (1 hour) which allows for daylight savings differences.
+    Lower this value for more strict checking of short lived signatures.
+
+    Default: 3600 (1 hour)
+
+
+@@UAHL@unbound.conf@val-sig-skew-max@@: *<seconds>*
+    Maximum number of seconds of clock skew to apply to validated signatures.
+    A value of 10% of the signature lifetime (expiration - inception) is used,
+    capped by this setting.
+    Default is 86400 (24 hours) which allows for timezone setting problems in
+    stable domains.
+    Setting both min and max very low disables the clock skew allowances.
+    Setting both min and max very high makes the validator check the signature
+    timestamps less strictly.
+
+    Default: 86400 (24 hours)
+
+
+@@UAHL@unbound.conf@val-max-restart@@: *<number>*
+    The maximum number the validator should restart validation with another
+    authority in case of failed validation.
+
+    Default: 5
+
+
+@@UAHL@unbound.conf@val-bogus-ttl@@: *<seconds>*
+    The time to live for bogus data.
+    This is data that has failed validation; due to invalid signatures or other
+    checks.
+    The TTL from that data cannot be trusted, and this value is used instead.
+    The time interval prevents repeated revalidation of bogus data.
+
+    Default: 60
+
+
+@@UAHL@unbound.conf@val-clean-additional@@: *<yes or no>*
+    Instruct the validator to remove data from the additional section of secure
+    messages that are not signed properly.
+    Messages that are insecure, bogus, indeterminate or unchecked are not
+    affected.
+    Use this setting to protect the users that rely on this validator for
+    authentication from potentially bad data in the additional section.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf@val-log-level@@: *<number>*
+    Have the validator print validation failures to the log.
+    Regardless of the verbosity setting.
+
+    At 1, for every user query that fails a line is printed to the logs.
+    This way you can monitor what happens with validation.
+    Use a diagnosis tool, such as dig or drill, to find out why validation is
+    failing for these queries.
+
+    At 2, not only the query that failed is printed but also the reason why
+    Unbound thought it was wrong and which server sent the faulty data.
+
+    Default: 0 (disabled)
+
+
+@@UAHL@unbound.conf@val-permissive-mode@@: *<yes or no>*
+    Instruct the validator to mark bogus messages as indeterminate.
+    The security checks are performed, but if the result is bogus (failed
+    security), the reply is not withheld from the client with SERVFAIL as
+    usual.
+    The client receives the bogus data.
+    For messages that are found to be secure the AD bit is set in replies.
+    Also logging is performed as for full validation.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@ignore-cd-flag@@: *<yes or no>*
+    Instruct Unbound to ignore the CD flag from clients and refuse to return
+    bogus answers to them.
+    Thus, the CD (Checking Disabled) flag does not disable checking any more.
+    This is useful if legacy (w2008) servers that set the CD flag but cannot
+    validate DNSSEC themselves are the clients, and then Unbound provides them
+    with DNSSEC protection.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@disable-edns-do@@: *<yes or no>*
+    Disable the EDNS DO flag in upstream requests.
+    It breaks DNSSEC validation for Unbound's clients.
+    This results in the upstream name servers to not include DNSSEC records in
+    their replies and could be helpful for devices that cannot handle DNSSEC
+    information.
+    When the option is enabled, clients that set the DO flag receive no EDNS
+    record in the response to indicate the lack of support to them.
+    If this option is enabled but Unbound is already configured for DNSSEC
+    validation (i.e., the validator module is enabled; default) this option is
+    implicitly turned off with a warning as to not break DNSSEC validation in
+    Unbound.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@serve-expired@@: *<yes or no>*
+    If enabled, Unbound attempts to serve old responses from cache with a TTL
+    of :ref:`serve-expired-reply-ttl<unbound.conf.serve-expired-reply-ttl>` in
+    the response.
+    By default the expired answer will be used after a resolution attempt
+    errored out or is taking more than
+    :ref:`serve-expired-client-timeout<unbound.conf.serve-expired-client-timeout>`
+    to resolve.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@serve-expired-ttl@@: *<seconds>*
+    Limit serving of expired responses to configured seconds after expiration.
+    ``0`` disables the limit.
+    This option only applies when
+    :ref:`serve-expired<unbound.conf.serve-expired>` is enabled.
+    A suggested value per RFC 8767 is between 86400 (1 day) and 259200 (3 days).
+    The default is 86400.
+
+    Default: 86400
+
+
+@@UAHL@unbound.conf@serve-expired-ttl-reset@@: *<yes or no>*
+    Set the TTL of expired records to the
+    :ref:`serve-expired-ttl<unbound.conf.serve-expired-ttl>` value after a
+    failed attempt to retrieve the record from upstream.
+    This makes sure that the expired records will be served as long as there
+    are queries for it.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@serve-expired-reply-ttl@@: *<seconds>*
+    TTL value to use when replying with expired data.
+    If
+    :ref:`serve-expired-client-timeout<unbound.conf.serve-expired-client-timeout>`
+    is also used then it is RECOMMENDED to use 30 as the value (:rfc:`8767`).
+
+    Default: 30
+
+
+@@UAHL@unbound.conf@serve-expired-client-timeout@@: *<msec>*
+    Time in milliseconds before replying to the client with expired data.
+    This essentially enables the serve-stale behavior as specified in
+    :rfc:`8767` that first tries to resolve before immediately responding with
+    expired data.
+    Setting this to ``0`` will disable this behavior and instead serve the
+    expired record immediately from the cache before attempting to refresh it
+    via resolution.
+
+    Default: 1800
+
+
+@@UAHL@unbound.conf@serve-original-ttl@@: *<yes or no>*
+    If enabled, Unbound will always return the original TTL as received from
+    the upstream name server rather than the decrementing TTL as stored in the
+    cache.
+    This feature may be useful if Unbound serves as a front-end to a hidden
+    authoritative name server.
+
+    Enabling this feature does not impact cache expiry, it only changes the TTL
+    Unbound embeds in responses to queries.
+
+    .. note::
+        Enabling this feature implicitly disables enforcement of the configured
+        minimum and maximum TTL, as it is assumed users who enable this feature
+        do not want Unbound to change the TTL obtained from an upstream server.
+
+    .. note::
+        The values set using :ref:`cache-min-ttl<unbound.conf.cache-min-ttl>`
+        and :ref:`cache-max-ttl<unbound.conf.cache-max-ttl>` are ignored.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@val-nsec3-keysize-iterations@@: <"list of values">
+    List of keysize and iteration count values, separated by spaces, surrounded
+    by quotes.
+    This determines the maximum allowed NSEC3 iteration count before a message
+    is simply marked insecure instead of performing the many hashing
+    iterations.
+    The list must be in ascending order and have at least one entry.
+    If you set it to "1024 65535" there is no restriction to NSEC3 iteration
+    values.
+
+    .. note::
+        This table must be kept short; a very long list could cause slower
+        operation.
+
+    Default: "1024 150 2048 150 4096 150"
+
+
+@@UAHL@unbound.conf@zonemd-permissive-mode@@: *<yes or no>*
+    If enabled the ZONEMD verification failures are only logged and do not
+    cause the zone to be blocked and only return servfail.
+    Useful for testing out if it works, or if the operator only wants to be
+    notified of a problem without disrupting service.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@add-holddown@@: *<seconds>*
+    Instruct the
+    :ref:`auto-trust-anchor-file<unbound.conf.auto-trust-anchor-file>` probe
+    mechanism for :rfc:`5011` autotrust updates to add new trust anchors only
+    after they have been visible for this time.
+
+    Default: 2592000 (30 days as per the RFC)
+
+
+@@UAHL@unbound.conf@del-holddown@@: *<seconds>*
+    Instruct the
+    :ref:`auto-trust-anchor-file<unbound.conf.auto-trust-anchor-file>` probe
+    mechanism for :rfc:`5011` autotrust updates to remove revoked trust anchors
+    after they have been kept in the revoked list for this long.
+
+    Default: 2592000 (30 days as per the RFC)
+
+
+@@UAHL@unbound.conf@keep-missing@@: *<seconds>*
+    Instruct the
+    :ref:`auto-trust-anchor-file<unbound.conf.auto-trust-anchor-file>` probe
+    mechanism for :rfc:`5011` autotrust updates to remove missing trust anchors
+    after they have been unseen for this long.
+    This cleans up the state file if the target zone does not perform trust
+    anchor revocation, so this makes the auto probe mechanism work with zones
+    that perform regular (non-5011) rollovers.
+    The value 0 does not remove missing anchors, as per the RFC.
+
+    Default: 31622400 (366 days)
+
+
+@@UAHL@unbound.conf@permit-small-holddown@@: *<yes or no>*
+    Debug option that allows the autotrust 5011 rollover timers to assume very
+    small values.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@key-cache-size@@: *<number>*
+    Number of bytes size of the key cache.
+    A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes
+    or gigabytes (1024*1024 bytes in a megabyte).
+
+    Default: 4m
+
+
+@@UAHL@unbound.conf@key-cache-slabs@@: *<number>*
+    Number of slabs in the key cache.
+    Slabs reduce lock contention by threads.
+    Must be set to a power of 2.
+    Setting (close) to the number of cpus is a fairly good setting.
+    If left unconfigured, it will be configured automatically to be a power of
+    2 close to the number of configured threads in multi-threaded environments.
+
+    Default: (unconfigured)
+
+
+@@UAHL@unbound.conf@neg-cache-size@@: *<number>*
+    Number of bytes size of the aggressive negative cache.
+    A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, megabytes
+    or gigabytes (1024*1024 bytes in a megabyte).
+
+    Default: 1m
+
+
+@@UAHL@unbound.conf@unblock-lan-zones@@: *<yes or no>*
+    If enabled, then for private address space, the reverse lookups are no
+    longer filtered.
+    This allows Unbound when running as dns service on a host where it provides
+    service for that host, to put out all of the queries for the 'lan'
+    upstream.
+    When enabled, only localhost, ``127.0.0.1`` reverse and ``::1`` reverse
+    zones are configured with default local zones.
+    Disable the option when Unbound is running as a (DHCP-) DNS network
+    resolver for a group of machines, where such lookups should be filtered
+    (RFC compliance), this also stops potential data leakage about the local
+    network to the upstream DNS servers.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@insecure-lan-zones@@: *<yes or no>*
+    If enabled, then reverse lookups in private address space are not
+    validated.
+    This is usually required whenever
+    :ref:`unblock-lan-zones<unbound.conf.unblock-lan-zones>` is used.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@local-zone@@: *<zone> <type>*
+    Configure a local zone.
+    The type determines the answer to give if there is no match from
+    :ref:`local-data<unbound.conf.local-data>`.
+    The types are
+    :ref:`deny<unbound.conf.local-zone.type.deny>`,
+    :ref:`refuse<unbound.conf.local-zone.type.refuse>`,
+    :ref:`static<unbound.conf.local-zone.type.static>`,
+    :ref:`transparent<unbound.conf.local-zone.type.transparent>`,
+    :ref:`redirect<unbound.conf.local-zone.type.redirect>`,
+    :ref:`nodefault<unbound.conf.local-zone.type.nodefault>`,
+    :ref:`typetransparent<unbound.conf.local-zone.type.typetransparent>`,
+    :ref:`inform<unbound.conf.local-zone.type.inform>`,
+    :ref:`inform_deny<unbound.conf.local-zone.type.inform_deny>`,
+    :ref:`inform_redirect<unbound.conf.local-zone.type.inform_redirect>`,
+    :ref:`always_transparent<unbound.conf.local-zone.type.always_transparent>`,
+    :ref:`block_a<unbound.conf.local-zone.type.block_a>`,
+    :ref:`always_refuse<unbound.conf.local-zone.type.always_refuse>`,
+    :ref:`always_nxdomain<unbound.conf.local-zone.type.always_nxdomain>`,
+    :ref:`always_null<unbound.conf.local-zone.type.always_null>`,
+    :ref:`noview<unbound.conf.local-zone.type.noview>`,
+    and are explained below.
+    After that the default settings are listed.
+    Use :ref:`local-data<unbound.conf.local-data>` to enter data into the
+    local zone.
+    Answers for local zones are authoritative DNS answers.
+    By default the zones are class IN.
+
+    If you need more complicated authoritative data, with referrals,
+    wildcards, CNAME/DNAME support, or DNSSEC authoritative service,
+    setup a :ref:`stub-zone<unbound.conf.stub>` for it as detailed in the
+    stub zone section below.
+    A :ref:`stub-zone<unbound.conf.stub>` can be used to have unbound
+    send queries to another server, an authoritative server, to fetch the
+    information.
+    With a :ref:`forward-zone<unbound.conf.forward>`, unbound sends
+    queries to a server that is a recursive server to fetch the information.
+    With an :ref:`auth-zone<unbound.conf.auth>` a zone can be loaded from
+    file and used, it can be used like a local zone for users downstream, or
+    the :ref:`auth-zone<unbound.conf.auth>` information can be used to fetch
+    information from when resolving like it is an upstream server.
+    The :ref:`forward-zone<unbound.conf.forward>` and
+    :ref:`auth-zone<unbound.conf.auth>` options are described in their
+    sections below.
+    If you want to perform filtering of the information that the users can
+    fetch, the :ref:`local-zone<unbound.conf.local-zone>` and
+    :ref:`local-data<unbound.conf.local-data>` statements allow for this, but
+    also the :ref:`rpz<unbound.conf.rpz>` functionality can be used, described
+    in the RPZ section.
+
+    @@UAHL@unbound.conf.local-zone.type@deny@@
+        Do not send an answer, drop the query.
+        If there is a match from local data, the query is answered.
+
+    @@UAHL@unbound.conf.local-zone.type@refuse@@
+        Send an error message reply, with rcode REFUSED.
+        If there is a match from local data, the query is answered.
+
+    @@UAHL@unbound.conf.local-zone.type@static@@
+        If there is a match from local data, the query is answered.
+        Otherwise, the query is answered with NODATA or NXDOMAIN.
+        For a negative answer a SOA is included in the answer if present as
+        :ref:`local-data<unbound.conf.local-data>` for the zone apex domain.
+
+    @@UAHL@unbound.conf.local-zone.type@transparent@@
+        If there is a match from :ref:`local-data<unbound.conf.local-data>`,
+        the query is answered.
+        Otherwise if the query has a different name, the query is resolved
+        normally.
+        If the query is for a name given in
+        :ref:`local-data<unbound.conf.local-data>` but no such type of data is
+        given in localdata, then a NOERROR NODATA answer is returned.
+        If no :ref:`local-zone<unbound.conf.local-zone>` is given
+        :ref:`local-data<unbound.conf.local-data>` causes a transparent zone
+        to be created by default.
+
+    @@UAHL@unbound.conf.local-zone.type@typetransparent@@
+        If there is a match from local data, the query is answered.
+        If the query is for a different name, or for the same name but for a
+        different type, the query is resolved normally.
+        So, similar to
+        :ref:`transparent<unbound.conf.local-zone.type.transparent>` but types
+        that are not listed in local data are resolved normally, so if an A
+        record is in the local data that does not cause a NODATA reply for AAAA
+        queries.
+
+    @@UAHL@unbound.conf.local-zone.type@redirect@@
+        The query is answered from the local data for the zone name.
+        There may be no local data beneath the zone name.
+        This answers queries for the zone, and all subdomains of the zone with
+        the local data for the zone.
+        It can be used to redirect a domain to return a different address
+        record to the end user, with:
+
+        .. code-block:: text
+
+            local-zone: "example.com." redirect
+            local-data: "example.com. A 127.0.0.1"
+
+        queries for ``www.example.com`` and ``www.foo.example.com`` are
+        redirected, so that users with web browsers cannot access sites with
+        suffix example.com.
+
+    @@UAHL@unbound.conf.local-zone.type@inform@@
+        The query is answered normally, same as
+        :ref:`transparent<unbound.conf.local-zone.type.transparent>`.
+        The client IP address (@portnumber) is printed to the logfile.
+        The log message is:
+
+        .. code-block:: text
+
+            timestamp, unbound-pid, info: zonename inform IP@port queryname type class.
+
+        This option can be used for normal resolution, but machines looking up
+        infected names are logged, eg. to run antivirus on them.
+
+    @@UAHL@unbound.conf.local-zone.type@inform_deny@@
+        The query is dropped, like
+        :ref:`deny<unbound.conf.local-zone.type.deny>`, and logged, like
+        :ref:`inform<unbound.conf.local-zone.type.inform>`.
+        Ie. find infected machines without answering the queries.
+
+    @@UAHL@unbound.conf.local-zone.type@inform_redirect@@
+        The query is redirected, like
+        :ref:`redirect<unbound.conf.local-zone.type.redirect>`, and logged,
+        like :ref:`inform<unbound.conf.local-zone.type.inform>`.
+        Ie. answer queries with fixed data and also log the machines that ask.
+
+    @@UAHL@unbound.conf.local-zone.type@always_transparent@@
+        Like :ref:`transparent<unbound.conf.local-zone.type.transparent>`, but
+        ignores local data and resolves normally.
+
+    @@UAHL@unbound.conf.local-zone.type@block_a@@
+        Like :ref:`transparent<unbound.conf.local-zone.type.transparent>`, but
+        ignores local data and resolves normally all query types excluding A.
+        For A queries it unconditionally returns NODATA.
+        Useful in cases when there is a need to explicitly force all apps to
+        use IPv6 protocol and avoid any queries to IPv4.
+
+    @@UAHL@unbound.conf.local-zone.type@always_refuse@@
+        Like :ref:`refuse<unbound.conf.local-zone.type.refuse>`, but ignores
+        local data and refuses the query.
+
+    @@UAHL@unbound.conf.local-zone.type@always_nxdomain@@
+        Like :ref:`static<unbound.conf.local-zone.type.static>`, but ignores
+        local data and returns NXDOMAIN for the query.
+
+    @@UAHL@unbound.conf.local-zone.type@always_nodata@@
+        Like :ref:`static<unbound.conf.local-zone.type.static>`, but ignores
+        local data and returns NODATA for the query.
+
+    @@UAHL@unbound.conf.local-zone.type@always_deny@@
+        Like :ref:`deny<unbound.conf.local-zone.type.deny>`, but ignores local
+        data and drops the query.
+
+    @@UAHL@unbound.conf.local-zone.type@always_null@@
+        Always returns ``0.0.0.0`` or ``::0`` for every name in the zone.
+        Like :ref:`redirect<unbound.conf.local-zone.type.redirect>` with zero
+        data for A and AAAA.
+        Ignores local data in the zone.
+        Used for some block lists.
+
+    @@UAHL@unbound.conf.local-zone.type@noview@@
+        Breaks out of that view and moves towards the global local zones for
+        answer to the query.
+        If the :ref:`view-first<unbound.conf.view.view-first>` is no, it'll
+        resolve normally.
+        If :ref:`view-first<unbound.conf.view.view-first>` is enabled, it'll
+        break perform that step and check the global answers.
+        For when the view has view specific overrides but some zone has to be
+        answered from global local zone contents.
+
+    @@UAHL@unbound.conf.local-zone.type@nodefault@@
+        Used to turn off default contents for AS112 zones.
+        The other types also turn off default contents for the zone.
+        The :ref:`nodefault<unbound.conf.local-zone.type.nodefault>` option has
+        no other effect than turning off default contents for the given zone.
+        Use :ref:`nodefault<unbound.conf.local-zone.type.nodefault>` if you use
+        exactly that zone, if you want to use a subzone, use
+        :ref:`transparent<unbound.conf.local-zone.type.transparent>`.
+
+    The default zones are localhost, reverse ``127.0.0.1`` and ``::1``, the
+    ``home.arpa``, ``resolver.arpa``, ``service.arpa``, ``onion``, ``test``,
+    ``invalid`` and the AS112 zones.
+    The AS112 zones are reverse DNS zones for private use and reserved IP
+    addresses for which the servers on the internet cannot provide correct
+    answers.
+    They are configured by default to give NXDOMAIN (no reverse information)
+    answers.
+
+    The defaults can be turned off by specifying your own
+    :ref:`local-zone<unbound.conf.local-zone>` of that name, or using the
+    :ref:`nodefault<unbound.conf.local-zone.type.nodefault>` type.
+    Below is a list of the default zone contents.
+
+    @@UAHL@unbound.conf.local-zone.defaults@localhost@@
+        The IPv4 and IPv6 localhost information is given.
+        NS and SOA records are provided for completeness and to satisfy some
+        DNS update tools.
+        Default content:
+
+        .. code-block:: text
+
+            local-zone: "localhost." redirect
+            local-data: "localhost. 10800 IN NS localhost."
+            local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
+            local-data: "localhost. 10800 IN A 127.0.0.1"
+            local-data: "localhost. 10800 IN AAAA ::1"
+
+    @@UAHL@unbound.conf.local-zone.defaults@reverse IPv4 loopback@@
+        Default content:
+
+        .. code-block:: text
+
+            local-zone: "127.in-addr.arpa." static
+            local-data: "127.in-addr.arpa. 10800 IN NS localhost."
+            local-data: "127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
+            local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost."
+
+    @@UAHL@unbound.conf.local-zone.defaults@reverse IPv6 loopback@@
+        Default content:
+
+        .. code-block:: text
+
+            local-zone: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." static
+            local-data: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN NS localhost."
+            local-data: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
+            local-data: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 10800 IN PTR localhost."
+
+    @@UAHL@unbound.conf.local-zone.defaults@home.arpa@@ (:rfc:`8375`)
+        Default content:
+
+        .. code-block:: text
+
+            local-zone: "home.arpa." static
+            local-data: "home.arpa. 10800 IN NS localhost."
+            local-data: "home.arpa. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
+
+    @@UAHL@unbound.conf.local-zone.defaults@resolver.arpa@@ (:rfc:`9462`)
+        Default content:
+
+        .. code-block:: text
+
+            local-zone: "resolver.arpa." static
+            local-data: "resolver.arpa. 10800 IN NS localhost."
+            local-data: "resolver.arpa. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
+
+    @@UAHL@unbound.conf.local-zone.defaults@service.arpa@@ (draft-ietf-dnssd-srp-25)
+        Default content:
+
+        .. code-block:: text
+
+            local-zone: "service.arpa." static
+            local-data: "service.arpa. 10800 IN NS localhost."
+            local-data: "service.arpa. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
+
+    @@UAHL@unbound.conf.local-zone.defaults@onion@@ (:rfc:`7686`)
+        Default content:
+
+        .. code-block:: text
+
+            local-zone: "onion." static
+            local-data: "onion. 10800 IN NS localhost."
+            local-data: "onion. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
+
+    @@UAHL@unbound.conf.local-zone.defaults@test@@ (:rfc:`6761`)
+        Default content:
+
+        .. code-block:: text
+
+            local-zone: "test." static
+            local-data: "test. 10800 IN NS localhost."
+            local-data: "test. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
+
+    @@UAHL@unbound.conf.local-zone.defaults@invalid@@ (:rfc:`6761`)
+        Default content:
+
+        .. code-block:: text
+
+            local-zone: "invalid." static
+            local-data: "invalid. 10800 IN NS localhost."
+            local-data: "invalid. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
+
+    @@UAHL@unbound.conf.local-zone.defaults@reverse local use zones@@ (:rfc:`1918`)
+        Reverse data for zones ``10.in-addr.arpa``, ``16.172.in-addr.arpa`` to
+        ``31.172.in-addr.arpa``, ``168.192.in-addr.arpa``.
+        The :ref:`local-zone<unbound.conf.local-zone>` is set static and as
+        :ref:`local-data<unbound.conf.local-data>` SOA and NS records are
+        provided.
+
+    @@UAHL@unbound.conf.local-zone.defaults@special-use IPv4 Addresses@@ (:rfc:`3330`)
+        Reverse data for zones ``0.in-addr.arpa`` (this), ``254.169.in-addr.arpa`` (link-local),
+        ``2.0.192.in-addr.arpa`` (TEST NET 1), ``100.51.198.in-addr.arpa``
+        (TEST NET 2), ``113.0.203.in-addr.arpa`` (TEST NET 3),
+        ``255.255.255.255.in-addr.arpa`` (broadcast).
+        And from ``64.100.in-addr.arpa`` to ``127.100.in-addr.arpa`` (Shared
+        Address Space).
+
+    @@UAHL@unbound.conf.local-zone.defaults@reverse IPv6 unspecified@@ (:rfc:`4291`)
+        Reverse data for zone
+        ``0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.``
+
+    @@UAHL@unbound.conf.local-zone.defaults@reverse IPv6 Locally Assigned Local Addresses@@ (:rfc:`4193`)
+        Reverse data for zone ``D.F.ip6.arpa``.
+
+    @@UAHL@unbound.conf.local-zone.defaults@reverse IPv6 Link Local Addresses@@ (:rfc:`4291`)
+        Reverse data for zones ``8.E.F.ip6.arpa`` to ``B.E.F.ip6.arpa``.
+
+    @@UAHL@unbound.conf.local-zone.defaults@reverse IPv6 Example Prefix@@
+        Reverse data for zone ``8.B.D.0.1.0.0.2.ip6.arpa``.
+        This zone is used for tutorials and examples.
+        You can remove the block on this zone with:
+
+        .. code-block:: text
+
+            local-zone: 8.B.D.0.1.0.0.2.ip6.arpa. nodefault
+
+    You can also selectively unblock a part of the zone by making that part
+    transparent with a :ref:`local-zone<unbound.conf.local-zone>` statement.
+    This also works with the other default zones.
+
+
+@@UAHL@unbound.conf@local-data@@: *"<resource record string>"*
+    Configure local data, which is served in reply to queries for it.
+    The query has to match exactly unless you configure the
+    :ref:`local-zone<unbound.conf.local-zone>` as redirect.
+    If not matched exactly, the :ref:`local-zone<unbound.conf.local-zone>`
+    type determines further processing.
+    If :ref:`local-data<unbound.conf.local-data>` is configured that is not a
+    subdomain of a :ref:`local-zone<unbound.conf.local-zone>`, a
+    :ref:`transparent local-zone<unbound.conf.local-zone.type.transparent>` is
+    configured.
+    For record types such as TXT, use single quotes, as in:
+
+    .. code-block:: text
+
+        local-data: 'example. TXT "text"'
+
+    .. note::
+        If you need more complicated authoritative data, with referrals,
+        wildcards, CNAME/DNAME support, or DNSSEC authoritative service, setup
+        a :ref:`stub-zone<unbound.conf.stub>` for it as detailed in the stub
+        zone section below.
+
+
+@@UAHL@unbound.conf@local-data-ptr@@: *"IPaddr name"*
+    Configure local data shorthand for a PTR record with the reversed IPv4 or
+    IPv6 address and the host name.
+    For example ``"192.0.2.4 www.example.com"``.
+    TTL can be inserted like this: ``"2001:DB8::4 7200 www.example.com"``
+
+
+@@UAHL@unbound.conf@local-zone-tag@@: *<zone> <"list of tags">*
+    Assign tags to local zones.
+    Tagged localzones will only be applied when the used
+    :ref:`access-control<unbound.conf.access-control>` element has a matching
+    tag.
+    Tags must be defined in :ref:`define-tag<unbound.conf.define-tag>`.
+    Enclose list of tags in quotes (``""``) and put spaces between tags.
+    When there are multiple tags it checks if the intersection of the list of
+    tags for the query and :ref:`local-zone-tag<unbound.conf.local-zone-tag>`
+    is non-empty.
+
+
+@@UAHL@unbound.conf@local-zone-override@@: *<zone> <IP netblock> <type>*
+    Override the local zone type for queries from addresses matching netblock.
+    Use this localzone type, regardless the type configured for the local zone
+    (both tagged and untagged) and regardless the type configured using
+    :ref:`access-control-tag-action<unbound.conf.access-control-tag-action>`.
+
+
+@@UAHL@unbound.conf@response-ip@@: *<IP-netblock> <action>*
+    This requires use of the ``respip`` module.
+
+    If the IP address in an AAAA or A RR in the answer section of a response
+    matches the specified IP netblock, the specified action will apply.
+    *<action>* has generally the same semantics as that for
+    :ref:`access-control-tag-action<unbound.conf.access-control-tag-action>`,
+    but there are some exceptions.
+
+    Actions for :ref:`response-ip<unbound.conf.response-ip>` are different
+    from those for :ref:`local-zone<unbound.conf.local-zone>` in that in case
+    of the former there is no point of such conditions as "the query matches it
+    but there is no local data".
+    Because of this difference, the semantics of
+    :ref:`response-ip<unbound.conf.response-ip>` actions are modified or
+    simplified as follows: The *static*, *refuse*, *transparent*,
+    *typetransparent*, and *nodefault* actions are invalid for *response-ip*.
+    Using any of these will cause the configuration to be rejected as faulty.
+    The *deny* action is non-conditional, i.e. it always results in dropping
+    the corresponding query.
+    The resolution result before applying the *deny* action is still cached and
+    can be used for other queries.
+
+
+@@UAHL@unbound.conf@response-ip-data@@: *<IP-netblock> <"resource record string">*
+    This requires use of the ``respip`` module.
+
+    This specifies the action data for
+    :ref:`response-ip<unbound.conf.response-ip>` with action being to redirect
+    as specified by *<"resource record string">*.
+    *<"Resource record string">* is similar to that of
+    :ref:`access-control-tag-action<unbound.conf.access-control-tag-action>`,
+    but it must be of either AAAA, A or CNAME types.
+    If the *<IP-netblock>* is an IPv6/IPv4 prefix, the record must be AAAA/A
+    respectively, unless it is a CNAME (which can be used for both versions of
+    IP netblocks).
+    If it is CNAME there must not be more than one
+    :ref:`response-ip-data<unbound.conf.response-ip-data>` for the same
+    *<IP-netblock>*.
+    Also, CNAME and other types of records must not coexist for the same
+    *<IP-netblock>*, following the normal rules for CNAME records.
+    The textual domain name for the CNAME does not have to be explicitly
+    terminated with a dot (``"."``); the root name is assumed to be the origin
+    for the name.
+
+
+@@UAHL@unbound.conf@response-ip-tag@@: *<IP-netblock> <"list of tags">*
+    This requires use of the ``respip`` module.
+
+    Assign tags to response *<IP-netblock>*.
+    If the IP address in an AAAA or A RR in the answer section of a response
+    matches the specified *<IP-netblock>*, the specified tags are assigned to
+    the IP address.
+    Then, if an :ref:`access-control-tag<unbound.conf.access-control-tag>` is
+    defined for the client and it includes one of the tags for the response IP,
+    the corresponding
+    :ref:`access-control-tag-action<unbound.conf.access-control-tag-action>`
+    will apply.
+    Tag matching rule is the same as that for
+    :ref:`access-control-tag<unbound.conf.access-control-tag>` and
+    :ref:`local-zone<unbound.conf.local-zone>`.
+    Unlike :ref:`local-zone-tag<unbound.conf.local-zone-tag>`,
+    :ref:`response-ip-tag<unbound.conf.response-ip-tag>` can be defined for an
+    *<IP-netblock>* even if no :ref:`response-ip<unbound.conf.response-ip>` is
+    defined for that netblock.
+    If multiple :ref:`response-ip-tag<unbound.conf.response-ip-tag>` options
+    are specified for the same *<IP-netblock>* in different statements, all but
+    the first will be ignored.
+    However, this will not be flagged as a configuration error, but the result
+    is probably not what was intended.
+
+    Actions specified in an
+    :ref:`access-control-tag-action<unbound.conf.access-control-tag-action>`
+    that has a matching tag with
+    :ref:`response-ip-tag<unbound.conf.response-ip-tag>` can be those that are
+    "invalid" for :ref:`response-ip<unbound.conf.response-ip>` listed above,
+    since
+    :ref:`access-control-tag-action<unbound.conf.access-control-tag-action>`
+    can be shared with local zones.
+    For these actions, if they behave differently depending on whether local
+    data exists or not in case of local zones, the behavior for
+    :ref:`response-ip-data<unbound.conf.response-ip-data>` will generally
+    result in NOERROR/NODATA instead of NXDOMAIN, since the
+    :ref:`response-ip<unbound.conf.response-ip>` data are inherently type
+    specific, and non-existence of data does not indicate anything about the
+    existence or non-existence of the qname itself.
+    For example, if the matching tag action is static but there is no data for
+    the corresponding :ref:`response-ip<unbound.conf.response-ip>`
+    configuration, then the result will be NOERROR/NODATA.
+    The only case where NXDOMAIN is returned is when an
+    :ref:`always_nxdomain<unbound.conf.local-zone.type.always_nxdomain>`
+    action applies.
+
+
+@@UAHL@unbound.conf@ratelimit@@: *<number or 0>*
+    Enable ratelimiting of queries sent to nameserver for performing recursion.
+    0 disables the feature.
+    This option is experimental at this time.
+
+    The ratelimit is in queries per second that are allowed.
+    More queries are turned away with an error (SERVFAIL).
+    Cached responses are not ratelimited by this setting.
+
+    This stops recursive floods, eg. random query names, but not spoofed
+    reflection floods.
+    The zone of the query is determined by examining the nameservers for it,
+    the zone name is used to keep track of the rate.
+    For example, 1000 may be a suitable value to stop the server from being
+    overloaded with random names, and keeps unbound from sending traffic to the
+    nameservers for those zones.
+
+    .. note:: Configured forwarders are excluded from ratelimiting.
+
+    Default: 0
+
+
+@@UAHL@unbound.conf@ratelimit-size@@: *<memory size>*
+    Give the size of the data structure in which the current ongoing rates are
+    kept track in.
+    In bytes or use m(mega), k(kilo), g(giga).
+    The ratelimit structure is small, so this data structure likely does not
+    need to be large.
+
+    Default: 4m
+
+
+@@UAHL@unbound.conf@ratelimit-slabs@@: *<number>*
+    Number of slabs in the ratelimit tracking data structure.
+    Slabs reduce lock contention by threads.
+    Must be set to a power of 2.
+    Setting (close) to the number of cpus is a fairly good setting.
+    If left unconfigured, it will be configured automatically to be a power of
+    2 close to the number of configured threads in multi-threaded environments.
+
+    Default: (unconfigured)
+
+
+@@UAHL@unbound.conf@ratelimit-factor@@: *<number>*
+    Set the amount of queries to rate limit when the limit is exceeded.
+    If set to 0, all queries are dropped for domains where the limit is
+    exceeded.
+    If set to another value, 1 in that number is allowed through to complete.
+    Default is 10, allowing 1/10 traffic to flow normally.
+    This can make ordinary queries complete (if repeatedly queried for), and
+    enter the cache, whilst also mitigating the traffic flow by the factor
+    given.
+
+    Default: 10
+
+
+@@UAHL@unbound.conf@ratelimit-backoff@@: *<yes or no>*
+    If enabled, the ratelimit is treated as a hard failure instead of the
+    default maximum allowed constant rate.
+    When the limit is reached, traffic is ratelimited and demand continues to
+    be kept track of for a 2 second rate window.
+    No traffic is allowed, except for
+    :ref:`ratelimit-factor<unbound.conf.ratelimit-factor>`, until demand
+    decreases below the configured ratelimit for a 2 second rate window.
+    Useful to set :ref:`ratelimit<unbound.conf.ratelimit>` to a suspicious
+    rate to aggressively limit unusually high traffic.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@ratelimit-for-domain@@: *<domain> <number qps or 0>*
+    Override the global :ref:`ratelimit<unbound.conf.ratelimit>` for an exact
+    match domain name with the listed number.
+    You can give this for any number of names.
+    For example, for a top-level-domain you may want to have a higher limit
+    than other names.
+    A value of 0 will disable ratelimiting for that domain.
+
+
+@@UAHL@unbound.conf@ratelimit-below-domain@@: *<domain> <number qps or 0>*
+    Override the global :ref:`ratelimit<unbound.conf.ratelimit>` for a domain
+    name that ends in this name.
+    You can give this multiple times, it then describes different settings in
+    different parts of the namespace.
+    The closest matching suffix is used to determine the qps limit.
+    The rate for the exact matching domain name is not changed, use
+    :ref:`ratelimit-for-domain<unbound.conf.ratelimit-for-domain>` to set
+    that, you might want to use different settings for a top-level-domain and
+    subdomains.
+    A value of 0 will disable ratelimiting for domain names that end in this
+    name.
+
+
+@@UAHL@unbound.conf@ip-ratelimit@@: *<number or 0>*
+    Enable global ratelimiting of queries accepted per ip address.
+    This option is experimental at this time.
+    The ratelimit is in queries per second that are allowed.
+    More queries are completely dropped and will not receive a reply, SERVFAIL
+    or otherwise.
+    IP ratelimiting happens before looking in the cache.
+    This may be useful for mitigating amplification attacks.
+    Clients with a valid DNS Cookie will bypass the ratelimit.
+    If a ratelimit for such clients is still needed,
+    :ref:`ip-ratelimit-cookie<unbound.conf.ip-ratelimit-cookie>`
+    can be used instead.
+
+    Default: 0 (disabled)
+
+
+@@UAHL@unbound.conf@ip-ratelimit-cookie@@: *<number or 0>*
+    Enable global ratelimiting of queries accepted per IP address with a valid
+    DNS Cookie.
+    This option is experimental at this time.
+    The ratelimit is in queries per second that are allowed.
+    More queries are completely dropped and will not receive a reply, SERVFAIL
+    or otherwise.
+    IP ratelimiting happens before looking in the cache.
+    This option could be useful in combination with
+    :ref:`allow_cookie<unbound.conf.access-control.action.allow_cookie>`, in an
+    attempt to mitigate other amplification attacks than UDP reflections (e.g.,
+    attacks targeting Unbound itself) which are already handled with DNS
+    Cookies.
+    If used, the value is suggested to be higher than
+    :ref:`ip-ratelimit<unbound.conf.ip-ratelimit>` e.g., tenfold.
+
+    Default: 0 (disabled)
+
+
+@@UAHL@unbound.conf@ip-ratelimit-size@@: *<memory size>*
+    Give the size of the data structure in which the current ongoing rates are
+    kept track in.
+    In bytes or use m(mega), k(kilo), g(giga).
+    The IP ratelimit structure is small, so this data structure likely does not
+    need to be large.
+
+    Default: 4m
+
+
+@@UAHL@unbound.conf@ip-ratelimit-slabs@@: *<number>*
+    Number of slabs in the ip ratelimit tracking data structure.
+    Slabs reduce lock contention by threads.
+    Must be set to a power of 2.
+    Setting (close) to the number of cpus is a fairly good setting.
+    If left unconfigured, it will be configured automatically to be a power of
+    2 close to the number of configured threads in multi-threaded environments.
+
+    Default: (unconfigured)
+
+
+@@UAHL@unbound.conf@ip-ratelimit-factor@@: *<number>*
+    Set the amount of queries to rate limit when the limit is exceeded.
+    If set to 0, all queries are dropped for addresses where the limit is
+    exceeded.
+    If set to another value, 1 in that number is allowed through to complete.
+    Default is 10, allowing 1/10 traffic to flow normally.
+    This can make ordinary queries complete (if repeatedly queried for), and
+    enter the cache, whilst also mitigating the traffic flow by the factor
+    given.
+
+    Default: 10
+
+
+@@UAHL@unbound.conf@ip-ratelimit-backoff@@: *<yes or no>*
+    If enabled, the rate limit is treated as a hard failure instead of the
+    default maximum allowed constant rate.
+    When the limit is reached, traffic is ratelimited and demand continues to
+    be kept track of for a 2 second rate window.
+    No traffic is allowed, except for
+    :ref:`ip-ratelimit-factor<unbound.conf.ip-ratelimit-factor>`, until demand
+    decreases below the configured ratelimit for a 2 second rate window.
+    Useful to set :ref:`ip-ratelimit<unbound.conf.ip-ratelimit>` to a
+    suspicious rate to aggressively limit unusually high traffic.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@outbound-msg-retry@@: *<number>*
+    The number of retries, per upstream nameserver in a delegation, that
+    Unbound will attempt in case a throwaway response is received.
+    No response (timeout) contributes to the retry counter.
+    If a forward/stub zone is used, this is the number of retries per
+    nameserver in the zone.
+
+    Default: 5
+
+
+@@UAHL@unbound.conf@max-sent-count@@: *<number>*
+    Hard limit on the number of outgoing queries Unbound will make while
+    resolving a name, making sure large NS sets do not loop.
+    Results in SERVFAIL when reached.
+    It resets on query restarts (e.g., CNAME) and referrals.
+
+    Default: 32
+
+
+@@UAHL@unbound.conf@max-query-restarts@@: *<number>*
+    Hard limit on the number of times Unbound is allowed to restart a query
+    upon encountering a CNAME record.
+    Results in SERVFAIL when reached.
+    Changing this value needs caution as it can allow long CNAME chains to be
+    accepted, where Unbound needs to verify (resolve) each link individually.
+
+    Default: 11
+
+
+@@UAHL@unbound.conf@iter-scrub-ns@@: *<number>*
+    Limit on the number of NS records allowed in an rrset of type NS, from the
+    iterator scrubber.
+    This protects the internals of the resolver from overly large NS sets.
+
+    Default: 20
+
+
+@@UAHL@unbound.conf@iter-scrub-cname@@: *<number>*
+    Limit on the number of CNAME, DNAME records in an answer, from the iterator
+    scrubber.
+    This protects the internals of the resolver from overly long indirection
+    chains.
+    Clips off the remainder of the reply packet at that point.
+
+    Default: 11
+
+
+@@UAHL@unbound.conf@max-global-quota@@: *<number>*
+    Limit on the number of upstream queries sent out for an incoming query and
+    its subqueries from recursion.
+    It is not reset during the resolution.
+    When it is exceeded the query is failed and the lookup process stops.
+
+    Default: 200
+
+
+@@UAHL@unbound.conf@fast-server-permil@@: *<number>*
+    Specify how many times out of 1000 to pick from the set of fastest servers.
+    0 turns the feature off.
+    A value of 900 would pick from the fastest servers 90 percent of the time,
+    and would perform normal exploration of random servers for the remaining
+    time.
+    When :ref:`prefetch<unbound.conf.prefetch>` is enabled (or
+    :ref:`serve-expired<unbound.conf.serve-expired>`), such prefetches are not
+    sped up, because there is no one waiting for it, and it presents a good
+    moment to perform server exploration.
+    The :ref:`fast-server-num<unbound.conf.fast-server-num>` option can be
+    used to specify the size of the fastest servers set.
+
+    Default: 0
+
+
+@@UAHL@unbound.conf@fast-server-num@@: *<number>*
+    Set the number of servers that should be used for fast server selection.
+    Only use the fastest specified number of servers with the
+    :ref:`fast-server-permil<unbound.conf.fast-server-permil>` option, that
+    turns this on or off.
+
+    Default: 3
+
+
+@@UAHL@unbound.conf@answer-cookie@@: *<yes or no>*
+    If enabled, Unbound will answer to requests containing DNS Cookies as
+    specified in RFC 7873 and RFC 9018.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@cookie-secret@@: *"<128 bit hex string>"*
+    Server's secret for DNS Cookie generation.
+    Useful to explicitly set for servers in an anycast deployment that need to
+    share the secret in order to verify each other's Server Cookies.
+    An example hex string would be "000102030405060708090a0b0c0d0e0f".
+
+    .. note::
+        This option is ignored if a
+        :ref:`cookie-secret-file<unbound.conf.cookie-secret-file>` is present.
+        In that case the secrets from that file are used in DNS Cookie
+        calculations.
+
+    Default: 128 bits random secret generated at startup time
+
+
+@@UAHL@unbound.conf@cookie-secret-file@@: *<filename>*
+    File from which the secrets are read used in DNS Cookie calculations.
+    When this file exists, the secrets in this file are used and the secret
+    specified by the
+    :ref:`cookie-secret<unbound.conf.cookie-secret>` option is ignored.
+    Enable it by setting a filename, like
+    "/usr/local/etc/unbound_cookiesecrets.txt".
+    The content of this file must be manipulated with the
+    :ref:`add_cookie_secret<unbound-control.commands.add_cookie_secret>`,
+    :ref:`drop_cookie_secret<unbound-control.commands.drop_cookie_secret>` and
+    :ref:`activate_cookie_secret<unbound-control.commands.activate_cookie_secret>`
+    commands to the :doc:`unbound-control(8)</manpages/unbound-control>` tool.
+    Please see that manpage on how to perform a safe cookie secret rollover.
+
+    Default: "" (disabled)
+
+
+@@UAHL@unbound.conf@edns-client-string@@: *<IP netblock> <string>*
+    Include an EDNS0 option containing configured ASCII string in queries with
+    destination address matching the configured *<IP netblock>*.
+    This configuration option can be used multiple times.
+    The most specific match will be used.
+
+
+@@UAHL@unbound.conf@edns-client-string-opcode@@: *<opcode>*
+    EDNS0 option code for the
+    :ref:`edns-client-string<unbound.conf.edns-client-string>` option, from 0
+    to 65535.
+    A value from the 'Reserved for Local/Experimental' range (65001-65534)
+    should be used.
+
+    Default: 65001
+
+
+@@UAHL@unbound.conf@ede@@: *<yes or no>*
+    If enabled, Unbound will respond with Extended DNS Error codes
+    (:rfc:`8914`).
+    These EDEs provide additional information with a response mainly for, but
+    not limited to, DNS and DNSSEC errors.
+
+    When the :ref:`val-log-level<unbound.conf.val-log-level>` option is also
+    set to ``2``, responses with Extended DNS Errors concerning DNSSEC failures
+    will also contain a descriptive text message about the reason for the
+    failure.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@ede-serve-expired@@: *<yes or no>*
+    If enabled, Unbound will attach an Extended DNS Error (:rfc:`8914`) *Code 3
+    - Stale Answer* as EDNS0 option to the expired response.
+
+    .. note::
+        :ref:`ede: yes<unbound.conf.ede>` needs to be set as well for this to
+        work.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@dns-error-reporting@@: *<yes or no>*
+    If enabled, Unbound will send DNS Error Reports (:rfc:`9567`).
+    The name servers need to express support by attaching the Report-Channel
+    EDNS0 option on their replies specifying the reporting agent for the zone.
+    Any errors encountered during resolution that would result in Unbound
+    generating an Extended DNS Error (:rfc:`8914`) will be reported to the
+    zone's reporting agent.
+
+    The :ref:`ede<unbound.conf.ede>` option does not need to be enabled for
+    this to work.
+
+    It is advised that the
+    :ref:`qname-minimisation<unbound.conf.qname-minimisation>` option is also
+    enabled to increase privacy on the outgoing reports.
+
+    Default: no
+
+.. _unbound.conf.remote:
+
+Remote Control Options
+^^^^^^^^^^^^^^^^^^^^^^
+
+In the **remote-control:** clause are the declarations for the remote control
+facility.
+If this is enabled, the :doc:`unbound-control(8)</manpages/unbound-control>`
+utility can be used to send commands to the running Unbound server.
+The server uses these clauses to setup TLSv1 security for the connection.
+The :doc:`unbound-control(8)</manpages/unbound-control>` utility also reads the
+**remote-control:** section for options.
+To setup the correct self-signed certificates use the
+*unbound-control-setup(8)* utility.
+
+
+@@UAHL@unbound.conf.remote@control-enable@@: *<yes or no>*
+    The option is used to enable remote control.
+    If turned off, the server does not listen for control commands.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.remote@control-interface@@: *<IP address or interface name or path>*
+    Give IPv4 or IPv6 addresses or local socket path to listen on for control
+    commands.
+    If an interface name is used instead of an IP address, the list of IP
+    addresses on that interface are used.
+
+    By default localhost (``127.0.0.1`` and ``::1``) is listened to.
+    Use ``0.0.0.0`` and ``::0`` to listen to all interfaces.
+    If you change this and permissions have been dropped, you must restart the
+    server for the change to take effect.
+
+    If you set it to an absolute path, a unix domain socket is used.
+    This socket does not use the certificates and keys, so those files need not
+    be present.
+    To restrict access, Unbound sets permissions on the file to the user and
+    group that is configured, the access bits are set to allow the group
+    members to access the control socket file.
+    Put users that need to access the socket in the that group.
+    To restrict access further, create a directory to put the control socket in
+    and restrict access to that directory.
+
+
+@@UAHL@unbound.conf.remote@control-port@@: *<port number>*
+    The port number to listen on for IPv4 or IPv6 control interfaces.
+
+    .. note::
+        If you change this and permissions have been dropped, you must restart
+        the server for the change to take effect.
+
+    Default: 8953
+
+
+@@UAHL@unbound.conf.remote@control-use-cert@@: *<yes or no>*
+    For localhost
+    :ref:`control-interface<unbound.conf.remote.control-interface>` you can
+    disable the use of TLS by setting this option to "no".
+    For local sockets, TLS is disabled and the value of this option is ignored.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf.remote@server-key-file@@: *<private key file>*
+    Path to the server private key.
+    This file is generated by the
+    :doc:`unbound-control-setup(8)</manpages/unbound-control>` utility.
+    This file is used by the Unbound server, but not by
+    :doc:`unbound-control(8)</manpages/unbound-control>`.
+
+    Default: unbound_server.key
+
+
+@@UAHL@unbound.conf.remote@server-cert-file@@: *<certificate file.pem>*
+    Path to the server self signed certificate.
+    This file is generated by the
+    :doc:`unbound-control-setup(8)</manpages/unbound-control>` utility.
+    This file is used by the Unbound server, and also by
+    :doc:`unbound-control(8)</manpages/unbound-control>`.
+
+    Default: unbound_server.pem
+
+
+@@UAHL@unbound.conf.remote@control-key-file@@: *<private key file>*
+    Path to the control client private key.
+    This file is generated by the
+    :doc:`unbound-control-setup(8)</manpages/unbound-control>` utility.
+    This file is used by :doc:`unbound-control(8)</manpages/unbound-control>`.
+
+    Default: unbound_control.key
+
+
+@@UAHL@unbound.conf.remote@control-cert-file@@: *<certificate file.pem>*
+    Path to the control client certificate.
+    This certificate has to be signed with the server certificate.
+    This file is generated by the
+    :doc:`unbound-control-setup(8)</manpages/unbound-control>` utility.
+    This file is used by :doc:`unbound-control(8)</manpages/unbound-control>`.
+
+    Default: unbound_control.pem
+
+.. _unbound.conf.stub:
+
+Stub Zone Options
+^^^^^^^^^^^^^^^^^
+
+There may be multiple **stub-zone:** clauses.
+Each with a :ref:`name<unbound.conf.stub.name>` and zero or more hostnames or
+IP addresses.
+For the stub zone this list of nameservers is used.
+Class IN is assumed.
+The servers should be authority servers, not recursors; Unbound performs the
+recursive processing itself for stub zones.
+
+The stub zone can be used to configure authoritative data to be used by the
+resolver that cannot be accessed using the public internet servers.
+This is useful for company-local data or private zones.
+Setup an authoritative server on a different host (or different port).
+Enter a config entry for Unbound with:
+
+.. code-block:: text
+
+   stub-addr: <ip address of host[@port]>
+
+The Unbound resolver can then access the data, without referring to the public
+internet for it.
+
+This setup allows DNSSEC signed zones to be served by that authoritative
+server, in which case a trusted key entry with the public key can be put in
+config, so that Unbound can validate the data and set the AD bit on replies for
+the private zone (authoritative servers do not set the AD bit).
+This setup makes Unbound capable of answering queries for the private zone, and
+can even set the AD bit ('authentic'), but the AA ('authoritative') bit is not
+set on these replies.
+
+Consider adding :ref:`server<unbound.conf.server>` statements for
+:ref:`domain-insecure<unbound.conf.domain-insecure>` and for
+:ref:`local-zone: \<name\> nodefault<unbound.conf.local-zone.type.nodefault>`
+for the zone if it is a locally served zone.
+The insecure clause stops DNSSEC from invalidating the zone.
+The :ref:`local-zone: nodefault<unbound.conf.local-zone.type.nodefault>` (or
+:ref:`transparent<unbound.conf.local-zone.type.transparent>`) clause makes the
+(reverse-) zone bypass Unbound's filtering of :rfc:`1918` zones.
+
+
+@@UAHL@unbound.conf.stub@name@@: *<domain name>*
+    Name of the stub zone.
+    This is the full domain name of the zone.
+
+
+@@UAHL@unbound.conf.stub@stub-host@@: *<domain name>*
+    Name of stub zone nameserver.
+    Is itself resolved before it is used.
+
+    To use a non-default port for DNS communication append ``'@'`` with the
+    port number.
+
+    If TLS is enabled, then you can append a ``'#'`` and a name, then it'll
+    check the TLS authentication certificates with that name.
+
+    If you combine the ``'@'`` and ``'#'``, the ``'@'`` comes first.
+    If only ``'#'`` is used the default port is the configured
+    :ref:`tls-port<unbound.conf.tls-port>`.
+
+
+@@UAHL@unbound.conf.stub@stub-addr@@: *<IP address>*
+    IP address of stub zone nameserver.
+    Can be IPv4 or IPv6.
+
+    To use a non-default port for DNS communication append ``'@'`` with the
+    port number.
+
+    If TLS is enabled, then you can append a ``'#'`` and a name, then it'll
+    check the tls authentication certificates with that name.
+
+    If you combine the ``'@'`` and ``'#'``, the ``'@'`` comes first.
+    If only ``'#'`` is used the default port is the configured
+    :ref:`tls-port<unbound.conf.tls-port>`.
+
+
+@@UAHL@unbound.conf.stub@stub-prime@@: *<yes or no>*
+    If enabled it performs NS set priming, which is similar to root hints,
+    where it starts using the list of nameservers currently published by the
+    zone.
+    Thus, if the hint list is slightly outdated, the resolver picks up a
+    correct list online.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.stub@stub-first@@: *<yes or no>*
+    If enabled, a query is attempted without the stub clause if it fails.
+    The data could not be retrieved and would have caused SERVFAIL because the
+    servers are unreachable, instead it is tried without this clause.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.stub@stub-tls-upstream@@: *<yes or no>*
+    Enabled or disable whether the queries to this stub use TLS for transport.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.stub@stub-ssl-upstream@@: *<yes or no>*
+    Alternate syntax for
+    :ref:`stub-tls-upstream<unbound.conf.stub.stub-tls-upstream>`.
+
+
+@@UAHL@unbound.conf.stub@stub-tcp-upstream@@: *<yes or no>*
+    If it is set to "yes" then upstream queries use TCP only for transport
+    regardless of global flag :ref:`tcp-upstream<unbound.conf.tcp-upstream>`.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.stub@stub-no-cache@@: *<yes or no>*
+    If enabled, data inside the stub is not cached.
+    This is useful when you want immediate changes to be visible.
+
+    Default: no
+
+.. _unbound.conf.forward:
+
+Forward Zone Options
+^^^^^^^^^^^^^^^^^^^^
+
+There may be multiple **forward-zone:** clauses.
+Each with a :ref:`name<unbound.conf.forward.name>` and zero or more hostnames
+or IP addresses.
+For the forward zone this list of nameservers is used to forward the queries
+to.
+The servers listed as :ref:`forward-host<unbound.conf.forward.forward-host>`
+and :ref:`forward-addr<unbound.conf.forward.forward-addr>` have to handle
+further recursion for the query.
+Thus, those servers are not authority servers, but are (just like Unbound is)
+recursive servers too; Unbound does not perform recursion itself for the
+forward zone, it lets the remote server do it.
+Class IN is assumed.
+CNAMEs are chased by Unbound itself, asking the remote server for every name in
+the indirection chain, to protect the local cache from illegal indirect
+referenced items.
+A :ref:`forward-zone<unbound.conf.forward>` entry with name
+``"."`` and a :ref:`forward-addr<unbound.conf.forward.forward-addr>` target
+will forward all queries to that other server (unless it can answer from the
+cache).
+
+
+@@UAHL@unbound.conf.forward@name@@: *<domain name>*
+    Name of the forward zone.
+    This is the full domain name of the zone.
+
+
+@@UAHL@unbound.conf.forward@forward-host@@: *<domain name>*
+    Name of server to forward to.
+    Is itself resolved before it is used.
+
+    To use a non-default port for DNS communication append ``'@'`` with the
+    port number.
+
+    If TLS is enabled, then you can append a ``'#'`` and a name, then it'll
+    check the TLS authentication certificates with that name.
+
+    If you combine the ``'@'`` and ``'#'``, the ``'@'`` comes first.
+    If only ``'#'`` is used the default port is the configured
+    :ref:`tls-port<unbound.conf.tls-port>`.
+
+
+@@UAHL@unbound.conf.forward@forward-addr@@: *<IP address>*
+    IP address of server to forward to.
+    Can be IPv4 or IPv6.
+
+    To use a non-default port for DNS communication append ``'@'`` with the
+    port number.
+
+    If TLS is enabled, then you can append a ``'#'`` and a name, then it'll
+    check the tls authentication certificates with that name.
+
+    If you combine the ``'@'`` and ``'#'``, the ``'@'`` comes first.
+    If only ``'#'`` is used the default port is the configured
+    :ref:`tls-port<unbound.conf.tls-port>`.
+
+    At high verbosity it logs the TLS certificate, with TLS enabled.
+    If you leave out the ``'#'`` and auth name from the
+    :ref:`forward-addr<unbound.conf.forward.forward-addr>`, any name is
+    accepted.
+    The cert must also match a CA from the
+    :ref:`tls-cert-bundle<unbound.conf.tls-cert-bundle>`.
+
+
+@@UAHL@unbound.conf.forward@forward-first@@: *<yes or no>*
+    If a forwarded query is met with a SERVFAIL error, and this option is
+    enabled, Unbound will fall back to normal recursive resolution for this
+    query as if no query forwarding had been specified.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.forward@forward-tls-upstream@@: *<yes or no>*
+    Enabled or disable whether the queries to this forwarder use TLS for
+    transport.
+    If you enable this, also configure a
+    :ref:`tls-cert-bundle<unbound.conf.tls-cert-bundle>` or use
+    :ref:`tls-win-cert<unbound.conf.tls-win-cert>` to load CA certs, otherwise
+    the connections cannot be authenticated.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.forward@forward-ssl-upstream@@: *<yes or no>*
+    Alternate syntax for
+    :ref:`forward-tls-upstream<unbound.conf.forward.forward-tls-upstream>`.
+
+
+@@UAHL@unbound.conf.forward@forward-tcp-upstream@@: *<yes or no>*
+    If it is set to "yes" then upstream queries use TCP only for transport
+    regardless of global flag :ref:`tcp-upstream<unbound.conf.tcp-upstream>`.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.forward@forward-no-cache@@: *<yes or no>*
+    If enabled, data inside the forward is not cached.
+    This is useful when you want immediate changes to be visible.
+
+    Default: no
+
+.. _unbound.conf.auth:
+
+Authority Zone Options
+^^^^^^^^^^^^^^^^^^^^^^
+
+Authority zones are configured with **auth-zone:**, and each one must have a
+:ref:`name<unbound.conf.auth.name>`.
+There can be multiple ones, by listing multiple auth-zone clauses, each with a
+different name, pertaining to that part of the namespace.
+The authority zone with the name closest to the name looked up is used.
+Authority zones can be processed on two distinct, non-exclusive, configurable
+stages.
+
+With :ref:`for-downstream: yes<unbound.conf.auth.for-downstream>` (default),
+authority zones are processed after **local-zones** and before cache.
+When used in this manner, Unbound responds like an authority server with no
+further processing other than returning an answer from the zone contents.
+A notable example, in this case, is CNAME records which are returned verbatim
+to downstream clients without further resolution.
+
+With :ref:`for-upstream: yes<unbound.conf.auth.for-upstream>` (default),
+authority zones are processed after the cache lookup, just before going to the
+network to fetch information for recursion.
+When used in this manner they provide a local copy of an authority server
+that speeds up lookups for that data during resolving.
+
+If both options are enabled (default), client queries for an authority zone are
+answered authoritatively from Unbound, while internal queries that require data
+from the authority zone consult the local zone data instead of going to the
+network.
+
+An interesting configuration is
+:ref:`for-downstream: no<unbound.conf.auth.for-downstream>`,
+:ref:`for-upstream: yes<unbound.conf.auth.for-upstream>`
+that allows for hyperlocal behavior where both client and internal queries
+consult the local zone data while resolving.
+In this case, the aforementioned CNAME example will result in a thoroughly
+resolved answer.
+
+Authority zones can be read from zonefile.
+And can be kept updated via AXFR and IXFR.
+After update the zonefile is rewritten.
+The update mechanism uses the SOA timer values and performs SOA UDP queries to
+detect zone changes.
+
+If the update fetch fails, the timers in the SOA record are used to time
+another fetch attempt.
+Until the SOA expiry timer is reached.
+Then the zone is expired.
+When a zone is expired, queries are SERVFAIL, and any new serial number is
+accepted from the primary (even if older), and if fallback is enabled, the
+fallback activates to fetch from the upstream instead of the SERVFAIL.
+
+
+@@UAHL@unbound.conf.auth@name@@: *<zone name>*
+    Name of the authority zone.
+
+
+@@UAHL@unbound.conf.auth@primary@@: *<IP address or host name>*
+    Where to download a copy of the zone from, with AXFR and IXFR.
+    Multiple primaries can be specified.
+    They are all tried if one fails.
+
+    To use a non-default port for DNS communication append ``'@'`` with the
+    port number.
+
+    You can append a ``'#'`` and a name, then AXFR over TLS can be used and the
+    TLS authentication certificates will be checked with that name.
+
+    If you combine the ``'@'`` and ``'#'``, the ``'@'`` comes first.
+    If you point it at another Unbound instance, it would not work because that
+    does not support AXFR/IXFR for the zone, but if you used
+    :ref:`url<unbound.conf.auth.url>` to download the zonefile as a text file
+    from a webserver that would work.
+
+    If you specify the hostname, you cannot use the domain from the zonefile,
+    because it may not have that when retrieving that data, instead use a plain
+    IP address to avoid a circular dependency on retrieving that IP address.
+
+
+@@UAHL@unbound.conf.auth@master@@: *<IP address or host name>*
+    Alternate syntax for :ref:`primary<unbound.conf.auth.primary>`.
+
+
+@@UAHL@unbound.conf.auth@url@@: *<URL to zone file>*
+    Where to download a zonefile for the zone.
+    With HTTP or HTTPS.
+    An example for the url is:
+
+    .. code-block:: text
+
+        http://www.example.com/example.org.zone
+
+    Multiple url statements can be given, they are tried in turn.
+
+    If only urls are given the SOA refresh timer is used to wait for making new
+    downloads.
+    If also primaries are listed, the primaries are first probed with UDP SOA
+    queries to see if the SOA serial number has changed, reducing the number of
+    downloads.
+    If none of the urls work, the primaries are tried with IXFR and AXFR.
+
+    For HTTPS, the :ref:`tls-cert-bundle<unbound.conf.tls-cert-bundle>` and
+    the hostname from the url are used to authenticate the connection.
+
+    If you specify a hostname in the URL, you cannot use the domain from the
+    zonefile, because it may not have that when retrieving that data, instead
+    use a plain IP address to avoid a circular dependency on retrieving that IP
+    address.
+
+    Avoid dependencies on name lookups by using a notation like
+    ``"http://192.0.2.1/unbound-primaries/example.com.zone"``, with an explicit
+    IP address.
+
+
+@@UAHL@unbound.conf.auth@allow-notify@@: *<IP address or host name or netblockIP/prefix>*
+    With :ref:`allow-notify<unbound.conf.auth.allow-notify>` you can specify
+    additional sources of notifies.
+    When notified, the server attempts to first probe and then zone transfer.
+    If the notify is from a primary, it first attempts that primary.
+    Otherwise other primaries are attempted.
+    If there are no primaries, but only urls, the file is downloaded when
+    notified.
+
+    .. note::
+        The primaries from :ref:`primary<unbound.conf.auth.primary>` and
+        :ref:`url<unbound.conf.auth.url>` statements are allowed notify by
+        default.
+
+
+@@UAHL@unbound.conf.auth@fallback-enabled@@: *<yes or no>*
+    If enabled, Unbound falls back to querying the internet as a resolver for
+    this zone when lookups fail.
+    For example for DNSSEC validation failures.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.auth@for-downstream@@: *<yes or no>*
+    If enabled, Unbound serves authority responses to downstream clients for
+    this zone.
+    This option makes Unbound behave, for the queries with names in this zone,
+    like one of the authority servers for that zone.
+
+    Turn it off if you want Unbound to provide recursion for the zone but have
+    a local copy of zone data.
+
+    If :ref:`for-downstream: no<unbound.conf.auth.for-downstream>` and
+    :ref:`for-upstream: yes<unbound.conf.auth.for-upstream>` are set, then
+    Unbound will DNSSEC validate the contents of the zone before serving the
+    zone contents to clients and store validation results in the cache.
+
+    Default: yes
+
+
+
+@@UAHL@unbound.conf.auth@for-upstream@@: *<yes or no>*
+    If enabled, Unbound fetches data from this data collection for answering
+    recursion queries.
+    Instead of sending queries over the internet to the authority servers for
+    this zone, it'll fetch the data directly from the zone data.
+
+    Turn it on when you want Unbound to provide recursion for downstream
+    clients, and use the zone data as a local copy to speed up lookups.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf.auth@zonemd-check@@: *<yes or no>*
+    Enable this option to check ZONEMD records in the zone.
+    The ZONEMD record is a checksum over the zone data.
+    This includes glue in the zone and data from the zone file, and excludes
+    comments from the zone file.
+    When there is a DNSSEC chain of trust, DNSSEC signatures are checked too.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.auth@zonemd-reject-absence@@: *<yes or no>*
+    Enable this option to reject the absence of the ZONEMD record.
+    Without it, when ZONEMD is not there it is not checked.
+
+    It is useful to enable for a non-DNSSEC signed zone where the operator
+    wants to require the verification of a ZONEMD, hence a missing ZONEMD is a
+    failure.
+
+    The action upon failure is controlled by the
+    :ref:`zonemd-permissive-mode<unbound.conf.zonemd-permissive-mode>` option,
+    for log only or also block the zone.
+
+    Without the option, absence of a ZONEMD is only a failure when the zone is
+    DNSSEC signed, and we have a trust anchor, and the DNSSEC verification of
+    the absence of the ZONEMD fails.
+    With the option enabled, the absence of a ZONEMD is always a failure, also
+    for nonDNSSEC signed zones.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.auth@zonefile@@: *<filename>*
+    The filename where the zone is stored.
+    If not given then no zonefile is used.
+    If the file does not exist or is empty, Unbound will attempt to fetch zone
+    data (eg. from the primary servers).
+
+.. _unbound.conf.view:
+
+View Options
+^^^^^^^^^^^^
+
+There may be multiple **view:** clauses.
+Each with a :ref:`name<unbound.conf.view.name>` and zero or more
+:ref:`local-zone<unbound.conf.view.local-zone>` and
+:ref:`local-data<unbound.conf.view.local-data>` attributes.
+Views can also contain :ref:`view-first<unbound.conf.view.view-first>`,
+:ref:`response-ip<unbound.conf.response-ip>`,
+:ref:`response-ip-data<unbound.conf.response-ip-data>` and
+:ref:`local-data-ptr<unbound.conf.view.local-data-ptr>` attributes.
+View can be mapped to requests by specifying the view name in an
+:ref:`access-control-view<unbound.conf.access-control-view>` attribute.
+Options from matching views will override global options.
+Global options will be used if no matching view is found, or when the matching
+view does not have the option specified.
+
+
+@@UAHL@unbound.conf.view@name@@: *<view name>*
+    Name of the view.
+    Must be unique.
+    This name is used in the
+    :ref:`access-control-view<unbound.conf.access-control-view>` attribute.
+
+
+@@UAHL@unbound.conf.view@local-zone@@: *<zone> <type>*
+    View specific local zone elements.
+    Has the same types and behaviour as the global
+    :ref:`local-zone<unbound.conf.local-zone>` elements.
+    When there is at least one *local-zone:* specified and :ref:`view-first:
+    no<unbound.conf.view.view-first>` is set, the default local-zones will be
+    added to this view.
+    Defaults can be disabled using the nodefault type.
+    When :ref:`view-first: yes<unbound.conf.view.view-first>` is set or when a
+    view does not have a :ref:`local-zone<unbound.conf.view.local-zone>`, the
+    global :ref:`local-zone<unbound.conf.local-zone>` will be used including
+    it's default zones.
+
+
+@@UAHL@unbound.conf.view@local-data@@: *"<resource record string>"*
+    View specific local data elements.
+    Has the same behaviour as the global
+    :ref:`local-data<unbound.conf.local-data>` elements.
+
+
+@@UAHL@unbound.conf.view@local-data-ptr@@: *"IPaddr name"*
+    View specific local-data-ptr elements.
+    Has the same behaviour as the global
+    :ref:`local-data-ptr<unbound.conf.local-data-ptr>` elements.
+
+
+@@UAHL@unbound.conf.view@view-first@@: *<yes or no>*
+    If enabled, it attempts to use the global
+    :ref:`local-zone<unbound.conf.local-zone>` and
+    :ref:`local-data<unbound.conf.local-data>` if there is no match in the
+    view specific options.
+
+    Default: no
+
+Python Module Options
+^^^^^^^^^^^^^^^^^^^^^
+
+The **python:** clause gives the settings for the *python(1)* script module.
+This module acts like the iterator and validator modules do, on queries and
+answers.
+To enable the script module it has to be compiled into the daemon, and the word
+``python`` has to be put in the
+:ref:`module-config<unbound.conf.module-config>` option (usually first, or
+between the validator and iterator).
+Multiple instances of the python module are supported by adding the word
+``python`` more than once.
+
+If the :ref:`chroot<unbound.conf.chroot>` option is enabled, you should make
+sure Python's library directory structure is bind mounted in the new root
+environment, see *mount(8)*.
+Also the :ref:`python-script<unbound.conf.python.python-script>` path should
+be specified as an absolute path relative to the new root, or as a relative
+path to the working directory.
+
+
+@@UAHL@unbound.conf.python@python-script@@: *<python file>*
+    The script file to load.
+    Repeat this option for every python module instance added to the
+    :ref:`module-config<unbound.conf.module-config>` option.
+
+Dynamic Library Module Options
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+The **dynlib:** clause gives the settings for the ``dynlib`` module.
+This module is only a very small wrapper that allows dynamic modules to be
+loaded on runtime instead of being compiled into the application.
+To enable the dynlib module it has to be compiled into the daemon, and the word
+``dynlib`` has to be put in the
+:ref:`module-config<unbound.conf.module-config>` attribute.
+Multiple instances of dynamic libraries are supported by adding the word
+``dynlib`` more than once.
+
+The :ref:`dynlib-file<unbound.conf.dynlib.dynlib-file>` path should be
+specified as an absolute path relative to the new path set by
+:ref:`chroot<unbound.conf.chroot>`, or as a relative path to the working
+directory.
+
+
+@@UAHL@unbound.conf.dynlib@dynlib-file@@: *<dynlib file>*
+    The dynamic library file to load.
+    Repeat this option for every dynlib module instance added to the
+    :ref:`module-config<unbound.conf.module-config>` option.
+
+DNS64 Module Options
+^^^^^^^^^^^^^^^^^^^^
+
+The ``dns64`` module must be configured in the
+:ref:`module-config<unbound.conf.module-config>` directive, e.g.:
+
+.. code-block:: text
+
+    module-config: "dns64 validator iterator"
+
+and be compiled into the daemon to be enabled.
+
+.. note::
+    These settings go in the :ref:`server:<unbound.conf.server>` section.
+
+
+@@UAHL@unbound.conf.dns64@dns64-prefix@@: *<IPv6 prefix>*
+    This sets the DNS64 prefix to use to synthesize AAAA records with.
+    It must be /96 or shorter.
+
+    Default: 64:ff9b::/96
+
+
+@@UAHL@unbound.conf.dns64@dns64-synthall@@: *<yes or no>*
+    .. warning:: Debugging feature!
+
+    If enabled, synthesize all AAAA records despite the presence of actual AAAA
+    records.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.dns64@dns64-ignore-aaaa@@: *<domain name>*
+    List domain for which the AAAA records are ignored and the A record is used
+    by DNS64 processing instead.
+    Can be entered multiple times, list a new domain for which it applies, one
+    per line.
+    Applies also to names underneath the name given.
+
+NAT64 Operation
+^^^^^^^^^^^^^^^
+
+NAT64 operation allows using a NAT64 prefix for outbound requests to IPv4-only
+servers.
+It is controlled by two options in the
+:ref:`server:<unbound.conf.server>` section:
+
+
+@@UAHL@unbound.conf.nat64@do-nat64@@: *<yes or no>*
+    Use NAT64 to reach IPv4-only servers.
+    Consider also enabling :ref:`prefer-ip6<unbound.conf.prefer-ip6>`
+    to prefer native IPv6 connections to nameservers.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.nat64@nat64-prefix@@: *<IPv6 prefix>*
+    Use a specific NAT64 prefix to reach IPv4-only servers.
+    The prefix length must be one of /32, /40, /48, /56, /64 or /96.
+
+    Default: 64:ff9b::/96 (same as :ref:`dns64-prefix<unbound.conf.dns64.dns64-prefix>`)
+
+DNSCrypt Options
+^^^^^^^^^^^^^^^^
+
+The **dnscrypt:** clause gives the settings of the dnscrypt channel.
+While those options are available, they are only meaningful if Unbound was
+compiled with ``--enable-dnscrypt``.
+Currently certificate and secret/public keys cannot be generated by Unbound.
+You can use dnscrypt-wrapper to generate those:
+https://github.com/cofyc/dnscrypt-wrapper/blob/master/README.md#usage
+
+
+@@UAHL@unbound.conf.dnscrypt@dnscrypt-enable@@: *<yes or no>*
+    Whether or not the dnscrypt config should be enabled.
+    You may define configuration but not activate it.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.dnscrypt@dnscrypt-port@@: *<port number>*
+    On which port should dnscrypt should be activated.
+
+    .. note::
+        There should be a matching interface option defined in the
+        :ref:`server:<unbound.conf.server>` section for this port.
+
+
+@@UAHL@unbound.conf.dnscrypt@dnscrypt-provider@@: *<provider name>*
+    The provider name to use to distribute certificates.
+    This is of the form:
+
+    .. code-block:: text
+
+        2.dnscrypt-cert.example.com.
+
+    .. important:: The name *MUST* end with a dot.
+
+
+@@UAHL@unbound.conf.dnscrypt@dnscrypt-secret-key@@: *<path to secret key file>*
+    Path to the time limited secret key file.
+    This option may be specified multiple times.
+
+
+@@UAHL@unbound.conf.dnscrypt@dnscrypt-provider-cert@@: *<path to cert file>*
+    Path to the certificate related to the
+    :ref:`dnscrypt-secret-key<unbound.conf.dnscrypt.dnscrypt-secret-key>`.
+    This option may be specified multiple times.
+
+
+@@UAHL@unbound.conf.dnscrypt@dnscrypt-provider-cert-rotated@@: *<path to cert file>*
+    Path to a certificate that we should be able to serve existing connection
+    from but do not want to advertise over
+    :ref:`dnscrypt-provider<unbound.conf.dnscrypt.dnscrypt-provider>` 's TXT
+    record certs distribution.
+
+    A typical use case is when rotating certificates, existing clients may
+    still use the client magic from the old cert in their queries until they
+    fetch and update the new cert.
+    Likewise, it would allow one to prime the new cert/key without distributing
+    the new cert yet, this can be useful when using a network of servers using
+    anycast and on which the configuration may not get updated at the exact
+    same time.
+
+    By priming the cert, the servers can handle both old and new certs traffic
+    while distributing only one.
+
+    This option may be specified multiple times.
+
+
+@@UAHL@unbound.conf.dnscrypt@dnscrypt-shared-secret-cache-size@@: *<memory size>*
+    Give the size of the data structure in which the shared secret keys are
+    kept in.
+    In bytes or use m(mega), k(kilo), g(giga).
+    The shared secret cache is used when a same client is making multiple
+    queries using the same public key.
+    It saves a substantial amount of CPU.
+
+    Default: 4m
+
+
+@@UAHL@unbound.conf.dnscrypt@dnscrypt-shared-secret-cache-slabs@@: *<number>*
+    Number of slabs in the dnscrypt shared secrets cache.
+    Slabs reduce lock contention by threads.
+    Must be set to a power of 2.
+    Setting (close) to the number of cpus is a fairly good setting.
+    If left unconfigured, it will be configured automatically to be a power of
+    2 close to the number of configured threads in multi-threaded environments.
+
+    Default: (unconfigured)
+
+
+@@UAHL@unbound.conf.dnscrypt@dnscrypt-nonce-cache-size@@: *<memory size>*
+    Give the size of the data structure in which the client nonces are kept in.
+    In bytes or use m(mega), k(kilo), g(giga).
+    The nonce cache is used to prevent dnscrypt message replaying.
+    Client nonce should be unique for any pair of client pk/server sk.
+
+    Default: 4m
+
+
+@@UAHL@unbound.conf.dnscrypt@dnscrypt-nonce-cache-slabs@@: *<number>*
+    Number of slabs in the dnscrypt nonce cache.
+    Slabs reduce lock contention by threads.
+    Must be set to a power of 2.
+    Setting (close) to the number of cpus is a fairly good setting.
+    If left unconfigured, it will be configured automatically to be a power of
+    2 close to the number of configured threads in multi-threaded environments.
+
+    Default: (unconfigured)
+
+EDNS Client Subnet Module Options
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+The ECS module must be configured in the
+:ref:`module-config<unbound.conf.module-config>` directive, e.g.:
+
+.. code-block:: text
+
+    module-config: "subnetcache validator iterator"
+
+and be compiled into the daemon to be enabled.
+
+.. note::
+    These settings go in the :ref:`server:<unbound.conf.server>` section.
+
+If the destination address is allowed in the configuration Unbound will add the
+EDNS0 option to the query containing the relevant part of the client's address.
+When an answer contains the ECS option the response and the option are placed
+in a specialized cache.
+If the authority indicated no support, the response is stored in the regular
+cache.
+
+Additionally, when a client includes the option in its queries, Unbound will
+forward the option when sending the query to addresses that are explicitly
+allowed in the configuration using
+:ref:`send-client-subnet<unbound.conf.ecs.send-client-subnet>`.
+The option will always be forwarded, regardless the allowed addresses, when
+:ref:`client-subnet-always-forward: yes<unbound.conf.ecs.client-subnet-always-forward>`
+is set.
+In this case the lookup in the regular cache is skipped.
+
+The maximum size of the ECS cache is controlled by
+:ref:`msg-cache-size<unbound.conf.msg-cache-size>` in the configuration file.
+On top of that, for each query only 100 different subnets are allowed to be
+stored for each address family.
+Exceeding that number, older entries will be purged from cache.
+
+Note that due to the nature of how EDNS Client Subnet works, by segregating the
+client IP space in order to try and have tailored responses for prefixes of
+unknown sizes, resolution and cache response performance are impacted as a
+result.
+Usage of the subnetcache module should only be enabled in installations that
+require such functionality where the resolver and the clients belong to
+different networks.
+An example of that is an open resolver installation.
+
+This module does not interact with the
+:ref:`serve-expired\*<unbound.conf.serve-expired>` and
+:ref:`prefetch<unbound.conf.prefetch>` options.
+
+
+@@UAHL@unbound.conf.ecs@send-client-subnet@@: *<IP address>*
+    Send client source address to this authority.
+    Append /num to indicate a classless delegation netblock, for example like
+    ``10.2.3.4/24`` or ``2001::11/64``.
+    Can be given multiple times.
+    Authorities not listed will not receive edns-subnet information, unless
+    domain in query is specified in
+    :ref:`client-subnet-zone<unbound.conf.ecs.client-subnet-zone>`.
+
+
+@@UAHL@unbound.conf.ecs@client-subnet-zone@@: *<domain>*
+    Send client source address in queries for this domain and its subdomains.
+    Can be given multiple times.
+    Zones not listed will not receive edns-subnet information, unless hosted by
+    authority specified in
+    :ref:`send-client-subnet<unbound.conf.ecs.send-client-subnet>`.
+
+
+@@UAHL@unbound.conf.ecs@client-subnet-always-forward@@: *<yes or no>*
+    Specify whether the ECS address check (configured using
+    :ref:`send-client-subnet<unbound.conf.ecs.send-client-subnet>`) is applied
+    for all queries, even if the triggering query contains an ECS record, or
+    only for queries for which the ECS record is generated using the querier
+    address (and therefore did not contain ECS data in the client query).
+    If enabled, the address check is skipped when the client query contains an
+    ECS record.
+    And the lookup in the regular cache is skipped.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.ecs@max-client-subnet-ipv6@@: *<number>*
+    Specifies the maximum prefix length of the client source address we are
+    willing to expose to third parties for IPv6.
+
+    Default: 56
+
+
+@@UAHL@unbound.conf.ecs@max-client-subnet-ipv4@@: *<number>*
+    Specifies the maximum prefix length of the client source address we are
+    willing to expose to third parties for IPv4.
+
+    Default: 24
+
+
+@@UAHL@unbound.conf.ecs@min-client-subnet-ipv6@@: *<number>*
+    Specifies the minimum prefix length of the IPv6 source mask we are willing
+    to accept in queries.
+    Shorter source masks result in REFUSED answers.
+    Source mask of 0 is always accepted.
+
+    Default: 0
+
+
+@@UAHL@unbound.conf.ecs@min-client-subnet-ipv4@@: *<number>*
+    Specifies the minimum prefix length of the IPv4 source mask we are willing
+    to accept in queries.
+    Shorter source masks result in REFUSED answers.
+    Source mask of 0 is always accepted.
+    Default: 0
+
+
+@@UAHL@unbound.conf.ecs@max-ecs-tree-size-ipv4@@: *<number>*
+    Specifies the maximum number of subnets ECS answers kept in the ECS radix
+    tree.
+    This number applies for each qname/qclass/qtype tuple.
+
+    Default: 100
+
+
+@@UAHL@unbound.conf.ecs@max-ecs-tree-size-ipv6@@: *<number>*
+    Specifies the maximum number of subnets ECS answers kept in the ECS radix
+    tree.
+    This number applies for each qname/qclass/qtype tuple.
+
+    Default: 100
+
+Opportunistic IPsec Support Module Options
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+The IPsec module must be configured in the
+:ref:`module-config<unbound.conf.module-config>` directive, e.g.:
+
+.. code-block:: text
+
+    module-config: "ipsecmod validator iterator"
+
+and be compiled into Unbound by using ``--enable-ipsecmod`` to be enabled.
+
+.. note::
+    These settings go in the :ref:`server:<unbound.conf.server>` section.
+
+When Unbound receives an A/AAAA query that is not in the cache and finds a
+valid answer, it will withhold returning the answer and instead will generate
+an IPSECKEY subquery for the same domain name.
+If an answer was found, Unbound will call an external hook passing the
+following arguments:
+
+QNAME
+    Domain name of the A/AAAA and IPSECKEY query.
+    In string format.
+
+IPSECKEY TTL
+    TTL of the IPSECKEY RRset.
+
+A/AAAA
+    String of space separated IP addresses present in the A/AAAA RRset.
+    The IP addresses are in string format.
+
+IPSECKEY
+    String of space separated IPSECKEY RDATA present in the IPSECKEY RRset.
+    The IPSECKEY RDATA are in DNS presentation format.
+
+The A/AAAA answer is then cached and returned to the client.
+If the external hook was called the TTL changes to ensure it doesn't surpass
+:ref:`ipsecmod-max-ttl<unbound.conf.ipsecmod-max-ttl>`.
+
+The same procedure is also followed when
+:ref:`prefetch: yes<unbound.conf.prefetch>` is set, but the A/AAAA answer is
+given to the client before the hook is called.
+:ref:`ipsecmod-max-ttl<unbound.conf.ipsecmod-max-ttl>` ensures that the A/AAAA
+answer given from cache is still relevant for opportunistic IPsec.
+
+
+@@UAHL@unbound.conf@ipsecmod-enabled@@: *<yes or no>*
+    Specifies whether the IPsec module is enabled or not.
+    The IPsec module still needs to be defined in the
+    :ref:`module-config<unbound.conf.module-config>` directive.
+    This option facilitates turning on/off the module without
+    restarting/reloading Unbound.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf@ipsecmod-hook@@: *<filename>*
+    Specifies the external hook that Unbound will call with *system(3)*.
+    The file can be specified as an absolute/relative path.
+    The file needs the proper permissions to be able to be executed by the same
+    user that runs Unbound.
+    It must be present when the IPsec module is defined in the
+    :ref:`module-config<unbound.conf.module-config>` directive.
+
+
+@@UAHL@unbound.conf@ipsecmod-strict@@: *<yes or no>*
+    If enabled Unbound requires the external hook to return a success value of
+    0.
+    Failing to do so Unbound will reply with SERVFAIL.
+    The A/AAAA answer will also not be cached.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@ipsecmod-max-ttl@@: *<seconds>*
+    Time to live maximum for A/AAAA cached records after calling the external
+    hook.
+
+    Default: 3600
+
+
+@@UAHL@unbound.conf@ipsecmod-ignore-bogus@@: *<yes or no>*
+    Specifies the behaviour of Unbound when the IPSECKEY answer is bogus.
+    If set to yes, the hook will be called and the A/AAAA answer will be
+    returned to the client.
+    If set to no, the hook will not be called and the answer to the A/AAAA
+    query will be SERVFAIL.
+    Mainly used for testing.
+
+    Default: no
+
+
+@@UAHL@unbound.conf@ipsecmod-allow@@: *<domain>*
+    Allow the IPsec module functionality for the domain so that the module
+    logic will be executed.
+    Can be given multiple times, for different domains.
+    If the option is not specified, all domains are treated as being allowed
+    (default).
+
+
+@@UAHL@unbound.conf@ipsecmod-whitelist@@: *<domain>*
+    Alternate syntax for :ref:`ipsecmod-allow<unbound.conf.ipsecmod-allow>`.
+
+Cache DB Module Options
+^^^^^^^^^^^^^^^^^^^^^^^
+
+The Cache DB module must be configured in the
+:ref:`module-config<unbound.conf.module-config>` directive, e.g.:
+
+.. code-block:: text
+
+    module-config: "validator cachedb iterator"
+
+and be compiled into the daemon with ``--enable-cachedb``.
+
+If this module is enabled and configured, the specified backend database works
+as a second level cache; when Unbound cannot find an answer to a query in its
+built-in in-memory cache, it consults the specified backend.
+If it finds a valid answer in the backend, Unbound uses it to respond to the
+query without performing iterative DNS resolution.
+If Unbound cannot even find an answer in the backend, it resolves the query as
+usual, and stores the answer in the backend.
+
+This module interacts with the *serve-expired-\** options and will reply with
+expired data if Unbound is configured for that.
+
+If Unbound was built with ``--with-libhiredis`` on a system that has installed
+the hiredis C client library of Redis, then the ``redis`` backend can be used.
+This backend communicates with the specified Redis server over a TCP connection
+to store and retrieve cache data.
+It can be used as a persistent and/or shared cache backend.
+
+.. note::
+    Unbound never removes data stored in the Redis server, even if some data
+    have expired in terms of DNS TTL or the Redis server has cached too much
+    data; if necessary the Redis server must be configured to limit the cache
+    size, preferably with some kind of least-recently-used eviction policy.
+
+Additionally, the
+:ref:`redis-expire-records<unbound.conf.cachedb.redis-expire-records>` option
+can be used in order to set the relative DNS TTL of the message as timeout to
+the Redis records; keep in mind that some additional memory is used per key and
+that the expire information is stored as absolute Unix timestamps in Redis
+(computer time must be stable).
+
+This backend uses synchronous communication with the Redis server based on the
+assumption that the communication is stable and sufficiently fast.
+The thread waiting for a response from the Redis server cannot handle other DNS
+queries.
+Although the backend has the ability to reconnect to the server when the
+connection is closed unexpectedly and there is a configurable timeout in case
+the server is overly slow or hangs up, these cases are assumed to be very rare.
+If connection close or timeout happens too often, Unbound will be effectively
+unusable with this backend.
+It's the administrator's responsibility to make the assumption hold.
+
+The **cachedb:** clause gives custom settings of the cache DB module.
+
+
+@@UAHL@unbound.conf.cachedb@backend@@: *<backend name>*
+    Specify the backend database name.
+    The default database is the in-memory backend named ``testframe``, which,
+    as the name suggests, is not of any practical use.
+    Depending on the build-time configuration, ``redis`` backend may also be
+    used as described above.
+
+    Default: testframe
+
+
+@@UAHL@unbound.conf.cachedb@secret-seed@@: *"<secret string>"*
+    Specify a seed to calculate a hash value from query information.
+    This value will be used as the key of the corresponding answer for the
+    backend database and can be customized if the hash should not be
+    predictable operationally.
+    If the backend database is shared by multiple Unbound instances, all
+    instances must use the same secret seed.
+
+    Default: "default"
+
+
+@@UAHL@unbound.conf.cachedb@cachedb-no-store@@: *<yes or no>*
+    If the backend should be read from, but not written to.
+    This makes this instance not store dns messages in the backend.
+    But if data is available it is retrieved.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.cachedb@cachedb-check-when-serve-expired@@: *<yes or no>*
+    If enabled, the cachedb is checked before an expired response is returned.
+    When
+    :ref:`serve-expired<unbound.conf.serve-expired>`
+    is enabled, without
+    :ref:`serve-expired-client-timeout<unbound.conf.serve-expired-client-timeout>`
+    , it then does not immediately respond with an expired response from cache,
+    but instead first checks the cachedb for valid contents, and if so returns it.
+    If the cachedb also has no valid contents, the serve expired response is sent.
+    If also
+    :ref:`serve-expired-client-timeout<unbound.conf.serve-expired-client-timeout>`
+    is enabled, the expired response is delayed until the timeout expires.
+    Unless the lookup succeeds within the timeout.
+
+    Default: yes
+
+The following **cachedb:** options are specific to the ``redis`` backend.
+
+
+@@UAHL@unbound.conf.cachedb@redis-server-host@@: *<server address or name>*
+    The IP (either v6 or v4) address or domain name of the Redis server.
+    In general an IP address should be specified as otherwise Unbound will have
+    to resolve the name of the server every time it establishes a connection to
+    the server.
+
+    Default: 127.0.0.1
+
+
+@@UAHL@unbound.conf.cachedb@redis-server-port@@: *<port number>*
+    The TCP port number of the Redis server.
+
+    Default: 6379
+
+
+@@UAHL@unbound.conf.cachedb@redis-server-path@@: *<unix socket path>*
+    The unix socket path to connect to the Redis server.
+    Unix sockets may have better throughput than the IP address option.
+
+    Default: "" (disabled)
+
+
+@@UAHL@unbound.conf.cachedb@redis-server-password@@: *"<password>"*
+    The Redis AUTH password to use for the Redis server.
+    Only relevant if Redis is configured for client password authorisation.
+
+    Default: "" (disabled)
+
+
+@@UAHL@unbound.conf.cachedb@redis-timeout@@: *<msec>*
+    The period until when Unbound waits for a response from the Redis server.
+    If this timeout expires Unbound closes the connection, treats it as if the
+    Redis server does not have the requested data, and will try to re-establish
+    a new connection later.
+
+    Default: 100
+
+
+@@UAHL@unbound.conf.cachedb@redis-command-timeout@@: *<msec>*
+    The timeout to use for Redis commands, in milliseconds.
+    If ``0``, it uses the
+    :ref:`redis-timeout<unbound.conf.cachedb.redis-timeout>`
+    value.
+
+    Default: 0
+
+
+@@UAHL@unbound.conf.cachedb@redis-connect-timeout@@: *<msec>*
+    The timeout to use for Redis connection set up, in milliseconds.
+    If ``0``, it uses the
+    :ref:`redis-timeout<unbound.conf.cachedb.redis-timeout>`
+    value.
+
+    Default: 0
+
+
+@@UAHL@unbound.conf.cachedb@redis-expire-records@@: *<yes or no>*
+    If Redis record expiration is enabled.
+    If yes, Unbound sets timeout for Redis records so that Redis can evict keys
+    that have expired automatically.
+    If Unbound is configured with
+    :ref:`serve-expired<unbound.conf.serve-expired>` and
+    :ref:`serve-expired-ttl: 0<unbound.conf.serve-expired-ttl>`, this option is
+    internally reverted to "no".
+
+    .. note::
+        Redis "SET ... EX" support is required for this option (Redis >= 2.6.12).
+
+    Default: no
+
+
+@@UAHL@unbound.conf.cachedb@redis-logical-db@@: *<logical database index>*
+    The logical database in Redis to use.
+    These are databases in the same Redis instance sharing the same
+    configuration and persisted in the same RDB/AOF file.
+    If unsure about using this option, Redis documentation
+    (https://redis.io/commands/select/) suggests not to use a single Redis
+    instance for multiple unrelated applications.
+    The default database in Redis is 0 while other logical databases need to be
+    explicitly SELECT'ed upon connecting.
+
+    Default: 0
+
+
+@@UAHL@unbound.conf.cachedb@redis-replica-server-host@@: *<server address or name>*
+    The IP (either v6 or v4) address or domain name of the Redis server.
+    In general an IP address should be specified as otherwise Unbound will have
+    to resolve the name of the server every time it establishes a connection to
+    the server.
+
+    This server is treated as a read-only replica server
+    (https://redis.io/docs/management/replication/#read-only-replica).
+    If specified, all Redis read commands will go to this replica server, while
+    the write commands will go to the
+    :ref:`redis-server-host<unbound.conf.cachedb.redis-server-host>`.
+
+    Default: "" (disabled).
+
+
+@@UAHL@unbound.conf.cachedb@redis-replica-server-port@@: *<port number>*
+    The TCP port number of the Redis replica server.
+
+    Default: 6379
+
+
+@@UAHL@unbound.conf.cachedb@redis-replica-server-path@@: *<unix socket path>*
+    The unix socket path to connect to the Redis replica server.
+    Unix sockets may have better throughput than the IP address option.
+
+    Default: "" (disabled)
+
+
+@@UAHL@unbound.conf.cachedb@redis-replica-server-password@@: *"<password>"*
+    The Redis AUTH password to use for the Redis server.
+    Only relevant if Redis is configured for client password authorisation.
+
+    Default: "" (disabled)
+
+
+@@UAHL@unbound.conf.cachedb@redis-replica-timeout@@: *<msec>*
+    The period until when Unbound waits for a response from the Redis replica
+    server.
+    If this timeout expires Unbound closes the connection, treats it as if the
+    Redis server does not have the requested data, and will try to re-establish
+    a new connection later.
+
+    Default: 100
+
+
+@@UAHL@unbound.conf.cachedb@redis-replica-command-timeout@@: *<msec>*
+    The timeout to use for Redis replica commands, in milliseconds.
+    If ``0``, it uses the
+    :ref:`redis-replica-timeout<unbound.conf.cachedb.redis-replica-timeout>`
+    value.
+
+    Default: 0
+
+
+@@UAHL@unbound.conf.cachedb@redis-replica-connect-timeout@@: *<msec>*
+    The timeout to use for Redis replica connection set up, in milliseconds.
+    If ``0``, it uses the
+    :ref:`redis-replica-timeout<unbound.conf.cachedb.redis-replica-timeout>`
+    value.
+
+    Default: 0
+
+
+@@UAHL@unbound.conf.cachedb@redis-replica-logical-db@@: *<logical database index>*
+    Same as :ref:`redis-logical-db<unbound.conf.cachedb.redis-logical-db>` but
+    for the Redis replica server.
+
+    Default: 0
+
+
+.. _unbound.conf.dnstap:
+
+DNSTAP Logging Options
+^^^^^^^^^^^^^^^^^^^^^^
+
+DNSTAP support, when compiled in by using ``--enable-dnstap``, is enabled in
+the **dnstap:** section.
+This starts an extra thread (when compiled with threading) that writes the log
+information to the destination.
+If Unbound is compiled without threading it does not spawn a thread, but
+connects per-process to the destination.
+
+
+@@UAHL@unbound.conf.dnstap@dnstap-enable@@: *<yes or no>*
+    If dnstap is enabled.
+    If yes, it connects to the DNSTAP server and if any of the
+    *dnstap-log-..-messages:* options is enabled it sends logs for those
+    messages to the server.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.dnstap@dnstap-bidirectional@@: *<yes or no>*
+    Use frame streams in bidirectional mode to transfer DNSTAP messages.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf.dnstap@dnstap-socket-path@@: *<file name>*
+    Sets the unix socket file name for connecting to the server that is
+    listening on that socket.
+
+    Default: @DNSTAP_SOCKET_PATH@
+
+
+@@UAHL@unbound.conf.dnstap@dnstap-ip@@: *<IPaddress[@port]>*
+    If ``""``, the unix socket is used, if set with an IP address (IPv4 or
+    IPv6) that address is used to connect to the server.
+
+    Default: ""
+
+
+@@UAHL@unbound.conf.dnstap@dnstap-tls@@: *<yes or no>*
+    Set this to use TLS to connect to the server specified in
+    :ref:`dnstap-ip<unbound.conf.dnstap.dnstap-ip>`.
+    If set to no, TCP is used to connect to the server.
+
+    Default: yes
+
+
+@@UAHL@unbound.conf.dnstap@dnstap-tls-server-name@@: *<name of TLS authentication>*
+    The TLS server name to authenticate the server with.
+    Used when :ref:`dnstap-tls: yes<unbound.conf.dnstap.dnstap-tls>` is set.
+    If ``""`` it is ignored.
+
+    Default: ""
+
+
+@@UAHL@unbound.conf.dnstap@dnstap-tls-cert-bundle@@: *<file name of cert bundle>*
+    The pem file with certs to verify the TLS server certificate.
+    If ``""`` the server default cert bundle is used, or the windows cert
+    bundle on windows.
+
+    Default: ""
+
+
+@@UAHL@unbound.conf.dnstap@dnstap-tls-client-key-file@@: *<file name>*
+    The client key file for TLS client authentication.
+    If ``""`` client authentication is not used.
+
+    Default: ""
+
+
+@@UAHL@unbound.conf.dnstap@dnstap-tls-client-cert-file@@: *<file name>*
+    The client cert file for TLS client authentication.
+
+    Default: ""
+
+
+@@UAHL@unbound.conf.dnstap@dnstap-send-identity@@: *<yes or no>*
+    If enabled, the server identity is included in the log messages.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.dnstap@dnstap-send-version@@: *<yes or no>*
+    If enabled, the server version if included in the log messages.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.dnstap@dnstap-identity@@: *<string>*
+    The identity to send with messages, if ``""`` the hostname is used.
+
+    Default: ""
+
+
+@@UAHL@unbound.conf.dnstap@dnstap-version@@: *<string>*
+    The version to send with messages, if ``""`` the package version is used.
+
+    Default: ""
+
+
+@@UAHL@unbound.conf.dnstap@dnstap-sample-rate@@: *<number>*
+    The sample rate for log of messages, it logs only 1/N messages.
+    With 0 it is disabled.
+    This is useful in a high volume environment, where log functionality would
+    otherwise not be reliable.
+    For example 10 would spend only 1/10th time on logging, and 100 would only
+    spend a hundredth of the time on logging.
+
+    Default: 0 (disabled)
+
+
+@@UAHL@unbound.conf.dnstap@dnstap-log-resolver-query-messages@@: *<yes or no>*
+    Enable to log resolver query messages.
+    These are messages from Unbound to upstream servers.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.dnstap@dnstap-log-resolver-response-messages@@: *<yes or no>*
+    Enable to log resolver response messages.
+    These are replies from upstream servers to Unbound.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.dnstap@dnstap-log-client-query-messages@@: *<yes or no>*
+    Enable to log client query messages.
+    These are client queries to Unbound.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.dnstap@dnstap-log-client-response-messages@@: *<yes or no>*
+    Enable to log client response messages.
+    These are responses from Unbound to clients.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.dnstap@dnstap-log-forwarder-query-messages@@: *<yes or no>*
+    Enable to log forwarder query messages.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.dnstap@dnstap-log-forwarder-response-messages@@: *<yes or no>*
+    Enable to log forwarder response messages.
+
+    Default: no
+
+.. _unbound.conf.rpz:
+
+Response Policy Zone Options
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Response Policy Zones are configured with **rpz:**, and each one must have a
+:ref:`name<unbound.conf.rpz.name>` attribute.
+There can be multiple ones, by listing multiple RPZ clauses, each with a
+different name.
+RPZ clauses are applied in order of configuration and any match from an earlier
+RPZ zone will terminate the RPZ lookup.
+Note that a PASSTHRU action is still considered a match.
+The respip module needs to be added to the
+:ref:`module-config<unbound.conf.module-config>`, e.g.:
+
+.. code-block:: text
+
+    module-config: "respip validator iterator"
+
+QNAME, Response IP Address, nsdname, nsip and clientip triggers are supported.
+Supported actions are: NXDOMAIN, NODATA, PASSTHRU, DROP, Local Data, tcp-only
+and drop.
+RPZ QNAME triggers are applied after any
+:ref:`local-zone<unbound.conf.local-zone>` and before any
+:ref:`auth-zone<unbound.conf.auth>`.
+
+The RPZ zone is a regular DNS zone formatted with a SOA start record as usual.
+The items in the zone are entries, that specify what to act on (the trigger)
+and what to do (the action).
+The trigger to act on is recorded in the name, the action to do is recorded as
+the resource record.
+The names all end in the zone name, so you could type the trigger names without
+a trailing dot in the zonefile.
+
+An example RPZ record, that answers ``example.com`` with ``NXDOMAIN``:
+
+.. code-block:: text
+
+    example.com CNAME .
+
+The triggers are encoded in the name on the left
+
+.. code-block:: text
+
+    name                          query name
+    netblock.rpz-client-ip        client IP address
+    netblock.rpz-ip               response IP address in the answer
+    name.rpz-nsdname              nameserver name
+    netblock.rpz-nsip             nameserver IP address
+
+The netblock is written as ``<netblocklen>.<ip address in reverse>``.
+For IPv6 use ``'zz'`` for ``'::'``.
+Specify individual addresses with scope length of 32 or 128.
+For example, ``24.10.100.51.198.rpz-ip`` is ``198.51.100.10/24`` and
+``32.10.zz.db8.2001.rpz-ip`` is ``2001:db8:0:0:0:0:0:10/32``.
+
+The actions are specified with the record on the right
+
+.. code-block:: text
+
+    CNAME .                      nxdomain reply
+    CNAME *.                     nodata reply
+    CNAME rpz-passthru.          do nothing, allow to continue
+    CNAME rpz-drop.              the query is dropped
+    CNAME rpz-tcp-only.          answer over TCP
+    A 192.0.2.1                  answer with this IP address
+
+Other records like AAAA, TXT and other CNAMEs (not rpz-..) can also be used to
+answer queries with that content.
+
+The RPZ zones can be configured in the config file with these settings in the
+**rpz:** block.
+
+
+@@UAHL@unbound.conf.rpz@name@@: *<zone name>*
+    Name of the authority zone.
+
+
+@@UAHL@unbound.conf.rpz@primary@@: *<IP address or host name>*
+    Where to download a copy of the zone from, with AXFR and IXFR.
+    Multiple primaries can be specified.
+    They are all tried if one fails.
+
+    To use a non-default port for DNS communication append ``'@'`` with the
+    port number.
+
+    You can append a ``'#'`` and a name, then AXFR over TLS can be used and the
+    TLS authentication certificates will be checked with that name.
+
+    If you combine the ``'@'`` and ``'#'``, the ``'@'`` comes first.
+    If you point it at another Unbound instance, it would not work because that
+    does not support AXFR/IXFR for the zone, but if you used
+    :ref:`url<unbound.conf.rpz.url>` to download the zonefile as a text file
+    from a webserver that would work.
+
+    If you specify the hostname, you cannot use the domain from the zonefile,
+    because it may not have that when retrieving that data, instead use a plain
+    IP address to avoid a circular dependency on retrieving that IP address.
+
+
+@@UAHL@unbound.conf.rpz@master@@: *<IP address or host name>*
+    Alternate syntax for :ref:`primary<unbound.conf.rpz.primary>`.
+
+
+@@UAHL@unbound.conf.rpz@url@@: *<url to zonefile>*
+    Where to download a zonefile for the zone.
+    With HTTP or HTTPS.
+    An example for the url is:
+
+    .. code-block:: text
+
+        http://www.example.com/example.org.zone
+
+    Multiple url statements can be given, they are tried in turn.
+
+    If only urls are given the SOA refresh timer is used to wait for making new
+    downloads.
+    If also primaries are listed, the primaries are first probed with UDP SOA
+    queries to see if the SOA serial number has changed, reducing the number of
+    downloads.
+    If none of the URLs work, the primaries are tried with IXFR and AXFR.
+
+    For HTTPS, the :ref:`tls-cert-bundle<unbound.conf.tls-cert-bundle>` and
+    the hostname from the url are used to authenticate the connection.
+
+
+@@UAHL@unbound.conf.rpz@allow-notify@@: *<IP address or host name or netblockIP/prefix>*
+    With :ref:`allow-notify<unbound.conf.rpz.allow-notify>` you can specify
+    additional sources of notifies.
+    When notified, the server attempts to first probe and then zone transfer.
+    If the notify is from a primary, it first attempts that primary.
+    Otherwise other primaries are attempted.
+    If there are no primaries, but only urls, the file is downloaded when
+    notified.
+
+    .. note::
+        The primaries from :ref:`primary<unbound.conf.rpz.primary>` and
+        :ref:`url<unbound.conf.rpz.url>` statements are allowed notify by
+        default.
+
+
+@@UAHL@unbound.conf.rpz@zonefile@@: *<filename>*
+    The filename where the zone is stored.
+    If not given then no zonefile is used.
+    If the file does not exist or is empty, Unbound will attempt to fetch zone
+    data (eg. from the primary servers).
+
+
+@@UAHL@unbound.conf.rpz@rpz-action-override@@: *<action>*
+    Always use this RPZ action for matching triggers from this zone.
+    Possible actions are: *nxdomain*, *nodata*, *passthru*, *drop*, *disabled*
+    and *cname*.
+
+
+@@UAHL@unbound.conf.rpz@rpz-cname-override@@: *<domain>*
+    The CNAME target domain to use if the cname action is configured for
+    :ref:`rpz-action-override<unbound.conf.rpz.rpz-action-override>`.
+
+
+@@UAHL@unbound.conf.rpz@rpz-log@@: *<yes or no>*
+    Log all applied RPZ actions for this RPZ zone.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.rpz@rpz-log-name@@: *<name>*
+    Specify a string to be part of the log line, for easy referencing.
+
+
+@@UAHL@unbound.conf.rpz@rpz-signal-nxdomain-ra@@: *<yes or no>*
+    Signal when a query is blocked by the RPZ with NXDOMAIN with an unset RA
+    flag.
+    This allows certain clients, like dnsmasq, to infer that the domain is
+    externally blocked.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.rpz@for-downstream@@: *<yes or no>*
+    If enabled the zone is authoritatively answered for and queries for the RPZ
+    zone information are answered to downstream clients.
+    This is useful for monitoring scripts, that can then access the SOA
+    information to check if the RPZ information is up to date.
+
+    Default: no
+
+
+@@UAHL@unbound.conf.rpz@tags@@: *"<list of tags>"*
+    Limit the policies from this RPZ clause to clients with a matching tag.
+
+    Tags need to be defined in :ref:`define-tag<unbound.conf.define-tag>` and
+    can be assigned to client addresses using
+    :ref:`access-control-tag<unbound.conf.access-control-tag>` or
+    :ref:`interface-tag<unbound.conf.interface-tag>`.
+    Enclose list of tags in quotes (``""``) and put spaces between tags.
+
+    If no tags are specified the policies from this clause will be applied for
+    all clients.
+
+Memory Control Example
+----------------------
+
+In the example config settings below memory usage is reduced.
+Some service levels are lower, notable very large data and a high TCP load are
+no longer supported.
+Very large data and high TCP loads are exceptional for the DNS.
+DNSSEC validation is enabled, just add trust anchors.
+If you do not have to worry about programs using more than 3 Mb of memory, the
+below example is not for you.
+Use the defaults to receive full service, which on BSD-32bit tops out at 30-40
+Mb after heavy usage.
+
+.. code-block:: text
+
+        # example settings that reduce memory usage
+        server:
+            num-threads: 1
+            outgoing-num-tcp: 1 # this limits TCP service, uses less buffers.
+            incoming-num-tcp: 1
+            outgoing-range: 60  # uses less memory, but less performance.
+            msg-buffer-size: 8192   # note this limits service, 'no huge stuff'.
+            msg-cache-size: 100k
+            msg-cache-slabs: 1
+            rrset-cache-size: 100k
+            rrset-cache-slabs: 1
+            infra-cache-numhosts: 200
+            infra-cache-slabs: 1
+            key-cache-size: 100k
+            key-cache-slabs: 1
+            neg-cache-size: 10k
+            num-queries-per-thread: 30
+            target-fetch-policy: "2 1 0 0 0 0"
+            harden-large-queries: "yes"
+            harden-short-bufsize: "yes"
+
+Files
+-----
+
+@UNBOUND_RUN_DIR@
+    default Unbound working directory.
+
+@UNBOUND_CHROOT_DIR@
+    default *chroot(2)* location.
+
+@ub_conf_file@
+    Unbound configuration file.
+
+@UNBOUND_PIDFILE@
+    default Unbound pidfile with process ID of the running daemon.
+
+unbound.log
+    Unbound log file.
+    Default is to log to *syslog(3)*.
+
+See Also
+--------
+
+:doc:`unbound(8)</manpages/unbound>`,
+:doc:`unbound-checkonf(8)</manpages/unbound-checkconf>`.
diff --git a/contrib/unbound/doc/unbound.rst b/contrib/unbound/doc/unbound.rst
new file mode 100644
index 000000000000..eb36aa0cad3b
--- /dev/null
+++ b/contrib/unbound/doc/unbound.rst
@@ -0,0 +1,119 @@
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+..
+    WHEN EDITING MAKE SURE EACH SENTENCE STARTS ON A NEW LINE
+
+..
+    IT HELPS RENDERERS TO DO THE RIGHT THING WRT SPACE
+
+..
+    IT HELPS PEOPLE DIFFING THE CHANGES
+
+.. program:: unbound
+
+unbound(8)
+==========
+
+Synopsis
+--------
+
+**unbound** [``-hdpv``] [``-c <cfgfile>``]
+
+Description
+-----------
+
+``unbound`` is a caching DNS resolver.
+
+It uses a built in list of authoritative nameservers for the root zone (``.``),
+the so called root hints.
+On receiving a DNS query it will ask the root nameservers for an answer and
+will in almost all cases receive a delegation to a top level domain (TLD)
+authoritative nameserver.
+It will then ask that nameserver for an answer.
+It will recursively continue until an answer is found or no answer is available
+(NXDOMAIN).
+For performance and efficiency reasons that answer is cached for a certain time
+(the answer's time-to-live or TTL).
+A second query for the same name will then be answered from the cache.
+Unbound can also do DNSSEC validation.
+
+To use a locally running Unbound for resolving put:
+
+.. code-block:: text
+
+   nameserver 127.0.0.1
+
+into *resolv.conf(5)*.
+
+If authoritative DNS is needed as well using :external+nsd:doc:`manpages/nsd`,
+careful setup is required because authoritative nameservers and resolvers are
+using the same port number (53).
+
+The available options are:
+
+.. option:: -h
+
+ Show the version number and commandline option help, and exit.
+
+.. option:: -c <cfgfile>
+
+   Set the config file with settings for unbound to read instead of reading the
+   file at the default location, :file:`@ub_conf_file@`.
+   The syntax is described in :doc:`unbound.conf(5)</manpages/unbound.conf>`.
+
+.. option:: -d
+
+   Debug flag: do not fork into the background, but stay attached to the
+   console.
+   This flag will also delay writing to the log file until the thread-spawn
+   time, so that most config and setup errors appear on stderr.
+   If given twice or more, logging does not switch to the log file or to
+   syslog, but the log messages are printed to stderr all the time.
+
+.. option:: -p
+
+   Don't use a pidfile.
+   This argument should only be used by supervision systems which can ensure
+   that only one instance of Unbound will run concurrently.
+
+.. option:: -v
+
+   Increase verbosity.
+   If given multiple times, more information is logged.
+   This is in addition to the verbosity (if any) from the config file.
+
+.. option:: -V
+
+   Show the version number and build options, and exit.
+
+See Also
+--------
+
+:doc:`unbound.conf(5)</manpages/unbound.conf>`,
+:doc:`unbound-checkconf(8)</manpages/unbound-checkconf>`,
+:external+nsd:doc:`manpages/nsd`.
diff --git a/contrib/unbound/edns-subnet/addrtree.h b/contrib/unbound/edns-subnet/addrtree.h
index 0bc1837cdb80..2be530423db4 100644
--- a/contrib/unbound/edns-subnet/addrtree.h
+++ b/contrib/unbound/edns-subnet/addrtree.h
@@ -116,7 +116,7 @@ struct addredge {
 	addrlen_t len;
 	/** child node this edge is connected to */
 	struct addrnode *node;
-	/** Parent node this ege is connected to */
+	/** Parent node this edge is connected to */
 	struct addrnode *parent_node;
 	/** Index of this edge in parent_node */
 	int parent_index;
diff --git a/contrib/unbound/edns-subnet/subnetmod.c b/contrib/unbound/edns-subnet/subnetmod.c
index ead720f34006..88310a785d7a 100644
--- a/contrib/unbound/edns-subnet/subnetmod.c
+++ b/contrib/unbound/edns-subnet/subnetmod.c
@@ -51,6 +51,7 @@
 #include "services/cache/dns.h"
 #include "util/module.h"
 #include "util/regional.h"
+#include "util/fptr_wlist.h"
 #include "util/storage/slabhash.h"
 #include "util/config_file.h"
 #include "util/data/msgreply.h"
@@ -153,9 +154,25 @@ int ecs_whitelist_check(struct query_info* qinfo,
 		return 1;
 	sn_env = (struct subnet_env*)qstate->env->modinfo[id];
 
