PERFORCE change 171355 for review
Rafal Jaworowski
raj at FreeBSD.org
Thu Dec 3 20:41:01 UTC 2009
http://p4web.freebsd.org/chv.cgi?CH=171355
Change 171355 by raj at raj_fdt on 2009/12/03 20:40:52
IFC @171341
Affected files ...
.. //depot/projects/fdt/ObsoleteFiles.inc#3 integrate
.. //depot/projects/fdt/bin/sh/eval.c#3 integrate
.. //depot/projects/fdt/bin/sh/redir.c#3 integrate
.. //depot/projects/fdt/contrib/bind9/CHANGES#2 integrate
.. //depot/projects/fdt/contrib/bind9/bin/named/query.c#2 integrate
.. //depot/projects/fdt/contrib/bind9/lib/dns/api#2 integrate
.. //depot/projects/fdt/contrib/bind9/lib/dns/include/dns/types.h#2 integrate
.. //depot/projects/fdt/contrib/bind9/lib/dns/masterdump.c#2 integrate
.. //depot/projects/fdt/contrib/bind9/lib/dns/rbtdb.c#2 integrate
.. //depot/projects/fdt/contrib/bind9/lib/dns/resolver.c#2 integrate
.. //depot/projects/fdt/contrib/bind9/lib/dns/validator.c#2 integrate
.. //depot/projects/fdt/contrib/bind9/version#2 integrate
.. //depot/projects/fdt/contrib/bsnmp/snmp_mibII/BEGEMOT-MIB2-MIB.txt#2 integrate
.. //depot/projects/fdt/contrib/bsnmp/snmp_mibII/mibII.c#2 integrate
.. //depot/projects/fdt/contrib/bsnmp/snmp_mibII/mibII.h#2 integrate
.. //depot/projects/fdt/contrib/bsnmp/snmp_mibII/mibII_begemot.c#2 integrate
.. //depot/projects/fdt/contrib/bsnmp/snmp_mibII/mibII_tree.def#2 integrate
.. //depot/projects/fdt/contrib/gcc/config/freebsd-spec.h#2 integrate
.. //depot/projects/fdt/contrib/groff/tmac/doc-syms#2 integrate
.. //depot/projects/fdt/contrib/ntp/ntpd/ntp_io.c#2 integrate
.. //depot/projects/fdt/contrib/telnet/telnet/externs.h#2 integrate
.. //depot/projects/fdt/crypto/openssl/ssl/s3_lib.c#2 integrate
.. //depot/projects/fdt/crypto/openssl/ssl/s3_pkt.c#2 integrate
.. //depot/projects/fdt/crypto/openssl/ssl/s3_srvr.c#2 integrate
.. //depot/projects/fdt/etc/Makefile#3 integrate
.. //depot/projects/fdt/etc/defaults/rc.conf#2 integrate
.. //depot/projects/fdt/etc/mtree/BSD.var.dist#2 integrate
.. //depot/projects/fdt/etc/rc.d/Makefile#2 integrate
.. //depot/projects/fdt/etc/rc.d/ip6fw#2 delete
.. //depot/projects/fdt/etc/rc.d/ipfw#2 integrate
.. //depot/projects/fdt/etc/rc.firewall#2 integrate
.. //depot/projects/fdt/etc/rc.firewall6#2 delete
.. //depot/projects/fdt/include/Makefile#2 integrate
.. //depot/projects/fdt/include/termios.h#1 branch
.. //depot/projects/fdt/lib/Makefile#2 integrate
.. //depot/projects/fdt/lib/bind/config.h#2 integrate
.. //depot/projects/fdt/lib/csu/amd64/Makefile#2 integrate
.. //depot/projects/fdt/lib/csu/arm/Makefile#2 integrate
.. //depot/projects/fdt/lib/csu/i386-elf/Makefile#2 integrate
.. //depot/projects/fdt/lib/csu/i386-elf/crt1.c#2 delete
.. //depot/projects/fdt/lib/csu/i386-elf/crt1_c.c#1 branch
.. //depot/projects/fdt/lib/csu/i386-elf/crt1_s.S#1 branch
.. //depot/projects/fdt/lib/csu/ia64/Makefile#2 integrate
.. //depot/projects/fdt/lib/csu/mips/Makefile#2 integrate
.. //depot/projects/fdt/lib/csu/powerpc/Makefile#2 integrate
.. //depot/projects/fdt/lib/csu/sparc64/Makefile#2 integrate
.. //depot/projects/fdt/lib/libc/gen/exec.c#2 integrate
.. //depot/projects/fdt/lib/libc/net/sctp_send.3#2 integrate
.. //depot/projects/fdt/lib/libc/net/sctp_sendmsg.3#2 integrate
.. //depot/projects/fdt/lib/libc/rpc/svc.c#2 integrate
.. //depot/projects/fdt/lib/libc/stdio/printf.3#2 integrate
.. //depot/projects/fdt/lib/libc/stdlib/getenv.c#2 integrate
.. //depot/projects/fdt/lib/libc/string/strcat.3#2 integrate
.. //depot/projects/fdt/lib/libc/sys/setpgid.2#2 integrate
.. //depot/projects/fdt/lib/libthr/Makefile#3 integrate
.. //depot/projects/fdt/lib/libulog/Makefile#1 branch
.. //depot/projects/fdt/lib/libulog/Symbol.map#1 branch
.. //depot/projects/fdt/lib/libulog/ulog.h#1 branch
.. //depot/projects/fdt/lib/libulog/ulog_getutxent.3#1 branch
.. //depot/projects/fdt/lib/libulog/ulog_getutxent.c#1 branch
.. //depot/projects/fdt/lib/libulog/ulog_internal.h#1 branch
.. //depot/projects/fdt/lib/libulog/ulog_login.3#1 branch
.. //depot/projects/fdt/lib/libulog/ulog_login.c#1 branch
.. //depot/projects/fdt/lib/libulog/ulog_login_pseudo.c#1 branch
.. //depot/projects/fdt/lib/libutil/libutil.h#2 integrate
.. //depot/projects/fdt/libexec/Makefile#2 integrate
.. //depot/projects/fdt/libexec/rtld-elf/rtld.c#4 integrate
