PERFORCE change 171234 for review
Alexander Motin
mav at FreeBSD.org
Tue Dec 1 21:46:23 UTC 2009
http://p4web.freebsd.org/chv.cgi?CH=171234
Change 171234 by mav at mav_mavbook on 2009/12/01 21:45:39
IFC
Affected files ...
.. //depot/projects/scottl-camlock/src/bin/sh/eval.c#8 integrate
.. //depot/projects/scottl-camlock/src/bin/sh/redir.c#4 integrate
.. //depot/projects/scottl-camlock/src/contrib/bind9/CHANGES#6 integrate
.. //depot/projects/scottl-camlock/src/contrib/bind9/bin/named/query.c#4 integrate
.. //depot/projects/scottl-camlock/src/contrib/bind9/lib/dns/api#5 integrate
.. //depot/projects/scottl-camlock/src/contrib/bind9/lib/dns/include/dns/types.h#4 integrate
.. //depot/projects/scottl-camlock/src/contrib/bind9/lib/dns/masterdump.c#4 integrate
.. //depot/projects/scottl-camlock/src/contrib/bind9/lib/dns/rbtdb.c#4 integrate
.. //depot/projects/scottl-camlock/src/contrib/bind9/lib/dns/resolver.c#5 integrate
.. //depot/projects/scottl-camlock/src/contrib/bind9/lib/dns/validator.c#4 integrate
.. //depot/projects/scottl-camlock/src/contrib/bind9/version#6 integrate
.. //depot/projects/scottl-camlock/src/contrib/ntp/ntpd/ntp_io.c#3 integrate
.. //depot/projects/scottl-camlock/src/contrib/telnet/telnet/externs.h#3 integrate
.. //depot/projects/scottl-camlock/src/include/Makefile#8 integrate
.. //depot/projects/scottl-camlock/src/include/termios.h#1 branch
.. //depot/projects/scottl-camlock/src/lib/bind/config.h#4 integrate
.. //depot/projects/scottl-camlock/src/lib/libc/net/sctp_send.3#3 integrate
.. //depot/projects/scottl-camlock/src/lib/libc/net/sctp_sendmsg.3#3 integrate
.. //depot/projects/scottl-camlock/src/lib/libc/stdlib/getenv.c#3 integrate
.. //depot/projects/scottl-camlock/src/lib/libc/string/strcat.3#3 integrate
.. //depot/projects/scottl-camlock/src/lib/libc/sys/setpgid.2#2 integrate
.. //depot/projects/scottl-camlock/src/lib/libthr/Makefile#4 integrate
.. //depot/projects/scottl-camlock/src/libexec/rtld-elf/rtld.c#9 integrate
.. //depot/projects/scottl-camlock/src/libexec/rtld-elf/rtld.h#7 integrate
.. //depot/projects/scottl-camlock/src/share/man/man4/Makefile#16 integrate
.. //depot/projects/scottl-camlock/src/share/man/man4/amdsbwd.4#1 branch
.. //depot/projects/scottl-camlock/src/share/man/man4/ipsec.4#3 integrate
.. //depot/projects/scottl-camlock/src/share/man/man9/ifnet.9#3 integrate
.. //depot/projects/scottl-camlock/src/sys/amd64/amd64/identcpu.c#19 integrate
.. //depot/projects/scottl-camlock/src/sys/amd64/conf/NOTES#22 integrate
.. //depot/projects/scottl-camlock/src/sys/amd64/include/specialreg.h#14 integrate
.. //depot/projects/scottl-camlock/src/sys/compat/svr4/svr4_termios.c#4 integrate
.. //depot/projects/scottl-camlock/src/sys/conf/files#58 integrate
.. //depot/projects/scottl-camlock/src/sys/conf/files.amd64#26 integrate
.. //depot/projects/scottl-camlock/src/sys/conf/files.i386#26 integrate
.. //depot/projects/scottl-camlock/src/sys/dev/adb/adb.h#2 integrate
.. //depot/projects/scottl-camlock/src/sys/dev/adb/adb_bus.c#4 integrate
.. //depot/projects/scottl-camlock/src/sys/dev/adb/adb_mouse.c#2 integrate
.. //depot/projects/scottl-camlock/src/sys/dev/amdsbwd/amdsbwd.c#1 branch
.. //depot/projects/scottl-camlock/src/sys/dev/hatm/if_hatm.c#7 integrate
.. //depot/projects/scottl-camlock/src/sys/dev/hwpmc/hwpmc_mod.c#13 integrate
.. //depot/projects/scottl-camlock/src/sys/dev/syscons/sysmouse.c#11 integrate
.. //depot/projects/scottl-camlock/src/sys/dev/uart/uart_core.c#15 integrate
.. //depot/projects/scottl-camlock/src/sys/dev/uart/uart_tty.c#14 integrate
.. //depot/projects/scottl-camlock/src/sys/dev/usb/input/atp.c#3 integrate
.. //depot/projects/scottl-camlock/src/sys/dev/usb/serial/usb_serial.h#7 integrate
.. //depot/projects/scottl-camlock/src/sys/dev/xen/blkfront/blkfront.c#5 integrate
.. //depot/projects/scottl-camlock/src/sys/dev/xen/blkfront/block.h#2 integrate
.. //depot/projects/scottl-camlock/src/sys/dev/xen/netfront/netfront.c#6 integrate
.. //depot/projects/scottl-camlock/src/sys/geom/label/g_label.c#10 integrate