+	if(sq->is_subquery_nonsubnet) {
+		if(sq->is_subquery_scopezero) {
+			/* Check if the result can be stored in the global cache,
+			 * this is okay if the address and name are not configured
+			 * as subnet address and subnet zone. */
+			if(!ecs_is_whitelisted(sn_env->whitelist,
+				addr, addrlen, qinfo->qname, qinfo->qname_len,
+				qinfo->qclass)) {
+				verbose(VERB_ALGO, "subnet store subquery global, name and addr have no subnet treatment.");
+				qstate->no_cache_store = 0;
+			}
+		}
+		return 1;
+	}
+
 	/* Cache by default, might be disabled after parsing EDNS option
 	 * received from nameserver. */
-	if(!iter_stub_fwd_no_cache(qstate, &qstate->qinfo, NULL, NULL, NULL, 0)) {
+	if(!iter_stub_fwd_no_cache(qstate, &qstate->qinfo, NULL, NULL, NULL, 0)
+		&& sq->ecs_client_in.subnet_validdata) {
 		qstate->no_cache_store = 0;
 	}
 
@@ -232,13 +249,13 @@ subnetmod_init(struct module_env *env, int id)
 		HASH_DEFAULT_STARTARRAY, env->cfg->msg_cache_size,
 		msg_cache_sizefunc, query_info_compare, query_entry_delete,
 		subnet_data_delete, NULL);
-	slabhash_setmarkdel(sn_env->subnet_msg_cache, &subnet_markdel);
 	if(!sn_env->subnet_msg_cache) {
 		log_err("subnetcache: could not create cache");
 		free(sn_env);
 		env->modinfo[id] = NULL;
 		return 0;
 	}
+	slabhash_setmarkdel(sn_env->subnet_msg_cache, &subnet_markdel);
 	/* whitelist for edns subnet capable servers */
 	sn_env->whitelist = ecs_whitelist_create();
 	if(!sn_env->whitelist ||
@@ -522,6 +539,83 @@ common_prefix(uint8_t *a, uint8_t *b, uint8_t net)
 	return !memcmp(a, b, n) && ((net % 8) == 0 || a[n] == b[n]);
 }
 
+/**
+ * Create sub request that looks up the query.
+ * @param qstate: query state
+ * @param id: module id.
+ * @param sq: subnet qstate
+ * @return false on failure.
+ */
+static int
+generate_sub_request(struct module_qstate *qstate, int id, struct subnet_qstate* sq)
+{
+	struct module_qstate* subq = NULL;
+	uint16_t qflags = 0; /* OPCODE QUERY, no flags */
+	int prime = 0;
+	int valrec = 0;
+	struct query_info qinf;
+	qinf.qname = qstate->qinfo.qname;
+	qinf.qname_len = qstate->qinfo.qname_len;
+	qinf.qtype = qstate->qinfo.qtype;
+	qinf.qclass = qstate->qinfo.qclass;
+	qinf.local_alias = NULL;
+
+	qflags |= BIT_RD;
+	if((qstate->query_flags & BIT_CD)!=0) {
+		qflags |= BIT_CD;
+		valrec = 1;
+	}
+
+	fptr_ok(fptr_whitelist_modenv_attach_sub(qstate->env->attach_sub));
+	if(!(*qstate->env->attach_sub)(qstate, &qinf, qflags, prime, valrec,
+		&subq)) {
+		return 0;
+	}
+	if(subq) {
+		/* It is possible to access the subquery module state. */
+		struct subnet_qstate* subsq;
+		if(!subnet_new_qstate(subq, id)) {
+			verbose(VERB_ALGO, "Could not allocate new subnet qstate");
+			return 0;
+		}
+		subsq = (struct subnet_qstate*)subq->minfo[id];
+		subsq->is_subquery_nonsubnet = 1;
+
+		/* When the client asks 0.0.0.0/0 and the name is not treated
+		 * as subnet, it is to be stored in the global cache.
+		 * Store that the client asked for that, if so. */
+		if(sq->ecs_client_in.subnet_source_mask == 0 &&
+			edns_opt_list_find(qstate->edns_opts_front_in,
+				qstate->env->cfg->client_subnet_opcode)) {
+			subq->no_cache_store = 1;
+			subsq->is_subquery_scopezero = 1;
+		}
+	}
+	return 1;
+}
+
+/**
+ * Perform the query without subnet
+ * @param qstate: query state
+ * @param id: module id.
+ * @param sq: subnet qstate
+ * @return module state
+ */
+static enum module_ext_state
+generate_lookup_without_subnet(struct module_qstate *qstate, int id,
+	struct subnet_qstate* sq)
+{
+	verbose(VERB_ALGO, "subnetcache: make subquery to look up without subnet");
+	if(!generate_sub_request(qstate, id, sq)) {
+		verbose(VERB_ALGO, "Could not generate sub query");
+		qstate->return_rcode = LDNS_RCODE_SERVFAIL;
+		qstate->return_msg = NULL;
+		return module_finished;
+	}
+	sq->wait_subquery = 1;
+	return module_wait_subquery;
+}
+
 static enum module_ext_state
 eval_response(struct module_qstate *qstate, int id, struct subnet_qstate *sq)
 {
@@ -557,14 +651,7 @@ eval_response(struct module_qstate *qstate, int id, struct subnet_qstate *sq)
 		 * is still useful to put it in the edns subnet cache for
 		 * when a client explicitly asks for subnet specific answer. */
 		verbose(VERB_QUERY, "subnetcache: Authority indicates no support");
-		if(!sq->started_no_cache_store) {
-			lock_rw_wrlock(&sne->biglock);
-			update_cache(qstate, id);
-			lock_rw_unlock(&sne->biglock);
-		}
-		if (sq->subnet_downstream)
-			cp_edns_bad_response(c_out, c_in);
-		return module_finished;
+		return generate_lookup_without_subnet(qstate, id, sq);
 	}
 
 	/* Purposefully there was no sent subnet, and there is consequently
@@ -589,14 +676,14 @@ eval_response(struct module_qstate *qstate, int id, struct subnet_qstate *sq)
 		!common_prefix(s_out->subnet_addr, s_in->subnet_addr, 
 			s_out->subnet_source_mask))
 	{
-		/* we can not accept, restart query without option */
+		/* we can not accept, perform query without option */
 		verbose(VERB_QUERY, "subnetcache: forged data");
 		s_out->subnet_validdata = 0;
 		(void)edns_opt_list_remove(&qstate->edns_opts_back_out,
 			qstate->env->cfg->client_subnet_opcode);
 		sq->subnet_sent = 0;
 		sq->subnet_sent_no_subnet = 0;
-		return module_restart_next;
+		return generate_lookup_without_subnet(qstate, id, sq);
 	}
 
 	lock_rw_wrlock(&sne->biglock);
@@ -795,6 +882,9 @@ ecs_edns_back_parsed(struct module_qstate* qstate, int id,
 	} else if(sq->subnet_sent_no_subnet) {
 		/* The answer can be stored as scope 0, not in global cache. */
 		qstate->no_cache_store = 1;
+	} else if(sq->subnet_sent) {
+		/* Need another query to be able to store in global cache. */
+		qstate->no_cache_store = 1;
 	}
 
 	return 1;
@@ -812,6 +902,32 @@ subnetmod_operate(struct module_qstate *qstate, enum module_ev event,
 		strmodulevent(event));
 	log_query_info(VERB_QUERY, "subnetcache operate: query", &qstate->qinfo);
 
+	if(sq && sq->wait_subquery_done) {
+		/* The subquery lookup returned. */
+		if(sq->ecs_client_in.subnet_source_mask == 0 &&
+			edns_opt_list_find(qstate->edns_opts_front_in,
+				qstate->env->cfg->client_subnet_opcode)) {
+			if(!sq->started_no_cache_store &&
+				qstate->return_msg) {
+				lock_rw_wrlock(&sne->biglock);
+				update_cache(qstate, id);
+				lock_rw_unlock(&sne->biglock);
+			}
+			if (sq->subnet_downstream)
+				cp_edns_bad_response(&sq->ecs_client_out,
+					&sq->ecs_client_in);
+			/* It is a scope zero lookup, append edns subnet
+			 * option to the querier. */
+			subnet_ecs_opt_list_append(&sq->ecs_client_out,
+				&qstate->edns_opts_front_out, qstate,
+				qstate->region);
+		}
+		sq->wait_subquery_done = 0;
+		qstate->ext_state[id] = module_finished;
+		qstate->no_cache_store = sq->started_no_cache_store;
+		qstate->no_cache_lookup = sq->started_no_cache_lookup;
+		return;
+	}
 	if((event == module_event_new || event == module_event_pass) &&
 		sq == NULL) {
 		struct edns_option* ecs_opt;
@@ -822,6 +938,8 @@ subnetmod_operate(struct module_qstate *qstate, enum module_ev event,
 		}
 
 		sq = (struct subnet_qstate*)qstate->minfo[id];
+		if(sq->wait_subquery)
+			return; /* Wait for that subquery to return */
 
 		if((ecs_opt = edns_opt_list_find(
 			qstate->edns_opts_front_in,
@@ -851,6 +969,14 @@ subnetmod_operate(struct module_qstate *qstate, enum module_ev event,
 			/* No clients are interested in result or we could not
 			 * parse it, we don't do client subnet */
 			sq->ecs_server_out.subnet_validdata = 0;
+			if(edns_opt_list_find(qstate->edns_opts_front_in,
+				qstate->env->cfg->client_subnet_opcode)) {
+				/* aggregated this deaggregated state */
+				qstate->ext_state[id] =
+					generate_lookup_without_subnet(
+					qstate, id, sq);
+				return;
+			}
 			verbose(VERB_ALGO, "subnetcache: pass to next module");
 			qstate->ext_state[id] = module_wait_module;
 			return;
@@ -891,6 +1017,14 @@ subnetmod_operate(struct module_qstate *qstate, enum module_ev event,
 			}
 			lock_rw_unlock(&sne->biglock);
 		}
+		if(sq->ecs_client_in.subnet_source_mask == 0 &&
+			edns_opt_list_find(qstate->edns_opts_front_in,
+				qstate->env->cfg->client_subnet_opcode)) {
+			/* client asked for resolution without edns subnet */
+			qstate->ext_state[id] = generate_lookup_without_subnet(
+				qstate, id, sq);
+			return;
+		}
 		
 		sq->ecs_server_out.subnet_addr_fam =
 			sq->ecs_client_in.subnet_addr_fam;
@@ -927,6 +1061,8 @@ subnetmod_operate(struct module_qstate *qstate, enum module_ev event,
 		qstate->ext_state[id] = module_wait_module;
 		return;
 	}
+	if(sq && sq->wait_subquery)
+		return; /* Wait for that subquery to return */
 	/* Query handed back by next module, we have a 'final' answer */
 	if(sq && event == module_event_moddone) {
 		qstate->ext_state[id] = eval_response(qstate, id, sq);
@@ -975,10 +1111,27 @@ subnetmod_clear(struct module_qstate *ATTR_UNUSED(qstate),
 }
 
 void
-subnetmod_inform_super(struct module_qstate *ATTR_UNUSED(qstate),
-	int ATTR_UNUSED(id), struct module_qstate *ATTR_UNUSED(super))
+subnetmod_inform_super(struct module_qstate *qstate, int id,
+	struct module_qstate *super)
 {
-	/* Not used */
+	struct subnet_qstate* super_sq =
+		(struct subnet_qstate*)super->minfo[id];
+	log_query_info(VERB_ALGO, "subnetcache inform_super: query",
+		&super->qinfo);
+	super_sq->wait_subquery = 0;
+	super_sq->wait_subquery_done = 1;
+	if(qstate->return_rcode != LDNS_RCODE_NOERROR ||
+		!qstate->return_msg) {
+		super->return_msg = NULL;
+		super->return_rcode = LDNS_RCODE_SERVFAIL;
+		return;
+	}
+	super->return_rcode = LDNS_RCODE_NOERROR;
+	super->return_msg = dns_copy_msg(qstate->return_msg, super->region);
+	if(!super->return_msg) {
+		log_err("subnetcache: copy response, out of memory");
+		super->return_rcode = LDNS_RCODE_SERVFAIL;
+	}
 }
 
 size_t
diff --git a/contrib/unbound/edns-subnet/subnetmod.h b/contrib/unbound/edns-subnet/subnetmod.h
index 1ff8a23ecdba..d2d9e957f0f2 100644
--- a/contrib/unbound/edns-subnet/subnetmod.h
+++ b/contrib/unbound/edns-subnet/subnetmod.h
@@ -102,6 +102,14 @@ struct subnet_qstate {
 	int started_no_cache_store;
 	/** has the subnet module been started with no_cache_lookup? */
 	int started_no_cache_lookup;
+	/** Wait for subquery that has been started for nonsubnet lookup. */
+	int wait_subquery;
+	/** The subquery waited for is done. */
+	int wait_subquery_done;
+	/** The subnet state is a subquery state for nonsubnet lookup. */
+	int is_subquery_nonsubnet;
+	/** This is a subquery, and it is made due to a scope zero request. */
+	int is_subquery_scopezero;
 };
 
 void subnet_data_delete(void* d, void* ATTR_UNUSED(arg));
diff --git a/contrib/unbound/iterator/iter_delegpt.h b/contrib/unbound/iterator/iter_delegpt.h
index 49f6f6b8130f..287bf92134d2 100644
--- a/contrib/unbound/iterator/iter_delegpt.h
+++ b/contrib/unbound/iterator/iter_delegpt.h
@@ -79,6 +79,16 @@ struct delegpt {
 	 * Also true if the delegationpoint was created from a delegation
 	 * message and thus contains the parent-side-info already. */
 	uint8_t has_parent_side_NS;
+	/** if true, the delegation point has reached last resort processing
+	 *  and the parent side information has been possibly added to the
+	 *  delegation point.
+	 *  For now this signals that further target lookups will ignore
+	 *  the configured target-fetch-policy and only resolve on
+	 *  demand to try and avoid triggering limits at this stage (.i.e, it
+	 *  is very likely that the A/AAAA queries for the newly added name
+	 *  servers will not yield new IP addresses and trigger NXNS
+	 *  countermeasures. */
+	uint8_t fallback_to_parent_side_NS;
 	/** for assertions on type of delegpt */
 	uint8_t dp_type_mlc;
 	/** use SSL for upstream query */
diff --git a/contrib/unbound/iterator/iter_fwd.c b/contrib/unbound/iterator/iter_fwd.c
index 5c104a0a3217..5d70c6664862 100644
--- a/contrib/unbound/iterator/iter_fwd.c
+++ b/contrib/unbound/iterator/iter_fwd.c
@@ -139,6 +139,17 @@ forwards_insert_data(struct iter_forwards* fwd, uint16_t c, uint8_t* nm,
 	return 1;
 }
 
+static struct iter_forward_zone*
+fwd_zone_find(struct iter_forwards* fwd, uint16_t c, uint8_t* nm)
+{
+	struct iter_forward_zone key;
+	key.node.key = &key;
+	key.dclass = c;
+	key.name = nm;
+	key.namelabs = dname_count_size_labels(nm, &key.namelen);
+	return (struct iter_forward_zone*)rbtree_search(fwd->tree, &key);
+}
+
 /** insert new info into forward structure given dp */
 static int
 forwards_insert(struct iter_forwards* fwd, uint16_t c, struct delegpt* dp)
@@ -321,6 +332,11 @@ make_stub_holes(struct iter_forwards* fwd, struct config_file* cfg)
 			log_err("cannot parse stub name '%s'", s->name);
 			return 0;
 		}
+		if(fwd_zone_find(fwd, LDNS_RR_CLASS_IN, dname) != NULL) {
+			/* Already a forward zone there. */
+			free(dname);
+			continue;
+		}
 		if(!fwd_add_stub_hole(fwd, LDNS_RR_CLASS_IN, dname)) {
 			free(dname);
 			log_err("out of memory");
@@ -345,6 +361,11 @@ make_auth_holes(struct iter_forwards* fwd, struct config_file* cfg)
 			log_err("cannot parse auth name '%s'", a->name);
 			return 0;
 		}
+		if(fwd_zone_find(fwd, LDNS_RR_CLASS_IN, dname) != NULL) {
+			/* Already a forward zone there. */
+			free(dname);
+			continue;
+		}
 		if(!fwd_add_stub_hole(fwd, LDNS_RR_CLASS_IN, dname)) {
 			free(dname);
 			log_err("out of memory");
@@ -537,17 +558,6 @@ forwards_get_mem(struct iter_forwards* fwd)
 	return s;
 }
 
-static struct iter_forward_zone*
-fwd_zone_find(struct iter_forwards* fwd, uint16_t c, uint8_t* nm)
-{
-	struct iter_forward_zone key;
-	key.node.key = &key;
-	key.dclass = c;
-	key.name = nm;
-	key.namelabs = dname_count_size_labels(nm, &key.namelen);
-	return (struct iter_forward_zone*)rbtree_search(fwd->tree, &key);
-}
-
 int 
 forwards_add_zone(struct iter_forwards* fwd, uint16_t c, struct delegpt* dp,
 	int nolock)
diff --git a/contrib/unbound/iterator/iterator.c b/contrib/unbound/iterator/iterator.c
index e64dfa61ba2d..71e64655f6d0 100644
--- a/contrib/unbound/iterator/iterator.c
+++ b/contrib/unbound/iterator/iterator.c
@@ -2152,6 +2152,7 @@ processLastResort(struct module_qstate* qstate, struct iter_qstate* iq,
 		verbose(VERB_QUERY, "configured stub or forward servers failed -- returning SERVFAIL");
 		return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL);
 	}
+	iq->dp->fallback_to_parent_side_NS = 1;
 	if(qstate->env->cfg->harden_unverified_glue) {
 		if(!cache_fill_missing(qstate->env, iq->qchase.qclass,
 			qstate->region, iq->dp, PACKED_RRSET_UNVERIFIED_GLUE))
@@ -2180,6 +2181,10 @@ processLastResort(struct module_qstate* qstate, struct iter_qstate* iq,
 					a->lame, a->tls_auth_name, -1, NULL);
 			}
 			lock_rw_unlock(&qstate->env->hints->lock);
+			/* copy over some configuration since we update the
+			 * delegation point in place */
+			iq->dp->tcp_upstream = dp->tcp_upstream;
+			iq->dp->ssl_upstream = dp->ssl_upstream;
 		}
 		iq->dp->has_parent_side_NS = 1;
 	} else if(!iq->dp->has_parent_side_NS) {
@@ -2768,7 +2773,8 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq,
 	}
 	/* if the mesh query list is full, then do not waste cpu and sockets to
 	 * fetch promiscuous targets. They can be looked up when needed. */
-	if(can_do_promisc && !mesh_jostle_exceeded(qstate->env->mesh)) {
+	if(!iq->dp->fallback_to_parent_side_NS && can_do_promisc
+		&& !mesh_jostle_exceeded(qstate->env->mesh)) {
 		tf_policy = ie->target_fetch_policy[iq->depth];
 	}
 
@@ -3247,13 +3253,19 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq,
 		}
 	}
 	if(type == RESPONSE_TYPE_CNAME &&
-		iq->qchase.qtype == LDNS_RR_TYPE_CNAME &&
+		(iq->qchase.qtype == LDNS_RR_TYPE_CNAME ||
+		  iq->qchase.qtype == LDNS_RR_TYPE_ANY) &&
 		iq->minimisation_state == MINIMISE_STATE &&
 		query_dname_compare(iq->qchase.qname, iq->qinfo_out.qname) == 0) {
 		/* The minimised query for full QTYPE and hidden QTYPE can be
 		 * classified as CNAME response type, even when the original
 		 * QTYPE=CNAME. This should be treated as answer response type.
 		 */
+		/* For QTYPE=ANY, it is also considered the response, that
+		 * is what the classifier would say, if it saw qtype ANY,
+		 * and this same response was returned for that. The response
+		 * can already be treated as such an answer, without having
+		 * to send another query with a new qtype. */
 		type = RESPONSE_TYPE_ANSWER;
 	}
 
@@ -3510,6 +3522,15 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq,
 			iq->num_target_queries = 0;
 			return processDSNSFind(qstate, iq, id);
 		}
+		if(iq->minimisation_state == MINIMISE_STATE &&
+			query_dname_compare(iq->qchase.qname,
+			iq->qinfo_out.qname) != 0) {
+			verbose(VERB_ALGO, "continue query minimisation, "
+				"downwards, after CNAME response for "
+				"intermediate label");
+			/* continue query minimisation, downwards */
+			return next_state(iq, QUERYTARGETS_STATE);
+		}
 		/* Process the CNAME response. */
 		if(!handle_cname_response(qstate, iq, iq->response, 
 			&sname, &snamelen)) {
@@ -3572,10 +3593,7 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq,
 		iq->auth_zone_response = 0;
 		iq->sent_count = 0;
 		iq->dp_target_count = 0;
-		if(iq->minimisation_state != MINIMISE_STATE)
-			/* Only count as query restart when it is not an extra
-			 * query as result of qname minimisation. */
-			iq->query_restart_count++;
+		iq->query_restart_count++;
 		if(qstate->env->cfg->qname_minimisation)
 			iq->minimisation_state = INIT_MINIMISE_STATE;
 
@@ -4147,7 +4165,7 @@ processFinished(struct module_qstate* qstate, struct iter_qstate* iq,
 		/* store message with the finished prepended items,
 		 * but only if we did recursion. The nonrecursion referral
 		 * from cache does not need to be stored in the msg cache. */
-		if(!qstate->no_cache_store && qstate->query_flags&BIT_RD) {
+		if(!qstate->no_cache_store && (qstate->query_flags&BIT_RD)) {
 			iter_dns_store(qstate->env, &qstate->qinfo, 
 				iq->response->rep, 0, qstate->prefetch_leeway,
 				iq->dp&&iq->dp->has_parent_side_NS,
diff --git a/contrib/unbound/libunbound/libworker.c b/contrib/unbound/libunbound/libworker.c
index f0496452b521..6e7244c03fee 100644
--- a/contrib/unbound/libunbound/libworker.c
+++ b/contrib/unbound/libunbound/libworker.c
@@ -630,8 +630,9 @@ int libworker_fg(struct ub_ctx* ctx, struct ctx_query* q)
 		free(qinfo.qname);
 		return UB_NOERROR;
 	}
-	if(ctx->env->auth_zones && auth_zones_answer(ctx->env->auth_zones,
-		w->env, &qinfo, &edns, NULL, w->back->udp_buff, w->env->scratch)) {
+	if(ctx->env->auth_zones && auth_zones_downstream_answer(
+		ctx->env->auth_zones, w->env, &qinfo, &edns, NULL,
+		w->back->udp_buff, w->env->scratch)) {
 		regional_free_all(w->env->scratch);
 		libworker_fillup_fg(q, LDNS_RCODE_NOERROR, 
 			w->back->udp_buff, sec_status_insecure, NULL, 0);
@@ -709,8 +710,9 @@ int libworker_attach_mesh(struct ub_ctx* ctx, struct ctx_query* q,
 			w->back->udp_buff, sec_status_insecure, NULL, 0);
 		return UB_NOERROR;
 	}
-	if(ctx->env->auth_zones && auth_zones_answer(ctx->env->auth_zones,
-		w->env, &qinfo, &edns, NULL, w->back->udp_buff, w->env->scratch)) {
+	if(ctx->env->auth_zones && auth_zones_downstream_answer(
+		ctx->env->auth_zones, w->env, &qinfo, &edns, NULL,
+		w->back->udp_buff, w->env->scratch)) {
 		regional_free_all(w->env->scratch);
 		free(qinfo.qname);
 		libworker_event_done_cb(q, LDNS_RCODE_NOERROR,
@@ -847,8 +849,9 @@ handle_newq(struct libworker* w, uint8_t* buf, uint32_t len)
 		free(qinfo.qname);
 		return;
 	}
-	if(w->ctx->env->auth_zones && auth_zones_answer(w->ctx->env->auth_zones,
-		w->env, &qinfo, &edns, NULL, w->back->udp_buff, w->env->scratch)) {
+	if(w->ctx->env->auth_zones && auth_zones_downstream_answer(
+		w->ctx->env->auth_zones, w->env, &qinfo, &edns, NULL,
+		w->back->udp_buff, w->env->scratch)) {
 		regional_free_all(w->env->scratch);
 		q->msg_security = sec_status_insecure;
 		add_bg_result(w, q, w->back->udp_buff, UB_NOERROR, NULL, 0);
diff --git a/contrib/unbound/libunbound/unbound.h b/contrib/unbound/libunbound/unbound.h
index bdcf4edeca5f..c274f80ab897 100644
--- a/contrib/unbound/libunbound/unbound.h
+++ b/contrib/unbound/libunbound/unbound.h
@@ -772,6 +772,8 @@ struct ub_server_stats {
 	long long ans_bogus;
 	/** rrsets marked bogus by validator */
 	long long rrset_bogus;
+	/** number of signature validation operations performed by validator */
+	long long val_ops;
 	/** number of queries that have been ratelimited by domain recursion. */
 	long long queries_ratelimited;
 	/** unwanted traffic received on server-facing ports */
diff --git a/contrib/unbound/ltmain.sh b/contrib/unbound/ltmain.sh
index 7f3523d335c5..3e6a3db3a5a1 100644
--- a/contrib/unbound/ltmain.sh
+++ b/contrib/unbound/ltmain.sh
@@ -1,12 +1,12 @@
-#! /bin/sh
+#! /usr/bin/env sh
 ## DO NOT EDIT - This file generated from ./build-aux/ltmain.in
-##               by inline-source v2014-01-03.01
+##               by inline-source v2019-02-19.15
 
-# libtool (GNU libtool) 2.4.6
+# libtool (GNU libtool) 2.5.4
 # Provide generalized library-building support services.
 # Written by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996
 
-# Copyright (C) 1996-2015 Free Software Foundation, Inc.
+# Copyright (C) 1996-2019, 2021-2024 Free Software Foundation, Inc.
 # This is free software; see the source for copying conditions.  There is NO
 # warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 
@@ -31,8 +31,8 @@
 
 PROGRAM=libtool
 PACKAGE=libtool
-VERSION=2.4.6
-package_revision=2.4.6
+VERSION=2.5.4
+package_revision=2.5.4
 
 
 ## ------ ##
@@ -64,34 +64,25 @@ package_revision=2.4.6
 # libraries, which are installed to $pkgauxdir.
 
 # Set a version string for this script.
-scriptversion=2015-01-20.17; # UTC
+scriptversion=2019-02-19.15; # UTC
 
 # General shell script boiler plate, and helper functions.
 # Written by Gary V. Vaughan, 2004
 
-# Copyright (C) 2004-2015 Free Software Foundation, Inc.
-# This is free software; see the source for copying conditions.  There is NO
-# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 3 of the License, or
-# (at your option) any later version.
-
-# As a special exception to the GNU General Public License, if you distribute
-# this file as part of a program or library that is built using GNU Libtool,
-# you may include this file under the same distribution terms that you use
-# for the rest of that program.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNES FOR A PARTICULAR PURPOSE. See the GNU
-# General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
+# This is free software.  There is NO warranty; not even for
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+#
+# Copyright (C) 2004-2019, 2021, 2023-2024 Bootstrap Authors
+#
+# This file is dual licensed under the terms of the MIT license
+# <https://opensource.org/licenses/MIT>, and GPL version 2 or later
+# <https://www.gnu.org/licenses/gpl-2.0.html>.  You must apply one of
+# these licenses when using or redistributing this software or any of
+# the files within it.  See the URLs above, or the file `LICENSE`
+# included in the Bootstrap distribution for the full license texts.
 
-# Please report bugs or propose patches to gary@gnu.org.
+# Please report bugs or propose patches to:
+# <https://github.com/gnulib-modules/bootstrap/issues>
 
 
 ## ------ ##
@@ -139,9 +130,12 @@ do
 	  _G_safe_locale=\"$_G_var=C; \$_G_safe_locale\"
 	fi"
 done
-
-# CDPATH.
-(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+# These NLS vars are set unconditionally (bootstrap issue #24).  Unset those
+# in case the environment reset is needed later and the $save_* variant is not
+# defined (see the code above).
+LC_ALL=C
+LANGUAGE=C
+export LANGUAGE LC_ALL
 
 # Make sure IFS has a sensible default
 sp=' '
@@ -149,7 +143,7 @@ nl='
 '
 IFS="$sp	$nl"
 
-# There are apparently some retarded systems that use ';' as a PATH separator!
+# There are apparently some systems that use ';' as a PATH separator!
 if test "${PATH_SEPARATOR+set}" != set; then
   PATH_SEPARATOR=:
   (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
@@ -159,6 +153,26 @@ if test "${PATH_SEPARATOR+set}" != set; then
 fi
 
 
+# func_unset VAR
+# --------------
+# Portably unset VAR.
+# In some shells, an 'unset VAR' statement leaves a non-zero return
+# status if VAR is already unset, which might be problematic if the
+# statement is used at the end of a function (thus poisoning its return
+# value) or when 'set -e' is active (causing even a spurious abort of
+# the script in this case).
+func_unset ()
+{
+    { eval $1=; (eval unset $1) >/dev/null 2>&1 && eval unset $1 || : ; }
+}
+
+
+# Make sure CDPATH doesn't cause `cd` commands to output the target dir.
+func_unset CDPATH
+
+# Make sure ${,E,F}GREP behave sanely.
+func_unset GREP_OPTIONS
+
 
 ## ------------------------- ##
 ## Locate command utilities. ##
@@ -259,7 +273,7 @@ test -z "$SED" && {
     rm -f conftest.in conftest.tmp conftest.nl conftest.out
   }
 
-  func_path_progs "sed gsed" func_check_prog_sed $PATH:/usr/xpg4/bin
+  func_path_progs "sed gsed" func_check_prog_sed "$PATH:/usr/xpg4/bin"
   rm -f conftest.sed
   SED=$func_path_progs_result
 }
@@ -295,7 +309,7 @@ test -z "$GREP" && {
     rm -f conftest.in conftest.tmp conftest.nl conftest.out
   }
 
-  func_path_progs "grep ggrep" func_check_prog_grep $PATH:/usr/xpg4/bin
+  func_path_progs "grep ggrep" func_check_prog_grep "$PATH:/usr/xpg4/bin"
   GREP=$func_path_progs_result
 }
 
@@ -360,6 +374,35 @@ sed_double_backslash="\
   s/\\([^$_G_bs]\\)$_G_bs2$_G_dollar/\\1$_G_bs2$_G_bs$_G_dollar/g
   s/\n//g"
 
+# require_check_ifs_backslash
+# ---------------------------
+# Check if we can use backslash as IFS='\' separator, and set
+# $check_ifs_backshlash_broken to ':' or 'false'.
+require_check_ifs_backslash=func_require_check_ifs_backslash
+func_require_check_ifs_backslash ()
+{
+  _G_save_IFS=$IFS
+  IFS='\'
+  _G_check_ifs_backshlash='a\\b'
+  for _G_i in $_G_check_ifs_backshlash
+  do
+  case $_G_i in
+  a)
+    check_ifs_backshlash_broken=false
+    ;;
+  '')
+    break
+    ;;
+  *)
+    check_ifs_backshlash_broken=:
+    break
+    ;;
+  esac
+  done
+  IFS=$_G_save_IFS
+  require_check_ifs_backslash=:
+}
+
 
 ## ----------------- ##
 ## Global variables. ##
@@ -546,7 +589,7 @@ func_require_term_colors ()
 
   # _G_HAVE_PLUSEQ_OP
   # Can be empty, in which case the shell is probed, "yes" if += is
-  # useable or anything else if it does not work.
+  # usable or anything else if it does not work.
   test -z "$_G_HAVE_PLUSEQ_OP" \
     && (eval 'x=a; x+=" b"; test "a b" = "$x"') 2>/dev/null \
     && _G_HAVE_PLUSEQ_OP=yes
@@ -580,16 +623,16 @@ if test yes = "$_G_HAVE_PLUSEQ_OP"; then
   {
     $debug_cmd
 
-    func_quote_for_eval "$2"
-    eval "$1+=\\ \$func_quote_for_eval_result"
+    func_quote_arg pretty "$2"
+    eval "$1+=\\ \$func_quote_arg_result"
   }'
 else
   func_append_quoted ()
   {
     $debug_cmd
 
-    func_quote_for_eval "$2"
-    eval "$1=\$$1\\ \$func_quote_for_eval_result"
+    func_quote_arg pretty "$2"
+    eval "$1=\$$1\\ \$func_quote_arg_result"
   }
 fi
 
@@ -696,7 +739,7 @@ eval 'func_dirname ()
 #             to NONDIR_REPLACEMENT.
 #             value returned in "$func_dirname_result"
 #   basename: Compute filename of FILE.
-#             value retuned in "$func_basename_result"
+#             value returned in "$func_basename_result"
 # For efficiency, we do not delegate to the functions above but instead
 # duplicate the functionality here.
 eval 'func_dirname_and_basename ()
@@ -854,7 +897,7 @@ func_mkdir_p ()
       # While some portion of DIR does not yet exist...
       while test ! -d "$_G_directory_path"; do
         # ...make a list in topmost first order.  Use a colon delimited
-	# list incase some portion of path contains whitespace.
+	# list in case some portion of path contains whitespace.
         _G_dir_list=$_G_directory_path:$_G_dir_list
 
         # If the last portion added has no slash in it, the list is done
@@ -1091,85 +1134,203 @@ func_relative_path ()
 }
 
 
-# func_quote_for_eval ARG...
-# --------------------------
-# Aesthetically quote ARGs to be evaled later.
-# This function returns two values:
-#   i) func_quote_for_eval_result
-#      double-quoted, suitable for a subsequent eval
-#  ii) func_quote_for_eval_unquoted_result
-#      has all characters that are still active within double
-#      quotes backslashified.
-func_quote_for_eval ()
+# func_quote_portable EVAL ARG
+# ----------------------------
+# Internal function to portably implement func_quote_arg.  Note that we still
+# keep attention to performance here so we as much as possible try to avoid
+# calling sed binary (so far O(N) complexity as long as func_append is O(1)).
+func_quote_portable ()
 {
     $debug_cmd
 
-    func_quote_for_eval_unquoted_result=
-    func_quote_for_eval_result=
-    while test 0 -lt $#; do
-      case $1 in
-        *[\\\`\"\$]*)
-	  _G_unquoted_arg=`printf '%s\n' "$1" |$SED "$sed_quote_subst"` ;;
-        *)
-          _G_unquoted_arg=$1 ;;
-      esac
-      if test -n "$func_quote_for_eval_unquoted_result"; then
-	func_append func_quote_for_eval_unquoted_result " $_G_unquoted_arg"
-      else
-        func_append func_quote_for_eval_unquoted_result "$_G_unquoted_arg"
+    $require_check_ifs_backslash
+
+    func_quote_portable_result=$2
+
+    # one-time-loop (easy break)
+    while true
+    do
+      if $1; then
+        func_quote_portable_result=`$ECHO "$2" | $SED \
+          -e "$sed_double_quote_subst" -e "$sed_double_backslash"`
+        break
       fi
 
-      case $_G_unquoted_arg in
-        # Double-quote args containing shell metacharacters to delay
-        # word splitting, command substitution and variable expansion
-        # for a subsequent eval.
-        # Many Bourne shells cannot handle close brackets correctly
-        # in scan sets, so we specify it separately.
-        *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
-          _G_quoted_arg=\"$_G_unquoted_arg\"
+      # Quote for eval.
+      case $func_quote_portable_result in
+        *[\\\`\"\$]*)
+          # Fallback to sed for $func_check_bs_ifs_broken=:, or when the string
+          # contains the shell wildcard characters.
+          case $check_ifs_backshlash_broken$func_quote_portable_result in
+            :*|*[\[\*\?]*)
+              func_quote_portable_result=`$ECHO "$func_quote_portable_result" \
+                  | $SED "$sed_quote_subst"`
+              break
+              ;;
+          esac
+
+          func_quote_portable_old_IFS=$IFS
+          for _G_char in '\' '`' '"' '$'
+          do
+            # STATE($1) PREV($2) SEPARATOR($3)
+            set start "" ""
+            func_quote_portable_result=dummy"$_G_char$func_quote_portable_result$_G_char"dummy
+            IFS=$_G_char
+            for _G_part in $func_quote_portable_result
+            do
+              case $1 in
+              quote)
+                func_append func_quote_portable_result "$3$2"
+                set quote "$_G_part" "\\$_G_char"
+                ;;
+              start)
+                set first "" ""
+                func_quote_portable_result=
+                ;;
+              first)
+                set quote "$_G_part" ""
+                ;;
+              esac
+            done
+          done
+          IFS=$func_quote_portable_old_IFS
           ;;
-        *)
-          _G_quoted_arg=$_G_unquoted_arg
-	  ;;
+        *) ;;
       esac
-
-      if test -n "$func_quote_for_eval_result"; then
-	func_append func_quote_for_eval_result " $_G_quoted_arg"
-      else
-        func_append func_quote_for_eval_result "$_G_quoted_arg"
-      fi
-      shift
+      break
     done
+
+    func_quote_portable_unquoted_result=$func_quote_portable_result
+    case $func_quote_portable_result in
+      # double-quote args containing shell metacharacters to delay
+      # word splitting, command substitution and variable expansion
+      # for a subsequent eval.
+      # many bourne shells cannot handle close brackets correctly
+      # in scan sets, so we specify it separately.
+      *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
+        func_quote_portable_result=\"$func_quote_portable_result\"
+        ;;
+    esac
 }
 
 
-# func_quote_for_expand ARG
-# -------------------------
-# Aesthetically quote ARG to be evaled later; same as above,
-# but do not quote variable references.
-func_quote_for_expand ()
-{
-    $debug_cmd
+# func_quotefast_eval ARG
+# -----------------------
+# Quote one ARG (internal).  This is equivalent to 'func_quote_arg eval ARG',
+# but optimized for speed.  Result is stored in $func_quotefast_eval.
+if test xyes = `(x=; printf -v x %q yes; echo x"$x") 2>/dev/null`; then
+  printf -v _GL_test_printf_tilde %q '~'
+  if test '\~' = "$_GL_test_printf_tilde"; then
+    func_quotefast_eval ()
+    {
+      printf -v func_quotefast_eval_result %q "$1"
+    }
+  else
+    # Broken older Bash implementations.  Make those faster too if possible.
+    func_quotefast_eval ()
+    {
+      case $1 in
+        '~'*)
+          func_quote_portable false "$1"
+          func_quotefast_eval_result=$func_quote_portable_result
+          ;;
+        *)
+          printf -v func_quotefast_eval_result %q "$1"
+          ;;
+      esac
+    }
+  fi
+else
+  func_quotefast_eval ()
+  {
+    func_quote_portable false "$1"
+    func_quotefast_eval_result=$func_quote_portable_result
+  }
+fi
 
-    case $1 in
-      *[\\\`\"]*)
-	_G_arg=`$ECHO "$1" | $SED \
-	    -e "$sed_double_quote_subst" -e "$sed_double_backslash"` ;;
-      *)
-        _G_arg=$1 ;;
+
+# func_quote_arg MODEs ARG
+# ------------------------
+# Quote one ARG to be evaled later.  MODEs argument may contain zero or more
+# specifiers listed below separated by ',' character.  This function returns two
+# values:
+#   i) func_quote_arg_result
+#      double-quoted (when needed), suitable for a subsequent eval
+#  ii) func_quote_arg_unquoted_result
+#      has all characters that are still active within double
+#      quotes backslashified.  Available only if 'unquoted' is specified.
+#
+# Available modes:
+# ----------------
+# 'eval' (default)
+#       - escape shell special characters
+# 'expand'
+#       - the same as 'eval';  but do not quote variable references
+# 'pretty'
+#       - request aesthetic output, i.e. '"a b"' instead of 'a\ b'.  This might
+#         be used later in func_quote to get output like: 'echo "a b"' instead
+#         of 'echo a\ b'.  This is slower than default on some shells.
+# 'unquoted'
+#       - produce also $func_quote_arg_unquoted_result which does not contain
+#         wrapping double-quotes.
+#
+# Examples for 'func_quote_arg pretty,unquoted string':
+#
+#   string      | *_result              | *_unquoted_result
+#   ------------+-----------------------+-------------------
+#   "           | \"                    | \"
+#   a b         | "a b"                 | a b
+#   "a b"       | "\"a b\""             | \"a b\"
+#   *           | "*"                   | *
+#   z="${x-$y}" | "z=\"\${x-\$y}\""     | z=\"\${x-\$y}\"
+#
+# Examples for 'func_quote_arg pretty,unquoted,expand string':
+#
+#   string        |   *_result          |  *_unquoted_result
+#   --------------+---------------------+--------------------
+#   z="${x-$y}"   | "z=\"${x-$y}\""     | z=\"${x-$y}\"
+func_quote_arg ()
+{
+    _G_quote_expand=false
+    case ,$1, in
+      *,expand,*)
+        _G_quote_expand=:
+        ;;
     esac
 
-    case $_G_arg in
-      # Double-quote args containing shell metacharacters to delay
-      # word splitting and command substitution for a subsequent eval.
-      # Many Bourne shells cannot handle close brackets correctly
-      # in scan sets, so we specify it separately.
-      *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
-        _G_arg=\"$_G_arg\"
+    case ,$1, in
+      *,pretty,*|*,expand,*|*,unquoted,*)
+        func_quote_portable $_G_quote_expand "$2"
+        func_quote_arg_result=$func_quote_portable_result
+        func_quote_arg_unquoted_result=$func_quote_portable_unquoted_result
+        ;;
+      *)
+        # Faster quote-for-eval for some shells.
+        func_quotefast_eval "$2"
+        func_quote_arg_result=$func_quotefast_eval_result
         ;;
     esac
+}
 
-    func_quote_for_expand_result=$_G_arg
+
+# func_quote MODEs ARGs...
+# ------------------------
+# Quote all ARGs to be evaled later and join them into single command.  See
+# func_quote_arg's description for more info.
+func_quote ()
+{
+    $debug_cmd
+    _G_func_quote_mode=$1 ; shift
+    func_quote_result=
+    while test 0 -lt $#; do
+      func_quote_arg "$_G_func_quote_mode" "$1"
+      if test -n "$func_quote_result"; then
+        func_append func_quote_result " $func_quote_arg_result"
+      else
+        func_append func_quote_result "$func_quote_arg_result"
+      fi
+      shift
+    done
 }
 
 
@@ -1215,8 +1376,8 @@ func_show_eval ()
     _G_cmd=$1
     _G_fail_exp=${2-':'}
 
-    func_quote_for_expand "$_G_cmd"
-    eval "func_notquiet $func_quote_for_expand_result"
+    func_quote_arg pretty,expand "$_G_cmd"
+    eval "func_notquiet $func_quote_arg_result"
 
     $opt_dry_run || {
       eval "$_G_cmd"
@@ -1241,8 +1402,8 @@ func_show_eval_locale ()
     _G_fail_exp=${2-':'}
 
     $opt_quiet || {
-      func_quote_for_expand "$_G_cmd"
-      eval "func_echo $func_quote_for_expand_result"
+      func_quote_arg expand,pretty "$_G_cmd"
+      eval "func_echo $func_quote_arg_result"
     }
 
     $opt_dry_run || {
@@ -1369,30 +1530,26 @@ func_lt_ver ()
 # End:
 #! /bin/sh
 
-# Set a version string for this script.
-scriptversion=2014-01-07.03; # UTC
-
 # A portable, pluggable option parser for Bourne shell.
 # Written by Gary V. Vaughan, 2010
 
-# Copyright (C) 2010-2015 Free Software Foundation, Inc.
-# This is free software; see the source for copying conditions.  There is NO
-# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
+# This is free software.  There is NO warranty; not even for
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+#
+# Copyright (C) 2010-2019, 2021, 2023-2024 Bootstrap Authors
+#
+# This file is dual licensed under the terms of the MIT license
+# <https://opensource.org/licenses/MIT>, and GPL version 2 or later
+# <https://www.gnu.org/licenses/gpl-2.0.html>.  You must apply one of
+# these licenses when using or redistributing this software or any of
+# the files within it.  See the URLs above, or the file `LICENSE`
+# included in the Bootstrap distribution for the full license texts.
 
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
+# Please report bugs or propose patches to:
+# <https://github.com/gnulib-modules/bootstrap/issues>
 
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-# Please report bugs or propose patches to gary@gnu.org.
+# Set a version string for this script.
+scriptversion=2019-02-19.15; # UTC
 
 
 ## ------ ##
@@ -1415,7 +1572,7 @@ scriptversion=2014-01-07.03; # UTC
 #
 # In order for the '--version' option to work, you will need to have a
 # suitably formatted comment like the one at the top of this file
-# starting with '# Written by ' and ending with '# warranty; '.
+# starting with '# Written by ' and ending with '# Copyright'.
 #
 # For '-h' and '--help' to work, you will also need a one line
 # description of your script's purpose in a comment directly above the
@@ -1427,7 +1584,7 @@ scriptversion=2014-01-07.03; # UTC
 # to display verbose messages only when your user has specified
 # '--verbose'.
 #
-# After sourcing this file, you can plug processing for additional
+# After sourcing this file, you can plug in processing for additional
 # options by amending the variables from the 'Configuration' section
 # below, and following the instructions in the 'Option parsing'
 # section further down.
@@ -1476,8 +1633,8 @@ fatal_help="Try '\$progname --help' for more information."
 ## ------------------------- ##
 
 # This section contains functions for adding, removing, and running hooks
-# to the main code.  A hook is just a named list of of function, that can
-# be run in order later on.
+# in the main code.  A hook is just a list of function names that can be
+# run in order later on.
 
 # func_hookable FUNC_NAME
 # -----------------------
@@ -1510,7 +1667,8 @@ func_add_hook ()
 
 # func_remove_hook FUNC_NAME HOOK_FUNC
 # ------------------------------------
-# Remove HOOK_FUNC from the list of functions called by FUNC_NAME.
+# Remove HOOK_FUNC from the list of hook functions to be called by
+# FUNC_NAME.
 func_remove_hook ()
 {
     $debug_cmd
@@ -1519,10 +1677,28 @@ func_remove_hook ()
 }
 
 
+# func_propagate_result FUNC_NAME_A FUNC_NAME_B
+# ---------------------------------------------
+# If the *_result variable of FUNC_NAME_A _is set_, assign its value to
+# *_result variable of FUNC_NAME_B.
+func_propagate_result ()
+{
+    $debug_cmd
+
+    func_propagate_result_result=:
+    if eval "test \"\${${1}_result+set}\" = set"
+    then
+      eval "${2}_result=\$${1}_result"
+    else
+      func_propagate_result_result=false
+    fi
+}
+
+
 # func_run_hooks FUNC_NAME [ARG]...
 # ---------------------------------
 # Run all hook functions registered to FUNC_NAME.
-# It is assumed that the list of hook functions contains nothing more
+# It's assumed that the list of hook functions contains nothing more
 # than a whitespace-delimited list of legal shell function names, and
 # no effort is wasted trying to catch shell meta-characters or preserve
 # whitespace.
@@ -1532,22 +1708,19 @@ func_run_hooks ()
 
     case " $hookable_fns " in
       *" $1 "*) ;;
-      *) func_fatal_error "'$1' does not support hook funcions.n" ;;
+      *) func_fatal_error "'$1' does not support hook functions." ;;
     esac
 
     eval _G_hook_fns=\$$1_hooks; shift
 
     for _G_hook in $_G_hook_fns; do
-      eval $_G_hook '"$@"'
-
-      # store returned options list back into positional
-      # parameters for next 'cmd' execution.
-      eval _G_hook_result=\$${_G_hook}_result
-      eval set dummy "$_G_hook_result"; shift
+      func_unset "${_G_hook}_result"
+      eval $_G_hook '${1+"$@"}'
+      func_propagate_result $_G_hook func_run_hooks
+      if $func_propagate_result_result; then
+        eval set dummy "$func_run_hooks_result"; shift
+      fi
     done
-
-    func_quote_for_eval ${1+"$@"}
-    func_run_hooks_result=$func_quote_for_eval_result
 }
 
 
@@ -1557,10 +1730,18 @@ func_run_hooks ()
 ## --------------- ##
 
 # In order to add your own option parsing hooks, you must accept the
-# full positional parameter list in your hook function, remove any
-# options that you action, and then pass back the remaining unprocessed
-# options in '<hooked_function_name>_result', escaped suitably for
-# 'eval'.  Like this:
+# full positional parameter list from your hook function.  You may remove
+# or edit any options that you action, and then pass back the remaining
+# unprocessed options in '<hooked_function_name>_result', escaped
+# suitably for 'eval'.
+#
+# The '<hooked_function_name>_result' variable is automatically unset
+# before your hook gets called; for best performance, only set the
+# *_result variable when necessary (i.e. don't call the 'func_quote'
+# function unnecessarily because it can be an expensive operation on some
+# machines).
+#
+# Like this:
 #
 #    my_options_prep ()
 #    {
@@ -1570,9 +1751,8 @@ func_run_hooks ()
 #        usage_message=$usage_message'
 #      -s, --silent       don'\''t print informational messages
 #    '
-#
-#        func_quote_for_eval ${1+"$@"}
-#        my_options_prep_result=$func_quote_for_eval_result
+#        # No change in '$@' (ignored completely by this hook).  Leave
+#        # my_options_prep_result variable intact.
 #    }
 #    func_add_hook func_options_prep my_options_prep
 #
@@ -1581,25 +1761,36 @@ func_run_hooks ()
 #    {
 #        $debug_cmd
 #
-#        # Note that for efficiency, we parse as many options as we can
+#        args_changed=false
+#
+#        # Note that, for efficiency, we parse as many options as we can
 #        # recognise in a loop before passing the remainder back to the
 #        # caller on the first unrecognised argument we encounter.
 #        while test $# -gt 0; do
 #          opt=$1; shift
 #          case $opt in
-#            --silent|-s) opt_silent=: ;;
+#            --silent|-s) opt_silent=:
+#                         args_changed=:
+#                         ;;
 #            # Separate non-argument short options:
 #            -s*)         func_split_short_opt "$_G_opt"
 #                         set dummy "$func_split_short_opt_name" \
 #                             "-$func_split_short_opt_arg" ${1+"$@"}
 #                         shift
+#                         args_changed=:
 #                         ;;
-#            *)            set dummy "$_G_opt" "$*"; shift; break ;;
+#            *)           # Make sure the first unrecognised option "$_G_opt"
+#                         # is added back to "$@" in case we need it later,
+#                         # if $args_changed was set to 'true'.
+#                         set dummy "$_G_opt" ${1+"$@"}; shift; break ;;
 #          esac
 #        done
 #
-#        func_quote_for_eval ${1+"$@"}
-#        my_silent_option_result=$func_quote_for_eval_result
+#        # Only call 'func_quote' here if we processed at least one argument.
+#        if $args_changed; then
+#          func_quote eval ${1+"$@"}
+#          my_silent_option_result=$func_quote_result
+#        fi
 #    }
 #    func_add_hook func_parse_options my_silent_option
 #
@@ -1610,17 +1801,26 @@ func_run_hooks ()
 #
 #        $opt_silent && $opt_verbose && func_fatal_help "\
 #    '--silent' and '--verbose' options are mutually exclusive."
-#
-#        func_quote_for_eval ${1+"$@"}
-#        my_option_validation_result=$func_quote_for_eval_result
 #    }
 #    func_add_hook func_validate_options my_option_validation
 #
-# You'll alse need to manually amend $usage_message to reflect the extra
+# You'll also need to manually amend $usage_message to reflect the extra
 # options you parse.  It's preferable to append if you can, so that
 # multiple option parsing hooks can be added safely.
 