.. //depot/projects/fdt/libexec/rtld-elf/rtld.h#3 integrate
.. //depot/projects/fdt/libexec/ulog-helper/Makefile#1 branch
.. //depot/projects/fdt/libexec/ulog-helper/ulog-helper.c#1 branch
.. //depot/projects/fdt/sbin/ipfw/dummynet.c#3 integrate
.. //depot/projects/fdt/share/man/man4/Makefile#4 integrate
.. //depot/projects/fdt/share/man/man4/amdsbwd.4#1 branch
.. //depot/projects/fdt/share/man/man4/ipsec.4#2 integrate
.. //depot/projects/fdt/share/man/man4/sctp.4#2 integrate
.. //depot/projects/fdt/share/man/man9/VOP_OPENCLOSE.9#2 integrate
.. //depot/projects/fdt/share/man/man9/ifnet.9#2 integrate
.. //depot/projects/fdt/share/misc/bsd-family-tree#2 integrate
.. //depot/projects/fdt/share/mk/bsd.libnames.mk#2 integrate
.. //depot/projects/fdt/sys/amd64/amd64/identcpu.c#3 integrate
.. //depot/projects/fdt/sys/amd64/amd64/mca.c#2 integrate
.. //depot/projects/fdt/sys/amd64/amd64/trap.c#3 integrate
.. //depot/projects/fdt/sys/amd64/conf/NOTES#2 integrate
.. //depot/projects/fdt/sys/amd64/include/mca.h#2 integrate
.. //depot/projects/fdt/sys/amd64/include/specialreg.h#2 integrate
.. //depot/projects/fdt/sys/arm/arm/trap.c#3 integrate
.. //depot/projects/fdt/sys/arm/conf/AVILA#2 integrate
.. //depot/projects/fdt/sys/arm/conf/CAMBRIA#2 integrate
.. //depot/projects/fdt/sys/boot/forth/loader.conf.5#2 integrate
.. //depot/projects/fdt/sys/boot/i386/libi386/Makefile#2 integrate
.. //depot/projects/fdt/sys/boot/i386/libi386/spinconsole.c#1 branch
.. //depot/projects/fdt/sys/boot/i386/libi386/vidconsole.c#2 integrate
.. //depot/projects/fdt/sys/boot/i386/loader/conf.c#2 integrate
.. //depot/projects/fdt/sys/boot/pc98/loader/conf.c#2 integrate
.. //depot/projects/fdt/sys/cam/ata/ata_all.c#4 integrate
.. //depot/projects/fdt/sys/cam/ata/ata_all.h#4 integrate
.. //depot/projects/fdt/sys/cam/scsi/scsi_cd.c#3 integrate
.. //depot/projects/fdt/sys/compat/svr4/svr4_termios.c#2 integrate
.. //depot/projects/fdt/sys/conf/files#6 integrate
.. //depot/projects/fdt/sys/conf/files.amd64#2 integrate
.. //depot/projects/fdt/sys/conf/files.i386#2 integrate
.. //depot/projects/fdt/sys/dev/adb/adb.h#2 integrate
.. //depot/projects/fdt/sys/dev/adb/adb_bus.c#2 integrate
.. //depot/projects/fdt/sys/dev/adb/adb_mouse.c#2 integrate
.. //depot/projects/fdt/sys/dev/amdsbwd/amdsbwd.c#1 branch
.. //depot/projects/fdt/sys/dev/cxgb/common/cxgb_common.h#2 integrate
.. //depot/projects/fdt/sys/dev/cxgb/cxgb_t3fw.h#2 integrate
.. //depot/projects/fdt/sys/dev/cxgb/ulp/tom/cxgb_vm.c#2 integrate
.. //depot/projects/fdt/sys/dev/hatm/if_hatm.c#3 integrate
.. //depot/projects/fdt/sys/dev/hwpmc/hwpmc_mod.c#2 integrate
.. //depot/projects/fdt/sys/dev/hwpmc/hwpmc_x86.c#2 integrate
.. //depot/projects/fdt/sys/dev/ichsmb/ichsmb_pci.c#2 integrate
.. //depot/projects/fdt/sys/dev/if_ndis/if_ndis.c#3 integrate
.. //depot/projects/fdt/sys/dev/iir/iir_ctrl.c#2 integrate
.. //depot/projects/fdt/sys/dev/syscons/sysmouse.c#2 integrate
.. //depot/projects/fdt/sys/dev/uart/uart_core.c#2 integrate
.. //depot/projects/fdt/sys/dev/uart/uart_tty.c#2 integrate
.. //depot/projects/fdt/sys/dev/usb/input/atp.c#3 integrate
.. //depot/projects/fdt/sys/dev/usb/serial/usb_serial.h#2 integrate
.. //depot/projects/fdt/sys/dev/xen/blkfront/blkfront.c#3 integrate
.. //depot/projects/fdt/sys/dev/xen/blkfront/block.h#2 integrate
.. //depot/projects/fdt/sys/dev/xen/netfront/netfront.c#3 integrate
.. //depot/projects/fdt/sys/fs/portalfs/portal_vnops.c#2 integrate
.. //depot/projects/fdt/sys/geom/label/g_label.c#2 integrate
.. //depot/projects/fdt/sys/geom/label/g_label.h#2 integrate
.. //depot/projects/fdt/sys/geom/label/g_label_ext2fs.c#2 integrate
.. //depot/projects/fdt/sys/geom/label/g_label_gpt.c#2 integrate
.. //depot/projects/fdt/sys/geom/label/g_label_iso9660.c#2 integrate
.. //depot/projects/fdt/sys/geom/label/g_label_msdosfs.c#2 integrate
.. //depot/projects/fdt/sys/geom/label/g_label_ntfs.c#2 integrate
.. //depot/projects/fdt/sys/geom/label/g_label_reiserfs.c#2 integrate
.. //depot/projects/fdt/sys/geom/label/g_label_ufs.c#2 integrate
.. //depot/projects/fdt/sys/i386/conf/NOTES#2 integrate
.. //depot/projects/fdt/sys/i386/i386/identcpu.c#3 integrate
.. //depot/projects/fdt/sys/i386/i386/mca.c#2 integrate
.. //depot/projects/fdt/sys/i386/i386/trap.c#3 integrate