.. //depot/projects/scottl-camlock/src/sys/geom/label/g_label.h#6 integrate
.. //depot/projects/scottl-camlock/src/sys/geom/label/g_label_ext2fs.c#3 integrate
.. //depot/projects/scottl-camlock/src/sys/geom/label/g_label_gpt.c#3 integrate
.. //depot/projects/scottl-camlock/src/sys/geom/label/g_label_iso9660.c#3 integrate
.. //depot/projects/scottl-camlock/src/sys/geom/label/g_label_msdosfs.c#6 integrate
.. //depot/projects/scottl-camlock/src/sys/geom/label/g_label_ntfs.c#2 integrate
.. //depot/projects/scottl-camlock/src/sys/geom/label/g_label_reiserfs.c#4 integrate
.. //depot/projects/scottl-camlock/src/sys/geom/label/g_label_ufs.c#8 integrate
.. //depot/projects/scottl-camlock/src/sys/i386/conf/NOTES#27 integrate
.. //depot/projects/scottl-camlock/src/sys/i386/i386/identcpu.c#24 integrate
.. //depot/projects/scottl-camlock/src/sys/i386/include/specialreg.h#17 integrate
.. //depot/projects/scottl-camlock/src/sys/ia64/ia64/interrupt.c#16 integrate
.. //depot/projects/scottl-camlock/src/sys/ia64/ia64/machdep.c#20 integrate
.. //depot/projects/scottl-camlock/src/sys/ia64/include/pcpu.h#6 integrate
.. //depot/projects/scottl-camlock/src/sys/kern/tty.c#24 integrate
.. //depot/projects/scottl-camlock/src/sys/modules/Makefile#39 integrate
.. //depot/projects/scottl-camlock/src/sys/modules/amdsbwd/Makefile#1 branch
.. //depot/projects/scottl-camlock/src/sys/net/if.c#38 integrate
.. //depot/projects/scottl-camlock/src/sys/net/if_dead.c#2 integrate
.. //depot/projects/scottl-camlock/src/sys/net/if_var.h#28 integrate
.. //depot/projects/scottl-camlock/src/sys/netipsec/ipcomp_var.h#4 integrate
.. //depot/projects/scottl-camlock/src/sys/netipsec/ipsec_mbuf.c#8 integrate
.. //depot/projects/scottl-camlock/src/sys/netipsec/xform_ipcomp.c#10 integrate
.. //depot/projects/scottl-camlock/src/sys/opencrypto/crypto.c#11 integrate
.. //depot/projects/scottl-camlock/src/sys/opencrypto/cryptosoft.c#10 integrate
.. //depot/projects/scottl-camlock/src/sys/opencrypto/deflate.c#5 integrate
.. //depot/projects/scottl-camlock/src/sys/opencrypto/deflate.h#3 integrate
.. //depot/projects/scottl-camlock/src/sys/powerpc/aim/machdep.c#9 integrate
.. //depot/projects/scottl-camlock/src/sys/powerpc/aim/ofw_machdep.c#5 integrate
.. //depot/projects/scottl-camlock/src/sys/powerpc/booke/machdep.c#7 integrate
.. //depot/projects/scottl-camlock/src/sys/powerpc/conf/GENERIC#23 integrate
.. //depot/projects/scottl-camlock/src/sys/powerpc/include/cpu.h#7 integrate
.. //depot/projects/scottl-camlock/src/sys/powerpc/include/md_var.h#8 integrate
.. //depot/projects/scottl-camlock/src/sys/powerpc/powerpc/cpu.c#14 integrate
.. //depot/projects/scottl-camlock/src/sys/sys/_termios.h#1 branch
.. //depot/projects/scottl-camlock/src/sys/sys/sdt.h#2 integrate
.. //depot/projects/scottl-camlock/src/sys/sys/termios.h#6 integrate
.. //depot/projects/scottl-camlock/src/sys/sys/tty.h#11 integrate
.. //depot/projects/scottl-camlock/src/sys/vm/vm_fault.c#30 integrate
.. //depot/projects/scottl-camlock/src/tools/regression/bin/sh/builtins/fc1.0#2 integrate
.. //depot/projects/scottl-camlock/src/tools/regression/bin/sh/errors/backquote-error1.0#2 integrate
.. //depot/projects/scottl-camlock/src/tools/regression/bin/sh/execution/redir1.0#1 branch
.. //depot/projects/scottl-camlock/src/tools/regression/bin/sh/execution/redir2.0#1 branch
.. //depot/projects/scottl-camlock/src/tools/regression/environ/Makefile.envctl#2 integrate
.. //depot/projects/scottl-camlock/src/tools/regression/environ/envctl.c#2 integrate
.. //depot/projects/scottl-camlock/src/tools/regression/environ/envtest.t#2 integrate
.. //depot/projects/scottl-camlock/src/usr.bin/ldd/ldd.1#3 integrate
.. //depot/projects/scottl-camlock/src/usr.bin/netstat/if.c#4 integrate
.. //depot/projects/scottl-camlock/src/usr.bin/netstat/ipsec.c#3 integrate
.. //depot/projects/scottl-camlock/src/usr.bin/netstat/main.c#5 integrate
.. //depot/projects/scottl-camlock/src/usr.bin/netstat/netstat.1#6 integrate
.. //depot/projects/scottl-camlock/src/usr.bin/netstat/netstat.h#5 integrate
Differences ...