 
+# func_options_finish [ARG]...
+# ----------------------------
+# Finishing the option parse loop (call 'func_options' hooks ATM).
+func_options_finish ()
+{
+    $debug_cmd
+
+    func_run_hooks func_options ${1+"$@"}
+    func_propagate_result func_run_hooks func_options_finish
+}
+
+
 # func_options [ARG]...
 # ---------------------
 # All the functions called inside func_options are hookable. See the
@@ -1630,17 +1830,27 @@ func_options ()
 {
     $debug_cmd
 
-    func_options_prep ${1+"$@"}
-    eval func_parse_options \
-        ${func_options_prep_result+"$func_options_prep_result"}
-    eval func_validate_options \
-        ${func_parse_options_result+"$func_parse_options_result"}
+    _G_options_quoted=false
 
-    eval func_run_hooks func_options \
-        ${func_validate_options_result+"$func_validate_options_result"}
+    for my_func in options_prep parse_options validate_options options_finish
+    do
+      func_unset func_${my_func}_result
+      func_unset func_run_hooks_result
+      eval func_$my_func '${1+"$@"}'
+      func_propagate_result func_$my_func func_options
+      if $func_propagate_result_result; then
+        eval set dummy "$func_options_result"; shift
+        _G_options_quoted=:
+      fi
+    done
 
-    # save modified positional parameters for caller
-    func_options_result=$func_run_hooks_result
+    $_G_options_quoted || {
+      # As we (func_options) are top-level options-parser function and
+      # nobody quoted "$@" for us yet, we need to do it explicitly for
+      # caller.
+      func_quote eval ${1+"$@"}
+      func_options_result=$func_quote_result
+    }
 }
 
 
@@ -1649,9 +1859,8 @@ func_options ()
 # All initialisations required before starting the option parse loop.
 # Note that when calling hook functions, we pass through the list of
 # positional parameters.  If a hook function modifies that list, and
-# needs to propogate that back to rest of this script, then the complete
-# modified list must be put in 'func_run_hooks_result' before
-# returning.
+# needs to propagate that back to rest of this script, then the complete
+# modified list must be put in 'func_run_hooks_result' before returning.
 func_hookable func_options_prep
 func_options_prep ()
 {
@@ -1662,9 +1871,7 @@ func_options_prep ()
     opt_warning_types=
 
     func_run_hooks func_options_prep ${1+"$@"}
-
-    # save modified positional parameters for caller
-    func_options_prep_result=$func_run_hooks_result
+    func_propagate_result func_run_hooks func_options_prep
 }
 
 
@@ -1676,25 +1883,32 @@ func_parse_options ()
 {
     $debug_cmd
 
-    func_parse_options_result=
-
+    _G_parse_options_requote=false
     # this just eases exit handling
     while test $# -gt 0; do
       # Defer to hook functions for initial option parsing, so they
       # get priority in the event of reusing an option name.
       func_run_hooks func_parse_options ${1+"$@"}
-
-      # Adjust func_parse_options positional parameters to match
-      eval set dummy "$func_run_hooks_result"; shift
+      func_propagate_result func_run_hooks func_parse_options
+      if $func_propagate_result_result; then
+        eval set dummy "$func_parse_options_result"; shift
+        # Even though we may have changed "$@", we passed the "$@" array
+        # down into the hook and it quoted it for us (because we are in
+        # this if-branch).  No need to quote it again.
+        _G_parse_options_requote=false
+      fi
 
       # Break out of the loop if we already parsed every option.
       test $# -gt 0 || break
 
+      # We expect that one of the options parsed in this function matches
+      # and thus we remove _G_opt from "$@" and need to re-quote.
+      _G_match_parse_options=:
       _G_opt=$1
       shift
       case $_G_opt in
         --debug|-x)   debug_cmd='set -x'
-                      func_echo "enabling shell trace mode"
+                      func_echo "enabling shell trace mode" >&2
                       $debug_cmd
                       ;;
 
@@ -1704,7 +1918,10 @@ func_parse_options ()
 		      ;;
 
         --warnings|--warning|-W)
-                      test $# = 0 && func_missing_arg $_G_opt && break
+                      if test $# = 0 && func_missing_arg $_G_opt; then
+                        _G_parse_options_requote=:
+                        break
+                      fi
                       case " $warning_categories $1" in
                         *" $1 "*)
                           # trailing space prevents matching last $1 above
@@ -1757,15 +1974,24 @@ func_parse_options ()
                       shift
                       ;;
 
-        --)           break ;;
+        --)           _G_parse_options_requote=: ; break ;;
         -*)           func_fatal_help "unrecognised option: '$_G_opt'" ;;
-        *)            set dummy "$_G_opt" ${1+"$@"}; shift; break ;;
+        *)            set dummy "$_G_opt" ${1+"$@"}; shift
+                      _G_match_parse_options=false
+                      break
+                      ;;
       esac
+
+      if $_G_match_parse_options; then
+        _G_parse_options_requote=:
+      fi
     done
 
-    # save modified positional parameters for caller
-    func_quote_for_eval ${1+"$@"}
-    func_parse_options_result=$func_quote_for_eval_result
+    if $_G_parse_options_requote; then
+      # save modified positional parameters for caller
+      func_quote eval ${1+"$@"}
+      func_parse_options_result=$func_quote_result
+    fi
 }
 
 
@@ -1782,12 +2008,10 @@ func_validate_options ()
     test -n "$opt_warning_types" || opt_warning_types=" $warning_categories"
 
     func_run_hooks func_validate_options ${1+"$@"}
+    func_propagate_result func_run_hooks func_validate_options
 
     # Bail if the options were screwed!
     $exit_cmd $EXIT_FAILURE
-
-    # save modified positional parameters for caller
-    func_validate_options_result=$func_run_hooks_result
 }
 
 
@@ -1843,8 +2067,8 @@ func_missing_arg ()
 
 # func_split_equals STRING
 # ------------------------
-# Set func_split_equals_lhs and func_split_equals_rhs shell variables after
-# splitting STRING at the '=' sign.
+# Set func_split_equals_lhs and func_split_equals_rhs shell variables
+# after splitting STRING at the '=' sign.
 test -z "$_G_HAVE_XSI_OPS" \
     && (eval 'x=a/b/c;
       test 5aa/bb/cc = "${#x}${x%%/*}${x%/*}${x#*/}${x##*/}"') 2>/dev/null \
@@ -1859,8 +2083,9 @@ then
 
       func_split_equals_lhs=${1%%=*}
       func_split_equals_rhs=${1#*=}
-      test "x$func_split_equals_lhs" = "x$1" \
-        && func_split_equals_rhs=
+      if test "x$func_split_equals_lhs" = "x$1"; then
+        func_split_equals_rhs=
+      fi
   }'
 else
   # ...otherwise fall back to using expr, which is often a shell builtin.
@@ -1870,7 +2095,7 @@ else
 
       func_split_equals_lhs=`expr "x$1" : 'x\([^=]*\)'`
       func_split_equals_rhs=
-      test "x$func_split_equals_lhs" = "x$1" \
+      test "x$func_split_equals_lhs=" = "x$1" \
         || func_split_equals_rhs=`expr "x$1" : 'x[^=]*=\(.*\)$'`
   }
 fi #func_split_equals
@@ -1896,7 +2121,7 @@ else
   {
       $debug_cmd
 
-      func_split_short_opt_name=`expr "x$1" : 'x-\(.\)'`
+      func_split_short_opt_name=`expr "x$1" : 'x\(-.\)'`
       func_split_short_opt_arg=`expr "x$1" : 'x-.\(.*\)$'`
   }
 fi #func_split_short_opt
@@ -1938,31 +2163,44 @@ func_usage_message ()
 # func_version
 # ------------
 # Echo version message to standard output and exit.
+# The version message is extracted from the calling file's header
+# comments, with leading '# ' stripped:
+#   1. First display the progname and version
+#   2. Followed by the header comment line matching  /^# Written by /
+#   3. Then a blank line followed by the first following line matching
+#      /^# Copyright /
+#   4. Immediately followed by any lines between the previous matches,
+#      except lines preceding the intervening completely blank line.
+# For example, see the header comments of this file.
 func_version ()
 {
     $debug_cmd
 
     printf '%s\n' "$progname $scriptversion"
     $SED -n '
-        /(C)/!b go
-        :more
-        /\./!{
-          N
-          s|\n# | |
-          b more
-        }
-        :go
-        /^# Written by /,/# warranty; / {
-          s|^# ||
-          s|^# *$||
-          s|\((C)\)[ 0-9,-]*[ ,-]\([1-9][0-9]* \)|\1 \2|
-          p
+        /^# Written by /!b
+        s|^# ||; p; n
+
+        :fwd2blnk
+        /./ {
+          n
+          b fwd2blnk
         }
-        /^# Written by / {
-          s|^# ||
-          p
+        p; n
+
+        :holdwrnt
+        s|^# ||
+        s|^# *$||
+        /^Copyright /!{
+          /./H
+          n
+          b holdwrnt
         }
-        /^warranty; /q' < "$progpath"
+
+        s|\((C)\)[ 0-9,-]*[ ,-]\([1-9][0-9]* \)|\1 \2|
+        G
+        s|\(\n\)\n*|\1|g
+        p; q' < "$progpath"
 
     exit $?
 }
@@ -1972,12 +2210,35 @@ func_version ()
 # mode: shell-script
 # sh-indentation: 2
 # eval: (add-hook 'before-save-hook 'time-stamp)
-# time-stamp-pattern: "10/scriptversion=%:y-%02m-%02d.%02H; # UTC"
+# time-stamp-pattern: "30/scriptversion=%:y-%02m-%02d.%02H; # UTC"
 # time-stamp-time-zone: "UTC"
 # End:
 
 # Set a version string.
-scriptversion='(GNU libtool) 2.4.6'
+scriptversion='(GNU libtool) 2.5.4'
+
+# func_version
+# ------------
+# Echo version message to standard output and exit.
+func_version ()
+{
+    $debug_cmd
+
+	year=`date +%Y`
+
+	cat <<EOF
+$progname $scriptversion
+Copyright (C) $year Free Software Foundation, Inc.
+License GPLv2+: GNU GPL version 2 or later <https://gnu.org/licenses/gpl.html>
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.
+
+Originally written by Gordon Matzigkeit, 1996
+(See AUTHORS for complete contributor listing)
+EOF
+
+    exit $?
+}
 
 
 # func_echo ARG...
@@ -2000,18 +2261,6 @@ func_echo ()
 }
 
 
-# func_warning ARG...
-# -------------------
-# Libtool warnings are not categorized, so override funclib.sh
-# func_warning with this simpler definition.
-func_warning ()
-{
-    $debug_cmd
-
-    $warning_func ${1+"$@"}
-}
-
-
 ## ---------------- ##
 ## Options parsing. ##
 ## ---------------- ##
@@ -2023,19 +2272,23 @@ usage='$progpath [OPTION]... [MODE-ARG]...'
 
 # Short help message in response to '-h'.
 usage_message="Options:
-       --config             show all configuration variables
-       --debug              enable verbose shell tracing
-   -n, --dry-run            display commands without modifying any files
-       --features           display basic configuration information and exit
-       --mode=MODE          use operation mode MODE
-       --no-warnings        equivalent to '-Wnone'
-       --preserve-dup-deps  don't remove duplicate dependency libraries
-       --quiet, --silent    don't print informational messages
-       --tag=TAG            use configuration variables from tag TAG
-   -v, --verbose            print more informational messages than default
-       --version            print version information
-   -W, --warnings=CATEGORY  report the warnings falling in CATEGORY [all]
-   -h, --help, --help-all   print short, long, or detailed help message
+       --config                 show all configuration variables
+       --debug                  enable verbose shell tracing
+   -n, --dry-run                display commands without modifying any files
+       --features               display basic configuration information
+       --finish                 use operation '--mode=finish'
+       --mode=MODE              use operation mode MODE
+       --no-finish              don't update shared library cache
+       --no-quiet, --no-silent  print default informational messages
+       --no-warnings            equivalent to '-Wnone'
+       --preserve-dup-deps      don't remove duplicate dependency libraries
+       --quiet, --silent        don't print informational messages
+       --reorder-cache=DIRS     reorder shared library cache for preferred DIRS
+       --tag=TAG                use configuration variables from tag TAG
+   -v, --verbose                print more informational messages than default
+       --version                print version information
+   -W, --warnings=CATEGORY      report the warnings falling in CATEGORY [all]
+   -h, --help, --help-all       print short, long, or detailed help message
 "
 
 # Additional text appended to 'usage_message' in response to '--help'.
@@ -2068,13 +2321,13 @@ include the following information:
        compiler:       $LTCC
        compiler flags: $LTCFLAGS
        linker:         $LD (gnu? $with_gnu_ld)
-       version:        $progname (GNU libtool) 2.4.6
+       version:        $progname $scriptversion
        automake:       `($AUTOMAKE --version) 2>/dev/null |$SED 1q`
        autoconf:       `($AUTOCONF --version) 2>/dev/null |$SED 1q`
 
 Report bugs to <bug-libtool@gnu.org>.
-GNU libtool home page: <http://www.gnu.org/software/libtool/>.
-General help using GNU software: <http://www.gnu.org/gethelp/>."
+GNU libtool home page: <https://www.gnu.org/software/libtool/>.
+General help using GNU software: <https://www.gnu.org/gethelp/>."
     exit 0
 }
 
@@ -2264,12 +2517,17 @@ libtool_options_prep ()
     opt_dry_run=false
     opt_help=false
     opt_mode=
+    opt_reorder_cache=false
     opt_preserve_dup_deps=false
     opt_quiet=false
+    opt_finishing=true
+    opt_warning=
 
     nonopt=
     preserve_args=
 
+    _G_rc_lt_options_prep=:
+
     # Shorthand for --mode=foo, only valid as the first argument
     case $1 in
     clean|clea|cle|cl)
@@ -2293,11 +2551,16 @@ libtool_options_prep ()
     uninstall|uninstal|uninsta|uninst|unins|unin|uni|un|u)
       shift; set dummy --mode uninstall ${1+"$@"}; shift
       ;;
+    *)
+      _G_rc_lt_options_prep=false
+      ;;
     esac
 
-    # Pass back the list of options.
-    func_quote_for_eval ${1+"$@"}
-    libtool_options_prep_result=$func_quote_for_eval_result
+    if $_G_rc_lt_options_prep; then
+      # Pass back the list of options.
+      func_quote eval ${1+"$@"}
+      libtool_options_prep_result=$func_quote_result
+    fi
 }
 func_add_hook func_options_prep libtool_options_prep
 
@@ -2309,9 +2572,12 @@ libtool_parse_options ()
 {
     $debug_cmd
 
+    _G_rc_lt_parse_options=false
+
     # Perform our own loop to consume as many options as possible in
     # each iteration.
     while test $# -gt 0; do
+      _G_match_lt_parse_options=:
       _G_opt=$1
       shift
       case $_G_opt in
@@ -2345,14 +2611,18 @@ libtool_parse_options ()
                           clean|compile|execute|finish|install|link|relink|uninstall) ;;
 
                           # Catch anything else as an error
-                          *) func_error "invalid argument for $_G_opt"
+                          *) func_error "invalid argument '$1' for $_G_opt"
                              exit_cmd=exit
-                             break
                              ;;
                         esac
                         shift
                         ;;
 
+        --no-finish)
+                        opt_finishing=false
+                        func_append preserve_args " $_G_opt"
+                        ;;
+
         --no-silent|--no-quiet)
                         opt_quiet=false
                         func_append preserve_args " $_G_opt"
@@ -2368,6 +2638,24 @@ libtool_parse_options ()
                         func_append preserve_args " $_G_opt"
                         ;;
 
+        --reorder-cache)
+                        opt_reorder_cache=true
+                        shared_lib_dirs=$1
+                        if test -n "$shared_lib_dirs"; then
+                          case $1 in
+                            # Must begin with /:
+                            /*) ;;
+
+                            # Catch anything else as an error (relative paths)
+                            *) func_error "invalid argument '$1' for $_G_opt"
+                               func_error "absolute paths are required for $_G_opt"
+                               exit_cmd=exit
+                               ;;
+                          esac
+                        fi
+                        shift
+                        ;;
+
         --silent|--quiet)
                         opt_quiet=:
                         opt_verbose=false
@@ -2386,19 +2674,36 @@ libtool_parse_options ()
                         func_append preserve_args " $_G_opt"
                         ;;
 
-	# An option not handled by this hook function:
-        *)		set dummy "$_G_opt" ${1+"$@"};	shift; break  ;;
+        # An option not handled by this hook function:
+        *)              set dummy "$_G_opt" ${1+"$@"} ; shift
+                        _G_match_lt_parse_options=false
+                        break
+                        ;;
       esac
+      $_G_match_lt_parse_options && _G_rc_lt_parse_options=:
     done
 
-
-    # save modified positional parameters for caller
-    func_quote_for_eval ${1+"$@"}
-    libtool_parse_options_result=$func_quote_for_eval_result
+    if $_G_rc_lt_parse_options; then
+      # save modified positional parameters for caller
+      func_quote eval ${1+"$@"}
+      libtool_parse_options_result=$func_quote_result
+    fi
 }
 func_add_hook func_parse_options libtool_parse_options
 
 
+# func_warning ARG...
+# -------------------
+# Libtool warnings are not categorized, so override funclib.sh
+# func_warning with this simpler definition.
+func_warning ()
+{
+    if $opt_warning; then
+        $debug_cmd
+        $warning_func ${1+"$@"}
+    fi
+}
+
 
 # libtool_validate_options [ARG]...
 # ---------------------------------
@@ -2415,10 +2720,10 @@ libtool_validate_options ()
     # preserve --debug
     test : = "$debug_cmd" || func_append preserve_args " --debug"
 
-    case $host in
+    case $host_os in
       # Solaris2 added to fix http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16452
       # see also: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59788
-      *cygwin* | *mingw* | *pw32* | *cegcc* | *solaris2* | *os2*)
+      cygwin* | mingw* | windows* | pw32* | cegcc* | solaris2* | os2*)
         # don't eliminate duplications in $postdeps and $predeps
         opt_duplicate_compiler_generated_deps=:
         ;;
@@ -2451,8 +2756,8 @@ libtool_validate_options ()
     }
 
     # Pass back the unparsed argument list
-    func_quote_for_eval ${1+"$@"}
-    libtool_validate_options_result=$func_quote_for_eval_result
+    func_quote eval ${1+"$@"}
+    libtool_validate_options_result=$func_quote_result
 }
 func_add_hook func_validate_options libtool_validate_options
 
@@ -2750,7 +3055,7 @@ EOF
 
 # func_convert_core_file_wine_to_w32 ARG
 # Helper function used by file name conversion functions when $build is *nix,
-# and $host is mingw, cygwin, or some other w32 environment. Relies on a
+# and $host is mingw, windows, cygwin, or some other w32 environment. Relies on a
 # correctly configured wine environment available, with the winepath program
 # in $build's $PATH.
 #
@@ -2782,9 +3087,10 @@ func_convert_core_file_wine_to_w32 ()
 
 # func_convert_core_path_wine_to_w32 ARG
 # Helper function used by path conversion functions when $build is *nix, and
-# $host is mingw, cygwin, or some other w32 environment. Relies on a correctly
-# configured wine environment available, with the winepath program in $build's
-# $PATH. Assumes ARG has no leading or trailing path separator characters.
+# $host is mingw, windows, cygwin, or some other w32 environment. Relies on a
+# correctly configured wine environment available, with the winepath program
+# in $build's $PATH. Assumes ARG has no leading or trailing path separator
+# characters.
 #
 # ARG is path to be converted from $build format to win32.
 # Result is available in $func_convert_core_path_wine_to_w32_result.
@@ -2927,6 +3233,15 @@ func_convert_path_front_back_pathsep ()
 # end func_convert_path_front_back_pathsep
 
 
+# func_convert_delimited_path PATH ORIG_DELIMITER NEW_DELIMITER
+# Replaces a delimiter for a given path.
+func_convert_delimited_path ()
+{
+	converted_path=`$ECHO "$1" | $SED "s#$2#$3#g"`
+}
+# end func_convert_delimited_path
+
+
 ##################################################
 # $build to $host FILE NAME CONVERSION FUNCTIONS #
 ##################################################
@@ -3261,6 +3576,65 @@ func_dll_def_p ()
 }
 
 
+# func_reorder_shared_lib_cache DIRS
+# Reorder the shared library cache by unconfiguring previous shared library cache
+# and configuring preferred search directories before previous search directories.
+# Previous shared library cache: /usr/lib /usr/local/lib
+# Preferred search directories: /tmp/testing
+# Reordered shared library cache: /tmp/testing /usr/lib /usr/local/lib
+func_reorder_shared_lib_cache ()
+{
+	$debug_cmd
+
+	case $host_os in
+	  openbsd*)
+	    get_search_directories=`PATH="$PATH:/sbin" ldconfig -r | $GREP "search directories" | $SED "s#.*search directories:\ ##g"`
+	    func_convert_delimited_path "$get_search_directories" ':' '\ '
+	    save_search_directories=$converted_path
+	    func_convert_delimited_path "$1" ':' '\ '
+
+	    # Ensure directories exist
+	    for dir in $converted_path; do
+	      # Ensure each directory is an absolute path
+	      case $dir in
+	        /*) ;;
+	        *) func_error "Directory '$dir' is not an absolute path"
+	           exit $EXIT_FAILURE ;;
+	      esac
+	      # Ensure no trailing slashes
+	      func_stripname '' '/' "$dir"
+	      dir=$func_stripname_result
+	      if test -d "$dir"; then
+	        if test -n "$preferred_search_directories"; then
+	          preferred_search_directories="$preferred_search_directories $dir"
+	        else
+	          preferred_search_directories=$dir
+	        fi
+	      else
+	        func_error "Directory '$dir' does not exist"
+	        exit $EXIT_FAILURE
+	      fi
+	    done
+
+	    PATH="$PATH:/sbin" ldconfig -U $save_search_directories
+	    PATH="$PATH:/sbin" ldconfig -m $preferred_search_directories $save_search_directories
+	    get_search_directories=`PATH="$PATH:/sbin" ldconfig -r | $GREP "search directories" | $SED "s#.*search directories:\ ##g"`
+	    func_convert_delimited_path "$get_search_directories" ':' '\ '
+	    reordered_search_directories=$converted_path
+
+	    $ECHO "Original: $save_search_directories"
+	    $ECHO "Reordered: $reordered_search_directories"
+	    exit $EXIT_SUCCESS
+	  ;;
+	  *)
+	    func_error "--reorder-cache is not supported for host_os=$host_os."
+	    exit $EXIT_FAILURE
+	  ;;
+	esac
+}
+# end func_reorder_shared_lib_cache
+
+
 # func_mode_compile arg...
 func_mode_compile ()
 {
@@ -3418,8 +3792,8 @@ func_mode_compile ()
       esac
     done
 
-    func_quote_for_eval "$libobj"
-    test "X$libobj" != "X$func_quote_for_eval_result" \
+    func_quote_arg pretty "$libobj"
+    test "X$libobj" != "X$func_quote_arg_result" \
       && $ECHO "X$libobj" | $GREP '[]~#^*{};<>?"'"'"'	 &()|`$[]' \
       && func_warning "libobj name '$libobj' may not contain shell special characters."
     func_dirname_and_basename "$obj" "/" ""
@@ -3439,7 +3813,7 @@ func_mode_compile ()
 
     # On Cygwin there's no "real" PIC flag so we must build both object types
     case $host_os in
-    cygwin* | mingw* | pw32* | os2* | cegcc*)
+    cygwin* | mingw* | windows* | pw32* | os2* | cegcc*)
       pic_mode=default
       ;;
     esac
@@ -3492,8 +3866,8 @@ compiler."
 
     func_to_tool_file "$srcfile" func_convert_file_msys_to_w32
     srcfile=$func_to_tool_file_result
-    func_quote_for_eval "$srcfile"
-    qsrcfile=$func_quote_for_eval_result
+    func_quote_arg pretty "$srcfile"
+    qsrcfile=$func_quote_arg_result
 
     # Only build a PIC object if we are building libtool libraries.
     if test yes = "$build_libtool_libs"; then
@@ -3648,7 +4022,8 @@ This mode accepts the following additional options:
   -prefer-non-pic   try to build non-PIC objects only
   -shared           do not build a '.o' file suitable for static linking
   -static           only build a '.o' file suitable for static linking
-  -Wc,FLAG          pass FLAG directly to the compiler
+  -Wc,FLAG
+  -Xcompiler FLAG   pass FLAG directly to the compiler
 
 COMPILE-COMMAND is a command to be used in creating a 'standard' object file
 from the given SOURCEFILE.
@@ -3754,6 +4129,8 @@ The following components of LINK-COMMAND are treated specially:
   -weak LIBNAME     declare that the target provides the LIBNAME interface
   -Wc,FLAG
   -Xcompiler FLAG   pass linker-specific FLAG directly to the compiler
+  -Wa,FLAG
+  -Xassembler FLAG  pass linker-specific FLAG directly to the assembler
   -Wl,FLAG
   -Xlinker FLAG     pass linker-specific FLAG directly to the linker
   -XCClinker FLAG   pass link-specific FLAG to the compiler driver (CC)
@@ -3830,6 +4207,12 @@ if $opt_help; then
 fi
 
 
+# If option '--reorder-cache', reorder the shared library cache and exit.
+if $opt_reorder_cache; then
+    func_reorder_shared_lib_cache $shared_lib_dirs
+fi
+
+
 # func_mode_execute arg...
 func_mode_execute ()
 {
@@ -4014,7 +4397,7 @@ func_mode_finish ()
       fi
     fi
 
-    if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then
+    if test -n "$finish_cmds$finish_eval" && test -n "$libdirs" && $opt_finishing; then
       for libdir in $libdirs; do
 	if test -n "$finish_cmds"; then
 	  # Do each command in the finish commands.
@@ -4039,6 +4422,12 @@ func_mode_finish ()
       for libdir in $libdirs; do
 	$ECHO "   $libdir"
       done
+      if test "false" = "$opt_finishing"; then
+        echo
+        echo "NOTE: finish_cmds were not executed during testing, so you must"
+        echo "manually run ldconfig to add a given test directory, LIBDIR, to"
+        echo "the search path for generated executables."
+      fi
       echo
       echo "If you ever happen to want to link against installed libraries"
       echo "in a given directory, LIBDIR, you must either use libtool, and"
@@ -4096,8 +4485,8 @@ func_mode_install ()
        case $nonopt in *shtool*) :;; *) false;; esac
     then
       # Aesthetically quote it.
-      func_quote_for_eval "$nonopt"
-      install_prog="$func_quote_for_eval_result "
+      func_quote_arg pretty "$nonopt"
+      install_prog="$func_quote_arg_result "
       arg=$1
       shift
     else
@@ -4107,8 +4496,8 @@ func_mode_install ()
 
     # The real first argument should be the name of the installation program.
     # Aesthetically quote it.
-    func_quote_for_eval "$arg"
-    func_append install_prog "$func_quote_for_eval_result"
+    func_quote_arg pretty "$arg"
+    func_append install_prog "$func_quote_arg_result"
     install_shared_prog=$install_prog
     case " $install_prog " in
       *[\\\ /]cp\ *) install_cp=: ;;
@@ -4165,12 +4554,12 @@ func_mode_install ()
       esac
 
       # Aesthetically quote the argument.
-      func_quote_for_eval "$arg"
-      func_append install_prog " $func_quote_for_eval_result"
+      func_quote_arg pretty "$arg"
+      func_append install_prog " $func_quote_arg_result"
       if test -n "$arg2"; then
-	func_quote_for_eval "$arg2"
+	func_quote_arg pretty "$arg2"
       fi
-      func_append install_shared_prog " $func_quote_for_eval_result"
+      func_append install_shared_prog " $func_quote_arg_result"
     done
 
     test -z "$install_prog" && \
@@ -4181,8 +4570,8 @@ func_mode_install ()
 
     if test -n "$install_override_mode" && $no_mode; then
       if $install_cp; then :; else
-	func_quote_for_eval "$install_override_mode"
-	func_append install_shared_prog " -m $func_quote_for_eval_result"
+	func_quote_arg pretty "$install_override_mode"
+	func_append install_shared_prog " -m $func_quote_arg_result"
       fi
     fi
 
@@ -4275,8 +4664,15 @@ func_mode_install ()
 	func_append dir "$objdir"
 
 	if test -n "$relink_command"; then
+	  # Strip any trailing slash from the destination.
+	  func_stripname '' '/' "$libdir"
+	  destlibdir=$func_stripname_result
+
+	  func_stripname '' '/' "$destdir"
+	  s_destdir=$func_stripname_result
+
 	  # Determine the prefix the user has applied to our future dir.
-	  inst_prefix_dir=`$ECHO "$destdir" | $SED -e "s%$libdir\$%%"`
+	  inst_prefix_dir=`$ECHO "X$s_destdir" | $Xsed -e "s%$destlibdir\$%%"`
 
 	  # Don't allow the user to place us outside of our expected
 	  # location b/c this prevents finding dependent libraries that
@@ -4313,7 +4709,7 @@ func_mode_install ()
 	      'exit $?'
 	  tstripme=$stripme
 	  case $host_os in
-	  cygwin* | mingw* | pw32* | cegcc*)
+	  cygwin* | mingw* | windows* | pw32* | cegcc*)
 	    case $realname in
 	    *.dll.a)
 	      tstripme=
@@ -4426,7 +4822,7 @@ func_mode_install ()
 
 	# Do a test to see if this is really a libtool program.
 	case $host in
-	*cygwin* | *mingw*)
+	*cygwin* | *mingw* | *windows*)
 	    if func_ltwrapper_executable_p "$file"; then
 	      func_ltwrapper_scriptname "$file"
 	      wrapper=$func_ltwrapper_scriptname_result
@@ -4478,8 +4874,8 @@ func_mode_install ()
 	        relink_command=`$ECHO "$relink_command" | $SED 's%@OUTPUT@%'"$outputname"'%g'`
 
 	        $opt_quiet || {
-	          func_quote_for_expand "$relink_command"
-		  eval "func_echo $func_quote_for_expand_result"
+	          func_quote_arg expand,pretty "$relink_command"
+		  eval "func_echo $func_quote_arg_result"
 	        }
 	        if eval "$relink_command"; then :
 	          else
@@ -4654,7 +5050,7 @@ extern \"C\" {
 	      $RM $export_symbols
 	      eval "$SED -n -e '/^: @PROGRAM@ $/d' -e 's/^.* \(.*\)$/\1/p' "'< "$nlist" > "$export_symbols"'
 	      case $host in
-	      *cygwin* | *mingw* | *cegcc* )
+	      *cygwin* | *mingw* | *windows* | *cegcc* )
                 eval "echo EXPORTS "'> "$output_objdir/$outputname.def"'
                 eval 'cat "$export_symbols" >> "$output_objdir/$outputname.def"'
 	        ;;
@@ -4666,7 +5062,7 @@ extern \"C\" {
 	      eval '$GREP -f "$output_objdir/$outputname.exp" < "$nlist" > "$nlist"T'
 	      eval '$MV "$nlist"T "$nlist"'
 	      case $host in
-	        *cygwin* | *mingw* | *cegcc* )
+	        *cygwin* | *mingw* | *windows* | *cegcc* )
 	          eval "echo EXPORTS "'> "$output_objdir/$outputname.def"'
 	          eval 'cat "$nlist" >> "$output_objdir/$outputname.def"'
 	          ;;
@@ -4680,7 +5076,7 @@ extern \"C\" {
 	  func_basename "$dlprefile"
 	  name=$func_basename_result
           case $host in
-	    *cygwin* | *mingw* | *cegcc* )
+	    *cygwin* | *mingw* | *windows* | *cegcc* )
 	      # if an import library, we need to obtain dlname
 	      if func_win32_import_lib_p "$dlprefile"; then
 	        func_tr_sh "$dlprefile"
@@ -4706,8 +5102,16 @@ extern \"C\" {
 	            eval '$ECHO ": $name " >> "$nlist"'
 	          fi
 	          func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32
-	          eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe |
-	            $SED -e '/I __imp/d' -e 's/I __nm_/D /;s/_nm__//' >> '$nlist'"
+	          case $host in
+	            i[3456]86-*-mingw32*)
+	              eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe |
+	                $SED -e '/I __imp/d' -e 's/I __nm_/D /;s/_nm__//' >> '$nlist'"
+	            ;;
+	            *)
+	              eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe |
+	                $SED -e '/I __imp/d' -e 's/I __nm_/D /;s/__nm_//' >> '$nlist'"
+	            ;;
+	          esac
 	        }
 	      else # not an import lib
 	        $opt_dry_run || {
@@ -4855,7 +5259,7 @@ static const void *lt_preloaded_setup() {
 	# Transform the symbol file into the correct name.
 	symfileobj=$output_objdir/${my_outputname}S.$objext
 	case $host in
-	*cygwin* | *mingw* | *cegcc* )
+	*cygwin* | *mingw* | *windows* | *cegcc* )
 	  if test -f "$output_objdir/$my_outputname.def"; then
 	    compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"`
 	    finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"`
@@ -4931,7 +5335,7 @@ func_win32_libid ()
   *ar\ archive*) # could be an import, or static
     # Keep the egrep pattern in sync with the one in _LT_CHECK_MAGIC_METHOD.
     if eval $OBJDUMP -f $1 | $SED -e '10q' 2>/dev/null |
-       $EGREP 'file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)' >/dev/null; then
+       $EGREP 'file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64|pe-aarch64)' >/dev/null; then
       case $nm_interface in
       "MS dumpbin")
 	if func_cygming_ms_implib_p "$1" ||
@@ -5198,7 +5602,7 @@ func_extract_archives ()
 #
 # Emit a libtool wrapper script on stdout.
 # Don't directly open a file because we may want to
-# incorporate the script contents within a cygwin/mingw
+# incorporate the script contents within a cygwin/mingw/windows
 # wrapper executable.  Must ONLY be called from within
 # func_mode_link because it depends on a number of variables
 # set therein.
@@ -5206,7 +5610,7 @@ func_extract_archives ()
 # ARG is the value that the WRAPPER_SCRIPT_BELONGS_IN_OBJDIR
 # variable will take.  If 'yes', then the emitted script
 # will assume that the directory where it is stored is
-# the $objdir directory.  This is a cygwin/mingw-specific
+# the $objdir directory.  This is a cygwin/mingw/windows-specific
 # behavior.
 func_emit_wrapper ()
 {
@@ -5258,7 +5662,8 @@ else
   if test \"\$libtool_execute_magic\" != \"$magic\"; then
     file=\"\$0\""
 
-    qECHO=`$ECHO "$ECHO" | $SED "$sed_quote_subst"`
+    func_quote_arg pretty "$ECHO"
+    qECHO=$func_quote_arg_result
     $ECHO "\
 
 # A function that is used when there is no print builtin or printf.
@@ -5268,7 +5673,7 @@ func_fallback_echo ()
 \$1
 _LTECHO_EOF'
 }
-    ECHO=\"$qECHO\"
+    ECHO=$qECHO
   fi
 
 # Very basic option parsing. These options are (a) specific to
@@ -5330,7 +5735,7 @@ func_exec_program_core ()
 "
   case $host in
   # Backslashes separate directories on plain windows
-  *-*-mingw | *-*-os2* | *-cegcc*)
+  *-*-mingw* | *-*-windows* | *-*-os2* | *-cegcc*)
     $ECHO "\
       if test -n \"\$lt_option_debug\"; then
         \$ECHO \"$outputname:$output:\$LINENO: newargv[0]: \$progdir\\\\\$program\" 1>&2
@@ -5398,7 +5803,7 @@ func_exec_program ()
     file=\`ls -ld \"\$thisdir/\$file\" | $SED -n 's/.*-> //p'\`
   done
 
-  # Usually 'no', except on cygwin/mingw when embedded into
+  # Usually 'no', except on cygwin/mingw/windows when embedded into
   # the cwrapper.
   WRAPPER_SCRIPT_BELONGS_IN_OBJDIR=$func_emit_wrapper_arg1
   if test \"\$WRAPPER_SCRIPT_BELONGS_IN_OBJDIR\" = \"yes\"; then
@@ -5530,7 +5935,7 @@ EOF
 #endif
 #include <stdio.h>
 #include <stdlib.h>
-#ifdef _MSC_VER
+#if defined _WIN32 && !defined __GNUC__
 # include <direct.h>
 # include <process.h>
 # include <io.h>
@@ -5555,7 +5960,7 @@ EOF
 /* declarations of non-ANSI functions */
 #if defined __MINGW32__
 # ifdef __STRICT_ANSI__
-int _putenv (const char *);
+_CRTIMP int __cdecl _putenv (const char *);
 # endif
 #elif defined __CYGWIN__
 # ifdef __STRICT_ANSI__
@@ -5753,7 +6158,7 @@ main (int argc, char *argv[])
 	{
 EOF
 	    case $host in
-	      *mingw* | *cygwin* )
+	      *mingw* | *windows* | *cygwin* )
 		# make stdout use "unix" line endings
 		echo "          setmode(1,_O_BINARY);"
 		;;
@@ -5772,7 +6177,7 @@ EOF
         {
           /* however, if there is an option in the LTWRAPPER_OPTION_PREFIX
              namespace, but it is not one of the ones we know about and
-             have already dealt with, above (inluding dump-script), then
+             have already dealt with, above (including dump-script), then
              report an error. Otherwise, targets might begin to believe
              they are allowed to use options in the LTWRAPPER_OPTION_PREFIX
              namespace. The first time any user complains about this, we'll
@@ -5856,7 +6261,7 @@ EOF
 EOF
 
 	    case $host_os in
-	      mingw*)
+	      mingw* | windows*)
 	    cat <<"EOF"
   {
     char* p;
@@ -5898,7 +6303,7 @@ EOF
 EOF
 
 	    case $host_os in
-	      mingw*)
+	      mingw* | windows*)
 		cat <<"EOF"
   /* execv doesn't actually work on mingw as expected on unix */
   newargz = prepare_spawn (newargz);
@@ -6317,7 +6722,7 @@ lt_update_lib_path (const char *name, const char *value)
 
 EOF
 	    case $host_os in
-	      mingw*)
+	      mingw* | windows*)
 		cat <<"EOF"
 
 /* Prepares an argument vector before calling spawn().
@@ -6492,7 +6897,7 @@ func_mode_link ()
     $debug_cmd
 
     case $host in
-    *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*)
+    *-*-cygwin* | *-*-mingw* | *-*-windows* | *-*-pw32* | *-*-os2* | *-cegcc*)
       # It is impossible to link a dll without this setting, and
       # we shouldn't force the makefile maintainer to figure out
       # what system we are compiling for in order to pass an extra
@@ -6516,6 +6921,7 @@ func_mode_link ()
     finalize_command=$nonopt
 
     compile_rpath=
+    compile_rpath_tail=
     finalize_rpath=
     compile_shlibpath=
     finalize_shlibpath=
@@ -6556,10 +6962,12 @@ func_mode_link ()
     xrpath=
     perm_rpath=
     temp_rpath=
+    temp_rpath_tail=
     thread_safe=no
     vinfo=
     vinfo_number=no
     weak_libs=
+    rpath_arg=
     single_module=$wl-single_module
     func_infer_tag $base_compile
 
@@ -6611,9 +7019,9 @@ func_mode_link ()
     while test "$#" -gt 0; do
       arg=$1
       shift
-      func_quote_for_eval "$arg"
-      qarg=$func_quote_for_eval_unquoted_result
-      func_append libtool_args " $func_quote_for_eval_result"
+      func_quote_arg pretty,unquoted "$arg"
+      qarg=$func_quote_arg_unquoted_result
+      func_append libtool_args " $func_quote_arg_result"
 
       # If the previous option needs an argument, assign it.
       if test -n "$prev"; then
@@ -6822,7 +7230,7 @@ func_mode_link ()
 	  case $arg in
 	  [\\/]* | [A-Za-z]:[\\/]*) ;;
 	  *)
-	    func_fatal_error "only absolute run-paths are allowed"
+	    func_fatal_error "argument to -rpath is not absolute: $arg"
 	    ;;
 	  esac
 	  if test rpath = "$prev"; then
@@ -6849,6 +7257,13 @@ func_mode_link ()
 	  prev=
 	  continue
 	  ;;
+	xassembler)
+	  func_append compiler_flags " -Xassembler $qarg"
+	  prev=
+	  func_append compile_command " -Xassembler $qarg"
+	  func_append finalize_command " -Xassembler $qarg"
+	  continue
+	  ;;
 	xcclinker)
 	  func_append linker_flags " $qarg"
 	  func_append compiler_flags " $qarg"
@@ -6991,7 +7406,7 @@ func_mode_link ()
 	  ;;
 	esac
 	case $host in
-	*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*)
+	*-*-cygwin* | *-*-mingw* | *-*-windows* | *-*-pw32* | *-*-os2* | *-cegcc*)
 	  testbindir=`$ECHO "$dir" | $SED 's*/lib$*/bin*'`
 	  case :$dllsearchpath: in
 	  *":$dir:"*) ;;
@@ -7011,7 +7426,7 @@ func_mode_link ()
       -l*)
 	if test X-lc = "X$arg" || test X-lm = "X$arg"; then
 	  case $host in
-	  *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-beos* | *-cegcc* | *-*-haiku*)
+	  *-*-cygwin* | *-*-mingw* | *-*-windows* | *-*-pw32* | *-*-beos* | *-cegcc* | *-*-haiku*)
 	    # These systems don't actually have a C or math library (as such)
 	    continue
 	    ;;
@@ -7019,7 +7434,7 @@ func_mode_link ()
 	    # These systems don't actually have a C library (as such)
 	    test X-lc = "X$arg" && continue
 	    ;;
-	  *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-bitrig*)
+	  *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-midnightbsd*)
 	    # Do not include libc due to us having libc/libc_r.
 	    test X-lc = "X$arg" && continue
 	    ;;
@@ -7039,7 +7454,7 @@ func_mode_link ()
 	  esac
 	elif test X-lc_r = "X$arg"; then
 	 case $host in
-	 *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-bitrig*)
+	 *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-midnightbsd*)
 	   # Do not include libc_r directly, use -pthread flag.
 	   continue
 	   ;;
@@ -7062,16 +7477,29 @@ func_mode_link ()
       # Tru64 UNIX uses -model [arg] to determine the layout of C++
       # classes, name mangling, and exception handling.
       # Darwin uses the -arch flag to determine output architecture.
-      -model|-arch|-isysroot|--sysroot)
+      # -q <option> for IBM XL C/C++ compiler.
+      -model|-arch|-isysroot|--sysroot|-q)
 	func_append compiler_flags " $arg"
 	func_append compile_command " $arg"
 	func_append finalize_command " $arg"
 	prev=xcompiler
 	continue
 	;;
-
-      -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \
-      |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*)
+     # Solaris ld rejects as of 11.4. Refer to Oracle bug 22985199.
+     -pthread)
+	case $host in
+	  *solaris2*) ;;
+	  *)
+	    case "$new_inherited_linker_flags " in
+	        *" $arg "*) ;;
+	        * ) func_append new_inherited_linker_flags " $arg" ;;
+	    esac
+	  ;;
+	esac
+	continue
+	;;
+      -mt|-mthreads|-kthread|-Kthread|-pthreads|--thread-safe \
+      |-threads|-fopenmp|-fopenmp=*|-openmp|-mp|-xopenmp|-omp|-qsmp=*)
 	func_append compiler_flags " $arg"
 	func_append compile_command " $arg"
 	func_append finalize_command " $arg"
@@ -7094,7 +7522,7 @@ func_mode_link ()
 
       -no-install)
 	case $host in
-	*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-darwin* | *-cegcc*)
+	*-*-cygwin* | *-*-mingw* | *-*-windows* | *-*-pw32* | *-*-os2* | *-*-darwin* | *-cegcc*)
 	  # The PATH hackery in wrapper scripts is required on Windows
 	  # and Darwin in order for the loader to find any dlls it needs.
 	  func_warning "'-no-install' is ignored for $host"
@@ -7154,7 +7582,7 @@ func_mode_link ()
 	  dir=$lt_sysroot$func_stripname_result
 	  ;;
 	*)
-	  func_fatal_error "only absolute run-paths are allowed"
+	  func_fatal_error "argument ($arg) to '-R' is not an absolute path: $dir"
 	  ;;
 	esac
 	case "$xrpath " in
@@ -7211,9 +7639,9 @@ func_mode_link ()
 	save_ifs=$IFS; IFS=,
 	for flag in $args; do
 	  IFS=$save_ifs
-          func_quote_for_eval "$flag"
-	  func_append arg " $func_quote_for_eval_result"
-	  func_append compiler_flags " $func_quote_for_eval_result"
+          func_quote_arg pretty "$flag"
+	  func_append arg " $func_quote_arg_result"
+	  func_append compiler_flags " $func_quote_arg_result"
 	done
 	IFS=$save_ifs
 	func_stripname ' ' '' "$arg"
@@ -7227,16 +7655,21 @@ func_mode_link ()
 	save_ifs=$IFS; IFS=,
 	for flag in $args; do
 	  IFS=$save_ifs
-          func_quote_for_eval "$flag"
-	  func_append arg " $wl$func_quote_for_eval_result"
-	  func_append compiler_flags " $wl$func_quote_for_eval_result"
-	  func_append linker_flags " $func_quote_for_eval_result"
+          func_quote_arg pretty "$flag"
+	  func_append arg " $wl$func_quote_arg_result"
+	  func_append compiler_flags " $wl$func_quote_arg_result"
+	  func_append linker_flags " $func_quote_arg_result"
 	done
 	IFS=$save_ifs
 	func_stripname ' ' '' "$arg"
 	arg=$func_stripname_result
 	;;
 
+      -Xassembler)
+        prev=xassembler
+        continue
+        ;;
+
       -Xcompiler)
 	prev=xcompiler
 	continue
@@ -7254,8 +7687,8 @@ func_mode_link ()
 
       # -msg_* for osf cc
       -msg_*)
-	func_quote_for_eval "$arg"
-	arg=$func_quote_for_eval_result
+	func_quote_arg pretty "$arg"
+	arg=$func_quote_arg_result
 	;;
 
       # Flags to be passed through unchanged, with rationale:
@@ -7274,12 +7707,31 @@ func_mode_link ()
       # -O*, -g*, -flto*, -fwhopr*, -fuse-linker-plugin GCC link-time optimization
       # -specs=*             GCC specs files
       # -stdlib=*            select c++ std lib with clang
+      # -fdiagnostics-color* simply affects output
+      # -frecord-gcc-switches used to verify flags were respected
+      # -fsanitize=*         Clang/GCC memory and address sanitizer
+      # -fno-sanitize*       Clang/GCC memory and address sanitizer
+      # -shared-libsan       Link with shared sanitizer runtimes (Clang)
+      # -static-libsan       Link with static sanitizer runtimes (Clang)
+      # -no-canonical-prefixes Do not expand any symbolic links
+      # -fuse-ld=*           Linker select flags for GCC
+      # -static-*            direct GCC to link specific libraries statically
+      # -fcilkplus           Cilk Plus language extension features for C/C++
+      # -rtlib=*             select c runtime lib with clang
+      # --unwindlib=*        select unwinder library with clang
+      # -f{file|debug|macro|profile}-prefix-map=* needed for lto linking
+      # -Wa,*                Pass flags directly to the assembler
+      # -Werror, -Werror=*   Report (specified) warnings as errors
       -64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*| \
       -t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*|-tp=*|--sysroot=*| \
-      -O*|-g*|-flto*|-fwhopr*|-fuse-linker-plugin|-fstack-protector*|-stdlib=*| \
-      -specs=*)
-        func_quote_for_eval "$arg"
-	arg=$func_quote_for_eval_result
+      -O*|-g*|-flto*|-fwhopr*|-fuse-linker-plugin|-fstack-protector*|-no-canonical-prefixes| \
+      -stdlib=*|-rtlib=*|--unwindlib=*| \
+      -specs=*|-fsanitize=*|-fno-sanitize*|-shared-libsan|-static-libsan| \
+      -ffile-prefix-map=*|-fdebug-prefix-map=*|-fmacro-prefix-map=*|-fprofile-prefix-map=*| \
+      -fdiagnostics-color*|-frecord-gcc-switches| \
+      -fuse-ld=*|-static-*|-fcilkplus|-Wa,*|-Werror|-Werror=*)
+        func_quote_arg pretty "$arg"
+	arg=$func_quote_arg_result
         func_append compile_command " $arg"
         func_append finalize_command " $arg"
         func_append compiler_flags " $arg"
@@ -7300,15 +7752,15 @@ func_mode_link ()
 	  continue
         else
 	  # Otherwise treat like 'Some other compiler flag' below
-	  func_quote_for_eval "$arg"
-	  arg=$func_quote_for_eval_result
+	  func_quote_arg pretty "$arg"
+	  arg=$func_quote_arg_result
         fi
 	;;
 
       # Some other compiler flag.
       -* | +*)
-        func_quote_for_eval "$arg"
-	arg=$func_quote_for_eval_result
+        func_quote_arg pretty "$arg"
+	arg=$func_quote_arg_result
 	;;
 
       *.$objext)
@@ -7428,15 +7880,27 @@ func_mode_link ()
       *)
 	# Unknown arguments in both finalize_command and compile_command need
 	# to be aesthetically quoted because they are evaled later.
-	func_quote_for_eval "$arg"
-	arg=$func_quote_for_eval_result
+	func_quote_arg pretty "$arg"
+	arg=$func_quote_arg_result
 	;;
       esac # arg
 
       # Now actually substitute the argument into the commands.
       if test -n "$arg"; then
-	func_append compile_command " $arg"
-	func_append finalize_command " $arg"
+	if test -n "$rpath_arg"; then
+          func_append finalize_rpath " ${arg##*,}"
+	  unset rpath_arg
+	else
+	  case $arg in
+          -Wl,-rpath,*)
+	    func_append finalize_rpath " ${arg##*,}";;
+          -Wl,-rpath)
+	    rpath_arg=1;;
+          *)
+            func_append compile_command " $arg"
+	    func_append finalize_command " $arg"
+	  esac
+        fi
       fi
     done # argument parsing loop
 
@@ -7607,7 +8071,7 @@ func_mode_link ()
 	found=false
 	case $deplib in
 	-mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \
-        |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*)
+        |-threads|-fopenmp|-fopenmp=*|-openmp|-mp|-xopenmp|-omp|-qsmp=*)
 	  if test prog,link = "$linkmode,$pass"; then
 	    compile_deplibs="$deplib $compile_deplibs"
 	    finalize_deplibs="$deplib $finalize_deplibs"
@@ -7784,18 +8248,15 @@ func_mode_link ()
 		;;
 	      esac
 	      if $valid_a_lib; then
-		echo
-		$ECHO "*** Warning: Linking the shared library $output against the"
-		$ECHO "*** static library $deplib is not portable!"
+		func_warning "Linking the shared library $output against the static library $deplib is not portable!"
 		deplibs="$deplib $deplibs"
 	      else
-		echo
-		$ECHO "*** Warning: Trying to link with static lib archive $deplib."
-		echo "*** I have the capability to make that library automatically link in when"
-		echo "*** you link to this library.  But I can only do this if you have a"
-		echo "*** shared version of the library, which you do not appear to have"
-		echo "*** because the file extensions .$libext of this argument makes me believe"
-		echo "*** that it is just a static archive that I should not use here."
+		func_warning "Trying to link with static lib archive $deplib."
+		func_warning "I have the capability to make that library automatically link in when"
+		func_warning "you link to this library.  But I can only do this if you have a"
+		func_warning "shared version of the library, which you do not appear to have"
+		func_warning "because the file extensions .$libext of this argument makes me believe"
+		func_warning "that it is just a static archive that I should not use here."
 	      fi
 	      ;;
 	    esac
@@ -7990,7 +8451,7 @@ func_mode_link ()
 	  fi
 	  case $host in
 	    # special handling for platforms with PE-DLLs.
-	    *cygwin* | *mingw* | *cegcc* )
+	    *cygwin* | *mingw* | *windows* | *cegcc* )
 	      # Linker will automatically link against shared library if both
 	      # static and shared are present.  Therefore, ensure we extract
 	      # symbols from the import library if a shared library is present
@@ -8090,7 +8551,10 @@ func_mode_link ()
 	      # Make sure the rpath contains only unique directories.
 	      case $temp_rpath: in
 	      *"$absdir:"*) ;;
-	      *) func_append temp_rpath "$absdir:" ;;
+              *) case $absdir in
+                 "$progdir/"*) func_append temp_rpath "$absdir:" ;;
+                 *)            func_append temp_rpath_tail "$absdir:" ;;
+                 esac
 	      esac
 	    fi
 
@@ -8100,9 +8564,12 @@ func_mode_link ()
 	    case " $sys_lib_dlsearch_path " in
 	    *" $absdir "*) ;;
 	    *)
-	      case "$compile_rpath " in
+	      case "$compile_rpath$compile_rpath_tail " in
 	      *" $absdir "*) ;;
-	      *) func_append compile_rpath " $absdir" ;;
+	      *) case $absdir in
+                 "$progdir/"*) func_append compile_rpath " $absdir" ;;
+                 *) func_append compile_rpath_tail " $absdir" ;;
+		 esac
 	      esac
 	      ;;
 	    esac
@@ -8133,8 +8600,8 @@ func_mode_link ()
 	fi
 	if test -n "$library_names" &&
 	   { test no = "$use_static_libs" || test -z "$old_library"; }; then
-	  case $host in
-	  *cygwin* | *mingw* | *cegcc* | *os2*)
+	  case $host_os in
+	  cygwin* | mingw* | windows* | cegcc* | os2*)
 	      # No point in relinking DLLs because paths are not encoded
 	      func_append notinst_deplibs " $lib"
 	      need_relink=no
@@ -8160,11 +8627,11 @@ func_mode_link ()
 	  if test -z "$dlopenmodule" && test yes = "$shouldnotlink" && test link = "$pass"; then
 	    echo
 	    if test prog = "$linkmode"; then
-	      $ECHO "*** Warning: Linking the executable $output against the loadable module"
+	      func_warning "Linking the executable $output against the loadable module"
 	    else
-	      $ECHO "*** Warning: Linking the shared library $output against the loadable module"
+	      func_warning "Linking the shared library $output against the loadable module"
 	    fi
-	    $ECHO "*** $linklib is not portable!"
+	    func_warning "$linklib is not portable!"
 	  fi
 	  if test lib = "$linkmode" &&
 	     test yes = "$hardcode_into_libs"; then
@@ -8174,9 +8641,12 @@ func_mode_link ()
 	    case " $sys_lib_dlsearch_path " in
 	    *" $absdir "*) ;;
 	    *)
-	      case "$compile_rpath " in
+	      case "$compile_rpath$compile_rpath_tail " in
 	      *" $absdir "*) ;;
-	      *) func_append compile_rpath " $absdir" ;;
+	      *) case $absdir in
+                 "$progdir/"*) func_append compile_rpath " $absdir" ;;
+                 *) func_append compile_rpath_tail " $absdir" ;;
+		 esac
 	      esac
 	      ;;
 	    esac
@@ -8203,8 +8673,8 @@ func_mode_link ()
 	      soname=$dlname
 	    elif test -n "$soname_spec"; then
 	      # bleh windows
-	      case $host in
-	      *cygwin* | mingw* | *cegcc* | *os2*)
+	      case $host_os in
+	      cygwin* | mingw* | windows* | cegcc* | os2*)
 	        func_arith $current - $age
 		major=$func_arith_result
 		versuffix=-$major
@@ -8251,6 +8721,7 @@ func_mode_link ()
 		case $host in
 		  *-*-sco3.2v5.0.[024]*) add_dir=-L$dir ;;
 		  *-*-sysv4*uw2*) add_dir=-L$dir ;;
+		  *-*-emscripten*) add_dir=-L$dir ;;
 		  *-*-sysv5OpenUNIX* | *-*-sysv5UnixWare7.[01].[10]* | \
 		    *-*-unixware7*) add_dir=-L$dir ;;
 		  *-*-darwin* )
@@ -8259,11 +8730,10 @@ func_mode_link ()
 		    if /usr/bin/file -L $add 2> /dev/null |
 			 $GREP ": [^:]* bundle" >/dev/null; then
 		      if test "X$dlopenmodule" != "X$lib"; then
-			$ECHO "*** Warning: lib $linklib is a module, not a shared library"
+			func_warning "lib $linklib is a module, not a shared library"
 			if test -z "$old_library"; then
-			  echo
-			  echo "*** And there doesn't seem to be a static archive available"
-			  echo "*** The link will probably fail, sorry"
+			  func_warning "And there doesn't seem to be a static archive available"
+			  func_warning "The link will probably fail, sorry"
 			else
 			  add=$dir/$old_library
 			fi
@@ -8346,7 +8816,7 @@ func_mode_link ()
 	       test no = "$hardcode_direct_absolute"; then
 	      add=$libdir/$linklib
 	    elif test yes = "$hardcode_minus_L"; then
-	      add_dir=-L$libdir
+	      add_dir=-L$lt_sysroot$libdir
 	      add=-l$name
 	    elif test yes = "$hardcode_shlibpath_var"; then
 	      case :$finalize_shlibpath: in
@@ -8363,7 +8833,7 @@ func_mode_link ()
 	      fi
 	    else
 	      # We cannot seem to hardcode it, guess we'll fake it.
-	      add_dir=-L$libdir
+	      add_dir=-L$lt_sysroot$libdir
 	      # Try looking first in the location we're being installed to.
 	      if test -n "$inst_prefix_dir"; then
 		case $libdir in
@@ -8403,21 +8873,19 @@ func_mode_link ()
 
 	    # Just print a warning and add the library to dependency_libs so
 	    # that the program can be linked against the static library.
-	    echo
-	    $ECHO "*** Warning: This system cannot link to static lib archive $lib."
-	    echo "*** I have the capability to make that library automatically link in when"
-	    echo "*** you link to this library.  But I can only do this if you have a"
-	    echo "*** shared version of the library, which you do not appear to have."
+	    func_warning "This system cannot link to static lib archive $lib."
+	    func_warning "I have the capability to make that library automatically link in when"
+	    func_warning "you link to this library.  But I can only do this if you have a"
+	    func_warning "shared version of the library, which you do not appear to have."
 	    if test yes = "$module"; then
-	      echo "*** But as you try to build a module library, libtool will still create "
-	      echo "*** a static module, that should work as long as the dlopening application"
-	      echo "*** is linked with the -dlopen flag to resolve symbols at runtime."
+	      func_warning "But as you try to build a module library, libtool will still create "
+	      func_warning "a static module, that should work as long as the dlopening application"
+	      func_warning "is linked with the -dlopen flag to resolve symbols at runtime."
 	      if test -z "$global_symbol_pipe"; then
-		echo
-		echo "*** However, this would only work if libtool was able to extract symbol"
-		echo "*** lists from a program, using 'nm' or equivalent, but libtool could"
-		echo "*** not find such a program.  So, this module is probably useless."
-		echo "*** 'nm' from GNU binutils and a full rebuild may help."
+		func_warning "However, this would only work if libtool was able to extract symbol"
+		func_warning "lists from a program, using 'nm' or equivalent, but libtool could"
+		func_warning "not find such a program.  So, this module is probably useless."
+		func_warning "'nm' from GNU binutils and a full rebuild may help."
 	      fi
 	      if test no = "$build_old_libs"; then
 		build_libtool_libs=module
@@ -8540,6 +9008,10 @@ func_mode_link ()
 	  fi # link_all_deplibs != no
 	fi # linkmode = lib
       done # for deplib in $libs
+
+      func_append temp_rpath "$temp_rpath_tail"
+      func_append compile_rpath "$compile_rpath_tail"
+
       if test link = "$pass"; then
 	if test prog = "$linkmode"; then
 	  compile_deplibs="$new_inherited_linker_flags $compile_deplibs"
@@ -8577,42 +9049,46 @@ func_mode_link ()
 	  # Add libraries to $var in reverse order
 	  eval tmp_libs=\"\$$var\"
 	  new_libs=
+	  # FIXME: Pedantically, this is the right thing to do, so
+	  #        that some nasty dependency loop isn't accidentally
+	  #        broken: new_libs="$deplib $new_libs"
 	  for deplib in $tmp_libs; do
-	    # FIXME: Pedantically, this is the right thing to do, so
-	    #        that some nasty dependency loop isn't accidentally
-	    #        broken:
-	    #new_libs="$deplib $new_libs"
-	    # Pragmatically, this seems to cause very few problems in
-	    # practice:
-	    case $deplib in
-	    -L*) new_libs="$deplib $new_libs" ;;
-	    -R*) ;;
-	    *)
-	      # And here is the reason: when a library appears more
-	      # than once as an explicit dependence of a library, or
-	      # is implicitly linked in more than once by the
-	      # compiler, it is considered special, and multiple
-	      # occurrences thereof are not removed.  Compare this
-	      # with having the same library being listed as a
-	      # dependency of multiple other libraries: in this case,
-	      # we know (pedantically, we assume) the library does not
-	      # need to be listed more than once, so we keep only the
-	      # last copy.  This is not always right, but it is rare
-	      # enough that we require users that really mean to play
-	      # such unportable linking tricks to link the library
-	      # using -Wl,-lname, so that libtool does not consider it
-	      # for duplicate removal.
-	      case " $specialdeplibs " in
-	      *" $deplib "*) new_libs="$deplib $new_libs" ;;
+	    if $opt_preserve_dup_deps; then
+	      new_libs="$deplib $new_libs"
+	    else
+	      # Pragmatically, this seems to cause very few problems in
+	      # practice:
+	      case $deplib in
+	      -L*) new_libs="$deplib $new_libs" ;;
+	      -R*) ;;
 	      *)
-		case " $new_libs " in
-		*" $deplib "*) ;;
-		*) new_libs="$deplib $new_libs" ;;
-		esac
-		;;
+	        # And here is the reason: when a library appears more
+	        # than once as an explicit dependence of a library, or
+	        # is implicitly linked in more than once by the
+	        # compiler, it is considered special, and multiple
+	        # occurrences thereof are not removed.  Compare this
+	        # with having the same library being listed as a
+	        # dependency of multiple other libraries: in this case,
+	        # we know (pedantically, we assume) the library does not
+	        # need to be listed more than once, so we keep only the
+	        # last copy.  This is not always right, but it is rare
+	        # enough that we require users that really mean to play
+	        # such unportable linking tricks to link the library
+	        # using -Wl,-lname, so that libtool does not consider it
+	        # for duplicate removal.  And if not possible for portability
+	        # reasons, then --preserve-dup-deps should be used.
+	        case " $specialdeplibs " in
+	        *" $deplib "*) new_libs="$deplib $new_libs" ;;
+	        *)
+	          case " $new_libs " in
+	          *" $deplib "*) ;;
+	          *) new_libs="$deplib $new_libs" ;;
+	          esac
+	          ;;
+	        esac
+	        ;;
 	      esac
-	      ;;
-	    esac
+	    fi
 	  done
 	  tmp_libs=
 	  for deplib in $new_libs; do
@@ -8634,7 +9110,7 @@ func_mode_link ()
       test CXX = "$tagname" && {
         case $host_os in
         linux*)
-          case `$CC -V 2>&1 | sed 5q` in
+          case `$CC -V 2>&1 | $SED 5q` in
           *Sun\ C*) # Sun C++ 5.9
             func_suncc_cstd_abi
 
@@ -8744,9 +9220,7 @@ func_mode_link ()
 	if test pass_all != "$deplibs_check_method"; then
 	  func_fatal_error "cannot build libtool library '$output' from non-libtool objects on this host:$objs"
 	else
-	  echo
-	  $ECHO "*** Warning: Linking the shared library $output against the non-libtool"
-	  $ECHO "*** objects $objs is not portable!"
+	  func_warning "Linking the shared library $output against the non-libtool objects $objs is not portable!"
 	  func_append libobjs " $objs"
 	fi
       fi
@@ -8807,13 +9281,13 @@ func_mode_link ()
 	  #
 	  case $version_type in
 	  # correct linux to gnu/linux during the next big refactor
-	  darwin|freebsd-elf|linux|osf|windows|none)
+	  darwin|freebsd-elf|linux|midnightbsd-elf|osf|qnx|windows|none)
 	    func_arith $number_major + $number_minor
 	    current=$func_arith_result
 	    age=$number_minor
 	    revision=$number_revision
 	    ;;
-	  freebsd-aout|qnx|sunos)
+	  freebsd-aout|sco|sunos)
 	    current=$number_major
 	    revision=$number_minor
 	    age=0
@@ -8825,6 +9299,9 @@ func_mode_link ()
 	    revision=$number_minor
 	    lt_irix_increment=no
 	    ;;
+	  *)
+	    func_fatal_configuration "$modename: unknown library version type '$version_type'"
+	    ;;
 	  esac
 	  ;;
 	no)
@@ -8898,7 +9375,7 @@ func_mode_link ()
 	  versuffix=.$current.$revision
 	  ;;
 
-	freebsd-elf)
+	freebsd-elf | midnightbsd-elf)
 	  func_arith $current - $age
 	  major=.$func_arith_result
 	  versuffix=$major.$age.$revision
@@ -8960,8 +9437,9 @@ func_mode_link ()
 	  ;;
 
 	qnx)
-	  major=.$current
-	  versuffix=.$current
+	  func_arith $current - $age
+	  major=.$func_arith_result
+	  versuffix=$major.$age.$revision
 	  ;;
 
 	sco)
@@ -9114,7 +9592,7 @@ func_mode_link ()
       if test yes = "$build_libtool_libs"; then
 	if test -n "$rpath"; then
 	  case $host in
-	  *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-beos* | *-cegcc* | *-*-haiku*)
+	  *-*-cygwin* | *-*-mingw* | *-*-windows* | *-*-pw32* | *-*-os2* | *-*-beos* | *-cegcc* | *-*-haiku*)
 	    # these systems don't actually have a c library (as such)!
 	    ;;
 	  *-*-rhapsody* | *-*-darwin1.[012])
@@ -9124,7 +9602,7 @@ func_mode_link ()
 	  *-*-netbsd*)
 	    # Don't link with libc until the a.out ld.so is fixed.
 	    ;;
-	  *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*)
+	  *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-midnightbsd*)
 	    # Do not include libc due to us having libc/libc_r.
 	    ;;
 	  *-*-sco3.2v5* | *-*-sco5v6*)
@@ -9165,108 +9643,6 @@ func_mode_link ()
 	  # implementing what was already the behavior.
 	  newdeplibs=$deplibs
 	  ;;
-	test_compile)
-	  # This code stresses the "libraries are programs" paradigm to its
-	  # limits. Maybe even breaks it.  We compile a program, linking it
-	  # against the deplibs as a proxy for the library.  Then we can check
-	  # whether they linked in statically or dynamically with ldd.
-	  $opt_dry_run || $RM conftest.c
-	  cat > conftest.c <<EOF
-	  int main() { return 0; }
-EOF
-	  $opt_dry_run || $RM conftest
-	  if $LTCC $LTCFLAGS -o conftest conftest.c $deplibs; then
-	    ldd_output=`ldd conftest`
-	    for i in $deplibs; do
-	      case $i in
-	      -l*)
-		func_stripname -l '' "$i"
-		name=$func_stripname_result
-		if test yes = "$allow_libtool_libs_with_static_runtimes"; then
-		  case " $predeps $postdeps " in
-		  *" $i "*)
-		    func_append newdeplibs " $i"
-		    i=
-		    ;;
-		  esac
-		fi
-		if test -n "$i"; then
-		  libname=`eval "\\$ECHO \"$libname_spec\""`
-		  deplib_matches=`eval "\\$ECHO \"$library_names_spec\""`
-		  set dummy $deplib_matches; shift
-		  deplib_match=$1
-		  if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0; then
-		    func_append newdeplibs " $i"
-		  else
-		    droppeddeps=yes
-		    echo
-		    $ECHO "*** Warning: dynamic linker does not accept needed library $i."
-		    echo "*** I have the capability to make that library automatically link in when"
-		    echo "*** you link to this library.  But I can only do this if you have a"
-		    echo "*** shared version of the library, which I believe you do not have"
-		    echo "*** because a test_compile did reveal that the linker did not use it for"
-		    echo "*** its dynamic dependency list that programs get resolved with at runtime."
-		  fi
-		fi
-		;;
-	      *)
-		func_append newdeplibs " $i"
-		;;
-	      esac
-	    done
-	  else
-	    # Error occurred in the first compile.  Let's try to salvage
-	    # the situation: Compile a separate program for each library.
-	    for i in $deplibs; do
-	      case $i in
-	      -l*)
-		func_stripname -l '' "$i"
-		name=$func_stripname_result
-		$opt_dry_run || $RM conftest
-		if $LTCC $LTCFLAGS -o conftest conftest.c $i; then
-		  ldd_output=`ldd conftest`
-		  if test yes = "$allow_libtool_libs_with_static_runtimes"; then
-		    case " $predeps $postdeps " in
-		    *" $i "*)
-		      func_append newdeplibs " $i"
-		      i=
-		      ;;
-		    esac
-		  fi
-		  if test -n "$i"; then
-		    libname=`eval "\\$ECHO \"$libname_spec\""`
-		    deplib_matches=`eval "\\$ECHO \"$library_names_spec\""`
-		    set dummy $deplib_matches; shift
-		    deplib_match=$1
-		    if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0; then
-		      func_append newdeplibs " $i"
-		    else
-		      droppeddeps=yes
-		      echo
-		      $ECHO "*** Warning: dynamic linker does not accept needed library $i."
-		      echo "*** I have the capability to make that library automatically link in when"
-		      echo "*** you link to this library.  But I can only do this if you have a"
-		      echo "*** shared version of the library, which you do not appear to have"
-		      echo "*** because a test_compile did reveal that the linker did not use this one"
-		      echo "*** as a dynamic dependency that programs can get resolved with at runtime."
-		    fi
-		  fi
-		else
-		  droppeddeps=yes
-		  echo
-		  $ECHO "*** Warning!  Library $i is needed by this library but I was not able to"
-		  echo "*** make it link in!  You will probably need to install it or some"
-		  echo "*** library that it depends on before this library will be fully"
-		  echo "*** functional.  Installing it before continuing would be even better."
-		fi
-		;;
-	      *)
-		func_append newdeplibs " $i"
-		;;
-	      esac
-	    done
-	  fi
-	  ;;
 	file_magic*)
 	  set dummy $deplibs_check_method; shift
 	  file_magic_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"`
@@ -9330,17 +9706,16 @@ EOF
 	      fi
 	      if test -n "$a_deplib"; then
 		droppeddeps=yes
-		echo
-		$ECHO "*** Warning: linker path does not have real file for library $a_deplib."
-		echo "*** I have the capability to make that library automatically link in when"
-		echo "*** you link to this library.  But I can only do this if you have a"
-		echo "*** shared version of the library, which you do not appear to have"
-		echo "*** because I did check the linker path looking for a file starting"
+		func_warning "Linker path does not have real file for library $a_deplib."
+		func_warning "I have the capability to make that library automatically link in when"
+		func_warning "you link to this library.  But I can only do this if you have a"
+		func_warning "shared version of the library, which you do not appear to have"
+		func_warning "because I did check the linker path looking for a file starting"
 		if test -z "$potlib"; then
-		  $ECHO "*** with $libname but no candidates were found. (...for file magic test)"
+		  func_warning "with $libname but no candidates were found. (...for file magic test)"
 		else
-		  $ECHO "*** with $libname and none of the candidates passed a file format test"
-		  $ECHO "*** using a file magic. Last file checked: $potlib"
+		  func_warning "with $libname and none of the candidates passed a file format test"
+		  func_warning "using a file magic. Last file checked: $potlib"
 		fi
 	      fi
 	      ;;
@@ -9384,17 +9759,16 @@ EOF
 	      fi
 	      if test -n "$a_deplib"; then
 		droppeddeps=yes
-		echo
-		$ECHO "*** Warning: linker path does not have real file for library $a_deplib."
-		echo "*** I have the capability to make that library automatically link in when"
-		echo "*** you link to this library.  But I can only do this if you have a"
-		echo "*** shared version of the library, which you do not appear to have"
-		echo "*** because I did check the linker path looking for a file starting"
+		func_warning "Linker path does not have real file for library $a_deplib."
+		func_warning "I have the capability to make that library automatically link in when"
+		func_warning "you link to this library.  But I can only do this if you have a"
+		func_warning "shared version of the library, which you do not appear to have"
+		func_warning "because I did check the linker path looking for a file starting"
 		if test -z "$potlib"; then
-		  $ECHO "*** with $libname but no candidates were found. (...for regex pattern test)"
+		  func_warning "with $libname but no candidates were found. (...for regex pattern test)"
 		else
-		  $ECHO "*** with $libname and none of the candidates passed a file format test"
-		  $ECHO "*** using a regex pattern. Last file checked: $potlib"
+		  func_warning "with $libname and none of the candidates passed a file format test"
+		  func_warning "using a regex pattern. Last file checked: $potlib"
 		fi
 	      fi
 	      ;;
@@ -9418,11 +9792,11 @@ EOF
 	  *[!\	\ ]*)
 	    echo
 	    if test none = "$deplibs_check_method"; then
-	      echo "*** Warning: inter-library dependencies are not supported in this platform."
+	      func_warning "Inter-library dependencies are not supported in this platform."
 	    else
-	      echo "*** Warning: inter-library dependencies are not known to be supported."
+	      func_warning "Inter-library dependencies are not known to be supported."
 	    fi
-	    echo "*** All declared inter-library dependencies are being dropped."
+	    func_warning "All declared inter-library dependencies are being dropped."
 	    droppeddeps=yes
 	    ;;
 	  esac
@@ -9443,17 +9817,15 @@ EOF
 
 	if test yes = "$droppeddeps"; then
 	  if test yes = "$module"; then
-	    echo
-	    echo "*** Warning: libtool could not satisfy all declared inter-library"
-	    $ECHO "*** dependencies of module $libname.  Therefore, libtool will create"
-	    echo "*** a static module, that should work as long as the dlopening"
-	    echo "*** application is linked with the -dlopen flag."
+	    func_warning "libtool could not satisfy all declared inter-library"
+	    func_warning "dependencies of module $libname.  Therefore, libtool will create"
+	    func_warning "a static module, that should work as long as the dlopening"
+	    func_warning "application is linked with the -dlopen flag."
 	    if test -z "$global_symbol_pipe"; then
-	      echo
-	      echo "*** However, this would only work if libtool was able to extract symbol"
-	      echo "*** lists from a program, using 'nm' or equivalent, but libtool could"
-	      echo "*** not find such a program.  So, this module is probably useless."
-	      echo "*** 'nm' from GNU binutils and a full rebuild may help."
+	      func_warning "However, this would only work if libtool was able to extract symbol"
+	      func_warning "lists from a program, using 'nm' or equivalent, but libtool could"
+	      func_warning "not find such a program.  So, this module is probably useless."
+	      func_warning "'nm' from GNU binutils and a full rebuild may help."
 	    fi
 	    if test no = "$build_old_libs"; then
 	      oldlibs=$output_objdir/$libname.$libext
@@ -9628,7 +10000,7 @@ EOF
 
 	orig_export_symbols=
 	case $host_os in
-	cygwin* | mingw* | cegcc*)
+	cygwin* | mingw* | windows* | cegcc*)
 	  if test -n "$export_symbols" && test -z "$export_symbols_regex"; then
 	    # exporting using user supplied symfile
 	    func_dll_def_p "$export_symbols" || {
@@ -9826,20 +10198,7 @@ EOF
 	  last_robj=
 	  k=1
 
-	  if test -n "$save_libobjs" && test : != "$skipped_export" && test yes = "$with_gnu_ld"; then
-	    output=$output_objdir/$output_la.lnkscript
-	    func_verbose "creating GNU ld script: $output"
-	    echo 'INPUT (' > $output
-	    for obj in $save_libobjs
-	    do
-	      func_to_tool_file "$obj"
-	      $ECHO "$func_to_tool_file_result" >> $output
-	    done
-	    echo ')' >> $output
-	    func_append delfiles " $output"
-	    func_to_tool_file "$output"
-	    output=$func_to_tool_file_result
-	  elif test -n "$save_libobjs" && test : != "$skipped_export" && test -n "$file_list_spec"; then
+	  if test -n "$save_libobjs" && test : != "$skipped_export" && test -n "$file_list_spec"; then
 	    output=$output_objdir/$output_la.lnk
 	    func_verbose "creating linker input file list: $output"
 	    : > $output
@@ -9858,6 +10217,19 @@ EOF
 	    func_append delfiles " $output"
 	    func_to_tool_file "$output"
 	    output=$firstobj\"$file_list_spec$func_to_tool_file_result\"
+	  elif test -n "$save_libobjs" && test : != "$skipped_export" && test yes = "$with_gnu_ld"; then
+	    output=$output_objdir/$output_la.lnkscript
+	    func_verbose "creating GNU ld script: $output"
+	    echo 'INPUT (' > $output
+	    for obj in $save_libobjs
+	    do
+	      func_to_tool_file "$obj"
+	      $ECHO "$func_to_tool_file_result" >> $output
+	    done
+	    echo ')' >> $output
+	    func_append delfiles " $output"
+	    func_to_tool_file "$output"
+	    output=$func_to_tool_file_result
 	  else
 	    if test -n "$save_libobjs"; then
 	      func_verbose "creating reloadable object files..."
@@ -9935,8 +10307,8 @@ EOF
 	    for cmd in $concat_cmds; do
 	      IFS=$save_ifs
 	      $opt_quiet || {
-		  func_quote_for_expand "$cmd"
-		  eval "func_echo $func_quote_for_expand_result"
+		  func_quote_arg expand,pretty "$cmd"
+		  eval "func_echo $func_quote_arg_result"
 	      }
 	      $opt_dry_run || eval "$cmd" || {
 		lt_exit=$?
@@ -10029,8 +10401,8 @@ EOF
 	  eval cmd=\"$cmd\"
 	  IFS=$save_ifs
 	  $opt_quiet || {
-	    func_quote_for_expand "$cmd"
-	    eval "func_echo $func_quote_for_expand_result"
+	    func_quote_arg expand,pretty "$cmd"
+	    eval "func_echo $func_quote_arg_result"
 	  }
 	  $opt_dry_run || eval "$cmd" || {
 	    lt_exit=$?
@@ -10298,7 +10670,7 @@ EOF
 	  esac
 	fi
 	case $host in
-	*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*)
+	*-*-cygwin* | *-*-mingw* | *-*-windows* | *-*-pw32* | *-*-os2* | *-cegcc*)
 	  testbindir=`$ECHO "$libdir" | $SED -e 's*/lib$*/bin*'`
 	  case :$dllsearchpath: in
 	  *":$libdir:"*) ;;
@@ -10376,7 +10748,7 @@ EOF
         # Disable wrappers for cegcc and mingw32ce hosts, we are cross compiling anyway.
         wrappers_required=false
         ;;
-      *cygwin* | *mingw* )
+      *cygwin* | *mingw* | *windows* )
         test yes = "$build_libtool_libs" || wrappers_required=false
         ;;
       *)
@@ -10504,12 +10876,13 @@ EOF
 	  elif eval var_value=\$$var; test -z "$var_value"; then
 	    relink_command="$var=; export $var; $relink_command"
 	  else
-	    func_quote_for_eval "$var_value"
-	    relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command"
+	    func_quote_arg pretty "$var_value"
+	    relink_command="$var=$func_quote_arg_result; export $var; $relink_command"
 	  fi
 	done
-	relink_command="(cd `pwd`; $relink_command)"
-	relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"`
+	func_quote eval cd "`pwd`"
+	func_quote_arg pretty,unquoted "($func_quote_result; $relink_command)"
+	relink_command=$func_quote_arg_unquoted_result
       fi
 
       # Only actually do things if not in dry run mode.
@@ -10529,7 +10902,7 @@ EOF
 	  *) exeext= ;;
 	esac
 	case $host in
-	  *cygwin* | *mingw* )
+	  *cygwin* | *mingw* | windows* )
 	    func_dirname_and_basename "$output" "" "."
 	    output_name=$func_basename_result
 	    output_path=$func_dirname_result
@@ -10749,13 +11122,15 @@ EOF
 	elif eval var_value=\$$var; test -z "$var_value"; then
 	  relink_command="$var=; export $var; $relink_command"
 	else
-	  func_quote_for_eval "$var_value"
-	  relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command"
+	  func_quote_arg pretty,unquoted "$var_value"
+	  relink_command="$var=$func_quote_arg_unquoted_result; export $var; $relink_command"
 	fi
       done
       # Quote the link command for shipping.
-      relink_command="(cd `pwd`; $SHELL \"$progpath\" $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)"
-      relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"`
+      func_quote eval cd "`pwd`"
+      relink_command="($func_quote_result; $SHELL \"$progpath\" $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)"
+      func_quote_arg pretty,unquoted "$relink_command"
+      relink_command=$func_quote_arg_unquoted_result
       if test yes = "$hardcode_automatic"; then
 	relink_command=
       fi
@@ -10861,7 +11236,7 @@ EOF
 	  # tests/bindir.at for full details.
 	  tdlname=$dlname
 	  case $host,$output,$installed,$module,$dlname in
-	    *cygwin*,*lai,yes,no,*.dll | *mingw*,*lai,yes,no,*.dll | *cegcc*,*lai,yes,no,*.dll)
+	    *cygwin*,*lai,yes,no,*.dll | *mingw*,*lai,yes,no,*.dll | *windows*,*lai,yes,no,*.dll | *cegcc*,*lai,yes,no,*.dll)
 	      # If a -bindir argument was supplied, place the dll there.
 	      if test -n "$bindir"; then
 		func_relative_path "$install_libdir" "$bindir"
diff --git a/contrib/unbound/respip/respip.h b/contrib/unbound/respip/respip.h
index 6469854c53cb..83b6414737f7 100644
--- a/contrib/unbound/respip/respip.h
+++ b/contrib/unbound/respip/respip.h
@@ -276,7 +276,7 @@ void respip_inform_print(struct respip_action_info* respip_actinfo,
  * @param addrlen: length of addr.
  * @param net: netblock to lookup.
  * @param create: create node if it does not exist when 1.
- * @param ipstr: human redable ip string, for logging.
+ * @param ipstr: human readable ip string, for logging.
  * @return newly created of found node, not holding lock.
  */
 struct resp_addr*
diff --git a/contrib/unbound/services/authzone.c b/contrib/unbound/services/authzone.c
index 3c3dc9ad05d9..60ccc8698748 100644
--- a/contrib/unbound/services/authzone.c
+++ b/contrib/unbound/services/authzone.c
@@ -2413,14 +2413,12 @@ az_find_wildcard(struct auth_zone* z, struct query_info* qinfo,
 	if(!dname_subdomain_c(nm, z->name))
 		return NULL; /* out of zone */
 	while((node=az_find_wildcard_domain(z, nm, nmlen))==NULL) {
-		/* see if we can go up to find the wildcard */
 		if(nmlen == z->namelen)
 			return NULL; /* top of zone reached */
 		if(ce && nmlen == ce->namelen)
 			return NULL; /* ce reached */
-		if(dname_is_root(nm))
-			return NULL; /* cannot go up */
-		dname_remove_label(&nm, &nmlen);
+		if(!dname_remove_label_limit_len(&nm, &nmlen, z->namelen))
+			return NULL; /* can't go up */
 	}
 	return node;
 }
@@ -2442,9 +2440,8 @@ az_find_candidate_ce(struct auth_zone* z, struct query_info* qinfo,
 	n = az_find_name(z, nm, nmlen);
 	/* delete labels and go up on name */
 	while(!n) {
-		if(dname_is_root(nm))
-			return NULL; /* cannot go up */
-		dname_remove_label(&nm, &nmlen);
+		if(!dname_remove_label_limit_len(&nm, &nmlen, z->namelen))
+			return NULL; /* can't go up */
 		n = az_find_name(z, nm, nmlen);
 	}
 	return n;
@@ -2456,8 +2453,7 @@ az_domain_go_up(struct auth_zone* z, struct auth_data* n)
 {
 	uint8_t* nm = n->name;
 	size_t nmlen = n->namelen;
-	while(!dname_is_root(nm)) {
-		dname_remove_label(&nm, &nmlen);
+	while(dname_remove_label_limit_len(&nm, &nmlen, z->namelen)) {
 		if((n=az_find_name(z, nm, nmlen)) != NULL)
 			return n;
 	}
@@ -2771,26 +2767,23 @@ az_change_dnames(struct dns_msg* msg, uint8_t* oldname, uint8_t* newname,
 	}
 }
 
-/** find NSEC record covering the query */
+/** find NSEC record covering the query, with the given node in the zone */
 static struct auth_rrset*
 az_find_nsec_cover(struct auth_zone* z, struct auth_data** node)
 {
-	uint8_t* nm = (*node)->name;
-	size_t nmlen = (*node)->namelen;
+	uint8_t* nm;
+	size_t nmlen;
 	struct auth_rrset* rrset;
+	log_assert(*node); /* we already have a node when calling this */
+	nm = (*node)->name;
+	nmlen = (*node)->namelen;
 	/* find the NSEC for the smallest-or-equal node */
-	/* if node == NULL, we did not find a smaller name.  But the zone
-	 * name is the smallest name and should have an NSEC. So there is
-	 * no NSEC to return (for a properly signed zone) */
-	/* for empty nonterminals, the auth-data node should not exist,
-	 * and thus we don't need to go rbtree_previous here to find
-	 * a domain with an NSEC record */
-	/* but there could be glue, and if this is node, then it has no NSEC.
+	/* But there could be glue, and then it has no NSEC.
 	 * Go up to find nonglue (previous) NSEC-holding nodes */
 	while((rrset=az_domain_rrset(*node, LDNS_RR_TYPE_NSEC)) == NULL) {
-		if(dname_is_root(nm)) return NULL;
 		if(nmlen == z->namelen) return NULL;
-		dname_remove_label(&nm, &nmlen);
+		if(!dname_remove_label_limit_len(&nm, &nmlen, z->namelen))
+			return NULL; /* can't go up */
 		/* adjust *node for the nsec rrset to find in */
 		*node = az_find_name(z, nm, nmlen);
 	}
@@ -3018,12 +3011,9 @@ az_nsec3_find_ce(struct auth_zone* z, uint8_t** cenm, size_t* cenmlen,
 	struct auth_data* node;
 	while((node = az_nsec3_find_exact(z, *cenm, *cenmlen,
 		algo, iter, salt, saltlen)) == NULL) {
-		if(*cenmlen == z->namelen) {
-			/* next step up would take us out of the zone. fail */
-			return NULL;
-		}
+		if(!dname_remove_label_limit_len(cenm, cenmlen, z->namelen))
+			return NULL; /* can't go up */
 		*no_exact_ce = 1;
-		dname_remove_label(cenm, cenmlen);
 	}
 	return node;
 }
@@ -3340,7 +3330,8 @@ az_generate_wildcard_answer(struct auth_zone* z, struct query_info* qinfo,
 	} else if(ce) {
 		uint8_t* wildup = wildcard->name;
 		size_t wilduplen= wildcard->namelen;
-		dname_remove_label(&wildup, &wilduplen);
+		if(!dname_remove_label_limit_len(&wildup, &wilduplen, z->namelen))
+			return 0; /* can't go up */
 		if(!az_add_nsec3_proof(z, region, msg, wildup,
 			wilduplen, msg->qinfo.qname,
 			msg->qinfo.qname_len, 0, insert_ce, 1, 0))
@@ -3399,7 +3390,7 @@ az_generate_answer_with_node(struct auth_zone* z, struct query_info* qinfo,
 }
 
 /** Generate answer without an existing-node that we can use.
- * So it'll be a referral, DNAME or nxdomain */
+ * So it'll be a referral, DNAME, notype, wildcard or nxdomain */
 static int
 az_generate_answer_nonexistnode(struct auth_zone* z, struct query_info* qinfo,
 	struct regional* region, struct dns_msg* msg, struct auth_data* ce,
@@ -3565,14 +3556,17 @@ auth_error_encode(struct query_info* qinfo, struct module_env* env,
 		sldns_buffer_read_u16_at(buf, 2), edns);
 }
 