.. //depot/projects/fdt/sys/i386/include/mca.h#2 integrate
.. //depot/projects/fdt/sys/i386/include/specialreg.h#2 integrate
.. //depot/projects/fdt/sys/i386/xen/exception.s#2 integrate
.. //depot/projects/fdt/sys/ia64/ia64/interrupt.c#4 integrate
.. //depot/projects/fdt/sys/ia64/ia64/machdep.c#3 integrate
.. //depot/projects/fdt/sys/ia64/ia64/trap.c#4 integrate
.. //depot/projects/fdt/sys/ia64/include/bus.h#2 integrate
.. //depot/projects/fdt/sys/ia64/include/cpufunc.h#2 integrate
.. //depot/projects/fdt/sys/ia64/include/ia64_cpu.h#2 integrate
.. //depot/projects/fdt/sys/ia64/include/pcpu.h#2 integrate
.. //depot/projects/fdt/sys/kern/tty.c#3 integrate
.. //depot/projects/fdt/sys/kern/vfs_acl.c#3 integrate
.. //depot/projects/fdt/sys/mips/mips/trap.c#3 integrate
.. //depot/projects/fdt/sys/modules/Makefile#2 integrate
.. //depot/projects/fdt/sys/modules/amdsbwd/Makefile#1 branch
.. //depot/projects/fdt/sys/net/if.c#4 integrate
.. //depot/projects/fdt/sys/net/if_dead.c#2 integrate
.. //depot/projects/fdt/sys/net/if_var.h#4 integrate
.. //depot/projects/fdt/sys/netinet/in.h#3 integrate
.. //depot/projects/fdt/sys/netinet/ip_carp.c#2 integrate
.. //depot/projects/fdt/sys/netinet/ip_fw.h#2 integrate
.. //depot/projects/fdt/sys/netinet/ipfw/ip_dummynet.c#3 integrate
.. //depot/projects/fdt/sys/netinet/ipfw/ip_fw2.c#2 integrate
.. //depot/projects/fdt/sys/netinet/raw_ip.c#3 integrate
.. //depot/projects/fdt/sys/netinet/sctp_constants.h#3 integrate
.. //depot/projects/fdt/sys/netipsec/ipcomp_var.h#2 integrate
.. //depot/projects/fdt/sys/netipsec/ipsec_mbuf.c#2 integrate
.. //depot/projects/fdt/sys/netipsec/xform_ipcomp.c#2 integrate
.. //depot/projects/fdt/sys/opencrypto/crypto.c#2 integrate
.. //depot/projects/fdt/sys/opencrypto/cryptosoft.c#2 integrate
.. //depot/projects/fdt/sys/opencrypto/deflate.c#2 integrate
.. //depot/projects/fdt/sys/opencrypto/deflate.h#2 integrate
.. //depot/projects/fdt/sys/pc98/conf/NOTES#3 integrate
.. //depot/projects/fdt/sys/powerpc/aim/machdep.c#2 integrate
.. //depot/projects/fdt/sys/powerpc/aim/ofw_machdep.c#2 integrate
.. //depot/projects/fdt/sys/powerpc/aim/trap.c#4 integrate
.. //depot/projects/fdt/sys/powerpc/booke/machdep.c#3 integrate
.. //depot/projects/fdt/sys/powerpc/booke/trap.c#3 integrate
.. //depot/projects/fdt/sys/powerpc/conf/GENERIC#2 integrate
.. //depot/projects/fdt/sys/powerpc/include/cpu.h#2 integrate
.. //depot/projects/fdt/sys/powerpc/include/md_var.h#2 integrate
.. //depot/projects/fdt/sys/powerpc/include/vmparam.h#2 integrate
.. //depot/projects/fdt/sys/powerpc/powerpc/cpu.c#4 integrate
.. //depot/projects/fdt/sys/sparc64/sparc64/trap.c#3 integrate
.. //depot/projects/fdt/sys/sun4v/sun4v/trap.c#3 integrate
.. //depot/projects/fdt/sys/sys/_termios.h#1 branch
.. //depot/projects/fdt/sys/sys/ata.h#4 integrate
.. //depot/projects/fdt/sys/sys/param.h#5 integrate
.. //depot/projects/fdt/sys/sys/sdt.h#2 integrate
.. //depot/projects/fdt/sys/sys/termios.h#2 integrate
.. //depot/projects/fdt/sys/sys/tty.h#2 integrate
.. //depot/projects/fdt/sys/vm/vm_fault.c#5 integrate
.. //depot/projects/fdt/sys/vm/vm_map.h#3 integrate
.. //depot/projects/fdt/tools/regression/bin/sh/builtins/fc1.0#2 integrate
.. //depot/projects/fdt/tools/regression/bin/sh/errors/backquote-error1.0#2 integrate
.. //depot/projects/fdt/tools/regression/bin/sh/execution/redir1.0#1 branch
.. //depot/projects/fdt/tools/regression/bin/sh/execution/redir2.0#1 branch
.. //depot/projects/fdt/tools/regression/environ/Makefile.envctl#2 integrate
.. //depot/projects/fdt/tools/regression/environ/envctl.c#2 integrate
.. //depot/projects/fdt/tools/regression/environ/envtest.t#2 integrate
.. //depot/projects/fdt/usr.bin/ldd/ldd.1#2 integrate
.. //depot/projects/fdt/usr.bin/netstat/if.c#3 integrate
.. //depot/projects/fdt/usr.bin/netstat/ipsec.c#2 integrate
.. //depot/projects/fdt/usr.bin/netstat/main.c#2 integrate
.. //depot/projects/fdt/usr.bin/netstat/netstat.1#2 integrate
.. //depot/projects/fdt/usr.bin/netstat/netstat.h#2 integrate
.. //depot/projects/fdt/usr.bin/unifdef/unifdef.c#3 integrate
.. //depot/projects/fdt/usr.bin/users/Makefile#2 integrate
.. //depot/projects/fdt/usr.bin/users/users.c#2 integrate
.. //depot/projects/fdt/usr.sbin/freebsd-update/freebsd-update.sh#2 integrate
Differences ...