==== //depot/projects/scottl-camlock/src/bin/sh/eval.c#8 (text+ko) ====
@@ -36,7 +36,7 @@
#endif
#endif /* not lint */
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/bin/sh/eval.c,v 1.69 2009/11/22 18:23:30 jilles Exp $");
+__FBSDID("$FreeBSD: src/bin/sh/eval.c,v 1.70 2009/11/29 22:33:59 jilles Exp $");
#include <paths.h>
#include <signal.h>
@@ -883,7 +883,6 @@
#ifdef DEBUG
trputs("normal command: "); trargs(argv);
#endif
- clearredir();
redirect(cmd->ncmd.redirect, 0);
for (sp = varlist.list ; sp ; sp = sp->next)
setvareq(sp->text, VEXPORT|VSTACK);
==== //depot/projects/scottl-camlock/src/bin/sh/redir.c#4 (text+ko) ====
@@ -36,7 +36,7 @@
#endif
#endif /* not lint */
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/bin/sh/redir.c,v 1.28 2009/11/22 18:23:30 jilles Exp $");
+__FBSDID("$FreeBSD: src/bin/sh/redir.c,v 1.29 2009/11/29 22:33:59 jilles Exp $");
#include <sys/types.h>
#include <sys/stat.h>
@@ -63,6 +63,7 @@
#define EMPTY -2 /* marks an unused slot in redirtab */
+#define CLOSED -1 /* fd was not open before redir */
#define PIPESIZE 4096 /* amount of buffering in a pipe */
@@ -101,7 +102,6 @@
struct redirtab *sv = NULL;
int i;
int fd;
- int try;
char memory[10]; /* file descriptors to write to memory */
for (i = 10 ; --i >= 0 ; )
@@ -116,38 +116,30 @@
}
for (n = redir ; n ; n = n->nfile.next) {
fd = n->nfile.fd;
- try = 0;
if ((n->nfile.type == NTOFD || n->nfile.type == NFROMFD) &&
n->ndup.dupfd == fd)
continue; /* redirect from/to same file descriptor */
if ((flags & REDIR_PUSH) && sv->renamed[fd] == EMPTY) {
INTOFF;
-again:
if ((i = fcntl(fd, F_DUPFD, 10)) == -1) {
switch (errno) {
case EBADF:
- if (!try) {
- openredirect(n, memory);
- try++;
- goto again;
- }
- /* FALLTHROUGH*/
+ i = CLOSED;
+ break;
default:
INTON;
error("%d: %s", fd, strerror(errno));
break;
}
- }
- if (!try) {
- sv->renamed[fd] = i;
- }
+ } else
+ (void)fcntl(i, F_SETFD, FD_CLOEXEC);
+ sv->renamed[fd] = i;
INTON;
}
if (fd == 0)
fd0_redirected++;
- if (!try)
- openredirect(n, memory);
+ openredirect(n, memory);
}
if (memory[1])
out1 = &memout;
==== //depot/projects/scottl-camlock/src/contrib/bind9/CHANGES#6 (text+ko) ====
@@ -1,3 +1,9 @@
+ --- 9.6.1-P2 released ---
+
+2772. [security] When validating, track whether pending data was from
+ the additional section or not and only return it if
+ validates as secure. [RT #20438]
+
--- 9.6.1-P1 released ---
2640. [security] A specially crafted update packet will cause named
==== //depot/projects/scottl-camlock/src/contrib/bind9/bin/named/query.c#4 (text+ko) ====
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: query.c,v 1.313.20.7 2009/03/13 01:38:51 marka Exp $ */
+/* $Id: query.c,v 1.313.20.7.12.1 2009/11/18 23:58:04 marka Exp $ */
/*! \file */
@@ -116,6 +116,8 @@
#define DNS_GETDB_NOLOG 0x02U
#define DNS_GETDB_PARTIAL 0x04U
+#define PENDINGOK(x) (((x) & DNS_DBFIND_PENDINGOK) != 0)
+
typedef struct client_additionalctx {
ns_client_t *client;
dns_rdataset_t *rdataset;
@@ -1761,8 +1763,8 @@
*/
if (result == ISC_R_SUCCESS &&
additionaltype == dns_rdatasetadditional_fromcache &&
- (rdataset->trust == dns_trust_pending ||
- rdataset->trust == dns_trust_glue) &&
+ (DNS_TRUST_PENDING(rdataset->trust) ||
+ DNS_TRUST_GLUE(rdataset->trust)) &&
!validate(client, db, fname, rdataset, sigrdataset)) {
dns_rdataset_disassociate(rdataset);
if (dns_rdataset_isassociated(sigrdataset))
@@ -1801,8 +1803,8 @@
*/
if (result == ISC_R_SUCCESS &&
additionaltype == dns_rdatasetadditional_fromcache &&
- (rdataset->trust == dns_trust_pending ||
- rdataset->trust == dns_trust_glue) &&
+ (DNS_TRUST_PENDING(rdataset->trust) ||
+ DNS_TRUST_GLUE(rdataset->trust)) &&
!validate(client, db, fname, rdataset, sigrdataset)) {
dns_rdataset_disassociate(rdataset);
if (dns_rdataset_isassociated(sigrdataset))
@@ -2601,14 +2603,14 @@
/*
* Attempt to validate RRsets that are pending or that are glue.
*/
- if ((rdataset->trust == dns_trust_pending ||
- (sigrdataset != NULL && sigrdataset->trust == dns_trust_pending))
+ if ((DNS_TRUST_PENDING(rdataset->trust) ||
+ (sigrdataset != NULL && DNS_TRUST_PENDING(sigrdataset->trust)))
&& !validate(client, db, fname, rdataset, sigrdataset) &&
- (client->query.dboptions & DNS_DBFIND_PENDINGOK) == 0)
+ !PENDINGOK(client->query.dboptions))
goto cleanup;
- if ((rdataset->trust == dns_trust_glue ||
- (sigrdataset != NULL && sigrdataset->trust == dns_trust_glue)) &&
+ if ((DNS_TRUST_GLUE(rdataset->trust) ||
+ (sigrdataset != NULL && DNS_TRUST_GLUE(sigrdataset->trust))) &&
!validate(client, db, fname, rdataset, sigrdataset) &&
SECURE(client) && WANTDNSSEC(client))
goto cleanup;
@@ -3716,6 +3718,8 @@
dns_rdataset_t *noqname;
isc_boolean_t resuming;
int line = -1;
+ dns_rdataset_t tmprdataset;
+ unsigned int dboptions;
CTRACE("query_find");
@@ -3933,9 +3937,49 @@
/*
* Now look for an answer in the database.