-int auth_zones_answer(struct auth_zones* az, struct module_env* env,
+int auth_zones_downstream_answer(struct auth_zones* az, struct module_env* env,
 	struct query_info* qinfo, struct edns_data* edns,
-	struct comm_reply* repinfo, struct sldns_buffer* buf, struct regional* temp)
+	struct comm_reply* repinfo, struct sldns_buffer* buf,
+	struct regional* temp)
 {
 	struct dns_msg* msg = NULL;
 	struct auth_zone* z;
 	int r;
 	int fallback = 0;
+	/* Copy the qinfo in case of cname aliasing from local-zone */
+	struct query_info zqinfo = *qinfo;
 
 	lock_rw_rdlock(&az->lock);
 	if(!az->have_downstream) {
@@ -3580,6 +3574,7 @@ int auth_zones_answer(struct auth_zones* az, struct module_env* env,
 		lock_rw_unlock(&az->lock);
 		return 0;
 	}
+
 	if(qinfo->qtype == LDNS_RR_TYPE_DS) {
 		uint8_t* delname = qinfo->qname;
 		size_t delnamelen = qinfo->qname_len;
@@ -3587,8 +3582,14 @@ int auth_zones_answer(struct auth_zones* az, struct module_env* env,
 		z = auth_zones_find_zone(az, delname, delnamelen,
 			qinfo->qclass);
 	} else {
-		z = auth_zones_find_zone(az, qinfo->qname, qinfo->qname_len,
-			qinfo->qclass);
+		if(zqinfo.local_alias && !local_alias_shallow_copy_qname(
+			zqinfo.local_alias, &zqinfo.qname,
+			&zqinfo.qname_len)) {
+			lock_rw_unlock(&az->lock);
+			return 0;
+		}
+		z = auth_zones_find_zone(az, zqinfo.qname, zqinfo.qname_len,
+			zqinfo.qclass);
 	}
 	if(!z) {
 		/* no zone above it */
@@ -3614,7 +3615,7 @@ int auth_zones_answer(struct auth_zones* az, struct module_env* env,
 	}
 
 	/* answer it from zone z */
-	r = auth_zone_generate_answer(z, qinfo, temp, &msg, &fallback);
+	r = auth_zone_generate_answer(z, &zqinfo, temp, &msg, &fallback);
 	lock_rw_unlock(&z->lock);
 	if(!r && fallback) {
 		/* fallback to regular answering (recursive) */
@@ -5023,6 +5024,7 @@ apply_axfr(struct auth_xfer* xfr, struct auth_zone* z,
 
 	xfr->have_zone = 0;
 	xfr->serial = 0;
+	xfr->soa_zone_acquired = 0;
 
 	/* insert all RRs in to the zone */
 	/* insert the SOA only once, skip the last one */
@@ -5124,6 +5126,7 @@ apply_http(struct auth_xfer* xfr, struct auth_zone* z,
 
 	xfr->have_zone = 0;
 	xfr->serial = 0;
+	xfr->soa_zone_acquired = 0;
 
 	chunk = xfr->task_transfer->chunks_first;
 	chunk_pos = 0;
@@ -5334,6 +5337,8 @@ xfr_process_chunk_list(struct auth_xfer* xfr, struct module_env* env,
 			" (or malformed RR)", xfr->task_transfer->master->host);
 		return 0;
 	}
+	z->soa_zone_acquired = *env->now;
+	xfr->soa_zone_acquired = *env->now;
 
 	/* release xfr lock while verifying zonemd because it may have
 	 * to spawn lookups in the state machines */
@@ -7003,13 +7008,23 @@ xfr_set_timeout(struct auth_xfer* xfr, struct module_env* env,
 	comm_timer_set(xfr->task_nextprobe->timer, &tv);
 }
 
+void auth_zone_pickup_initial_zone(struct auth_zone* z, struct module_env* env)
+{
+	/* Set the time, because we now have timestamp in env,
+	 * (not earlier during startup and apply_cfg), and this
+	 * notes the start time when the data was acquired. */
+	z->soa_zone_acquired = *env->now;
+}
+
 void auth_xfer_pickup_initial_zone(struct auth_xfer* x, struct module_env* env)
 {
 	/* set lease_time, because we now have timestamp in env,
 	 * (not earlier during startup and apply_cfg), and this
 	 * notes the start time when the data was acquired */
-	if(x->have_zone)
+	if(x->have_zone) {
 		x->lease_time = *env->now;
+		x->soa_zone_acquired = *env->now;
+	}
 	if(x->task_nextprobe && x->task_nextprobe->worker == NULL) {
 		xfr_set_timeout(x, env, 0, 1);
 	}
@@ -7020,7 +7035,13 @@ void
 auth_xfer_pickup_initial(struct auth_zones* az, struct module_env* env)
 {
 	struct auth_xfer* x;
+	struct auth_zone* z;
 	lock_rw_wrlock(&az->lock);
+	RBTREE_FOR(z, struct auth_zone*, &az->ztree) {
+		lock_rw_wrlock(&z->lock);
+		auth_zone_pickup_initial_zone(z, env);
+		lock_rw_unlock(&z->lock);
+	}
 	RBTREE_FOR(x, struct auth_xfer*, &az->xtree) {
 		lock_basic_lock(&x->lock);
 		auth_xfer_pickup_initial_zone(x, env);
@@ -7105,6 +7126,7 @@ auth_xfer_new(struct auth_zone* z)
 	lock_protect(&xfr->lock, &xfr->notify_serial, sizeof(xfr->notify_serial));
 	lock_protect(&xfr->lock, &xfr->zone_expired, sizeof(xfr->zone_expired));
 	lock_protect(&xfr->lock, &xfr->have_zone, sizeof(xfr->have_zone));
+	lock_protect(&xfr->lock, &xfr->soa_zone_acquired, sizeof(xfr->soa_zone_acquired));
 	lock_protect(&xfr->lock, &xfr->serial, sizeof(xfr->serial));
 	lock_protect(&xfr->lock, &xfr->retry, sizeof(xfr->retry));
 	lock_protect(&xfr->lock, &xfr->refresh, sizeof(xfr->refresh));
diff --git a/contrib/unbound/services/authzone.h b/contrib/unbound/services/authzone.h
index 722781a063a8..d38cf9d26622 100644
--- a/contrib/unbound/services/authzone.h
+++ b/contrib/unbound/services/authzone.h
@@ -118,6 +118,8 @@ struct auth_zone {
 	char* zonefile;
 	/** fallback to the internet on failure or ttl-expiry of auth zone */
 	int fallback_enabled;
+	/** the time when zone was transferred from upstream */
+	time_t soa_zone_acquired;
 	/** the zone has expired (enabled by the xfer worker), fallback
 	 * happens if that option is enabled. */
 	int zone_expired;
@@ -261,6 +263,8 @@ struct auth_xfer {
 	int zone_expired;
 	/** do we have a zone (if 0, no zone data at all) */
 	int have_zone;
+	/** the time when zone was transferred from upstream */
+	time_t soa_zone_acquired;
 
 	/** current serial (from SOA), if we have no zone, 0 */
 	uint32_t serial;
@@ -550,9 +554,10 @@ int auth_zones_lookup(struct auth_zones* az, struct query_info* qinfo,
  * @param temp: temporary storage region.
  * @return false if not answered
  */
-int auth_zones_answer(struct auth_zones* az, struct module_env* env,
+int auth_zones_downstream_answer(struct auth_zones* az, struct module_env* env,
 	struct query_info* qinfo, struct edns_data* edns,
-	struct comm_reply* repinfo, struct sldns_buffer* buf, struct regional* temp);
+	struct comm_reply* repinfo, struct sldns_buffer* buf,
+	struct regional* temp);
 
 /** 
  * Find the auth zone that is above the given qname.
@@ -800,6 +805,14 @@ void auth_xfer_pickup_initial_zone(struct auth_xfer* x,
 	struct module_env* env);
 
 /**
+ * Initial pick up of the auth zone, it sets the acquired time.
+ * @param z: the zone, write locked by caller.
+ * @param env: environment of the worker, with current time.
+ */
+void auth_zone_pickup_initial_zone(struct auth_zone* z,
+	struct module_env* env);
+
+/**
  * Delete auth xfer structure
  * @param xfr: delete this xfer and its tasks.
  */
diff --git a/contrib/unbound/services/cache/rrset.c b/contrib/unbound/services/cache/rrset.c
index a05ae5a56b78..6d5c24f8053e 100644
--- a/contrib/unbound/services/cache/rrset.c
+++ b/contrib/unbound/services/cache/rrset.c
@@ -68,6 +68,8 @@ struct rrset_cache* rrset_cache_create(struct config_file* cfg,
 	struct rrset_cache *r = (struct rrset_cache*)slabhash_create(slabs,
 		startarray, maxmem, ub_rrset_sizefunc, ub_rrset_compare,
 		ub_rrset_key_delete, rrset_data_delete, alloc);
+	if(!r)
+		return NULL;
 	slabhash_setmarkdel(&r->table, &rrset_markdel);
 	return r;
 }
diff --git a/contrib/unbound/services/listen_dnsport.c b/contrib/unbound/services/listen_dnsport.c
index 26efadc151a1..f7fcca194b40 100644
--- a/contrib/unbound/services/listen_dnsport.c
+++ b/contrib/unbound/services/listen_dnsport.c
@@ -90,10 +90,13 @@
 #ifdef HAVE_NGTCP2
 #include <ngtcp2/ngtcp2.h>
 #include <ngtcp2/ngtcp2_crypto.h>
-#ifdef HAVE_NGTCP2_NGTCP2_CRYPTO_QUICTLS_H
+#ifdef HAVE_NGTCP2_NGTCP2_CRYPTO_OSSL_H
+#include <ngtcp2/ngtcp2_crypto_ossl.h>
+#elif defined(HAVE_NGTCP2_NGTCP2_CRYPTO_QUICTLS_H)
 #include <ngtcp2/ngtcp2_crypto_quictls.h>
-#else
+#elif defined(HAVE_NGTCP2_NGTCP2_CRYPTO_OPENSSL_H)
 #include <ngtcp2/ngtcp2_crypto_openssl.h>
+#define MAKE_QUIC_METHOD 1
 #endif
 #endif
 
@@ -447,7 +450,7 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr,
 		 * /proc/sys/net/core/wmem_max or sysctl net.core.wmem_max */
 		if(setsockopt(s, SOL_SOCKET, SO_SNDBUFFORCE, (void*)&snd,
 			(socklen_t)sizeof(snd)) < 0) {
-			if(errno != EPERM) {
+			if(errno != EPERM && errno != ENOBUFS) {
 				log_err("setsockopt(..., SO_SNDBUFFORCE, "
 					"...) failed: %s", sock_strerror(errno));
 				sock_close(s);
@@ -455,15 +458,23 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr,
 				*inuse = 0;
 				return -1;
 			}
+			if(errno != EPERM) {
+				verbose(VERB_ALGO, "setsockopt(..., SO_SNDBUFFORCE, "
+					"...) was not granted: %s", sock_strerror(errno));
+			}
 #  endif /* SO_SNDBUFFORCE */
 			if(setsockopt(s, SOL_SOCKET, SO_SNDBUF, (void*)&snd,
 				(socklen_t)sizeof(snd)) < 0) {
-				log_err("setsockopt(..., SO_SNDBUF, "
-					"...) failed: %s", sock_strerror(errno));
-				sock_close(s);
-				*noproto = 0;
-				*inuse = 0;
-				return -1;
+				if(errno != ENOSYS && errno != ENOBUFS) {
+					log_err("setsockopt(..., SO_SNDBUF, "
+						"...) failed: %s", sock_strerror(errno));
+					sock_close(s);
+					*noproto = 0;
+					*inuse = 0;
+					return -1;
+				}
+				log_warn("setsockopt(..., SO_SNDBUF, "
+					"...) was not granted: %s", sock_strerror(errno));
 			}
 			/* check if we got the right thing or if system
 			 * reduced to some system max.  Warn if so */
@@ -473,7 +484,8 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr,
 					"Got %u. To fix: start with "
 					"root permissions(linux) or sysctl "
 					"bigger net.core.wmem_max(linux) or "
-					"kern.ipc.maxsockbuf(bsd) values.",
+					"kern.ipc.maxsockbuf(bsd) values. or "
+					"set so-sndbuf: 0 (use system value).",
 					(unsigned)snd, (unsigned)got);
 			}
 #  ifdef SO_SNDBUFFORCE
@@ -902,7 +914,7 @@ create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto,
 	   against IP spoofing attacks as suggested in RFC7413 */
 #ifdef __APPLE__
 	/* OS X implementation only supports qlen of 1 via this call. Actual
-	   value is configured by the net.inet.tcp.fastopen_backlog kernel parm. */
+	   value is configured by the net.inet.tcp.fastopen_backlog kernel param. */
 	qlen = 1;
 #else
 	/* 5 is recommended on linux */
@@ -1179,6 +1191,15 @@ set_recvtimestamp(int s)
 		return 0;
 	}
 	return 1;
+#elif defined(SO_TIMESTAMP) && defined(SCM_TIMESTAMP)
+	int on = 1;
+	/* FreeBSD and also Linux. */
+	if (setsockopt(s, SOL_SOCKET, SO_TIMESTAMP, (void*)&on, (socklen_t)sizeof(on)) < 0) {
+		log_err("setsockopt(..., SO_TIMESTAMP, ...) failed: %s",
+			strerror(errno));
+		return 0;
+	}
+	return 1;
 #else
 	log_err("packets timestamping is not supported on this platform");
 	(void)s;
@@ -1598,7 +1619,7 @@ listen_create(struct comm_base* base, struct listen_port* ports,
 				front->udp_buff, ports->pp2_enabled, cb,
 				cb_arg, ports->socket);
 #else
-			log_warn("This system does not support UDP ancilliary data.");
+			log_warn("This system does not support UDP ancillary data.");
 #endif
 		}
 		if(!cp) {
@@ -3099,7 +3120,7 @@ static int http2_req_header_cb(nghttp2_session* session,
 		return 0;
 	}
 	/* Content type is a SHOULD (rfc7231#section-3.1.1.5) when using POST,
-	 * and not needed when using GET. Don't enfore.
+	 * and not needed when using GET. Don't enforce.
 	 * If set only allow lowercase "application/dns-message".
 	 *
 	 * Clients SHOULD (rfc8484#section-4.1) set an accept header, but MUST
@@ -3161,7 +3182,7 @@ static int http2_req_data_chunk_recv_cb(nghttp2_session* ATTR_UNUSED(session),
 			qlen = h2_stream->content_length;
 		} else if(len <= h2_session->c->http2_stream_max_qbuffer_size) {
 			/* setting this to msg-buffer-size can result in a lot
-			 * of memory consuption. Most queries should fit in a
+			 * of memory consumption. Most queries should fit in a
 			 * single DATA frame, and most POST queries will
 			 * contain content-length which does not impose this
 			 * limit. */
@@ -3187,7 +3208,7 @@ static int http2_req_data_chunk_recv_cb(nghttp2_session* ATTR_UNUSED(session),
 
 	if(!h2_stream->qbuffer ||
 		sldns_buffer_remaining(h2_stream->qbuffer) < len) {
-		verbose(VERB_ALGO, "http2 data_chunck_recv failed. Not enough "
+		verbose(VERB_ALGO, "http2 data_chunk_recv failed. Not enough "
 			"buffer space for POST query. Can happen on multi "
 			"frame requests without content-length header");
 		h2_stream->query_too_large = 1;
@@ -3257,6 +3278,21 @@ doq_table_create(struct config_file* cfg, struct ub_randstate* rnd)
 	struct doq_table* table = calloc(1, sizeof(*table));
 	if(!table)
 		return NULL;
+#ifdef USE_NGTCP2_CRYPTO_OSSL
+	/* Initialize the ossl crypto, it is harmless to call twice,
+	 * and this is before use of doq connections. */
+	if(ngtcp2_crypto_ossl_init() != 0) {
+		log_err("ngtcp2_crypto_oss_init failed");
+		free(table);
+		return NULL;
+	}
+#elif defined(HAVE_NGTCP2_CRYPTO_QUICTLS_INIT)
+	if(ngtcp2_crypto_quictls_init() != 0) {
+		log_err("ngtcp2_crypto_quictls_init failed");
+		free(table);
+		return NULL;
+	}
+#endif
 	table->idle_timeout = ((uint64_t)cfg->tcp_idle_timeout)*
 		NGTCP2_MILLISECONDS;
 	table->sv_scidlen = 16;
@@ -3596,12 +3632,18 @@ doq_conn_delete(struct doq_conn* conn, struct doq_table* table)
 	lock_rw_wrlock(&conn->table->conid_lock);
 	doq_conn_clear_conids(conn);
 	lock_rw_unlock(&conn->table->conid_lock);
-	ngtcp2_conn_del(conn->conn);
+	/* Remove the app data from ngtcp2 before SSL_free of conn->ssl,
+	 * because the ngtcp2 conn is deleted. */
+	SSL_set_app_data(conn->ssl, NULL);
 	if(conn->stream_tree.count != 0) {
 		traverse_postorder(&conn->stream_tree, stream_tree_del, table);
 	}
 	free(conn->key.dcid);
 	SSL_free(conn->ssl);
+#ifdef USE_NGTCP2_CRYPTO_OSSL
+	ngtcp2_crypto_ossl_ctx_del(conn->ossl_ctx);
+#endif
+	ngtcp2_conn_del(conn->conn);
 	free(conn->close_pkt);
 	free(conn);
 }
@@ -4459,7 +4501,7 @@ doq_log_printf_cb(void* ATTR_UNUSED(user_data), const char* fmt, ...)
 	va_end(ap);
 }
 
-#ifndef HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_SERVER_CONTEXT
+#ifdef MAKE_QUIC_METHOD
 /** the doq application tx key callback, false on failure */
 static int
 doq_application_tx_key_cb(struct doq_conn* conn)
@@ -4493,7 +4535,9 @@ doq_set_encryption_secrets(SSL *ssl, OSSL_ENCRYPTION_LEVEL ossl_level,
 	ngtcp2_crypto_level
 #endif
 		level =
-#ifdef HAVE_NGTCP2_CRYPTO_QUICTLS_FROM_OSSL_ENCRYPTION_LEVEL
+#ifdef USE_NGTCP2_CRYPTO_OSSL
+		ngtcp2_crypto_ossl_from_ossl_encryption_level(ossl_level);
+#elif defined(HAVE_NGTCP2_CRYPTO_QUICTLS_FROM_OSSL_ENCRYPTION_LEVEL)
 		ngtcp2_crypto_quictls_from_ossl_encryption_level(ossl_level);
 #else
 		ngtcp2_crypto_openssl_from_ossl_encryption_level(ossl_level);
@@ -4539,7 +4583,9 @@ doq_add_handshake_data(SSL *ssl, OSSL_ENCRYPTION_LEVEL ossl_level,
 	ngtcp2_crypto_level
 #endif
 		level =
-#ifdef HAVE_NGTCP2_CRYPTO_QUICTLS_FROM_OSSL_ENCRYPTION_LEVEL
+#ifdef USE_NGTCP2_CRYPTO_OSSL
+		ngtcp2_crypto_ossl_from_ossl_encryption_level(ossl_level);
+#elif defined(HAVE_NGTCP2_CRYPTO_QUICTLS_FROM_OSSL_ENCRYPTION_LEVEL)
 		ngtcp2_crypto_quictls_from_ossl_encryption_level(ossl_level);
 #else
 		ngtcp2_crypto_openssl_from_ossl_encryption_level(ossl_level);
@@ -4574,7 +4620,7 @@ doq_send_alert(SSL *ssl, enum ssl_encryption_level_t ATTR_UNUSED(level),
 	doq_conn->tls_alert = alert;
 	return 1;
 }
-#endif /* HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_SERVER_CONTEXT */
+#endif /* MAKE_QUIC_METHOD */
 
 /** ALPN select callback for the doq SSL context */
 static int
@@ -4596,7 +4642,7 @@ void* quic_sslctx_create(char* key, char* pem, char* verifypem)
 {
 #ifdef HAVE_NGTCP2
 	char* sid_ctx = "unbound server";
-#ifndef HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_SERVER_CONTEXT
+#ifdef MAKE_QUIC_METHOD
 	SSL_QUIC_METHOD* quic_method;
 #endif
 	SSL_CTX* ctx = SSL_CTX_new(TLS_server_method());
@@ -4669,7 +4715,7 @@ void* quic_sslctx_create(char* key, char* pem, char* verifypem)
 		SSL_CTX_free(ctx);
 		return NULL;
 	}
-#else /* HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_SERVER_CONTEXT */
+#elif defined(MAKE_QUIC_METHOD)
 	/* The quic_method needs to remain valid during the SSL_CTX
 	 * lifetime, so we allocate it. It is freed with the
 	 * doq_server_socket. */
@@ -4704,12 +4750,29 @@ static ngtcp2_conn* doq_conn_ref_get_conn(ngtcp2_crypto_conn_ref* conn_ref)
 static SSL*
 doq_ssl_server_setup(SSL_CTX* ctx, struct doq_conn* conn)
 {
+#ifdef USE_NGTCP2_CRYPTO_OSSL
+	int ret;
+#endif
 	SSL* ssl = SSL_new(ctx);
 	if(!ssl) {
 		log_crypto_err("doq: SSL_new failed");
 		return NULL;
 	}
-#ifdef HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_SERVER_CONTEXT
+#ifdef USE_NGTCP2_CRYPTO_OSSL
+	if((ret=ngtcp2_crypto_ossl_ctx_new(&conn->ossl_ctx, NULL)) != 0) {
+		log_err("doq: ngtcp2_crypto_ossl_ctx_new failed: %s",
+			ngtcp2_strerror(ret));
+		SSL_free(ssl);
+		return NULL;
+	}
+	ngtcp2_crypto_ossl_ctx_set_ssl(conn->ossl_ctx, ssl);
+	if(ngtcp2_crypto_ossl_configure_server_session(ssl) != 0) {
+		log_err("doq: ngtcp2_crypto_ossl_configure_server_session failed");
+		SSL_free(ssl);
+		return NULL;
+	}
+#endif
+#if defined(USE_NGTCP2_CRYPTO_OSSL) || defined(HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_SERVER_CONTEXT)
 	conn->conn_ref.get_conn = &doq_conn_ref_get_conn;
 	conn->conn_ref.user_data = conn;
 	SSL_set_app_data(ssl, &conn->conn_ref);
@@ -4717,7 +4780,11 @@ doq_ssl_server_setup(SSL_CTX* ctx, struct doq_conn* conn)
 	SSL_set_app_data(ssl, conn);
 #endif
 	SSL_set_accept_state(ssl);
+#ifdef USE_NGTCP2_CRYPTO_OSSL
+	SSL_set_quic_tls_early_data_enabled(ssl, 1);
+#else
 	SSL_set_quic_early_data_enabled(ssl, 1);
+#endif
 	return ssl;
 }
 
@@ -4838,7 +4905,11 @@ doq_conn_setup(struct doq_conn* conn, uint8_t* scid, size_t scidlen,
 		log_err("doq_ssl_server_setup failed");
 		return 0;
 	}
+#ifdef USE_NGTCP2_CRYPTO_OSSL
+	ngtcp2_conn_set_tls_native_handle(conn->conn, conn->ossl_ctx);
+#else
 	ngtcp2_conn_set_tls_native_handle(conn->conn, conn->ssl);
+#endif
 	doq_conn_write_enable(conn);
 	return 1;
 }
diff --git a/contrib/unbound/services/listen_dnsport.h b/contrib/unbound/services/listen_dnsport.h
index f6275f805fba..963595a1ccc5 100644
--- a/contrib/unbound/services/listen_dnsport.h
+++ b/contrib/unbound/services/listen_dnsport.h
@@ -52,6 +52,9 @@
 #ifdef HAVE_NGTCP2
 #include <ngtcp2/ngtcp2.h>
 #include <ngtcp2/ngtcp2_crypto.h>
+#ifdef USE_NGTCP2_CRYPTO_OSSL
+struct ngtcp2_crypto_ossl_ctx;
+#endif
 #endif
 struct listen_list;
 struct config_file;
@@ -606,10 +609,14 @@ struct doq_conn {
 	uint8_t tls_alert;
 	/** the ssl context, SSL* */
 	void* ssl;
-#ifdef HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_SERVER_CONTEXT
+#if defined(USE_NGTCP2_CRYPTO_OSSL) || defined(HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_SERVER_CONTEXT)
 	/** the connection reference for ngtcp2_conn and userdata in ssl */
 	struct ngtcp2_crypto_conn_ref conn_ref;
 #endif
+#ifdef USE_NGTCP2_CRYPTO_OSSL
+	/** the per-connection state for ngtcp2_crypto_ossl */
+	struct ngtcp2_crypto_ossl_ctx* ossl_ctx;
+#endif
 	/** closure packet, if any */
 	uint8_t* close_pkt;
 	/** length of closure packet. */
diff --git a/contrib/unbound/services/mesh.c b/contrib/unbound/services/mesh.c
index 8a52fe4a6466..3212a6abf4c6 100644
--- a/contrib/unbound/services/mesh.c
+++ b/contrib/unbound/services/mesh.c
@@ -2265,6 +2265,7 @@ mesh_stats_clear(struct mesh_area* mesh)
 	timehist_clear(mesh->histogram);
 	mesh->ans_secure = 0;
 	mesh->ans_bogus = 0;
+	mesh->val_ops = 0;
 	mesh->ans_expired = 0;
 	mesh->ans_cachedb = 0;
 	memset(&mesh->ans_rcode[0], 0, sizeof(size_t)*UB_STATS_RCODE_NUM);
diff --git a/contrib/unbound/services/mesh.h b/contrib/unbound/services/mesh.h
index fd17c05da6d4..f19f423a8cd3 100644
--- a/contrib/unbound/services/mesh.h
+++ b/contrib/unbound/services/mesh.h
@@ -131,6 +131,8 @@ struct mesh_area {
 	size_t ans_secure;
 	/** (extended stats) bogus replies */
 	size_t ans_bogus;
+	/** (extended stats) number of validation operations */
+	size_t val_ops;
 	/** (extended stats) rcodes in replies */
 	size_t ans_rcode[UB_STATS_RCODE_NUM];
 	/** (extended stats) rcode nodata in replies */
diff --git a/contrib/unbound/services/modstack.c b/contrib/unbound/services/modstack.c
index fa68cc71d2ff..2bc79c4adfd7 100644
--- a/contrib/unbound/services/modstack.c
+++ b/contrib/unbound/services/modstack.c
@@ -138,8 +138,8 @@ modstack_config(struct module_stack* stack, const char* module_conf)
 			if(strchr(s, ' ')) *(strchr(s, ' ')) = 0;
 			if(strchr(s, '\t')) *(strchr(s, '\t')) = 0;
 			log_err("Unknown value in module-config, module: '%s'."
-				" This module is not present (not compiled in),"
-				" See the list of linked modules with unbound -V", s);
+				" This module is not present (not compiled in);"
+				" see the list of linked modules with unbound -V", s);
 			return 0;
 		}
 	}
diff --git a/contrib/unbound/services/modstack.h b/contrib/unbound/services/modstack.h
index 5674aefdd018..03a4c82c40cd 100644
--- a/contrib/unbound/services/modstack.h
+++ b/contrib/unbound/services/modstack.h
@@ -67,7 +67,7 @@ void modstack_init(struct module_stack* stack);
 void modstack_free(struct module_stack* stack);
 
 /**
- * Initialises modules and assignes ids. Calls module_startup().
+ * Initialises modules and assigns ids. Calls module_startup().
  * @param stack: Expected empty, filled according to module_conf
  * @param module_conf: string what modules to initialize
  * @param env: module environment which is inited by the modules.
diff --git a/contrib/unbound/services/outside_network.c b/contrib/unbound/services/outside_network.c
index 0d7ec890573b..2b7f7d0a2f21 100644
--- a/contrib/unbound/services/outside_network.c
+++ b/contrib/unbound/services/outside_network.c
@@ -2827,7 +2827,7 @@ serviced_perturb_qname(struct ub_randstate* rnd, uint8_t* qbuf, size_t len)
 					random = ub_random(rnd);
 					bits = 30;
 				}
-				if(random & 0x1) {
+				if((random & 0x1)) {
 					*d = (uint8_t)toupper((unsigned char)*d);
 				} else {
 					*d = (uint8_t)tolower((unsigned char)*d);
@@ -2890,9 +2890,9 @@ serviced_encode(struct serviced_query* sq, sldns_buffer* buff, int with_edns)
 		edns.opt_list_inplace_cb_out = NULL;
 		edns.udp_size = serviced_query_udp_size(sq, sq->status);
 		edns.bits = 0;
-		if(sq->dnssec & EDNS_DO)
+		if((sq->dnssec & EDNS_DO))
 			edns.bits = EDNS_DO;
-		if(sq->dnssec & BIT_CD)
+		if((sq->dnssec & BIT_CD))
 			LDNS_CD_SET(sldns_buffer_begin(buff));
 		if (sq->ssl_upstream && sq->padding_block_size) {
 			padding_option.opt_code = LDNS_EDNS_PADDING;
diff --git a/contrib/unbound/services/rpz.c b/contrib/unbound/services/rpz.c
index df39e75b0596..f45cf65420d7 100644
--- a/contrib/unbound/services/rpz.c
+++ b/contrib/unbound/services/rpz.c
@@ -2121,8 +2121,17 @@ rpz_synthesize_nsdname_localdata(struct rpz* r, struct module_qstate* ms,
 	rpz_log_dname("nsdname local data", key.name, key.namelen);
 
 	ld = (struct local_data*)rbtree_search(&z->data, &key.node);
+	if(ld == NULL && dname_is_wild(z->name)) {
+		key.name = z->name;
+		key.namelen = z->namelen;
+		key.namelabs = z->namelabs;
+		ld = (struct local_data*)rbtree_search(&z->data, &key.node);
+		/* rpz_synthesize_localdata_from_rrset is going to make
+		 * the rrset source name equal to the query name. So no need
+		 * to make the wildcard rrset here. */
+	}
 	if(ld == NULL) {
-		verbose(VERB_ALGO, "rpz: nsdname: impossible: qname not found");
+		verbose(VERB_ALGO, "rpz: nsdname: qname not found");
 		return NULL;
 	}
 
@@ -2148,6 +2157,15 @@ rpz_synthesize_qname_localdata_msg(struct rpz* r, struct module_qstate* ms,
 	key.namelen = qinfo->qname_len;
 	key.namelabs = dname_count_labels(qinfo->qname);
 	ld = (struct local_data*)rbtree_search(&z->data, &key.node);
+	if(ld == NULL && dname_is_wild(z->name)) {
+		key.name = z->name;
+		key.namelen = z->namelen;
+		key.namelabs = z->namelabs;
+		ld = (struct local_data*)rbtree_search(&z->data, &key.node);
+		/* rpz_synthesize_localdata_from_rrset is going to make
+		 * the rrset source name equal to the query name. So no need
+		 * to make the wildcard rrset here. */
+	}
 	if(ld == NULL) {
 		verbose(VERB_ALGO, "rpz: qname: name not found");
 		return NULL;
diff --git a/contrib/unbound/sldns/keyraw.c b/contrib/unbound/sldns/keyraw.c
index 90a6e85337c2..42a9262a30da 100644
--- a/contrib/unbound/sldns/keyraw.c
+++ b/contrib/unbound/sldns/keyraw.c
@@ -124,7 +124,7 @@ uint16_t sldns_calc_keytag_raw(uint8_t* key, size_t keysize)
 		size_t i;
 		uint32_t ac32 = 0;
 		for (i = 0; i < keysize; ++i) {
-			ac32 += (i & 1) ? key[i] : key[i] << 8;
+			ac32 += ((i & 1)) ? key[i] : key[i] << 8;
 		}
 		ac32 += (ac32 >> 16) & 0xFFFF;
 		return (uint16_t) (ac32 & 0xFFFF);
@@ -272,7 +272,7 @@ sldns_key_buf2dsa_raw(unsigned char* key, size_t len)
 		return NULL;
 	}
 	if (!DSA_set0_key(dsa, Y, NULL)) {
-		/* QPG attached, cleaned up by DSA_fre() */
+		/* QPG attached, cleaned up by DSA_free() */
 		DSA_free(dsa);
 		BN_free(Y);
 		return NULL;
diff --git a/contrib/unbound/sldns/str2wire.c b/contrib/unbound/sldns/str2wire.c
index becd6d3855c9..392fc8f1d32a 100644
--- a/contrib/unbound/sldns/str2wire.c
+++ b/contrib/unbound/sldns/str2wire.c
@@ -857,7 +857,7 @@ rrinternal_parse_rdata(sldns_buffer* strbuf, char* token, size_t token_len,
 		while (rdata_len && *rdata != 0) {
 			uint8_t label_len;
 
-			if (*rdata & 0xC0)
+			if ((*rdata & 0xC0))
 				return LDNS_WIREPARSE_ERR_OK;
 
 			label_len = *rdata + 1;
diff --git a/contrib/unbound/sldns/wire2str.h b/contrib/unbound/sldns/wire2str.h
index 772268b249c9..36c58b8b064d 100644
--- a/contrib/unbound/sldns/wire2str.h
+++ b/contrib/unbound/sldns/wire2str.h
@@ -262,7 +262,7 @@ int sldns_wire2str_rdata_unknown_scan(uint8_t** data, size_t* data_len,
  * @param pkt: packet for decompression, if NULL no decompression.
  * @param pktlen: length of packet buffer.
  * @param comprloop: inout bool, that is set true if compression loop failure
- * 	happens.  Pass in 0, if passsed in as true, a lower bound is set
+ * 	happens.  Pass in 0, if passed in as true, a lower bound is set
  * 	on compression loops to stop arbitrary long packet parse times.
  * 	This is meant so you can set it to 0 at the start of a list of dnames,
  * 	and then scan all of them in sequence, if a loop happens, it becomes
diff --git a/contrib/unbound/smallapp/unbound-anchor.c b/contrib/unbound/smallapp/unbound-anchor.c
index 708731a09dd8..55d363da70bb 100644
--- a/contrib/unbound/smallapp/unbound-anchor.c
+++ b/contrib/unbound/smallapp/unbound-anchor.c
@@ -382,7 +382,7 @@ read_cert_file(const char* file)
 	STACK_OF(X509)* sk;
 	FILE* in;
 	int content = 0;
-	char buf[128];
+	long flen;
 	if(file == NULL || strcmp(file, "") == 0) {
 		return NULL;
 	}
@@ -399,6 +399,11 @@ read_cert_file(const char* file)
 #endif
 		return NULL;
 	}
+	if(fseek(in, 0, SEEK_END) < 0)
+		printf("%s fseek: %s\n", file, strerror(errno));
+	flen = ftell(in);
+	if(fseek(in, 0, SEEK_SET) < 0)
+		printf("%s fseek: %s\n", file, strerror(errno));
 	while(!feof(in)) {
 		X509* x = PEM_read_X509(in, NULL, NULL, NULL);
 		if(x == NULL) {
@@ -414,8 +419,9 @@ read_cert_file(const char* file)
 			exit(0);
 		}
 		content = 1;
-		/* read away newline after --END CERT-- */
-		if(!fgets(buf, (int)sizeof(buf), in))
+		/* feof may not be true yet, but if the position is
+		 * at end of file, stop reading more certificates. */
+		if(ftell(in) == flen)
 			break;
 	}
 	fclose(in);
diff --git a/contrib/unbound/smallapp/unbound-checkconf.c b/contrib/unbound/smallapp/unbound-checkconf.c
index 8fd821396025..b3c57fd2a52c 100644
--- a/contrib/unbound/smallapp/unbound-checkconf.c
+++ b/contrib/unbound/smallapp/unbound-checkconf.c
@@ -294,7 +294,8 @@ view_and_respipchecks(struct config_file* cfg)
 {
 	struct views* views = NULL;
 	struct respip_set* respip = NULL;
-	int ignored = 0;
+	int have_view_respip_cfg = 0;
+	int use_response_ip = 0;
 	if(!(views = views_create()))
 		fatal_exit("Could not create views: out of memory");
 	if(!(respip = respip_set_create()))
@@ -303,8 +304,11 @@ view_and_respipchecks(struct config_file* cfg)
 		fatal_exit("Could not set up views");
 	if(!respip_global_apply_cfg(respip, cfg))
 		fatal_exit("Could not setup respip set");
-	if(!respip_views_apply_cfg(views, cfg, &ignored))
+	if(!respip_views_apply_cfg(views, cfg, &have_view_respip_cfg))
 		fatal_exit("Could not setup per-view respip sets");
+	use_response_ip = !respip_set_is_empty(respip) || have_view_respip_cfg;
+	if(use_response_ip && !strstr(cfg->module_conf, "respip"))
+		fatal_exit("response-ip options require respip module");
 	acl_view_tag_checks(cfg, views);
 	views_delete(views);
 	respip_set_delete(respip);
@@ -450,6 +454,39 @@ ifautomaticportschecks(char* ifautomaticports)
 	}
 }
 
+/** check control interface strings */
+static void
+controlinterfacechecks(struct config_file* cfg)
+{
+	struct config_strlist* p;
+	for(p = cfg->control_ifs.first; p; p = p->next) {
+		struct sockaddr_storage a;
+		socklen_t alen;
+		char** rcif = NULL;
+		int i, num_rcif = 0;
+		/* See if it is a local socket, starts with a '/'. */
+		if(p->str && p->str[0] == '/')
+			continue;
+		if(!resolve_interface_names(&p->str, 1, NULL, &rcif,
+			&num_rcif)) {
+			fatal_exit("could not resolve interface names, for control-interface: %s",
+				p->str);
+		}
+		for(i=0; i<num_rcif; i++) {
+			if(!extstrtoaddr(rcif[i], &a, &alen,
+				cfg->control_port)) {
+				if(strcmp(p->str, rcif[i])!=0)
+					fatal_exit("cannot parse control-interface address '%s' from the control-interface specified as '%s'",
+						rcif[i], p->str);
+				else
+					fatal_exit("cannot parse control-interface specified as '%s'",
+						p->str);
+			}
+		}
+		config_del_strarray(rcif, num_rcif);
+	}
+}
+
 /** check acl ips */
 static void
 aclchecks(struct config_file* cfg)
@@ -636,8 +673,10 @@ check_modules_exist(const char* module_conf)
 				}
 				n[j] = s[j];
 			}
-			fatal_exit("module_conf lists module '%s' but that "
-				"module is not available.", n);
+			fatal_exit("Unknown value in module-config, module: "
+				"'%s'. This module is not present (not "
+				"compiled in); see the list of linked modules "
+				"with unbound -V", n);
 		}
 		s += strlen(names[i]);
 	}
@@ -926,6 +965,8 @@ morechecks(struct config_file* cfg)
 			fatal_exit("control-cert-file: \"%s\" does not exist",
 				cfg->control_cert_file);
 	}
+	if(cfg->remote_control_enable)
+		controlinterfacechecks(cfg);
 
 	donotquerylocalhostcheck(cfg);
 	localzonechecks(cfg);
@@ -966,6 +1007,8 @@ check_auth(struct config_file* cfg)
 	if(!az || !auth_zones_apply_cfg(az, cfg, 0, &is_rpz, NULL, NULL)) {
 		fatal_exit("Could not setup authority zones");
 	}
+	if(is_rpz && !strstr(cfg->module_conf, "respip"))
+		fatal_exit("RPZ requires the respip module");
 	auth_zones_delete(az);
 }
 
diff --git a/contrib/unbound/smallapp/unbound-control-setup.sh b/contrib/unbound/smallapp/unbound-control-setup.sh
index 3709a8c3118b..872133ccc536 100755..100644
--- a/contrib/unbound/smallapp/unbound-control-setup.sh
+++ b/contrib/unbound/smallapp/unbound-control-setup.sh
@@ -5,22 +5,22 @@
 # Copyright (c) 2008, NLnet Labs. All rights reserved.
 #
 # This software is open source.
-# 
+#
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions
 # are met:
-# 
+#
 # Redistributions of source code must retain the above copyright notice,
 # this list of conditions and the following disclaimer.
-# 
+#
 # Redistributions in binary form must reproduce the above copyright notice,
 # this list of conditions and the following disclaimer in the documentation
 # and/or other materials provided with the distribution.
-# 
+#
 # Neither the name of the NLNET LABS nor the names of its contributors may
 # be used to endorse or promote products derived from this software without
 # specific prior written permission.
-# 
+#
 # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
@@ -57,87 +57,162 @@ SVR_BASE=unbound_server
 # base name for unbound-control keys
 CTL_BASE=unbound_control
 
+# flag to recreate generated certificates
+RECREATE=0
+
 # we want -rw-r----- access (say you run this as root: grp=yes (server), all=no).
 umask 0027
 
 # end of options
 
-# functions:
-error ( ) {
-	echo "$0 fatal error: $1"
-	exit 1
+set -eu
+
+cleanup() {
+    echo "removing artifacts"
+
+    rm -rf \
+       server.cnf \
+       client.cnf \
+       "${SVR_BASE}_trust.pem" \
+       "${CTL_BASE}_trust.pem" \
+       "${SVR_BASE}_trust.srl"
 }
 
-# check arguments:
-while test $# -ne 0; do
-	case $1 in
-	-d)
-	if test $# -eq 1; then error "need argument for -d"; fi
-	DESTDIR="$2"
-	shift
-	;;
-	*)
-	echo "unbound-control-setup.sh - setup SSL keys for unbound-control"
-	echo "	-d dir	use directory to store keys and certificates."
-	echo "		default: $DESTDIR"
-	echo "please run this command using the same user id that the "
-	echo "unbound daemon uses, it needs read privileges."
-	exit 1
-	;;
-	esac
-	shift
+fatal() {
+    printf "fatal error: $*\n" >/dev/stderr
+    exit 1
+}
+
+usage() {
+    cat <<EOF
+usage: $0 OPTIONS
+OPTIONS
+-d <dir>  used directory to store keys and certificates (default: $DESTDIR)
+-h        show help notice
+-r        recreate certificates
+EOF
+}
+
+OPTIND=1
+while getopts 'd:hr' arg; do
+    case "$arg" in
+      d) DESTDIR="$OPTARG" ;;
+      h) usage; exit 1 ;;
+      r) RECREATE=1 ;;
+      ?) fatal "'$arg' unknown option" ;;
+    esac
 done
+shift $((OPTIND - 1))
+
+if ! openssl version </dev/null >/dev/null 2>&1; then
+    echo "$0 requires openssl to be installed for keys/certificates generation." >&2
+    exit 1
+fi
 
-# go!:
 echo "setup in directory $DESTDIR"
-cd "$DESTDIR" || error "could not cd to $DESTDIR"
-
-# create certificate keys; do not recreate if they already exist.
-if test -f $SVR_BASE.key; then
-	echo "$SVR_BASE.key exists"
-else
-	echo "generating $SVR_BASE.key"
-	openssl genrsa -out $SVR_BASE.key $BITS || error "could not genrsa"
+cd "$DESTDIR"
+
+trap cleanup INT
+
+# ===
+# Generate server certificate
+# ===
+
+# generate private key; do no recreate it if they already exist.
+if [ ! -f "$SVR_BASE.key" ]; then
+    openssl genrsa -out "$SVR_BASE.key" "$BITS"
+fi
+
+cat >server.cnf <<EOF
+[req]
+default_bits=$BITS
+default_md=$HASH
+prompt=no
+distinguished_name=req_distinguished_name
+x509_extensions=v3_ca
+[req_distinguished_name]
+commonName=$SERVERNAME
+[v3_ca]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints=critical,CA:TRUE,pathlen:0
+subjectAltName=DNS:$SERVERNAME
+EOF
+
+[ -f server.cnf ] || fatal "cannot create openssl configuration"
+
+if [ ! -f "$SVR_BASE.pem" -o $RECREATE -eq 1 ]; then
+    openssl req \
+            -new -x509 \
+            -key "$SVR_BASE.key" \
+            -config server.cnf  \
+            -days "$DAYS" \
+            -out "$SVR_BASE.pem"
+
+    [ ! -f "SVR_BASE.pem" ] || fatal "cannot create server certificate"
 fi
-if test -f $CTL_BASE.key; then
-	echo "$CTL_BASE.key exists"
-else
-	echo "generating $CTL_BASE.key"
-	openssl genrsa -out $CTL_BASE.key $BITS || error "could not genrsa"
+
+# ===
+# Generate client certificate
+# ===
+
+# generate private key; do no recreate it if they already exist.
+if [ ! -f "$CTL_BASE.key" ]; then
+    openssl genrsa -out "$CTL_BASE.key" "$BITS"
 fi
 
-# create self-signed cert for server
-echo "[req]" > request.cfg
-echo "default_bits=$BITS" >> request.cfg
-echo "default_md=$HASH" >> request.cfg
-echo "prompt=no" >> request.cfg
-echo "distinguished_name=req_distinguished_name" >> request.cfg
-echo "" >> request.cfg
-echo "[req_distinguished_name]" >> request.cfg
-echo "commonName=$SERVERNAME" >> request.cfg
+cat >client.cnf <<EOF
+[req]
+default_bits=$BITS
+default_md=$HASH
+prompt=no
+distinguished_name=req_distinguished_name
+req_extensions=v3_req
+[req_distinguished_name]
+commonName=$CLIENTNAME
+[v3_req]
+basicConstraints=critical,CA:FALSE
+subjectAltName=DNS:$CLIENTNAME
+EOF
+
+[ -f client.cnf ] || fatal "cannot create openssl configuration"
+
+if [ ! -f "$CTL_BASE.pem" -o $RECREATE -eq 1 ]; then
+    openssl x509 \
+        -addtrust serverAuth \
+        -in "$SVR_BASE.pem" \
+        -out "${SVR_BASE}_trust.pem"
+
+    openssl req \
+            -new \
+            -config client.cnf \
+            -key "$CTL_BASE.key" \
+        | openssl x509 \
+                  -req \
+                  -days "$DAYS" \
+                  -CA "${SVR_BASE}_trust.pem" \
+                  -CAkey "$SVR_BASE.key" \
+                  -CAcreateserial \
+                  -$HASH \
+                  -extfile client.cnf \
+                  -extensions v3_req \
+                  -out "$CTL_BASE.pem"
+
+    [ ! -f "CTL_BASE.pem" ] || fatal "cannot create signed client certificate"
+fi
 
-test -f request.cfg || error "could not create request.cfg"
+# remove unused permissions
+chmod o-rw \
+      "$SVR_BASE.pem" \
+      "$SVR_BASE.key"
+chmod g+r,o-rw \
+      "$CTL_BASE.pem" \
+      "$CTL_BASE.key"
+
+cleanup
+
+echo "Setup success. Certificates created. Enable in unbound.conf file to use"
 
-echo "create $SVR_BASE.pem (self signed certificate)"
-openssl req -key $SVR_BASE.key -config request.cfg  -new -x509 -days $DAYS -out $SVR_BASE.pem || error "could not create $SVR_BASE.pem"
-# create trusted usage pem
-openssl x509 -in $SVR_BASE.pem -addtrust serverAuth -out $SVR_BASE"_trust.pem"
-
-# create client request and sign it, piped
-echo "[req]" > request.cfg
-echo "default_bits=$BITS" >> request.cfg
-echo "default_md=$HASH" >> request.cfg
-echo "prompt=no" >> request.cfg
-echo "distinguished_name=req_distinguished_name" >> request.cfg
-echo "" >> request.cfg
-echo "[req_distinguished_name]" >> request.cfg
-echo "commonName=$CLIENTNAME" >> request.cfg
-
-test -f request.cfg || error "could not create request.cfg"
-
-echo "create $CTL_BASE.pem (signed client certificate)"
-openssl req -key $CTL_BASE.key -config request.cfg -new | openssl x509 -req -days $DAYS -CA $SVR_BASE"_trust.pem" -CAkey $SVR_BASE.key -CAcreateserial -$HASH -out $CTL_BASE.pem
-test -f $CTL_BASE.pem || error "could not create $CTL_BASE.pem"
 # create trusted usage pem
 # openssl x509 -in $CTL_BASE.pem -addtrust clientAuth -out $CTL_BASE"_trust.pem"
 
@@ -148,13 +223,3 @@ test -f $CTL_BASE.pem || error "could not create $CTL_BASE.pem"
 # echo "empty password is used, simply click OK on the password dialog box."
 # openssl pkcs12 -export -in $CTL_BASE"_trust.pem" -inkey $CTL_BASE.key -name "unbound remote control client cert" -out $CTL_BASE"_browser.pfx" -password "pass:" || error "could not create browser certificate"
 
-# set desired permissions
-chmod 0640 $SVR_BASE.pem $SVR_BASE.key $CTL_BASE.pem $CTL_BASE.key
-
-# remove crap
-rm -f request.cfg
-rm -f $CTL_BASE"_trust.pem" $SVR_BASE"_trust.pem" $SVR_BASE"_trust.srl"
-
-echo "Setup success. Certificates created. Enable in unbound.conf file to use"
-
-exit 0
diff --git a/contrib/unbound/smallapp/unbound-control.c b/contrib/unbound/smallapp/unbound-control.c
index cf5abe7eb29d..b7e9d98a27b9 100644
--- a/contrib/unbound/smallapp/unbound-control.c
+++ b/contrib/unbound/smallapp/unbound-control.c
@@ -143,6 +143,8 @@ usage(void)
 	printf("  load_cache			load cache from stdin\n");
 	printf("				(not supported in remote unbounds in\n");
 	printf("				multi-process operation)\n");
+	printf("  cache_lookup [+t] <names>	print rrsets and msgs at or under the names\n");
+	printf("		+t		allow tld and root names.\n");
 	printf("  lookup <name>			print nameservers for name\n");
 	printf("  flush [+c] <name>			flushes common types for name from cache\n");
 	printf("  				types:  A, AAAA, MX, PTR, NS,\n");
@@ -409,6 +411,7 @@ static void print_extended(struct ub_stats_info* s, int inhibit_zero)
 	PR_UL("num.answer.secure", s->svr.ans_secure);
 	PR_UL("num.answer.bogus", s->svr.ans_bogus);
 	PR_UL("num.rrset.bogus", s->svr.rrset_bogus);
+	PR_UL("num.valops", s->svr.val_ops);
 	PR_UL("num.query.aggressive.NOERROR", s->svr.num_neg_cache_noerror);
 	PR_UL("num.query.aggressive.NXDOMAIN", s->svr.num_neg_cache_nxdomain);
 	/* threat detection */
diff --git a/contrib/unbound/testcode/doqclient.c b/contrib/unbound/testcode/doqclient.c
index e6f63a761f35..238a9380306d 100644
--- a/contrib/unbound/testcode/doqclient.c
+++ b/contrib/unbound/testcode/doqclient.c
@@ -48,10 +48,13 @@
 #ifdef HAVE_NGTCP2
 #include <ngtcp2/ngtcp2.h>
 #include <ngtcp2/ngtcp2_crypto.h>
-#ifdef HAVE_NGTCP2_NGTCP2_CRYPTO_QUICTLS_H
+#ifdef HAVE_NGTCP2_NGTCP2_CRYPTO_OSSL_H
+#include <ngtcp2/ngtcp2_crypto_ossl.h>
+#elif defined(HAVE_NGTCP2_NGTCP2_CRYPTO_QUICTLS_H)
 #include <ngtcp2/ngtcp2_crypto_quictls.h>
-#else
+#elif defined(HAVE_NGTCP2_NGTCP2_CRYPTO_OPENSSL_H)
 #include <ngtcp2/ngtcp2_crypto_openssl.h>
+#define MAKE_QUIC_METHOD 1
 #endif
 #include <openssl/ssl.h>
 #include <openssl/rand.h>
@@ -107,10 +110,14 @@ struct doq_client_data {
 	SSL_CTX* ctx;
 	/** SSL object */
 	SSL* ssl;
-#ifdef HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_CLIENT_CONTEXT
+#if defined(USE_NGTCP2_CRYPTO_OSSL) || defined(HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_CLIENT_CONTEXT)
 	/** the connection reference for ngtcp2_conn and userdata in ssl */
 	struct ngtcp2_crypto_conn_ref conn_ref;
 #endif
+#ifdef USE_NGTCP2_CRYPTO_OSSL
+	/** the per-connection state for ngtcp2_crypto_ossl */
+	struct ngtcp2_crypto_ossl_ctx* ossl_ctx;
+#endif
 	/** the quic version to use */
 	uint32_t quic_version;
 	/** the last error */
@@ -197,11 +204,12 @@ struct doq_client_stream {
 	int query_is_done;
 };
 
-#ifndef HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_CLIENT_CONTEXT
+#ifdef MAKE_QUIC_METHOD
 /** the quic method struct, must remain valid during the QUIC connection. */
 static SSL_QUIC_METHOD quic_method;
 #endif
 
+#if defined(USE_NGTCP2_CRYPTO_OSSL) || defined(HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_CLIENT_CONTEXT)
 /** Get the connection ngtcp2_conn from the ssl app data
  * ngtcp2_crypto_conn_ref */
 static ngtcp2_conn* conn_ref_get_conn(ngtcp2_crypto_conn_ref* conn_ref)
@@ -210,11 +218,12 @@ static ngtcp2_conn* conn_ref_get_conn(ngtcp2_crypto_conn_ref* conn_ref)
 		conn_ref->user_data;
 	return data->conn;
 }
+#endif
 
 static void
 set_app_data(SSL* ssl, struct doq_client_data* data)
 {
-#ifdef HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_CLIENT_CONTEXT
+#if defined(USE_NGTCP2_CRYPTO_OSSL) || defined(HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_CLIENT_CONTEXT)
 	data->conn_ref.get_conn = &conn_ref_get_conn;
 	data->conn_ref.user_data = data;
 	SSL_set_app_data(ssl, &data->conn_ref);
@@ -227,7 +236,7 @@ static struct doq_client_data*
 get_app_data(SSL* ssl)
 {
 	struct doq_client_data* data;
-#ifdef HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_CLIENT_CONTEXT
+#if defined(USE_NGTCP2_CRYPTO_OSSL) || defined(HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_CLIENT_CONTEXT)
 	data = (struct doq_client_data*)((struct ngtcp2_crypto_conn_ref*)
 		SSL_get_app_data(ssl))->user_data;
 #else
@@ -893,7 +902,7 @@ handshake_completed(ngtcp2_conn* ATTR_UNUSED(conn), void* user_data)
 			verbose(1, "early data was accepted by the server");
 		}
 	}
-#ifdef HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_CLIENT_CONTEXT
+#if defined(USE_NGTCP2_CRYPTO_OSSL) || defined(HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_CLIENT_CONTEXT)
 	if(data->transport_file) {
 		early_data_write_transport(data);
 	}
@@ -1207,7 +1216,7 @@ early_data_write_transport(struct doq_client_data* data)
 #endif
 }
 
-#ifndef HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_CLIENT_CONTEXT
+#ifdef MAKE_QUIC_METHOD
 /** applicatation rx key callback, this is where the rx key is set,
  * and streams can be opened, like http3 unidirectional streams, like
  * the http3 control and http3 qpack encode and decoder streams. */
@@ -1317,7 +1326,7 @@ send_alert(SSL *ssl, enum ssl_encryption_level_t ATTR_UNUSED(level),
 	data->tls_alert = alert;
 	return 1;
 }
-#endif /* HAVE_NGTCP2_CRYPTO_QUICTLS_CONFIGURE_CLIENT_CONTEXT */
+#endif /* MAKE_QUIC_METHOD */
 
 /** new session callback. We can write it to file for resumption later. */
 static int
@@ -1357,7 +1366,7 @@ ctx_client_setup(void)
 		log_err("ngtcp2_crypto_quictls_configure_client_context failed");
 		exit(1);
 	}
-#else
+#elif defined(MAKE_QUIC_METHOD)
 	memset(&quic_method, 0, sizeof(quic_method));
 	quic_method.set_encryption_secrets = &set_encryption_secrets;
 	quic_method.add_handshake_data = &add_handshake_data;
@@ -1373,22 +1382,39 @@ ctx_client_setup(void)
 static SSL*
 ssl_client_setup(struct doq_client_data* data)
 {
+#ifdef USE_NGTCP2_CRYPTO_OSSL
+	int ret;
+#endif
 	SSL* ssl = SSL_new(data->ctx);
 	if(!ssl) {
 		log_crypto_err("Could not SSL_new");
 		exit(1);
 	}
+#ifdef USE_NGTCP2_CRYPTO_OSSL
+	if((ret=ngtcp2_crypto_ossl_ctx_new(&data->ossl_ctx, NULL)) != 0) {
+		log_err("ngtcp2_crypto_ossl_ctx_new failed: %s",
+			ngtcp2_strerror(ret));
+		exit(1);
+	}
+	ngtcp2_crypto_ossl_ctx_set_ssl(data->ossl_ctx, ssl);
+	if(ngtcp2_crypto_ossl_configure_client_session(ssl) != 0) {
+		log_err("ngtcp2_crypto_ossl_configure_client_session failed");
+		exit(1);
+	}
+#endif
 	set_app_data(ssl, data);
 	SSL_set_connect_state(ssl);
 	if(!SSL_set_fd(ssl, data->fd)) {
 		log_crypto_err("Could not SSL_set_fd");
 		exit(1);
 	}
+#ifndef USE_NGTCP2_CRYPTO_OSSL
 	if((data->quic_version & 0xff000000) == 0xff000000) {
 		SSL_set_quic_use_legacy_codepoint(ssl, 1);
 	} else {
 		SSL_set_quic_use_legacy_codepoint(ssl, 0);
 	}
+#endif
 	SSL_set_alpn_protos(ssl, (const unsigned char *)"\x03""doq", 4);
 	/* send the SNI host name */
 	SSL_set_tlsext_host_name(ssl, "localhost");
@@ -2072,7 +2098,11 @@ early_data_setup_session(struct doq_client_data* data)
 		SSL_SESSION_free(session);
 		return 0;
 	}
+#ifdef USE_NGTCP2_CRYPTO_OSSL
+	SSL_set_quic_tls_early_data_enabled(data->ssl, 1);
+#else
 	SSL_set_quic_early_data_enabled(data->ssl, 1);
+#endif
 	SSL_SESSION_free(session);
 	return 1;
 }
@@ -2221,6 +2251,15 @@ create_doq_client_data(const char* svr, int port, struct ub_event_base* base,
 	data = calloc(1, sizeof(*data));
 	if(!data) fatal_exit("calloc failed: out of memory");
 	data->base = base;
+#ifdef USE_NGTCP2_CRYPTO_OSSL
+	/* Initialize the ossl crypto, it is harmless to call twice,
+	 * and this is before use of doq connections. */
+	if(ngtcp2_crypto_ossl_init() != 0)
+		fatal_exit("ngtcp2_crypto_oss_init failed");
+#elif defined(HAVE_NGTCP2_CRYPTO_QUICTLS_INIT)
+	if(ngtcp2_crypto_quictls_init() != 0)
+		fatal_exit("ngtcp2_crypto_quictls_init failed");
+#endif
 	data->rnd = ub_initstate(NULL);
 	if(!data->rnd) fatal_exit("ub_initstate failed: out of memory");
 	data->svr = svr;
@@ -2255,7 +2294,11 @@ create_doq_client_data(const char* svr, int port, struct ub_event_base* base,
 		SSL_CTX_sess_set_new_cb(data->ctx, new_session_cb);
 	}
 	data->ssl = ssl_client_setup(data);
+#ifdef USE_NGTCP2_CRYPTO_OSSL
+	ngtcp2_conn_set_tls_native_handle(data->conn, data->ossl_ctx);
+#else
 	ngtcp2_conn_set_tls_native_handle(data->conn, data->ssl);
+#endif
 	if(data->early_data_enabled)
 		early_data_setup(data);
 
@@ -2301,8 +2344,14 @@ delete_doq_client_data(struct doq_client_data* data)
 		}
 	}
 #endif
-	ngtcp2_conn_del(data->conn);
+	/* Remove the app data from ngtcp2 before SSL_free of conn->ssl,
+	 * because the ngtcp2 conn is deleted. */
+	SSL_set_app_data(data->ssl, NULL);
 	SSL_free(data->ssl);
+#ifdef USE_NGTCP2_CRYPTO_OSSL
+	ngtcp2_crypto_ossl_ctx_del(data->ossl_ctx);
+#endif
+	ngtcp2_conn_del(data->conn);
 	sldns_buffer_free(data->pkt_buf);
 	sldns_buffer_free(data->blocked_pkt);
 	if(data->fd != -1)
diff --git a/contrib/unbound/testcode/fake_event.c b/contrib/unbound/testcode/fake_event.c
index f7f3210790eb..ce439edd1294 100644
--- a/contrib/unbound/testcode/fake_event.c
+++ b/contrib/unbound/testcode/fake_event.c
@@ -188,6 +188,22 @@ delete_replay_answer(struct replay_answer* a)
 	free(a);
 }
 
+/** Log the packet for a reply_packet from testpkts. */
+static void
+log_testpkt_reply_pkt(const char* txt, struct reply_packet* reppkt)
+{
+	if(!reppkt) {
+		log_info("%s <null>", txt);
+		return;
+	}
+	if(reppkt->reply_from_hex) {
+		log_pkt(txt, sldns_buffer_begin(reppkt->reply_from_hex),
+			sldns_buffer_limit(reppkt->reply_from_hex));
+		return;
+	}
+	log_pkt(txt, reppkt->reply_pkt, reppkt->reply_len);
+}
+
 /**
  * return: true if pending query matches the now event.
  */
@@ -240,9 +256,8 @@ pending_find_match(struct replay_runtime* runtime, struct entry** entry,
 				p->start_step, p->end_step, (*entry)->lineno);
 			if(p->addrlen != 0)
 				log_addr(0, "matched ip", &p->addr, p->addrlen);
-			log_pkt("matched pkt: ",
-				(*entry)->reply_list->reply_pkt,
-				(*entry)->reply_list->reply_len);
+			log_testpkt_reply_pkt("matched pkt: ",
+				(*entry)->reply_list);
 			return 1;
 		}
 		p = p->next_range;
@@ -330,7 +345,7 @@ fill_buffer_with_reply(sldns_buffer* buffer, struct entry* entry, uint8_t* q,
 		while(reppkt && i--)
 			reppkt = reppkt->next;
 		if(!reppkt) fatal_exit("extra packet read from TCP stream but none is available");
-		log_pkt("extra_packet ", reppkt->reply_pkt, reppkt->reply_len);
+		log_testpkt_reply_pkt("extra packet ", reppkt);
 	}
 	if(reppkt->reply_from_hex) {
 		c = sldns_buffer_begin(reppkt->reply_from_hex);
@@ -462,8 +477,7 @@ fake_front_query(struct replay_runtime* runtime, struct replay_moment *todo)
 		repinfo.c->type = comm_udp;
 	fill_buffer_with_reply(repinfo.c->buffer, todo->match, NULL, 0, 0);
 	log_info("testbound: incoming QUERY");
-	log_pkt("query pkt", todo->match->reply_list->reply_pkt,
-		todo->match->reply_list->reply_len);
+	log_testpkt_reply_pkt("query pkt ", todo->match->reply_list);
 	/* call the callback for incoming queries */
 	if((*runtime->callback_query)(repinfo.c, runtime->cb_arg,
 		NETEVENT_NOERROR, &repinfo)) {
@@ -900,8 +914,10 @@ run_scenario(struct replay_runtime* runtime)
 			runtime->now->evt_type == repevt_front_reply) {
 			answer_check_it(runtime);
 			advance_moment(runtime);
-		} else if(pending_matches_range(runtime, &entry, &pending)) {
-			answer_callback_from_entry(runtime, entry, pending);
+		} else if(runtime->now && pending_matches_range(runtime,
+			&entry, &pending)) {
+			if(entry)
+				answer_callback_from_entry(runtime, entry, pending);
 		} else {
 			do_moment_and_advance(runtime);
 		}
@@ -1254,7 +1270,7 @@ struct serviced_query* outnet_serviced_query(struct outside_network* outnet,
 	struct query_info* qinfo, uint16_t flags, int dnssec,
 	int ATTR_UNUSED(want_dnssec), int ATTR_UNUSED(nocaps),
 	int ATTR_UNUSED(check_ratelimit),
-	int ATTR_UNUSED(tcp_upstream), int ATTR_UNUSED(ssl_upstream),
+	int tcp_upstream, int ATTR_UNUSED(ssl_upstream),
 	char* ATTR_UNUSED(tls_auth_name), struct sockaddr_storage* addr,
 	socklen_t addrlen, uint8_t* zone, size_t zonelen,
 	struct module_qstate* qstate, comm_point_callback_type* callback,
@@ -1274,7 +1290,7 @@ struct serviced_query* outnet_serviced_query(struct outside_network* outnet,
 		(flags&~(BIT_RD|BIT_CD))?" MORE":"", (dnssec)?" DO":"");
 
 	/* create packet with EDNS */
-	pend->buffer = sldns_buffer_new(512);
+	pend->buffer = sldns_buffer_new(4096);
 	log_assert(pend->buffer);
 	sldns_buffer_write_u16(pend->buffer, 0); /* id */
 	sldns_buffer_write_u16(pend->buffer, flags);
@@ -1334,7 +1350,13 @@ struct serviced_query* outnet_serviced_query(struct outside_network* outnet,
 		edns.opt_list_in = NULL;
 		edns.opt_list_out = per_upstream_opt_list;
 		edns.opt_list_inplace_cb_out = NULL;
-		attach_edns_record(pend->buffer, &edns);
+		if(sldns_buffer_capacity(pend->buffer) >=
+			sldns_buffer_limit(pend->buffer)
+			+calc_edns_field_size(&edns)) {
+			attach_edns_record(pend->buffer, &edns);
+		} else {
+			verbose(VERB_ALGO, "edns field too large to fit");
+		}
 	}
 	memcpy(&pend->addr, addr, addrlen);
 	pend->addrlen = addrlen;
@@ -1345,7 +1367,7 @@ struct serviced_query* outnet_serviced_query(struct outside_network* outnet,
 	pend->callback = callback;
 	pend->cb_arg = callback_arg;
 	pend->timeout = UDP_AUTH_QUERY_TIMEOUT/1000;
-	pend->transport = transport_udp; /* pretend UDP */
+	pend->transport = tcp_upstream?transport_tcp:transport_udp;
 	pend->pkt = NULL;
 	pend->runtime = runtime;
 	pend->serviced = 1;
diff --git a/contrib/unbound/testcode/testbound.c b/contrib/unbound/testcode/testbound.c
index 6da4ceaf2ebf..063037df4e80 100644
--- a/contrib/unbound/testcode/testbound.c
+++ b/contrib/unbound/testcode/testbound.c
@@ -293,6 +293,16 @@ setup_config(FILE* in, int* lineno, int* pass_argc, char* pass_argv[])
 			fclose(cfg);
 			return;
 		}
+		if(strncmp(parse, "fake-sha1: yes", 14) == 0) {
+			/* Allow the use of SHA1 signatures for the test,
+			 * in case that OpenSSL disallows use of RSASHA1
+			 * with rh-allow-sha1-signatures disabled. */
+#ifndef UB_ON_WINDOWS
+			setenv("OPENSSL_ENABLE_SHA1_SIGNATURES", "1", 0);
+#else
+			_putenv("OPENSSL_ENABLE_SHA1_SIGNATURES=1");
+#endif
+		}
 		fputs(line, cfg);
 	}
 	fatal_exit("No CONFIG_END in input file");
@@ -333,6 +343,35 @@ static void remove_configfile(void)
 	cfgfiles = NULL;
 }
 
+/** perform the playback on the playback_file with the args. */
+static int
+perform_playback(char* playback_file, int pass_argc, char** pass_argv)
+{
+	struct replay_scenario* scen = NULL;
+	int c, res;
+
+	/* setup test environment */
+	scen = setup_playback(playback_file, &pass_argc, pass_argv);
+	/* init fake event backend */
+	fake_event_init(scen);
+
+	pass_argv[pass_argc] = NULL;
+	echo_cmdline(pass_argc, pass_argv);
+
+	/* run the normal daemon */
+	res = daemon_main(pass_argc, pass_argv);
+
+	fake_event_cleanup();
+	for(c=1; c<pass_argc; c++)
+		free(pass_argv[c]);
+	return res;
+}
+
+/* For fuzzing the main routine is replaced with
+ * LLVMFuzzerTestOneInput. */
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+#define main dummy_main
+#endif
 /**
  * Main fake event test program. Setup, teardown and report errors.
  * @param argc: arg count.
@@ -348,7 +387,6 @@ main(int argc, char* argv[])
 	char* playback_file = NULL;
 	int init_optind = optind;
 	char* init_optarg = optarg;
-	struct replay_scenario* scen = NULL;
 
 	/* we do not want the test to depend on the timezone */
 	(void)putenv("TZ=UTC");
@@ -456,24 +494,11 @@ main(int argc, char* argv[])
 	if(atexit(&remove_configfile) != 0)
 		fatal_exit("atexit() failed: %s", strerror(errno));
 
-	/* setup test environment */
-	scen = setup_playback(playback_file, &pass_argc, pass_argv);
-	/* init fake event backend */
-	fake_event_init(scen);
-
-	pass_argv[pass_argc] = NULL;
-	echo_cmdline(pass_argc, pass_argv);
-
 	/* reset getopt processing */
 	optind = init_optind;
 	optarg = init_optarg;
 
-	/* run the normal daemon */
-	res = daemon_main(pass_argc, pass_argv);
-
-	fake_event_cleanup();
-	for(c=1; c<pass_argc; c++)
-		free(pass_argv[c]);
+	res = perform_playback(playback_file, pass_argc, pass_argv);
 	if(res == 0) {
 		log_info("Testbound Exit Success\n");
 		/* remove configfile from here, the atexit() is for when
@@ -493,6 +518,101 @@ main(int argc, char* argv[])
 	return res;
 }
 
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+static int delete_file(const char *pathname) {
+  int ret = unlink(pathname);
+  free((void *)pathname);
+  return ret;
+}
+
+static char *buf_to_file(const uint8_t *buf, size_t size) {
+  int fd;
+  size_t pos;
+  char *pathname = strdup("/tmp/fuzz-XXXXXX");
+  if (pathname == NULL)
+    return NULL;
+
+  fd = mkstemp(pathname);
+  if (fd == -1) {
+    log_err("mkstemp of file %s failed: %s", pathname, strerror(errno));
+    free(pathname);
+    return NULL;
+  }
+  pos = 0;
+  while (pos < size) {
+    int nbytes = write(fd, &buf[pos], size - pos);
+    if (nbytes <= 0) {
+      if (nbytes == -1 && errno == EINTR)
+             continue;
+      log_err("write to file %s failed: %s", pathname, strerror(errno));
+      goto err;
+    }
+    pos += nbytes;
+  }
+
+  if (close(fd) == -1) {
+    log_err("close of file %s failed: %s", pathname, strerror(errno));
+    goto err;
+  }
+
+  return pathname;
+err:
+  delete_file(pathname);
+  return NULL;
+}
+
+/* based on main() above, but with: hard-coded passed args, file created from fuzz input */
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
+{
+       int c, res;
+       int pass_argc = 0;
+       char* pass_argv[MAXARG];
+       char* playback_file = NULL;
+
+       /* we do not want the test to depend on the timezone */
+       (void)putenv("TZ=UTC");
+       memset(pass_argv, 0, sizeof(pass_argv));
+#ifdef HAVE_SYSTEMD
+       /* we do not want the test to use systemd daemon startup notification*/
+       (void)unsetenv("NOTIFY_SOCKET");
+#endif /* HAVE_SYSTEMD */
+
+       checklock_start();
+       log_init(NULL, 0, NULL);
+       /* determine commandline options for the daemon */
+       pass_argc = 1;
+       pass_argv[0] = "unbound";
+       add_opts("-d", &pass_argc, pass_argv);
+
+       playback_file = buf_to_file(Data, Size);
+       if (playback_file) {
+               log_info("Start of %s testbound program.", PACKAGE_STRING);
+
+               res = perform_playback(playback_file, pass_argc, pass_argv);
+               if(res == 0) {
+                       log_info("Testbound Exit Success\n");
+                       /* remove configfile from here, the atexit() is for when
+                        * there is a crash to remove the tmpdir file.
+                        * This one removes the file while alloc and log locks are
+                        * still valid, and can be logged (for memory calculation),
+                        * it leaves the ptr NULL so the atexit does nothing. */
+                       remove_configfile();
+#ifdef HAVE_PTHREAD
+                       /* dlopen frees its thread state (dlopen of gost engine) */
+                       pthread_exit(NULL);
+#endif
+               }
+
+               delete_file(playback_file);
+       }
+
+       if(log_get_lock()) {
+               lock_basic_destroy((lock_basic_type*)log_get_lock());
+       }
+       return res;
+}
+#endif /* FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */
+
 /* fake remote control */
 struct listen_port* daemon_remote_open_ports(struct config_file* 
 	ATTR_UNUSED(cfg))
diff --git a/contrib/unbound/testcode/unitdname.c b/contrib/unbound/testcode/unitdname.c
index 08a2dbad774d..95c6e1fda705 100644
--- a/contrib/unbound/testcode/unitdname.c
+++ b/contrib/unbound/testcode/unitdname.c
@@ -45,6 +45,7 @@
 #include "util/data/dname.h"
 #include "sldns/sbuffer.h"
 #include "sldns/str2wire.h"
+#include "sldns/wire2str.h"
 
 /** put dname into buffer */
 static sldns_buffer*
@@ -476,6 +477,23 @@ dname_test_removelabel(void)
 	unit_assert( l == 1 );
 }
 
+/** test dname_remove_label_limit_len */
+static void
+dname_test_removelabellimitlen(void)
+{
+	uint8_t* orig = (uint8_t*)"\007example\003com\000";
+	uint8_t* n = orig;
+	size_t l = 13;
+	size_t lenlimit = 5; /* com.*/
+	unit_show_func("util/data/dname.c", "dname_remove_label_limit_len");
+	unit_assert(dname_remove_label_limit_len(&n, &l, lenlimit) == 1);
+	unit_assert( n == orig+8 );
+	unit_assert( l == 5 );
+	unit_assert(dname_remove_label_limit_len(&n, &l, lenlimit) == 0);
+	unit_assert( n == orig+8 );
+	unit_assert( l == 5 );
+}
+
 /** test dname_signame_label_count */
 static void
 dname_test_sigcount(void)
@@ -859,6 +877,262 @@ dname_setup_bufs(sldns_buffer* loopbuf, sldns_buffer* boundbuf)
 	sldns_buffer_flip(boundbuf);
 }
 
+/* Test strings for the test_long_names test. */
+/* Each label begins with the length of the label including the length octet. */
+
+char desc_1[] = "Domain is 1 octet too long.";
+
+uint8_t wire_dom_1[] = { /* Bad: Domain: (8x)0031abcdefghijklmnopqrstuvwxyz.0007ab. */
+			    0x1e, 0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
+			    0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e,
+			    0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c,
+			    0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30,
+			    0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d,
+			    0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30,
+			    0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e,
+			    0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33,
+			    0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+			    0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31,
+			    0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70,
+			    0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31, 0x61,
+			    0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71,
+			    0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31, 0x61, 0x62,
+			    0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72,
+			    0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, /* Bad: */ 0x06, 0x30, 0x30, 0x30, 0x37, 0x61, 0x62, 0x00
+};
+
+char desc_2[] = "Domain has the maximum allowed length (255).";
+
+uint8_t wire_dom_2[] = { /* Good: Domain: (8x)0031abcdefghijklmnopqrstuvwxyz.00076a. */
+			    0x1e, 0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
+			    0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e,
+			    0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c,
+			    0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30,
+			    0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d,
+			    0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30,
+			    0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e,
+			    0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33,
+			    0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+			    0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31,
+			    0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70,
+			    0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31, 0x61,
+			    0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71,
+			    0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31, 0x61, 0x62,
+			    0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72,
+			    0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, /* Good: */ 0x05, 0x30, 0x30, 0x30, 0x36, 0x61, 0x00
+};
+
+char desc_3[] = "Domain has a length one label in the 255th position for a total of 257.";
+
+uint8_t wire_dom_3[] = { /* Bad: Domain: (8x(0031abcdefghijklmnopqrstuvwxyz.0006ab.1. */
+			    0x1e, 0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
+			    0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e,
+			    0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c,
+			    0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30,
+			    0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d,
+			    0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30,
+			    0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e,
+			    0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33,
+			    0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+			    0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31,
+			    0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70,
+			    0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31, 0x61,
+			    0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71,
+			    0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31, 0x61, 0x62,
+			    0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72,
+			    0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, /* Bad: */ 0x05, 0x30, 0x30, 0x30, 0x36, 0x61, 0x01, 0x32, 0x00
+};
+
+char desc_4[] = "Domain has the maximum allowed length (255).";
+
+uint8_t wire_dom_4[] = { /* Good: Domain: (8x)0031abcdefghijklmnopqrstuvwxyz.03.03. */
+			    0x1e, 0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
+			    0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e,
+			    0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c,
+			    0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30,
+			    0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d,
+			    0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30,
+			    0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e,
+			    0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33,
+			    0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+			    0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31,
+			    0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70,
+			    0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31, 0x61,
+			    0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71,
+			    0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31, 0x61, 0x62,
+			    0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72,
+			    0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, /* Good: */ 0x02, 0x30, 0x33, 0x02, 0x30, 0x33, 0x00
+};
+
+char desc_5[] = "Domain has a maximum length label (63) in the 255th position.";
+
+uint8_t wire_dom_5[] = { /* Bad: Domain: (8x)0031abcdefghijklmnopqrstuvwxyz.03.03.65abc...zab...zab...ghi. */
+			    0x1e, 0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
+			    0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e,
+			    0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c,
+			    0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30,
+			    0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d,
+			    0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30,
+			    0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e,
+			    0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33,
+			    0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+			    0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31,
+			    0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70,
+			    0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31, 0x61,
+			    0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71,
+			    0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31, 0x61, 0x62,
+			    0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72,
+			    0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, /* Bad: */ 0x02, 0x30, 0x33, 0x02, 0x30, 0x33, 0x3f, 0x36,
+			    0x33, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+			    0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x61, 0x62, 0x63, 0x64, 0x65,
+			    0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75,
+			    0x76, 0x77, 0x78, 0x79, 0x7a, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x00
+};
+
+char desc_6[] = "Domain has a too long label (65) in the 255th position.";
+
+uint8_t wire_dom_6[] = { /* Bad: Domain: (8x)0031abcdefghijklmnopqrstuvwxyz.03.03.66abc...zab...zab...ijk. */
+			    0x1e, 0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
+			    0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e,
+			    0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c,
+			    0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30,
+			    0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d,
+			    0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30,
+			    0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e,
+			    0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33,
+			    0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+			    0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31,
+			    0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70,
+			    0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31, 0x61,
+			    0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71,
+			    0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31, 0x61, 0x62,
+			    0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72,
+			    0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, /* Bad: */ 0x02, 0x30, 0x33, 0x02, 0x30, 0x33, 0x41, 0x36,
+			    0x36, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+			    0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x61, 0x62, 0x63, 0x64, 0x65,
+			    0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75,
+			    0x76, 0x77, 0x78, 0x79, 0x7a, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
+			    0x00
+};
+
+char desc_7[] = "Domain has a too long label (65) in the 187th position.";
+
+uint8_t wire_dom_7[] = { /* Bad: Domain: (6x)0031abcdefghijklmnopqrstuvwxyz.65abc..zab...zab...ijk. */
+			    0x1e, 0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
+			    0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e,
+			    0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c,
+			    0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30,
+			    0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d,
+			    0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30,
+			    0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e,
+			    0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33,
+			    0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+			    0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31,
+			    0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70,
+			    0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a,
+			    /* Bad: */  0x41, 0x36,
+			    0x36, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+			    0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x61, 0x62, 0x63, 0x64, 0x65,
+			    0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75,
+			    0x76, 0x77, 0x78, 0x79, 0x7a, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
+			    0x00
+};
+
+char desc_8[] = "Domains has the maximum allowed length and ends with a maximum length label.";
+
+uint8_t wire_dom_8[] = { /* Good: Domain: (6x)0031abcdefghijklmnopqrstuvwxyz.0004.0064abc..zab...zabcdefg. */
+			    0x1e, 0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
+			    0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e,
+			    0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c,
+			    0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30,
+			    0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d,
+			    0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30,
+			    0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e,
+			    0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33,
+			    0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+			    0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31,
+			    0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70,
+			    0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x03, 0x30, 0x30, 0x34 ,/* Good: */ 0x3f, 0x30,
+			    0x30, 0x36, 0x34, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d,
+			    0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x61, 0x62, 0x63,
+			    0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73,
+			    0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x00
+};
+
+char desc_9[] = "Domains has 254 octets, one less than the maximum allowed length.";
+
+uint8_t wire_dom_9[] = { /* Good: Domain: (6x)0031abcdefghijklmnopqrstuvwxyz.0004.0064abc..zab...zabcdef. */
+			    0x1e, 0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
+			    0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e,
+			    0x30, 0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c,
+			    0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30,
+			    0x30, 0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d,
+			    0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30,
+			    0x33, 0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e,
+			    0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33,
+			    0x31, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+			    0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x1e, 0x30, 0x30, 0x33, 0x31,
+			    0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70,
+			    0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x03, 0x30, 0x30, 0x34 ,/* Good: */ 0x3e, 0x30,
+			    0x30, 0x35, 0x34, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d,
+			    0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x61, 0x62, 0x63,
+			    0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73,
+			    0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x00
+};
+
+ /** Test dname to string with long domain names. */
+static void
+test_long_names(void)
+{
+	/* Set to 1 for verbose output, 0 turns it off. */
+	int verbtest = 0;
+
+	uint8_t* wire_doms[] = {wire_dom_1, wire_dom_2, wire_dom_3,
+		wire_dom_4, wire_dom_5, wire_dom_6, wire_dom_7, wire_dom_8,
+		wire_dom_9, 0};
+	char* descs[] = {desc_1, desc_2, desc_3, desc_4, desc_5, desc_6,
+		desc_7, desc_8, desc_9, 0};
+
+	int n;
+	char string_domain[260];
+	uint8_t** wd = wire_doms;
+	int di = 0;
+	int skip = 5; /* 0..6 */
+
+	while (*wd) {
+
+		if(verbtest)
+			printf("Test: %s\n", descs[di++]);
+
+		memset(string_domain, 0xff, sizeof(string_domain));
+		dname_str(*wd, string_domain);
+		for (n = 0 ; n < (int)sizeof(string_domain); ++n) {
+			if ((uint8_t)string_domain[n] == 0xff)
+			break;
+		}
+		if(verbtest)
+			printf("dname_str: L=%d, S=Skipping %d labels...%s\n",
+				n, skip, string_domain + skip*31);
+		unit_assert(n <= 255);
+
+		memset(string_domain, 0xff, sizeof(string_domain));
+		sldns_wire2str_dname_buf(*wd,
+			strlen((char*)*wd)+1 /* strlen works with these test strings */,
+			string_domain,
+			255 /* for comparable result to dname_str */ );
+		for (n = 0 ; n < (int)sizeof(string_domain); ++n) {
+			if ((uint8_t)string_domain[n] == 0xff)
+			break;
+		}
+		if(verbtest)
+			printf("sldns_wire2str_dname_buf: L=%d, S=Skipping %d labels...%s\n",
+				n, skip, string_domain + skip*31);
+		unit_assert(n <= 255);
+
+		++wd;
+	}
+}
+
 static void
 dname_test_str(sldns_buffer* buff)
 {
@@ -1002,6 +1276,8 @@ dname_test_str(sldns_buffer* buff)
 			unit_assert(0);
 		}
 	}
+
+	test_long_names();
 }
 
 void dname_test(void)
@@ -1024,6 +1300,7 @@ void dname_test(void)
 	dname_test_subdomain();
 	dname_test_isroot();
 	dname_test_removelabel();
+	dname_test_removelabellimitlen();
 	dname_test_sigcount();
 	dname_test_iswild();
 	dname_test_canoncmp();
diff --git a/contrib/unbound/testcode/unitinfra.c b/contrib/unbound/testcode/unitinfra.c
index 6834c51eeab8..91a88f6ae8a9 100644
--- a/contrib/unbound/testcode/unitinfra.c
+++ b/contrib/unbound/testcode/unitinfra.c
@@ -131,6 +131,7 @@ void infra_test(void)
 	unit_show_feature("infra cache");
 	unit_assert(ipstrtoaddr("127.0.0.1", 53, &one, &onelen));
 