==== //depot/projects/fdt/ObsoleteFiles.inc#3 (text+ko) ====
@@ -1,5 +1,5 @@
#
-# $FreeBSD: src/ObsoleteFiles.inc,v 1.213 2009/11/18 00:56:05 delphij Exp $
+# $FreeBSD: src/ObsoleteFiles.inc,v 1.214 2009/12/02 15:05:26 ume Exp $
#
# This file lists old files (OLD_FILES), libraries (OLD_LIBS) and
# directories (OLD_DIRS) which should get removed at an update. Recently
@@ -14,6 +14,9 @@
# The file is partitioned: OLD_FILES first, then OLD_LIBS and OLD_DIRS last.
#
+# 20091202: unify rc.firewall and rc.firewall6.
+OLD_FILES+=etc/rc.d/ip6fw
+OLD_FILES+=etc/rc.firewall6
# 20091117: removal of rc.early(8) link
OLD_FILES+=usr/share/man/man8/rc.early.8.gz
# 20091027: pselect.3 implemented as syscall
==== //depot/projects/fdt/bin/sh/eval.c#3 (text+ko) ====
@@ -36,7 +36,7 @@
#endif
#endif /* not lint */
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/bin/sh/eval.c,v 1.69 2009/11/22 18:23:30 jilles Exp $");
+__FBSDID("$FreeBSD: src/bin/sh/eval.c,v 1.70 2009/11/29 22:33:59 jilles Exp $");
#include <paths.h>
#include <signal.h>
@@ -883,7 +883,6 @@
#ifdef DEBUG
trputs("normal command: "); trargs(argv);
#endif
- clearredir();
redirect(cmd->ncmd.redirect, 0);
for (sp = varlist.list ; sp ; sp = sp->next)
setvareq(sp->text, VEXPORT|VSTACK);
==== //depot/projects/fdt/bin/sh/redir.c#3 (text+ko) ====
@@ -36,7 +36,7 @@
#endif
#endif /* not lint */
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/bin/sh/redir.c,v 1.28 2009/11/22 18:23:30 jilles Exp $");
+__FBSDID("$FreeBSD: src/bin/sh/redir.c,v 1.29 2009/11/29 22:33:59 jilles Exp $");
#include <sys/types.h>
#include <sys/stat.h>
@@ -63,6 +63,7 @@
#define EMPTY -2 /* marks an unused slot in redirtab */
+#define CLOSED -1 /* fd was not open before redir */
#define PIPESIZE 4096 /* amount of buffering in a pipe */
@@ -101,7 +102,6 @@
struct redirtab *sv = NULL;
int i;
int fd;
- int try;
char memory[10]; /* file descriptors to write to memory */
for (i = 10 ; --i >= 0 ; )
@@ -116,38 +116,30 @@
}
for (n = redir ; n ; n = n->nfile.next) {
fd = n->nfile.fd;
- try = 0;
if ((n->nfile.type == NTOFD || n->nfile.type == NFROMFD) &&
n->ndup.dupfd == fd)
continue; /* redirect from/to same file descriptor */
if ((flags & REDIR_PUSH) && sv->renamed[fd] == EMPTY) {
INTOFF;
-again:
if ((i = fcntl(fd, F_DUPFD, 10)) == -1) {
switch (errno) {
case EBADF:
- if (!try) {
- openredirect(n, memory);
- try++;
- goto again;
- }
- /* FALLTHROUGH*/
+ i = CLOSED;
+ break;
default:
INTON;
error("%d: %s", fd, strerror(errno));
break;
}
- }
- if (!try) {
- sv->renamed[fd] = i;
- }
+ } else
+ (void)fcntl(i, F_SETFD, FD_CLOEXEC);
+ sv->renamed[fd] = i;
INTON;
}
if (fd == 0)
fd0_redirected++;
- if (!try)
- openredirect(n, memory);
+ openredirect(n, memory);
}
if (memory[1])
out1 = &memout;
==== //depot/projects/fdt/contrib/bind9/CHANGES#2 (text+ko) ====
@@ -1,3 +1,9 @@
+ --- 9.6.1-P2 released ---
+
+2772. [security] When validating, track whether pending data was from
+ the additional section or not and only return it if
+ validates as secure. [RT #20438]
+
--- 9.6.1-P1 released ---
2640. [security] A specially crafted update packet will cause named
==== //depot/projects/fdt/contrib/bind9/bin/named/query.c#2 (text+ko) ====
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: query.c,v 1.313.20.7 2009/03/13 01:38:51 marka Exp $ */
+/* $Id: query.c,v 1.313.20.7.12.1 2009/11/18 23:58:04 marka Exp $ */
/*! \file */
@@ -116,6 +116,8 @@
#define DNS_GETDB_NOLOG 0x02U
#define DNS_GETDB_PARTIAL 0x04U
+#define PENDINGOK(x) (((x) & DNS_DBFIND_PENDINGOK) != 0)
+
typedef struct client_additionalctx {
ns_client_t *client;
dns_rdataset_t *rdataset;
@@ -1761,8 +1763,8 @@
*/
if (result == ISC_R_SUCCESS &&
additionaltype == dns_rdatasetadditional_fromcache &&
- (rdataset->trust == dns_trust_pending ||
- rdataset->trust == dns_trust_glue) &&
+ (DNS_TRUST_PENDING(rdataset->trust) ||
+ DNS_TRUST_GLUE(rdataset->trust)) &&
!validate(client, db, fname, rdataset, sigrdataset)) {
dns_rdataset_disassociate(rdataset);
if (dns_rdataset_isassociated(sigrdataset))
@@ -1801,8 +1803,8 @@
*/
if (result == ISC_R_SUCCESS &&
additionaltype == dns_rdatasetadditional_fromcache &&
- (rdataset->trust == dns_trust_pending ||
- rdataset->trust == dns_trust_glue) &&
+ (DNS_TRUST_PENDING(rdataset->trust) ||
+ DNS_TRUST_GLUE(rdataset->trust)) &&
!validate(client, db, fname, rdataset, sigrdataset)) {
dns_rdataset_disassociate(rdataset);
if (dns_rdataset_isassociated(sigrdataset))
@@ -2601,14 +2603,14 @@
/*
* Attempt to validate RRsets that are pending or that are glue.