*/
+ dboptions = client->query.dboptions;
+ if (sigrdataset == NULL && client->view->enablednssec) {
+ /*
+ * If the client doesn't want DNSSEC we still want to
+ * look for any data pending validation to save a remote
+ * lookup if possible.
+ */
+ dns_rdataset_init(&tmprdataset);
+ sigrdataset = &tmprdataset;
+ dboptions |= DNS_DBFIND_PENDINGOK;
+ }
+ refind:
result = dns_db_find(db, client->query.qname, version, type,
- client->query.dboptions, client->now,
- &node, fname, rdataset, sigrdataset);
+ dboptions, client->now, &node, fname,
+ rdataset, sigrdataset);
+ /*
+ * If we have found pending data try to validate it.
+ * If the data does not validate as secure and we can't
+ * use the unvalidated data requery the database with
+ * pending disabled to prevent infinite looping.
+ */
+ if (result != ISC_R_SUCCESS || !DNS_TRUST_PENDING(rdataset->trust))
+ goto validation_done;
+ if (validate(client, db, fname, rdataset, sigrdataset))
+ goto validation_done;
+ if (rdataset->trust != dns_trust_pending_answer ||
+ !PENDINGOK(client->query.dboptions)) {
+ dns_rdataset_disassociate(rdataset);
+ if (sigrdataset != NULL &&
+ dns_rdataset_isassociated(sigrdataset))
+ dns_rdataset_disassociate(sigrdataset);
+ if (sigrdataset == &tmprdataset)
+ sigrdataset = NULL;
+ dns_db_detachnode(db, &node);
+ dboptions &= ~DNS_DBFIND_PENDINGOK;
+ goto refind;
+ }
+ validation_done:
+ if (sigrdataset == &tmprdataset) {
+ if (dns_rdataset_isassociated(sigrdataset))
+ dns_rdataset_disassociate(sigrdataset);
+ sigrdataset = NULL;
+ }
resume:
CTRACE("query_find: resume");
==== //depot/projects/scottl-camlock/src/contrib/bind9/lib/dns/api#5 (text+ko) ====
@@ -1,3 +1,3 @@
-LIBINTERFACE = 52
+LIBINTERFACE = 53
LIBREVISION = 0
-LIBAGE = 2
+LIBAGE = 0
==== //depot/projects/scottl-camlock/src/contrib/bind9/lib/dns/include/dns/types.h#4 (text+ko) ====
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: types.h,v 1.130.50.3 2009/01/29 22:40:35 jinmei Exp $ */
+/* $Id: types.h,v 1.130.50.3.12.1 2009/11/18 23:58:04 marka Exp $ */
#ifndef DNS_TYPES_H
#define DNS_TYPES_H 1
@@ -258,40 +258,52 @@
dns_trust_none = 0,
#define dns_trust_none ((dns_trust_t)dns_trust_none)
- /*% Subject to DNSSEC validation but has not yet been validated */
- dns_trust_pending = 1,
-#define dns_trust_pending ((dns_trust_t)dns_trust_pending)
+ /*%
+ * Subject to DNSSEC validation but has not yet been validated
+ * dns_trust_pending_additional (from the additional section).
+ */
+ dns_trust_pending_additional = 1,
+#define dns_trust_pending_additional \
+ ((dns_trust_t)dns_trust_pending_additional)
+
+ dns_trust_pending_answer = 2,
+#define dns_trust_pending_answer ((dns_trust_t)dns_trust_pending_answer)
/*% Received in the additional section of a response. */
- dns_trust_additional = 2,
+ dns_trust_additional = 3,
#define dns_trust_additional ((dns_trust_t)dns_trust_additional)
/* Received in a referral response. */
- dns_trust_glue = 3,
+ dns_trust_glue = 4,
#define dns_trust_glue ((dns_trust_t)dns_trust_glue)
/* Answer from a non-authoritative server */
- dns_trust_answer = 4,
+ dns_trust_answer = 5,
#define dns_trust_answer ((dns_trust_t)dns_trust_answer)
/* Received in the authority section as part of an
authoritative response */
- dns_trust_authauthority = 5,
+ dns_trust_authauthority = 6,
#define dns_trust_authauthority ((dns_trust_t)dns_trust_authauthority)
/* Answer from an authoritative server */
- dns_trust_authanswer = 6,
+ dns_trust_authanswer = 7,
#define dns_trust_authanswer ((dns_trust_t)dns_trust_authanswer)
/* Successfully DNSSEC validated */
- dns_trust_secure = 7,
+ dns_trust_secure = 8,
#define dns_trust_secure ((dns_trust_t)dns_trust_secure)
/* This server is authoritative */
- dns_trust_ultimate = 8
+ dns_trust_ultimate = 9
#define dns_trust_ultimate ((dns_trust_t)dns_trust_ultimate)
};
+#define DNS_TRUST_PENDING(x) ((x) == dns_trust_pending_answer || \
+ (x) == dns_trust_pending_additional)
+#define DNS_TRUST_GLUE(x) ((x) == dns_trust_glue)
+
+
/*%
* Name checking severities.