+	config_auto_slab_values(cfg);
 	slab = infra_create(cfg);
 	/* insert new record */
 	unit_assert( infra_host(slab, &one, onelen, zone, zonelen, now,
diff --git a/contrib/unbound/testcode/unitmain.c b/contrib/unbound/testcode/unitmain.c
index 334c1af93033..07c016d7ba74 100644
--- a/contrib/unbound/testcode/unitmain.c
+++ b/contrib/unbound/testcode/unitmain.c
@@ -205,6 +205,8 @@ net_test(void)
 		unit_assert(memcmp(&a6.sin6_addr, "\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\000", 16) == 0);
 		addr_mask((struct sockaddr_storage*)&a6, l6, 64);
 		unit_assert(memcmp(&a6.sin6_addr, "\377\377\377\377\377\377\377\377\000\000\000\000\000\000\000\000", 16) == 0);
+		/* Check that negative value in net is not problematic. */
+		addr_mask((struct sockaddr_storage*)&a6, l6, -100);
 		addr_mask((struct sockaddr_storage*)&a6, l6, 0);
 		unit_assert(memcmp(&a6.sin6_addr, "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000", 16) == 0);
 	}
@@ -266,6 +268,28 @@ net_test(void)
 				(struct sockaddr_storage*)&b6, i, l6) == i);
 		}
 	}
+	/* test netblockstrtoaddr */
+	unit_show_func("util/net_help.c", "netblockstrtoaddr");
+	if(1) {
+		struct sockaddr_storage a;
+		socklen_t alen = 0;
+		int net = 0, res;
+		char astr[128];
+		memset(&a, 0, sizeof(a));
+
+		res = netblockstrtoaddr("1.2.3.0/24", 53, &a, &alen, &net);
+		unit_assert(res!=0 && net == 24);
+		addr_to_str(&a, alen, astr, sizeof(astr));
+		unit_assert(strcmp(astr, "1.2.3.0") == 0);
+		unit_assert(ntohs(((struct sockaddr_in*)&a)->sin_port)==53);
+
+		res = netblockstrtoaddr("2001:DB8:33:44::/64", 53,
+			&a, &alen, &net);
+		unit_assert(res!=0 && net == 64);
+		addr_to_str(&a, alen, astr, sizeof(astr));
+		unit_assert(strcmp(astr, "2001:db8:33:44::") == 0);
+		unit_assert(ntohs(((struct sockaddr_in6*)&a)->sin6_port)==53);
+	}
 	/* test sockaddr_cmp_addr */
 	unit_show_func("util/net_help.c", "sockaddr_cmp_addr");
 	if(1) {
diff --git a/contrib/unbound/testcode/unitverify.c b/contrib/unbound/testcode/unitverify.c
index 81c8b13c6d65..12d5205b07da 100644
--- a/contrib/unbound/testcode/unitverify.c
+++ b/contrib/unbound/testcode/unitverify.c
@@ -61,6 +61,12 @@
 #include "sldns/str2wire.h"
 #include "sldns/wire2str.h"
 
+#ifdef HAVE_SSL
+#ifdef HAVE_OPENSSL_ERR_H
+#include <openssl/err.h>
+#endif
+#endif
+
 /** verbose signature test */
 static int vsig = 0;
 
@@ -509,10 +515,137 @@ nsec3_hash_test(const char* fname)
 
 #define SRCDIRSTR xstr(SRCDIR)
 
+#if defined(HAVE_SSL) && defined(USE_SHA1)
+/* Detect if openssl is configured to disable RSASHA1 signatures,
+ * with the rh-allow-sha1-signatures disabled. */
+static int
+rh_allow_sha1_signatures_disabled(void)
+{
+	EVP_MD_CTX* ctx;
+	EVP_PKEY* evp_key;
+	/* This key is rdata from nlnetlabs.nl DNSKEY from 20250424005001,
+	 * with id=50602 (ksk), size=2048b.
+	 * A 2048 bit key is taken to avoid key too small errors. */
+	unsigned char key[] = {
+		0x03, 0x01, 0x00, 0x01, 0xBC, 0x0B, 0xE8, 0xBB,
+		0x97, 0x4C, 0xB5, 0xED, 0x6F, 0x6D, 0xC2, 0xB1,
+		0x78, 0x69, 0x93, 0x1C, 0x72, 0x19, 0xB1, 0x05,
+		0x51, 0x13, 0xA1, 0xFC, 0xBF, 0x01, 0x58, 0x0D,
+		0x44, 0x10, 0x5F, 0x0B, 0x75, 0x0E, 0x11, 0x9A,
+		0xC8, 0xF8, 0x0F, 0x90, 0xFC, 0xB8, 0x09, 0xD1,
+		0x14, 0x39, 0x0D, 0x84, 0xCE, 0x97, 0x88, 0x82,
+		0x3D, 0xC5, 0xCB, 0x1A, 0xBF, 0x00, 0x46, 0x37,
+		0x01, 0xF1, 0xCD, 0x46, 0xA2, 0x8F, 0x83, 0x19,
+		0x42, 0xED, 0x6F, 0xAF, 0x37, 0x1F, 0x18, 0x82,
+		0x4B, 0x70, 0x2D, 0x50, 0xA5, 0xA6, 0x66, 0x48,
+		0x7F, 0x56, 0xA8, 0x86, 0x05, 0x41, 0xC8, 0xBE,
+		0x4F, 0x8B, 0x38, 0x51, 0xF0, 0xEB, 0xAD, 0x2F,
+		0x7A, 0xC0, 0xEF, 0xC7, 0xD2, 0x72, 0x6F, 0x16,
+		0x66, 0xAF, 0x59, 0x55, 0xFF, 0xEE, 0x9D, 0x50,
+		0xE9, 0xDB, 0xF4, 0x02, 0xBC, 0x33, 0x5C, 0xC5,
+		0xDA, 0x1C, 0x6A, 0xD1, 0x55, 0xD1, 0x20, 0x2B,
+		0x63, 0x03, 0x4B, 0x77, 0x45, 0x46, 0x78, 0x31,
+		0xE4, 0x90, 0xB9, 0x7F, 0x00, 0xFB, 0x62, 0x7C,
+		0x07, 0xD3, 0xC1, 0x00, 0xA0, 0x54, 0x63, 0x74,
+		0x0A, 0x17, 0x7B, 0xE7, 0xAD, 0x38, 0x07, 0x86,
+		0x68, 0xE4, 0xFD, 0x20, 0x68, 0xD5, 0x33, 0x92,
+		0xCA, 0x90, 0xDD, 0xA4, 0xE9, 0xF2, 0x11, 0xBD,
+		0x9D, 0xA5, 0xF5, 0xEB, 0xB9, 0xFE, 0x8F, 0xA1,
+		0xE4, 0xBF, 0xA4, 0xA4, 0x34, 0x5C, 0x6A, 0x95,
+		0xB6, 0x42, 0x22, 0xF6, 0xD6, 0x10, 0x9C, 0x9B,
+		0x0A, 0x56, 0xE7, 0x42, 0xE5, 0x7F, 0x1F, 0x4E,
+		0xBE, 0x4F, 0x8C, 0xED, 0x30, 0x63, 0xA7, 0x88,
+		0x93, 0xED, 0x37, 0x3C, 0x80, 0xBC, 0xD1, 0x66,
+		0xBD, 0xB8, 0x2E, 0x65, 0xC4, 0xC8, 0x00, 0x5B,
+		0xE7, 0x85, 0x96, 0xDD, 0xAA, 0x05, 0xE6, 0x4F,
+		0x03, 0x64, 0xFA, 0x2D, 0xF6, 0x88, 0x14, 0x8F,
+		0x15, 0x4D, 0xFD, 0xD3
+	};
+	size_t keylen = 260;
+
+#ifdef HAVE_EVP_MD_CTX_NEW
+	ctx = EVP_MD_CTX_new();
+#else
+	ctx = (EVP_MD_CTX*)malloc(sizeof(*ctx));
+	if(ctx) EVP_MD_CTX_init(ctx);
+#endif
+	if(!ctx) return 0;
+
+	evp_key = sldns_key_rsa2pkey_raw(key, keylen);
+	if(!evp_key) {
+#ifdef HAVE_EVP_MD_CTX_NEW
+		EVP_MD_CTX_destroy(ctx);
+#else
+		EVP_MD_CTX_cleanup(ctx);
+		free(ctx);
+#endif
+		return 0;
+	}
+
+#ifndef HAVE_EVP_DIGESTVERIFY
+	(void)evp_key; /* not used */
+	if(EVP_DigestInit(ctx, EVP_sha1()) == 0)
+#else
+	if(EVP_DigestVerifyInit(ctx, NULL, EVP_sha1(), NULL, evp_key) == 0)
+#endif
+	{
+		unsigned long e = ERR_get_error();
+#ifdef EVP_R_INVALID_DIGEST
+		if (ERR_GET_LIB(e) == ERR_LIB_EVP &&
+			ERR_GET_REASON(e) == EVP_R_INVALID_DIGEST) {
+			/* rh-allow-sha1-signatures makes use of sha1 invalid. */
+			if(vsig)
+				printf("Detected that rh-allow-sha1-signatures is off, and disables SHA1 signatures\n");
+#ifdef HAVE_EVP_MD_CTX_NEW
+			EVP_MD_CTX_destroy(ctx);
+#else
+			EVP_MD_CTX_cleanup(ctx);
+			free(ctx);
+#endif
+			EVP_PKEY_free(evp_key);
+			return 1;
+		}
+#endif /* EVP_R_INVALID_DIGEST */
+		/* The signature verify failed for another reason. */
+		log_crypto_err_code("EVP_DigestVerifyInit", e);
+#ifdef HAVE_EVP_MD_CTX_NEW
+		EVP_MD_CTX_destroy(ctx);
+#else
+		EVP_MD_CTX_cleanup(ctx);
+		free(ctx);
+#endif
+		EVP_PKEY_free(evp_key);
+		return 0;
+	}
+#ifdef HAVE_EVP_MD_CTX_NEW
+	EVP_MD_CTX_destroy(ctx);
+#else
+	EVP_MD_CTX_cleanup(ctx);
+	free(ctx);
+#endif
+	EVP_PKEY_free(evp_key);
+	return 0;
+}
+#endif /* HAVE_SSL && USE_SHA1 */
+
 void 
 verify_test(void)
 {
 	unit_show_feature("signature verify");
+
+#if defined(HAVE_SSL) && defined(USE_SHA1)
+	if(rh_allow_sha1_signatures_disabled()) {
+		/* Allow the use of SHA1 signatures for the test,
+		 * in case that OpenSSL disallows use of RSASHA1
+		 * with rh-allow-sha1-signatures disabled. */
+#ifndef UB_ON_WINDOWS
+		setenv("OPENSSL_ENABLE_SHA1_SIGNATURES", "1", 0);
+#else
+		_putenv("OPENSSL_ENABLE_SHA1_SIGNATURES=1");
+#endif
+	}
+#endif
+
 #ifdef USE_SHA1
 	verifytest_file(SRCDIRSTR "/testdata/test_signatures.1", "20070818005004");
 #endif
diff --git a/contrib/unbound/testcode/unitzonemd.c b/contrib/unbound/testcode/unitzonemd.c
index 63dc13edab33..0420b0361590 100644
--- a/contrib/unbound/testcode/unitzonemd.c
+++ b/contrib/unbound/testcode/unitzonemd.c
@@ -267,6 +267,7 @@ static void zonemd_verify_test(char* zname, char* zfile, char* tastr,
 	env.cfg = config_create();
 	if(!env.cfg)
 		fatal_exit("out of memory");
+	config_auto_slab_values(env.cfg);
 	env.now = &now;
 	env.cfg->val_date_override = cfg_convert_timeval(date_override);
 	if(!env.cfg->val_date_override)
diff --git a/contrib/unbound/testdata/auth_nsec3_ent_with_out_of_zone_data.rpl b/contrib/unbound/testdata/auth_nsec3_ent_with_out_of_zone_data.rpl
new file mode 100644
index 000000000000..3381515659b0
--- /dev/null
+++ b/contrib/unbound/testdata/auth_nsec3_ent_with_out_of_zone_data.rpl
@@ -0,0 +1,228 @@
+; config options
+server:
+	target-fetch-policy: "0 0 0 0 0"
+
+auth-zone:
+	name: "unbound-auth-test.nlnetlabs.nl."
+	## zonefile (or none).
+	## zonefile: "example.com.zone"
+	## master by IP address or hostname
+	## can list multiple masters, each on one line.
+	## master:
+	## url for http fetch
+	## url:
+	## queries from downstream clients get authoritative answers.
+	## for-downstream: yes
+	for-downstream: yes
+	## queries are used to fetch authoritative answers from this zone,
+	## instead of unbound itself sending queries there.
+	## for-upstream: yes
+	for-upstream: yes
+	## on failures with for-upstream, fallback to sending queries to
+	## the authority servers
+	## fallback-enabled: no
+
+	## this line generates zonefile: \n"/tmp/xxx.example.com"\n
+	zonefile:
+TEMPFILE_NAME unbound-auth-test.nlnetlabs.nl
+	## this is the inline file /tmp/xxx.unbound-auth-test.nlnetlabs.nl
+	## the tempfiles are deleted when the testrun is over.
+TEMPFILE_CONTENTS unbound-auth-test.nlnetlabs.nl
+;; Zone: unbound-auth-test.nlnetlabs.nl.
+;
+unbound-auth-test.nlnetlabs.nl.	3600	IN	SOA	ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1554201247 14400 3600 604800 3600
+unbound-auth-test.nlnetlabs.nl.	3600	IN	RRSIG	SOA 13 3 3600 20190430103407 20190402103407 15486 unbound-auth-test.nlnetlabs.nl. NLFcC2oet+HC+1dhT4D/2JJFIcMiRtTM81KwvT7u8ybF3iDE4bnyrILvQk8DsizpYKwk+D3J3tMC3TV5+//qFw==
+;; Out of zone record that shouldn't break NSEC3 proofs.
+;; There was a bug that would keep removing labels and use this out of zone
+;; record.
+nlnetlabs.nl. 3600 IN NS ns.nlnetlabs.nl.
+;
+unbound-auth-test.nlnetlabs.nl.	3600	IN	NS	ns.nlnetlabs.nl.
+unbound-auth-test.nlnetlabs.nl.	3600	IN	RRSIG	NS 13 3 3600 20190430103407 20190402103407 15486 unbound-auth-test.nlnetlabs.nl. Gm0UF77ljiInG4/HZ6Tkzx7z9N45WwwmbBt9KxeN3z1BkdBLiy10Du71ZBFLP71b+USs1rv5SJQ0hteZFbl8sg==
+unbound-auth-test.nlnetlabs.nl.	3600	IN	DNSKEY	256 3 13 S3Da9HqpFj0pEbI8WXOdkvN3vgZ6qxNSz4XyKkmWWAG28kq5T+/lWp36DUDvnMI9wJNuixzUHtgZ6oZoAaVrPg== ;{id = 15486 (zsk), size = 256b}
+unbound-auth-test.nlnetlabs.nl.	3600	IN	RRSIG	DNSKEY 13 3 3600 20190430103407 20190402103407 15486 unbound-auth-test.nlnetlabs.nl. 1cLFaDb6kP8KnRJujW1ieHUdS5Tgdv59TCZ+FloCRJMJBwQAow6UKAIY7HHlTb8IHTajyUrjlxX/dN8S/5VwuA==
+unbound-auth-test.nlnetlabs.nl.	3600	IN	NSEC3PARAM	1 0 1 -
+unbound-auth-test.nlnetlabs.nl.	3600	IN	RRSIG	NSEC3PARAM 13 3 3600 20190430103407 20190402103407 15486 unbound-auth-test.nlnetlabs.nl. GWgtJArNpfJ4ifoinUBUVRTlkk0CMemdozhMKY13dk3EQMP0jb4g49PcTAgEP2dBUs9efttQVQQpmFPyTGfN1w==
+tvdhfml24jp7cott1qijj9812qu9ibh3.unbound-auth-test.nlnetlabs.nl.	3600	IN	NSEC3	1 0 1 -  41pcah2j3fr8k99gj5pveh4igrjfc871 NS SOA RRSIG DNSKEY NSEC3PARAM  ;{ flags: -, from: unbound-auth-test.nlnetlabs.nl. to: b.b.unbound-auth-test.nlnetlabs.nl.}
+tvdhfml24jp7cott1qijj9812qu9ibh3.unbound-auth-test.nlnetlabs.nl.	3600	IN	RRSIG	NSEC3 13 4 3600 20190430103407 20190402103407 15486 unbound-auth-test.nlnetlabs.nl. DzwQTaZj4j29eHXEKllIFcq4yNWA7VMqkh8+gCrBO+GEek9+hGxL6ANsU0Hv6glyBmPDeYUZcy4xy0EEj1R4hQ==
+;
+;; Empty nonterminal: b.unbound-auth-test.nlnetlabs.nl.
+apejmh1fqds9gir0nnsf4d5gtno10tg1.unbound-auth-test.nlnetlabs.nl.	3600	IN	NSEC3	1 0 1 -  dbs0aj50410urbvt3ghfr644n7h06gs5 ;{ flags: -, from: b.unbound-auth-test.nlnetlabs.nl. to: c.b.unbound-auth-test.nlnetlabs.nl.}
+apejmh1fqds9gir0nnsf4d5gtno10tg1.unbound-auth-test.nlnetlabs.nl.	3600	IN	RRSIG	NSEC3 13 4 3600 20190430103407 20190402103407 15486 unbound-auth-test.nlnetlabs.nl. m9B0W8xDZF6ml/m8OujrZZBiF1O0wAeKciK/5FMT/hCjHR0hMrbXBPg/ZntpVJD/Pko2HcBvWKu87U721yTHyQ==
+;
+;; Empty nonterminal: a.b.unbound-auth-test.nlnetlabs.nl.
+toqivctpt4pdcp5g19neqt19fvtgbgeu.unbound-auth-test.nlnetlabs.nl.	3600	IN	NSEC3	1 0 1 -  tvdhfml24jp7cott1qijj9812qu9ibh3 ;{ flags: -, from: a.b.unbound-auth-test.nlnetlabs.nl. to: unbound-auth-test.nlnetlabs.nl.}
+toqivctpt4pdcp5g19neqt19fvtgbgeu.unbound-auth-test.nlnetlabs.nl.	3600	IN	RRSIG	NSEC3 13 4 3600 20190430103407 20190402103407 15486 unbound-auth-test.nlnetlabs.nl. Jr1oPPs+DGBVV13n4gG4AGVFsleItluLbtCIyQDcYZEA+e5JMkrLzfW3rXqXaUSUauR4iEu5FmTfs4GTsumdUw==
+;
+*.a.b.unbound-auth-test.nlnetlabs.nl.	3600	IN	TXT	"*.a.b"
+*.a.b.unbound-auth-test.nlnetlabs.nl.	3600	IN	RRSIG	TXT 13 5 3600 20190430103407 20190402103407 15486 unbound-auth-test.nlnetlabs.nl. NrMUaNzZp88lXit/HLL/iDBHspDSfoM//K+/0VwUYRZjmVJQQHCHtHBGgR4NgrLi3ffvCAWq2LNGxDm+YMSl3g==
+jrtu61ssgd18lfjglqrbbs5b2vmbh6cl.unbound-auth-test.nlnetlabs.nl.	3600	IN	NSEC3	1 0 1 -  k8r2bchsbehs5dbu5d6ivjfnmjb3jc8s TXT RRSIG  ;{ flags: -, from: *.a.b.unbound-auth-test.nlnetlabs.nl. to: *.c.b.unbound-auth-test.nlnetlabs.nl.}
+jrtu61ssgd18lfjglqrbbs5b2vmbh6cl.unbound-auth-test.nlnetlabs.nl.	3600	IN	RRSIG	NSEC3 13 4 3600 20190430103407 20190402103407 15486 unbound-auth-test.nlnetlabs.nl. kLIhE9+iz1OybJwXbtRJZst+Mk5u4OAtpZGWSwJUfqD6dXAk+h6msKAR18jpPeL7cCjXjIAKIv3x4oYRkl+uKw==
+;
+;; Empty nonterminal: b.b.unbound-auth-test.nlnetlabs.nl.
+41pcah2j3fr8k99gj5pveh4igrjfc871.unbound-auth-test.nlnetlabs.nl.	3600	IN	NSEC3	1 0 1 -  apejmh1fqds9gir0nnsf4d5gtno10tg1 ;{ flags: -, from: b.b.unbound-auth-test.nlnetlabs.nl. to: b.unbound-auth-test.nlnetlabs.nl.}
+41pcah2j3fr8k99gj5pveh4igrjfc871.unbound-auth-test.nlnetlabs.nl.	3600	IN	RRSIG	NSEC3 13 4 3600 20190430103407 20190402103407 15486 unbound-auth-test.nlnetlabs.nl. XlIjnuF313w0GXn6vymrAcsyuxZSaN6IShFjxQ5T2HUFePHBNvtRkL+TtMQZNlR8nTR3+MWcON0cOZIGjVCCjg==
+;
+*.b.b.unbound-auth-test.nlnetlabs.nl.	3600	IN	TXT	"*.b.b"
+*.b.b.unbound-auth-test.nlnetlabs.nl.	3600	IN	RRSIG	TXT 13 5 3600 20190430103407 20190402103407 15486 unbound-auth-test.nlnetlabs.nl. FkS3ceWpoHyOKaa8OtywIl148Bwo0vkzBd263vqYe0puhuRa6IvNEk5ERdwfWt9eNEq+6IlizPT/dYxA2fXYXA==
+ft7dasbom0copm9e2ak9k151dj08kjfs.unbound-auth-test.nlnetlabs.nl.	3600	IN	NSEC3	1 0 1 -  jrtu61ssgd18lfjglqrbbs5b2vmbh6cl TXT RRSIG  ;{ flags: -, from: *.b.b.unbound-auth-test.nlnetlabs.nl. to: *.a.b.unbound-auth-test.nlnetlabs.nl.}
+ft7dasbom0copm9e2ak9k151dj08kjfs.unbound-auth-test.nlnetlabs.nl.	3600	IN	RRSIG	NSEC3 13 4 3600 20190430103407 20190402103407 15486 unbound-auth-test.nlnetlabs.nl. 5QhLGohTRLQSGC8vstzDjqcwfrbOnLUG2OelSjvsZFy1smsWUxJBCQXQdx1+JX7xamZHlZESQtS+cELuZUqpvA==
+;
+;; Empty nonterminal: c.b.unbound-auth-test.nlnetlabs.nl.
+dbs0aj50410urbvt3ghfr644n7h06gs5.unbound-auth-test.nlnetlabs.nl.	3600	IN	NSEC3	1 0 1 -  ft7dasbom0copm9e2ak9k151dj08kjfs ;{ flags: -, from: c.b.unbound-auth-test.nlnetlabs.nl. to: *.b.b.unbound-auth-test.nlnetlabs.nl.}
+dbs0aj50410urbvt3ghfr644n7h06gs5.unbound-auth-test.nlnetlabs.nl.	3600	IN	RRSIG	NSEC3 13 4 3600 20190430103407 20190402103407 15486 unbound-auth-test.nlnetlabs.nl. hjk1foJWW68JK3O1Ktf0ZogoXVrMDw3mHVBBYTrpaBKX1gWR5icmJiOCYZWYx3z88PUnGkfH+kx4oDUjioqN+Q==
+;
+*.c.b.unbound-auth-test.nlnetlabs.nl.	3600	IN	TXT	"*.c.b"
+*.c.b.unbound-auth-test.nlnetlabs.nl.	3600	IN	RRSIG	TXT 13 5 3600 20190430103407 20190402103407 15486 unbound-auth-test.nlnetlabs.nl. b7rFR5tlx5Y5SQqNdYBtfD6DrkNx9h79GCmnZfWrUzRz+A256k2v08IPRJDK+WxEHuYHjfNnVWxjRr9M1OW2Iw==
+k8r2bchsbehs5dbu5d6ivjfnmjb3jc8s.unbound-auth-test.nlnetlabs.nl.	3600	IN	NSEC3	1 0 1 -  toqivctpt4pdcp5g19neqt19fvtgbgeu TXT RRSIG  ;{ flags: -, from: *.c.b.unbound-auth-test.nlnetlabs.nl. to: a.b.unbound-auth-test.nlnetlabs.nl.}
+k8r2bchsbehs5dbu5d6ivjfnmjb3jc8s.unbound-auth-test.nlnetlabs.nl.	3600	IN	RRSIG	NSEC3 13 4 3600 20190430103407 20190402103407 15486 unbound-auth-test.nlnetlabs.nl. 34BS1ajedCNdfXgUfxTyiAK1ichfFLshhJ3TnfplrUps0UsZaQLEG+EIlP4wTBtro2c6V8YCSmOuxuce4gYoDw==
+;
+TEMPFILE_END
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test authority zone with NSEC3 empty nonterminal
+; with exact match NSEC3 in existence (eg. not a CE-proof)
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com. IN A 1.2.3.44
+ENTRY_END
+RANGE_END
+
+; ns.example.net.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.44
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN NS
+SECTION ANSWER
+example.net.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.44
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.net. IN A
+SECTION ANSWER
+ns.example.net. IN A	1.2.3.44
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.net. IN AAAA
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+www.example.net. IN A	1.2.3.44
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.	IN NS	ns.example.net.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+a.b.unbound-auth-test.nlnetlabs.nl. IN TXT
+ENTRY_END
+
+; recursion happens here.
+STEP 20 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR AA RD RA DO NOERROR
+SECTION QUESTION
+a.b.unbound-auth-test.nlnetlabs.nl. IN TXT
+SECTION ANSWER
+SECTION AUTHORITY
+unbound-auth-test.nlnetlabs.nl.	3600 IN	SOA	ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1554201247 14400 3600 604800 3600
+unbound-auth-test.nlnetlabs.nl.	3600 IN	RRSIG	SOA 13 3 3600 20190430103407 20190402103407 15486 unbound-auth-test.nlnetlabs.nl. NLFcC2oet+HC+1dhT4D/2JJFIcMiRtTM81KwvT7u8ybF3iDE4bnyrILv Qk8DsizpYKwk+D3J3tMC3TV5+//qFw==
+toqivctpt4pdcp5g19neqt19fvtgbgeu.unbound-auth-test.nlnetlabs.nl. 3600 IN NSEC3 1 0 1 - TVDHFML24JP7COTT1QIJJ9812QU9IBH3
+toqivctpt4pdcp5g19neqt19fvtgbgeu.unbound-auth-test.nlnetlabs.nl. 3600 IN RRSIG NSEC3 13 4 3600 20190430103407 20190402103407 15486 unbound-auth-test.nlnetlabs.nl. Jr1oPPs+DGBVV13n4gG4AGVFsleItluLbtCIyQDcYZEA+e5JMkrLzfW3 rXqXaUSUauR4iEu5FmTfs4GTsumdUw==
+ENTRY_END
+
+SCENARIO_END
diff --git a/contrib/unbound/testdata/auth_nsec3_wild_with_out_of_zone_data.rpl b/contrib/unbound/testdata/auth_nsec3_wild_with_out_of_zone_data.rpl
new file mode 100644
index 000000000000..8c5a00861021
--- /dev/null
+++ b/contrib/unbound/testdata/auth_nsec3_wild_with_out_of_zone_data.rpl
@@ -0,0 +1,234 @@
+; config options
+server:
+	target-fetch-policy: "0 0 0 0 0"
+
+auth-zone:
+	name: "test-ns-signed.dev.internet.nl."
+	## zonefile (or none).
+	## zonefile: "example.com.zone"
+	## master by IP address or hostname
+	## can list multiple masters, each on one line.
+	## master:
+	## url for http fetch
+	## url:
+	## queries from downstream clients get authoritative answers.
+	## for-downstream: yes
+	for-downstream: yes
+	## queries are used to fetch authoritative answers from this zone,
+	## instead of unbound itself sending queries there.
+	## for-upstream: yes
+	for-upstream: yes
+	## on failures with for-upstream, fallback to sending queries to
+	## the authority servers
+	## fallback-enabled: no
+
+	## this line generates zonefile: \n"/tmp/xxx.example.com"\n
+	zonefile:
+TEMPFILE_NAME test-ns-signed.dev.internet.nl
+	## this is the inline file /tmp/xxx.test-ns-signed.dev.internet.nl
+	## the tempfiles are deleted when the testrun is over.
+TEMPFILE_CONTENTS test-ns-signed.dev.internet.nl
+test-ns-signed.dev.internet.nl.	3600	IN	SOA	ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 4 14400 3600 604800 3600
+test-ns-signed.dev.internet.nl.	3600	IN	RRSIG	SOA 8 4 3600 20190205132351 20190108132351 32784 test-ns-signed.dev.internet.nl. ybb0Hc7NC+QOFEEv4cX2+Umlk+miiOAHmeP2Uwvg6lqfxkk+3g7yWBEKMinXjLKz0odWZ6fki6M/3yBPQX8SV0OCRY5gYvAHAjbxAIHozIM+5iwOkRQhNF1DRgQ3BLjL93f6T5e5Z4y1812iOpu4GYswXW/UTOZACXz2UiaCPAg=
+;; Out of zone record that shouldn't break NSEC3 proofs.
+;; There was a bug that would keep removing labels and use this out of zone
+;; record.
+dev.internet.nl. 3600 IN NS ns.test-ns-signed.dev.internet.nl.
+test-ns-signed.dev.internet.nl.	3600	IN	NS	ns.test-ns-signed.dev.internet.nl.
+test-ns-signed.dev.internet.nl.	3600	IN	RRSIG	NS 8 4 3600 20190205132351 20190108132351 32784 test-ns-signed.dev.internet.nl. KqiwTF3hKm1ZHGbgx6MVzZYHlS1p7+Xrikx4izMHFbWiD6ki6lrJBJsnH9j/hH1cwHxjXslOeJh0hdBdbn8la0meZPsebOyUbEjoLPzRLzKNLDBuA4BUJnRGQJy21CX7XooXAMAmR8YFipO8CojI9EogU2m2o9YkfbpacFWQoTk=
+test-ns-signed.dev.internet.nl.	3600	IN	DNSKEY	256 3 8 AwEAAc6c8tpMXBSOFLu/9n4aUUDK43wN4B7A2UDqZi0IOkyptxWCFghleyZeeN5uq6p9MoUt8lS73mFmIYC0ux5zBO3uVaJQ9u+00qRAEVg/RgBwa58y2f/zNtFV/f7mBSPcPTiEjUh0bwHSiTvUn/8JkrvjyAcbQMO0YOsRof5q6tzl ;{id = 32784 (zsk), size = 1024b}
+test-ns-signed.dev.internet.nl.	3600	IN	DNSKEY	257 3 8 AwEAAdC0hBJP1U8lbZ6JFXn0ouK6VipiraN7I8oog62SuEd/fqAupys7A/Ih6WK/UoJorjlnccEL8euNMaS4kNogvoBrFx8ciIWKcbot5mtwc4WDr3cnR+HIZNCUFVkIxsMqE7HCD0yn0zhkB60shED+ZHs8zpyU+cjnsOSizxOnIY+F ;{id = 54502 (ksk), size = 1024b}
+test-ns-signed.dev.internet.nl.	3600	IN	RRSIG	DNSKEY 8 4 3600 20190205132351 20190108132351 54502 test-ns-signed.dev.internet.nl. X3qN+plfjf45FA4pr/tcUqUCR9ajDqwtNe4TS19WOJogVL/Gf/N5/ToOCrs3s+a7VrJl58WvSJquDM8xAS8f4oJggKgHFhopce8tMTGRxkRvJo4y+tt3vCveh/zjHLAnbOaBGA4CJ/IPhRqzHzcX/SjSv0EACWd6XpQIWogRv6c=
+test-ns-signed.dev.internet.nl.	3600	IN	NSEC3PARAM	1 0 1 -
+test-ns-signed.dev.internet.nl.	3600	IN	RRSIG	NSEC3PARAM 8 4 3600 20190205132351 20190108132351 32784 test-ns-signed.dev.internet.nl. A/1xUGO46uIz+9vjPGfWVD99akwU9bd/UlnVG9LPfoTzG7TMWSoZ4ksg8k8ub8K1TrkDmQokNHSW0Gt6qwoRh17c+p1h/SFlDVL83wgTc4NqG43OQjgGU9RV035XU+VESlO3lavifhlu8rHWBJTlhiXcMGq6H+zvoz4sx9p5GNM=
+93stp7o7i5n9gb83uu7vv6h8qltk14ig.test-ns-signed.dev.internet.nl.	3600	IN	NSEC3	1 0 1 -  fee0c2kfhi6bnljce6vehaenqq3pbupu NS SOA RRSIG DNSKEY NSEC3PARAM
+93stp7o7i5n9gb83uu7vv6h8qltk14ig.test-ns-signed.dev.internet.nl.	3600	IN	RRSIG	NSEC3 8 5 3600 20190205132351 20190108132351 32784 test-ns-signed.dev.internet.nl. YoTRDQ7sSvERcY1WwAH4oRRR7DmaAwA8/H70jdMeSU4wsnM/VM03kDcc2sgq5edmHiZoTWnq7nEb/1Y7Ro0YrqTUQdYFZvXi6UjZQrKI9nqAGnhdXZWlZJHmYpn2+2Emd+bYHkwvKaPnfnnKjUoGVBH8Hly0HBYKPUF1/viquB0=
+kl94uofq16t2vlq0bmampf6e4o9k5hbi.test-ns-signed.dev.internet.nl.	3600	IN	NSEC3	1 0 1 -  7ag3p2pfrvq09dpn63cvga8ub1rnrrg1
+kl94uofq16t2vlq0bmampf6e4o9k5hbi.test-ns-signed.dev.internet.nl.	3600	IN	RRSIG	NSEC3 8 5 3600 20190205132351 20190108132351 32784 test-ns-signed.dev.internet.nl. NI5zJ/k1kPVZ1abms5OoME/wazb77Ltduyk6ZevAnt4tKydZYwSsjEd0Ixknw9xnakCABn5rAYEXctARN0KCwCkNHR7TYlTAJT14hlDYjbad2u2HT9L1kzAnfj3BeLZl/LRADeMbTtzrkTSF3Dnezurb94fMnUnKt2hPfQfj560=
+fee0c2kfhi6bnljce6vehaenqq3pbupu.test-ns-signed.dev.internet.nl.	3600	IN	NSEC3	1 0 1 -  i6pi4e3o98e7vtkpjfhqn7g77d3mjcnv
+fee0c2kfhi6bnljce6vehaenqq3pbupu.test-ns-signed.dev.internet.nl.	3600	IN	RRSIG	NSEC3 8 5 3600 20190205132351 20190108132351 32784 test-ns-signed.dev.internet.nl. WIb3ISP1nlafbyWoWa4z7sG5IS+V86PyvEMHdD/64hgsFkrCu483XK7VNnBz28SL/631JXA1R19O+UxeWhTUyctp8QSt6cEZcMPY8b7yG97rNFNvhSw75rSXXt+JwgIYHPHQV5oqPtVmEpQM5SfJd+hs+Nn1bJcWB3UaESNNAMQ=
+*.a.b.test-ns-signed.dev.internet.nl.	3600	IN	TXT	"a"
+*.a.b.test-ns-signed.dev.internet.nl.	3600	IN	RRSIG	TXT 8 6 3600 20190205132351 20190108132351 32784 test-ns-signed.dev.internet.nl. eNcJkQXdTO1z21od0sXbgqtABhhr/9tNC/Zx8zYbhXkfj7rufN71yk9xqgu6TG0MeJV26ISrqIGRVFJFmTRvO1LLxoKkEPhqe+08nqRztxXZajCV+dDeFoGIDcXJg6tAxB+MJznkKDtZPpIWvyt1WwdYfcMrGtE9AmR3K1/P/xE=
+7ag3p2pfrvq09dpn63cvga8ub1rnrrg1.test-ns-signed.dev.internet.nl.	3600	IN	NSEC3	1 0 1 -  93stp7o7i5n9gb83uu7vv6h8qltk14ig TXT RRSIG
+7ag3p2pfrvq09dpn63cvga8ub1rnrrg1.test-ns-signed.dev.internet.nl.	3600	IN	RRSIG	NSEC3 8 5 3600 20190205132351 20190108132351 32784 test-ns-signed.dev.internet.nl. gtxoiTa3FRUqoRLvkWSxmWQ+DfijVd26gpKH3+GmGIcNB/sr/Cf8kERRwVVHvgzYIcvdJcys5b2LUXnZJwcdAlx7efZPWgNZzWxJrw6ES25LCWJOrp31isWn9FlAZGIbnpyEXxD2apBSmtyPnKbTgU6lHHS9jrsYHu4G8Zouv3k=
+ns.test-ns-signed.dev.internet.nl.	3600	IN	A	185.49.141.11
+ns.test-ns-signed.dev.internet.nl.	3600	IN	RRSIG	A 8 5 3600 20190205132351 20190108132351 32784 test-ns-signed.dev.internet.nl. F9sXEVAmlRn+/84WbuvegiCwstNxMDMQLl0Obv2CTPpee4U6psbmXrlzczjjjkE6aLjsIHYdcXCzEWTrmukT+V9jzaGPRJvxNvC0ASWyzggAoh0Z++Hl4cVa9587o6I9ODayehFI9Pgdem+RVdb4zlWuzi9FmKXgeTlgWN54tPg=
+ns.test-ns-signed.dev.internet.nl.	3600	IN	AAAA	2a04:b900:0:100::11
+ns.test-ns-signed.dev.internet.nl.	3600	IN	RRSIG	AAAA 8 5 3600 20190205132351 20190108132351 32784 test-ns-signed.dev.internet.nl. F1XRrx/QgfzJ1RS7d0m23QoIPx1G8WL1SrlTOm7pk5vWTL07w7HEw2TETblkjnitJGKfN9ebsIum/cDPUZc3UqLkguP2UCWpePnlllTJuwmG0Z+wyINIR4xF4PQlqttvzThBkD2JKWb/o0W8dQyXTj+jJ1vCZ0NjjA2N4+iJIQE=
+i6pi4e3o98e7vtkpjfhqn7g77d3mjcnv.test-ns-signed.dev.internet.nl.	3600	IN	NSEC3	1 0 1 -  kl94uofq16t2vlq0bmampf6e4o9k5hbi A AAAA RRSIG
+i6pi4e3o98e7vtkpjfhqn7g77d3mjcnv.test-ns-signed.dev.internet.nl.	3600	IN	RRSIG	NSEC3 8 5 3600 20190205132351 20190108132351 32784 test-ns-signed.dev.internet.nl. xLysIqn3r3rdHE3GvwVjZwUyuFClhkhgrQdwyc66RuHKE3MfSuhVr9cHTCJzhipF5TwQTbUpLOr74r99bzdiIY8Xkgjy2M0nc76v1ObSGJdPPjGTevbhDOnavUURwOR/q0NqqO2iPrgFjOVMZ+8uwRJtCty2iAVZfVG+qDzs8hU=
+TEMPFILE_END
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test authority zone with NSEC3 wildcard
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com. IN A 1.2.3.44
+ENTRY_END
+RANGE_END
+
+; ns.example.net.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.44
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.net. IN NS
+SECTION ANSWER
+example.net.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+ns.example.net.		IN 	A	1.2.3.44
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.net. IN A
+SECTION ANSWER
+ns.example.net. IN A	1.2.3.44
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.net. IN AAAA
+SECTION AUTHORITY
+example.net.	IN NS	ns.example.net.
+SECTION ADDITIONAL
+www.example.net. IN A	1.2.3.44
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.	IN NS	ns.example.net.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+something.a.b.test-ns-signed.dev.internet.nl. IN TXT
+ENTRY_END
+
+; recursion happens here.
+STEP 20 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR AA RD RA DO NOERROR
+SECTION QUESTION
+something.a.b.test-ns-signed.dev.internet.nl. IN TXT
+SECTION ANSWER
+something.a.b.test-ns-signed.dev.internet.nl. IN TXT "a"
+something.a.b.test-ns-signed.dev.internet.nl.	3600	IN	RRSIG	TXT 8 6 3600 20190205132351 20190108132351 32784 test-ns-signed.dev.internet.nl. eNcJkQXdTO1z21od0sXbgqtABhhr/9tNC/Zx8zYbhXkfj7rufN71yk9xqgu6TG0MeJV26ISrqIGRVFJFmTRvO1LLxoKkEPhqe+08nqRztxXZajCV+dDeFoGIDcXJg6tAxB+MJznkKDtZPpIWvyt1WwdYfcMrGtE9AmR3K1/P/xE=
+SECTION AUTHORITY
+i6pi4e3o98e7vtkpjfhqn7g77d3mjcnv.test-ns-signed.dev.internet.nl. 3600 IN NSEC3 1 0 1 - KL94UOFQ16T2VLQ0BMAMPF6E4O9K5HBI  A AAAA RRSIG
+i6pi4e3o98e7vtkpjfhqn7g77d3mjcnv.test-ns-signed.dev.internet.nl.	3600	IN	RRSIG	NSEC3 8 5 3600 20190205132351 20190108132351 32784 test-ns-signed.dev.internet.nl. xLysIqn3r3rdHE3GvwVjZwUyuFClhkhgrQdwyc66RuHKE3MfSuhVr9cHTCJzhipF5TwQTbUpLOr74r99bzdiIY8Xkgjy2M0nc76v1ObSGJdPPjGTevbhDOnavUURwOR/q0NqqO2iPrgFjOVMZ+8uwRJtCty2iAVZfVG+qDzs8hU=
+ENTRY_END
+
+; Check that the reply for a wildcard nodata answer contains the NSEC3s.
+; qname denial NSEC3, closest encloser NSEC3, and type bitmap NSEC3.
+STEP 30 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+something.a.b.test-ns-signed.dev.internet.nl. IN AAAA
+ENTRY_END
+
+STEP 40 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR AA RD RA DO NOERROR
+SECTION QUESTION
+something.a.b.test-ns-signed.dev.internet.nl. IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+test-ns-signed.dev.internet.nl.	3600	IN	SOA	ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 4 14400 3600 604800 3600
+test-ns-signed.dev.internet.nl.	3600	IN	RRSIG	SOA 8 4 3600 20190205132351 20190108132351 32784 test-ns-signed.dev.internet.nl. ybb0Hc7NC+QOFEEv4cX2+Umlk+miiOAHmeP2Uwvg6lqfxkk+3g7yWBEKMinXjLKz0odWZ6fki6M/3yBPQX8SV0OCRY5gYvAHAjbxAIHozIM+5iwOkRQhNF1DRgQ3BLjL93f6T5e5Z4y1812iOpu4GYswXW/UTOZACXz2UiaCPAg= ;{id = 32784}
+7ag3p2pfrvq09dpn63cvga8ub1rnrrg1.test-ns-signed.dev.internet.nl.	3600	IN	NSEC3	1 0 1 - 93stp7o7i5n9gb83uu7vv6h8qltk14ig TXT RRSIG
+7ag3p2pfrvq09dpn63cvga8ub1rnrrg1.test-ns-signed.dev.internet.nl.	3600	IN	RRSIG	NSEC3 8 5 3600 20190205132351 20190108132351 32784 test-ns-signed.dev.internet.nl. gtxoiTa3FRUqoRLvkWSxmWQ+DfijVd26gpKH3+GmGIcNB/sr/Cf8kERRwVVHvgzYIcvdJcys5b2LUXnZJwcdAlx7efZPWgNZzWxJrw6ES25LCWJOrp31isWn9FlAZGIbnpyEXxD2apBSmtyPnKbTgU6lHHS9jrsYHu4G8Zouv3k= ;{id = 32784}
+fee0c2kfhi6bnljce6vehaenqq3pbupu.test-ns-signed.dev.internet.nl.	3600	IN	NSEC3	1 0 1 - i6pi4e3o98e7vtkpjfhqn7g77d3mjcnv
+fee0c2kfhi6bnljce6vehaenqq3pbupu.test-ns-signed.dev.internet.nl.	3600	IN	RRSIG	NSEC3 8 5 3600 20190205132351 20190108132351 32784 test-ns-signed.dev.internet.nl. WIb3ISP1nlafbyWoWa4z7sG5IS+V86PyvEMHdD/64hgsFkrCu483XK7VNnBz28SL/631JXA1R19O+UxeWhTUyctp8QSt6cEZcMPY8b7yG97rNFNvhSw75rSXXt+JwgIYHPHQV5oqPtVmEpQM5SfJd+hs+Nn1bJcWB3UaESNNAMQ= ;{id = 32784}
+i6pi4e3o98e7vtkpjfhqn7g77d3mjcnv.test-ns-signed.dev.internet.nl.	3600	IN	NSEC3	1 0 1 - kl94uofq16t2vlq0bmampf6e4o9k5hbi A AAAA RRSIG
+i6pi4e3o98e7vtkpjfhqn7g77d3mjcnv.test-ns-signed.dev.internet.nl.	3600	IN	RRSIG	NSEC3 8 5 3600 20190205132351 20190108132351 32784 test-ns-signed.dev.internet.nl. xLysIqn3r3rdHE3GvwVjZwUyuFClhkhgrQdwyc66RuHKE3MfSuhVr9cHTCJzhipF5TwQTbUpLOr74r99bzdiIY8Xkgjy2M0nc76v1ObSGJdPPjGTevbhDOnavUURwOR/q0NqqO2iPrgFjOVMZ+8uwRJtCty2iAVZfVG+qDzs8hU= ;{id = 32784}
+ENTRY_END
+
+SCENARIO_END
diff --git a/contrib/unbound/testdata/iter_fwdfirstequaltcp.rpl b/contrib/unbound/testdata/iter_fwdfirstequaltcp.rpl
new file mode 100644
index 000000000000..72dd441f50a3
--- /dev/null
+++ b/contrib/unbound/testdata/iter_fwdfirstequaltcp.rpl
@@ -0,0 +1,163 @@
+; config options
+server:
+	target-fetch-policy: "0 0 0 0 0"
+	minimal-responses: no
+        tcp-upstream: no
+        #tls-upstream:no  # same case but not testable in rpl.
+
+# Builtin hints work similar to this explicit '.' stub-zone.
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+
+forward-zone:
+	name: "."
+	forward-addr: 1.2.3.6		# failing resolver
+	forward-first: yes
+	forward-tcp-upstream: yes
+	#forward-tls-upstream:yes  # same case but not testable in rpl.
+
+CONFIG_END
+
+SCENARIO_BEGIN Test forward-first directive in forward zone configured with explicit tcp upstream next to an equal stub name.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH UDP opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH UDP opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH UDP opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH UDP opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH UDP opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH UDP opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; local resolver (that fails a lot)
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+
+ENTRY_BEGIN
+MATCH TCP opcode qtype qname
+ADJUST copy_id
+REPLY QR RA SERVFAIL
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+;example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+;ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH TCP opcode qtype qname
+ADJUST copy_id
+REPLY QR RA SERVFAIL
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+;www.example.com. IN A	10.20.30.50
+SECTION AUTHORITY
+;example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+;ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+
+SCENARIO_END
diff --git a/contrib/unbound/testdata/iter_minimise_chain.rpl b/contrib/unbound/testdata/iter_minimise_chain.rpl
new file mode 100644
index 000000000000..97fefaf952aa
--- /dev/null
+++ b/contrib/unbound/testdata/iter_minimise_chain.rpl
@@ -0,0 +1,623 @@
+; config options
+server:
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: yes
+	max-query-restarts: 11
+	max-global-quota: 120
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129
+CONFIG_END
+
+SCENARIO_BEGIN Test qname minimisation and long cname chain.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 1000
+        ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET. IN A 193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION AUTHORITY
+com. IN NS a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net. IN A 192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 1000
+        ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN A
+SECTION AUTHORITY
+com. IN NS a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net. IN A 192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION AUTHORITY
+example.com. IN NS ns.example.com.
+SECTION ADDITIONAL
+ns.example.com. IN A 1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 1000
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION AUTHORITY
+example.com. IN NS ns.example.com.
+SECTION ADDITIONAL
+ns.example.com. IN A 1.2.3.4
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+chain1.example.com. IN CNAME
+SECTION ANSWER
+chain1.example.com. IN CNAME chain2.example.com.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+chain2.example.com. IN CNAME
+SECTION ANSWER
+chain2.example.com. IN CNAME chain3.example.com.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+chain3.example.com. IN CNAME
+SECTION ANSWER
+chain3.example.com. IN CNAME chain4.example.com.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+chain4.example.com. IN CNAME
+SECTION ANSWER
+chain4.example.com. IN CNAME chain5.example.com.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+chain5.example.com. IN CNAME
+SECTION ANSWER
+chain5.example.com. IN CNAME chain6.example.com.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+chain6.example.com. IN CNAME
+SECTION ANSWER
+chain6.example.com. IN CNAME chain7.example.com.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+chain7.example.com. IN CNAME
+SECTION ANSWER
+chain7.example.com. IN CNAME chain8.example.com.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+chain8.example.com. IN CNAME
+SECTION ANSWER
+chain8.example.com. IN CNAME chain9.example.com.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+chain9.example.com. IN CNAME
+SECTION ANSWER
+chain9.example.com. IN CNAME chain10.example.com.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+chain10.example.com. IN CNAME
+SECTION ANSWER
+chain10.example.com. IN CNAME chain11.example.com.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+chain11.example.com. IN CNAME
+SECTION ANSWER
+chain11.example.com. IN CNAME chain12.example.com.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+chain12.example.com. IN CNAME
+SECTION ANSWER
+chain12.example.com. IN CNAME chain13.example.com.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+chain13.example.com. IN CNAME
+SECTION ANSWER
+chain13.example.com. IN CNAME chain14.example.com.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+chain14.example.com. IN CNAME
+SECTION ANSWER
+chain14.example.com. IN CNAME chain15.example.com.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+chain15.example.com. IN CNAME
+SECTION ANSWER
+chain15.example.com. IN CNAME chain16.example.com.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+chain16.example.com. IN CNAME
+SECTION ANSWER
+chain16.example.com. IN CNAME chain17.example.com.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+chain17.example.com. IN CNAME
+SECTION ANSWER
+chain17.example.com. IN CNAME chain18.example.com.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+chain18.example.com. IN CNAME
+SECTION ANSWER
+chain18.example.com. IN CNAME chain19.example.com.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+chain19.example.com. IN CNAME
+SECTION ANSWER
+chain19.example.com. IN CNAME chain20.example.com.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+chain20.example.com. IN CNAME
+SECTION ANSWER
+chain20.example.com. IN CNAME chain21.example.com.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+chain21.example.com. IN CNAME
+SECTION ANSWER
+chain21.example.com. IN CNAME chain22.example.com.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+chain22.example.com. IN CNAME
+SECTION ANSWER
+chain22.example.com. IN CNAME chain23.example.com.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+chain23.example.com. IN CNAME
+SECTION ANSWER
+chain23.example.com. IN CNAME chain24.example.com.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+chain24.example.com. IN CNAME
+SECTION ANSWER
+chain24.example.com. IN CNAME chain25.example.com.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+chain25.example.com. IN CNAME
+SECTION ANSWER
+chain25.example.com. IN CNAME chain26.example.com.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+chain26.example.com. IN CNAME
+SECTION ANSWER
+chain26.example.com. IN CNAME chain27.example.com.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+chain27.example.com. IN CNAME
+SECTION ANSWER
+chain27.example.com. IN CNAME chain28.example.com.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+chain28.example.com. IN CNAME
+SECTION ANSWER
+chain28.example.com. IN CNAME chain29.example.com.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+chain29.example.com. IN CNAME
+SECTION ANSWER
+chain29.example.com. IN CNAME chain30.example.com.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+chain30.example.com. IN CNAME
+SECTION ANSWER
+chain30.example.com. IN CNAME chain31.example.com.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+chain31.example.com. IN CNAME
+SECTION ANSWER
+chain31.example.com. IN CNAME chain32.example.com.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+chain32.example.com. IN CNAME
+SECTION ANSWER
+chain32.example.com. IN CNAME chain33.example.com.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+chain33.example.com. IN CNAME
+SECTION ANSWER
+chain33.example.com. IN CNAME chain34.example.com.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+chain34.example.com. IN CNAME
+SECTION ANSWER
+chain34.example.com. IN CNAME chain35.example.com.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+chain35.example.com. IN CNAME
+SECTION ANSWER
+chain35.example.com. IN CNAME chain36.example.com.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+chain36.example.com. IN CNAME
+SECTION ANSWER
+chain36.example.com. IN CNAME chain37.example.com.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+chain37.example.com. IN CNAME
+SECTION ANSWER
+chain37.example.com. IN CNAME chain38.example.com.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+chain38.example.com. IN CNAME
+SECTION ANSWER
+chain38.example.com. IN CNAME chain39.example.com.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+chain39.example.com. IN CNAME
+SECTION ANSWER
+chain39.example.com. IN CNAME chain40.example.com.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+chain40.example.com. IN CNAME
+SECTION ANSWER
+chain40.example.com. IN CNAME chain41.example.com.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+sub1.chain1.example.com. IN A
+SECTION ANSWER
+sub1.chain1.example.com. IN A 1.2.3.5
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+sub1.chain1.example.com. IN ANY
+SECTION ANSWER
+sub1.chain1.example.com. IN A 1.2.3.5
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+sub2.chain2.example.com. IN A
+SECTION ANSWER
+sub2.chain2.example.com. IN CNAME sub2-2.chain2.example.com.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+sub2-2.chain2.example.com. IN A
+SECTION ANSWER
+sub2-2.chain2.example.com. IN CNAME sub2-3.chain2.example.com.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+sub2-3.chain1.example.com. IN ANY
+SECTION ANSWER
+sub2-3.chain1.example.com. IN A 1.2.3.6
+ENTRY_END
+RANGE_END
+
+STEP 10 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+chain1.example.com. IN A
+ENTRY_END
+
+STEP 20 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+chain1.example.com. IN A
+SECTION ANSWER
+ENTRY_END
+
+STEP 30 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+chain13.example.com. IN ANY
+ENTRY_END
+
+STEP 40 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+chain13.example.com. IN ANY
+SECTION ANSWER
+chain13.example.com. IN CNAME chain14.example.com.
+ENTRY_END
+
+STEP 49 TIME_PASSES ELAPSE 7200 ; expire the previous records.
+STEP 50 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+chain1.example.com. IN ANY
+ENTRY_END
+
+STEP 60 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+chain1.example.com. IN ANY
+SECTION ANSWER
+chain1.example.com. IN CNAME chain2.example.com.
+ENTRY_END
+
+STEP 69 TIME_PASSES ELAPSE 7200 ; expire the previous records.
+STEP 70 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+sub1.chain1.example.com. IN ANY
+ENTRY_END
+
+STEP 80 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+sub1.chain1.example.com. IN ANY
+SECTION ANSWER
+sub1.chain1.example.com. IN A 1.2.3.5
+ENTRY_END
+
+STEP 90 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+sub2.chain2.example.com. IN ANY
+ENTRY_END
+
+STEP 100 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+sub2.chain2.example.com. IN ANY
+SECTION ANSWER
+sub2.chain2.example.com. IN CNAME sub2-2.chain2.example.com.
+ENTRY_END
+
+SCENARIO_END
diff --git a/contrib/unbound/testdata/redis_reconnect_interval.tdir/after.zone b/contrib/unbound/testdata/redis_reconnect_interval.tdir/after.zone
new file mode 100644
index 000000000000..11c268f81497
--- /dev/null
+++ b/contrib/unbound/testdata/redis_reconnect_interval.tdir/after.zone
@@ -0,0 +1,2 @@
+redis.com. IN SOA server. ma.il 1 2 3 4 5
+redis.com. IN A 2.2.2.2
diff --git a/contrib/unbound/testdata/redis_reconnect_interval.tdir/before.zone b/contrib/unbound/testdata/redis_reconnect_interval.tdir/before.zone
new file mode 100644
index 000000000000..8e50c6267516
--- /dev/null
+++ b/contrib/unbound/testdata/redis_reconnect_interval.tdir/before.zone
@@ -0,0 +1,2 @@
+redis.com. IN SOA server. ma.il 1 2 3 4 5
+redis.com. IN A 1.1.1.1
diff --git a/contrib/unbound/testdata/redis_reconnect_interval.tdir/redis.conf b/contrib/unbound/testdata/redis_reconnect_interval.tdir/redis.conf
new file mode 100644
index 000000000000..3b80736e2438
--- /dev/null
+++ b/contrib/unbound/testdata/redis_reconnect_interval.tdir/redis.conf
@@ -0,0 +1,583 @@
+###
+###  Settings for this test ###################################################
+###
+
+# Accept connections on the specified port, default is 6379 (IANA #815344).
+# If port 0 is specified Redis will not listen on a TCP socket.
+port 0
+
+# Unix socket.
+#
+# Specify the path for the Unix socket that will be used to listen for
+# incoming connections. There is no default, so Redis will not listen
+# on a unix socket when not specified.
+#
+unixsocket @SOCKET@
+# unixsocketperm 700
+
+# By default Redis does not run as a daemon. Use 'yes' if you need it.
+# Note that Redis will write a pid file in /var/run/redis.pid when daemonized.
+# When Redis is supervised by upstart or systemd, this parameter has no impact.
+daemonize no
+
+# Specify the server verbosity level.
+# This can be one of:
+# debug (a lot of information, useful for development/testing)
+# verbose (many rarely useful info, but not a mess like the debug level)
+# notice (moderately verbose, what you want in production probably)
+# warning (only very important / critical messages are logged)
+# nothing (nothing is logged)
+loglevel notice
+
+# Specify the log file name. Also the empty string can be used to force
+# Redis to log on the standard output. Note that if you use standard
+# output for logging but daemonize, logs will be sent to /dev/null
+logfile @LOGFILE@
+
+# To enable logging to the system logger, just set 'syslog-enabled' to yes,
+# and optionally update the other syslog parameters to suit your needs.
+syslog-enabled no
+
+# Set the number of databases. The default database is DB 0, you can select
+# a different one on a per-connection basis using SELECT <dbid> where
+# dbid is a number between 0 and 'databases'-1
+databases 2
+
+# Snapshotting can be completely disabled with a single empty string argument
+# as in following example:
+#
+save ""
+
+# The working directory.
+#
+# The DB will be written inside this directory, with the filename specified
+# above using the 'dbfilename' configuration directive.
+#
+# The Append Only File will also be created inside this directory.
+#
+# Note that you must specify a directory here, not a file name.
+dir .
+
+###
+###  Rest of the default Redis settings #######################################
+###
+
+bind 127.0.0.1 -::1
+
+# When protected mode is on and the default user has no password, the server
+# only accepts local connections from the IPv4 address (127.0.0.1), IPv6 address
+# (::1) or Unix domain sockets.
+protected-mode yes
+
+# TCP listen() backlog.
+#
+# In high requests-per-second environments you need a high backlog in order
+# to avoid slow clients connection issues. Note that the Linux kernel
+# will silently truncate it to the value of /proc/sys/net/core/somaxconn so
+# make sure to raise both the value of somaxconn and tcp_max_syn_backlog
+# in order to get the desired effect.
+tcp-backlog 511
+
+# Close the connection after a client is idle for N seconds (0 to disable)
+timeout 0
+
+# TCP keepalive.
+# A reasonable value for this option is 300 seconds, which is the new
+# Redis default starting with Redis 3.2.1.
+tcp-keepalive 300
+
+# By default Redis shows an ASCII art logo only when started to log to the
+# standard output and if the standard output is a TTY and syslog logging is
+# disabled. Basically this means that normally a logo is displayed only in
+# interactive sessions.
+#
+# However it is possible to force the pre-4.0 behavior and always show a
+# ASCII art logo in startup logs by setting the following option to yes.
+always-show-logo no
+
+# By default, Redis modifies the process title (as seen in 'top' and 'ps') to
+# provide some runtime information. It is possible to disable this and leave
+# the process name as executed by setting the following to no.
+set-proc-title yes
+
+# When changing the process title, Redis uses the following template to construct
+# the modified title.
+#
+# Template variables are specified in curly brackets. The following variables are
+# supported:
+#
+# {title}           Name of process as executed if parent, or type of child process.
+# {listen-addr}     Bind address or '*' followed by TCP or TLS port listening on, or
+#                   Unix socket if only that's available.
+# {server-mode}     Special mode, i.e. "[sentinel]" or "[cluster]".
+# {port}            TCP port listening on, or 0.
+# {tls-port}        TLS port listening on, or 0.
+# {unixsocket}      Unix domain socket listening on, or "".
+# {config-file}     Name of configuration file used.
+#
+proc-title-template "{title} {listen-addr} {server-mode}"
+
+# Set the local environment which is used for string comparison operations, and
+# also affect the performance of Lua scripts. Empty String indicates the locale
+# is derived from the environment variables.
+#locale-collate ""
+
+# By default Redis will stop accepting writes if RDB snapshots are enabled
+# (at least one save point) and the latest background save failed.
+# This will make the user aware (in a hard way) that data is not persisting
+# on disk properly, otherwise chances are that no one will notice and some
+# disaster will happen.
+#
+# If the background saving process will start working again Redis will
+# automatically allow writes again.
+#
+# However if you have setup your proper monitoring of the Redis server
+# and persistence, you may want to disable this feature so that Redis will
+# continue to work as usual even if there are problems with disk,
+# permissions, and so forth.
+stop-writes-on-bgsave-error yes
+
+# Compress string objects using LZF when dump .rdb databases?
+# By default compression is enabled as it's almost always a win.
+# If you want to save some CPU in the saving child set it to 'no' but
+# the dataset will likely be bigger if you have compressible values or keys.
+rdbcompression yes
+
+# Since version 5 of RDB a CRC64 checksum is placed at the end of the file.
+# This makes the format more resistant to corruption but there is a performance
+# hit to pay (around 10%) when saving and loading RDB files, so you can disable it
+# for maximum performances.
+#
+# RDB files created with checksum disabled have a checksum of zero that will
+# tell the loading code to skip the check.
+rdbchecksum yes
+
+# The filename where to dump the DB
+dbfilename redis.rdb
+
+# Remove RDB files used by replication in instances without persistence
+# enabled. By default this option is disabled, however there are environments
+# where for regulations or other security concerns, RDB files persisted on
+# disk by masters in order to feed replicas, or stored on disk by replicas
+# in order to load them for the initial synchronization, should be deleted
+# ASAP. Note that this option ONLY WORKS in instances that have both AOF
+# and RDB persistence disabled, otherwise is completely ignored.
+#
+# An alternative (and sometimes better) way to obtain the same effect is
+# to use diskless replication on both master and replicas instances. However
+# in the case of replicas, diskless is not always an option.
+rdb-del-sync-files no
+
+# When a replica loses its connection with the master, or when the replication
+# is still in progress, the replica can act in two different ways:
+#
+# 1) if replica-serve-stale-data is set to 'yes' (the default) the replica will
+#    still reply to client requests, possibly with out of date data, or the
+#    data set may just be empty if this is the first synchronization.
+#
+# 2) If replica-serve-stale-data is set to 'no' the replica will reply with error
+#    "MASTERDOWN Link with MASTER is down and replica-serve-stale-data is set to 'no'"
+#    to all data access commands, excluding commands such as:
+#    INFO, REPLICAOF, AUTH, SHUTDOWN, REPLCONF, ROLE, CONFIG, SUBSCRIBE,
+#    UNSUBSCRIBE, PSUBSCRIBE, PUNSUBSCRIBE, PUBLISH, PUBSUB, COMMAND, POST,
+#    HOST and LATENCY.
+#
+replica-serve-stale-data yes
+
+# You can configure a replica instance to accept writes or not. Writing against
+# a replica instance may be useful to store some ephemeral data (because data
+# written on a replica will be easily deleted after resync with the master) but
+# may also cause problems if clients are writing to it because of a
+# misconfiguration.
+#
+# Since Redis 2.6 by default replicas are read-only.
+#
+# Note: read only replicas are not designed to be exposed to untrusted clients
+# on the internet. It's just a protection layer against misuse of the instance.
+# Still a read only replica exports by default all the administrative commands
+# such as CONFIG, DEBUG, and so forth. To a limited extent you can improve
+# security of read only replicas using 'rename-command' to shadow all the
+# administrative / dangerous commands.
+replica-read-only yes
+
+# Replication SYNC strategy: disk or socket.
+#
+# New replicas and reconnecting replicas that are not able to continue the
+# replication process just receiving differences, need to do what is called a
+# "full synchronization". An RDB file is transmitted from the master to the
+# replicas.
+#
+# The transmission can happen in two different ways:
+#
+# 1) Disk-backed: The Redis master creates a new process that writes the RDB
+#                 file on disk. Later the file is transferred by the parent
+#                 process to the replicas incrementally.
+# 2) Diskless: The Redis master creates a new process that directly writes the
+#              RDB file to replica sockets, without touching the disk at all.
+#
+# With disk-backed replication, while the RDB file is generated, more replicas
+# can be queued and served with the RDB file as soon as the current child
+# producing the RDB file finishes its work. With diskless replication instead
+# once the transfer starts, new replicas arriving will be queued and a new
+# transfer will start when the current one terminates.
+#
+# When diskless replication is used, the master waits a configurable amount of
+# time (in seconds) before starting the transfer in the hope that multiple
+# replicas will arrive and the transfer can be parallelized.
+#
+# With slow disks and fast (large bandwidth) networks, diskless replication
+# works better.
+repl-diskless-sync yes
+
+# When diskless replication is enabled, it is possible to configure the delay
+# the server waits in order to spawn the child that transfers the RDB via socket
+# to the replicas.
+#
+# This is important since once the transfer starts, it is not possible to serve
+# new replicas arriving, that will be queued for the next RDB transfer, so the
+# server waits a delay in order to let more replicas arrive.
+#
+# The delay is specified in seconds, and by default is 5 seconds. To disable
+# it entirely just set it to 0 seconds and the transfer will start ASAP.
+repl-diskless-sync-delay 5
+
+# When diskless replication is enabled with a delay, it is possible to let
+# the replication start before the maximum delay is reached if the maximum
+# number of replicas expected have connected. Default of 0 means that the
+# maximum is not defined and Redis will wait the full delay.
+#repl-diskless-sync-max-replicas 0
+
+# -----------------------------------------------------------------------------
+# WARNING: Since in this setup the replica does not immediately store an RDB on
+# disk, it may cause data loss during failovers. RDB diskless load + Redis
+# modules not handling I/O reads may cause Redis to abort in case of I/O errors
+# during the initial synchronization stage with the master.
+# -----------------------------------------------------------------------------
+#
+# Replica can load the RDB it reads from the replication link directly from the
+# socket, or store the RDB to a file and read that file after it was completely
+# received from the master.
+#
+# In many cases the disk is slower than the network, and storing and loading
+# the RDB file may increase replication time (and even increase the master's
+# Copy on Write memory and replica buffers).
+# However, when parsing the RDB file directly from the socket, in order to avoid
+# data loss it's only safe to flush the current dataset when the new dataset is
+# fully loaded in memory, resulting in higher memory usage.
+# For this reason we have the following options:
+#
+# "disabled"    - Don't use diskless load (store the rdb file to the disk first)
+# "swapdb"      - Keep current db contents in RAM while parsing the data directly
+#                 from the socket. Replicas in this mode can keep serving current
+#                 dataset while replication is in progress, except for cases where
+#                 they can't recognize master as having a data set from same
+#                 replication history.
+#                 Note that this requires sufficient memory, if you don't have it,
+#                 you risk an OOM kill.
+# "on-empty-db" - Use diskless load only when current dataset is empty. This is
+#                 safer and avoid having old and new dataset loaded side by side
+#                 during replication.
+repl-diskless-load disabled
+
+# Master send PINGs to its replicas in a predefined interval. It's possible to
+# change this interval with the repl_ping_replica_period option. The default
+# value is 10 seconds.
+#
+# repl-ping-replica-period 10
+
+# The following option sets the replication timeout for:
+#
+# 1) Bulk transfer I/O during SYNC, from the point of view of replica.
+# 2) Master timeout from the point of view of replicas (data, pings).
+# 3) Replica timeout from the point of view of masters (REPLCONF ACK pings).
+#
+# It is important to make sure that this value is greater than the value
+# specified for repl-ping-replica-period otherwise a timeout will be detected
+# every time there is low traffic between the master and the replica. The default
+# value is 60 seconds.
+#
+# repl-timeout 60
+
+# Disable TCP_NODELAY on the replica socket after SYNC?
+#
+# If you select "yes" Redis will use a smaller number of TCP packets and
+# less bandwidth to send data to replicas. But this can add a delay for
+# the data to appear on the replica side, up to 40 milliseconds with
+# Linux kernels using a default configuration.
+#
+# If you select "no" the delay for data to appear on the replica side will
+# be reduced but more bandwidth will be used for replication.
+#
+# By default we optimize for low latency, but in very high traffic conditions
+# or when the master and replicas are many hops away, turning this to "yes" may
+# be a good idea.
+repl-disable-tcp-nodelay no
+
+# The replica priority is an integer number published by Redis in the INFO
+# output. It is used by Redis Sentinel in order to select a replica to promote
+# into a master if the master is no longer working correctly.
+#
+# A replica with a low priority number is considered better for promotion, so
+# for instance if there are three replicas with priority 10, 100, 25 Sentinel
+# will pick the one with priority 10, that is the lowest.
+#
+# However a special priority of 0 marks the replica as not able to perform the
+# role of master, so a replica with priority of 0 will never be selected by
+# Redis Sentinel for promotion.
+#
+# By default the priority is 100.
+replica-priority 100
+
+# ACL LOG
+#
+# The ACL Log tracks failed commands and authentication events associated
+# with ACLs. The ACL Log is useful to troubleshoot failed commands blocked
+# by ACLs. The ACL Log is stored in memory. You can reclaim memory with
+# ACL LOG RESET. Define the maximum entry length of the ACL Log below.
+acllog-max-len 128
+
+lazyfree-lazy-eviction no
+lazyfree-lazy-expire no
+lazyfree-lazy-server-del no
+replica-lazy-flush no
+
+# It is also possible, for the case when to replace the user code DEL calls
+# with UNLINK calls is not easy, to modify the default behavior of the DEL
+# command to act exactly like UNLINK, using the following configuration
+# directive:
+lazyfree-lazy-user-del no
+
+# FLUSHDB, FLUSHALL, SCRIPT FLUSH and FUNCTION FLUSH support both asynchronous and synchronous
+# deletion, which can be controlled by passing the [SYNC|ASYNC] flags into the
+# commands. When neither flag is passed, this directive will be used to determine
+# if the data should be deleted asynchronously.
+lazyfree-lazy-user-flush no
+
+# On Linux, it is possible to hint the kernel OOM killer on what processes
+# should be killed first when out of memory.
+#
+# Enabling this feature makes Redis actively control the oom_score_adj value
+# for all its processes, depending on their role. The default scores will
+# attempt to have background child processes killed before all others, and
+# replicas killed before masters.
+#
+# Redis supports these options:
+#
+# no:       Don't make changes to oom-score-adj (default).
+# yes:      Alias to "relative" see below.
+# absolute: Values in oom-score-adj-values are written as is to the kernel.
+# relative: Values are used relative to the initial value of oom_score_adj when
+#           the server starts and are then clamped to a range of -1000 to 1000.
+#           Because typically the initial value is 0, they will often match the
+#           absolute values.
+oom-score-adj no
+
+# When oom-score-adj is used, this directive controls the specific values used
+# for master, replica and background child processes. Values range -2000 to
+# 2000 (higher means more likely to be killed).
+#
+# Unprivileged processes (not root, and without CAP_SYS_RESOURCE capabilities)
+# can freely increase their value, but not decrease it below its initial
+# settings. This means that setting oom-score-adj to "relative" and setting the
+# oom-score-adj-values to positive values will always succeed.
+oom-score-adj-values 0 200 800
+
+# Usually the kernel Transparent Huge Pages control is set to "madvise" or
+# or "never" by default (/sys/kernel/mm/transparent_hugepage/enabled), in which
+# case this config has no effect. On systems in which it is set to "always",
+# redis will attempt to disable it specifically for the redis process in order
+# to avoid latency problems specifically with fork(2) and CoW.
+# If for some reason you prefer to keep it enabled, you can set this config to
+# "no" and the kernel global to "always".
+disable-thp yes
+
+# By default Redis asynchronously dumps the dataset on disk. This mode is
+# good enough in many applications, but an issue with the Redis process or
+# a power outage may result into a few minutes of writes lost (depending on
+# the configured save points).
+#
+# The Append Only File is an alternative persistence mode that provides
+# much better durability. For instance using the default data fsync policy
+# (see later in the config file) Redis can lose just one second of writes in a
+# dramatic event like a server power outage, or a single write if something
+# wrong with the Redis process itself happens, but the operating system is
+# still running correctly.
+#
+# AOF and RDB persistence can be enabled at the same time without problems.
+# If the AOF is enabled on startup Redis will load the AOF, that is the file
+# with the better durability guarantees.
+#
+# Please check https://redis.io/topics/persistence for more information.
+appendonly no
+
+# The following time is expressed in microseconds, so 1000000 is equivalent
+# to one second. Note that a negative number disables the slow log, while
+# a value of zero forces the logging of every command.
+slowlog-log-slower-than 10000
+
+# There is no limit to this length. Just be aware that it will consume memory.
+# You can reclaim memory used by the slow log with SLOWLOG RESET.
+slowlog-max-len 128
+
+# By default latency monitoring is disabled since it is mostly not needed
+# if you don't have latency issues, and collecting data has a performance
+# impact, that while very small, can be measured under big load. Latency
+# monitoring can easily be enabled at runtime using the command
+# "CONFIG SET latency-monitor-threshold <milliseconds>" if needed.
+latency-monitor-threshold 0
+
+#  By default all notifications are disabled because most users don't need
+#  this feature and the feature has some overhead. Note that if you don't
+#  specify at least one of K or E, no events will be delivered.
+notify-keyspace-events ""
+
+# Hashes are encoded using a memory efficient data structure when they have a
+# small number of entries, and the biggest entry does not exceed a given
+# threshold. These thresholds can be configured using the following directives.
+#hash-max-listpack-entries 512
+#hash-max-listpack-value 64
+
+# Lists are also encoded in a special way to save a lot of space.
+# The number of entries allowed per internal list node can be specified
+# as a fixed maximum size or a maximum number of elements.
+# For a fixed maximum size, use -5 through -1, meaning:
+# -5: max size: 64 Kb  <-- not recommended for normal workloads
+# -4: max size: 32 Kb  <-- not recommended
+# -3: max size: 16 Kb  <-- probably not recommended
+# -2: max size: 8 Kb   <-- good
+# -1: max size: 4 Kb   <-- good
+# Positive numbers mean store up to _exactly_ that number of elements
+# per list node.
+# The highest performing option is usually -2 (8 Kb size) or -1 (4 Kb size),
+# but if your use case is unique, adjust the settings as necessary.
+#list-max-listpack-size -2
+
+# Lists may also be compressed.
+# Compress depth is the number of quicklist ziplist nodes from *each* side of
+# the list to *exclude* from compression.  The head and tail of the list
+# are always uncompressed for fast push/pop operations.  Settings are:
+# 0: disable all list compression
+# 1: depth 1 means "don't start compressing until after 1 node into the list,
+#    going from either the head or tail"
+#    So: [head]->node->node->...->node->[tail]
+#    [head], [tail] will always be uncompressed; inner nodes will compress.
+# 2: [head]->[next]->node->node->...->node->[prev]->[tail]
+#    2 here means: don't compress head or head->next or tail->prev or tail,
+#    but compress all nodes between them.
+# 3: [head]->[next]->[next]->node->node->...->node->[prev]->[prev]->[tail]
+# etc.
+list-compress-depth 0
+
+# Sets have a special encoding when a set is composed
+# of just strings that happen to be integers in radix 10 in the range
+# of 64 bit signed integers.
+# The following configuration setting sets the limit in the size of the
+# set in order to use this special memory saving encoding.
+set-max-intset-entries 512
+
+# Sets containing non-integer values are also encoded using a memory efficient
+# data structure when they have a small number of entries, and the biggest entry
+# does not exceed a given threshold. These thresholds can be configured using
+# the following directives.
+#set-max-listpack-entries 128
+#set-max-listpack-value 64
+
+# Similarly to hashes and lists, sorted sets are also specially encoded in
+# order to save a lot of space. This encoding is only used when the length and
+# elements of a sorted set are below the following limits:
+#zset-max-listpack-entries 128
+#zset-max-listpack-value 64
+
+# HyperLogLog sparse representation bytes limit. The limit includes the
+# 16 bytes header. When a HyperLogLog using the sparse representation crosses
+# this limit, it is converted into the dense representation.
+#
+# A value greater than 16000 is totally useless, since at that point the
+# dense representation is more memory efficient.
+#
+# The suggested value is ~ 3000 in order to have the benefits of
+# the space efficient encoding without slowing down too much PFADD,
+# which is O(N) with the sparse encoding. The value can be raised to
+# ~ 10000 when CPU is not a concern, but space is, and the data set is
+# composed of many HyperLogLogs with cardinality in the 0 - 15000 range.
+hll-sparse-max-bytes 3000
+
+# Streams macro node max size / items. The stream data structure is a radix
+# tree of big nodes that encode multiple items inside. Using this configuration
+# it is possible to configure how big a single node can be in bytes, and the
+# maximum number of items it may contain before switching to a new node when
+# appending new stream entries. If any of the following settings are set to
+# zero, the limit is ignored, so for instance it is possible to set just a
+# max entries limit by setting max-bytes to 0 and max-entries to the desired
+# value.
+stream-node-max-bytes 4096
+stream-node-max-entries 100
+
+# Active rehashing uses 1 millisecond every 100 milliseconds of CPU time in
+# order to help rehashing the main Redis hash table (the one mapping top-level
+# keys to values). The hash table implementation Redis uses (see dict.c)
+# performs a lazy rehashing: the more operation you run into a hash table
+# that is rehashing, the more rehashing "steps" are performed, so if the
+# server is idle the rehashing is never complete and some more memory is used
+# by the hash table.
+#
+# The default is to use this millisecond 10 times every second in order to
+# actively rehash the main dictionaries, freeing memory when possible.
+#
+# If unsure:
+# use "activerehashing no" if you have hard latency requirements and it is
+# not a good thing in your environment that Redis can reply from time to time
+# to queries with 2 milliseconds delay.
+#
+# use "activerehashing yes" if you don't have such hard requirements but
+# want to free memory asap when possible.
+activerehashing yes
+
+# The client output buffer limits can be used to force disconnection of clients
+# that are not reading data from the server fast enough for some reason (a
+# common reason is that a Pub/Sub client can't consume messages as fast as the
+# publisher can produce them).
+#
+# Both the hard or the soft limit can be disabled by setting them to zero.
+client-output-buffer-limit normal 0 0 0
+client-output-buffer-limit replica 256mb 64mb 60
+client-output-buffer-limit pubsub 32mb 8mb 60
+
+# Redis calls an internal function to perform many background tasks, like
+# closing connections of clients in timeout, purging expired keys that are
+# never requested, and so forth.
+#
+# Not all tasks are performed with the same frequency, but Redis checks for
+# tasks to perform according to the specified "hz" value.
+#
+# By default "hz" is set to 10. Raising the value will use more CPU when
+# Redis is idle, but at the same time will make Redis more responsive when
+# there are many keys expiring at the same time, and timeouts may be
+# handled with more precision.
+#
+# The range is between 1 and 500, however a value over 100 is usually not
+# a good idea. Most users should use the default of 10 and raise this up to
+# 100 only in environments where very low latency is required.
+hz 10
+
+# When dynamic HZ is enabled, the actual configured HZ will be used
+# as a baseline, but multiples of the configured HZ value will be actually
+# used as needed once more clients are connected. In this way an idle
+# instance will use very little CPU time while a busy instance will be
+# more responsive.
+dynamic-hz yes
+
+# When a child rewrites the AOF file, if the following option is enabled
+# the file will be fsync-ed every 4 MB of data generated. This is useful
+# in order to commit the file to the disk more incrementally and avoid
+# big latency spikes.
+aof-rewrite-incremental-fsync yes
+
+# When redis saves RDB file, if the following option is enabled
+# the file will be fsync-ed every 4 MB of data generated. This is useful
+# in order to commit the file to the disk more incrementally and avoid
+# big latency spikes.
+rdb-save-incremental-fsync yes
+
+# Jemalloc background thread for purging will be enabled by default
+jemalloc-bg-thread yes
diff --git a/contrib/unbound/testdata/redis_reconnect_interval.tdir/redis_reconnect_interval.conf b/contrib/unbound/testdata/redis_reconnect_interval.tdir/redis_reconnect_interval.conf
new file mode 100644
index 000000000000..eb76de8db9f6
--- /dev/null
+++ b/contrib/unbound/testdata/redis_reconnect_interval.tdir/redis_reconnect_interval.conf
@@ -0,0 +1,33 @@
+server:
+	verbosity: 7
+	num-threads: 1
+	interface: 127.0.0.1
+	port: @PORT@
+	use-syslog: no
+	directory: ""
+	pidfile: "unbound.pid"
+	chroot: ""
+	username: ""
+	module-config: "cachedb iterator"
+	root-key-sentinel: no
+	trust-anchor-signaling: no
+	log-time-ascii: yes
+	log-time-iso: yes
+cachedb:
+        backend: redis
+        redis-server-path: @REDIS_SOCKET@
+        redis-replica-server-path: @REDIS_REPLICA_SOCKET@
+auth-zone:
+	name: "redis.com"
+	for-upstream: yes
+	for-downstream: no
+	zonefile: "redis.zone"
+remote-control:
+	control-enable: yes
+	control-interface: 127.0.0.1
+	# control-interface: ::1
+	control-port: @CONTROL_PORT@
+	server-key-file: "unbound_server.key"
+	server-cert-file: "unbound_server.pem"
+	control-key-file: "unbound_control.key"
+	control-cert-file: "unbound_control.pem"
diff --git a/contrib/unbound/testdata/redis_reconnect_interval.tdir/redis_reconnect_interval.dsc b/contrib/unbound/testdata/redis_reconnect_interval.tdir/redis_reconnect_interval.dsc
new file mode 100644
index 000000000000..b07612d3366e
--- /dev/null
+++ b/contrib/unbound/testdata/redis_reconnect_interval.tdir/redis_reconnect_interval.dsc
@@ -0,0 +1,16 @@
+BaseName: redis_reconnect_interval
+Version: 1.0
+Description: Test redis reconnect interval
+CreationDate: Thu 24 July 09:29:09 CEST 2025
+Maintainer: Wouter Wijngaards
+Category:
+Component:
+CmdDepends:
+Depends:
+Help:
+Pre: redis_reconnect_interval.pre
+Post: redis_reconnect_interval.post
+Test: redis_reconnect_interval.test
+AuxFiles:
+Passed:
+Failure:
diff --git a/contrib/unbound/testdata/redis_reconnect_interval.tdir/redis_reconnect_interval.post b/contrib/unbound/testdata/redis_reconnect_interval.tdir/redis_reconnect_interval.post
new file mode 100644
index 000000000000..fc48d7e38145
--- /dev/null
+++ b/contrib/unbound/testdata/redis_reconnect_interval.tdir/redis_reconnect_interval.post
@@ -0,0 +1,18 @@
+# #-- redis_reconnect_interval.post --#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# source the test var file when it's there
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+#
+# do your teardown here
+. ../common.sh
+kill_pid $REDIS_PID
+kill_pid $REDIS_REPLICA_PID
+kill_pid $UNBOUND_PID
+echo "> cat logfiles"
+echo "redis server.log"
+cat server.log
+echo "redis replica.log"
+cat replica.log
+echo "unbound.log"
+cat unbound.log
diff --git a/contrib/unbound/testdata/redis_reconnect_interval.tdir/redis_reconnect_interval.pre b/contrib/unbound/testdata/redis_reconnect_interval.tdir/redis_reconnect_interval.pre
new file mode 100644
index 000000000000..1c7a7f3978c0
--- /dev/null
+++ b/contrib/unbound/testdata/redis_reconnect_interval.tdir/redis_reconnect_interval.pre
@@ -0,0 +1,46 @@
+# #-- redis_reconnect_interval.pre--#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# use .tpkg.var.test for in test variable passing
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+
+PRE="../.."
+. ../common.sh
+
+if grep "define USE_REDIS 1" $PRE/config.h; then echo test enabled; else skip_test "test skipped"; fi
+
+get_random_port 2
+UNBOUND_PORT=$RND_PORT
+CONTROL_PORT=$(($RND_PORT + 1))
+echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
+echo "CONTROL_PORT=$CONTROL_PORT" >> .tpkg.var.test
+
+REDIS_SOCKET=server.sock
+REDIS_REPLICA_SOCKET=replica.sock
+echo "REDIS_SOCKET=$REDIS_SOCKET" >> .tpkg.var.test
+echo "REDIS_REPLICA_SOCKET=$REDIS_REPLICA_SOCKET" >> .tpkg.var.test
+
+# start redis
+sed -e 's/@SOCKET\@/'$REDIS_SOCKET'/' -e 's/@LOGFILE\@/server.log/' < redis.conf > server.conf
+redis-server server.conf &
+REDIS_PID=$!
+echo "REDIS_PID=$REDIS_PID" >> .tpkg.var.test
+
+# start redis replica
+sed -e 's/@SOCKET\@/'$REDIS_REPLICA_SOCKET'/' -e 's/@LOGFILE\@/replica.log/' < redis.conf > replica.conf
+redis-server replica.conf &
+REDIS_REPLICA_PID=$!
+echo "REDIS_REPLICA_PID=$REDIS_REPLICA_PID" >> .tpkg.var.test
+
+# Copy initial zonefile
+cp before.zone redis.zone
+
+# make config file
+sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@REDIS_SOCKET\@/'$REDIS_SOCKET'/' -e 's/@REDIS_REPLICA_SOCKET\@/'$REDIS_REPLICA_SOCKET'/' -e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/' < redis_reconnect_interval.conf > ub.conf
+# start unbound in the background
+$PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
+UNBOUND_PID=$!
+echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
+
+cat .tpkg.var.test
+wait_unbound_up unbound.log
diff --git a/contrib/unbound/testdata/redis_reconnect_interval.tdir/redis_reconnect_interval.test b/contrib/unbound/testdata/redis_reconnect_interval.tdir/redis_reconnect_interval.test
new file mode 100644
index 000000000000..ac15f50b06a9
--- /dev/null
+++ b/contrib/unbound/testdata/redis_reconnect_interval.tdir/redis_reconnect_interval.test
@@ -0,0 +1,121 @@
+# #-- redis_reconnect_interval.test --#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# use .tpkg.var.test for in test variable passing
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+
+PRE="../.."
+. ../common.sh
+# do the test
+
+# Check number of keys in the db
+# $1: socket to connect to
+# $2: expected number of keys
+redis_cli_check_keys () {
+	echo "> redis-cli connecting to $1 to check number of keys; expecting $2"
+	keys=$(redis-cli --no-raw -s $1 keys "*" | grep -vF empty | wc -l)
+	if test $keys -ne $2
+	then
+		echo "Expected $2 keys, got $keys"
+		exit 1
+	fi
+	echo "OK"
+}
+
+# Query and check the expected result
+# $1: query
+# $2: expected answer
+expect_answer () {
+	echo "> dig @127.0.0.1 -p $UNBOUND_PORT $1"
+	dig @127.0.0.1 -p $UNBOUND_PORT $1 > tmp.answer
+	if ! grep -F $2 tmp.answer
+	then
+		echo "Expected $2 in the answer, got:"
+		cat tmp.answer
+		exit 1
+	fi
+	echo "OK"
+}
+
+# Start test
+
+# check Redis server has no keys
+redis_cli_check_keys $REDIS_SOCKET 0
+
+# check Redis replica server has no keys
+redis_cli_check_keys $REDIS_REPLICA_SOCKET 0
+
+# query and check answer
+expect_answer redis.com 1.1.1.1
+
+# check Redis server has 1 key
+redis_cli_check_keys $REDIS_SOCKET 1
+
+# check Redis replica server has no keys
+redis_cli_check_keys $REDIS_REPLICA_SOCKET 0
+
+# change auth zone and reload
+cp after.zone redis.zone
+echo "$PRE/unbound-control -c ub.conf reload"
+$PRE/unbound-control -c ub.conf reload
+if test $? -ne 0; then
+	echo "wrong exit value after success"
+	exit 1
+fi
+
+# query and check answer
+# we are writing to server but reading from replica; which is not actually
+# replicating so the new answer will come through while overwriting the record
+# in the server.
+expect_answer redis.com 2.2.2.2
+
+# check Redis server has 1 key
+redis_cli_check_keys $REDIS_SOCKET 1
+
+# check Redis replica server has no keys
+redis_cli_check_keys $REDIS_REPLICA_SOCKET 0
+
+echo "> OK"
+
+# take down the redis server and observe reconnect attempts.
+# first the replica that it tries to read from.
+kill_pid $REDIS_REPLICA_PID
+$PRE/unbound-control -c ub.conf reload
+expect_answer redis.com 2.2.2.2
+# some more queries to exceed the limit on reconnects.
+expect_answer d1.redis.com NXDOMAIN
+expect_answer d2.redis.com NXDOMAIN
+expect_answer d3.redis.com NXDOMAIN
+expect_answer d4.redis.com NXDOMAIN
+expect_answer d5.redis.com NXDOMAIN
+# it has entered the wait period
+sleep 2
+expect_answer d6.redis.com NXDOMAIN
+
+kill_pid $REDIS_PID
+$PRE/unbound-control -c ub.conf reload
+expect_answer redis.com 2.2.2.2
+expect_answer d1.redis.com NXDOMAIN
+expect_answer d2.redis.com NXDOMAIN
+expect_answer d3.redis.com NXDOMAIN
+expect_answer d4.redis.com NXDOMAIN
+expect_answer d5.redis.com NXDOMAIN
+# it has entered the wait period
+sleep 2
+expect_answer d6.redis.com NXDOMAIN
+
+# bring up the redis server again.
+redis-server server.conf &
+REDIS_PID=$!
+echo "REDIS_PID=$REDIS_PID" >> .tpkg.var.test
+redis-server replica.conf &
+REDIS_REPLICA_PID=$!
+echo "REDIS_REPLICA_PID=$REDIS_REPLICA_PID" >> .tpkg.var.test
+
+expect_answer d7.redis.com NXDOMAIN
+expect_answer d8.redis.com NXDOMAIN
+sleep 2
+expect_answer d9.redis.com NXDOMAIN
+expect_answer d10.redis.com NXDOMAIN
+
+exit 0
diff --git a/contrib/unbound/testdata/redis_reconnect_interval.tdir/unbound_control.key b/contrib/unbound/testdata/redis_reconnect_interval.tdir/unbound_control.key
new file mode 100644
index 000000000000..753a4ef6162e
--- /dev/null
+++ b/contrib/unbound/testdata/redis_reconnect_interval.tdir/unbound_control.key
@@ -0,0 +1,39 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA
+1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ
+F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR
+ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm
+vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb
+IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL
+cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr
+lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov
+15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf
+LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+
+Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57
+YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9
+whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c
+lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax
+tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ
+U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9
+Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc
+Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3
+ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+
+1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN
+b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz
+ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C
+TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF
+tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y
+aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0
+A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU
+LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U
+R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy
+7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj
+7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw
+jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1
+BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar
+kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR
+qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3
+VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9
+MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa
+C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g=
+-----END RSA PRIVATE KEY-----
diff --git a/contrib/unbound/testdata/redis_reconnect_interval.tdir/unbound_control.pem b/contrib/unbound/testdata/redis_reconnect_interval.tdir/unbound_control.pem
new file mode 100644
index 000000000000..a1edf7017f1d
--- /dev/null
+++ b/contrib/unbound/testdata/redis_reconnect_interval.tdir/unbound_control.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx
+EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw
+WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA
+A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv
+OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj
+1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl
+NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht
+A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/
+Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB
+TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/
+nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My
++i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj
+4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83
+hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU
+9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn
+ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ
+pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD
+72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ
+muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP
+uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte
+-----END CERTIFICATE-----
diff --git a/contrib/unbound/testdata/redis_reconnect_interval.tdir/unbound_server.key b/contrib/unbound/testdata/redis_reconnect_interval.tdir/unbound_server.key
new file mode 100644
index 000000000000..370a7bbb2f22
--- /dev/null
+++ b/contrib/unbound/testdata/redis_reconnect_interval.tdir/unbound_server.key
@@ -0,0 +1,39 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI
+0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq
+GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z
+uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K
+WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5
+FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP
+q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL
+A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP
+7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf
+XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6
+iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7
+2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo
+MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj
+WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz
+O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI
+IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN
+qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU
+dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs
+bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr
+YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km
+7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr
+gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z
+5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG
+ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN
+oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+
+s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW
+zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx
+ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1
+oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3
+BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS
+mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8
+kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93
+7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8
+RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O
+jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp
+O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre
+MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A==
+-----END RSA PRIVATE KEY-----
diff --git a/contrib/unbound/testdata/redis_reconnect_interval.tdir/unbound_server.pem b/contrib/unbound/testdata/redis_reconnect_interval.tdir/unbound_server.pem
new file mode 100644
index 000000000000..986807310f2b
--- /dev/null
+++ b/contrib/unbound/testdata/redis_reconnect_interval.tdir/unbound_server.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx
+EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5
+WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB
+igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32
+a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2
+4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot
+aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4
+TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ
+uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4
++nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz
+XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx
+dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW
+84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7
+JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca
+fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg
+XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF
+qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25
+sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD
+yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe
+CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ==
+-----END CERTIFICATE-----
diff --git a/contrib/unbound/testdata/rpz_cname_wild.rpl b/contrib/unbound/testdata/rpz_cname_wild.rpl
new file mode 100644
index 000000000000..ce7200acc781
--- /dev/null
+++ b/contrib/unbound/testdata/rpz_cname_wild.rpl
@@ -0,0 +1,190 @@
+; config options
+server:
+	module-config: "respip validator iterator"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: no
+	access-control: 192.0.0.0/8 allow
+
+rpz:
+	name: "rpz.example.com."
+	rpz-log: yes
+	rpz-log-name: "rpz.example.com"
+	zonefile:
+TEMPFILE_NAME rpz.example.com
+TEMPFILE_CONTENTS rpz.example.com
+$ORIGIN example.com. 
+rpz	3600	IN	SOA	ns1.rpz.example.com. hostmaster.rpz.example.com. (
+		1379078166 28800 7200 604800 7200 )
+	3600	IN	NS	ns1.rpz.example.com.
+	3600	IN	NS	ns2.rpz.example.com.
+$ORIGIN rpz.example.com.
+*.gotham5.a CNAME static.gotham6.a.
+*.gotham7.a.rpz-nsdname CNAME static.gotham8.a.
+TEMPFILE_END
+
+stub-zone:
+	name: "a."
+	stub-addr: 10.20.30.40
+CONFIG_END
+
+SCENARIO_BEGIN Test RPZ with CNAME with a wildcarded qname trigger after it.
+
+; a.
+RANGE_BEGIN 0 100
+	ADDRESS 10.20.30.40
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+gotham.a. IN NS
+SECTION AUTHORITY
+gotham.a. NS ns1.gotham.a.
+SECTION ADDITIONAL
+ns1.gotham.a. A 10.20.30.41
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+gotham2.a. IN NS
+SECTION AUTHORITY
+gotham2.a. NS ns1.gotham2.a.
+SECTION ADDITIONAL
+ns1.gotham2.a. A 10.20.30.42
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+gotham6.a. IN NS
+SECTION AUTHORITY
+gotham6.a. NS ns1.gotham6.a.
+SECTION ADDITIONAL
+ns1.gotham6.a. A 10.20.30.46
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+gotham7.a. IN NS
+SECTION AUTHORITY
+gotham7.a. NS ns1.gotham7.a.
+SECTION ADDITIONAL
+ns1.gotham7.a. A 10.20.30.47
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+gotham8.a. IN NS
+SECTION AUTHORITY
+gotham8.a. NS ns1.gotham8.a.
+SECTION ADDITIONAL
+ns1.gotham8.a. A 10.20.30.48
+ENTRY_END
+RANGE_END
+
+; gotham.a.
+RANGE_BEGIN 0 100
+	ADDRESS 10.20.30.41
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+www.gotham.a. IN A
+SECTION ANSWER
+www.gotham.a. CNAME host.gotham5.a.
+ENTRY_END
+RANGE_END
+
+; gotham2.a.
+RANGE_BEGIN 0 100
+	ADDRESS 10.20.30.42
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+www.gotham2.a. IN A
+SECTION ANSWER
+www.gotham2.a. CNAME host.gotham7.a.
+ENTRY_END
+RANGE_END
+
+; gotham6.a.
+RANGE_BEGIN 0 100
+	ADDRESS 10.20.30.46
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+static.gotham6.a. IN A
+SECTION ANSWER
+static.gotham6.a. A 1.2.3.4
+ENTRY_END
+RANGE_END
+
+; gotham8.a.
+RANGE_BEGIN 0 100
+	ADDRESS 10.20.30.48
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+static.gotham8.a. IN A
+SECTION ANSWER
+static.gotham8.a. A 1.2.3.5
+ENTRY_END
+RANGE_END
+
+STEP 10 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.gotham.a.	IN	A
+ENTRY_END
+
+STEP 20 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+www.gotham.a.	IN	A
+SECTION ANSWER
+www.gotham.a. CNAME host.gotham5.a.
+host.gotham5.a CNAME static.gotham6.a.
+static.gotham6.a. A 1.2.3.4
+ENTRY_END
+
+STEP 30 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.gotham2.a.	IN	A
+ENTRY_END
+
+STEP 40 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+www.gotham2.a.	IN	A
+SECTION ANSWER
+www.gotham2.a. CNAME host.gotham7.a.
+host.gotham7.a CNAME static.gotham8.a.
+static.gotham8.a. A 1.2.3.5
+ENTRY_END
+
+SCENARIO_END
diff --git a/contrib/unbound/testdata/stat_values.tdir/stat_values.conf b/contrib/unbound/testdata/stat_values.tdir/stat_values.conf
index 312a7e17494f..a22746297dce 100644
--- a/contrib/unbound/testdata/stat_values.tdir/stat_values.conf
+++ b/contrib/unbound/testdata/stat_values.tdir/stat_values.conf
@@ -17,7 +17,7 @@ server:
 	serve-expired-client-timeout: 0
 	dns-error-reporting: yes
 