*/
- if ((rdataset->trust == dns_trust_pending ||
- (sigrdataset != NULL && sigrdataset->trust == dns_trust_pending))
+ if ((DNS_TRUST_PENDING(rdataset->trust) ||
+ (sigrdataset != NULL && DNS_TRUST_PENDING(sigrdataset->trust)))
&& !validate(client, db, fname, rdataset, sigrdataset) &&
- (client->query.dboptions & DNS_DBFIND_PENDINGOK) == 0)
+ !PENDINGOK(client->query.dboptions))
goto cleanup;
- if ((rdataset->trust == dns_trust_glue ||
- (sigrdataset != NULL && sigrdataset->trust == dns_trust_glue)) &&
+ if ((DNS_TRUST_GLUE(rdataset->trust) ||
+ (sigrdataset != NULL && DNS_TRUST_GLUE(sigrdataset->trust))) &&
!validate(client, db, fname, rdataset, sigrdataset) &&
SECURE(client) && WANTDNSSEC(client))
goto cleanup;
@@ -3716,6 +3718,8 @@
dns_rdataset_t *noqname;
isc_boolean_t resuming;
int line = -1;
+ dns_rdataset_t tmprdataset;
+ unsigned int dboptions;
CTRACE("query_find");
@@ -3933,9 +3937,49 @@
/*
* Now look for an answer in the database.
*/
+ dboptions = client->query.dboptions;
+ if (sigrdataset == NULL && client->view->enablednssec) {
+ /*
+ * If the client doesn't want DNSSEC we still want to
+ * look for any data pending validation to save a remote
+ * lookup if possible.
+ */
+ dns_rdataset_init(&tmprdataset);
+ sigrdataset = &tmprdataset;
+ dboptions |= DNS_DBFIND_PENDINGOK;
+ }
+ refind:
result = dns_db_find(db, client->query.qname, version, type,
- client->query.dboptions, client->now,
- &node, fname, rdataset, sigrdataset);
+ dboptions, client->now, &node, fname,
+ rdataset, sigrdataset);
+ /*
+ * If we have found pending data try to validate it.
+ * If the data does not validate as secure and we can't
+ * use the unvalidated data requery the database with
+ * pending disabled to prevent infinite looping.
+ */
+ if (result != ISC_R_SUCCESS || !DNS_TRUST_PENDING(rdataset->trust))
+ goto validation_done;
+ if (validate(client, db, fname, rdataset, sigrdataset))
+ goto validation_done;
+ if (rdataset->trust != dns_trust_pending_answer ||
+ !PENDINGOK(client->query.dboptions)) {
+ dns_rdataset_disassociate(rdataset);
+ if (sigrdataset != NULL &&
+ dns_rdataset_isassociated(sigrdataset))
+ dns_rdataset_disassociate(sigrdataset);
+ if (sigrdataset == &tmprdataset)
+ sigrdataset = NULL;
+ dns_db_detachnode(db, &node);
+ dboptions &= ~DNS_DBFIND_PENDINGOK;
+ goto refind;
+ }
+ validation_done:
+ if (sigrdataset == &tmprdataset) {
+ if (dns_rdataset_isassociated(sigrdataset))
+ dns_rdataset_disassociate(sigrdataset);
+ sigrdataset = NULL;
+ }
resume:
CTRACE("query_find: resume");
==== //depot/projects/fdt/contrib/bind9/lib/dns/api#2 (text+ko) ====
@@ -1,3 +1,3 @@
-LIBINTERFACE = 52
+LIBINTERFACE = 53
LIBREVISION = 0
-LIBAGE = 2
+LIBAGE = 0
==== //depot/projects/fdt/contrib/bind9/lib/dns/include/dns/types.h#2 (text+ko) ====
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: types.h,v 1.130.50.3 2009/01/29 22:40:35 jinmei Exp $ */
+/* $Id: types.h,v 1.130.50.3.12.1 2009/11/18 23:58:04 marka Exp $ */
#ifndef DNS_TYPES_H
#define DNS_TYPES_H 1
@@ -258,40 +258,52 @@
dns_trust_none = 0,
#define dns_trust_none ((dns_trust_t)dns_trust_none)
- /*% Subject to DNSSEC validation but has not yet been validated */
- dns_trust_pending = 1,
-#define dns_trust_pending ((dns_trust_t)dns_trust_pending)
+ /*%
+ * Subject to DNSSEC validation but has not yet been validated
+ * dns_trust_pending_additional (from the additional section).