*/
==== //depot/projects/scottl-camlock/src/contrib/bind9/lib/dns/masterdump.c#4 (text+ko) ====
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: masterdump.c,v 1.94.50.2 2009/01/18 23:47:40 tbox Exp $ */
+/* $Id: masterdump.c,v 1.94.50.2.12.1 2009/11/18 23:58:04 marka Exp $ */
/*! \file */
@@ -775,7 +775,8 @@
static const char *trustnames[] = {
"none",
- "pending",
+ "pending-additional",
+ "pending-answer",
"additional",
"glue",
"answer",
==== //depot/projects/scottl-camlock/src/contrib/bind9/lib/dns/rbtdb.c#4 (text+ko) ====
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: rbtdb.c,v 1.270.12.6 2009/05/06 23:34:30 jinmei Exp $ */
+/* $Id: rbtdb.c,v 1.270.12.6.10.1 2009/11/18 23:58:04 marka Exp $ */
/*! \file */
@@ -4005,7 +4005,7 @@
}
if (dname_header != NULL &&
- (dname_header->trust != dns_trust_pending ||
+ (!DNS_TRUST_PENDING(dname_header->trust) ||
(search->options & DNS_DBFIND_PENDINGOK) != 0)) {
/*
* We increment the reference count on node to ensure that
@@ -4548,7 +4548,7 @@
if (found == NULL ||
(found->trust == dns_trust_glue &&
((options & DNS_DBFIND_GLUEOK) == 0)) ||
- (found->trust == dns_trust_pending &&
+ (DNS_TRUST_PENDING(found->trust) &&
((options & DNS_DBFIND_PENDINGOK) == 0))) {
/*
* If there is an NS rdataset at this node, then this is the
==== //depot/projects/scottl-camlock/src/contrib/bind9/lib/dns/resolver.c#5 (text+ko) ====
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: resolver.c,v 1.384.14.14 2009/06/02 23:47:13 tbox Exp $ */
+/* $Id: resolver.c,v 1.384.14.14.8.1 2009/11/18 23:58:04 marka Exp $ */
/*! \file */
@@ -4293,6 +4293,7 @@
* for it, unless it is glue.
*/
if (secure_domain && rdataset->trust != dns_trust_glue) {
+ dns_trust_t trust;
/*
* RRSIGs are validated as part of validating the
* type they cover.
@@ -4329,12 +4330,34 @@
}
/*
+ * Reject out of bailiwick additional records
+ * without RRSIGs as they can't possibly validate
+ * as "secure" and as we will never never want to
+ * store these as "answers" after validation.
+ */
+ if (rdataset->trust == dns_trust_additional &&
+ sigrdataset == NULL && EXTERNAL(rdataset))
+ continue;
+
+ /*
+ * XXXMPA: If we store as "answer" after validating
+ * then we need to do bailiwick processing and
+ * also need to track whether RRsets are in or
+ * out of bailiwick. This will require a another
+ * pending trust level.
+ *
* Cache this rdataset/sigrdataset pair as
- * pending data.
+ * pending data. Track whether it was additional
+ * or not.
*/
- rdataset->trust = dns_trust_pending;
+ if (rdataset->trust == dns_trust_additional)
+ trust = dns_trust_pending_additional;
+ else
+ trust = dns_trust_pending_answer;
+
+ rdataset->trust = trust;
if (sigrdataset != NULL)
- sigrdataset->trust = dns_trust_pending;
+ sigrdataset->trust = trust;
if (!need_validation || !ANSWER(rdataset)) {
addedrdataset = ardataset;
result = dns_db_addrdataset(fctx->cache, node,
@@ -4682,7 +4705,7 @@
for (trdataset = ISC_LIST_HEAD(tname->list);
trdataset != NULL;
trdataset = ISC_LIST_NEXT(trdataset, link))
- trdataset->trust = dns_trust_pending;
+ trdataset->trust = dns_trust_pending_answer;
result = dns_message_nextname(fctx->rmessage,
DNS_SECTION_AUTHORITY);
}
==== //depot/projects/scottl-camlock/src/contrib/bind9/lib/dns/validator.c#4 (text+ko) ====
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: validator.c,v 1.164.12.9 2009/05/07 23:47:12 tbox Exp $ */
+/* $Id: validator.c,v 1.164.12.9.8.1 2009/11/18 23:58:04 marka Exp $ */
#include <config.h>
@@ -1607,7 +1607,7 @@
* We have an rrset for the given keyname.
*/
val->keyset = &val->frdataset;
- if (val->frdataset.trust == dns_trust_pending &&
+ if (DNS_TRUST_PENDING(val->frdataset.trust) &&
dns_rdataset_isassociated(&val->fsigrdataset))
{
/*
@@ -1622,7 +1622,7 @@
if (result != ISC_R_SUCCESS)
return (result);
return (DNS_R_WAIT);
- } else if (val->frdataset.trust == dns_trust_pending) {
+ } else if (DNS_TRUST_PENDING(val->frdataset.trust)) {
/*
* Having a pending key with no signature means that
* something is broken.
@@ -2243,7 +2243,7 @@
* We have DS records.
*/
val->dsset = &val->frdataset;
- if (val->frdataset.trust == dns_trust_pending &&
+ if (DNS_TRUST_PENDING(val->frdataset.trust) &&
dns_rdataset_isassociated(&val->fsigrdataset))
{
result = create_validator(val,
@@ -2256,7 +2256,7 @@
if (result != ISC_R_SUCCESS)
return (result);
return (DNS_R_WAIT);
- } else if (val->frdataset.trust == dns_trust_pending) {
+ } else if (DNS_TRUST_PENDING(val->frdataset.trust)) {
/*
* There should never be an unsigned DS.
*/
@@ -3337,7 +3337,7 @@
* There is no DS. If this is a delegation,
* we maybe done.