-	trust-anchor: "bogusdnssec. DS 1444 8 2 5224fb17d630a2e3efdc863a05a4032c5db415b5de3f32472ee9abed42e10146"
+	trust-anchor: "bogusdnssec. DNSKEY  257 3 8 AwEAAbwL6LuXTLXtb23CsXhpkxxyGbEFUROh/L8BWA1EEF8LdQ4Rmsj4 D5D8uAnRFDkNhM6XiII9xcsavwBGNwHxzUaij4MZQu1vrzcfGIJLcC1Q paZmSH9WqIYFQci+T4s4UfDrrS96wO/H0nJvFmavWVX/7p1Q6dv0Arwz XMXaHGrRVdEgK2MDS3dFRngx5JC5fwD7YnwH08EAoFRjdAoXe+etOAeG aOT9IGjVM5LKkN2k6fIRvZ2l9eu5/o+h5L+kpDRcapW2QiL21hCcmwpW 50Llfx9Ovk+M7TBjp4iT7Tc8gLzRZr24LmXEyABb54WW3aoF5k8DZPot 9ogUjxVN/dM="
 
 	local-zone: local.zone static
 	local-data: "www.local.zone A 192.0.2.1"
diff --git a/contrib/unbound/testdata/stat_values.tdir/stat_values.test b/contrib/unbound/testdata/stat_values.tdir/stat_values.test
index d538e4d60ec2..7dd71edd6b3b 100644
--- a/contrib/unbound/testdata/stat_values.tdir/stat_values.test
+++ b/contrib/unbound/testdata/stat_values.tdir/stat_values.test
@@ -448,7 +448,8 @@ num.query.flags.RD=1
 num.query.opcode.QUERY=1
 num.query.type.A=1
 num.query.udpout=9
-rrset.cache.count=4
+num.valops=6
+rrset.cache.count=5
 total.num.cachemiss=1
 total.num.dns_error_reports=1
 total.num.queries=1
diff --git a/contrib/unbound/testdata/stat_values.tdir/stat_values.testns b/contrib/unbound/testdata/stat_values.tdir/stat_values.testns
index a5c0ae92b599..8dd8e26ee04b 100644
--- a/contrib/unbound/testdata/stat_values.tdir/stat_values.testns
+++ b/contrib/unbound/testdata/stat_values.tdir/stat_values.testns
@@ -43,6 +43,11 @@ ADJUST copy_id
 SECTION QUESTION
 @	IN	DNSKEY
 SECTION ANSWER
+;; random keys with bogus rrsig (originally from nlnetlabs.nl)
+;; These will result in 6 validation attempts (1 + 5 retries) when trying to prime the configured trust anchor
+@       IN      DNSKEY  256 3 8 AwEAAdR7XR95OaAN9Rz7TbtPalQ9guQk7zfxTHYNKhsiwTZA9z+F16nD 0VeBlk7dNik3ETpT2GLAwr9sntG898JwurCDe353wHPvjZtMCdiTVp3c RCrjuCEvoFpmZNN82H0gaH/4v8mkv/QBDAkDSncYjz/FqHKAeYy3cMcj Y6RyVweh
+@       IN      DNSKEY  257 3 8 AwEAAbwL6LuXTLXtb23CsXhpkxxyGbEFUROh/L8BWA1EEF8LdQ4Rmsj4 D5D8uAnRFDkNhM6XiII9xcsavwBGNwHxzUaij4MZQu1vrzcfGIJLcC1Q paZmSH9WqIYFQci+T4s4UfDrrS96wO/H0nJvFmavWVX/7p1Q6dv0Arwz XMXaHGrRVdEgK2MDS3dFRngx5JC5fwD7YnwH08EAoFRjdAoXe+etOAeG aOT9IGjVM5LKkN2k6fIRvZ2l9eu5/o+h5L+kpDRcapW2QiL21hCcmwpW 50Llfx9Ovk+M7TBjp4iT7Tc8gLzRZr24LmXEyABb54WW3aoF5k8DZPot 9ogUjxVN/dM=
+@       IN      RRSIG   DNSKEY 8 1 3600 20250806005014 20250709005014 50602 bogusdnssec. WIv6Qe9RAALyMK04dnDfOHtudHzIyk2DcwBLupbPdmSu+0NcAjcQBo2x rWNrdvNHVCAi5OvRwIz/ac81TptsnsSd6zcOtbeSijWpQj21vnSHhlWv zvJW+/WAm3h/XbOPFSE08FNaig9CeRE2GmKemKAdUeDbWoNrku8klCG+ GHJCCyqdmgS6249oUvIgV/m6OwRSCEeUxHlDqbM+OF+Up3dj0iQ61n9l 2nrQR9WNFn9YGTNHiA9bhdFfiCmrAb6X01IrlmSe+ENiQPeRnOWv24ls V5Re9zAOz+X26vjev/wMTEhlrAvl6FIRg7hIgnd3UxQ/UCQ5gxSriaWi YoiH6g==
 ENTRY_END
 
 ENTRY_BEGIN
diff --git a/contrib/unbound/testdata/subnet_cache_lookup.tdir/subnet_cache_lookup.conf b/contrib/unbound/testdata/subnet_cache_lookup.tdir/subnet_cache_lookup.conf
new file mode 100644
index 000000000000..81072c70b999
--- /dev/null
+++ b/contrib/unbound/testdata/subnet_cache_lookup.tdir/subnet_cache_lookup.conf
@@ -0,0 +1,36 @@
+server:
+	verbosity: 7
+	# num-threads: 1
+	interface: 127.0.0.1
+	interface: 127.0.0.1@@PROXYPORT@
+	port: @PORT@
+	proxy-protocol-port: @PROXYPORT@
+	access-control: 1.0.0.0/8 allow
+	use-syslog: no
+	directory: ""
+	pidfile: "unbound.pid"
+	chroot: ""
+	username: ""
+	do-not-query-localhost: no
+	target-fetch-policy: "0 0 0 0 0"
+	send-client-subnet: 127.0.0.1
+	max-client-subnet-ipv4: 17
+	module-config: "subnetcache iterator"
+	qname-minimisation: no
+	minimal-responses: no
+remote-control:
+	control-enable: yes
+	control-interface: @CONTROL_PATH@/controlpipe.@CONTROL_PID@
+	control-use-cert: no
+stub-zone:
+	name: "."
+	stub-prime: no
+	stub-addr: "127.0.0.1@@TOPORT@"
+stub-zone:
+	name: "example.com"
+	stub-prime: no
+	stub-addr: "127.0.0.1@@TOPORT@"
+stub-zone:
+	name: "example.net"
+	stub-prime: no
+	stub-addr: "127.0.0.1@@TOPORT@"
diff --git a/contrib/unbound/testdata/subnet_cache_lookup.tdir/subnet_cache_lookup.dsc b/contrib/unbound/testdata/subnet_cache_lookup.tdir/subnet_cache_lookup.dsc
new file mode 100644
index 000000000000..5f478e9353cc
--- /dev/null
+++ b/contrib/unbound/testdata/subnet_cache_lookup.tdir/subnet_cache_lookup.dsc
@@ -0,0 +1,16 @@
+BaseName: subnet_cache_lookup
+Version: 1.0
+Description: Subnet cache contents with unbound-control cache_lookup
+CreationDate: Fri Aug 15 11:00:00 CEST 2025
+Maintainer: dr. W.C.A. Wijngaards
+Category: 
+Component:
+CmdDepends: 
+Depends: 
+Help:
+Pre: subnet_cache_lookup.pre
+Post: subnet_cache_lookup.post
+Test: subnet_cache_lookup.test
+AuxFiles: 
+Passed:
+Failure:
diff --git a/contrib/unbound/testdata/subnet_cache_lookup.tdir/subnet_cache_lookup.post b/contrib/unbound/testdata/subnet_cache_lookup.tdir/subnet_cache_lookup.post
new file mode 100644
index 000000000000..247ea68a6cc2
--- /dev/null
+++ b/contrib/unbound/testdata/subnet_cache_lookup.tdir/subnet_cache_lookup.post
@@ -0,0 +1,15 @@
+# #-- subnet_cache_lookup.post --#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# source the test var file when it's there
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+#
+# do your teardown here
+PRE="../.."
+. ../common.sh
+echo "> cat logfiles"
+kill_pid $FWD_PID
+kill_pid $UNBOUND_PID
+rm -f $CONTROL_PATH/controlpipe.$CONTROL_PID
+cat fwd.log 
+cat unbound.log
diff --git a/contrib/unbound/testdata/subnet_cache_lookup.tdir/subnet_cache_lookup.pre b/contrib/unbound/testdata/subnet_cache_lookup.tdir/subnet_cache_lookup.pre
new file mode 100644
index 000000000000..ce007c4fa852
--- /dev/null
+++ b/contrib/unbound/testdata/subnet_cache_lookup.tdir/subnet_cache_lookup.pre
@@ -0,0 +1,42 @@
+# #-- subnet_cache_lookup.pre--#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# use .tpkg.var.test for in test variable passing
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+
+PRE="../.."
+. ../common.sh
+if grep "define CLIENT_SUBNET 1" $PRE/config.h; then echo test enabled; else skip_test "test skipped"; fi
+
+get_make
+(cd $PRE; $MAKE streamtcp)
+
+get_random_port 3
+UNBOUND_PORT=$RND_PORT
+PROXY_PORT=$(($RND_PORT + 1))
+FWD_PORT=$(($RND_PORT + 2))
+echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
+echo "PROXY_PORT=$PROXY_PORT" >> .tpkg.var.test
+echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test
+
+# start forwarder
+get_ldns_testns
+$LDNS_TESTNS -p $FWD_PORT subnet_cache_lookup.testns >fwd.log 2>&1 &
+FWD_PID=$!
+echo "FWD_PID=$FWD_PID" >> .tpkg.var.test
+
+# make config file
+CONTROL_PATH=/tmp
+CONTROL_PID=$$
+sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@PROXYPORT\@/'$PROXY_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' -e 's?@CONTROL_PATH\@?'$CONTROL_PATH'?' -e 's/@CONTROL_PID@/'$CONTROL_PID'/' < subnet_cache_lookup.conf > ub.conf
+# start unbound in the background
+$PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
+UNBOUND_PID=$!
+echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
+echo "CONTROL_PATH=$CONTROL_PATH" >> .tpkg.var.test
+echo "CONTROL_PID=$CONTROL_PID" >> .tpkg.var.test
+
+cat .tpkg.var.test
+wait_ldns_testns_up fwd.log
+wait_unbound_up unbound.log
+
diff --git a/contrib/unbound/testdata/subnet_cache_lookup.tdir/subnet_cache_lookup.test b/contrib/unbound/testdata/subnet_cache_lookup.tdir/subnet_cache_lookup.test
new file mode 100644
index 000000000000..8838a64edc1c
--- /dev/null
+++ b/contrib/unbound/testdata/subnet_cache_lookup.tdir/subnet_cache_lookup.test
@@ -0,0 +1,121 @@
+# #-- subnet_cache_lookup.test --#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# use .tpkg.var.test for in test variable passing
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+
+PRE="../.."
+# do the test
+echo "> dig www.example.com."
+dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
+if grep SERVFAIL outfile; then
+	echo "> try again"
+	dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
+fi
+if grep SERVFAIL outfile; then
+	echo "> try again"
+	sleep 1
+	dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
+fi
+if grep SERVFAIL outfile; then
+	echo "> try again"
+	sleep 1
+	dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
+fi
+if grep SERVFAIL outfile; then
+	echo "> try again"
+	sleep 1
+	dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
+fi
+if grep SERVFAIL outfile; then
+	echo "> try again"
+	sleep 10
+	dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
+fi
+if grep SERVFAIL outfile; then
+	echo "> try again"
+	sleep 10
+	dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
+fi
+#echo "> cat logfiles"
+#cat fwd.log 
+#cat unbound.log
+echo "> check answer"
+if grep www.example.com outfile | grep "10.20.30.40"; then
+	echo "OK"
+else
+	echo "Not OK"
+	exit 1
+fi
+
+echo "> unbound-control status"
+$PRE/unbound-control -c ub.conf status
+if test $? -ne 0; then
+	echo "wrong exit value."
+	exit 1
+else
+	echo "exit value: OK"
+fi
+
+echo "> unbound-control cache_lookup example.com"
+$PRE/unbound-control -c ub.conf cache_lookup example.com 2>&1 | tee outfile
+if test $? -ne 0; then
+	echo "wrong exit value."
+	exit 1
+fi
+echo "> check unbound-control output"
+if grep "subnet" outfile; then
+	echo "OK"
+else
+	echo "Not OK"
+	exit 1
+fi
+
+echo "> use proxy-protocol to put more addresses in the edns subnet cache"
+$PRE/streamtcp -f 127.0.0.1@$PROXY_PORT -p 1.1.3.4 www.example.net. A IN | tee outfile
+if grep www.example.net outfile | grep "10.20.30.41"; then
+	echo "OK"
+else
+	echo "Not OK"
+	exit 1
+fi
+
+$PRE/streamtcp -f 127.0.0.1@$PROXY_PORT -p 1.2.3.4 www.example.net. A IN | tee outfile
+if grep www.example.net outfile | grep "10.20.30.42"; then
+	echo "OK"
+else
+	echo "Not OK"
+	exit 1
+fi
+
+$PRE/streamtcp -f 127.0.0.1@$PROXY_PORT -p 1.3.3.4 www.example.net. A IN | tee outfile
+if grep www.example.net outfile | grep "10.20.30.43"; then
+	echo "OK"
+else
+	echo "Not OK"
+	exit 1
+fi
+
+$PRE/streamtcp -f 127.0.0.1@$PROXY_PORT -p 1.4.3.4 www.example.net. A IN | tee outfile
+if grep www.example.net outfile | grep "10.20.30.44"; then
+	echo "OK"
+else
+	echo "Not OK"
+	exit 1
+fi
+
+echo "> unbound-control cache_lookup example.net"
+$PRE/unbound-control -c ub.conf cache_lookup example.net 2>&1 | tee outfile
+if test $? -ne 0; then
+	echo "wrong exit value."
+	exit 1
+fi
+echo "> check unbound-control output"
+if grep "subnet" outfile; then
+	echo "OK"
+else
+	echo "Not OK"
+	exit 1
+fi
+
+exit 0
diff --git a/contrib/unbound/testdata/subnet_cache_lookup.tdir/subnet_cache_lookup.testns b/contrib/unbound/testdata/subnet_cache_lookup.tdir/subnet_cache_lookup.testns
new file mode 100644
index 000000000000..ebdbffa71c70
--- /dev/null
+++ b/contrib/unbound/testdata/subnet_cache_lookup.tdir/subnet_cache_lookup.testns
@@ -0,0 +1,181 @@
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS test.ns.
+SECTION ADDITIONAL
+test.ns. IN A 127.0.0.1
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+;MATCH opcode qtype qname ednsdata
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+HEX_EDNSDATA_BEGIN
+			; client is 127.0.0.1
+	00 08 		; OPC
+	00 07 		; option length
+	00 01 		; Family
+	11 11 		; source mask, scopemask
+	7f 00 00 	; address
+HEX_EDNSDATA_END
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+example.com. IN SOA
+SECTION ANSWER
+example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname ednsdata
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION ADDITIONAL
+HEX_EDNSDATA_BEGIN
+			; client is 1.1.3.4
+	00 08 		; OPC
+	00 07 		; option length
+	00 01 		; Family
+	11 00 		; source mask, scopemask
+	01 01 00 	; address
+HEX_EDNSDATA_END
+HEX_ANSWER_BEGIN
+        00 00 84 00 00 01 00 01         ;ID 0, QR AA
+        00 00 00 01 03 77 77 77         ; www.example.net. A? (DO)
+        07 65 78 61 6d 70 6c 65
+        03 6e 65 74 00 00 01 00
+        01
+					; www.example.net. A 10.20.30.41
+	03 77 77 77 07 65 78 61 6d 70 6c 65 03 6e 65 74 00
+	00 01 00 01 00 00 0e 10 00 04
+	0a 14 1e 29
+
+	00 00 29 10 00 00 00
+        80 00 00 0b
+        00 08 00 07                     ; OPC, optlen
+        00 01 11 11                     ; ip4, scope 17, source 17
+        01 01 00                        ;1.1.0.0/17
+HEX_ANSWER_END
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname ednsdata
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION ADDITIONAL
+HEX_EDNSDATA_BEGIN
+			; client is 1.2.3.4
+	00 08 		; OPC
+	00 07 		; option length
+	00 01 		; Family
+	11 00 		; source mask, scopemask
+	01 02 00 	; address
+HEX_EDNSDATA_END
+HEX_ANSWER_BEGIN
+        00 00 84 00 00 01 00 01         ;ID 0, QR AA
+        00 00 00 01 03 77 77 77         ; www.example.net. A? (DO)
+        07 65 78 61 6d 70 6c 65
+        03 6e 65 74 00 00 01 00
+        01
+					; www.example.net. A 10.20.30.42
+	03 77 77 77 07 65 78 61 6d 70 6c 65 03 6e 65 74 00
+	00 01 00 01 00 00 0e 10 00 04
+	0a 14 1e 2a
+
+	00 00 29 10 00 00 00
+        80 00 00 0b
+        00 08 00 07                     ; OPC, optlen
+        00 01 11 11                     ; ip4, scope 17, source 17
+        01 02 00                        ;1.2.0.0/17
+HEX_ANSWER_END
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname ednsdata
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION ADDITIONAL
+HEX_EDNSDATA_BEGIN
+			; client is 1.3.3.4
+	00 08 		; OPC
+	00 07 		; option length
+	00 01 		; Family
+	11 00 		; source mask, scopemask
+	01 03 00 	; address
+HEX_EDNSDATA_END
+HEX_ANSWER_BEGIN
+        00 00 84 00 00 01 00 01         ;ID 0, QR AA
+        00 00 00 01 03 77 77 77         ; www.example.net. A? (DO)
+        07 65 78 61 6d 70 6c 65
+        03 6e 65 74 00 00 01 00
+        01
+					; www.example.net. A 10.20.30.43
+	03 77 77 77 07 65 78 61 6d 70 6c 65 03 6e 65 74 00
+	00 01 00 01 00 00 0e 10 00 04
+	0a 14 1e 2b
+
+	00 00 29 10 00 00 00
+        80 00 00 0b
+        00 08 00 07                     ; OPC, optlen
+        00 01 11 11                     ; ip4, scope 17, source 17
+        01 03 00                        ;1.3.0.0/17
+HEX_ANSWER_END
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname ednsdata
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION ADDITIONAL
+HEX_EDNSDATA_BEGIN
+			; client is 1.4.3.4
+	00 08 		; OPC
+	00 07 		; option length
+	00 01 		; Family
+	11 00 		; source mask, scopemask
+	01 04 00 	; address
+HEX_EDNSDATA_END
+HEX_ANSWER_BEGIN
+        00 00 84 00 00 01 00 01         ;ID 0, QR AA
+        00 00 00 01 03 77 77 77         ; www.example.net. A? (DO)
+        07 65 78 61 6d 70 6c 65
+        03 6e 65 74 00 00 01 00
+        01
+					; www.example.net. A 10.20.30.44
+	03 77 77 77 07 65 78 61 6d 70 6c 65 03 6e 65 74 00
+	00 01 00 01 00 00 0e 10 00 04
+	0a 14 1e 2c
+
+	00 00 29 10 00 00 00
+        80 00 00 0b
+        00 08 00 07                     ; OPC, optlen
+        00 01 11 11                     ; ip4, scope 17, source 17
+        01 04 00                        ;1.4.0.0/17
+HEX_ANSWER_END
+ENTRY_END
diff --git a/contrib/unbound/testdata/subnet_cached_servfail.crpl b/contrib/unbound/testdata/subnet_cached_servfail.crpl
index f1a66159c4ee..1bcd05f2f888 100644
--- a/contrib/unbound/testdata/subnet_cached_servfail.crpl
+++ b/contrib/unbound/testdata/subnet_cached_servfail.crpl
@@ -118,7 +118,7 @@ HEX_EDNSDATA_BEGIN
 HEX_EDNSDATA_END
 ENTRY_END
 
-; This answer was cached but a prefetch was triggerred
+; This answer was cached but a prefetch was triggered
 STEP 12 CHECK_ANSWER
 ENTRY_BEGIN
 MATCH opcode qtype qname
diff --git a/contrib/unbound/testdata/subnet_noecs_mult.crpl b/contrib/unbound/testdata/subnet_noecs_mult.crpl
new file mode 100644
index 000000000000..3e2acefb0094
--- /dev/null
+++ b/contrib/unbound/testdata/subnet_noecs_mult.crpl
@@ -0,0 +1,334 @@
+# config
+server:
+	send-client-subnet: 1.2.3.4
+	max-client-subnet-ipv4: 17
+	module-config: "subnetcache iterator"
+	qname-minimisation: no
+	minimal-responses: yes
+	target-fetch-policy: "0 0 0 0 0"
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test subnet with no edns subnet from server multiple times
+; Multiple queries are sent to a server that does not reply with the
+; edns-subnet option.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET. IN A 193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION AUTHORITY
+com. IN NS a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net. IN A 192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION AUTHORITY
+example.com. IN NS ns.example.com.
+SECTION ADDITIONAL
+ns.example.com. IN A 1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 50 52
+	ADDRESS 1.2.3.4
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com. IN NS ns.example.com.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+ns.example.com. IN A
+SECTION ANSWER
+ns.example.com. IN A 1.2.3.4
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+example.com. IN SOA ns.example.com. host.example.com. 4 86400 3600 86400 3600
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname ednsdata
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION ADDITIONAL
+	; Match this subnet option
+	HEX_EDNSDATA_BEGIN
+				; client is 127.0.0.1
+		00 08		; OPC
+		00 07		; option length
+		00 01		; Family
+		11 00		; source mask, scopemask
+		7f 00 00	; address
+	HEX_EDNSDATA_END
+	; This is the response, without the subnet option
+	HEX_ANSWER_BEGIN;
+		00 00 84 00 00 01 00 01	 ; ID 0 QR AA NOERROR
+		00 00 00 01 03 77 77 77	 ; www.example.com A (DO)
+		07 65 78 61 6d 70 6c 65
+		03 63 6f 6d 00 00 01 00
+		01 
+		C0 0C 00 01 00 01 00 00 0E 10 ; www.example.com. A IN 3600
+		00 04 0A 14 1E 2C	 ; rdata 10.20.30.44
+		00 00 29 10 00 00 00
+		80 00 00 00
+	HEX_ANSWER_END
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname ednsdata
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION ADDITIONAL
+	; Match this subnet option
+	HEX_EDNSDATA_BEGIN
+				; client is 127.2.0.1
+		00 08		; OPC
+		00 07		; option length
+		00 01		; Family
+		11 00		; source mask, scopemask
+		7f 02 00	; address
+	HEX_EDNSDATA_END
+	; This is the response, without the subnet option
+	HEX_ANSWER_BEGIN;
+		00 00 84 00 00 01 00 01	 ; ID 0 QR AA NOERROR
+		00 00 00 01 03 77 77 77	 ; www.example.com A (DO)
+		07 65 78 61 6d 70 6c 65
+		03 63 6f 6d 00 00 01 00
+		01 
+		C0 0C 00 01 00 01 00 00 0E 10 ; www.example.com. A IN 3600
+		00 04 0A 14 1E 2C	 ; rdata 10.20.30.44
+		00 00 29 10 00 00 00
+		80 00 00 00
+	HEX_ANSWER_END
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname ednsdata
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION ADDITIONAL
+	; Match this subnet option
+	HEX_EDNSDATA_BEGIN
+				; client is 127.3.0.1
+		00 08		; OPC
+		00 07		; option length
+		00 01		; Family
+		11 00		; source mask, scopemask
+		7f 03 00	; address
+	HEX_EDNSDATA_END
+	; This is the response, without the subnet option
+	HEX_ANSWER_BEGIN;
+		00 00 84 00 00 01 00 01	 ; ID 0 QR AA NOERROR
+		00 00 00 01 03 77 77 77	 ; www.example.com A (DO)
+		07 65 78 61 6d 70 6c 65
+		03 63 6f 6d 00 00 01 00
+		01 
+		C0 0C 00 01 00 01 00 00 0E 10 ; www.example.com. A IN 3600
+		00 04 0A 14 1E 2C	 ; rdata 10.20.30.44
+		00 00 29 10 00 00 00
+		80 00 00 00
+	HEX_ANSWER_END
+ENTRY_END
+
+; The answer for a query without subnet
+;ENTRY_BEGIN
+;MATCH opcode qtype qname
+;ADJUST copy_id
+;REPLY QR AA NOERROR
+;SECTION QUESTION
+;www.example.com. IN A
+;SECTION ANSWER
+;www.example.com. IN A 10.20.30.40
+;ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 53 57
+	ADDRESS 1.2.3.4
+; The answer for a query without subnet
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A 10.20.30.40
+ENTRY_END
+RANGE_END
+
+STEP 10 QUERY
+ENTRY_BEGIN
+	HEX_ANSWER_BEGIN;
+		00 00 01 00 00 01 00 00	 ; ID 0
+		00 00 00 01 03 77 77 77	 ; www.example.com A? (DO)
+		07 65 78 61 6d 70 6c 65
+		03 63 6f 6d 00 00 01 00
+		01 00 00 29 10 00 00 00
+		80 00 00 0b
+
+		00 08 00 07		; OPC, optlen
+		00 01 11 00		; ip4, scope 17, source 0
+		7f 00 00		; 127.0.0.0/17
+	HEX_ANSWER_END
+ENTRY_END
+
+STEP 20 QUERY
+ENTRY_BEGIN
+	HEX_ANSWER_BEGIN;
+		00 00 01 00 00 01 00 00	 ; ID 0
+		00 00 00 01 03 77 77 77	 ; www.example.com A? (DO)
+		07 65 78 61 6d 70 6c 65
+		03 63 6f 6d 00 00 01 00
+		01 00 00 29 10 00 00 00
+		80 00 00 0b
+
+		00 08 00 07		; OPC, optlen
+		00 01 11 00		; ip4, scope 17, source 0
+		7f 02 00		; 127.2.0.0/17
+	HEX_ANSWER_END
+ENTRY_END
+
+STEP 30 QUERY
+ENTRY_BEGIN
+	HEX_ANSWER_BEGIN;
+		00 00 01 00 00 01 00 00	 ; ID 0
+		00 00 00 01 03 77 77 77	 ; www.example.com A? (DO)
+		07 65 78 61 6d 70 6c 65
+		03 63 6f 6d 00 00 01 00
+		01 00 00 29 10 00 00 00
+		80 00 00 0b
+
+		00 08 00 07		; OPC, optlen
+		00 01 11 00		; ip4, scope 17, source 0
+		7f 03 00		; 127.3.0.0/17
+	HEX_ANSWER_END
+ENTRY_END
+
+; recursion happens here.
+; The upstream server RANGE starts responding at STEP 50.
+STEP 50 TRAFFIC
+
+; The upstream server now responds for the nonsubnet response.
+STEP 55 TRAFFIC
+
+STEP 60 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all ednsdata
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A 10.20.30.40
+;www.example.com. IN A 10.20.30.44
+SECTION ADDITIONAL
+;	HEX_EDNSDATA_BEGIN
+;				; client is 127.3.0.1
+;		00 08		; OPC
+;		00 07		; option length
+;		00 01		; Family
+;		11 00		; source mask, scopemask
+;		7f 03 00	; address
+;	HEX_EDNSDATA_END
+ENTRY_END
+
+STEP 70 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all ednsdata
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A 10.20.30.40
+;www.example.com. IN A 10.20.30.44
+SECTION ADDITIONAL
+;	HEX_EDNSDATA_BEGIN
+;				; client is 127.2.0.1
+;		00 08		; OPC
+;		00 07		; option length
+;		00 01		; Family
+;		11 00		; source mask, scopemask
+;		7f 02 00	; address
+;	HEX_EDNSDATA_END
+ENTRY_END
+
+STEP 80 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all ednsdata
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A 10.20.30.40
+;www.example.com. IN A 10.20.30.44
+SECTION ADDITIONAL
+;	HEX_EDNSDATA_BEGIN
+;				; client is 127.0.0.1
+;		00 08		; OPC
+;		00 07		; option length
+;		00 01		; Family
+;		11 00		; source mask, scopemask
+;		7f 00 00	; address
+;	HEX_EDNSDATA_END
+ENTRY_END
+
+SCENARIO_END
diff --git a/contrib/unbound/testdata/subnet_noecs_refused.crpl b/contrib/unbound/testdata/subnet_noecs_refused.crpl
new file mode 100644
index 000000000000..39fbe85b4777
--- /dev/null
+++ b/contrib/unbound/testdata/subnet_noecs_refused.crpl
@@ -0,0 +1,159 @@
+# config
+server:
+	send-client-subnet: 1.2.3.4
+	max-client-subnet-ipv4: 17
+	module-config: "subnetcache iterator"
+	qname-minimisation: no
+	minimal-responses: yes
+	target-fetch-policy: "0 0 0 0 0"
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test subnet with no edns subnet support but it is refused
+; The query is sent to a server that does not reply with the edns-subnet
+; option. The upstream server sends rcode refused. That results in a
+; NULL return_msg.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET. IN A 193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION AUTHORITY
+com. IN NS a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net. IN A 192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION AUTHORITY
+example.com. IN NS ns.example.com.
+SECTION ADDITIONAL
+ns.example.com. IN A 1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com. IN NS ns.example.com.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+ns.example.com. IN A
+SECTION ANSWER
+ns.example.com. IN A 1.2.3.4
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+example.com. IN SOA ns.example.com. host.example.com. 4 86400 3600 86400 3600
+ENTRY_END
+
+; This matches the no EDNS subnet info queries that are made for the
+; fallback without subnet. The answer is refused.
+ENTRY_BEGIN
+MATCH opcode qtype qname ednsdata
+ADJUST copy_id
+REPLY QR AA REFUSED
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+;www.example.com. IN A 10.20.30.40
+ENTRY_END
+
+; This matches the initial query with edns subnet in the query,
+; the answer has no edns subnet in the reply.
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A 10.20.30.40
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+;ENTRY_BEGIN
+;REPLY RD DO
+;SECTION QUESTION
+;www.example.com. IN A
+; but send this query with subnet scope zero in the query, because that
+; makes the reply possibly get stored in the cache.
+;
+; query with subnet 0.0.0.0/0.
+ENTRY_BEGIN
+HEX_ANSWER_BEGIN
+	00 00 01 00 00 01 00 00         ;ID 0
+	00 00 00 01 03 77 77 77         ; www.example.com A? (DO)
+	07 65 78 61 6d 70 6c 65
+	03 63 6f 6d 00 00 01 00
+	01 00 00 29 10 00 00 00
+	80 00 00 08
+
+	00 08 00 04                     ; OPC, optlen
+	00 01 00 00                     ; ip4, scope 0, source 0
+	                                ;0.0.0.0/0
+HEX_ANSWER_END
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all ednsdata
+REPLY QR RD RA DO SERVFAIL
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+;www.example.com. IN A 10.20.30.40
+ENTRY_END
+SCENARIO_END
diff --git a/contrib/unbound/testdata/subnet_noecs_support.crpl b/contrib/unbound/testdata/subnet_noecs_support.crpl
new file mode 100644
index 000000000000..0c9826c834cb
--- /dev/null
+++ b/contrib/unbound/testdata/subnet_noecs_support.crpl
@@ -0,0 +1,127 @@
+# config
+server:
+	send-client-subnet: 1.2.3.4
+	max-client-subnet-ipv4: 17
+	module-config: "subnetcache iterator"
+	qname-minimisation: no
+	minimal-responses: yes
+	target-fetch-policy: "0 0 0 0 0"
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test subnet with no edns subnet support from the server
+; The query is sent to a server that does not reply with the edns-subnet
+; option.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET. IN A 193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION AUTHORITY
+com. IN NS a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net. IN A 192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION AUTHORITY
+example.com. IN NS ns.example.com.
+SECTION ADDITIONAL
+ns.example.com. IN A 1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com. IN NS ns.example.com.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+ns.example.com. IN A
+SECTION ANSWER
+ns.example.com. IN A 1.2.3.4
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+example.com. IN SOA ns.example.com. host.example.com. 4 86400 3600 86400 3600
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A 10.20.30.40
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all ednsdata
+REPLY QR RD RA DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A 10.20.30.40
+ENTRY_END
+SCENARIO_END
diff --git a/contrib/unbound/testdata/subnet_scopezero_global.crpl b/contrib/unbound/testdata/subnet_scopezero_global.crpl
new file mode 100644
index 000000000000..1db7cc322f8c
--- /dev/null
+++ b/contrib/unbound/testdata/subnet_scopezero_global.crpl
@@ -0,0 +1,280 @@
+; config options
+server:
+	target-fetch-policy: "0 0 0 0 0"
+	module-config: "subnetcache validator iterator"
+	verbosity: 4
+	qname-minimisation: no
+	; the domain is not configured for edns-subnet
+	;send-client-subnet: 1.2.3.4
+	client-subnet-zone: "ex2.com"
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129
+
+stub-zone:
+	name: "example.com"
+	stub-addr: 1.2.3.4
+stub-zone:
+	name: "ex2.com"
+	stub-addr: 1.2.3.5
+CONFIG_END
+
+SCENARIO_BEGIN Test subnet cache with scope zero for global cache store.
+
+; the upstream server.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+
+ENTRY_BEGIN
+MATCH opcode qtype qname ednsdata
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+HEX_EDNSDATA_BEGIN
+	;; we expect to receive empty
+HEX_EDNSDATA_END
+K.ROOT-SERVERS.NET.     IN      A       193.0.14.129
+ENTRY_END
+RANGE_END
+
+RANGE_BEGIN 0 21
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A   10.20.30.40
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+RANGE_BEGIN 20 61
+	ADDRESS 1.2.3.5
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+www.ex2.com. IN A
+SECTION ANSWER
+www.ex2.com. IN A   10.20.30.41
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+RANGE_BEGIN 90 101
+	ADDRESS 1.2.3.5
+ENTRY_BEGIN
+	MATCH opcode qtype qname ednsdata
+	ADJUST copy_id copy_ednsdata_assume_clientsubnet
+	REPLY QR NOERROR
+	SECTION QUESTION
+		www.ex2.com. IN A
+	SECTION ANSWER
+		www.ex2.com. 10 IN A	10.20.30.42
+	SECTION AUTHORITY
+		ex2.com.	IN NS	ns.ex2.com.
+	SECTION ADDITIONAL
+		HEX_EDNSDATA_BEGIN
+					; client is 127.0.0.1
+			00 08 		; OPC
+			00 07 		; option length
+			00 01 		; Family
+			18 00 		; source mask, scopemask
+			7f 00 00 	; address
+		HEX_EDNSDATA_END
+		ns.ex2.com.		IN 	A	1.2.3.5
+ENTRY_END
+RANGE_END
+
+; query for 0.0.0.0/0
+STEP 10 QUERY
+ENTRY_BEGIN
+HEX_ANSWER_BEGIN
+	00 00 01 00 00 01 00 00         ;ID 0
+	00 00 00 01 03 77 77 77         ; www.example.com A? (DO)
+	07 65 78 61 6d 70 6c 65
+	03 63 6f 6d 00 00 01 00
+	01 00 00 29 10 00 00 00
+	80 00 00 08
+
+	00 08 00 04                     ; OPC, optlen
+	00 01 00 00                     ; ip4, scope 0, source 0
+	                                ;0.0.0.0/0
+HEX_ANSWER_END
+ENTRY_END
+
+STEP 20 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all ednsdata
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A   10.20.30.40
+SECTION AUTHORITY
+SECTION ADDITIONAL
+HEX_EDNSDATA_BEGIN
+	00 08           ; OPC
+	00 04           ; option length
+	00 01           ; Family
+	00 00           ; source mask, scopemask
+	                ; address
+HEX_EDNSDATA_END
+ENTRY_END
+
+; That that it is in global cache.
+STEP 30 QUERY
+ENTRY_BEGIN
+REPLY RD NOERROR
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+STEP 40 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all ednsdata
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A   10.20.30.40
+ENTRY_END
+
+; With a query where the name is whitelisted, it should not be stored
+; in global cache.
+STEP 50 QUERY
+ENTRY_BEGIN
+HEX_ANSWER_BEGIN
+	00 00 01 00 00 01 00 00         ;ID 0
+	00 00 00 01 03 77 77 77         ; www.ex2.com A? (DO)
+	03 65 78 32 03 63 6f 6d
+	00 00 01 00 01 00 00 29
+	10 00 00 00 80 00 00 08
+
+	00 08 00 04                     ; OPC, optlen
+	00 01 00 00                     ; ip4, scope 0, source 0
+	                                ;0.0.0.0/0
+HEX_ANSWER_END
+ENTRY_END
+
+STEP 60 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all ednsdata
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+www.ex2.com. IN A
+SECTION ANSWER
+www.ex2.com. IN A   10.20.30.41
+SECTION AUTHORITY
+SECTION ADDITIONAL
+HEX_EDNSDATA_BEGIN
+	00 08           ; OPC
+	00 04           ; option length
+	00 01           ; Family
+	00 00           ; source mask, scopemask
+	                ; address
+HEX_EDNSDATA_END
+ENTRY_END
+
+STEP 70 QUERY
+ENTRY_BEGIN
+HEX_ANSWER_BEGIN
+	00 00 01 00 00 01 00 00         ;ID 0
+	00 00 00 01 03 77 77 77         ; www.ex2.com A? (DO)
+	03 65 78 32 03 63 6f 6d
+	00 00 01 00 01 00 00 29
+	10 00 00 00 80 00 00 08
+
+	00 08 00 04                     ; OPC, optlen
+	00 01 00 00                     ; ip4, scope 0, source 0
+	                                ;0.0.0.0/0
+HEX_ANSWER_END
+ENTRY_END
+
+STEP 80 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all ednsdata
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+www.ex2.com. IN A
+SECTION ANSWER
+www.ex2.com. IN A   10.20.30.41
+SECTION AUTHORITY
+SECTION ADDITIONAL
+HEX_EDNSDATA_BEGIN
+	00 08           ; OPC
+	00 04           ; option length
+	00 01           ; Family
+	00 00           ; source mask, scopemask
+	                ; address
+HEX_EDNSDATA_END
+ENTRY_END
+
+; www.ex2.com is not in the global cache. and gets subnet treatment
+STEP 90 QUERY
+ENTRY_BEGIN
+REPLY RD NOERROR
+SECTION QUESTION
+www.ex2.com. IN A
+ENTRY_END
+
+STEP 100 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all ednsdata
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+www.ex2.com. IN A
+SECTION ANSWER
+www.ex2.com. IN A   10.20.30.42
+ENTRY_END
+
+; that result is in the subnet cache
+STEP 110 QUERY
+ENTRY_BEGIN
+HEX_ANSWER_BEGIN
+	00 00 01 00 00 01 00 00         ;ID 0
+	00 00 00 01 03 77 77 77         ; www.ex2.com A? (DO)
+	03 65 78 32 03 63 6f 6d
+	00 00 01 00 01 00 00 29
+	10 00 00 00 80 00 00 0b
+
+	00 08 00 07                     ; OPC, optlen
+			; ip4 127.0.0.0/24 scope /0
+	00 01 		; Family
+	18 00 		; source mask, scopemask
+	7f 00 00 	; address
+HEX_ANSWER_END
+ENTRY_END
+
+STEP 120 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all ednsdata
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+www.ex2.com. IN A
+SECTION ANSWER
+www.ex2.com. IN A   10.20.30.42
+SECTION AUTHORITY
+SECTION ADDITIONAL
+HEX_EDNSDATA_BEGIN
+	00 08           ; OPC
+	00 07           ; option length
+			; ip4 127.0.0.0/24 scope /24
+	00 01 		; Family
+	18 18 		; source mask, scopemask
+	7f 00 00 	; address
+HEX_EDNSDATA_END
+ENTRY_END
+
+SCENARIO_END
diff --git a/contrib/unbound/testdata/val_failure_dnskey.rpl b/contrib/unbound/testdata/val_failure_dnskey.rpl
index c5f1af2ff349..8b8d7f3fe208 100644
--- a/contrib/unbound/testdata/val_failure_dnskey.rpl
+++ b/contrib/unbound/testdata/val_failure_dnskey.rpl
@@ -17,7 +17,7 @@ stub-zone:
 	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
 CONFIG_END
 
-SCENARIO_BEGIN Test validator with failure for chaing of trust lookup.
+SCENARIO_BEGIN Test validator with failure for chain of trust lookup.
 ; The error message that is created, also for EDE is more extensive.
 
 ; K.ROOT-SERVERS.NET.
diff --git a/contrib/unbound/util/config_file.c b/contrib/unbound/util/config_file.c
index cf610efc6a7c..1820e1dcd91b 100644
--- a/contrib/unbound/util/config_file.c
+++ b/contrib/unbound/util/config_file.c
@@ -155,7 +155,7 @@ config_create(void)
 #  else
 	/* libevent can use many sockets */
 	cfg->outgoing_num_ports = 4096;
-	cfg->num_queries_per_thread = 1024;
+	cfg->num_queries_per_thread = 2048;
 #  endif
 	cfg->outgoing_num_tcp = 10;
 	cfg->incoming_num_tcp = 10;
@@ -169,10 +169,10 @@ config_create(void)
 	cfg->edns_buffer_size = 1232; /* from DNS flagday recommendation */
 	cfg->msg_buffer_size = 65552; /* 64 k + a small margin */
 	cfg->msg_cache_size = 4 * 1024 * 1024;
-	cfg->msg_cache_slabs = 4;
+	cfg->msg_cache_slabs = 0;
 	cfg->jostle_time = 200;
 	cfg->rrset_cache_size = 4 * 1024 * 1024;
-	cfg->rrset_cache_slabs = 4;
+	cfg->rrset_cache_slabs = 0;
 	cfg->host_ttl = 900;
 	cfg->bogus_ttl = 60;
 	cfg->min_ttl = 0;
@@ -182,7 +182,7 @@ config_create(void)
 	cfg->prefetch = 0;
 	cfg->prefetch_key = 0;
 	cfg->deny_any = 0;
-	cfg->infra_cache_slabs = 4;
+	cfg->infra_cache_slabs = 0;
 	cfg->infra_cache_numhosts = 10000;
 	cfg->infra_cache_min_rtt = 50;
 	cfg->infra_cache_max_rtt = 120000;
@@ -210,7 +210,7 @@ config_create(void)
 	cfg->if_automatic = 0;
 	cfg->if_automatic_ports = NULL;
 	cfg->so_rcvbuf = 0;
-	cfg->so_sndbuf = 0;
+	cfg->so_sndbuf = 4*1024*1024;
 	cfg->so_reuseport = REUSEPORT_DEFAULT;
 	cfg->ip_transparent = 0;
 	cfg->ip_freebind = 0;
@@ -291,7 +291,7 @@ config_create(void)
 	cfg->keep_missing = 366*24*3600; /* one year plus a little leeway */
 	cfg->permit_small_holddown = 0;
 	cfg->key_cache_size = 4 * 1024 * 1024;
-	cfg->key_cache_slabs = 4;
+	cfg->key_cache_slabs = 0;
 	cfg->neg_cache_size = 1 * 1024 * 1024;
 	cfg->local_zones = NULL;
 	cfg->local_zones_nodefault = NULL;
@@ -341,8 +341,8 @@ config_create(void)
 	cfg->ip_ratelimit_cookie = 0;
 	cfg->ip_ratelimit = 0;
 	cfg->ratelimit = 0;
-	cfg->ip_ratelimit_slabs = 4;
-	cfg->ratelimit_slabs = 4;
+	cfg->ip_ratelimit_slabs = 0;
+	cfg->ratelimit_slabs = 0;
 	cfg->ip_ratelimit_size = 4*1024*1024;
 	cfg->ratelimit_size = 4*1024*1024;
 	cfg->ratelimit_for_domain = NULL;
@@ -367,9 +367,9 @@ config_create(void)
 	cfg->dnscrypt_provider_cert_rotated = NULL;
 	cfg->dnscrypt_secret_key = NULL;
 	cfg->dnscrypt_shared_secret_cache_size = 4*1024*1024;
-	cfg->dnscrypt_shared_secret_cache_slabs = 4;
+	cfg->dnscrypt_shared_secret_cache_slabs = 0;
 	cfg->dnscrypt_nonce_cache_size = 4*1024*1024;
-	cfg->dnscrypt_nonce_cache_slabs = 4;
+	cfg->dnscrypt_nonce_cache_slabs = 0;
 	cfg->pad_responses = 1;
 	cfg->pad_responses_block_size = 468; /* from RFC8467 */
 	cfg->pad_queries = 1;
@@ -454,6 +454,11 @@ struct config_file* config_create_forlib(void)
 	cfg->val_log_squelch = 1;
 	cfg->minimal_responses = 0;
 	cfg->harden_short_bufsize = 1;
+	/* Need to explicitly define the slabs from their 0 default value */
+	cfg->ip_ratelimit_slabs = 1;
+	cfg->ratelimit_slabs = 1;
+	cfg->dnscrypt_shared_secret_cache_slabs = 1;
+	cfg->dnscrypt_nonce_cache_slabs = 1;
 	return cfg;
 }
 
@@ -1448,6 +1453,41 @@ create_cfg_parser(struct config_file* cfg, char* filename, const char* chroot)
 	init_cfg_parse();
 }
 
+void
+config_auto_slab_values(struct config_file* cfg)
+{
+#define SET_AUTO_SLAB(var, name, val)						\
+do {										\
+	if(cfg->var == 0) {							\
+		cfg->var = val;							\
+		verbose(VERB_QUERY, "setting "name": %lu", (unsigned long)val);	\
+	}									\
+} while(0);
+#ifdef THREADS_DISABLED
+	size_t pow_2_threads = 1;
+#else
+	size_t pow_2_threads = 4;  /* pow2 start */
+	while (pow_2_threads < (size_t)(cfg->num_threads?cfg->num_threads:1) &&
+		/* 1/3 of the distance to the next pow2 value stays with the
+		 * lower value */
+		(size_t)cfg->num_threads > pow_2_threads + (pow_2_threads - 1)/3) {
+		pow_2_threads <<= 1;
+	}
+	log_assert((pow_2_threads & (pow_2_threads - 1)) == 0); /* powerof2? */
+#endif /* THREADS_DISABLED */
+
+	SET_AUTO_SLAB(msg_cache_slabs, "msg-cache-slabs", pow_2_threads);
+	SET_AUTO_SLAB(rrset_cache_slabs, "rrset-cache-slabs", pow_2_threads);
+	SET_AUTO_SLAB(infra_cache_slabs, "infra-cache-slabs", pow_2_threads);
+	SET_AUTO_SLAB(key_cache_slabs, "key-cache-slabs", pow_2_threads);
+	SET_AUTO_SLAB(ip_ratelimit_slabs, "ip-ratelimit-slabs", pow_2_threads);
+	SET_AUTO_SLAB(ratelimit_slabs, "ratelimit-slabs", pow_2_threads);
+	SET_AUTO_SLAB(dnscrypt_shared_secret_cache_slabs,
+		"dnscrypt-shared-secret-cache-slabs", pow_2_threads);
+	SET_AUTO_SLAB(dnscrypt_nonce_cache_slabs,
+		"dnscrypt-nonce-cache-slabs", pow_2_threads);
+}
+
 int
 config_read(struct config_file* cfg, const char* filename, const char* chroot)
 {
@@ -1512,6 +1552,7 @@ config_read(struct config_file* cfg, const char* filename, const char* chroot)
 			}
 		}
 		globfree(&g);
+		config_auto_slab_values(cfg);
 		return 1;
 	}
 #endif /* HAVE_GLOB */
@@ -1535,6 +1576,7 @@ config_read(struct config_file* cfg, const char* filename, const char* chroot)
 		return 0;
 	}
 
+	config_auto_slab_values(cfg);
 	return 1;
 }
 
diff --git a/contrib/unbound/util/config_file.h b/contrib/unbound/util/config_file.h
index 89bbc1c7d856..44ac036b88df 100644
--- a/contrib/unbound/util/config_file.h
+++ b/contrib/unbound/util/config_file.h
@@ -967,6 +967,17 @@ struct config_file* config_create(void);
 struct config_file* config_create_forlib(void);
 
 /**
+ * If _slabs values are not explicitly configured, 0 value, put them in a
+ * pow2 value close to the number of threads used.
+ * Starts at the current default 4.
+ * If num_threads is in between two pow2 values, 1/3 of the way stays with
+ * the lower pow2 value.
+ * Exported for unit testing.
+ * @param config: where the _slabs values reside.
+ */
+void config_auto_slab_values(struct config_file* config);
+
+/**
  * Read the config file from the specified filename.
  * @param config: where options are stored into, must be freshly created.
  * @param filename: name of configfile. If NULL nothing is done.
diff --git a/contrib/unbound/util/configparser.c b/contrib/unbound/util/configparser.c
index 10eb29579c41..363e4a8c3d9b 100644
--- a/contrib/unbound/util/configparser.c
+++ b/contrib/unbound/util/configparser.c
@@ -1365,45 +1365,45 @@ static const yytype_int16 yyrline[] =
      838,   847,   856,   865,   874,   883,   890,   899,   908,   917,
      926,   935,   944,   953,   962,   971,   984,   995,  1006,  1017,
     1026,  1039,  1052,  1061,  1070,  1079,  1086,  1093,  1102,  1109,
-    1118,  1126,  1133,  1140,  1148,  1157,  1165,  1181,  1189,  1197,
-    1205,  1213,  1221,  1234,  1241,  1250,  1259,  1273,  1282,  1291,
-    1300,  1309,  1318,  1327,  1336,  1345,  1352,  1359,  1385,  1393,
-    1400,  1407,  1414,  1421,  1429,  1437,  1445,  1452,  1463,  1474,
-    1481,  1490,  1499,  1508,  1517,  1524,  1531,  1538,  1554,  1562,
-    1570,  1580,  1590,  1600,  1614,  1622,  1635,  1646,  1654,  1667,
-    1676,  1685,  1694,  1703,  1713,  1723,  1731,  1744,  1753,  1761,
-    1770,  1778,  1791,  1800,  1809,  1819,  1826,  1836,  1846,  1856,
-    1866,  1876,  1886,  1896,  1906,  1916,  1926,  1933,  1940,  1947,
-    1956,  1965,  1974,  1983,  1990,  2000,  2008,  2017,  2024,  2042,
-    2055,  2068,  2081,  2090,  2099,  2108,  2117,  2126,  2136,  2146,
-    2157,  2166,  2175,  2184,  2193,  2202,  2211,  2220,  2229,  2238,
-    2251,  2264,  2273,  2280,  2289,  2298,  2307,  2316,  2326,  2334,
-    2347,  2355,  2411,  2418,  2433,  2443,  2453,  2460,  2467,  2474,
-    2481,  2496,  2511,  2518,  2525,  2534,  2542,  2549,  2563,  2584,
-    2605,  2617,  2629,  2641,  2650,  2671,  2683,  2695,  2704,  2725,
-    2734,  2743,  2752,  2760,  2768,  2781,  2794,  2809,  2824,  2833,
-    2842,  2852,  2862,  2871,  2880,  2889,  2895,  2904,  2913,  2923,
-    2933,  2943,  2952,  2962,  2971,  2984,  2997,  3009,  3023,  3035,
-    3049,  3058,  3069,  3078,  3087,  3094,  3104,  3111,  3118,  3127,
-    3136,  3146,  3156,  3166,  3176,  3183,  3190,  3199,  3208,  3218,
-    3228,  3238,  3245,  3252,  3259,  3267,  3277,  3287,  3297,  3307,
-    3317,  3327,  3383,  3393,  3401,  3409,  3424,  3433,  3439,  3440,
-    3441,  3441,  3441,  3442,  3442,  3442,  3443,  3443,  3445,  3455,
-    3464,  3471,  3478,  3485,  3492,  3499,  3506,  3512,  3513,  3514,
-    3514,  3514,  3515,  3515,  3515,  3516,  3517,  3517,  3518,  3518,
-    3519,  3519,  3520,  3521,  3522,  3523,  3524,  3525,  3526,  3528,
-    3537,  3547,  3554,  3561,  3570,  3577,  3584,  3591,  3598,  3607,
-    3616,  3623,  3630,  3640,  3650,  3660,  3670,  3680,  3690,  3701,
-    3707,  3708,  3709,  3711,  3718,  3724,  3725,  3726,  3728,  3735,
-    3745,  3752,  3761,  3769,  3775,  3776,  3778,  3778,  3778,  3779,
-    3779,  3780,  3781,  3782,  3783,  3784,  3786,  3795,  3804,  3811,
-    3820,  3827,  3836,  3844,  3857,  3865,  3878,  3884,  3885,  3886,
-    3886,  3887,  3887,  3888,  3888,  3889,  3889,  3890,  3890,  3891,
-    3891,  3892,  3892,  3893,  3893,  3894,  3894,  3895,  3895,  3896,
-    3898,  3910,  3922,  3935,  3948,  3960,  3972,  3987,  4002,  4014,
-    4026,  4038,  4050,  4063,  4076,  4089,  4102,  4115,  4128,  4141,
-    4156,  4171,  4182,  4191,  4207,  4214,  4223,  4232,  4241,  4247,
-    4248,  4249,  4249,  4251,  4266
+    1118,  1126,  1133,  1140,  1148,  1157,  1165,  1183,  1191,  1199,
+    1207,  1215,  1223,  1236,  1243,  1252,  1261,  1275,  1284,  1293,
+    1302,  1311,  1320,  1329,  1338,  1347,  1354,  1361,  1387,  1395,
+    1402,  1409,  1416,  1423,  1431,  1439,  1447,  1454,  1465,  1476,
+    1483,  1492,  1501,  1510,  1519,  1526,  1533,  1540,  1556,  1564,
+    1572,  1582,  1592,  1602,  1616,  1624,  1637,  1648,  1656,  1669,
+    1678,  1687,  1696,  1705,  1715,  1725,  1733,  1746,  1755,  1763,
+    1772,  1780,  1793,  1802,  1811,  1821,  1828,  1838,  1848,  1858,
+    1868,  1878,  1888,  1898,  1908,  1918,  1928,  1935,  1942,  1949,
+    1958,  1967,  1976,  1985,  1992,  2002,  2010,  2019,  2026,  2044,
+    2057,  2070,  2083,  2092,  2101,  2110,  2119,  2128,  2138,  2148,
+    2159,  2168,  2177,  2186,  2195,  2204,  2213,  2222,  2231,  2240,
+    2253,  2266,  2275,  2282,  2291,  2300,  2309,  2318,  2328,  2336,
+    2349,  2357,  2413,  2420,  2435,  2445,  2455,  2462,  2469,  2476,
+    2483,  2498,  2513,  2520,  2527,  2536,  2544,  2551,  2565,  2586,
+    2607,  2619,  2631,  2643,  2652,  2673,  2685,  2697,  2706,  2727,
+    2736,  2745,  2754,  2762,  2770,  2783,  2796,  2811,  2826,  2835,
+    2844,  2854,  2864,  2873,  2882,  2891,  2897,  2906,  2915,  2925,
+    2935,  2945,  2954,  2964,  2973,  2986,  2999,  3011,  3025,  3037,
+    3051,  3060,  3071,  3080,  3089,  3096,  3106,  3113,  3120,  3129,
+    3138,  3148,  3158,  3168,  3178,  3185,  3192,  3201,  3210,  3220,
+    3230,  3240,  3247,  3254,  3261,  3269,  3279,  3289,  3299,  3309,
+    3319,  3329,  3385,  3395,  3403,  3411,  3426,  3435,  3441,  3442,
+    3443,  3443,  3443,  3444,  3444,  3444,  3445,  3445,  3447,  3457,
+    3466,  3473,  3480,  3487,  3494,  3501,  3508,  3514,  3515,  3516,
+    3516,  3516,  3517,  3517,  3517,  3518,  3519,  3519,  3520,  3520,
+    3521,  3521,  3522,  3523,  3524,  3525,  3526,  3527,  3528,  3530,
+    3539,  3549,  3556,  3563,  3572,  3579,  3586,  3593,  3600,  3609,
+    3618,  3625,  3632,  3642,  3652,  3662,  3672,  3682,  3692,  3703,
+    3709,  3710,  3711,  3713,  3720,  3726,  3727,  3728,  3730,  3737,
+    3747,  3754,  3763,  3771,  3777,  3778,  3780,  3780,  3780,  3781,
+    3781,  3782,  3783,  3784,  3785,  3786,  3788,  3797,  3806,  3813,
+    3822,  3829,  3838,  3846,  3859,  3867,  3880,  3886,  3887,  3888,
+    3888,  3889,  3889,  3890,  3890,  3891,  3891,  3892,  3892,  3893,
+    3893,  3894,  3894,  3895,  3895,  3896,  3896,  3897,  3897,  3898,
+    3900,  3912,  3924,  3937,  3950,  3962,  3974,  3989,  4004,  4016,
+    4028,  4040,  4052,  4065,  4078,  4091,  4104,  4117,  4130,  4143,
+    4158,  4173,  4184,  4193,  4209,  4216,  4225,  4234,  4243,  4249,
+    4250,  4251,  4251,  4253,  4268
 };
 #endif
 
@@ -3798,7 +3798,7 @@ yyreduce:
         {
 		OUTYY(("P(server_tcp_mss:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
-				yyerror("number expected");
+			yyerror("number expected");
 		else cfg_parser->cfg->tcp_mss = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
@@ -4082,21 +4082,23 @@ yyreduce:
 		free(cfg_parser->cfg->http_endpoint);
 		if((yyvsp[0].str) && (yyvsp[0].str)[0] != '/') {
 			cfg_parser->cfg->http_endpoint = malloc(strlen((yyvsp[0].str))+2);
-			if(!cfg_parser->cfg->http_endpoint)
+			if(cfg_parser->cfg->http_endpoint) {
+				cfg_parser->cfg->http_endpoint[0] = '/';
+				memmove(cfg_parser->cfg->http_endpoint+1, (yyvsp[0].str),
+					strlen((yyvsp[0].str))+1);
+			} else {
 				yyerror("out of memory");
-			cfg_parser->cfg->http_endpoint[0] = '/';
-			memmove(cfg_parser->cfg->http_endpoint+1, (yyvsp[0].str),
-				strlen((yyvsp[0].str))+1);
+			}
 			free((yyvsp[0].str));
 		} else {
 			cfg_parser->cfg->http_endpoint = (yyvsp[0].str);
 		}
 	}
-#line 4096 "util/configparser.c"
+#line 4098 "util/configparser.c"
     break;
 
   case 407: /* server_http_max_streams: VAR_HTTP_MAX_STREAMS STRING_ARG  */
-#line 1182 "util/configparser.y"
+#line 1184 "util/configparser.y"
         {
 		OUTYY(("P(server_http_max_streams:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -4104,11 +4106,11 @@ yyreduce:
 		else cfg_parser->cfg->http_max_streams = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 4108 "util/configparser.c"
+#line 4110 "util/configparser.c"
     break;
 
   case 408: /* server_http_query_buffer_size: VAR_HTTP_QUERY_BUFFER_SIZE STRING_ARG  */
-#line 1190 "util/configparser.y"
+#line 1192 "util/configparser.y"
         {
 		OUTYY(("P(server_http_query_buffer_size:%s)\n", (yyvsp[0].str)));
 		if(!cfg_parse_memsize((yyvsp[0].str),
@@ -4116,11 +4118,11 @@ yyreduce:
 			yyerror("memory size expected");
 		free((yyvsp[0].str));
 	}
-#line 4120 "util/configparser.c"
+#line 4122 "util/configparser.c"
     break;
 
   case 409: /* server_http_response_buffer_size: VAR_HTTP_RESPONSE_BUFFER_SIZE STRING_ARG  */
-#line 1198 "util/configparser.y"
+#line 1200 "util/configparser.y"
         {
 		OUTYY(("P(server_http_response_buffer_size:%s)\n", (yyvsp[0].str)));
 		if(!cfg_parse_memsize((yyvsp[0].str),
@@ -4128,11 +4130,11 @@ yyreduce:
 			yyerror("memory size expected");
 		free((yyvsp[0].str));
 	}
-#line 4132 "util/configparser.c"
+#line 4134 "util/configparser.c"
     break;
 
   case 410: /* server_http_nodelay: VAR_HTTP_NODELAY STRING_ARG  */
-#line 1206 "util/configparser.y"
+#line 1208 "util/configparser.y"
         {
 		OUTYY(("P(server_http_nodelay:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4140,11 +4142,11 @@ yyreduce:
 		else cfg_parser->cfg->http_nodelay = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4144 "util/configparser.c"
+#line 4146 "util/configparser.c"
     break;
 
   case 411: /* server_http_notls_downstream: VAR_HTTP_NOTLS_DOWNSTREAM STRING_ARG  */
-#line 1214 "util/configparser.y"
+#line 1216 "util/configparser.y"
         {
 		OUTYY(("P(server_http_notls_downstream:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4152,11 +4154,11 @@ yyreduce:
 		else cfg_parser->cfg->http_notls_downstream = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4156 "util/configparser.c"
+#line 4158 "util/configparser.c"
     break;
 
   case 412: /* server_quic_port: VAR_QUIC_PORT STRING_ARG  */
-#line 1222 "util/configparser.y"
+#line 1224 "util/configparser.y"
         {
 		OUTYY(("P(server_quic_port:%s)\n", (yyvsp[0].str)));
 #ifndef HAVE_NGTCP2
@@ -4169,22 +4171,22 @@ yyreduce:
 		else cfg_parser->cfg->quic_port = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 4173 "util/configparser.c"
+#line 4175 "util/configparser.c"
     break;
 
   case 413: /* server_quic_size: VAR_QUIC_SIZE STRING_ARG  */
-#line 1235 "util/configparser.y"
+#line 1237 "util/configparser.y"
         {
 		OUTYY(("P(server_quic_size:%s)\n", (yyvsp[0].str)));
 		if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->quic_size))
 			yyerror("memory size expected");
 		free((yyvsp[0].str));
 	}
-#line 4184 "util/configparser.c"
+#line 4186 "util/configparser.c"
     break;
 
   case 414: /* server_use_systemd: VAR_USE_SYSTEMD STRING_ARG  */
-#line 1242 "util/configparser.y"
+#line 1244 "util/configparser.y"
         {
 		OUTYY(("P(server_use_systemd:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4192,11 +4194,11 @@ yyreduce:
 		else cfg_parser->cfg->use_systemd = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4196 "util/configparser.c"
+#line 4198 "util/configparser.c"
     break;
 
   case 415: /* server_do_daemonize: VAR_DO_DAEMONIZE STRING_ARG  */
-#line 1251 "util/configparser.y"
+#line 1253 "util/configparser.y"
         {
 		OUTYY(("P(server_do_daemonize:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4204,11 +4206,11 @@ yyreduce:
 		else cfg_parser->cfg->do_daemonize = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4208 "util/configparser.c"
+#line 4210 "util/configparser.c"
     break;
 
   case 416: /* server_use_syslog: VAR_USE_SYSLOG STRING_ARG  */
-#line 1260 "util/configparser.y"
+#line 1262 "util/configparser.y"
         {
 		OUTYY(("P(server_use_syslog:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4221,11 +4223,11 @@ yyreduce:
 #endif
 		free((yyvsp[0].str));
 	}
-#line 4225 "util/configparser.c"
+#line 4227 "util/configparser.c"
     break;
 
   case 417: /* server_log_time_ascii: VAR_LOG_TIME_ASCII STRING_ARG  */
-#line 1274 "util/configparser.y"
+#line 1276 "util/configparser.y"
         {
 		OUTYY(("P(server_log_time_ascii:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4233,11 +4235,11 @@ yyreduce:
 		else cfg_parser->cfg->log_time_ascii = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4237 "util/configparser.c"
+#line 4239 "util/configparser.c"
     break;
 
   case 418: /* server_log_time_iso: VAR_LOG_TIME_ISO STRING_ARG  */
-#line 1283 "util/configparser.y"
+#line 1285 "util/configparser.y"
         {
 		OUTYY(("P(server_log_time_iso:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4245,11 +4247,11 @@ yyreduce:
 		else cfg_parser->cfg->log_time_iso = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4249 "util/configparser.c"
+#line 4251 "util/configparser.c"
     break;
 
   case 419: /* server_log_queries: VAR_LOG_QUERIES STRING_ARG  */
-#line 1292 "util/configparser.y"
+#line 1294 "util/configparser.y"
         {
 		OUTYY(("P(server_log_queries:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4257,11 +4259,11 @@ yyreduce:
 		else cfg_parser->cfg->log_queries = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4261 "util/configparser.c"
+#line 4263 "util/configparser.c"
     break;
 
   case 420: /* server_log_replies: VAR_LOG_REPLIES STRING_ARG  */
-#line 1301 "util/configparser.y"
+#line 1303 "util/configparser.y"
         {
 		OUTYY(("P(server_log_replies:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4269,11 +4271,11 @@ yyreduce:
 		else cfg_parser->cfg->log_replies = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4273 "util/configparser.c"
+#line 4275 "util/configparser.c"
     break;
 
   case 421: /* server_log_tag_queryreply: VAR_LOG_TAG_QUERYREPLY STRING_ARG  */
-#line 1310 "util/configparser.y"
+#line 1312 "util/configparser.y"
         {
 		OUTYY(("P(server_log_tag_queryreply:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4281,11 +4283,11 @@ yyreduce:
 		else cfg_parser->cfg->log_tag_queryreply = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4285 "util/configparser.c"
+#line 4287 "util/configparser.c"
     break;
 
   case 422: /* server_log_servfail: VAR_LOG_SERVFAIL STRING_ARG  */
-#line 1319 "util/configparser.y"
+#line 1321 "util/configparser.y"
         {
 		OUTYY(("P(server_log_servfail:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4293,11 +4295,11 @@ yyreduce:
 		else cfg_parser->cfg->log_servfail = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4297 "util/configparser.c"
+#line 4299 "util/configparser.c"
     break;
 
   case 423: /* server_log_destaddr: VAR_LOG_DESTADDR STRING_ARG  */
-#line 1328 "util/configparser.y"
+#line 1330 "util/configparser.y"
         {
 		OUTYY(("P(server_log_destaddr:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4305,11 +4307,11 @@ yyreduce:
 		else cfg_parser->cfg->log_destaddr = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4309 "util/configparser.c"
+#line 4311 "util/configparser.c"
     break;
 
   case 424: /* server_log_local_actions: VAR_LOG_LOCAL_ACTIONS STRING_ARG  */
-#line 1337 "util/configparser.y"
+#line 1339 "util/configparser.y"
         {
 		OUTYY(("P(server_log_local_actions:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4317,31 +4319,31 @@ yyreduce:
 		else cfg_parser->cfg->log_local_actions = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4321 "util/configparser.c"
+#line 4323 "util/configparser.c"
     break;
 
   case 425: /* server_chroot: VAR_CHROOT STRING_ARG  */
-#line 1346 "util/configparser.y"
+#line 1348 "util/configparser.y"
         {
 		OUTYY(("P(server_chroot:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->chrootdir);
 		cfg_parser->cfg->chrootdir = (yyvsp[0].str);
 	}
-#line 4331 "util/configparser.c"
+#line 4333 "util/configparser.c"
     break;
 
   case 426: /* server_username: VAR_USERNAME STRING_ARG  */
-#line 1353 "util/configparser.y"
+#line 1355 "util/configparser.y"
         {
 		OUTYY(("P(server_username:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->username);
 		cfg_parser->cfg->username = (yyvsp[0].str);
 	}
-#line 4341 "util/configparser.c"
+#line 4343 "util/configparser.c"
     break;
 
   case 427: /* server_directory: VAR_DIRECTORY STRING_ARG  */
-#line 1360 "util/configparser.y"
+#line 1362 "util/configparser.y"
         {
 		OUTYY(("P(server_directory:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->directory);
@@ -4366,105 +4368,105 @@ yyreduce:
 			}
 		}
 	}
-#line 4370 "util/configparser.c"
+#line 4372 "util/configparser.c"
     break;
 
   case 428: /* server_logfile: VAR_LOGFILE STRING_ARG  */
-#line 1386 "util/configparser.y"
+#line 1388 "util/configparser.y"
         {
 		OUTYY(("P(server_logfile:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->logfile);
 		cfg_parser->cfg->logfile = (yyvsp[0].str);
 		cfg_parser->cfg->use_syslog = 0;
 	}
-#line 4381 "util/configparser.c"
+#line 4383 "util/configparser.c"
     break;
 
   case 429: /* server_pidfile: VAR_PIDFILE STRING_ARG  */
-#line 1394 "util/configparser.y"
+#line 1396 "util/configparser.y"
         {
 		OUTYY(("P(server_pidfile:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->pidfile);
 		cfg_parser->cfg->pidfile = (yyvsp[0].str);
 	}
-#line 4391 "util/configparser.c"
+#line 4393 "util/configparser.c"
     break;
 
   case 430: /* server_root_hints: VAR_ROOT_HINTS STRING_ARG  */
-#line 1401 "util/configparser.y"
+#line 1403 "util/configparser.y"
         {
 		OUTYY(("P(server_root_hints:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_insert(&cfg_parser->cfg->root_hints, (yyvsp[0].str)))
 			yyerror("out of memory");
 	}
-#line 4401 "util/configparser.c"
+#line 4403 "util/configparser.c"
     break;
 
   case 431: /* server_dlv_anchor_file: VAR_DLV_ANCHOR_FILE STRING_ARG  */
-#line 1408 "util/configparser.y"
+#line 1410 "util/configparser.y"
         {
 		OUTYY(("P(server_dlv_anchor_file:%s)\n", (yyvsp[0].str)));
 		log_warn("option dlv-anchor-file ignored: DLV is decommissioned");
 		free((yyvsp[0].str));
 	}
-#line 4411 "util/configparser.c"
+#line 4413 "util/configparser.c"
     break;
 
   case 432: /* server_dlv_anchor: VAR_DLV_ANCHOR STRING_ARG  */
-#line 1415 "util/configparser.y"
+#line 1417 "util/configparser.y"
         {
 		OUTYY(("P(server_dlv_anchor:%s)\n", (yyvsp[0].str)));
 		log_warn("option dlv-anchor ignored: DLV is decommissioned");
 		free((yyvsp[0].str));
 	}
-#line 4421 "util/configparser.c"
+#line 4423 "util/configparser.c"
     break;
 
   case 433: /* server_auto_trust_anchor_file: VAR_AUTO_TRUST_ANCHOR_FILE STRING_ARG  */
-#line 1422 "util/configparser.y"
+#line 1424 "util/configparser.y"
         {
 		OUTYY(("P(server_auto_trust_anchor_file:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_insert(&cfg_parser->cfg->
 			auto_trust_anchor_file_list, (yyvsp[0].str)))
 			yyerror("out of memory");
 	}
-#line 4432 "util/configparser.c"
+#line 4434 "util/configparser.c"
     break;
 
   case 434: /* server_trust_anchor_file: VAR_TRUST_ANCHOR_FILE STRING_ARG  */
-#line 1430 "util/configparser.y"
+#line 1432 "util/configparser.y"
         {
 		OUTYY(("P(server_trust_anchor_file:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_insert(&cfg_parser->cfg->
 			trust_anchor_file_list, (yyvsp[0].str)))
 			yyerror("out of memory");
 	}
-#line 4443 "util/configparser.c"
+#line 4445 "util/configparser.c"
     break;
 