+ */
+ dns_trust_pending_additional = 1,
+#define dns_trust_pending_additional \
+ ((dns_trust_t)dns_trust_pending_additional)
+
+ dns_trust_pending_answer = 2,
+#define dns_trust_pending_answer ((dns_trust_t)dns_trust_pending_answer)
/*% Received in the additional section of a response. */
- dns_trust_additional = 2,
+ dns_trust_additional = 3,
#define dns_trust_additional ((dns_trust_t)dns_trust_additional)
/* Received in a referral response. */
- dns_trust_glue = 3,
+ dns_trust_glue = 4,
#define dns_trust_glue ((dns_trust_t)dns_trust_glue)
/* Answer from a non-authoritative server */
- dns_trust_answer = 4,
+ dns_trust_answer = 5,
#define dns_trust_answer ((dns_trust_t)dns_trust_answer)
/* Received in the authority section as part of an
authoritative response */
- dns_trust_authauthority = 5,
+ dns_trust_authauthority = 6,
#define dns_trust_authauthority ((dns_trust_t)dns_trust_authauthority)
/* Answer from an authoritative server */
- dns_trust_authanswer = 6,
+ dns_trust_authanswer = 7,
#define dns_trust_authanswer ((dns_trust_t)dns_trust_authanswer)
/* Successfully DNSSEC validated */
- dns_trust_secure = 7,
+ dns_trust_secure = 8,
#define dns_trust_secure ((dns_trust_t)dns_trust_secure)
/* This server is authoritative */
- dns_trust_ultimate = 8
+ dns_trust_ultimate = 9
#define dns_trust_ultimate ((dns_trust_t)dns_trust_ultimate)
};
+#define DNS_TRUST_PENDING(x) ((x) == dns_trust_pending_answer || \
+ (x) == dns_trust_pending_additional)
+#define DNS_TRUST_GLUE(x) ((x) == dns_trust_glue)
+
+
/*%
* Name checking severities.
*/
==== //depot/projects/fdt/contrib/bind9/lib/dns/masterdump.c#2 (text+ko) ====
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: masterdump.c,v 1.94.50.2 2009/01/18 23:47:40 tbox Exp $ */
+/* $Id: masterdump.c,v 1.94.50.2.12.1 2009/11/18 23:58:04 marka Exp $ */
/*! \file */
@@ -775,7 +775,8 @@
static const char *trustnames[] = {
"none",
- "pending",
+ "pending-additional",
+ "pending-answer",
"additional",
"glue",
"answer",
==== //depot/projects/fdt/contrib/bind9/lib/dns/rbtdb.c#2 (text+ko) ====
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: rbtdb.c,v 1.270.12.6 2009/05/06 23:34:30 jinmei Exp $ */
+/* $Id: rbtdb.c,v 1.270.12.6.10.1 2009/11/18 23:58:04 marka Exp $ */
/*! \file */
@@ -4005,7 +4005,7 @@
}
if (dname_header != NULL &&
- (dname_header->trust != dns_trust_pending ||
+ (!DNS_TRUST_PENDING(dname_header->trust) ||
(search->options & DNS_DBFIND_PENDINGOK) != 0)) {
/*
* We increment the reference count on node to ensure that
@@ -4548,7 +4548,7 @@
if (found == NULL ||
(found->trust == dns_trust_glue &&
((options & DNS_DBFIND_GLUEOK) == 0)) ||
- (found->trust == dns_trust_pending &&
+ (DNS_TRUST_PENDING(found->trust) &&
((options & DNS_DBFIND_PENDINGOK) == 0))) {
/*
* If there is an NS rdataset at this node, then this is the
==== //depot/projects/fdt/contrib/bind9/lib/dns/resolver.c#2 (text+ko) ====
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: resolver.c,v 1.384.14.14 2009/06/02 23:47:13 tbox Exp $ */
+/* $Id: resolver.c,v 1.384.14.14.8.1 2009/11/18 23:58:04 marka Exp $ */
/*! \file */
@@ -4293,6 +4293,7 @@
* for it, unless it is glue.
*/
if (secure_domain && rdataset->trust != dns_trust_glue) {
+ dns_trust_t trust;
/*
* RRSIGs are validated as part of validating the
* type they cover.
@@ -4329,12 +4330,34 @@
}
/*
+ * Reject out of bailiwick additional records
+ * without RRSIGs as they can't possibly validate
+ * as "secure" and as we will never never want to
+ * store these as "answers" after validation.
+ */
+ if (rdataset->trust == dns_trust_additional &&
+ sigrdataset == NULL && EXTERNAL(rdataset))
+ continue;
+
+ /*
+ * XXXMPA: If we store as "answer" after validating
+ * then we need to do bailiwick processing and
+ * also need to track whether RRsets are in or
+ * out of bailiwick. This will require a another
+ * pending trust level.
+ *
* Cache this rdataset/sigrdataset pair as
- * pending data.
+ * pending data. Track whether it was additional
+ * or not.
*/
- rdataset->trust = dns_trust_pending;
+ if (rdataset->trust == dns_trust_additional)
+ trust = dns_trust_pending_additional;
+ else
+ trust = dns_trust_pending_answer;
+
+ rdataset->trust = trust;
if (sigrdataset != NULL)
- sigrdataset->trust = dns_trust_pending;
+ sigrdataset->trust = trust;
if (!need_validation || !ANSWER(rdataset)) {
addedrdataset = ardataset;
result = dns_db_addrdataset(fctx->cache, node,
@@ -4682,7 +4705,7 @@
for (trdataset = ISC_LIST_HEAD(tname->list);
trdataset != NULL;
trdataset = ISC_LIST_NEXT(trdataset, link))
- trdataset->trust = dns_trust_pending;
+ trdataset->trust = dns_trust_pending_answer;
result = dns_message_nextname(fctx->rmessage,
DNS_SECTION_AUTHORITY);
}
==== //depot/projects/fdt/contrib/bind9/lib/dns/validator.c#2 (text+ko) ====
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: validator.c,v 1.164.12.9 2009/05/07 23:47:12 tbox Exp $ */
+/* $Id: validator.c,v 1.164.12.9.8.1 2009/11/18 23:58:04 marka Exp $ */
#include <config.h>
@@ -1607,7 +1607,7 @@
* We have an rrset for the given keyname.