*/
- if (val->frdataset.trust == dns_trust_pending) {
+ if (DNS_TRUST_PENDING(val->frdataset.trust)) {
result = create_fetch(val, tname,
dns_rdatatype_ds,
dsfetched2,
==== //depot/projects/scottl-camlock/src/contrib/bind9/version#6 (text+ko) ====
@@ -1,4 +1,4 @@
-# $Id: version,v 1.43.12.5.8.1 2009/07/28 14:18:08 marka Exp $
+# $Id: version,v 1.43.12.5.8.2 2009/11/18 23:58:04 marka Exp $
#
# This file must follow /bin/sh rules. It is imported directly via
# configure.
@@ -7,4 +7,4 @@
MINORVER=6
PATCHVER=1
RELEASETYPE=-P
-RELEASEVER=1
+RELEASEVER=2
==== //depot/projects/scottl-camlock/src/contrib/ntp/ntpd/ntp_io.c#3 (text+ko) ====
@@ -65,6 +65,12 @@
#endif /* IPV6 Multicast Support */
#endif /* IPv6 Support */
+#ifdef INCLUDE_IPV6_SUPPORT
+#include <netinet/in.h>
+#include <net/if_var.h>
+#include <netinet/in_var.h>
+#endif /* !INCLUDE_IPV6_SUPPORT */
+
extern int listen_to_virtual_ips;
extern const char *specific_interface;
@@ -1137,6 +1143,36 @@
}
#endif /* OS_NEEDS_REUSEADDR_FOR_IFADDRBIND */
+#ifdef INCLUDE_IPV6_SUPPORT
+static isc_boolean_t
+is_anycast(struct sockaddr *sa, char *name)
+{
+#if defined(SIOCGIFAFLAG_IN6) && defined(IN6_IFF_ANYCAST)
+ struct in6_ifreq ifr6;
+ int fd;
+ u_int32_t flags6;
+
+ if (sa->sa_family != AF_INET6)
+ return ISC_FALSE;
+ if ((fd = socket(AF_INET6, SOCK_DGRAM, 0)) < 0)
+ return ISC_FALSE;
+ memset(&ifr6, 0, sizeof(ifr6));
+ memcpy(&ifr6.ifr_addr, (struct sockaddr_in6 *)sa,
+ sizeof(struct sockaddr_in6));
+ strlcpy(ifr6.ifr_name, name, IF_NAMESIZE);
+ if (ioctl(fd, SIOCGIFAFLAG_IN6, &ifr6) < 0) {
+ close(fd);
+ return ISC_FALSE;
+ }
+ close(fd);
+ flags6 = ifr6.ifr_ifru.ifru_flags6;
+ if ((flags6 & IN6_IFF_ANYCAST) != 0)
+ return ISC_TRUE;
+#endif /* !SIOCGIFAFLAG_IN6 || !IN6_IFF_ANYCAST */
+ return ISC_FALSE;
+}
+#endif /* !INCLUDE_IPV6_SUPPORT */
+
/*
* update_interface strategy
*
@@ -1276,6 +1312,11 @@
if (is_wildcard_addr(&interface.sin))
continue;
+#ifdef INCLUDE_IPV6_SUPPORT
+ if (is_anycast((struct sockaddr *)&interface.sin, isc_if.name))
+ continue;
+#endif /* !INCLUDE_IPV6_SUPPORT */
+
/*
* map to local *address* in order
* to map all duplicate interfaces to an interface structure
==== //depot/projects/scottl-camlock/src/contrib/telnet/telnet/externs.h#3 (text+ko) ====
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*
* @(#)externs.h 8.3 (Berkeley) 5/30/95
- * $FreeBSD: src/contrib/telnet/telnet/externs.h,v 1.11 2007/07/01 12:08:04 gnn Exp $
+ * $FreeBSD: src/contrib/telnet/telnet/externs.h,v 1.12 2009/11/28 11:57:25 ed Exp $
*/
#ifndef BSD
@@ -57,7 +57,7 @@
#include <errno.h>
#ifdef USE_TERMIO
# ifndef VINTR
-# include <sys/termios.h>
+# include <termios.h>
# endif
# define termio termios
#endif
==== //depot/projects/scottl-camlock/src/include/Makefile#8 (text+ko) ====
@@ -1,5 +1,5 @@
# @(#)Makefile 8.2 (Berkeley) 1/4/94
-# $FreeBSD: src/include/Makefile,v 1.291 2009/08/13 23:18:45 scottl Exp $
+# $FreeBSD: src/include/Makefile,v 1.292 2009/11/28 23:50:48 ed Exp $
#
# Doing a "make install" builds /usr/include.
@@ -21,7 +21,7 @@
res_update.h resolv.h runetype.h search.h setjmp.h \
signal.h spawn.h stab.h \
stdbool.h stddef.h stdio.h stdlib.h string.h stringlist.h \
- strings.h sysexits.h tar.h tgmath.h \
+ strings.h sysexits.h tar.h termios.h tgmath.h \
time.h timeconv.h timers.h ttyent.h \
ulimit.h unistd.h utime.h utmp.h uuid.h varargs.h vis.h wchar.h \
wctype.h wordexp.h
@@ -31,7 +31,7 @@
PHDRS= sched.h semaphore.h _semaphore.h
LHDRS= aio.h errno.h fcntl.h linker_set.h poll.h stdint.h syslog.h \
- termios.h ucontext.h
+ ucontext.h
LDIRS= bsm cam geom net net80211 netatalk netgraph netinet netinet6 \
netipsec ${_netipx} netnatm ${_netncp} netsmb \
==== //depot/projects/scottl-camlock/src/lib/bind/config.h#4 (text+ko) ====
@@ -1,4 +1,4 @@
-/* $FreeBSD: src/lib/bind/config.h,v 1.11 2009/05/31 05:42:58 dougb Exp $ */
+/* $FreeBSD: src/lib/bind/config.h,v 1.12 2009/11/30 03:38:34 dougb Exp $ */
/* config.h. Generated from config.h.in by configure. */
/* config.h.in. Generated from configure.in by autoheader. */
@@ -277,6 +277,10 @@
/* Define to 1 if you have the <unistd.h> header file. */
#define HAVE_UNISTD_H 1
+/* Define to the sub-directory in which libtool stores uninstalled libraries.
