This seemed a worthwhile target. Think I've tested all the paths,
but more eyes/tests wouldn't hurt.
Index: Makefile
===================================================================
RCS file: /cvs/ports/net/fping/Makefile,v
retrieving revision 1.36
diff -u -p -r1.36 Makefile
--- Makefile 21 Oct 2015 10:12:13 -0000 1.36
+++ Makefile 21 Oct 2015 10:26:22 -0000
@@ -3,7 +3,7 @@
COMMENT= quickly ping N hosts w/o flooding the network
DISTNAME= fping-3.12
-REVISION= 0
+REVISION= 1
CATEGORIES= net
Index: patches/patch-src_fping_c
===================================================================
RCS file: patches/patch-src_fping_c
diff -N patches/patch-src_fping_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_fping_c 21 Oct 2015 10:26:22 -0000
@@ -0,0 +1,40 @@
+$OpenBSD$
+--- src/fping.c.orig Wed Oct 14 20:48:07 2015
++++ src/fping.c Wed Oct 21 11:06:05 2015
+@@ -369,6 +369,9 @@ int main( int argc, char **argv )
+ setuid( getuid() );
+ }
+
++ if (pledge("stdio inet rpath dns", NULL) == -1)
++ perror("pledge");
++
+ prog = argv[0];
+ ident = getpid() & 0xFFFF;
+ verbose_flag = 1;
+@@ -561,6 +564,11 @@ int main( int argc, char **argv )
+ }/* SWITCH */
+ }/* WHILE */
+
++ if (!filename) { /* drop rpath if not reading addrs from file */
++ if (pledge("stdio inet dns", NULL) == -1)
++ perror("pledge");
++ }
++
+ /* validate various option settings */
+
+ if (ttl > 255) {
+@@ -775,6 +783,14 @@ int main( int argc, char **argv )
+ }
+ else {
+ usage(1);
++ }
++
++ if (name_flag) { /* done with file, drop rpath */
++ if (pledge("stdio inet dns", NULL) == -1)
++ perror("pledge");
++ } else { /* and drop dns unless we do reverse lookups */
++ if (pledge("stdio inet", NULL) == -1)
++ perror("pledge");
+ }
+
+ if( !num_hosts )