*/
val->keyset = &val->frdataset;
- if (val->frdataset.trust == dns_trust_pending &&
+ if (DNS_TRUST_PENDING(val->frdataset.trust) &&
dns_rdataset_isassociated(&val->fsigrdataset))
{
/*
@@ -1622,7 +1622,7 @@
if (result != ISC_R_SUCCESS)
return (result);
return (DNS_R_WAIT);
- } else if (val->frdataset.trust == dns_trust_pending) {
+ } else if (DNS_TRUST_PENDING(val->frdataset.trust)) {
/*
* Having a pending key with no signature means that
* something is broken.
@@ -2243,7 +2243,7 @@
* We have DS records.
*/
val->dsset = &val->frdataset;
- if (val->frdataset.trust == dns_trust_pending &&
+ if (DNS_TRUST_PENDING(val->frdataset.trust) &&
dns_rdataset_isassociated(&val->fsigrdataset))
{
result = create_validator(val,
@@ -2256,7 +2256,7 @@
if (result != ISC_R_SUCCESS)
return (result);
return (DNS_R_WAIT);
- } else if (val->frdataset.trust == dns_trust_pending) {
+ } else if (DNS_TRUST_PENDING(val->frdataset.trust)) {
/*
* There should never be an unsigned DS.
*/
@@ -3337,7 +3337,7 @@
* There is no DS. If this is a delegation,
* we maybe done.
*/
- if (val->frdataset.trust == dns_trust_pending) {
+ if (DNS_TRUST_PENDING(val->frdataset.trust)) {
result = create_fetch(val, tname,
dns_rdatatype_ds,
dsfetched2,
==== //depot/projects/fdt/contrib/bind9/version#2 (text+ko) ====
@@ -1,4 +1,4 @@
-# $Id: version,v 1.43.12.5.8.1 2009/07/28 14:18:08 marka Exp $
+# $Id: version,v 1.43.12.5.8.2 2009/11/18 23:58:04 marka Exp $
#
# This file must follow /bin/sh rules. It is imported directly via
# configure.
@@ -7,4 +7,4 @@
MINORVER=6
PATCHVER=1
RELEASETYPE=-P
-RELEASEVER=1
+RELEASEVER=2
==== //depot/projects/fdt/contrib/bsnmp/snmp_mibII/BEGEMOT-MIB2-MIB.txt#2 (text) ====
@@ -39,7 +39,7 @@
FROM BEGEMOT-IP-MIB;
begemotMib2 MODULE-IDENTITY
- LAST-UPDATED "200602130000Z"
+ LAST-UPDATED "200908030000Z"
ORGANIZATION "German Aerospace Center"
CONTACT-INFO
" Hartmut Brandt
@@ -54,6 +54,12 @@
E-mail: harti at freebsd.org"
DESCRIPTION
"The MIB for private mib2 stuff."
+ REVISION "200908030000Z"
+ DESCRIPTION
+ "Second edition adds begemotIfDataPoll object."
+ REVISION "200602130000Z"
+ DESCRIPTION
+ "Initial revision."
::= { begemotIp 1 }
begemotIfMaxspeed OBJECT-TYPE
@@ -87,4 +93,14 @@
bit rate in its MIB."
::= { begemotMib2 3 }
+begemotIfDataPoll OBJECT-TYPE
+ SYNTAX TimeTicks
+ UNITS "deciseconds"
+ MAX-ACCESS read-write
+ STATUS current
+ DESCRIPTION
+ "The rate at which the mib2 module will poll interface data."
+ DEFVAL { 100 }
+ ::= { begemotMib2 4 }
+
END
==== //depot/projects/fdt/contrib/bsnmp/snmp_mibII/mibII.c#2 (text+ko) ====
@@ -117,6 +117,15 @@
/* HC update timer handle */
static void *hc_update_timer;
+/* Idle poll timer */
+static void *mibII_poll_timer;
+
+/* interfaces' data poll interval */
+u_int mibII_poll_ticks;
+
+/* Idle poll hook */
+static void mibII_idle(void *arg __unused);
+
/*****************************/
static const struct asn_oid oid_ifMIB = OIDX_ifMIB;
@@ -410,6 +419,20 @@
mibif_hc_update_interval = ticks;
}
+/**
+ * Restart the idle poll timer.
+ */
+void
+mibif_restart_mibII_poll_timer(void)
+{
+ if (mibII_poll_timer != NULL)
+ timer_stop(mibII_poll_timer);
+
+ if ((mibII_poll_timer = timer_start_repeat(mibII_poll_ticks * 10,
+ mibII_poll_ticks * 10, mibII_idle, NULL, module)) == NULL)
+ syslog(LOG_ERR, "timer_start(%u): %m", mibII_poll_ticks);
+}
+
/*
* Fetch new MIB data.