   case 435: /* server_trusted_keys_file: VAR_TRUSTED_KEYS_FILE STRING_ARG  */
-#line 1438 "util/configparser.y"
+#line 1440 "util/configparser.y"
         {
 		OUTYY(("P(server_trusted_keys_file:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_insert(&cfg_parser->cfg->
 			trusted_keys_file_list, (yyvsp[0].str)))
 			yyerror("out of memory");
 	}
-#line 4454 "util/configparser.c"
+#line 4456 "util/configparser.c"
     break;
 
   case 436: /* server_trust_anchor: VAR_TRUST_ANCHOR STRING_ARG  */
-#line 1446 "util/configparser.y"
+#line 1448 "util/configparser.y"
         {
 		OUTYY(("P(server_trust_anchor:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_insert(&cfg_parser->cfg->trust_anchor_list, (yyvsp[0].str)))
 			yyerror("out of memory");
 	}
-#line 4464 "util/configparser.c"
+#line 4466 "util/configparser.c"
     break;
 
   case 437: /* server_trust_anchor_signaling: VAR_TRUST_ANCHOR_SIGNALING STRING_ARG  */
-#line 1453 "util/configparser.y"
+#line 1455 "util/configparser.y"
         {
 		OUTYY(("P(server_trust_anchor_signaling:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4474,11 +4476,11 @@ yyreduce:
 				(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4478 "util/configparser.c"
+#line 4480 "util/configparser.c"
     break;
 
   case 438: /* server_root_key_sentinel: VAR_ROOT_KEY_SENTINEL STRING_ARG  */
-#line 1464 "util/configparser.y"
+#line 1466 "util/configparser.y"
         {
 		OUTYY(("P(server_root_key_sentinel:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4488,21 +4490,21 @@ yyreduce:
 				(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4492 "util/configparser.c"
+#line 4494 "util/configparser.c"
     break;
 
   case 439: /* server_domain_insecure: VAR_DOMAIN_INSECURE STRING_ARG  */
-#line 1475 "util/configparser.y"
+#line 1477 "util/configparser.y"
         {
 		OUTYY(("P(server_domain_insecure:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_insert(&cfg_parser->cfg->domain_insecure, (yyvsp[0].str)))
 			yyerror("out of memory");
 	}
-#line 4502 "util/configparser.c"
+#line 4504 "util/configparser.c"
     break;
 
   case 440: /* server_hide_identity: VAR_HIDE_IDENTITY STRING_ARG  */
-#line 1482 "util/configparser.y"
+#line 1484 "util/configparser.y"
         {
 		OUTYY(("P(server_hide_identity:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4510,11 +4512,11 @@ yyreduce:
 		else cfg_parser->cfg->hide_identity = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4514 "util/configparser.c"
+#line 4516 "util/configparser.c"
     break;
 
   case 441: /* server_hide_version: VAR_HIDE_VERSION STRING_ARG  */
-#line 1491 "util/configparser.y"
+#line 1493 "util/configparser.y"
         {
 		OUTYY(("P(server_hide_version:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4522,11 +4524,11 @@ yyreduce:
 		else cfg_parser->cfg->hide_version = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4526 "util/configparser.c"
+#line 4528 "util/configparser.c"
     break;
 
   case 442: /* server_hide_trustanchor: VAR_HIDE_TRUSTANCHOR STRING_ARG  */
-#line 1500 "util/configparser.y"
+#line 1502 "util/configparser.y"
         {
 		OUTYY(("P(server_hide_trustanchor:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4534,11 +4536,11 @@ yyreduce:
 		else cfg_parser->cfg->hide_trustanchor = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4538 "util/configparser.c"
+#line 4540 "util/configparser.c"
     break;
 
   case 443: /* server_hide_http_user_agent: VAR_HIDE_HTTP_USER_AGENT STRING_ARG  */
-#line 1509 "util/configparser.y"
+#line 1511 "util/configparser.y"
         {
 		OUTYY(("P(server_hide_user_agent:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4546,41 +4548,41 @@ yyreduce:
 		else cfg_parser->cfg->hide_http_user_agent = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4550 "util/configparser.c"
+#line 4552 "util/configparser.c"
     break;
 
   case 444: /* server_identity: VAR_IDENTITY STRING_ARG  */
-#line 1518 "util/configparser.y"
+#line 1520 "util/configparser.y"
         {
 		OUTYY(("P(server_identity:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->identity);
 		cfg_parser->cfg->identity = (yyvsp[0].str);
 	}
-#line 4560 "util/configparser.c"
+#line 4562 "util/configparser.c"
     break;
 
   case 445: /* server_version: VAR_VERSION STRING_ARG  */
-#line 1525 "util/configparser.y"
+#line 1527 "util/configparser.y"
         {
 		OUTYY(("P(server_version:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->version);
 		cfg_parser->cfg->version = (yyvsp[0].str);
 	}
-#line 4570 "util/configparser.c"
+#line 4572 "util/configparser.c"
     break;
 
   case 446: /* server_http_user_agent: VAR_HTTP_USER_AGENT STRING_ARG  */
-#line 1532 "util/configparser.y"
+#line 1534 "util/configparser.y"
         {
 		OUTYY(("P(server_http_user_agent:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->http_user_agent);
 		cfg_parser->cfg->http_user_agent = (yyvsp[0].str);
 	}
-#line 4580 "util/configparser.c"
+#line 4582 "util/configparser.c"
     break;
 
   case 447: /* server_nsid: VAR_NSID STRING_ARG  */
-#line 1539 "util/configparser.y"
+#line 1541 "util/configparser.y"
         {
 		OUTYY(("P(server_nsid:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->nsid_cfg_str);
@@ -4595,33 +4597,33 @@ yyreduce:
 			yyerror("the NSID must be either a hex string or an "
 			    "ascii character string prepended with ascii_.");
 	}
-#line 4599 "util/configparser.c"
+#line 4601 "util/configparser.c"
     break;
 
   case 448: /* server_so_rcvbuf: VAR_SO_RCVBUF STRING_ARG  */
-#line 1555 "util/configparser.y"
+#line 1557 "util/configparser.y"
         {
 		OUTYY(("P(server_so_rcvbuf:%s)\n", (yyvsp[0].str)));
 		if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->so_rcvbuf))
 			yyerror("buffer size expected");
 		free((yyvsp[0].str));
 	}
-#line 4610 "util/configparser.c"
+#line 4612 "util/configparser.c"
     break;
 
   case 449: /* server_so_sndbuf: VAR_SO_SNDBUF STRING_ARG  */
-#line 1563 "util/configparser.y"
+#line 1565 "util/configparser.y"
         {
 		OUTYY(("P(server_so_sndbuf:%s)\n", (yyvsp[0].str)));
 		if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->so_sndbuf))
 			yyerror("buffer size expected");
 		free((yyvsp[0].str));
 	}
-#line 4621 "util/configparser.c"
+#line 4623 "util/configparser.c"
     break;
 
   case 450: /* server_so_reuseport: VAR_SO_REUSEPORT STRING_ARG  */
-#line 1571 "util/configparser.y"
+#line 1573 "util/configparser.y"
         {
 		OUTYY(("P(server_so_reuseport:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4630,11 +4632,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4634 "util/configparser.c"
+#line 4636 "util/configparser.c"
     break;
 
   case 451: /* server_ip_transparent: VAR_IP_TRANSPARENT STRING_ARG  */
-#line 1581 "util/configparser.y"
+#line 1583 "util/configparser.y"
         {
 		OUTYY(("P(server_ip_transparent:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4643,11 +4645,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4647 "util/configparser.c"
+#line 4649 "util/configparser.c"
     break;
 
   case 452: /* server_ip_freebind: VAR_IP_FREEBIND STRING_ARG  */
-#line 1591 "util/configparser.y"
+#line 1593 "util/configparser.y"
         {
 		OUTYY(("P(server_ip_freebind:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4656,11 +4658,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4660 "util/configparser.c"
+#line 4662 "util/configparser.c"
     break;
 
   case 453: /* server_ip_dscp: VAR_IP_DSCP STRING_ARG  */
-#line 1601 "util/configparser.y"
+#line 1603 "util/configparser.y"
         {
 		OUTYY(("P(server_ip_dscp:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -4673,22 +4675,22 @@ yyreduce:
 			cfg_parser->cfg->ip_dscp = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 4677 "util/configparser.c"
+#line 4679 "util/configparser.c"
     break;
 
   case 454: /* server_stream_wait_size: VAR_STREAM_WAIT_SIZE STRING_ARG  */
-#line 1615 "util/configparser.y"
+#line 1617 "util/configparser.y"
         {
 		OUTYY(("P(server_stream_wait_size:%s)\n", (yyvsp[0].str)));
 		if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->stream_wait_size))
 			yyerror("memory size expected");
 		free((yyvsp[0].str));
 	}
-#line 4688 "util/configparser.c"
+#line 4690 "util/configparser.c"
     break;
 
   case 455: /* server_edns_buffer_size: VAR_EDNS_BUFFER_SIZE STRING_ARG  */
-#line 1623 "util/configparser.y"
+#line 1625 "util/configparser.y"
         {
 		OUTYY(("P(server_edns_buffer_size:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0)
@@ -4700,11 +4702,11 @@ yyreduce:
 		else cfg_parser->cfg->edns_buffer_size = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 4704 "util/configparser.c"
+#line 4706 "util/configparser.c"
     break;
 
   case 456: /* server_msg_buffer_size: VAR_MSG_BUFFER_SIZE STRING_ARG  */
-#line 1636 "util/configparser.y"
+#line 1638 "util/configparser.y"
         {
 		OUTYY(("P(server_msg_buffer_size:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0)
@@ -4714,22 +4716,22 @@ yyreduce:
 		else cfg_parser->cfg->msg_buffer_size = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 4718 "util/configparser.c"
+#line 4720 "util/configparser.c"
     break;
 
   case 457: /* server_msg_cache_size: VAR_MSG_CACHE_SIZE STRING_ARG  */
-#line 1647 "util/configparser.y"
+#line 1649 "util/configparser.y"
         {
 		OUTYY(("P(server_msg_cache_size:%s)\n", (yyvsp[0].str)));
 		if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->msg_cache_size))
 			yyerror("memory size expected");
 		free((yyvsp[0].str));
 	}
-#line 4729 "util/configparser.c"
+#line 4731 "util/configparser.c"
     break;
 
   case 458: /* server_msg_cache_slabs: VAR_MSG_CACHE_SLABS STRING_ARG  */
-#line 1655 "util/configparser.y"
+#line 1657 "util/configparser.y"
         {
 		OUTYY(("P(server_msg_cache_slabs:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0) {
@@ -4741,11 +4743,11 @@ yyreduce:
 		}
 		free((yyvsp[0].str));
 	}
-#line 4745 "util/configparser.c"
+#line 4747 "util/configparser.c"
     break;
 
   case 459: /* server_num_queries_per_thread: VAR_NUM_QUERIES_PER_THREAD STRING_ARG  */
-#line 1668 "util/configparser.y"
+#line 1670 "util/configparser.y"
         {
 		OUTYY(("P(server_num_queries_per_thread:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0)
@@ -4753,11 +4755,11 @@ yyreduce:
 		else cfg_parser->cfg->num_queries_per_thread = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 4757 "util/configparser.c"
+#line 4759 "util/configparser.c"
     break;
 
   case 460: /* server_jostle_timeout: VAR_JOSTLE_TIMEOUT STRING_ARG  */
-#line 1677 "util/configparser.y"
+#line 1679 "util/configparser.y"
         {
 		OUTYY(("P(server_jostle_timeout:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -4765,11 +4767,11 @@ yyreduce:
 		else cfg_parser->cfg->jostle_time = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 4769 "util/configparser.c"
+#line 4771 "util/configparser.c"
     break;
 
   case 461: /* server_delay_close: VAR_DELAY_CLOSE STRING_ARG  */
-#line 1686 "util/configparser.y"
+#line 1688 "util/configparser.y"
         {
 		OUTYY(("P(server_delay_close:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -4777,11 +4779,11 @@ yyreduce:
 		else cfg_parser->cfg->delay_close = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 4781 "util/configparser.c"
+#line 4783 "util/configparser.c"
     break;
 
   case 462: /* server_udp_connect: VAR_UDP_CONNECT STRING_ARG  */
-#line 1695 "util/configparser.y"
+#line 1697 "util/configparser.y"
         {
 		OUTYY(("P(server_udp_connect:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4789,11 +4791,11 @@ yyreduce:
 		else cfg_parser->cfg->udp_connect = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4793 "util/configparser.c"
+#line 4795 "util/configparser.c"
     break;
 
   case 463: /* server_unblock_lan_zones: VAR_UNBLOCK_LAN_ZONES STRING_ARG  */
-#line 1704 "util/configparser.y"
+#line 1706 "util/configparser.y"
         {
 		OUTYY(("P(server_unblock_lan_zones:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4802,11 +4804,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4806 "util/configparser.c"
+#line 4808 "util/configparser.c"
     break;
 
   case 464: /* server_insecure_lan_zones: VAR_INSECURE_LAN_ZONES STRING_ARG  */
-#line 1714 "util/configparser.y"
+#line 1716 "util/configparser.y"
         {
 		OUTYY(("P(server_insecure_lan_zones:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4815,22 +4817,22 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4819 "util/configparser.c"
+#line 4821 "util/configparser.c"
     break;
 
   case 465: /* server_rrset_cache_size: VAR_RRSET_CACHE_SIZE STRING_ARG  */
-#line 1724 "util/configparser.y"
+#line 1726 "util/configparser.y"
         {
 		OUTYY(("P(server_rrset_cache_size:%s)\n", (yyvsp[0].str)));
 		if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->rrset_cache_size))
 			yyerror("memory size expected");
 		free((yyvsp[0].str));
 	}
-#line 4830 "util/configparser.c"
+#line 4832 "util/configparser.c"
     break;
 
   case 466: /* server_rrset_cache_slabs: VAR_RRSET_CACHE_SLABS STRING_ARG  */
-#line 1732 "util/configparser.y"
+#line 1734 "util/configparser.y"
         {
 		OUTYY(("P(server_rrset_cache_slabs:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0) {
@@ -4842,11 +4844,11 @@ yyreduce:
 		}
 		free((yyvsp[0].str));
 	}
-#line 4846 "util/configparser.c"
+#line 4848 "util/configparser.c"
     break;
 
   case 467: /* server_infra_host_ttl: VAR_INFRA_HOST_TTL STRING_ARG  */
-#line 1745 "util/configparser.y"
+#line 1747 "util/configparser.y"
         {
 		OUTYY(("P(server_infra_host_ttl:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -4854,22 +4856,22 @@ yyreduce:
 		else cfg_parser->cfg->host_ttl = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 4858 "util/configparser.c"
+#line 4860 "util/configparser.c"
     break;
 
   case 468: /* server_infra_lame_ttl: VAR_INFRA_LAME_TTL STRING_ARG  */
-#line 1754 "util/configparser.y"
+#line 1756 "util/configparser.y"
         {
 		OUTYY(("P(server_infra_lame_ttl:%s)\n", (yyvsp[0].str)));
 		verbose(VERB_DETAIL, "ignored infra-lame-ttl: %s (option "
 			"removed, use infra-host-ttl)", (yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 4869 "util/configparser.c"
+#line 4871 "util/configparser.c"
     break;
 
   case 469: /* server_infra_cache_numhosts: VAR_INFRA_CACHE_NUMHOSTS STRING_ARG  */
-#line 1762 "util/configparser.y"
+#line 1764 "util/configparser.y"
         {
 		OUTYY(("P(server_infra_cache_numhosts:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0)
@@ -4877,22 +4879,22 @@ yyreduce:
 		else cfg_parser->cfg->infra_cache_numhosts = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 4881 "util/configparser.c"
+#line 4883 "util/configparser.c"
     break;
 
   case 470: /* server_infra_cache_lame_size: VAR_INFRA_CACHE_LAME_SIZE STRING_ARG  */
-#line 1771 "util/configparser.y"
+#line 1773 "util/configparser.y"
         {
 		OUTYY(("P(server_infra_cache_lame_size:%s)\n", (yyvsp[0].str)));
 		verbose(VERB_DETAIL, "ignored infra-cache-lame-size: %s "
 			"(option removed, use infra-cache-numhosts)", (yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 4892 "util/configparser.c"
+#line 4894 "util/configparser.c"
     break;
 
   case 471: /* server_infra_cache_slabs: VAR_INFRA_CACHE_SLABS STRING_ARG  */
-#line 1779 "util/configparser.y"
+#line 1781 "util/configparser.y"
         {
 		OUTYY(("P(server_infra_cache_slabs:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0) {
@@ -4904,11 +4906,11 @@ yyreduce:
 		}
 		free((yyvsp[0].str));
 	}
-#line 4908 "util/configparser.c"
+#line 4910 "util/configparser.c"
     break;
 
   case 472: /* server_infra_cache_min_rtt: VAR_INFRA_CACHE_MIN_RTT STRING_ARG  */
-#line 1792 "util/configparser.y"
+#line 1794 "util/configparser.y"
         {
 		OUTYY(("P(server_infra_cache_min_rtt:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -4916,11 +4918,11 @@ yyreduce:
 		else cfg_parser->cfg->infra_cache_min_rtt = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 4920 "util/configparser.c"
+#line 4922 "util/configparser.c"
     break;
 
   case 473: /* server_infra_cache_max_rtt: VAR_INFRA_CACHE_MAX_RTT STRING_ARG  */
-#line 1801 "util/configparser.y"
+#line 1803 "util/configparser.y"
         {
 		OUTYY(("P(server_infra_cache_max_rtt:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -4928,11 +4930,11 @@ yyreduce:
 		else cfg_parser->cfg->infra_cache_max_rtt = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 4932 "util/configparser.c"
+#line 4934 "util/configparser.c"
     break;
 
   case 474: /* server_infra_keep_probing: VAR_INFRA_KEEP_PROBING STRING_ARG  */
-#line 1810 "util/configparser.y"
+#line 1812 "util/configparser.y"
         {
 		OUTYY(("P(server_infra_keep_probing:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4941,21 +4943,21 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4945 "util/configparser.c"
+#line 4947 "util/configparser.c"
     break;
 
   case 475: /* server_target_fetch_policy: VAR_TARGET_FETCH_POLICY STRING_ARG  */
-#line 1820 "util/configparser.y"
+#line 1822 "util/configparser.y"
         {
 		OUTYY(("P(server_target_fetch_policy:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->target_fetch_policy);
 		cfg_parser->cfg->target_fetch_policy = (yyvsp[0].str);
 	}
-#line 4955 "util/configparser.c"
+#line 4957 "util/configparser.c"
     break;
 
   case 476: /* server_harden_short_bufsize: VAR_HARDEN_SHORT_BUFSIZE STRING_ARG  */
-#line 1827 "util/configparser.y"
+#line 1829 "util/configparser.y"
         {
 		OUTYY(("P(server_harden_short_bufsize:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4964,11 +4966,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4968 "util/configparser.c"
+#line 4970 "util/configparser.c"
     break;
 
   case 477: /* server_harden_large_queries: VAR_HARDEN_LARGE_QUERIES STRING_ARG  */
-#line 1837 "util/configparser.y"
+#line 1839 "util/configparser.y"
         {
 		OUTYY(("P(server_harden_large_queries:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4977,11 +4979,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4981 "util/configparser.c"
+#line 4983 "util/configparser.c"
     break;
 
   case 478: /* server_harden_glue: VAR_HARDEN_GLUE STRING_ARG  */
-#line 1847 "util/configparser.y"
+#line 1849 "util/configparser.y"
         {
 		OUTYY(("P(server_harden_glue:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -4990,11 +4992,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 4994 "util/configparser.c"
+#line 4996 "util/configparser.c"
     break;
 
   case 479: /* server_harden_unverified_glue: VAR_HARDEN_UNVERIFIED_GLUE STRING_ARG  */
-#line 1857 "util/configparser.y"
+#line 1859 "util/configparser.y"
        {
                OUTYY(("P(server_harden_unverified_glue:%s)\n", (yyvsp[0].str)));
                if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5003,11 +5005,11 @@ yyreduce:
                        (strcmp((yyvsp[0].str), "yes")==0);
                free((yyvsp[0].str));
        }
-#line 5007 "util/configparser.c"
+#line 5009 "util/configparser.c"
     break;
 
   case 480: /* server_harden_dnssec_stripped: VAR_HARDEN_DNSSEC_STRIPPED STRING_ARG  */
-#line 1867 "util/configparser.y"
+#line 1869 "util/configparser.y"
         {
 		OUTYY(("P(server_harden_dnssec_stripped:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5016,11 +5018,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 5020 "util/configparser.c"
+#line 5022 "util/configparser.c"
     break;
 
   case 481: /* server_harden_below_nxdomain: VAR_HARDEN_BELOW_NXDOMAIN STRING_ARG  */
-#line 1877 "util/configparser.y"
+#line 1879 "util/configparser.y"
         {
 		OUTYY(("P(server_harden_below_nxdomain:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5029,11 +5031,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 5033 "util/configparser.c"
+#line 5035 "util/configparser.c"
     break;
 
   case 482: /* server_harden_referral_path: VAR_HARDEN_REFERRAL_PATH STRING_ARG  */
-#line 1887 "util/configparser.y"
+#line 1889 "util/configparser.y"
         {
 		OUTYY(("P(server_harden_referral_path:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5042,11 +5044,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 5046 "util/configparser.c"
+#line 5048 "util/configparser.c"
     break;
 
   case 483: /* server_harden_algo_downgrade: VAR_HARDEN_ALGO_DOWNGRADE STRING_ARG  */
-#line 1897 "util/configparser.y"
+#line 1899 "util/configparser.y"
         {
 		OUTYY(("P(server_harden_algo_downgrade:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5055,11 +5057,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 5059 "util/configparser.c"
+#line 5061 "util/configparser.c"
     break;
 
   case 484: /* server_harden_unknown_additional: VAR_HARDEN_UNKNOWN_ADDITIONAL STRING_ARG  */
-#line 1907 "util/configparser.y"
+#line 1909 "util/configparser.y"
         {
 		OUTYY(("P(server_harden_unknown_additional:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5068,11 +5070,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 5072 "util/configparser.c"
+#line 5074 "util/configparser.c"
     break;
 
   case 485: /* server_use_caps_for_id: VAR_USE_CAPS_FOR_ID STRING_ARG  */
-#line 1917 "util/configparser.y"
+#line 1919 "util/configparser.y"
         {
 		OUTYY(("P(server_use_caps_for_id:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5081,41 +5083,41 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 5085 "util/configparser.c"
+#line 5087 "util/configparser.c"
     break;
 
   case 486: /* server_caps_whitelist: VAR_CAPS_WHITELIST STRING_ARG  */
-#line 1927 "util/configparser.y"
+#line 1929 "util/configparser.y"
         {
 		OUTYY(("P(server_caps_whitelist:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_insert(&cfg_parser->cfg->caps_whitelist, (yyvsp[0].str)))
 			yyerror("out of memory");
 	}
-#line 5095 "util/configparser.c"
+#line 5097 "util/configparser.c"
     break;
 
   case 487: /* server_private_address: VAR_PRIVATE_ADDRESS STRING_ARG  */
-#line 1934 "util/configparser.y"
+#line 1936 "util/configparser.y"
         {
 		OUTYY(("P(server_private_address:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_insert(&cfg_parser->cfg->private_address, (yyvsp[0].str)))
 			yyerror("out of memory");
 	}
-#line 5105 "util/configparser.c"
+#line 5107 "util/configparser.c"
     break;
 
   case 488: /* server_private_domain: VAR_PRIVATE_DOMAIN STRING_ARG  */
-#line 1941 "util/configparser.y"
+#line 1943 "util/configparser.y"
         {
 		OUTYY(("P(server_private_domain:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_insert(&cfg_parser->cfg->private_domain, (yyvsp[0].str)))
 			yyerror("out of memory");
 	}
-#line 5115 "util/configparser.c"
+#line 5117 "util/configparser.c"
     break;
 
   case 489: /* server_prefetch: VAR_PREFETCH STRING_ARG  */
-#line 1948 "util/configparser.y"
+#line 1950 "util/configparser.y"
         {
 		OUTYY(("P(server_prefetch:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5123,11 +5125,11 @@ yyreduce:
 		else cfg_parser->cfg->prefetch = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 5127 "util/configparser.c"
+#line 5129 "util/configparser.c"
     break;
 
   case 490: /* server_prefetch_key: VAR_PREFETCH_KEY STRING_ARG  */
-#line 1957 "util/configparser.y"
+#line 1959 "util/configparser.y"
         {
 		OUTYY(("P(server_prefetch_key:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5135,11 +5137,11 @@ yyreduce:
 		else cfg_parser->cfg->prefetch_key = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 5139 "util/configparser.c"
+#line 5141 "util/configparser.c"
     break;
 
   case 491: /* server_deny_any: VAR_DENY_ANY STRING_ARG  */
-#line 1966 "util/configparser.y"
+#line 1968 "util/configparser.y"
         {
 		OUTYY(("P(server_deny_any:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5147,11 +5149,11 @@ yyreduce:
 		else cfg_parser->cfg->deny_any = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 5151 "util/configparser.c"
+#line 5153 "util/configparser.c"
     break;
 
   case 492: /* server_unwanted_reply_threshold: VAR_UNWANTED_REPLY_THRESHOLD STRING_ARG  */
-#line 1975 "util/configparser.y"
+#line 1977 "util/configparser.y"
         {
 		OUTYY(("P(server_unwanted_reply_threshold:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -5159,21 +5161,21 @@ yyreduce:
 		else cfg_parser->cfg->unwanted_threshold = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 5163 "util/configparser.c"
+#line 5165 "util/configparser.c"
     break;
 
   case 493: /* server_do_not_query_address: VAR_DO_NOT_QUERY_ADDRESS STRING_ARG  */
-#line 1984 "util/configparser.y"
+#line 1986 "util/configparser.y"
         {
 		OUTYY(("P(server_do_not_query_address:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_insert(&cfg_parser->cfg->donotqueryaddrs, (yyvsp[0].str)))
 			yyerror("out of memory");
 	}
-#line 5173 "util/configparser.c"
+#line 5175 "util/configparser.c"
     break;
 
   case 494: /* server_do_not_query_localhost: VAR_DO_NOT_QUERY_LOCALHOST STRING_ARG  */
-#line 1991 "util/configparser.y"
+#line 1993 "util/configparser.y"
         {
 		OUTYY(("P(server_do_not_query_localhost:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5182,22 +5184,22 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 5186 "util/configparser.c"
+#line 5188 "util/configparser.c"
     break;
 
   case 495: /* server_access_control: VAR_ACCESS_CONTROL STRING_ARG STRING_ARG  */
-#line 2001 "util/configparser.y"
+#line 2003 "util/configparser.y"
         {
 		OUTYY(("P(server_access_control:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str)));
 		validate_acl_action((yyvsp[0].str));
 		if(!cfg_str2list_insert(&cfg_parser->cfg->acls, (yyvsp[-1].str), (yyvsp[0].str)))
 			fatal_exit("out of memory adding acl");
 	}
-#line 5197 "util/configparser.c"
+#line 5199 "util/configparser.c"
     break;
 
   case 496: /* server_interface_action: VAR_INTERFACE_ACTION STRING_ARG STRING_ARG  */
-#line 2009 "util/configparser.y"
+#line 2011 "util/configparser.y"
         {
 		OUTYY(("P(server_interface_action:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str)));
 		validate_acl_action((yyvsp[0].str));
@@ -5205,21 +5207,21 @@ yyreduce:
 			&cfg_parser->cfg->interface_actions, (yyvsp[-1].str), (yyvsp[0].str)))
 			fatal_exit("out of memory adding acl");
 	}
-#line 5209 "util/configparser.c"
+#line 5211 "util/configparser.c"
     break;
 
   case 497: /* server_module_conf: VAR_MODULE_CONF STRING_ARG  */
-#line 2018 "util/configparser.y"
+#line 2020 "util/configparser.y"
         {
 		OUTYY(("P(server_module_conf:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->module_conf);
 		cfg_parser->cfg->module_conf = (yyvsp[0].str);
 	}
-#line 5219 "util/configparser.c"
+#line 5221 "util/configparser.c"
     break;
 
   case 498: /* server_val_override_date: VAR_VAL_OVERRIDE_DATE STRING_ARG  */
-#line 2025 "util/configparser.y"
+#line 2027 "util/configparser.y"
         {
 		OUTYY(("P(server_val_override_date:%s)\n", (yyvsp[0].str)));
 		if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) {
@@ -5236,11 +5238,11 @@ yyreduce:
 		}
 		free((yyvsp[0].str));
 	}
-#line 5240 "util/configparser.c"
+#line 5242 "util/configparser.c"
     break;
 
   case 499: /* server_val_sig_skew_min: VAR_VAL_SIG_SKEW_MIN STRING_ARG  */
-#line 2043 "util/configparser.y"
+#line 2045 "util/configparser.y"
         {
 		OUTYY(("P(server_val_sig_skew_min:%s)\n", (yyvsp[0].str)));
 		if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) {
@@ -5252,11 +5254,11 @@ yyreduce:
 		}
 		free((yyvsp[0].str));
 	}
-#line 5256 "util/configparser.c"
+#line 5258 "util/configparser.c"
     break;
 
   case 500: /* server_val_sig_skew_max: VAR_VAL_SIG_SKEW_MAX STRING_ARG  */
-#line 2056 "util/configparser.y"
+#line 2058 "util/configparser.y"
         {
 		OUTYY(("P(server_val_sig_skew_max:%s)\n", (yyvsp[0].str)));
 		if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) {
@@ -5268,11 +5270,11 @@ yyreduce:
 		}
 		free((yyvsp[0].str));
 	}
-#line 5272 "util/configparser.c"
+#line 5274 "util/configparser.c"
     break;
 
   case 501: /* server_val_max_restart: VAR_VAL_MAX_RESTART STRING_ARG  */
-#line 2069 "util/configparser.y"
+#line 2071 "util/configparser.y"
         {
 		OUTYY(("P(server_val_max_restart:%s)\n", (yyvsp[0].str)));
 		if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) {
@@ -5284,11 +5286,11 @@ yyreduce:
 		}
 		free((yyvsp[0].str));
 	}
-#line 5288 "util/configparser.c"
+#line 5290 "util/configparser.c"
     break;
 
   case 502: /* server_cache_max_ttl: VAR_CACHE_MAX_TTL STRING_ARG  */
-#line 2082 "util/configparser.y"
+#line 2084 "util/configparser.y"
         {
 		OUTYY(("P(server_cache_max_ttl:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -5296,11 +5298,11 @@ yyreduce:
 		else cfg_parser->cfg->max_ttl = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 5300 "util/configparser.c"
+#line 5302 "util/configparser.c"
     break;
 
   case 503: /* server_cache_max_negative_ttl: VAR_CACHE_MAX_NEGATIVE_TTL STRING_ARG  */
-#line 2091 "util/configparser.y"
+#line 2093 "util/configparser.y"
         {
 		OUTYY(("P(server_cache_max_negative_ttl:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -5308,11 +5310,11 @@ yyreduce:
 		else cfg_parser->cfg->max_negative_ttl = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 5312 "util/configparser.c"
+#line 5314 "util/configparser.c"
     break;
 
   case 504: /* server_cache_min_negative_ttl: VAR_CACHE_MIN_NEGATIVE_TTL STRING_ARG  */
-#line 2100 "util/configparser.y"
+#line 2102 "util/configparser.y"
         {
 		OUTYY(("P(server_cache_min_negative_ttl:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -5320,11 +5322,11 @@ yyreduce:
 		else cfg_parser->cfg->min_negative_ttl = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 5324 "util/configparser.c"
+#line 5326 "util/configparser.c"
     break;
 
   case 505: /* server_cache_min_ttl: VAR_CACHE_MIN_TTL STRING_ARG  */
-#line 2109 "util/configparser.y"
+#line 2111 "util/configparser.y"
         {
 		OUTYY(("P(server_cache_min_ttl:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -5332,11 +5334,11 @@ yyreduce:
 		else cfg_parser->cfg->min_ttl = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 5336 "util/configparser.c"
+#line 5338 "util/configparser.c"
     break;
 
   case 506: /* server_bogus_ttl: VAR_BOGUS_TTL STRING_ARG  */
-#line 2118 "util/configparser.y"
+#line 2120 "util/configparser.y"
         {
 		OUTYY(("P(server_bogus_ttl:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -5344,11 +5346,11 @@ yyreduce:
 		else cfg_parser->cfg->bogus_ttl = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 5348 "util/configparser.c"
+#line 5350 "util/configparser.c"
     break;
 
   case 507: /* server_val_clean_additional: VAR_VAL_CLEAN_ADDITIONAL STRING_ARG  */
-#line 2127 "util/configparser.y"
+#line 2129 "util/configparser.y"
         {
 		OUTYY(("P(server_val_clean_additional:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5357,11 +5359,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 5361 "util/configparser.c"
+#line 5363 "util/configparser.c"
     break;
 
   case 508: /* server_val_permissive_mode: VAR_VAL_PERMISSIVE_MODE STRING_ARG  */
-#line 2137 "util/configparser.y"
+#line 2139 "util/configparser.y"
         {
 		OUTYY(("P(server_val_permissive_mode:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5370,11 +5372,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 5374 "util/configparser.c"
+#line 5376 "util/configparser.c"
     break;
 
   case 509: /* server_aggressive_nsec: VAR_AGGRESSIVE_NSEC STRING_ARG  */
-#line 2147 "util/configparser.y"
+#line 2149 "util/configparser.y"
         {
 		OUTYY(("P(server_aggressive_nsec:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5384,11 +5386,11 @@ yyreduce:
 				(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 5388 "util/configparser.c"
+#line 5390 "util/configparser.c"
     break;
 
   case 510: /* server_ignore_cd_flag: VAR_IGNORE_CD_FLAG STRING_ARG  */
-#line 2158 "util/configparser.y"
+#line 2160 "util/configparser.y"
         {
 		OUTYY(("P(server_ignore_cd_flag:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5396,11 +5398,11 @@ yyreduce:
 		else cfg_parser->cfg->ignore_cd = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 5400 "util/configparser.c"
+#line 5402 "util/configparser.c"
     break;
 
   case 511: /* server_disable_edns_do: VAR_DISABLE_EDNS_DO STRING_ARG  */
-#line 2167 "util/configparser.y"
+#line 2169 "util/configparser.y"
         {
 		OUTYY(("P(server_disable_edns_do:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5408,11 +5410,11 @@ yyreduce:
 		else cfg_parser->cfg->disable_edns_do = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 5412 "util/configparser.c"
+#line 5414 "util/configparser.c"
     break;
 
   case 512: /* server_serve_expired: VAR_SERVE_EXPIRED STRING_ARG  */
-#line 2176 "util/configparser.y"
+#line 2178 "util/configparser.y"
         {
 		OUTYY(("P(server_serve_expired:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5420,11 +5422,11 @@ yyreduce:
 		else cfg_parser->cfg->serve_expired = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 5424 "util/configparser.c"
+#line 5426 "util/configparser.c"
     break;
 
   case 513: /* server_serve_expired_ttl: VAR_SERVE_EXPIRED_TTL STRING_ARG  */
-#line 2185 "util/configparser.y"
+#line 2187 "util/configparser.y"
         {
 		OUTYY(("P(server_serve_expired_ttl:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -5432,11 +5434,11 @@ yyreduce:
 		else cfg_parser->cfg->serve_expired_ttl = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 5436 "util/configparser.c"
+#line 5438 "util/configparser.c"
     break;
 
   case 514: /* server_serve_expired_ttl_reset: VAR_SERVE_EXPIRED_TTL_RESET STRING_ARG  */
-#line 2194 "util/configparser.y"
+#line 2196 "util/configparser.y"
         {
 		OUTYY(("P(server_serve_expired_ttl_reset:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5444,11 +5446,11 @@ yyreduce:
 		else cfg_parser->cfg->serve_expired_ttl_reset = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 5448 "util/configparser.c"
+#line 5450 "util/configparser.c"
     break;
 
   case 515: /* server_serve_expired_reply_ttl: VAR_SERVE_EXPIRED_REPLY_TTL STRING_ARG  */
-#line 2203 "util/configparser.y"
+#line 2205 "util/configparser.y"
         {
 		OUTYY(("P(server_serve_expired_reply_ttl:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -5456,11 +5458,11 @@ yyreduce:
 		else cfg_parser->cfg->serve_expired_reply_ttl = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 5460 "util/configparser.c"
+#line 5462 "util/configparser.c"
     break;
 
   case 516: /* server_serve_expired_client_timeout: VAR_SERVE_EXPIRED_CLIENT_TIMEOUT STRING_ARG  */
-#line 2212 "util/configparser.y"
+#line 2214 "util/configparser.y"
         {
 		OUTYY(("P(server_serve_expired_client_timeout:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -5468,11 +5470,11 @@ yyreduce:
 		else cfg_parser->cfg->serve_expired_client_timeout = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 5472 "util/configparser.c"
+#line 5474 "util/configparser.c"
     break;
 
   case 517: /* server_ede_serve_expired: VAR_EDE_SERVE_EXPIRED STRING_ARG  */
-#line 2221 "util/configparser.y"
+#line 2223 "util/configparser.y"
         {
 		OUTYY(("P(server_ede_serve_expired:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5480,11 +5482,11 @@ yyreduce:
 		else cfg_parser->cfg->ede_serve_expired = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 5484 "util/configparser.c"
+#line 5486 "util/configparser.c"
     break;
 
   case 518: /* server_serve_original_ttl: VAR_SERVE_ORIGINAL_TTL STRING_ARG  */
-#line 2230 "util/configparser.y"
+#line 2232 "util/configparser.y"
         {
 		OUTYY(("P(server_serve_original_ttl:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5492,11 +5494,11 @@ yyreduce:
 		else cfg_parser->cfg->serve_original_ttl = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 5496 "util/configparser.c"
+#line 5498 "util/configparser.c"
     break;
 
   case 519: /* server_fake_dsa: VAR_FAKE_DSA STRING_ARG  */
-#line 2239 "util/configparser.y"
+#line 2241 "util/configparser.y"
         {
 		OUTYY(("P(server_fake_dsa:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5508,11 +5510,11 @@ yyreduce:
 #endif
 		free((yyvsp[0].str));
 	}
-#line 5512 "util/configparser.c"
+#line 5514 "util/configparser.c"
     break;
 
   case 520: /* server_fake_sha1: VAR_FAKE_SHA1 STRING_ARG  */
-#line 2252 "util/configparser.y"
+#line 2254 "util/configparser.y"
         {
 		OUTYY(("P(server_fake_sha1:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5524,11 +5526,11 @@ yyreduce:
 #endif
 		free((yyvsp[0].str));
 	}
-#line 5528 "util/configparser.c"
+#line 5530 "util/configparser.c"
     break;
 
   case 521: /* server_val_log_level: VAR_VAL_LOG_LEVEL STRING_ARG  */
-#line 2265 "util/configparser.y"
+#line 2267 "util/configparser.y"
         {
 		OUTYY(("P(server_val_log_level:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -5536,21 +5538,21 @@ yyreduce:
 		else cfg_parser->cfg->val_log_level = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 5540 "util/configparser.c"
+#line 5542 "util/configparser.c"
     break;
 
   case 522: /* server_val_nsec3_keysize_iterations: VAR_VAL_NSEC3_KEYSIZE_ITERATIONS STRING_ARG  */
-#line 2274 "util/configparser.y"
+#line 2276 "util/configparser.y"
         {
 		OUTYY(("P(server_val_nsec3_keysize_iterations:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->val_nsec3_key_iterations);
 		cfg_parser->cfg->val_nsec3_key_iterations = (yyvsp[0].str);
 	}
-#line 5550 "util/configparser.c"
+#line 5552 "util/configparser.c"
     break;
 
   case 523: /* server_zonemd_permissive_mode: VAR_ZONEMD_PERMISSIVE_MODE STRING_ARG  */
-#line 2281 "util/configparser.y"
+#line 2283 "util/configparser.y"
         {
 		OUTYY(("P(server_zonemd_permissive_mode:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5558,11 +5560,11 @@ yyreduce:
 		else	cfg_parser->cfg->zonemd_permissive_mode = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 5562 "util/configparser.c"
+#line 5564 "util/configparser.c"
     break;
 
   case 524: /* server_add_holddown: VAR_ADD_HOLDDOWN STRING_ARG  */
-#line 2290 "util/configparser.y"
+#line 2292 "util/configparser.y"
         {
 		OUTYY(("P(server_add_holddown:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -5570,11 +5572,11 @@ yyreduce:
 		else cfg_parser->cfg->add_holddown = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 5574 "util/configparser.c"
+#line 5576 "util/configparser.c"
     break;
 
   case 525: /* server_del_holddown: VAR_DEL_HOLDDOWN STRING_ARG  */
-#line 2299 "util/configparser.y"
+#line 2301 "util/configparser.y"
         {
 		OUTYY(("P(server_del_holddown:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -5582,11 +5584,11 @@ yyreduce:
 		else cfg_parser->cfg->del_holddown = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 5586 "util/configparser.c"
+#line 5588 "util/configparser.c"
     break;
 
   case 526: /* server_keep_missing: VAR_KEEP_MISSING STRING_ARG  */
-#line 2308 "util/configparser.y"
+#line 2310 "util/configparser.y"
         {
 		OUTYY(("P(server_keep_missing:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -5594,11 +5596,11 @@ yyreduce:
 		else cfg_parser->cfg->keep_missing = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 5598 "util/configparser.c"
+#line 5600 "util/configparser.c"
     break;
 
   case 527: /* server_permit_small_holddown: VAR_PERMIT_SMALL_HOLDDOWN STRING_ARG  */
-#line 2317 "util/configparser.y"
+#line 2319 "util/configparser.y"
         {
 		OUTYY(("P(server_permit_small_holddown:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5607,22 +5609,22 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 5611 "util/configparser.c"
+#line 5613 "util/configparser.c"
     break;
 
   case 528: /* server_key_cache_size: VAR_KEY_CACHE_SIZE STRING_ARG  */
-#line 2327 "util/configparser.y"
+#line 2329 "util/configparser.y"
         {
 		OUTYY(("P(server_key_cache_size:%s)\n", (yyvsp[0].str)));
 		if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->key_cache_size))
 			yyerror("memory size expected");
 		free((yyvsp[0].str));
 	}
-#line 5622 "util/configparser.c"
+#line 5624 "util/configparser.c"
     break;
 
   case 529: /* server_key_cache_slabs: VAR_KEY_CACHE_SLABS STRING_ARG  */
-#line 2335 "util/configparser.y"
+#line 2337 "util/configparser.y"
         {
 		OUTYY(("P(server_key_cache_slabs:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0) {
@@ -5634,22 +5636,22 @@ yyreduce:
 		}
 		free((yyvsp[0].str));
 	}
-#line 5638 "util/configparser.c"
+#line 5640 "util/configparser.c"
     break;
 
   case 530: /* server_neg_cache_size: VAR_NEG_CACHE_SIZE STRING_ARG  */
-#line 2348 "util/configparser.y"
+#line 2350 "util/configparser.y"
         {
 		OUTYY(("P(server_neg_cache_size:%s)\n", (yyvsp[0].str)));
 		if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->neg_cache_size))
 			yyerror("memory size expected");
 		free((yyvsp[0].str));
 	}
-#line 5649 "util/configparser.c"
+#line 5651 "util/configparser.c"
     break;
 
   case 531: /* server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG  */
-#line 2356 "util/configparser.y"
+#line 2358 "util/configparser.y"
         {
 		OUTYY(("P(server_local_zone:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "static")!=0 && strcmp((yyvsp[0].str), "deny")!=0 &&
@@ -5704,21 +5706,21 @@ yyreduce:
 				fatal_exit("out of memory adding local-zone");
 		}
 	}
-#line 5708 "util/configparser.c"
+#line 5710 "util/configparser.c"
     break;
 
   case 532: /* server_local_data: VAR_LOCAL_DATA STRING_ARG  */
-#line 2412 "util/configparser.y"
+#line 2414 "util/configparser.y"
         {
 		OUTYY(("P(server_local_data:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, (yyvsp[0].str)))
 			fatal_exit("out of memory adding local-data");
 	}
-#line 5718 "util/configparser.c"
+#line 5720 "util/configparser.c"
     break;
 
   case 533: /* server_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG  */
-#line 2419 "util/configparser.y"
+#line 2421 "util/configparser.y"
         {
 		char* ptr;
 		OUTYY(("P(server_local_data_ptr:%s)\n", (yyvsp[0].str)));
@@ -5732,11 +5734,11 @@ yyreduce:
 			yyerror("local-data-ptr could not be reversed");
 		}
 	}
-#line 5736 "util/configparser.c"
+#line 5738 "util/configparser.c"
     break;
 
   case 534: /* server_minimal_responses: VAR_MINIMAL_RESPONSES STRING_ARG  */
-#line 2434 "util/configparser.y"
+#line 2436 "util/configparser.y"
         {
 		OUTYY(("P(server_minimal_responses:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5745,11 +5747,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 5749 "util/configparser.c"
+#line 5751 "util/configparser.c"
     break;
 
   case 535: /* server_rrset_roundrobin: VAR_RRSET_ROUNDROBIN STRING_ARG  */
-#line 2444 "util/configparser.y"
+#line 2446 "util/configparser.y"
         {
 		OUTYY(("P(server_rrset_roundrobin:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5758,51 +5760,51 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 5762 "util/configparser.c"
+#line 5764 "util/configparser.c"
     break;
 
   case 536: /* server_unknown_server_time_limit: VAR_UNKNOWN_SERVER_TIME_LIMIT STRING_ARG  */
-#line 2454 "util/configparser.y"
+#line 2456 "util/configparser.y"
         {
 		OUTYY(("P(server_unknown_server_time_limit:%s)\n", (yyvsp[0].str)));
 		cfg_parser->cfg->unknown_server_time_limit = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 5772 "util/configparser.c"
+#line 5774 "util/configparser.c"
     break;
 
   case 537: /* server_discard_timeout: VAR_DISCARD_TIMEOUT STRING_ARG  */
-#line 2461 "util/configparser.y"
+#line 2463 "util/configparser.y"
         {
 		OUTYY(("P(server_discard_timeout:%s)\n", (yyvsp[0].str)));
 		cfg_parser->cfg->discard_timeout = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 5782 "util/configparser.c"
+#line 5784 "util/configparser.c"
     break;
 
   case 538: /* server_wait_limit: VAR_WAIT_LIMIT STRING_ARG  */
-#line 2468 "util/configparser.y"
+#line 2470 "util/configparser.y"
         {
 		OUTYY(("P(server_wait_limit:%s)\n", (yyvsp[0].str)));
 		cfg_parser->cfg->wait_limit = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 5792 "util/configparser.c"
+#line 5794 "util/configparser.c"
     break;
 
   case 539: /* server_wait_limit_cookie: VAR_WAIT_LIMIT_COOKIE STRING_ARG  */
-#line 2475 "util/configparser.y"
+#line 2477 "util/configparser.y"
         {
 		OUTYY(("P(server_wait_limit_cookie:%s)\n", (yyvsp[0].str)));
 		cfg_parser->cfg->wait_limit_cookie = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 5802 "util/configparser.c"
+#line 5804 "util/configparser.c"
     break;
 
   case 540: /* server_wait_limit_netblock: VAR_WAIT_LIMIT_NETBLOCK STRING_ARG STRING_ARG  */
-#line 2482 "util/configparser.y"
+#line 2484 "util/configparser.y"
         {
 		OUTYY(("P(server_wait_limit_netblock:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) {
@@ -5816,11 +5818,11 @@ yyreduce:
 					"wait-limit-netblock");
 		}
 	}
-#line 5820 "util/configparser.c"
+#line 5822 "util/configparser.c"
     break;
 
   case 541: /* server_wait_limit_cookie_netblock: VAR_WAIT_LIMIT_COOKIE_NETBLOCK STRING_ARG STRING_ARG  */
-#line 2497 "util/configparser.y"
+#line 2499 "util/configparser.y"
         {
 		OUTYY(("P(server_wait_limit_cookie_netblock:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) {
@@ -5834,31 +5836,31 @@ yyreduce:
 					"wait-limit-cookie-netblock");
 		}
 	}
-#line 5838 "util/configparser.c"
+#line 5840 "util/configparser.c"
     break;
 
   case 542: /* server_max_udp_size: VAR_MAX_UDP_SIZE STRING_ARG  */
-#line 2512 "util/configparser.y"
+#line 2514 "util/configparser.y"
         {
 		OUTYY(("P(server_max_udp_size:%s)\n", (yyvsp[0].str)));
 		cfg_parser->cfg->max_udp_size = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 5848 "util/configparser.c"
+#line 5850 "util/configparser.c"
     break;
 
   case 543: /* server_dns64_prefix: VAR_DNS64_PREFIX STRING_ARG  */
-#line 2519 "util/configparser.y"
+#line 2521 "util/configparser.y"
         {
 		OUTYY(("P(dns64_prefix:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->dns64_prefix);
 		cfg_parser->cfg->dns64_prefix = (yyvsp[0].str);
 	}
-#line 5858 "util/configparser.c"
+#line 5860 "util/configparser.c"
     break;
 
   case 544: /* server_dns64_synthall: VAR_DNS64_SYNTHALL STRING_ARG  */
-#line 2526 "util/configparser.y"
+#line 2528 "util/configparser.y"
         {
 		OUTYY(("P(server_dns64_synthall:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -5866,32 +5868,32 @@ yyreduce:
 		else cfg_parser->cfg->dns64_synthall = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 5870 "util/configparser.c"
+#line 5872 "util/configparser.c"
     break;
 
   case 545: /* server_dns64_ignore_aaaa: VAR_DNS64_IGNORE_AAAA STRING_ARG  */
-#line 2535 "util/configparser.y"
+#line 2537 "util/configparser.y"
         {
 		OUTYY(("P(dns64_ignore_aaaa:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_insert(&cfg_parser->cfg->dns64_ignore_aaaa,
 			(yyvsp[0].str)))
 			fatal_exit("out of memory adding dns64-ignore-aaaa");
 	}
-#line 5881 "util/configparser.c"
+#line 5883 "util/configparser.c"
     break;
 
   case 546: /* server_nat64_prefix: VAR_NAT64_PREFIX STRING_ARG  */
-#line 2543 "util/configparser.y"
+#line 2545 "util/configparser.y"
         {
 		OUTYY(("P(nat64_prefix:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->nat64_prefix);
 		cfg_parser->cfg->nat64_prefix = (yyvsp[0].str);
 	}
-#line 5891 "util/configparser.c"
+#line 5893 "util/configparser.c"
     break;
 
   case 547: /* server_define_tag: VAR_DEFINE_TAG STRING_ARG  */
-#line 2550 "util/configparser.y"
+#line 2552 "util/configparser.y"
         {
 		char* p, *s = (yyvsp[0].str);
 		OUTYY(("P(server_define_tag:%s)\n", (yyvsp[0].str)));
@@ -5904,11 +5906,11 @@ yyreduce:
 		}
 		free((yyvsp[0].str));
 	}
-#line 5908 "util/configparser.c"
+#line 5910 "util/configparser.c"
     break;
 
   case 548: /* server_local_zone_tag: VAR_LOCAL_ZONE_TAG STRING_ARG STRING_ARG  */
-#line 2564 "util/configparser.y"
+#line 2566 "util/configparser.y"
         {
 		size_t len = 0;
 		uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str),
@@ -5928,11 +5930,11 @@ yyreduce:
 			}
 		}
 	}
-#line 5932 "util/configparser.c"
+#line 5934 "util/configparser.c"
     break;
 
   case 549: /* server_access_control_tag: VAR_ACCESS_CONTROL_TAG STRING_ARG STRING_ARG  */
-#line 2585 "util/configparser.y"
+#line 2587 "util/configparser.y"
         {
 		size_t len = 0;
 		uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str),
@@ -5952,11 +5954,11 @@ yyreduce:
 			}
 		}
 	}
-#line 5956 "util/configparser.c"
+#line 5958 "util/configparser.c"
     break;
 
   case 550: /* server_access_control_tag_action: VAR_ACCESS_CONTROL_TAG_ACTION STRING_ARG STRING_ARG STRING_ARG  */
-#line 2606 "util/configparser.y"
+#line 2608 "util/configparser.y"
         {
 		OUTYY(("P(server_access_control_tag_action:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str)));
 		if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_actions,
@@ -5967,11 +5969,11 @@ yyreduce:
 			free((yyvsp[0].str));
 		}
 	}
-#line 5971 "util/configparser.c"
+#line 5973 "util/configparser.c"
     break;
 
   case 551: /* server_access_control_tag_data: VAR_ACCESS_CONTROL_TAG_DATA STRING_ARG STRING_ARG STRING_ARG  */
-#line 2618 "util/configparser.y"
+#line 2620 "util/configparser.y"
         {
 		OUTYY(("P(server_access_control_tag_data:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str)));
 		if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_datas,
@@ -5982,11 +5984,11 @@ yyreduce:
 			free((yyvsp[0].str));
 		}
 	}
-#line 5986 "util/configparser.c"
+#line 5988 "util/configparser.c"
     break;
 
   case 552: /* server_local_zone_override: VAR_LOCAL_ZONE_OVERRIDE STRING_ARG STRING_ARG STRING_ARG  */
-#line 2630 "util/configparser.y"
+#line 2632 "util/configparser.y"
         {
 		OUTYY(("P(server_local_zone_override:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str)));
 		if(!cfg_str3list_insert(&cfg_parser->cfg->local_zone_overrides,
@@ -5997,11 +5999,11 @@ yyreduce:
 			free((yyvsp[0].str));
 		}
 	}
-#line 6001 "util/configparser.c"
+#line 6003 "util/configparser.c"
     break;
 
   case 553: /* server_access_control_view: VAR_ACCESS_CONTROL_VIEW STRING_ARG STRING_ARG  */
-#line 2642 "util/configparser.y"
+#line 2644 "util/configparser.y"
         {
 		OUTYY(("P(server_access_control_view:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str)));
 		if(!cfg_str2list_insert(&cfg_parser->cfg->acl_view,
@@ -6009,11 +6011,11 @@ yyreduce:
 			yyerror("out of memory");
 		}
 	}
-#line 6013 "util/configparser.c"
+#line 6015 "util/configparser.c"
     break;
 
   case 554: /* server_interface_tag: VAR_INTERFACE_TAG STRING_ARG STRING_ARG  */
-#line 2651 "util/configparser.y"
+#line 2653 "util/configparser.y"
         {
 		size_t len = 0;
 		uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str),
@@ -6033,11 +6035,11 @@ yyreduce:
 			}
 		}
 	}
-#line 6037 "util/configparser.c"
+#line 6039 "util/configparser.c"
     break;
 
   case 555: /* server_interface_tag_action: VAR_INTERFACE_TAG_ACTION STRING_ARG STRING_ARG STRING_ARG  */
-#line 2672 "util/configparser.y"
+#line 2674 "util/configparser.y"
         {
 		OUTYY(("P(server_interface_tag_action:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str)));
 		if(!cfg_str3list_insert(&cfg_parser->cfg->interface_tag_actions,
@@ -6048,11 +6050,11 @@ yyreduce:
 			free((yyvsp[0].str));
 		}
 	}
-#line 6052 "util/configparser.c"
+#line 6054 "util/configparser.c"
     break;
 
   case 556: /* server_interface_tag_data: VAR_INTERFACE_TAG_DATA STRING_ARG STRING_ARG STRING_ARG  */
-#line 2684 "util/configparser.y"
+#line 2686 "util/configparser.y"
         {
 		OUTYY(("P(server_interface_tag_data:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str)));
 		if(!cfg_str3list_insert(&cfg_parser->cfg->interface_tag_datas,
@@ -6063,11 +6065,11 @@ yyreduce:
 			free((yyvsp[0].str));
 		}
 	}
-#line 6067 "util/configparser.c"
+#line 6069 "util/configparser.c"
     break;
 
   case 557: /* server_interface_view: VAR_INTERFACE_VIEW STRING_ARG STRING_ARG  */
-#line 2696 "util/configparser.y"
+#line 2698 "util/configparser.y"
         {
 		OUTYY(("P(server_interface_view:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str)));
 		if(!cfg_str2list_insert(&cfg_parser->cfg->interface_view,
@@ -6075,11 +6077,11 @@ yyreduce:
 			yyerror("out of memory");
 		}
 	}
-#line 6079 "util/configparser.c"
+#line 6081 "util/configparser.c"
     break;
 
   case 558: /* server_response_ip_tag: VAR_RESPONSE_IP_TAG STRING_ARG STRING_ARG  */
-#line 2705 "util/configparser.y"
+#line 2707 "util/configparser.y"
         {
 		size_t len = 0;
 		uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str),
@@ -6099,11 +6101,11 @@ yyreduce:
 			}
 		}
 	}
-#line 6103 "util/configparser.c"
+#line 6105 "util/configparser.c"
     break;
 
   case 559: /* server_ip_ratelimit: VAR_IP_RATELIMIT STRING_ARG  */
-#line 2726 "util/configparser.y"
+#line 2728 "util/configparser.y"
         {
 		OUTYY(("P(server_ip_ratelimit:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -6111,11 +6113,11 @@ yyreduce:
 		else cfg_parser->cfg->ip_ratelimit = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 6115 "util/configparser.c"
+#line 6117 "util/configparser.c"
     break;
 
   case 560: /* server_ip_ratelimit_cookie: VAR_IP_RATELIMIT_COOKIE STRING_ARG  */
-#line 2735 "util/configparser.y"
+#line 2737 "util/configparser.y"
         {
 		OUTYY(("P(server_ip_ratelimit_cookie:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -6123,11 +6125,11 @@ yyreduce:
 		else cfg_parser->cfg->ip_ratelimit_cookie = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 6127 "util/configparser.c"
+#line 6129 "util/configparser.c"
     break;
 
   case 561: /* server_ratelimit: VAR_RATELIMIT STRING_ARG  */
-#line 2744 "util/configparser.y"
+#line 2746 "util/configparser.y"
         {
 		OUTYY(("P(server_ratelimit:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -6135,33 +6137,33 @@ yyreduce:
 		else cfg_parser->cfg->ratelimit = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 6139 "util/configparser.c"
+#line 6141 "util/configparser.c"
     break;
 
   case 562: /* server_ip_ratelimit_size: VAR_IP_RATELIMIT_SIZE STRING_ARG  */
-#line 2753 "util/configparser.y"
+#line 2755 "util/configparser.y"
         {
 		OUTYY(("P(server_ip_ratelimit_size:%s)\n", (yyvsp[0].str)));
 		if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->ip_ratelimit_size))
 			yyerror("memory size expected");
 		free((yyvsp[0].str));
 	}
-#line 6150 "util/configparser.c"
+#line 6152 "util/configparser.c"
     break;
 
   case 563: /* server_ratelimit_size: VAR_RATELIMIT_SIZE STRING_ARG  */
-#line 2761 "util/configparser.y"
+#line 2763 "util/configparser.y"
         {
 		OUTYY(("P(server_ratelimit_size:%s)\n", (yyvsp[0].str)));
 		if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->ratelimit_size))
 			yyerror("memory size expected");
 		free((yyvsp[0].str));
 	}
-#line 6161 "util/configparser.c"
+#line 6163 "util/configparser.c"
     break;
 
   case 564: /* server_ip_ratelimit_slabs: VAR_IP_RATELIMIT_SLABS STRING_ARG  */
-#line 2769 "util/configparser.y"
+#line 2771 "util/configparser.y"
         {
 		OUTYY(("P(server_ip_ratelimit_slabs:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0) {
@@ -6173,11 +6175,11 @@ yyreduce:
 		}
 		free((yyvsp[0].str));
 	}
-#line 6177 "util/configparser.c"
+#line 6179 "util/configparser.c"
     break;
 
   case 565: /* server_ratelimit_slabs: VAR_RATELIMIT_SLABS STRING_ARG  */
-#line 2782 "util/configparser.y"
+#line 2784 "util/configparser.y"
         {
 		OUTYY(("P(server_ratelimit_slabs:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0) {
@@ -6189,11 +6191,11 @@ yyreduce:
 		}
 		free((yyvsp[0].str));
 	}
-#line 6193 "util/configparser.c"
+#line 6195 "util/configparser.c"
     break;
 
   case 566: /* server_ratelimit_for_domain: VAR_RATELIMIT_FOR_DOMAIN STRING_ARG STRING_ARG  */
-#line 2795 "util/configparser.y"
+#line 2797 "util/configparser.y"
         {
 		OUTYY(("P(server_ratelimit_for_domain:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) {
@@ -6207,11 +6209,11 @@ yyreduce:
 					"ratelimit-for-domain");
 		}
 	}
-#line 6211 "util/configparser.c"
+#line 6213 "util/configparser.c"
     break;
 
   case 567: /* server_ratelimit_below_domain: VAR_RATELIMIT_BELOW_DOMAIN STRING_ARG STRING_ARG  */
-#line 2810 "util/configparser.y"
+#line 2812 "util/configparser.y"
         {
 		OUTYY(("P(server_ratelimit_below_domain:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) {
@@ -6225,11 +6227,11 @@ yyreduce:
 					"ratelimit-below-domain");
 		}
 	}
-#line 6229 "util/configparser.c"
+#line 6231 "util/configparser.c"
     break;
 
   case 568: /* server_ip_ratelimit_factor: VAR_IP_RATELIMIT_FACTOR STRING_ARG  */
-#line 2825 "util/configparser.y"
+#line 2827 "util/configparser.y"
         {
 		OUTYY(("P(server_ip_ratelimit_factor:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -6237,11 +6239,11 @@ yyreduce:
 		else cfg_parser->cfg->ip_ratelimit_factor = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 6241 "util/configparser.c"
+#line 6243 "util/configparser.c"
     break;
 
   case 569: /* server_ratelimit_factor: VAR_RATELIMIT_FACTOR STRING_ARG  */
-#line 2834 "util/configparser.y"
+#line 2836 "util/configparser.y"
         {
 		OUTYY(("P(server_ratelimit_factor:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -6249,11 +6251,11 @@ yyreduce:
 		else cfg_parser->cfg->ratelimit_factor = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 6253 "util/configparser.c"
+#line 6255 "util/configparser.c"
     break;
 
   case 570: /* server_ip_ratelimit_backoff: VAR_IP_RATELIMIT_BACKOFF STRING_ARG  */
-#line 2843 "util/configparser.y"
+#line 2845 "util/configparser.y"
         {
 		OUTYY(("P(server_ip_ratelimit_backoff:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -6262,11 +6264,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 6266 "util/configparser.c"
+#line 6268 "util/configparser.c"
     break;
 
   case 571: /* server_ratelimit_backoff: VAR_RATELIMIT_BACKOFF STRING_ARG  */
-#line 2853 "util/configparser.y"
+#line 2855 "util/configparser.y"
         {
 		OUTYY(("P(server_ratelimit_backoff:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -6275,11 +6277,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 6279 "util/configparser.c"
+#line 6281 "util/configparser.c"
     break;
 
   case 572: /* server_outbound_msg_retry: VAR_OUTBOUND_MSG_RETRY STRING_ARG  */
-#line 2863 "util/configparser.y"
+#line 2865 "util/configparser.y"
         {
 		OUTYY(("P(server_outbound_msg_retry:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -6287,11 +6289,11 @@ yyreduce:
 		else cfg_parser->cfg->outbound_msg_retry = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 6291 "util/configparser.c"
+#line 6293 "util/configparser.c"
     break;
 
   case 573: /* server_max_sent_count: VAR_MAX_SENT_COUNT STRING_ARG  */
-#line 2872 "util/configparser.y"
+#line 2874 "util/configparser.y"
         {
 		OUTYY(("P(server_max_sent_count:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -6299,11 +6301,11 @@ yyreduce:
 		else cfg_parser->cfg->max_sent_count = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 6303 "util/configparser.c"
+#line 6305 "util/configparser.c"
     break;
 
   case 574: /* server_max_query_restarts: VAR_MAX_QUERY_RESTARTS STRING_ARG  */
-#line 2881 "util/configparser.y"
+#line 2883 "util/configparser.y"
         {
 		OUTYY(("P(server_max_query_restarts:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -6311,20 +6313,20 @@ yyreduce:
 		else cfg_parser->cfg->max_query_restarts = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 6315 "util/configparser.c"
+#line 6317 "util/configparser.c"
     break;
 
   case 575: /* server_low_rtt: VAR_LOW_RTT STRING_ARG  */
-#line 2890 "util/configparser.y"
+#line 2892 "util/configparser.y"
         {
 		OUTYY(("P(low-rtt option is deprecated, use fast-server-num instead)\n"));
 		free((yyvsp[0].str));
 	}
-#line 6324 "util/configparser.c"
+#line 6326 "util/configparser.c"
     break;
 
   case 576: /* server_fast_server_num: VAR_FAST_SERVER_NUM STRING_ARG  */
-#line 2896 "util/configparser.y"
+#line 2898 "util/configparser.y"
         {
 		OUTYY(("P(server_fast_server_num:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) <= 0)
@@ -6332,11 +6334,11 @@ yyreduce:
 		else cfg_parser->cfg->fast_server_num = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 6336 "util/configparser.c"
+#line 6338 "util/configparser.c"
     break;
 
   case 577: /* server_fast_server_permil: VAR_FAST_SERVER_PERMIL STRING_ARG  */
-#line 2905 "util/configparser.y"
+#line 2907 "util/configparser.y"
         {
 		OUTYY(("P(server_fast_server_permil:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -6344,11 +6346,11 @@ yyreduce:
 		else cfg_parser->cfg->fast_server_permil = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 6348 "util/configparser.c"
+#line 6350 "util/configparser.c"
     break;
 
   case 578: /* server_qname_minimisation: VAR_QNAME_MINIMISATION STRING_ARG  */
-#line 2914 "util/configparser.y"
+#line 2916 "util/configparser.y"
         {
 		OUTYY(("P(server_qname_minimisation:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -6357,11 +6359,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 6361 "util/configparser.c"
+#line 6363 "util/configparser.c"
     break;
 
   case 579: /* server_qname_minimisation_strict: VAR_QNAME_MINIMISATION_STRICT STRING_ARG  */
-#line 2924 "util/configparser.y"
+#line 2926 "util/configparser.y"
         {
 		OUTYY(("P(server_qname_minimisation_strict:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -6370,11 +6372,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 6374 "util/configparser.c"
+#line 6376 "util/configparser.c"
     break;
 
   case 580: /* server_pad_responses: VAR_PAD_RESPONSES STRING_ARG  */
-#line 2934 "util/configparser.y"
+#line 2936 "util/configparser.y"
         {
 		OUTYY(("P(server_pad_responses:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -6383,11 +6385,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 6387 "util/configparser.c"
+#line 6389 "util/configparser.c"
     break;
 
   case 581: /* server_pad_responses_block_size: VAR_PAD_RESPONSES_BLOCK_SIZE STRING_ARG  */
-#line 2944 "util/configparser.y"
+#line 2946 "util/configparser.y"
         {
 		OUTYY(("P(server_pad_responses_block_size:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0)
@@ -6395,11 +6397,11 @@ yyreduce:
 		else cfg_parser->cfg->pad_responses_block_size = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 6399 "util/configparser.c"
+#line 6401 "util/configparser.c"
     break;
 
   case 582: /* server_pad_queries: VAR_PAD_QUERIES STRING_ARG  */
-#line 2953 "util/configparser.y"
+#line 2955 "util/configparser.y"
         {
 		OUTYY(("P(server_pad_queries:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -6408,11 +6410,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 6412 "util/configparser.c"
+#line 6414 "util/configparser.c"
     break;
 
   case 583: /* server_pad_queries_block_size: VAR_PAD_QUERIES_BLOCK_SIZE STRING_ARG  */
-#line 2963 "util/configparser.y"
+#line 2965 "util/configparser.y"
         {
 		OUTYY(("P(server_pad_queries_block_size:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0)
@@ -6420,11 +6422,11 @@ yyreduce:
 		else cfg_parser->cfg->pad_queries_block_size = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 6424 "util/configparser.c"
+#line 6426 "util/configparser.c"
     break;
 
   case 584: /* server_ipsecmod_enabled: VAR_IPSECMOD_ENABLED STRING_ARG  */
-#line 2972 "util/configparser.y"
+#line 2974 "util/configparser.y"
         {
 	#ifdef USE_IPSECMOD
 		OUTYY(("P(server_ipsecmod_enabled:%s)\n", (yyvsp[0].str)));
@@ -6436,11 +6438,11 @@ yyreduce:
 	#endif
 		free((yyvsp[0].str));
 	}
-#line 6440 "util/configparser.c"
+#line 6442 "util/configparser.c"
     break;
 
   case 585: /* server_ipsecmod_ignore_bogus: VAR_IPSECMOD_IGNORE_BOGUS STRING_ARG  */
-#line 2985 "util/configparser.y"
+#line 2987 "util/configparser.y"
         {
 	#ifdef USE_IPSECMOD
 		OUTYY(("P(server_ipsecmod_ignore_bogus:%s)\n", (yyvsp[0].str)));
@@ -6452,11 +6454,11 @@ yyreduce:
 	#endif
 		free((yyvsp[0].str));
 	}
-#line 6456 "util/configparser.c"
+#line 6458 "util/configparser.c"
     break;
 
   case 586: /* server_ipsecmod_hook: VAR_IPSECMOD_HOOK STRING_ARG  */
-#line 2998 "util/configparser.y"
+#line 3000 "util/configparser.y"
         {
 	#ifdef USE_IPSECMOD
 		OUTYY(("P(server_ipsecmod_hook:%s)\n", (yyvsp[0].str)));
@@ -6467,11 +6469,11 @@ yyreduce:
 		free((yyvsp[0].str));
 	#endif
 	}
-#line 6471 "util/configparser.c"
+#line 6473 "util/configparser.c"
     break;
 
   case 587: /* server_ipsecmod_max_ttl: VAR_IPSECMOD_MAX_TTL STRING_ARG  */
-#line 3010 "util/configparser.y"
+#line 3012 "util/configparser.y"
         {
 	#ifdef USE_IPSECMOD
 		OUTYY(("P(server_ipsecmod_max_ttl:%s)\n", (yyvsp[0].str)));
@@ -6484,11 +6486,11 @@ yyreduce:
 		free((yyvsp[0].str));
 	#endif
 	}
-#line 6488 "util/configparser.c"
+#line 6490 "util/configparser.c"
     break;
 
   case 588: /* server_ipsecmod_whitelist: VAR_IPSECMOD_WHITELIST STRING_ARG  */
-#line 3024 "util/configparser.y"
+#line 3026 "util/configparser.y"
         {
 	#ifdef USE_IPSECMOD
 		OUTYY(("P(server_ipsecmod_whitelist:%s)\n", (yyvsp[0].str)));
@@ -6499,11 +6501,11 @@ yyreduce:
 		free((yyvsp[0].str));
 	#endif
 	}
-#line 6503 "util/configparser.c"
+#line 6505 "util/configparser.c"
     break;
 
   case 589: /* server_ipsecmod_strict: VAR_IPSECMOD_STRICT STRING_ARG  */
-#line 3036 "util/configparser.y"
+#line 3038 "util/configparser.y"
         {
 	#ifdef USE_IPSECMOD
 		OUTYY(("P(server_ipsecmod_strict:%s)\n", (yyvsp[0].str)));
@@ -6516,11 +6518,11 @@ yyreduce:
 		free((yyvsp[0].str));
 	#endif
 	}
-#line 6520 "util/configparser.c"
+#line 6522 "util/configparser.c"
     break;
 
   case 590: /* server_edns_client_string: VAR_EDNS_CLIENT_STRING STRING_ARG STRING_ARG  */
-#line 3050 "util/configparser.y"
+#line 3052 "util/configparser.y"
         {
 		OUTYY(("P(server_edns_client_string:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str)));
 		if(!cfg_str2list_insert(
@@ -6528,11 +6530,11 @@ yyreduce:
 			fatal_exit("out of memory adding "
 				"edns-client-string");
 	}
-#line 6532 "util/configparser.c"
+#line 6534 "util/configparser.c"
     break;
 
   case 591: /* server_edns_client_string_opcode: VAR_EDNS_CLIENT_STRING_OPCODE STRING_ARG  */
-#line 3059 "util/configparser.y"
+#line 3061 "util/configparser.y"
         {
 		OUTYY(("P(edns_client_string_opcode:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -6542,11 +6544,11 @@ yyreduce:
 		else cfg_parser->cfg->edns_client_string_opcode = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 6546 "util/configparser.c"
+#line 6548 "util/configparser.c"
     break;
 
   case 592: /* server_ede: VAR_EDE STRING_ARG  */
-#line 3070 "util/configparser.y"
+#line 3072 "util/configparser.y"
         {
 		OUTYY(("P(server_ede:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -6554,11 +6556,11 @@ yyreduce:
 		else cfg_parser->cfg->ede = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 6558 "util/configparser.c"
+#line 6560 "util/configparser.c"
     break;
 
   case 593: /* server_dns_error_reporting: VAR_DNS_ERROR_REPORTING STRING_ARG  */
-#line 3079 "util/configparser.y"
+#line 3081 "util/configparser.y"
         {
 		OUTYY(("P(server_dns_error_reporting:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -6566,21 +6568,21 @@ yyreduce:
 		else cfg_parser->cfg->dns_error_reporting = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 6570 "util/configparser.c"
+#line 6572 "util/configparser.c"
     break;
 
   case 594: /* server_proxy_protocol_port: VAR_PROXY_PROTOCOL_PORT STRING_ARG  */
-#line 3088 "util/configparser.y"
+#line 3090 "util/configparser.y"
         {
 		OUTYY(("P(server_proxy_protocol_port:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_insert(&cfg_parser->cfg->proxy_protocol_port, (yyvsp[0].str)))
 			yyerror("out of memory");
 	}
-#line 6580 "util/configparser.c"
+#line 6582 "util/configparser.c"
     break;
 
   case 595: /* stub_name: VAR_NAME STRING_ARG  */
-#line 3095 "util/configparser.y"
+#line 3097 "util/configparser.y"
         {
 		OUTYY(("P(name:%s)\n", (yyvsp[0].str)));
 		if(cfg_parser->cfg->stubs->name)
@@ -6589,31 +6591,31 @@ yyreduce:
 		free(cfg_parser->cfg->stubs->name);
 		cfg_parser->cfg->stubs->name = (yyvsp[0].str);
 	}
-#line 6593 "util/configparser.c"
+#line 6595 "util/configparser.c"
     break;
 
   case 596: /* stub_host: VAR_STUB_HOST STRING_ARG  */
-#line 3105 "util/configparser.y"
+#line 3107 "util/configparser.y"
         {
 		OUTYY(("P(stub-host:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, (yyvsp[0].str)))
 			yyerror("out of memory");
 	}
-#line 6603 "util/configparser.c"
+#line 6605 "util/configparser.c"
     break;
 
   case 597: /* stub_addr: VAR_STUB_ADDR STRING_ARG  */
-#line 3112 "util/configparser.y"
+#line 3114 "util/configparser.y"
         {
 		OUTYY(("P(stub-addr:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, (yyvsp[0].str)))
 			yyerror("out of memory");
 	}
-#line 6613 "util/configparser.c"
+#line 6615 "util/configparser.c"
     break;
 
   case 598: /* stub_first: VAR_STUB_FIRST STRING_ARG  */
-#line 3119 "util/configparser.y"
+#line 3121 "util/configparser.y"
         {
 		OUTYY(("P(stub-first:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -6621,11 +6623,11 @@ yyreduce:
 		else cfg_parser->cfg->stubs->isfirst=(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 6625 "util/configparser.c"
+#line 6627 "util/configparser.c"
     break;
 
   case 599: /* stub_no_cache: VAR_STUB_NO_CACHE STRING_ARG  */
-#line 3128 "util/configparser.y"
+#line 3130 "util/configparser.y"
         {
 		OUTYY(("P(stub-no-cache:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -6633,11 +6635,11 @@ yyreduce:
 		else cfg_parser->cfg->stubs->no_cache=(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 6637 "util/configparser.c"
+#line 6639 "util/configparser.c"
     break;
 
   case 600: /* stub_ssl_upstream: VAR_STUB_SSL_UPSTREAM STRING_ARG  */
-#line 3137 "util/configparser.y"
+#line 3139 "util/configparser.y"
         {
 		OUTYY(("P(stub-ssl-upstream:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -6646,11 +6648,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 6650 "util/configparser.c"
+#line 6652 "util/configparser.c"
     break;
 
   case 601: /* stub_tcp_upstream: VAR_STUB_TCP_UPSTREAM STRING_ARG  */
-#line 3147 "util/configparser.y"
+#line 3149 "util/configparser.y"
         {
                 OUTYY(("P(stub-tcp-upstream:%s)\n", (yyvsp[0].str)));
                 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -6659,11 +6661,11 @@ yyreduce:
                         (strcmp((yyvsp[0].str), "yes")==0);
                 free((yyvsp[0].str));
         }
-#line 6663 "util/configparser.c"
+#line 6665 "util/configparser.c"
     break;
 
   case 602: /* stub_prime: VAR_STUB_PRIME STRING_ARG  */
-#line 3157 "util/configparser.y"
+#line 3159 "util/configparser.y"
         {
 		OUTYY(("P(stub-prime:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -6672,11 +6674,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 6676 "util/configparser.c"
+#line 6678 "util/configparser.c"
     break;
 
   case 603: /* forward_name: VAR_NAME STRING_ARG  */
-#line 3167 "util/configparser.y"
+#line 3169 "util/configparser.y"
         {
 		OUTYY(("P(name:%s)\n", (yyvsp[0].str)));
 		if(cfg_parser->cfg->forwards->name)
@@ -6685,31 +6687,31 @@ yyreduce:
 		free(cfg_parser->cfg->forwards->name);
 		cfg_parser->cfg->forwards->name = (yyvsp[0].str);
 	}
-#line 6689 "util/configparser.c"
+#line 6691 "util/configparser.c"
     break;
 
   case 604: /* forward_host: VAR_FORWARD_HOST STRING_ARG  */
-#line 3177 "util/configparser.y"
+#line 3179 "util/configparser.y"
         {
 		OUTYY(("P(forward-host:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, (yyvsp[0].str)))
 			yyerror("out of memory");
 	}
-#line 6699 "util/configparser.c"
+#line 6701 "util/configparser.c"
     break;
 
   case 605: /* forward_addr: VAR_FORWARD_ADDR STRING_ARG  */
-#line 3184 "util/configparser.y"
+#line 3186 "util/configparser.y"
         {
 		OUTYY(("P(forward-addr:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, (yyvsp[0].str)))
 			yyerror("out of memory");
 	}
-#line 6709 "util/configparser.c"
+#line 6711 "util/configparser.c"
     break;
 
   case 606: /* forward_first: VAR_FORWARD_FIRST STRING_ARG  */
-#line 3191 "util/configparser.y"
+#line 3193 "util/configparser.y"
         {
 		OUTYY(("P(forward-first:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -6717,11 +6719,11 @@ yyreduce:
 		else cfg_parser->cfg->forwards->isfirst=(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 6721 "util/configparser.c"
+#line 6723 "util/configparser.c"
     break;
 
   case 607: /* forward_no_cache: VAR_FORWARD_NO_CACHE STRING_ARG  */
-#line 3200 "util/configparser.y"
+#line 3202 "util/configparser.y"
         {
 		OUTYY(("P(forward-no-cache:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -6729,11 +6731,11 @@ yyreduce:
 		else cfg_parser->cfg->forwards->no_cache=(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 6733 "util/configparser.c"
+#line 6735 "util/configparser.c"
     break;
 
   case 608: /* forward_ssl_upstream: VAR_FORWARD_SSL_UPSTREAM STRING_ARG  */
-#line 3209 "util/configparser.y"
+#line 3211 "util/configparser.y"
         {
 		OUTYY(("P(forward-ssl-upstream:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -6742,11 +6744,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 6746 "util/configparser.c"
+#line 6748 "util/configparser.c"
     break;
 
   case 609: /* forward_tcp_upstream: VAR_FORWARD_TCP_UPSTREAM STRING_ARG  */
-#line 3219 "util/configparser.y"
+#line 3221 "util/configparser.y"
         {
                 OUTYY(("P(forward-tcp-upstream:%s)\n", (yyvsp[0].str)));
                 if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -6755,11 +6757,11 @@ yyreduce:
                         (strcmp((yyvsp[0].str), "yes")==0);
                 free((yyvsp[0].str));
         }
-#line 6759 "util/configparser.c"
+#line 6761 "util/configparser.c"
     break;
 
   case 610: /* auth_name: VAR_NAME STRING_ARG  */
-#line 3229 "util/configparser.y"
+#line 3231 "util/configparser.y"
         {
 		OUTYY(("P(name:%s)\n", (yyvsp[0].str)));
 		if(cfg_parser->cfg->auths->name)
@@ -6768,52 +6770,52 @@ yyreduce:
 		free(cfg_parser->cfg->auths->name);
 		cfg_parser->cfg->auths->name = (yyvsp[0].str);
 	}
-#line 6772 "util/configparser.c"
+#line 6774 "util/configparser.c"
     break;
 
   case 611: /* auth_zonefile: VAR_ZONEFILE STRING_ARG  */
-#line 3239 "util/configparser.y"
+#line 3241 "util/configparser.y"
         {
 		OUTYY(("P(zonefile:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->auths->zonefile);
 		cfg_parser->cfg->auths->zonefile = (yyvsp[0].str);
 	}
-#line 6782 "util/configparser.c"
+#line 6784 "util/configparser.c"
     break;
 
   case 612: /* auth_master: VAR_MASTER STRING_ARG  */
-#line 3246 "util/configparser.y"
+#line 3248 "util/configparser.y"
         {
 		OUTYY(("P(master:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_insert(&cfg_parser->cfg->auths->masters, (yyvsp[0].str)))
 			yyerror("out of memory");
 	}
-#line 6792 "util/configparser.c"
+#line 6794 "util/configparser.c"
     break;
 
   case 613: /* auth_url: VAR_URL STRING_ARG  */
-#line 3253 "util/configparser.y"
+#line 3255 "util/configparser.y"
         {
 		OUTYY(("P(url:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_insert(&cfg_parser->cfg->auths->urls, (yyvsp[0].str)))
 			yyerror("out of memory");
 	}
-#line 6802 "util/configparser.c"
+#line 6804 "util/configparser.c"
     break;
 
   case 614: /* auth_allow_notify: VAR_ALLOW_NOTIFY STRING_ARG  */
-#line 3260 "util/configparser.y"
+#line 3262 "util/configparser.y"
         {
 		OUTYY(("P(allow-notify:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_insert(&cfg_parser->cfg->auths->allow_notify,
 			(yyvsp[0].str)))
 			yyerror("out of memory");
 	}
-#line 6813 "util/configparser.c"
+#line 6815 "util/configparser.c"
     break;
 
   case 615: /* auth_zonemd_check: VAR_ZONEMD_CHECK STRING_ARG  */
-#line 3268 "util/configparser.y"
+#line 3270 "util/configparser.y"
         {
 		OUTYY(("P(zonemd-check:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -6822,11 +6824,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 6826 "util/configparser.c"
+#line 6828 "util/configparser.c"
     break;
 
   case 616: /* auth_zonemd_reject_absence: VAR_ZONEMD_REJECT_ABSENCE STRING_ARG  */
-#line 3278 "util/configparser.y"
+#line 3280 "util/configparser.y"
         {
 		OUTYY(("P(zonemd-reject-absence:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -6835,11 +6837,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 6839 "util/configparser.c"
+#line 6841 "util/configparser.c"
     break;
 
   case 617: /* auth_for_downstream: VAR_FOR_DOWNSTREAM STRING_ARG  */
-#line 3288 "util/configparser.y"
+#line 3290 "util/configparser.y"
         {
 		OUTYY(("P(for-downstream:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -6848,11 +6850,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 6852 "util/configparser.c"
+#line 6854 "util/configparser.c"
     break;
 
   case 618: /* auth_for_upstream: VAR_FOR_UPSTREAM STRING_ARG  */
-#line 3298 "util/configparser.y"
+#line 3300 "util/configparser.y"
         {
 		OUTYY(("P(for-upstream:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -6861,11 +6863,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 6865 "util/configparser.c"
+#line 6867 "util/configparser.c"
     break;
 
   case 619: /* auth_fallback_enabled: VAR_FALLBACK_ENABLED STRING_ARG  */
-#line 3308 "util/configparser.y"
+#line 3310 "util/configparser.y"
         {
 		OUTYY(("P(fallback-enabled:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -6874,11 +6876,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 6878 "util/configparser.c"
+#line 6880 "util/configparser.c"
     break;
 