+ */
+#define LT_OBJDIR ".libs/"
+
/* Defined if extern char *optarg is not declared. */
/* #undef NEED_OPTARG */
==== //depot/projects/scottl-camlock/src/lib/libc/net/sctp_send.3#3 (text+ko) ====
@@ -29,7 +29,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $FreeBSD: src/lib/libc/net/sctp_send.3,v 1.4 2007/09/25 16:48:08 brueffer Exp $
+.\" $FreeBSD: src/lib/libc/net/sctp_send.3,v 1.5 2009/11/28 11:27:37 danger Exp $
.\"
.Dd December 15, 2006
.Dt SCTP_SEND 3
@@ -111,7 +111,7 @@
argument is an opaque 32 bit value that is passed transparently
through the stack to the peer endpoint. It will be available on
reception of a message (see
-.Xr sctp_recvmsg 2 ) .
+.Xr sctp_recvmsg 3 ) .
Note that the stack passes this value without regard to byte
order.
.Pp
==== //depot/projects/scottl-camlock/src/lib/libc/net/sctp_sendmsg.3#3 (text+ko) ====
@@ -30,7 +30,7 @@
.\" SUCH DAMAGE.
.\"
.\" From: @(#)send.2 8.2 (Berkeley) 2/21/94
-.\" $FreeBSD: src/lib/libc/net/sctp_sendmsg.3,v 1.4 2007/09/25 16:48:08 brueffer Exp $
+.\" $FreeBSD: src/lib/libc/net/sctp_sendmsg.3,v 1.5 2009/11/28 11:27:37 danger Exp $
.\"
.Dd December 15, 2006
.Dt SCTP_SENDMSG 3
@@ -103,13 +103,13 @@
the message is not transmitted.
.Pp
No indication of failure to deliver is implicit in a
-.Xr sctp_sendmsg 2
+.Xr sctp_sendmsg 3
call.
Locally detected errors are indicated by a return value of -1.
.Pp
If no space is available at the socket to hold
the message to be transmitted, then
-.Xr sctp_sendmsg 2
+.Xr sctp_sendmsg 3
normally blocks, unless the socket has been placed in
non-blocking I/O mode.
The
@@ -123,7 +123,7 @@
through the stack to the peer endpoint.
It will be available on
reception of a message (see
-.Xr sctp_recvmsg 2 ) .
+.Xr sctp_recvmsg 3 ) .
Note that the stack passes this value without regard to byte
order.
.Pp
==== //depot/projects/scottl-camlock/src/lib/libc/stdlib/getenv.c#3 (text+ko) ====
@@ -25,7 +25,7 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/lib/libc/stdlib/getenv.c,v 1.15 2008/08/03 22:47:23 scf Exp $");
+__FBSDID("$FreeBSD: src/lib/libc/stdlib/getenv.c,v 1.17 2009/12/01 06:42:47 green Exp $");
#include "namespace.h"
==== //depot/projects/scottl-camlock/src/lib/libc/string/strcat.3#3 (text+ko) ====
@@ -30,13 +30,14 @@
.\" SUCH DAMAGE.
.\"
.\" @(#)strcat.3 8.1 (Berkeley) 6/4/93
-.\" $FreeBSD: src/lib/libc/string/strcat.3,v 1.16 2009/04/07 13:42:53 trasz Exp $
+.\" $FreeBSD: src/lib/libc/string/strcat.3,v 1.17 2009/12/01 07:28:56 brueffer Exp $
.\"
-.Dd June 4, 1993
+.Dd December 1, 2009
.Dt STRCAT 3
.Os
.Sh NAME
-.Nm strcat
+.Nm strcat ,
+.Nm strncat
.Nd concatenate strings
.Sh LIBRARY
.Lb libc
==== //depot/projects/scottl-camlock/src/lib/libc/sys/setpgid.2#2 (text+ko) ====
@@ -26,7 +26,7 @@
.\" SUCH DAMAGE.
.\"
.\" @(#)setpgid.2 8.1 (Berkeley) 6/4/93
-.\" $FreeBSD: src/lib/libc/sys/setpgid.2,v 1.16 2007/01/09 00:28:15 imp Exp $
+.\" $FreeBSD: src/lib/libc/sys/setpgid.2,v 1.17 2009/12/01 06:12:31 keramida Exp $
.\"
.Dd February 8, 2004
.Dt SETPGID 2
@@ -54,6 +54,11 @@
If
.Fa pid
is zero, then the call applies to the current process.
+If
+.Fa pgrp
+is zero, then the process id of the process specified by
+.Fa pid
+is used instead.