*/
@@ -1553,7 +1576,7 @@
* Idle function
*/
static void
-mibII_idle(void)
+mibII_idle(void *arg __unused)
{
struct mibifa *ifa;
@@ -1608,6 +1631,10 @@
ipForward_reg = or_register(&oid_ipForward,
"The MIB module for the display of CIDR multipath IP Routes.",
module);
+
+ mibII_poll_timer = NULL;
+ mibII_poll_ticks = MIBII_POLL_TICKS;
+ mibif_restart_mibII_poll_timer();
}
/*
@@ -1651,6 +1678,11 @@
static int
mibII_fini(void)
{
+ if (mibII_poll_timer != NULL ) {
+ timer_stop(mibII_poll_timer);
+ mibII_poll_timer = NULL;
+ }
+
if (route_fd != NULL)
fd_deselect(route_fd);
if (route != -1)
@@ -1690,7 +1722,7 @@
"This module implements the interface and ip groups.",
mibII_init,
mibII_fini,
- mibII_idle, /* idle */
+ NULL, /* idle */
NULL, /* dump */
NULL, /* config */
mibII_start,
==== //depot/projects/fdt/contrib/bsnmp/snmp_mibII/mibII.h#2 (text+ko) ====
@@ -211,6 +211,14 @@
/* re-compute update interval */
void mibif_reset_hc_timer(void);
+/* interfaces' data poll interval */
+extern u_int mibII_poll_ticks;
+
+/* restart the data poll timer */
+void mibif_restart_mibII_poll_timer(void);
+
+#define MIBII_POLL_TICKS 100
+
/* get interfaces and interface addresses. */
void mib_fetch_interfaces(void);
==== //depot/projects/fdt/contrib/bsnmp/snmp_mibII/mibII_begemot.c#2 (text) ====
@@ -59,6 +59,11 @@
ctx->scratch->int1 = mibif_force_hc_update_interval;
mibif_force_hc_update_interval = value->v.uint32;
return (SNMP_ERR_NOERROR);
+
+ case LEAF_begemotIfDataPoll:
+ ctx->scratch->int1 = mibII_poll_ticks;
+ mibII_poll_ticks = value->v.uint32;
+ return (SNMP_ERR_NOERROR);
}
abort();
@@ -68,6 +73,10 @@
case LEAF_begemotIfForcePoll:
mibif_force_hc_update_interval = ctx->scratch->int1;
return (SNMP_ERR_NOERROR);
+
+ case LEAF_begemotIfDataPoll:
+ mibII_poll_ticks = ctx->scratch->int1;
+ return (SNMP_ERR_NOERROR);
}
abort();
@@ -78,6 +87,10 @@
mibif_force_hc_update_interval = ctx->scratch->int1;
mibif_reset_hc_timer();
return (SNMP_ERR_NOERROR);
+
+ case LEAF_begemotIfDataPoll:
+ mibif_restart_mibII_poll_timer();
+ return (SNMP_ERR_NOERROR);
}
abort();
}
@@ -98,6 +111,10 @@
case LEAF_begemotIfForcePoll:
value->v.uint32 = mibif_force_hc_update_interval;
return (SNMP_ERR_NOERROR);
+
+ case LEAF_begemotIfDataPoll:
+ value->v.uint32 = mibII_poll_ticks;
+ return (SNMP_ERR_NOERROR);
}
abort();
}
==== //depot/projects/fdt/contrib/bsnmp/snmp_mibII/mibII_tree.def#2 (text+ko) ====
@@ -240,6 +240,7 @@
(1 begemotIfMaxspeed COUNTER64 op_begemot_mibII GET)
(2 begemotIfPoll TIMETICKS op_begemot_mibII GET)
(3 begemotIfForcePoll TIMETICKS op_begemot_mibII GET SET)
+ (4 begemotIfDataPoll TIMETICKS op_begemot_mibII GET SET)
)
)
)
==== //depot/projects/fdt/contrib/gcc/config/freebsd-spec.h#2 (text+ko) ====
@@ -18,7 +18,7 @@
the Free Software Foundation, 51 Franklin Street, Fifth Floor,
Boston, MA 02110-1301, USA. */
-/* $FreeBSD: src/contrib/gcc/config/freebsd-spec.h,v 1.26 2009/07/14 21:19:13 kan Exp $ */
+/* $FreeBSD: src/contrib/gcc/config/freebsd-spec.h,v 1.27 2009/12/02 16:34:20 kib Exp $ */
/* Common FreeBSD configuration.
All FreeBSD architectures should include this file, which will specify
@@ -103,9 +103,10 @@
%{p:gcrt1.o%s} \
%{!p: \
%{profile:gcrt1.o%s} \
- %{!profile:crt1.o%s}}}} \
+ %{!profile: \
+ %{pie: Scrt1.o%s;:crt1.o%s}}}}} \
crti.o%s \
- %{static:crtbeginT.o%s;shared:crtbeginS.o%s;:crtbegin.o%s}"
+ %{static:crtbeginT.o%s;shared|pie:crtbeginS.o%s;:crtbegin.o%s}"
/* Provide an ENDFILE_SPEC appropriate for FreeBSD/i386. Here we tack on
our own magical crtend.o file (see crtstuff.c) which provides part of
@@ -113,8 +114,7 @@
entering `main', followed by the normal "finalizer" file, `crtn.o'. */
#define FBSD_ENDFILE_SPEC "\
- %{!shared:crtend.o%s} \
- %{shared:crtendS.o%s} \
+ %{shared|pie:crtendS.o%s;:crtend.o%s} \
crtn.o%s "
/* Provide a LIB_SPEC appropriate for FreeBSD as configured and as
==== //depot/projects/fdt/contrib/groff/tmac/doc-syms#2 (text+ko) ====
@@ -777,6 +777,7 @@
.ds doc-str-Lb-librt \*[Px] \*[doc-str-Lb]Real-time Library (librt, \-lrt)
.ds doc-str-Lb-libtermcap Termcap Access Library (libtermcap, \-ltermcap)
.ds doc-str-Lb-libusbhid USB Human Interface Devices Library (libusbhid, \-lusbhid)
+.ds doc-str-Lb-libulog User Login Record Library (libulog, \-lulog)
.ds doc-str-Lb-libutil System Utilities Library (libutil, \-lutil)
.ds doc-str-Lb-libx86_64 x86_64 Architecture Library (libx86_64, \-lx86_64)
.ds doc-str-Lb-libz Compression Library (libz, \-lz)
==== //depot/projects/fdt/contrib/ntp/ntpd/ntp_io.c#2 (text+ko) ====
@@ -65,6 +65,12 @@
#endif /* IPV6 Multicast Support */
#endif /* IPv6 Support */
+#ifdef INCLUDE_IPV6_SUPPORT
+#include <netinet/in.h>
+#include <net/if_var.h>
+#include <netinet/in_var.h>
+#endif /* !INCLUDE_IPV6_SUPPORT */
+
extern int listen_to_virtual_ips;
extern const char *specific_interface;
@@ -1137,6 +1143,36 @@
>>> TRUNCATED FOR MAIL (1000 lines) <<<
More information about the p4-projects
mailing list