   case 620: /* view_name: VAR_NAME STRING_ARG  */
-#line 3318 "util/configparser.y"
+#line 3320 "util/configparser.y"
         {
 		OUTYY(("P(name:%s)\n", (yyvsp[0].str)));
 		if(cfg_parser->cfg->views->name)
@@ -6887,11 +6889,11 @@ yyreduce:
 		free(cfg_parser->cfg->views->name);
 		cfg_parser->cfg->views->name = (yyvsp[0].str);
 	}
-#line 6891 "util/configparser.c"
+#line 6893 "util/configparser.c"
     break;
 
   case 621: /* view_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG  */
-#line 3328 "util/configparser.y"
+#line 3330 "util/configparser.y"
         {
 		OUTYY(("P(view_local_zone:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "static")!=0 && strcmp((yyvsp[0].str), "deny")!=0 &&
@@ -6946,11 +6948,11 @@ yyreduce:
 				fatal_exit("out of memory adding local-zone");
 		}
 	}
-#line 6950 "util/configparser.c"
+#line 6952 "util/configparser.c"
     break;
 
   case 622: /* view_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG  */
-#line 3384 "util/configparser.y"
+#line 3386 "util/configparser.y"
         {
 		OUTYY(("P(view_response_ip:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str)));
 		validate_respip_action((yyvsp[0].str));
@@ -6959,33 +6961,33 @@ yyreduce:
 			fatal_exit("out of memory adding per-view "
 				"response-ip action");
 	}
-#line 6963 "util/configparser.c"
+#line 6965 "util/configparser.c"
     break;
 
   case 623: /* view_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG  */
-#line 3394 "util/configparser.y"
+#line 3396 "util/configparser.y"
         {
 		OUTYY(("P(view_response_ip_data:%s)\n", (yyvsp[-1].str)));
 		if(!cfg_str2list_insert(
 			&cfg_parser->cfg->views->respip_data, (yyvsp[-1].str), (yyvsp[0].str)))
 			fatal_exit("out of memory adding response-ip-data");
 	}
-#line 6974 "util/configparser.c"
+#line 6976 "util/configparser.c"
     break;
 
   case 624: /* view_local_data: VAR_LOCAL_DATA STRING_ARG  */
-#line 3402 "util/configparser.y"
+#line 3404 "util/configparser.y"
         {
 		OUTYY(("P(view_local_data:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_insert(&cfg_parser->cfg->views->local_data, (yyvsp[0].str))) {
 			fatal_exit("out of memory adding local-data");
 		}
 	}
-#line 6985 "util/configparser.c"
+#line 6987 "util/configparser.c"
     break;
 
   case 625: /* view_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG  */
-#line 3410 "util/configparser.y"
+#line 3412 "util/configparser.y"
         {
 		char* ptr;
 		OUTYY(("P(view_local_data_ptr:%s)\n", (yyvsp[0].str)));
@@ -6999,11 +7001,11 @@ yyreduce:
 			yyerror("local-data-ptr could not be reversed");
 		}
 	}
-#line 7003 "util/configparser.c"
+#line 7005 "util/configparser.c"
     break;
 
   case 626: /* view_first: VAR_VIEW_FIRST STRING_ARG  */
-#line 3425 "util/configparser.y"
+#line 3427 "util/configparser.y"
         {
 		OUTYY(("P(view-first:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -7011,20 +7013,20 @@ yyreduce:
 		else cfg_parser->cfg->views->isfirst=(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 7015 "util/configparser.c"
+#line 7017 "util/configparser.c"
     break;
 
   case 627: /* rcstart: VAR_REMOTE_CONTROL  */
-#line 3434 "util/configparser.y"
+#line 3436 "util/configparser.y"
         {
 		OUTYY(("\nP(remote-control:)\n"));
 		cfg_parser->started_toplevel = 1;
 	}
-#line 7024 "util/configparser.c"
+#line 7026 "util/configparser.c"
     break;
 
   case 638: /* rc_control_enable: VAR_CONTROL_ENABLE STRING_ARG  */
-#line 3446 "util/configparser.y"
+#line 3448 "util/configparser.y"
         {
 		OUTYY(("P(control_enable:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -7033,11 +7035,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 7037 "util/configparser.c"
+#line 7039 "util/configparser.c"
     break;
 
   case 639: /* rc_control_port: VAR_CONTROL_PORT STRING_ARG  */
-#line 3456 "util/configparser.y"
+#line 3458 "util/configparser.y"
         {
 		OUTYY(("P(control_port:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0)
@@ -7045,80 +7047,80 @@ yyreduce:
 		else cfg_parser->cfg->control_port = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 7049 "util/configparser.c"
+#line 7051 "util/configparser.c"
     break;
 
   case 640: /* rc_control_interface: VAR_CONTROL_INTERFACE STRING_ARG  */
-#line 3465 "util/configparser.y"
+#line 3467 "util/configparser.y"
         {
 		OUTYY(("P(control_interface:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_append(&cfg_parser->cfg->control_ifs, (yyvsp[0].str)))
 			yyerror("out of memory");
 	}
-#line 7059 "util/configparser.c"
+#line 7061 "util/configparser.c"
     break;
 
   case 641: /* rc_control_use_cert: VAR_CONTROL_USE_CERT STRING_ARG  */
-#line 3472 "util/configparser.y"
+#line 3474 "util/configparser.y"
         {
 		OUTYY(("P(control_use_cert:%s)\n", (yyvsp[0].str)));
 		cfg_parser->cfg->control_use_cert = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 7069 "util/configparser.c"
+#line 7071 "util/configparser.c"
     break;
 
   case 642: /* rc_server_key_file: VAR_SERVER_KEY_FILE STRING_ARG  */
-#line 3479 "util/configparser.y"
+#line 3481 "util/configparser.y"
         {
 		OUTYY(("P(rc_server_key_file:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->server_key_file);
 		cfg_parser->cfg->server_key_file = (yyvsp[0].str);
 	}
-#line 7079 "util/configparser.c"
+#line 7081 "util/configparser.c"
     break;
 
   case 643: /* rc_server_cert_file: VAR_SERVER_CERT_FILE STRING_ARG  */
-#line 3486 "util/configparser.y"
+#line 3488 "util/configparser.y"
         {
 		OUTYY(("P(rc_server_cert_file:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->server_cert_file);
 		cfg_parser->cfg->server_cert_file = (yyvsp[0].str);
 	}
-#line 7089 "util/configparser.c"
+#line 7091 "util/configparser.c"
     break;
 
   case 644: /* rc_control_key_file: VAR_CONTROL_KEY_FILE STRING_ARG  */
-#line 3493 "util/configparser.y"
+#line 3495 "util/configparser.y"
         {
 		OUTYY(("P(rc_control_key_file:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->control_key_file);
 		cfg_parser->cfg->control_key_file = (yyvsp[0].str);
 	}
-#line 7099 "util/configparser.c"
+#line 7101 "util/configparser.c"
     break;
 
   case 645: /* rc_control_cert_file: VAR_CONTROL_CERT_FILE STRING_ARG  */
-#line 3500 "util/configparser.y"
+#line 3502 "util/configparser.y"
         {
 		OUTYY(("P(rc_control_cert_file:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->control_cert_file);
 		cfg_parser->cfg->control_cert_file = (yyvsp[0].str);
 	}
-#line 7109 "util/configparser.c"
+#line 7111 "util/configparser.c"
     break;
 
   case 646: /* dtstart: VAR_DNSTAP  */
-#line 3507 "util/configparser.y"
+#line 3509 "util/configparser.y"
         {
 		OUTYY(("\nP(dnstap:)\n"));
 		cfg_parser->started_toplevel = 1;
 	}
-#line 7118 "util/configparser.c"
+#line 7120 "util/configparser.c"
     break;
 
   case 669: /* dt_dnstap_enable: VAR_DNSTAP_ENABLE STRING_ARG  */
-#line 3529 "util/configparser.y"
+#line 3531 "util/configparser.y"
         {
 		OUTYY(("P(dt_dnstap_enable:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -7126,11 +7128,11 @@ yyreduce:
 		else cfg_parser->cfg->dnstap = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 7130 "util/configparser.c"
+#line 7132 "util/configparser.c"
     break;
 
   case 670: /* dt_dnstap_bidirectional: VAR_DNSTAP_BIDIRECTIONAL STRING_ARG  */
-#line 3538 "util/configparser.y"
+#line 3540 "util/configparser.y"
         {
 		OUTYY(("P(dt_dnstap_bidirectional:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -7139,31 +7141,31 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 7143 "util/configparser.c"
+#line 7145 "util/configparser.c"
     break;
 
   case 671: /* dt_dnstap_socket_path: VAR_DNSTAP_SOCKET_PATH STRING_ARG  */
-#line 3548 "util/configparser.y"
+#line 3550 "util/configparser.y"
         {
 		OUTYY(("P(dt_dnstap_socket_path:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->dnstap_socket_path);
 		cfg_parser->cfg->dnstap_socket_path = (yyvsp[0].str);
 	}
-#line 7153 "util/configparser.c"
+#line 7155 "util/configparser.c"
     break;
 
   case 672: /* dt_dnstap_ip: VAR_DNSTAP_IP STRING_ARG  */
-#line 3555 "util/configparser.y"
+#line 3557 "util/configparser.y"
         {
 		OUTYY(("P(dt_dnstap_ip:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->dnstap_ip);
 		cfg_parser->cfg->dnstap_ip = (yyvsp[0].str);
 	}
-#line 7163 "util/configparser.c"
+#line 7165 "util/configparser.c"
     break;
 
   case 673: /* dt_dnstap_tls: VAR_DNSTAP_TLS STRING_ARG  */
-#line 3562 "util/configparser.y"
+#line 3564 "util/configparser.y"
         {
 		OUTYY(("P(dt_dnstap_tls:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -7171,51 +7173,51 @@ yyreduce:
 		else cfg_parser->cfg->dnstap_tls = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 7175 "util/configparser.c"
+#line 7177 "util/configparser.c"
     break;
 
   case 674: /* dt_dnstap_tls_server_name: VAR_DNSTAP_TLS_SERVER_NAME STRING_ARG  */
-#line 3571 "util/configparser.y"
+#line 3573 "util/configparser.y"
         {
 		OUTYY(("P(dt_dnstap_tls_server_name:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->dnstap_tls_server_name);
 		cfg_parser->cfg->dnstap_tls_server_name = (yyvsp[0].str);
 	}
-#line 7185 "util/configparser.c"
+#line 7187 "util/configparser.c"
     break;
 
   case 675: /* dt_dnstap_tls_cert_bundle: VAR_DNSTAP_TLS_CERT_BUNDLE STRING_ARG  */
-#line 3578 "util/configparser.y"
+#line 3580 "util/configparser.y"
         {
 		OUTYY(("P(dt_dnstap_tls_cert_bundle:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->dnstap_tls_cert_bundle);
 		cfg_parser->cfg->dnstap_tls_cert_bundle = (yyvsp[0].str);
 	}
-#line 7195 "util/configparser.c"
+#line 7197 "util/configparser.c"
     break;
 
   case 676: /* dt_dnstap_tls_client_key_file: VAR_DNSTAP_TLS_CLIENT_KEY_FILE STRING_ARG  */
-#line 3585 "util/configparser.y"
+#line 3587 "util/configparser.y"
         {
 		OUTYY(("P(dt_dnstap_tls_client_key_file:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->dnstap_tls_client_key_file);
 		cfg_parser->cfg->dnstap_tls_client_key_file = (yyvsp[0].str);
 	}
-#line 7205 "util/configparser.c"
+#line 7207 "util/configparser.c"
     break;
 
   case 677: /* dt_dnstap_tls_client_cert_file: VAR_DNSTAP_TLS_CLIENT_CERT_FILE STRING_ARG  */
-#line 3592 "util/configparser.y"
+#line 3594 "util/configparser.y"
         {
 		OUTYY(("P(dt_dnstap_tls_client_cert_file:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->dnstap_tls_client_cert_file);
 		cfg_parser->cfg->dnstap_tls_client_cert_file = (yyvsp[0].str);
 	}
-#line 7215 "util/configparser.c"
+#line 7217 "util/configparser.c"
     break;
 
   case 678: /* dt_dnstap_send_identity: VAR_DNSTAP_SEND_IDENTITY STRING_ARG  */
-#line 3599 "util/configparser.y"
+#line 3601 "util/configparser.y"
         {
 		OUTYY(("P(dt_dnstap_send_identity:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -7223,11 +7225,11 @@ yyreduce:
 		else cfg_parser->cfg->dnstap_send_identity = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 7227 "util/configparser.c"
+#line 7229 "util/configparser.c"
     break;
 
   case 679: /* dt_dnstap_send_version: VAR_DNSTAP_SEND_VERSION STRING_ARG  */
-#line 3608 "util/configparser.y"
+#line 3610 "util/configparser.y"
         {
 		OUTYY(("P(dt_dnstap_send_version:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -7235,31 +7237,31 @@ yyreduce:
 		else cfg_parser->cfg->dnstap_send_version = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 7239 "util/configparser.c"
+#line 7241 "util/configparser.c"
     break;
 
   case 680: /* dt_dnstap_identity: VAR_DNSTAP_IDENTITY STRING_ARG  */
-#line 3617 "util/configparser.y"
+#line 3619 "util/configparser.y"
         {
 		OUTYY(("P(dt_dnstap_identity:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->dnstap_identity);
 		cfg_parser->cfg->dnstap_identity = (yyvsp[0].str);
 	}
-#line 7249 "util/configparser.c"
+#line 7251 "util/configparser.c"
     break;
 
   case 681: /* dt_dnstap_version: VAR_DNSTAP_VERSION STRING_ARG  */
-#line 3624 "util/configparser.y"
+#line 3626 "util/configparser.y"
         {
 		OUTYY(("P(dt_dnstap_version:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->dnstap_version);
 		cfg_parser->cfg->dnstap_version = (yyvsp[0].str);
 	}
-#line 7259 "util/configparser.c"
+#line 7261 "util/configparser.c"
     break;
 
   case 682: /* dt_dnstap_log_resolver_query_messages: VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES STRING_ARG  */
-#line 3631 "util/configparser.y"
+#line 3633 "util/configparser.y"
         {
 		OUTYY(("P(dt_dnstap_log_resolver_query_messages:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -7268,11 +7270,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 7272 "util/configparser.c"
+#line 7274 "util/configparser.c"
     break;
 
   case 683: /* dt_dnstap_log_resolver_response_messages: VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES STRING_ARG  */
-#line 3641 "util/configparser.y"
+#line 3643 "util/configparser.y"
         {
 		OUTYY(("P(dt_dnstap_log_resolver_response_messages:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -7281,11 +7283,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 7285 "util/configparser.c"
+#line 7287 "util/configparser.c"
     break;
 
   case 684: /* dt_dnstap_log_client_query_messages: VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES STRING_ARG  */
-#line 3651 "util/configparser.y"
+#line 3653 "util/configparser.y"
         {
 		OUTYY(("P(dt_dnstap_log_client_query_messages:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -7294,11 +7296,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 7298 "util/configparser.c"
+#line 7300 "util/configparser.c"
     break;
 
   case 685: /* dt_dnstap_log_client_response_messages: VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES STRING_ARG  */
-#line 3661 "util/configparser.y"
+#line 3663 "util/configparser.y"
         {
 		OUTYY(("P(dt_dnstap_log_client_response_messages:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -7307,11 +7309,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 7311 "util/configparser.c"
+#line 7313 "util/configparser.c"
     break;
 
   case 686: /* dt_dnstap_log_forwarder_query_messages: VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES STRING_ARG  */
-#line 3671 "util/configparser.y"
+#line 3673 "util/configparser.y"
         {
 		OUTYY(("P(dt_dnstap_log_forwarder_query_messages:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -7320,11 +7322,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 7324 "util/configparser.c"
+#line 7326 "util/configparser.c"
     break;
 
   case 687: /* dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES STRING_ARG  */
-#line 3681 "util/configparser.y"
+#line 3683 "util/configparser.y"
         {
 		OUTYY(("P(dt_dnstap_log_forwarder_response_messages:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -7333,11 +7335,11 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 7337 "util/configparser.c"
+#line 7339 "util/configparser.c"
     break;
 
   case 688: /* dt_dnstap_sample_rate: VAR_DNSTAP_SAMPLE_RATE STRING_ARG  */
-#line 3691 "util/configparser.y"
+#line 3693 "util/configparser.y"
         {
 		OUTYY(("P(dt_dnstap_sample_rate:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -7347,49 +7349,49 @@ yyreduce:
 		else	cfg_parser->cfg->dnstap_sample_rate = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 7351 "util/configparser.c"
+#line 7353 "util/configparser.c"
     break;
 
   case 689: /* pythonstart: VAR_PYTHON  */
-#line 3702 "util/configparser.y"
+#line 3704 "util/configparser.y"
         {
 		OUTYY(("\nP(python:)\n"));
 		cfg_parser->started_toplevel = 1;
 	}
-#line 7360 "util/configparser.c"
+#line 7362 "util/configparser.c"
     break;
 
   case 693: /* py_script: VAR_PYTHON_SCRIPT STRING_ARG  */
-#line 3712 "util/configparser.y"
+#line 3714 "util/configparser.y"
         {
 		OUTYY(("P(python-script:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_append_ex(&cfg_parser->cfg->python_script, (yyvsp[0].str)))
 			yyerror("out of memory");
 	}
-#line 7370 "util/configparser.c"
+#line 7372 "util/configparser.c"
     break;
 
   case 694: /* dynlibstart: VAR_DYNLIB  */
-#line 3719 "util/configparser.y"
+#line 3721 "util/configparser.y"
         {
 		OUTYY(("\nP(dynlib:)\n"));
 		cfg_parser->started_toplevel = 1;
 	}
-#line 7379 "util/configparser.c"
+#line 7381 "util/configparser.c"
     break;
 
   case 698: /* dl_file: VAR_DYNLIB_FILE STRING_ARG  */
-#line 3729 "util/configparser.y"
+#line 3731 "util/configparser.y"
         {
 		OUTYY(("P(dynlib-file:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_append_ex(&cfg_parser->cfg->dynlib_file, (yyvsp[0].str)))
 			yyerror("out of memory");
 	}
-#line 7389 "util/configparser.c"
+#line 7391 "util/configparser.c"
     break;
 
   case 699: /* server_disable_dnssec_lame_check: VAR_DISABLE_DNSSEC_LAME_CHECK STRING_ARG  */
-#line 3736 "util/configparser.y"
+#line 3738 "util/configparser.y"
         {
 		OUTYY(("P(disable_dnssec_lame_check:%s)\n", (yyvsp[0].str)));
 		if (strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -7398,21 +7400,21 @@ yyreduce:
 			(strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 7402 "util/configparser.c"
+#line 7404 "util/configparser.c"
     break;
 
   case 700: /* server_log_identity: VAR_LOG_IDENTITY STRING_ARG  */
-#line 3746 "util/configparser.y"
+#line 3748 "util/configparser.y"
         {
 		OUTYY(("P(server_log_identity:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->log_identity);
 		cfg_parser->cfg->log_identity = (yyvsp[0].str);
 	}
-#line 7412 "util/configparser.c"
+#line 7414 "util/configparser.c"
     break;
 
   case 701: /* server_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG  */
-#line 3753 "util/configparser.y"
+#line 3755 "util/configparser.y"
         {
 		OUTYY(("P(server_response_ip:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str)));
 		validate_respip_action((yyvsp[0].str));
@@ -7420,31 +7422,31 @@ yyreduce:
 			(yyvsp[-1].str), (yyvsp[0].str)))
 			fatal_exit("out of memory adding response-ip");
 	}
-#line 7424 "util/configparser.c"
+#line 7426 "util/configparser.c"
     break;
 
   case 702: /* server_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG  */
-#line 3762 "util/configparser.y"
+#line 3764 "util/configparser.y"
         {
 		OUTYY(("P(server_response_ip_data:%s)\n", (yyvsp[-1].str)));
 		if(!cfg_str2list_insert(&cfg_parser->cfg->respip_data,
 			(yyvsp[-1].str), (yyvsp[0].str)))
 			fatal_exit("out of memory adding response-ip-data");
 	}
-#line 7435 "util/configparser.c"
+#line 7437 "util/configparser.c"
     break;
 
   case 703: /* dnscstart: VAR_DNSCRYPT  */
-#line 3770 "util/configparser.y"
+#line 3772 "util/configparser.y"
         {
 		OUTYY(("\nP(dnscrypt:)\n"));
 		cfg_parser->started_toplevel = 1;
 	}
-#line 7444 "util/configparser.c"
+#line 7446 "util/configparser.c"
     break;
 
   case 716: /* dnsc_dnscrypt_enable: VAR_DNSCRYPT_ENABLE STRING_ARG  */
-#line 3787 "util/configparser.y"
+#line 3789 "util/configparser.y"
         {
 		OUTYY(("P(dnsc_dnscrypt_enable:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -7452,11 +7454,11 @@ yyreduce:
 		else cfg_parser->cfg->dnscrypt = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 7456 "util/configparser.c"
+#line 7458 "util/configparser.c"
     break;
 
   case 717: /* dnsc_dnscrypt_port: VAR_DNSCRYPT_PORT STRING_ARG  */
-#line 3796 "util/configparser.y"
+#line 3798 "util/configparser.y"
         {
 		OUTYY(("P(dnsc_dnscrypt_port:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0)
@@ -7464,21 +7466,21 @@ yyreduce:
 		else cfg_parser->cfg->dnscrypt_port = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 7468 "util/configparser.c"
+#line 7470 "util/configparser.c"
     break;
 
   case 718: /* dnsc_dnscrypt_provider: VAR_DNSCRYPT_PROVIDER STRING_ARG  */
-#line 3805 "util/configparser.y"
+#line 3807 "util/configparser.y"
         {
 		OUTYY(("P(dnsc_dnscrypt_provider:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->dnscrypt_provider);
 		cfg_parser->cfg->dnscrypt_provider = (yyvsp[0].str);
 	}
-#line 7478 "util/configparser.c"
+#line 7480 "util/configparser.c"
     break;
 
   case 719: /* dnsc_dnscrypt_provider_cert: VAR_DNSCRYPT_PROVIDER_CERT STRING_ARG  */
-#line 3812 "util/configparser.y"
+#line 3814 "util/configparser.y"
         {
 		OUTYY(("P(dnsc_dnscrypt_provider_cert:%s)\n", (yyvsp[0].str)));
 		if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_provider_cert, (yyvsp[0].str)))
@@ -7486,21 +7488,21 @@ yyreduce:
 		if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, (yyvsp[0].str)))
 			fatal_exit("out of memory adding dnscrypt-provider-cert");
 	}
-#line 7490 "util/configparser.c"
+#line 7492 "util/configparser.c"
     break;
 
   case 720: /* dnsc_dnscrypt_provider_cert_rotated: VAR_DNSCRYPT_PROVIDER_CERT_ROTATED STRING_ARG  */
-#line 3821 "util/configparser.y"
+#line 3823 "util/configparser.y"
         {
 		OUTYY(("P(dnsc_dnscrypt_provider_cert_rotated:%s)\n", (yyvsp[0].str)));
 		if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert_rotated, (yyvsp[0].str)))
 			fatal_exit("out of memory adding dnscrypt-provider-cert-rotated");
 	}
-#line 7500 "util/configparser.c"
+#line 7502 "util/configparser.c"
     break;
 
   case 721: /* dnsc_dnscrypt_secret_key: VAR_DNSCRYPT_SECRET_KEY STRING_ARG  */
-#line 3828 "util/configparser.y"
+#line 3830 "util/configparser.y"
         {
 		OUTYY(("P(dnsc_dnscrypt_secret_key:%s)\n", (yyvsp[0].str)));
 		if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_secret_key, (yyvsp[0].str)))
@@ -7508,22 +7510,22 @@ yyreduce:
 		if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, (yyvsp[0].str)))
 			fatal_exit("out of memory adding dnscrypt-secret-key");
 	}
-#line 7512 "util/configparser.c"
+#line 7514 "util/configparser.c"
     break;
 
   case 722: /* dnsc_dnscrypt_shared_secret_cache_size: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE STRING_ARG  */
-#line 3837 "util/configparser.y"
+#line 3839 "util/configparser.y"
   {
 	OUTYY(("P(dnscrypt_shared_secret_cache_size:%s)\n", (yyvsp[0].str)));
 	if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->dnscrypt_shared_secret_cache_size))
 		yyerror("memory size expected");
 	free((yyvsp[0].str));
   }
-#line 7523 "util/configparser.c"
+#line 7525 "util/configparser.c"
     break;
 
   case 723: /* dnsc_dnscrypt_shared_secret_cache_slabs: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS STRING_ARG  */
-#line 3845 "util/configparser.y"
+#line 3847 "util/configparser.y"
   {
 	OUTYY(("P(dnscrypt_shared_secret_cache_slabs:%s)\n", (yyvsp[0].str)));
 	if(atoi((yyvsp[0].str)) == 0) {
@@ -7535,22 +7537,22 @@ yyreduce:
 	}
 	free((yyvsp[0].str));
   }
-#line 7539 "util/configparser.c"
+#line 7541 "util/configparser.c"
     break;
 
   case 724: /* dnsc_dnscrypt_nonce_cache_size: VAR_DNSCRYPT_NONCE_CACHE_SIZE STRING_ARG  */
-#line 3858 "util/configparser.y"
+#line 3860 "util/configparser.y"
   {
 	OUTYY(("P(dnscrypt_nonce_cache_size:%s)\n", (yyvsp[0].str)));
 	if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->dnscrypt_nonce_cache_size))
 		yyerror("memory size expected");
 	free((yyvsp[0].str));
   }
-#line 7550 "util/configparser.c"
+#line 7552 "util/configparser.c"
     break;
 
   case 725: /* dnsc_dnscrypt_nonce_cache_slabs: VAR_DNSCRYPT_NONCE_CACHE_SLABS STRING_ARG  */
-#line 3866 "util/configparser.y"
+#line 3868 "util/configparser.y"
   {
 	OUTYY(("P(dnscrypt_nonce_cache_slabs:%s)\n", (yyvsp[0].str)));
 	if(atoi((yyvsp[0].str)) == 0) {
@@ -7562,20 +7564,20 @@ yyreduce:
 	}
 	free((yyvsp[0].str));
   }
-#line 7566 "util/configparser.c"
+#line 7568 "util/configparser.c"
     break;
 
   case 726: /* cachedbstart: VAR_CACHEDB  */
-#line 3879 "util/configparser.y"
+#line 3881 "util/configparser.y"
         {
 		OUTYY(("\nP(cachedb:)\n"));
 		cfg_parser->started_toplevel = 1;
 	}
-#line 7575 "util/configparser.c"
+#line 7577 "util/configparser.c"
     break;
 
   case 750: /* cachedb_backend_name: VAR_CACHEDB_BACKEND STRING_ARG  */
-#line 3899 "util/configparser.y"
+#line 3901 "util/configparser.y"
         {
 	#ifdef USE_CACHEDB
 		OUTYY(("P(backend:%s)\n", (yyvsp[0].str)));
@@ -7586,11 +7588,11 @@ yyreduce:
 		free((yyvsp[0].str));
 	#endif
 	}
-#line 7590 "util/configparser.c"
+#line 7592 "util/configparser.c"
     break;
 
   case 751: /* cachedb_secret_seed: VAR_CACHEDB_SECRETSEED STRING_ARG  */
-#line 3911 "util/configparser.y"
+#line 3913 "util/configparser.y"
         {
 	#ifdef USE_CACHEDB
 		OUTYY(("P(secret-seed:%s)\n", (yyvsp[0].str)));
@@ -7601,11 +7603,11 @@ yyreduce:
 		free((yyvsp[0].str));
 	#endif
 	}
-#line 7605 "util/configparser.c"
+#line 7607 "util/configparser.c"
     break;
 
   case 752: /* cachedb_no_store: VAR_CACHEDB_NO_STORE STRING_ARG  */
-#line 3923 "util/configparser.y"
+#line 3925 "util/configparser.y"
         {
 	#ifdef USE_CACHEDB
 		OUTYY(("P(cachedb_no_store:%s)\n", (yyvsp[0].str)));
@@ -7617,11 +7619,11 @@ yyreduce:
 	#endif
 		free((yyvsp[0].str));
 	}
-#line 7621 "util/configparser.c"
+#line 7623 "util/configparser.c"
     break;
 
   case 753: /* cachedb_check_when_serve_expired: VAR_CACHEDB_CHECK_WHEN_SERVE_EXPIRED STRING_ARG  */
-#line 3936 "util/configparser.y"
+#line 3938 "util/configparser.y"
         {
 	#ifdef USE_CACHEDB
 		OUTYY(("P(cachedb_check_when_serve_expired:%s)\n", (yyvsp[0].str)));
@@ -7633,11 +7635,11 @@ yyreduce:
 	#endif
 		free((yyvsp[0].str));
 	}
-#line 7637 "util/configparser.c"
+#line 7639 "util/configparser.c"
     break;
 
   case 754: /* redis_server_host: VAR_CACHEDB_REDISHOST STRING_ARG  */
-#line 3949 "util/configparser.y"
+#line 3951 "util/configparser.y"
         {
 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
 		OUTYY(("P(redis_server_host:%s)\n", (yyvsp[0].str)));
@@ -7648,11 +7650,11 @@ yyreduce:
 		free((yyvsp[0].str));
 	#endif
 	}
-#line 7652 "util/configparser.c"
+#line 7654 "util/configparser.c"
     break;
 
   case 755: /* redis_replica_server_host: VAR_CACHEDB_REDISREPLICAHOST STRING_ARG  */
-#line 3961 "util/configparser.y"
+#line 3963 "util/configparser.y"
         {
 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
 		OUTYY(("P(redis_replica_server_host:%s)\n", (yyvsp[0].str)));
@@ -7663,11 +7665,11 @@ yyreduce:
 		free((yyvsp[0].str));
 	#endif
 	}
-#line 7667 "util/configparser.c"
+#line 7669 "util/configparser.c"
     break;
 
   case 756: /* redis_server_port: VAR_CACHEDB_REDISPORT STRING_ARG  */
-#line 3973 "util/configparser.y"
+#line 3975 "util/configparser.y"
         {
 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
 		int port;
@@ -7681,11 +7683,11 @@ yyreduce:
 	#endif
 		free((yyvsp[0].str));
 	}
-#line 7685 "util/configparser.c"
+#line 7687 "util/configparser.c"
     break;
 
   case 757: /* redis_replica_server_port: VAR_CACHEDB_REDISREPLICAPORT STRING_ARG  */
-#line 3988 "util/configparser.y"
+#line 3990 "util/configparser.y"
         {
 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
 		int port;
@@ -7699,11 +7701,11 @@ yyreduce:
 	#endif
 		free((yyvsp[0].str));
 	}
-#line 7703 "util/configparser.c"
+#line 7705 "util/configparser.c"
     break;
 
   case 758: /* redis_server_path: VAR_CACHEDB_REDISPATH STRING_ARG  */
-#line 4003 "util/configparser.y"
+#line 4005 "util/configparser.y"
         {
 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
 		OUTYY(("P(redis_server_path:%s)\n", (yyvsp[0].str)));
@@ -7714,11 +7716,11 @@ yyreduce:
 		free((yyvsp[0].str));
 	#endif
 	}
-#line 7718 "util/configparser.c"
+#line 7720 "util/configparser.c"
     break;
 
   case 759: /* redis_replica_server_path: VAR_CACHEDB_REDISREPLICAPATH STRING_ARG  */
-#line 4015 "util/configparser.y"
+#line 4017 "util/configparser.y"
         {
 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
 		OUTYY(("P(redis_replica_server_path:%s)\n", (yyvsp[0].str)));
@@ -7729,11 +7731,11 @@ yyreduce:
 		free((yyvsp[0].str));
 	#endif
 	}
-#line 7733 "util/configparser.c"
+#line 7735 "util/configparser.c"
     break;
 
   case 760: /* redis_server_password: VAR_CACHEDB_REDISPASSWORD STRING_ARG  */
-#line 4027 "util/configparser.y"
+#line 4029 "util/configparser.y"
         {
 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
 		OUTYY(("P(redis_server_password:%s)\n", (yyvsp[0].str)));
@@ -7744,11 +7746,11 @@ yyreduce:
 		free((yyvsp[0].str));
 	#endif
 	}
-#line 7748 "util/configparser.c"
+#line 7750 "util/configparser.c"
     break;
 
   case 761: /* redis_replica_server_password: VAR_CACHEDB_REDISREPLICAPASSWORD STRING_ARG  */
-#line 4039 "util/configparser.y"
+#line 4041 "util/configparser.y"
         {
 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
 		OUTYY(("P(redis_replica_server_password:%s)\n", (yyvsp[0].str)));
@@ -7759,11 +7761,11 @@ yyreduce:
 		free((yyvsp[0].str));
 	#endif
 	}
-#line 7763 "util/configparser.c"
+#line 7765 "util/configparser.c"
     break;
 
   case 762: /* redis_timeout: VAR_CACHEDB_REDISTIMEOUT STRING_ARG  */
-#line 4051 "util/configparser.y"
+#line 4053 "util/configparser.y"
         {
 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
 		OUTYY(("P(redis_timeout:%s)\n", (yyvsp[0].str)));
@@ -7775,11 +7777,11 @@ yyreduce:
 	#endif
 		free((yyvsp[0].str));
 	}
-#line 7779 "util/configparser.c"
+#line 7781 "util/configparser.c"
     break;
 
   case 763: /* redis_replica_timeout: VAR_CACHEDB_REDISREPLICATIMEOUT STRING_ARG  */
-#line 4064 "util/configparser.y"
+#line 4066 "util/configparser.y"
         {
 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
 		OUTYY(("P(redis_replica_timeout:%s)\n", (yyvsp[0].str)));
@@ -7791,11 +7793,11 @@ yyreduce:
 	#endif
 		free((yyvsp[0].str));
 	}
-#line 7795 "util/configparser.c"
+#line 7797 "util/configparser.c"
     break;
 
   case 764: /* redis_command_timeout: VAR_CACHEDB_REDISCOMMANDTIMEOUT STRING_ARG  */
-#line 4077 "util/configparser.y"
+#line 4079 "util/configparser.y"
         {
 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
 		OUTYY(("P(redis_command_timeout:%s)\n", (yyvsp[0].str)));
@@ -7807,11 +7809,11 @@ yyreduce:
 	#endif
 		free((yyvsp[0].str));
 	}
-#line 7811 "util/configparser.c"
+#line 7813 "util/configparser.c"
     break;
 
   case 765: /* redis_replica_command_timeout: VAR_CACHEDB_REDISREPLICACOMMANDTIMEOUT STRING_ARG  */
-#line 4090 "util/configparser.y"
+#line 4092 "util/configparser.y"
         {
 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
 		OUTYY(("P(redis_replica_command_timeout:%s)\n", (yyvsp[0].str)));
@@ -7823,11 +7825,11 @@ yyreduce:
 	#endif
 		free((yyvsp[0].str));
 	}
-#line 7827 "util/configparser.c"
+#line 7829 "util/configparser.c"
     break;
 
   case 766: /* redis_connect_timeout: VAR_CACHEDB_REDISCONNECTTIMEOUT STRING_ARG  */
-#line 4103 "util/configparser.y"
+#line 4105 "util/configparser.y"
         {
 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
 		OUTYY(("P(redis_connect_timeout:%s)\n", (yyvsp[0].str)));
@@ -7839,11 +7841,11 @@ yyreduce:
 	#endif
 		free((yyvsp[0].str));
 	}
-#line 7843 "util/configparser.c"
+#line 7845 "util/configparser.c"
     break;
 
   case 767: /* redis_replica_connect_timeout: VAR_CACHEDB_REDISREPLICACONNECTTIMEOUT STRING_ARG  */
-#line 4116 "util/configparser.y"
+#line 4118 "util/configparser.y"
         {
 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
 		OUTYY(("P(redis_replica_connect_timeout:%s)\n", (yyvsp[0].str)));
@@ -7855,11 +7857,11 @@ yyreduce:
 	#endif
 		free((yyvsp[0].str));
 	}
-#line 7859 "util/configparser.c"
+#line 7861 "util/configparser.c"
     break;
 
   case 768: /* redis_expire_records: VAR_CACHEDB_REDISEXPIRERECORDS STRING_ARG  */
-#line 4129 "util/configparser.y"
+#line 4131 "util/configparser.y"
         {
 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
 		OUTYY(("P(redis_expire_records:%s)\n", (yyvsp[0].str)));
@@ -7871,11 +7873,11 @@ yyreduce:
 	#endif
 		free((yyvsp[0].str));
 	}
-#line 7875 "util/configparser.c"
+#line 7877 "util/configparser.c"
     break;
 
   case 769: /* redis_logical_db: VAR_CACHEDB_REDISLOGICALDB STRING_ARG  */
-#line 4142 "util/configparser.y"
+#line 4144 "util/configparser.y"
         {
 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
 		int db;
@@ -7889,11 +7891,11 @@ yyreduce:
 	#endif
 		free((yyvsp[0].str));
 	}
-#line 7893 "util/configparser.c"
+#line 7895 "util/configparser.c"
     break;
 
   case 770: /* redis_replica_logical_db: VAR_CACHEDB_REDISREPLICALOGICALDB STRING_ARG  */
-#line 4157 "util/configparser.y"
+#line 4159 "util/configparser.y"
         {
 	#if defined(USE_CACHEDB) && defined(USE_REDIS)
 		int db;
@@ -7907,11 +7909,11 @@ yyreduce:
 	#endif
 		free((yyvsp[0].str));
 	}
-#line 7911 "util/configparser.c"
+#line 7913 "util/configparser.c"
     break;
 
   case 771: /* server_tcp_connection_limit: VAR_TCP_CONNECTION_LIMIT STRING_ARG STRING_ARG  */
-#line 4172 "util/configparser.y"
+#line 4174 "util/configparser.y"
         {
 		OUTYY(("P(server_tcp_connection_limit:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str)));
 		if (atoi((yyvsp[0].str)) < 0)
@@ -7921,11 +7923,11 @@ yyreduce:
 				fatal_exit("out of memory adding tcp connection limit");
 		}
 	}
-#line 7925 "util/configparser.c"
+#line 7927 "util/configparser.c"
     break;
 
   case 772: /* server_answer_cookie: VAR_ANSWER_COOKIE STRING_ARG  */
-#line 4183 "util/configparser.y"
+#line 4185 "util/configparser.y"
         {
 		OUTYY(("P(server_answer_cookie:%s)\n", (yyvsp[0].str)));
 		if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@@ -7933,11 +7935,11 @@ yyreduce:
 		else cfg_parser->cfg->do_answer_cookie = (strcmp((yyvsp[0].str), "yes")==0);
 		free((yyvsp[0].str));
 	}
-#line 7937 "util/configparser.c"
+#line 7939 "util/configparser.c"
     break;
 
   case 773: /* server_cookie_secret: VAR_COOKIE_SECRET STRING_ARG  */
-#line 4192 "util/configparser.y"
+#line 4194 "util/configparser.y"
         {
 		uint8_t secret[32];
 		size_t secret_len = sizeof(secret);
@@ -7952,21 +7954,21 @@ yyreduce:
 		}
 		free((yyvsp[0].str));
 	}
-#line 7956 "util/configparser.c"
+#line 7958 "util/configparser.c"
     break;
 
   case 774: /* server_cookie_secret_file: VAR_COOKIE_SECRET_FILE STRING_ARG  */
-#line 4208 "util/configparser.y"
+#line 4210 "util/configparser.y"
         {
 		OUTYY(("P(cookie_secret_file:%s)\n", (yyvsp[0].str)));
 		free(cfg_parser->cfg->cookie_secret_file);
 		cfg_parser->cfg->cookie_secret_file = (yyvsp[0].str);
 	}
-#line 7966 "util/configparser.c"
+#line 7968 "util/configparser.c"
     break;
 
   case 775: /* server_iter_scrub_ns: VAR_ITER_SCRUB_NS STRING_ARG  */
-#line 4215 "util/configparser.y"
+#line 4217 "util/configparser.y"
         {
 		OUTYY(("P(server_iter_scrub_ns:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -7974,11 +7976,11 @@ yyreduce:
 		else cfg_parser->cfg->iter_scrub_ns = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 7978 "util/configparser.c"
+#line 7980 "util/configparser.c"
     break;
 
   case 776: /* server_iter_scrub_cname: VAR_ITER_SCRUB_CNAME STRING_ARG  */
-#line 4224 "util/configparser.y"
+#line 4226 "util/configparser.y"
         {
 		OUTYY(("P(server_iter_scrub_cname:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -7986,11 +7988,11 @@ yyreduce:
 		else cfg_parser->cfg->iter_scrub_cname = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 7990 "util/configparser.c"
+#line 7992 "util/configparser.c"
     break;
 
   case 777: /* server_max_global_quota: VAR_MAX_GLOBAL_QUOTA STRING_ARG  */
-#line 4233 "util/configparser.y"
+#line 4235 "util/configparser.y"
         {
 		OUTYY(("P(server_max_global_quota:%s)\n", (yyvsp[0].str)));
 		if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0)
@@ -7998,20 +8000,20 @@ yyreduce:
 		else cfg_parser->cfg->max_global_quota = atoi((yyvsp[0].str));
 		free((yyvsp[0].str));
 	}
-#line 8002 "util/configparser.c"
+#line 8004 "util/configparser.c"
     break;
 
   case 778: /* ipsetstart: VAR_IPSET  */
-#line 4242 "util/configparser.y"
+#line 4244 "util/configparser.y"
         {
 		OUTYY(("\nP(ipset:)\n"));
 		cfg_parser->started_toplevel = 1;
 	}
-#line 8011 "util/configparser.c"
+#line 8013 "util/configparser.c"
     break;
 
   case 783: /* ipset_name_v4: VAR_IPSET_NAME_V4 STRING_ARG  */
-#line 4252 "util/configparser.y"
+#line 4254 "util/configparser.y"
         {
 	#ifdef USE_IPSET
 		OUTYY(("P(name-v4:%s)\n", (yyvsp[0].str)));
@@ -8025,11 +8027,11 @@ yyreduce:
 		free((yyvsp[0].str));
 	#endif
 	}
-#line 8029 "util/configparser.c"
+#line 8031 "util/configparser.c"
     break;
 
   case 784: /* ipset_name_v6: VAR_IPSET_NAME_V6 STRING_ARG  */
-#line 4267 "util/configparser.y"
+#line 4269 "util/configparser.y"
         {
 	#ifdef USE_IPSET
 		OUTYY(("P(name-v6:%s)\n", (yyvsp[0].str)));
@@ -8043,11 +8045,11 @@ yyreduce:
 		free((yyvsp[0].str));
 	#endif
 	}
-#line 8047 "util/configparser.c"
+#line 8049 "util/configparser.c"
     break;
 
 
-#line 8051 "util/configparser.c"
+#line 8053 "util/configparser.c"
 
       default: break;
     }
@@ -8241,7 +8243,7 @@ yyreturn:
   return yyresult;
 }
 
-#line 4281 "util/configparser.y"
+#line 4283 "util/configparser.y"
 
 
 /* parse helper routines could be here */
diff --git a/contrib/unbound/util/configparser.y b/contrib/unbound/util/configparser.y
index ebb23f41cbd3..82e1d8782bb5 100644
--- a/contrib/unbound/util/configparser.y
+++ b/contrib/unbound/util/configparser.y
@@ -954,7 +954,7 @@ server_tcp_mss: VAR_TCP_MSS STRING_ARG
 	{
 		OUTYY(("P(server_tcp_mss:%s)\n", $2));
 		if(atoi($2) == 0 && strcmp($2, "0") != 0)
-				yyerror("number expected");
+			yyerror("number expected");
 		else cfg_parser->cfg->tcp_mss = atoi($2);
 		free($2);
 	}
@@ -1168,11 +1168,13 @@ server_http_endpoint: VAR_HTTP_ENDPOINT STRING_ARG
 		free(cfg_parser->cfg->http_endpoint);
 		if($2 && $2[0] != '/') {
 			cfg_parser->cfg->http_endpoint = malloc(strlen($2)+2);
-			if(!cfg_parser->cfg->http_endpoint)
+			if(cfg_parser->cfg->http_endpoint) {
+				cfg_parser->cfg->http_endpoint[0] = '/';
+				memmove(cfg_parser->cfg->http_endpoint+1, $2,
+					strlen($2)+1);
+			} else {
 				yyerror("out of memory");
-			cfg_parser->cfg->http_endpoint[0] = '/';
-			memmove(cfg_parser->cfg->http_endpoint+1, $2,
-				strlen($2)+1);
+			}
 			free($2);
 		} else {
 			cfg_parser->cfg->http_endpoint = $2;
diff --git a/contrib/unbound/util/data/dname.c b/contrib/unbound/util/data/dname.c
index f08760e2f9fc..5370aa6f9585 100644
--- a/contrib/unbound/util/data/dname.c
+++ b/contrib/unbound/util/data/dname.c
@@ -57,7 +57,7 @@ query_dname_len(sldns_buffer* query)
 		if(sldns_buffer_remaining(query) < 1)
 			return 0; /* parse error, need label len */
 		labellen = sldns_buffer_read_u8(query);
-		if(labellen&0xc0)
+		if((labellen&0xc0))
 			return 0; /* no compression allowed in queries */
 		len += labellen + 1;
 		if(len > LDNS_MAX_DOMAINLEN)
@@ -79,7 +79,7 @@ dname_valid(uint8_t* dname, size_t maxlen)
 		return 0; /* too short, shortest is '0' root label */
 	labellen = *dname++;
 	while(labellen) {
-		if(labellen&0xc0)
+		if((labellen&0xc0))
 			return 0; /* no compression ptrs allowed */
 		len += labellen + 1;
 		if(len >= LDNS_MAX_DOMAINLEN)
@@ -644,20 +644,22 @@ void dname_str(uint8_t* dname, char* str)
 	if(!dname || !*dname) {
 		*s++ = '.';
 		*s = 0;
-		goto out;
+		return;
 	}
 	lablen = *dname++;
 	while(lablen) {
-		if(lablen > LDNS_MAX_LABELLEN) {
-			*s++ = '#';
-			*s = 0;
-			goto out;
-		}
 		len += lablen+1;
 		if(len >= LDNS_MAX_DOMAINLEN) {
+			if ((s-str) >= (LDNS_MAX_DOMAINLEN-1))
+				s = str + LDNS_MAX_DOMAINLEN - 2;
 			*s++ = '&';
 			*s = 0;
-			goto out;
+			return;
+		}
+		if(lablen > LDNS_MAX_LABELLEN) {
+			*s++ = '#';
+			*s = 0;
+			return;
 		}
 		while(lablen--) {
 			if(isalnum((unsigned char)*dname)
@@ -673,10 +675,6 @@ void dname_str(uint8_t* dname, char* str)
 		lablen = *dname++;
 	}
 	*s = 0;
-
-out:
-	log_assert(s - str < LDNS_MAX_DOMAINLEN);
-	return;
 }
 
 int 
@@ -728,7 +726,7 @@ dname_is_root(uint8_t* dname)
 	return (len == 0);
 }
 
-void 
+void
 dname_remove_label(uint8_t** dname, size_t* len)
 {
 	size_t lablen;
@@ -742,7 +740,23 @@ dname_remove_label(uint8_t** dname, size_t* len)
 	*dname += lablen+1;
 }
 
-void 
+int
+dname_remove_label_limit_len(uint8_t** dname, size_t* len, size_t lenlimit)
+{
+	size_t lablen;
+	log_assert(dname && *dname && len);
+	lablen = (*dname)[0];
+	log_assert(!LABEL_IS_PTR(lablen));
+	log_assert(*len > lablen);
+	if(lablen == 0)
+		return 0; /* do not modify root label */
+	if(*len - (lablen + 1) < lenlimit) return 0;
+	*len -= lablen+1;
+	*dname += lablen+1;
+	return 1;
+}
+
+void
 dname_remove_labels(uint8_t** dname, size_t* len, int n)
 {
 	int i;
diff --git a/contrib/unbound/util/data/dname.h b/contrib/unbound/util/data/dname.h
index 6e4cf7ea3be7..f68c64a03f0d 100644
--- a/contrib/unbound/util/data/dname.h
+++ b/contrib/unbound/util/data/dname.h
@@ -262,11 +262,24 @@ int dname_is_root(uint8_t* dname);
  * Snip off first label from a dname, returning the parent zone.
  * @param dname: from what to strip off. uncompressed wireformat.
  * @param len: length, adjusted to become less.
- * return stripped off, or "." if input was ".".
+ * return dname stripped off, or "." if input was ".".
  */
 void dname_remove_label(uint8_t** dname, size_t* len);
 
 /**
+ * Same as dname_remove_label but fails if removal would surpass lenlimit.
+ * If no failure,
+ * snip off first label from a dname, returning the parent zone.
+ * @param dname: from what to strip off. uncompressed wireformat.
+ * @param len: length, adjusted to become less.
+ * @param lenlimit: length limit that we can't surpass (usually the zone apex).
+ * @return
+ *	o 1,  and dname stripped off, or "." if input was ".", else
+ *	o 0, if going up would surpass lenlimit.
+ */
+int dname_remove_label_limit_len(uint8_t** dname, size_t* len, size_t lenlimit);
+
+/**
  * Snip off first N labels from a dname, returning the parent zone.
  * @param dname: from what to strip off. uncompressed wireformat.
  * @param len: length, adjusted to become less.
diff --git a/contrib/unbound/util/data/msgencode.c b/contrib/unbound/util/data/msgencode.c
index 6d116fb52d6d..84aa3b9e75ae 100644
--- a/contrib/unbound/util/data/msgencode.c
+++ b/contrib/unbound/util/data/msgencode.c
@@ -365,7 +365,7 @@ compress_any_dname(uint8_t* dname, sldns_buffer* pkt, int labs,
 
 /** return true if type needs domain name compression in rdata */
 static const sldns_rr_descriptor*
-type_rdata_compressable(struct ub_packed_rrset_key* key)
+type_rdata_compressible(struct ub_packed_rrset_key* key)
 {
 	uint16_t t = ntohs(key->rk.type);
 	if(sldns_rr_descript(t) && 
@@ -486,7 +486,7 @@ packed_rrset_encode(struct ub_packed_rrset_key* key, sldns_buffer* pkt,
 		adjust = SERVE_ORIGINAL_TTL ? data->ttl_add : timenow;
 
 	if(do_data) {
-		const sldns_rr_descriptor* c = type_rdata_compressable(key);
+		const sldns_rr_descriptor* c = type_rdata_compressible(key);
 		for(i=0; i<data->count; i++) {
 			/* rrset roundrobin */
 			j = (i + rr_offset) % data->count;
@@ -1021,7 +1021,7 @@ reply_info_answer_encode(struct query_info* qinf, struct reply_info* rep,
 		flags |= BIT_AA;
 		flags &= ~BIT_AD;
 	}
-	log_assert(flags & BIT_QR); /* QR bit must be on in our replies */
+	log_assert((flags & BIT_QR)); /* QR bit must be on in our replies */
 	if(udpsize < LDNS_HEADER_SIZE)
 		return 0;
 	/* currently edns does not change during calculations;
diff --git a/contrib/unbound/util/data/msgencode.h b/contrib/unbound/util/data/msgencode.h
index 6aff06099ee9..08fcb59b8e36 100644
--- a/contrib/unbound/util/data/msgencode.h
+++ b/contrib/unbound/util/data/msgencode.h
@@ -117,7 +117,7 @@ uint16_t calc_edns_field_size(struct edns_data* edns);
 uint16_t calc_edns_option_size(struct edns_data* edns, uint16_t code);
 
 /**
- * Calculate the size of the EDE option(s) in packet. Also calculate seperately
+ * Calculate the size of the EDE option(s) in packet. Also calculate separately
  * the size of the EXTRA-TEXT field(s) in case we can trim them to fit.
  * In this case include any LDNS_EDE_OTHER options in their entirety since they
  * are useless without extra text.
diff --git a/contrib/unbound/util/data/msgparse.h b/contrib/unbound/util/data/msgparse.h
index 62f0d5aacd80..7de4e394f2ae 100644
--- a/contrib/unbound/util/data/msgparse.h
+++ b/contrib/unbound/util/data/msgparse.h
@@ -308,16 +308,16 @@ int parse_extract_edns_from_response_msg(struct msg_parse* msg,
 /**
  * Skip RRs from packet
  * @param pkt: the packet. position at start must be right after the query
- *	section. At end, right after EDNS data or no movement if failed.
+ *	section. At end, right after EDNS data or partial movement if failed.
  * @param num: Limit of the number of records we want to parse.
- * @return: 0 on success, 1 on failure.
+ * @return: 1 on success, 0 on failure.
  */
 int skip_pkt_rrs(struct sldns_buffer* pkt, int num);
 
 /**
  * If EDNS data follows a query section, extract it and initialize edns struct.
  * @param pkt: the packet. position at start must be right after the query
- *	section. At end, right after EDNS data or no movement if failed.
+ *	section. At end, right after EDNS data or partial movement if failed.
  * @param edns: the edns data allocated by the caller. Does not have to be
  *	initialised.
  * @param cfg: the configuration (with nsid value etc.)
diff --git a/contrib/unbound/util/data/msgreply.c b/contrib/unbound/util/data/msgreply.c
index e98dce133039..02e1230e96e7 100644
--- a/contrib/unbound/util/data/msgreply.c
+++ b/contrib/unbound/util/data/msgreply.c
@@ -251,7 +251,7 @@ rdata_copy(sldns_buffer* pkt, struct packed_rrset_data* data, uint8_t* to,
 
 	*rr_ttl = sldns_read_uint32(rr->ttl_data);
 	/* RFC 2181 Section 8. if msb of ttl is set treat as if zero. */
-	if(*rr_ttl & 0x80000000U)
+	if((*rr_ttl & 0x80000000U))
 		*rr_ttl = 0;
 	if(type == LDNS_RR_TYPE_SOA && section == LDNS_SECTION_AUTHORITY) {
 		/* negative response. see if TTL of SOA record larger than the
@@ -984,14 +984,14 @@ log_reply_info(enum verbosity_value v, struct query_info *qinf,
 		if(daddr->ss_family == AF_INET6) {
 			struct sockaddr_in6 *d = (struct sockaddr_in6 *)daddr;
 			if(inet_ntop(d->sin6_family, &d->sin6_addr, da,
-				sizeof(*d)) == 0)
+				sizeof(da)) == 0)
 				snprintf(dest_buf, sizeof(dest_buf),
 					"(inet_ntop_error)");
 			port = ntohs(d->sin6_port);
 		} else if(daddr->ss_family == AF_INET) {
 			struct sockaddr_in *d = (struct sockaddr_in *)daddr;
 			if(inet_ntop(d->sin_family, &d->sin_addr, da,
-				sizeof(*d)) == 0)
+				sizeof(da)) == 0)
 				snprintf(dest_buf, sizeof(dest_buf),
 					"(inet_ntop_error)");
 			port = ntohs(d->sin_port);
@@ -1129,7 +1129,7 @@ int edns_opt_list_append_ede(struct edns_option** list, struct regional* region,
 	prevp = list;
 	while(*prevp != NULL)
 		prevp = &((*prevp)->next);
-	verbose(VERB_ALGO, "attached EDE code: %d with message: %s", code, (txt?txt:"\"\""));
+	verbose(VERB_ALGO, "attached EDE code: %d with message: '%s'", code, (txt?txt:""));
 	*prevp = opt;
 	return 1;
 }
@@ -1471,3 +1471,22 @@ struct edns_option* edns_opt_list_find(struct edns_option* list, uint16_t code)
 	}
 	return NULL;
 }
+
+int local_alias_shallow_copy_qname(struct local_rrset* local_alias, uint8_t** qname,
+	size_t* qname_len)
+{
+	struct ub_packed_rrset_key* rrset = local_alias->rrset;
+	struct packed_rrset_data* d = rrset->entry.data;
+
+	/* Sanity check: our current implementation only supports
+	    * a single CNAME RRset as a local alias. */
+	if(local_alias->next ||
+		rrset->rk.type != htons(LDNS_RR_TYPE_CNAME) ||
+		d->count != 1) {
+		log_err("assumption failure: unexpected local alias");
+		return 0;
+	}
+	*qname = d->rr_data[0] + 2;
+	*qname_len = d->rr_len[0] - 2;
+	return 1;
+}
diff --git a/contrib/unbound/util/data/msgreply.h b/contrib/unbound/util/data/msgreply.h
index 9c701f07d0c4..1ec4e850b8e1 100644
--- a/contrib/unbound/util/data/msgreply.h
+++ b/contrib/unbound/util/data/msgreply.h
@@ -597,7 +597,7 @@ int edns_opt_list_append(struct edns_option** list, uint16_t code, size_t len,
 			char text[sizeof(TXT) - 1];			\
 		} ede = { htons(CODE), TXT };				\
                 verbose(VERB_ALGO, "attached EDE code: %d with"		\
-                        " message: %s", CODE, TXT);			\
+                        " message: '%s'", CODE, TXT);			\
 		edns_opt_list_append((LIST), LDNS_EDNS_EDE, 		\
 			sizeof(uint16_t) + sizeof(TXT) - 1,		\
 			(void *)&ede, (REGION));			\
@@ -801,4 +801,14 @@ int edns_opt_compare(struct edns_option* p, struct edns_option* q);
  */
 int edns_opt_list_compare(struct edns_option* p, struct edns_option* q);
 
+/**
+ * Swallow copy the local_alias into the given qname and qname_len.
+ * @param local_alias: the local_alias.
+ * @param qname: the qname to copy to.
+ * @param qname_len: the qname_len to copy to.
+ * @return false on current local_alias assumptions, true otherwise.
+ */
+int local_alias_shallow_copy_qname(struct local_rrset* local_alias, uint8_t** qname,
+	size_t* qname_len);
+
 #endif /* UTIL_DATA_MSGREPLY_H */
diff --git a/contrib/unbound/util/iana_ports.inc b/contrib/unbound/util/iana_ports.inc
index 198a47eb1777..6d8cfd27b88e 100644
--- a/contrib/unbound/util/iana_ports.inc
+++ b/contrib/unbound/util/iana_ports.inc
@@ -3873,6 +3873,7 @@
 4486,
 4488,
 4500,
+4503,
 4534,
 4535,
 4536,
@@ -3979,6 +3980,7 @@
 4790,
 4791,
 4792,
+4793,
 4800,
 4801,
 4802,
diff --git a/contrib/unbound/util/mini_event.c b/contrib/unbound/util/mini_event.c
index c05dc668c676..2be42b2ccf05 100644
--- a/contrib/unbound/util/mini_event.c
+++ b/contrib/unbound/util/mini_event.c
@@ -297,10 +297,10 @@ int event_add(struct event* ev, struct timeval* tv)
 		return -1;
 	if( (ev->ev_events&(EV_READ|EV_WRITE)) && ev->ev_fd != -1) {
 		ev->ev_base->fds[ev->ev_fd] = ev;
-		if(ev->ev_events&EV_READ) {
+		if((ev->ev_events&EV_READ)) {
 			FD_SET(FD_SET_T ev->ev_fd, &ev->ev_base->reads);
 		}
-		if(ev->ev_events&EV_WRITE) {
+		if((ev->ev_events&EV_WRITE)) {
 			FD_SET(FD_SET_T ev->ev_fd, &ev->ev_base->writes);
 		}
 		FD_SET(FD_SET_T ev->ev_fd, &ev->ev_base->content);
diff --git a/contrib/unbound/util/net_help.c b/contrib/unbound/util/net_help.c
index 8eca6b757ca8..6ce0d9131300 100644
--- a/contrib/unbound/util/net_help.c
+++ b/contrib/unbound/util/net_help.c
@@ -317,6 +317,11 @@ int netblockstrtoaddr(const char* str, int port, struct sockaddr_storage* addr,
 			log_err("cannot parse netblock: '%s'", str);
 			return 0;
 		}
+		if(*net < 0) {
+			log_err("netblock value %d is negative in: '%s'",
+				*net, str);
+			return 0;
+		}
 		strlcpy(buf, str, sizeof(buf));
 		s = strchr(buf, '/');
 		if(s) *s = 0;
@@ -430,6 +435,8 @@ int netblockdnametoaddr(uint8_t* dname, size_t dnamelen,
 	*net = atoi(buff);
 	if(*net == 0 && strcmp(buff, "0") != 0)
 		return 0;
+	if(*net < 0)
+		return 0;
 	dname += nlablen;
 	dname++;
 	if(!ipdnametoaddr(dname, dnamelen-1-nlablen, addr, addrlen, af))
@@ -797,7 +804,7 @@ addr_mask(struct sockaddr_storage* addr, socklen_t len, int net)
 		s = (uint8_t*)&((struct sockaddr_in*)addr)->sin_addr;
 		max = 32;
 	}
-	if(net >= max)
+	if(net >= max || net < 0)
 		return;
 	for(i=net/8+1; i<max/8; i++) {
 		s[i] = 0;
@@ -1028,7 +1035,7 @@ void log_crypto_err_code(const char* str, unsigned long err)
 }
 
 #ifdef HAVE_SSL
-/** Print crypt erro with SSL_get_error want code and err_get_error code */
+/** Print crypt error with SSL_get_error want code and err_get_error code */
 static void log_crypto_err_io_code_arg(const char* str, int r,
 	unsigned long err, int err_present)
 {
@@ -1252,6 +1259,14 @@ listen_sslctx_setup(void* ctxt)
 		return 0;
 	}
 #endif
+#if defined(SSL_OP_NO_TLSv1_2) && defined(SSL_OP_NO_TLSv1_3)
+	/* if we have tls 1.3 disable 1.2 */
+	if((SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1_2) & SSL_OP_NO_TLSv1_2)
+		!= SSL_OP_NO_TLSv1_2){
+		log_crypto_err("could not set SSL_OP_NO_TLSv1_2");
+		return 0;
+	}
+#endif
 #if defined(SSL_OP_NO_RENEGOTIATION)
 	/* disable client renegotiation */
 	if((SSL_CTX_set_options(ctx, SSL_OP_NO_RENEGOTIATION) &
@@ -1305,7 +1320,7 @@ listen_sslctx_setup_2(void* ctxt)
 	if(!SSL_CTX_set_ecdh_auto(ctx,1)) {
 		log_crypto_err("Error in SSL_CTX_ecdh_auto, not enabling ECDHE");
 	}
-#elif defined(USE_ECDSA) && defined(HAVE_SSL_CTX_SET_TMP_ECDH)
+#elif defined(USE_ECDSA) && HAVE_DECL_SSL_CTX_SET_TMP_ECDH
 	if(1) {
 		EC_KEY *ecdh = EC_KEY_new_by_curve_name (NID_X9_62_prime256v1);
 		if (!ecdh) {
diff --git a/contrib/unbound/util/netevent.c b/contrib/unbound/util/netevent.c
index 0d0fff429c03..aedcb5e07a30 100644
--- a/contrib/unbound/util/netevent.c
+++ b/contrib/unbound/util/netevent.c
@@ -1083,6 +1083,11 @@ comm_point_udp_ancil_callback(int fd, short event, void* arg)
 			} else if( cmsg->cmsg_level == SOL_SOCKET &&
 				cmsg->cmsg_type == SO_TIMESTAMP) {
 				memmove(&rep.c->recv_tv, CMSG_DATA(cmsg), sizeof(struct timeval));
+#elif defined(SO_TIMESTAMP) && defined(SCM_TIMESTAMP)
+			} else if( cmsg->cmsg_level == SOL_SOCKET &&
+				cmsg->cmsg_type == SCM_TIMESTAMP) {
+				/* FreeBSD and also Linux. */
+				memmove(&rep.c->recv_tv, CMSG_DATA(cmsg), sizeof(struct timeval));
 #endif /* HAVE_LINUX_NET_TSTAMP_H */
 			}
 		}
@@ -3213,6 +3218,9 @@ comm_point_tcp_accept_callback(int fd, short event, void* arg)
 	}
 	/* accept incoming connection. */
 	c_hdl = c->tcp_free;
+	/* Should not happen: inconsistent tcp_free state in
+	 * accept_callback. */
+	log_assert(c_hdl->is_in_tcp_free);
 	/* clear leftover flags from previous use, and then set the
 	 * correct event base for the event structure for libevent */
 	ub_event_free(c_hdl->ev->ev);
@@ -3287,10 +3295,15 @@ comm_point_tcp_accept_callback(int fd, short event, void* arg)
 #endif
 	}
 
+	/* Paranoia: Check that the state has not changed from above: */
+	/* Should not happen: tcp_free state changed within accept_callback. */
+	log_assert(c_hdl == c->tcp_free);
+	log_assert(c_hdl->is_in_tcp_free);
 	/* grab the tcp handler buffers */
 	c->cur_tcp_count++;
 	c->tcp_free = c_hdl->tcp_free;
 	c_hdl->tcp_free = NULL;
+	c_hdl->is_in_tcp_free = 0;
 	if(!c->tcp_free) {
 		/* stop accepting incoming queries for now. */
 		comm_point_stop_listening(c);
@@ -3311,12 +3324,14 @@ reclaim_tcp_handler(struct comm_point* c)
 #endif
 	}
 	comm_point_close(c);
-	if(c->tcp_parent) {
-		if(c != c->tcp_parent->tcp_free) {
-			c->tcp_parent->cur_tcp_count--;
-			c->tcp_free = c->tcp_parent->tcp_free;
-			c->tcp_parent->tcp_free = c;
-		}
+	if(c->tcp_parent && !c->is_in_tcp_free) {
+		/* Should not happen: bad tcp_free state in reclaim_tcp. */
+		log_assert(c->tcp_free == NULL);
+		log_assert(c->tcp_parent->cur_tcp_count > 0);
+		c->tcp_parent->cur_tcp_count--;
+		c->tcp_free = c->tcp_parent->tcp_free;
+		c->tcp_parent->tcp_free = c;
+		c->is_in_tcp_free = 1;
 		if(!c->tcp_free) {
 			/* re-enable listening on accept socket */
 			comm_point_start_listening(c->tcp_parent, -1, -1);
@@ -4630,7 +4645,7 @@ comm_point_tcp_handle_callback(int fd, short event, void* arg)
 	}
 #endif
 
-	if(event&UB_EV_TIMEOUT) {
+	if((event&UB_EV_TIMEOUT)) {
 		verbose(VERB_QUERY, "tcp took too long, dropped");
 		reclaim_tcp_handler(c);
 		if(!c->tcp_do_close) {
@@ -4640,7 +4655,7 @@ comm_point_tcp_handle_callback(int fd, short event, void* arg)
 		}
 		return;
 	}
-	if(event&UB_EV_READ
+	if((event&UB_EV_READ)
 #ifdef USE_MSG_FASTOPEN
 		&& !(c->tcp_do_fastopen && (event&UB_EV_WRITE))
 #endif
@@ -4665,7 +4680,7 @@ comm_point_tcp_handle_callback(int fd, short event, void* arg)
 			tcp_more_read_again(fd, c);
 		return;
 	}
-	if(event&UB_EV_WRITE) {
+	if((event&UB_EV_WRITE)) {
 		int has_tcpq = (c->tcp_req_info != NULL);
 		int* morewrite = c->tcp_more_write_again;
 		if(!comm_point_tcp_handle_write(fd, c)) {
@@ -4702,12 +4717,14 @@ reclaim_http_handler(struct comm_point* c)
 #endif
 	}
 	comm_point_close(c);
-	if(c->tcp_parent) {
-		if(c != c->tcp_parent->tcp_free) {
-			c->tcp_parent->cur_tcp_count--;
-			c->tcp_free = c->tcp_parent->tcp_free;
-			c->tcp_parent->tcp_free = c;
-		}
+	if(c->tcp_parent && !c->is_in_tcp_free) {
+		/* Should not happen: bad tcp_free state in reclaim_http. */
+		log_assert(c->tcp_free == NULL);
+		log_assert(c->tcp_parent->cur_tcp_count > 0);
+		c->tcp_parent->cur_tcp_count--;
+		c->tcp_free = c->tcp_parent->tcp_free;
+		c->tcp_parent->tcp_free = c;
+		c->is_in_tcp_free = 1;
 		if(!c->tcp_free) {
 			/* re-enable listening on accept socket */
 			comm_point_start_listening(c->tcp_parent, -1, -1);
@@ -5144,6 +5161,15 @@ ssize_t http2_recv_cb(nghttp2_session* ATTR_UNUSED(session), uint8_t* buf,
 
 	log_assert(h2_session->c->type == comm_http);
 	log_assert(h2_session->c->h2_session);
+	if(++h2_session->reads_count > h2_session->c->http2_max_streams) {
+		/* We are somewhat arbitrarily capping the amount of
+		 * consecutive reads on the HTTP2 session to the number of max
+		 * allowed streams.
+		 * When we reach the cap, error out with NGHTTP2_ERR_WOULDBLOCK
+		 * to signal nghttp2_session_recv() to stop reading for now. */
+		h2_session->reads_count = 0;
+		return NGHTTP2_ERR_WOULDBLOCK;
+	}
 
 #ifdef HAVE_SSL
 	if(h2_session->c->ssl) {
@@ -5177,7 +5203,7 @@ ssize_t http2_recv_cb(nghttp2_session* ATTR_UNUSED(session), uint8_t* buf,
 	}
 #endif /* HAVE_SSL */
 
-	ret = recv(h2_session->c->fd, buf, len, MSG_DONTWAIT);
+	ret = recv(h2_session->c->fd, (void*)buf, len, MSG_DONTWAIT);
 	if(ret == 0) {
 		return NGHTTP2_ERR_EOF;
 	} else if(ret < 0) {
@@ -5505,7 +5531,7 @@ ssize_t http2_send_cb(nghttp2_session* ATTR_UNUSED(session), const uint8_t* buf,
 	}
 #endif /* HAVE_SSL */
 
-	ret = send(h2_session->c->fd, buf, len, 0);
+	ret = send(h2_session->c->fd, (void*)buf, len, 0);
 	if(ret == 0) {
 		return NGHTTP2_ERR_CALLBACK_FAILURE;
 	} else if(ret < 0) {
@@ -5648,7 +5674,7 @@ comm_point_http_handle_callback(int fd, short event, void* arg)
 	log_assert(c->type == comm_http);
 	ub_comm_base_now(c->ev->base);
 
-	if(event&UB_EV_TIMEOUT) {
+	if((event&UB_EV_TIMEOUT)) {
 		verbose(VERB_QUERY, "http took too long, dropped");
 		reclaim_http_handler(c);
 		if(!c->tcp_do_close) {
@@ -5658,7 +5684,7 @@ comm_point_http_handle_callback(int fd, short event, void* arg)
 		}
 		return;
 	}
-	if(event&UB_EV_READ) {
+	if((event&UB_EV_READ)) {
 		if(!comm_point_http_handle_read(fd, c)) {
 			reclaim_http_handler(c);
 			if(!c->tcp_do_close) {
@@ -5670,7 +5696,7 @@ comm_point_http_handle_callback(int fd, short event, void* arg)
 		}
 		return;
 	}
-	if(event&UB_EV_WRITE) {
+	if((event&UB_EV_WRITE)) {
 		if(!comm_point_http_handle_write(fd, c)) {
 			reclaim_http_handler(c);
 			if(!c->tcp_do_close) {
@@ -5691,7 +5717,7 @@ void comm_point_local_handle_callback(int fd, short event, void* arg)
 	log_assert(c->type == comm_local);
 	ub_comm_base_now(c->ev->base);
 
-	if(event&UB_EV_READ) {
+	if((event&UB_EV_READ)) {
 		if(!comm_point_tcp_handle_read(fd, c, 1)) {
 			fptr_ok(fptr_whitelist_comm_point(c->callback));
 			(void)(*c->callback)(c, c->cb_arg, NETEVENT_CLOSED,
@@ -5710,7 +5736,7 @@ void comm_point_raw_handle_callback(int ATTR_UNUSED(fd),
 	log_assert(c->type == comm_raw);
 	ub_comm_base_now(c->ev->base);
 
-	if(event&UB_EV_TIMEOUT)
+	if((event&UB_EV_TIMEOUT))
 		err = NETEVENT_TIMEOUT;
 	fptr_ok(fptr_whitelist_comm_point_raw(c->callback));
 	(void)(*c->callback)(c, c->cb_arg, err, NULL);
@@ -5743,6 +5769,7 @@ comm_point_create_udp(struct comm_base *base, int fd, sldns_buffer* buffer,
 	c->cur_tcp_count = 0;
 	c->tcp_handlers = NULL;
 	c->tcp_free = NULL;
+	c->is_in_tcp_free = 0;
 	c->type = comm_udp;
 	c->tcp_do_close = 0;
 	c->do_not_close = 0;
@@ -5807,6 +5834,7 @@ comm_point_create_udp_ancil(struct comm_base *base, int fd,
 	c->cur_tcp_count = 0;
 	c->tcp_handlers = NULL;
 	c->tcp_free = NULL;
+	c->is_in_tcp_free = 0;
 	c->type = comm_udp;
 	c->tcp_do_close = 0;
 	c->do_not_close = 0;
@@ -5874,6 +5902,7 @@ comm_point_create_doq(struct comm_base *base, int fd, sldns_buffer* buffer,
 	c->cur_tcp_count = 0;
 	c->tcp_handlers = NULL;
 	c->tcp_free = NULL;
+	c->is_in_tcp_free = 0;
 	c->type = comm_doq;
 	c->tcp_do_close = 0;
 	c->do_not_close = 0;
@@ -5974,6 +6003,7 @@ comm_point_create_tcp_handler(struct comm_base *base,
 	c->cur_tcp_count = 0;
 	c->tcp_handlers = NULL;
 	c->tcp_free = NULL;
+	c->is_in_tcp_free = 0;
 	c->type = comm_tcp;
 	c->tcp_do_close = 0;
 	c->do_not_close = 0;
@@ -6011,6 +6041,7 @@ comm_point_create_tcp_handler(struct comm_base *base,
 	/* add to parent free list */
 	c->tcp_free = parent->tcp_free;
 	parent->tcp_free = c;
+	c->is_in_tcp_free = 1;
 	/* ub_event stuff */
 	evbits = UB_EV_PERSIST | UB_EV_READ | UB_EV_TIMEOUT;
 	c->ev->ev = ub_event_new(base->eb->base, c->fd, evbits,
@@ -6073,6 +6104,7 @@ comm_point_create_http_handler(struct comm_base *base,
 	c->cur_tcp_count = 0;
 	c->tcp_handlers = NULL;
 	c->tcp_free = NULL;
+	c->is_in_tcp_free = 0;
 	c->type = comm_http;
 	c->tcp_do_close = 1;
 	c->do_not_close = 0;
@@ -6131,6 +6163,7 @@ comm_point_create_http_handler(struct comm_base *base,
 	/* add to parent free list */
 	c->tcp_free = parent->tcp_free;
 	parent->tcp_free = c;
+	c->is_in_tcp_free = 1;
 	/* ub_event stuff */
 	evbits = UB_EV_PERSIST | UB_EV_READ | UB_EV_TIMEOUT;
 	c->ev->ev = ub_event_new(base->eb->base, c->fd, evbits,
@@ -6192,6 +6225,7 @@ comm_point_create_tcp(struct comm_base *base, int fd, int num,
 		return NULL;
 	}
 	c->tcp_free = NULL;
+	c->is_in_tcp_free = 0;
 	c->type = comm_tcp_accept;
 	c->tcp_do_close = 0;
 	c->do_not_close = 0;
@@ -6286,6 +6320,7 @@ comm_point_create_tcp_out(struct comm_base *base, size_t bufsize,
 	c->cur_tcp_count = 0;
 	c->tcp_handlers = NULL;
 	c->tcp_free = NULL;
+	c->is_in_tcp_free = 0;
 	c->type = comm_tcp;
 	c->tcp_do_close = 0;
 	c->do_not_close = 0;
@@ -6350,6 +6385,7 @@ comm_point_create_http_out(struct comm_base *base, size_t bufsize,
 	c->cur_tcp_count = 0;
 	c->tcp_handlers = NULL;
 	c->tcp_free = NULL;
+	c->is_in_tcp_free = 0;
 	c->type = comm_http;
 	c->tcp_do_close = 0;
 	c->do_not_close = 0;
@@ -6420,6 +6456,7 @@ comm_point_create_local(struct comm_base *base, int fd, size_t bufsize,
 	c->cur_tcp_count = 0;
 	c->tcp_handlers = NULL;
 	c->tcp_free = NULL;
+	c->is_in_tcp_free = 0;
 	c->type = comm_local;
 	c->tcp_do_close = 0;
 	c->do_not_close = 1;
@@ -6483,6 +6520,7 @@ comm_point_create_raw(struct comm_base* base, int fd, int writing,
 	c->cur_tcp_count = 0;
 	c->tcp_handlers = NULL;
 	c->tcp_free = NULL;
+	c->is_in_tcp_free = 0;
 	c->type = comm_raw;
 	c->tcp_do_close = 0;
 	c->do_not_close = 1;
diff --git a/contrib/unbound/util/netevent.h b/contrib/unbound/util/netevent.h
index 96de0032cef6..c5114bbbef27 100644
--- a/contrib/unbound/util/netevent.h
+++ b/contrib/unbound/util/netevent.h
@@ -238,6 +238,8 @@ struct comm_point {
 	/** linked list of free tcp_handlers to use for new queries.
 	    For tcp_accept the first entry, for tcp_handlers the next one. */
 	struct comm_point* tcp_free;
+	/** Whether this struct is in its parent's tcp_free list */
+	int is_in_tcp_free;
 
 	/* -------- SSL TCP DNS ------- */
 	/** the SSL object with rw bio (owned) or for commaccept ctx ref */
@@ -937,6 +939,8 @@ struct http2_session {
 	/** comm point containing buffer used to build answer in worker or
 	 * module */
 	struct comm_point* c;
+	/** count the number of consecutive reads on the session */
+	uint32_t reads_count;
 	/** session is instructed to get dropped (comm port will be closed) */
 	int is_drop;
 	/** postpone dropping the session, can be used to prevent dropping
diff --git a/contrib/unbound/util/random.c b/contrib/unbound/util/random.c
index 6eb102c634b9..92a4f6dd0bd6 100644
--- a/contrib/unbound/util/random.c
+++ b/contrib/unbound/util/random.c
@@ -78,6 +78,37 @@
  */
 #define MAX_VALUE 0x7fffffff
 
+/* If the build mode is for fuzzing this removes randomness from the output.
+ * This helps fuzz engines from having state increase due to the randomness. */
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+struct ub_randstate {
+       unsigned int dummy;
+};
+
+struct ub_randstate* ub_initstate(struct ub_randstate* ATTR_UNUSED(from))
+{
+       struct ub_randstate* s = (struct ub_randstate*)calloc(1, sizeof(*s));
+       if(!s) {
+               log_err("malloc failure in random init");
+               return NULL;
+       }
+       return s;
+}
+
+long int ub_random(struct ub_randstate* state)
+{
+       state->dummy++;
+       return (long int)(state->dummy & MAX_VALUE);
+}
+
+long int
+ub_random_max(struct ub_randstate* state, long int x)
+{
+       state->dummy++;
+       return ((long int)state->dummy % x);
+}
+#else /* !FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */
+
 #if defined(HAVE_SSL) || defined(HAVE_LIBBSD)
 struct ub_randstate* 
 ub_initstate(struct ub_randstate* ATTR_UNUSED(from))
@@ -200,6 +231,8 @@ ub_random_max(struct ub_randstate* state, long int x)
 }
 #endif /* HAVE_NSS or HAVE_NETTLE and !HAVE_LIBBSD */
 
+#endif /* FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */
+
 void 
 ub_randfree(struct ub_randstate* s)
 {
diff --git a/contrib/unbound/validator/val_sigcrypt.c b/contrib/unbound/validator/val_sigcrypt.c
index 9251d2b1f38a..86de6fb8e80f 100644
--- a/contrib/unbound/validator/val_sigcrypt.c
+++ b/contrib/unbound/validator/val_sigcrypt.c
@@ -57,6 +57,7 @@
 #include "sldns/sbuffer.h"
 #include "sldns/parseutil.h"
 #include "sldns/wire2str.h"
+#include "services/mesh.h"
 
 #include <ctype.h>
 #if !defined(HAVE_SSL) && !defined(HAVE_NSS) && !defined(HAVE_NETTLE)
@@ -1677,6 +1678,10 @@ dnskey_verify_rrset_sig(struct regional* region, sldns_buffer* buf,
 	/* verify */
 	sec = verify_canonrrset(buf, (int)sig[2+2],
 		sigblock, sigblock_len, key, keylen, reason);
+
+	/* count validation operation */
+	if(qstate && qstate->env && qstate->env->mesh)
+		qstate->env->mesh->val_ops++;
 	
 	if(sec == sec_status_secure) {
 		/* check if TTL is too high - reduce if so */
diff --git a/contrib/unbound/validator/validator.c b/contrib/unbound/validator/validator.c
index a0550b484eae..5817fc8085a2 100644
--- a/contrib/unbound/validator/validator.c
+++ b/contrib/unbound/validator/validator.c
@@ -76,7 +76,7 @@ static void process_ds_response(struct module_qstate* qstate,
 	struct module_qstate* sub_qstate);
 
 
-/* Updates the suplied EDE (RFC8914) code selectively so we don't lose
+/* Updates the supplied EDE (RFC8914) code selectively so we don't lose
  * a more specific code */
 static void
 update_reason_bogus(struct reply_info* rep, sldns_ede_code reason_bogus)
@@ -399,7 +399,7 @@ needs_validation(struct module_qstate* qstate, int ret_rc,
 	 * For DNS64 bit_cd signals no dns64 processing, but we want to
 	 * provide validation there too */
 	/*
-	if(qstate->query_flags & BIT_CD) {
+	if((qstate->query_flags & BIT_CD)) {
 		verbose(VERB_ALGO, "not validating response due to CD bit");
 		return 0;
 	}
@@ -2593,8 +2593,17 @@ processFinished(struct module_qstate* qstate, struct val_qstate* vq,
 
 	/* Update rep->reason_bogus as it is the one being cached */
 	update_reason_bogus(vq->orig_msg->rep, errinf_to_reason_bogus(qstate));
+	if(vq->orig_msg->rep->security != sec_status_bogus &&
+		vq->orig_msg->rep->security != sec_status_secure_sentinel_fail
+		&& vq->orig_msg->rep->reason_bogus == LDNS_EDE_DNSSEC_BOGUS) {
+		/* Not interested in any DNSSEC EDE here, validator by default
+		 * uses LDNS_EDE_DNSSEC_BOGUS;
+		 * TODO revisit default value for the module */
+		vq->orig_msg->rep->reason_bogus = LDNS_EDE_NONE;
+	}
+
 	/* store results in cache */
-	if(qstate->query_flags&BIT_RD) {
+	if((qstate->query_flags&BIT_RD)) {
 		/* if secure, this will override cache anyway, no need
 		 * to check if from parentNS */
 		if(!qstate->no_cache_store) {
@@ -2908,7 +2917,7 @@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq,
 		struct ub_packed_rrset_key* ds;
 		enum sec_status sec;
 		ds = reply_find_answer_rrset(qinfo, msg->rep);
-		/* If there was no DS rrset, then we have mis-classified 
+		/* If there was no DS rrset, then we have misclassified
 		 * this message. */
 		if(!ds) {
 			log_warn("internal error: POSITIVE DS response was "
@@ -3460,7 +3469,7 @@ val_inform_super(struct module_qstate* qstate, int id,
 		if(suspend) {
 			/* deep copy the return_msg to vq->sub_ds_msg; it will
 			 * be resumed later in the super state with the caveat
-			 * that the initial calculations will be re-caclulated
+			 * that the initial calculations will be re-calculated
 			 * and re-suspended there before continuing. */
 			vq->sub_ds_msg = dns_msg_deepcopy_region(
 				qstate->return_msg, super->region);
diff --git a/contrib/unbound/winrc/win_svc.c b/contrib/unbound/winrc/win_svc.c
index 40e12f1cff87..429b045dc289 100644
--- a/contrib/unbound/winrc/win_svc.c
+++ b/contrib/unbound/winrc/win_svc.c
@@ -328,6 +328,7 @@ service_init(int r, struct daemon** d, struct config_file** c)
 			return 0;
 		}
 		log_warn("could not open config file, using defaults");
+		config_auto_slab_values(cfg);
 	}
 	if(!r) report_status(SERVICE_START_PENDING, NO_ERROR, 2600);