.Pp
If the affected process is not the invoking process, then it must be a
child of the invoking process, it must not have performed an
==== //depot/projects/scottl-camlock/src/lib/libthr/Makefile#4 (text+ko) ====
@@ -1,4 +1,4 @@
-# $FreeBSD: src/lib/libthr/Makefile,v 1.41 2009/11/26 14:01:14 kib Exp $
+# $FreeBSD: src/lib/libthr/Makefile,v 1.42 2009/11/28 14:34:28 kib Exp $
#
# All library objects contain FreeBSD revision strings by default; they may be
# excluded as a space-saving measure. To produce a library that does
@@ -25,7 +25,7 @@
CFLAGS+=-I${.CURDIR}/../../libexec/rtld-elf/${MACHINE_ARCH}
CFLAGS+=-I${.CURDIR}/../libthread_db
CFLAGS+=-Winline
-LDFLAGS+=-Wl,-znodelete -Wl,-znodlopen
+LDFLAGS+=-Wl,-znodelete
VERSION_DEF=${.CURDIR}/../libc/Versions.def
SYMBOL_MAPS=${.CURDIR}/pthread.map
==== //depot/projects/scottl-camlock/src/libexec/rtld-elf/rtld.c#9 (text+ko) ====
@@ -23,7 +23,7 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
- * $FreeBSD: src/libexec/rtld-elf/rtld.c,v 1.143 2009/11/26 13:57:20 kib Exp $
+ * $FreeBSD: src/libexec/rtld-elf/rtld.c,v 1.145 2009/12/01 02:57:06 cperciva Exp $
*/
/*
@@ -366,12 +366,12 @@
* future processes to honor the potentially un-safe variables.
*/
if (!trust) {
- unsetenv(LD_ "PRELOAD");
- unsetenv(LD_ "LIBMAP");
- unsetenv(LD_ "LIBRARY_PATH");
- unsetenv(LD_ "LIBMAP_DISABLE");
- unsetenv(LD_ "DEBUG");
- unsetenv(LD_ "ELF_HINTS_PATH");
+ if (unsetenv(LD_ "PRELOAD") || unsetenv(LD_ "LIBMAP") ||
+ unsetenv(LD_ "LIBRARY_PATH") || unsetenv(LD_ "LIBMAP_DISABLE") ||
+ unsetenv(LD_ "DEBUG") || unsetenv(LD_ "ELF_HINTS_PATH")) {
+ _rtld_error("environment corrupt; aborting");
+ die();
+ }
}
ld_debug = getenv(LD_ "DEBUG");
libmap_disable = getenv(LD_ "LIBMAP_DISABLE") != NULL;
@@ -1571,9 +1571,10 @@
object_add_name(obj, name);
obj->path = path;
digest_dynamic(obj, 0);
- if (obj->z_noopen && (flags & RTLD_LO_DLOPEN)) {
+ if (obj->z_noopen && (flags & (RTLD_LO_DLOPEN | RTLD_LO_TRACE)) ==
+ RTLD_LO_DLOPEN) {
dbg("refusing to load non-loadable \"%s\"", obj->path);
- _rtld_error("Cannot dlopen non-loadable %s\n", obj->path);
+ _rtld_error("Cannot dlopen non-loadable %s", obj->path);
munmap(obj->mapbase, obj->mapsize);
obj_free(obj);
return (NULL);
@@ -2006,6 +2007,8 @@
lo_flags = RTLD_LO_DLOPEN;
if (mode & RTLD_NOLOAD)
lo_flags |= RTLD_LO_NOLOAD;
+ if (ld_tracing != NULL)
+ lo_flags |= RTLD_LO_TRACE;
objlist_init(&initlist);
==== //depot/projects/scottl-camlock/src/libexec/rtld-elf/rtld.h#7 (text+ko) ====
@@ -22,7 +22,7 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
- * $FreeBSD: src/libexec/rtld-elf/rtld.h,v 1.44 2009/11/26 13:57:20 kib Exp $
+ * $FreeBSD: src/libexec/rtld-elf/rtld.h,v 1.45 2009/11/28 14:29:32 kib Exp $
*/
#ifndef RTLD_H /* { */
@@ -242,8 +242,9 @@
dlsym. */
/* Flags for load_object(). */
-#define RTLD_LO_NOLOAD 0x01 /* dlopen() specified RTLD_NOLOAD */
-#define RTLD_LO_DLOPEN 0x02 /* load_object() called from dlopen(). */
+#define RTLD_LO_NOLOAD 0x01 /* dlopen() specified RTLD_NOLOAD. */
+#define RTLD_LO_DLOPEN 0x02 /* Load_object() called from dlopen(). */
+#define RTLD_LO_TRACE 0x04 /* Only tracing. */
/*
* Symbol cache entry used during relocation to avoid multiple lookups
==== //depot/projects/scottl-camlock/src/share/man/man4/Makefile#16 (text+ko) ====
@@ -1,5 +1,5 @@
# @(#)Makefile 8.1 (Berkeley) 6/18/93
-# $FreeBSD: src/share/man/man4/Makefile,v 1.465 2009/11/19 16:19:05 mav Exp $
+# $FreeBSD: src/share/man/man4/Makefile,v 1.466 2009/11/30 11:44:03 avg Exp $
MAN= aac.4 \
acpi.4 \
@@ -31,6 +31,7 @@
ale.4 \
altq.4 \
amd.4 \
+ ${_amdsbwd.4} \
${_amdsmb.4} \
${_amdtemp.4} \
amr.4 \
@@ -610,6 +611,7 @@
_acpi_sony.4= acpi_sony.4
_acpi_toshiba.4=acpi_toshiba.4
_acpi_wmi.4= acpi_wmi.4
+_amdsbwd.4= amdsbwd.4
_amdsmb.4= amdsmb.4
_amdtemp.4= amdtemp.4
_asmc.4= asmc.4
==== //depot/projects/scottl-camlock/src/share/man/man4/ipsec.4#3 (text+ko) ====
@@ -27,9 +27,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $FreeBSD: src/share/man/man4/ipsec.4,v 1.23 2009/05/23 16:42:38 bz Exp $
+.\" $FreeBSD: src/share/man/man4/ipsec.4,v 1.25 2009/11/29 21:03:54 bz Exp $
.\"
-.Dd May 23, 2009
+.Dd November 29, 2009
.Dt IPSEC 4
.Os
.Sh NAME
>>> TRUNCATED FOR MAIL (1000 lines) <<<
More information about the p4-projects
mailing list