Date: Tue, 1 Dec 2009 21:46:22 GMT From: Alexander Motin <mav@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 171234 for review Message-ID: <200912012146.nB1LkMSF017185@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://p4web.freebsd.org/chv.cgi?CH=171234 Change 171234 by mav@mav_mavbook on 2009/12/01 21:45:39 IFC Affected files ... .. //depot/projects/scottl-camlock/src/bin/sh/eval.c#8 integrate .. //depot/projects/scottl-camlock/src/bin/sh/redir.c#4 integrate .. //depot/projects/scottl-camlock/src/contrib/bind9/CHANGES#6 integrate .. //depot/projects/scottl-camlock/src/contrib/bind9/bin/named/query.c#4 integrate .. //depot/projects/scottl-camlock/src/contrib/bind9/lib/dns/api#5 integrate .. //depot/projects/scottl-camlock/src/contrib/bind9/lib/dns/include/dns/types.h#4 integrate .. //depot/projects/scottl-camlock/src/contrib/bind9/lib/dns/masterdump.c#4 integrate .. //depot/projects/scottl-camlock/src/contrib/bind9/lib/dns/rbtdb.c#4 integrate .. //depot/projects/scottl-camlock/src/contrib/bind9/lib/dns/resolver.c#5 integrate .. //depot/projects/scottl-camlock/src/contrib/bind9/lib/dns/validator.c#4 integrate .. //depot/projects/scottl-camlock/src/contrib/bind9/version#6 integrate .. //depot/projects/scottl-camlock/src/contrib/ntp/ntpd/ntp_io.c#3 integrate .. //depot/projects/scottl-camlock/src/contrib/telnet/telnet/externs.h#3 integrate .. //depot/projects/scottl-camlock/src/include/Makefile#8 integrate .. //depot/projects/scottl-camlock/src/include/termios.h#1 branch .. //depot/projects/scottl-camlock/src/lib/bind/config.h#4 integrate .. //depot/projects/scottl-camlock/src/lib/libc/net/sctp_send.3#3 integrate .. //depot/projects/scottl-camlock/src/lib/libc/net/sctp_sendmsg.3#3 integrate .. //depot/projects/scottl-camlock/src/lib/libc/stdlib/getenv.c#3 integrate .. //depot/projects/scottl-camlock/src/lib/libc/string/strcat.3#3 integrate .. //depot/projects/scottl-camlock/src/lib/libc/sys/setpgid.2#2 integrate .. //depot/projects/scottl-camlock/src/lib/libthr/Makefile#4 integrate .. //depot/projects/scottl-camlock/src/libexec/rtld-elf/rtld.c#9 integrate .. //depot/projects/scottl-camlock/src/libexec/rtld-elf/rtld.h#7 integrate .. //depot/projects/scottl-camlock/src/share/man/man4/Makefile#16 integrate .. //depot/projects/scottl-camlock/src/share/man/man4/amdsbwd.4#1 branch .. //depot/projects/scottl-camlock/src/share/man/man4/ipsec.4#3 integrate .. //depot/projects/scottl-camlock/src/share/man/man9/ifnet.9#3 integrate .. //depot/projects/scottl-camlock/src/sys/amd64/amd64/identcpu.c#19 integrate .. //depot/projects/scottl-camlock/src/sys/amd64/conf/NOTES#22 integrate .. //depot/projects/scottl-camlock/src/sys/amd64/include/specialreg.h#14 integrate .. //depot/projects/scottl-camlock/src/sys/compat/svr4/svr4_termios.c#4 integrate .. //depot/projects/scottl-camlock/src/sys/conf/files#58 integrate .. //depot/projects/scottl-camlock/src/sys/conf/files.amd64#26 integrate .. //depot/projects/scottl-camlock/src/sys/conf/files.i386#26 integrate .. //depot/projects/scottl-camlock/src/sys/dev/adb/adb.h#2 integrate .. //depot/projects/scottl-camlock/src/sys/dev/adb/adb_bus.c#4 integrate .. //depot/projects/scottl-camlock/src/sys/dev/adb/adb_mouse.c#2 integrate .. //depot/projects/scottl-camlock/src/sys/dev/amdsbwd/amdsbwd.c#1 branch .. //depot/projects/scottl-camlock/src/sys/dev/hatm/if_hatm.c#7 integrate .. //depot/projects/scottl-camlock/src/sys/dev/hwpmc/hwpmc_mod.c#13 integrate .. //depot/projects/scottl-camlock/src/sys/dev/syscons/sysmouse.c#11 integrate .. //depot/projects/scottl-camlock/src/sys/dev/uart/uart_core.c#15 integrate .. //depot/projects/scottl-camlock/src/sys/dev/uart/uart_tty.c#14 integrate .. //depot/projects/scottl-camlock/src/sys/dev/usb/input/atp.c#3 integrate .. //depot/projects/scottl-camlock/src/sys/dev/usb/serial/usb_serial.h#7 integrate .. //depot/projects/scottl-camlock/src/sys/dev/xen/blkfront/blkfront.c#5 integrate .. //depot/projects/scottl-camlock/src/sys/dev/xen/blkfront/block.h#2 integrate .. //depot/projects/scottl-camlock/src/sys/dev/xen/netfront/netfront.c#6 integrate .. //depot/projects/scottl-camlock/src/sys/geom/label/g_label.c#10 integrate .. //depot/projects/scottl-camlock/src/sys/geom/label/g_label.h#6 integrate .. //depot/projects/scottl-camlock/src/sys/geom/label/g_label_ext2fs.c#3 integrate .. //depot/projects/scottl-camlock/src/sys/geom/label/g_label_gpt.c#3 integrate .. //depot/projects/scottl-camlock/src/sys/geom/label/g_label_iso9660.c#3 integrate .. //depot/projects/scottl-camlock/src/sys/geom/label/g_label_msdosfs.c#6 integrate .. //depot/projects/scottl-camlock/src/sys/geom/label/g_label_ntfs.c#2 integrate .. //depot/projects/scottl-camlock/src/sys/geom/label/g_label_reiserfs.c#4 integrate .. //depot/projects/scottl-camlock/src/sys/geom/label/g_label_ufs.c#8 integrate .. //depot/projects/scottl-camlock/src/sys/i386/conf/NOTES#27 integrate .. //depot/projects/scottl-camlock/src/sys/i386/i386/identcpu.c#24 integrate .. //depot/projects/scottl-camlock/src/sys/i386/include/specialreg.h#17 integrate .. //depot/projects/scottl-camlock/src/sys/ia64/ia64/interrupt.c#16 integrate .. //depot/projects/scottl-camlock/src/sys/ia64/ia64/machdep.c#20 integrate .. //depot/projects/scottl-camlock/src/sys/ia64/include/pcpu.h#6 integrate .. //depot/projects/scottl-camlock/src/sys/kern/tty.c#24 integrate .. //depot/projects/scottl-camlock/src/sys/modules/Makefile#39 integrate .. //depot/projects/scottl-camlock/src/sys/modules/amdsbwd/Makefile#1 branch .. //depot/projects/scottl-camlock/src/sys/net/if.c#38 integrate .. //depot/projects/scottl-camlock/src/sys/net/if_dead.c#2 integrate .. //depot/projects/scottl-camlock/src/sys/net/if_var.h#28 integrate .. //depot/projects/scottl-camlock/src/sys/netipsec/ipcomp_var.h#4 integrate .. //depot/projects/scottl-camlock/src/sys/netipsec/ipsec_mbuf.c#8 integrate .. //depot/projects/scottl-camlock/src/sys/netipsec/xform_ipcomp.c#10 integrate .. //depot/projects/scottl-camlock/src/sys/opencrypto/crypto.c#11 integrate .. //depot/projects/scottl-camlock/src/sys/opencrypto/cryptosoft.c#10 integrate .. //depot/projects/scottl-camlock/src/sys/opencrypto/deflate.c#5 integrate .. //depot/projects/scottl-camlock/src/sys/opencrypto/deflate.h#3 integrate .. //depot/projects/scottl-camlock/src/sys/powerpc/aim/machdep.c#9 integrate .. //depot/projects/scottl-camlock/src/sys/powerpc/aim/ofw_machdep.c#5 integrate .. //depot/projects/scottl-camlock/src/sys/powerpc/booke/machdep.c#7 integrate .. //depot/projects/scottl-camlock/src/sys/powerpc/conf/GENERIC#23 integrate .. //depot/projects/scottl-camlock/src/sys/powerpc/include/cpu.h#7 integrate .. //depot/projects/scottl-camlock/src/sys/powerpc/include/md_var.h#8 integrate .. //depot/projects/scottl-camlock/src/sys/powerpc/powerpc/cpu.c#14 integrate .. //depot/projects/scottl-camlock/src/sys/sys/_termios.h#1 branch .. //depot/projects/scottl-camlock/src/sys/sys/sdt.h#2 integrate .. //depot/projects/scottl-camlock/src/sys/sys/termios.h#6 integrate .. //depot/projects/scottl-camlock/src/sys/sys/tty.h#11 integrate .. //depot/projects/scottl-camlock/src/sys/vm/vm_fault.c#30 integrate .. //depot/projects/scottl-camlock/src/tools/regression/bin/sh/builtins/fc1.0#2 integrate .. //depot/projects/scottl-camlock/src/tools/regression/bin/sh/errors/backquote-error1.0#2 integrate .. //depot/projects/scottl-camlock/src/tools/regression/bin/sh/execution/redir1.0#1 branch .. //depot/projects/scottl-camlock/src/tools/regression/bin/sh/execution/redir2.0#1 branch .. //depot/projects/scottl-camlock/src/tools/regression/environ/Makefile.envctl#2 integrate .. //depot/projects/scottl-camlock/src/tools/regression/environ/envctl.c#2 integrate .. //depot/projects/scottl-camlock/src/tools/regression/environ/envtest.t#2 integrate .. //depot/projects/scottl-camlock/src/usr.bin/ldd/ldd.1#3 integrate .. //depot/projects/scottl-camlock/src/usr.bin/netstat/if.c#4 integrate .. //depot/projects/scottl-camlock/src/usr.bin/netstat/ipsec.c#3 integrate .. //depot/projects/scottl-camlock/src/usr.bin/netstat/main.c#5 integrate .. //depot/projects/scottl-camlock/src/usr.bin/netstat/netstat.1#6 integrate .. //depot/projects/scottl-camlock/src/usr.bin/netstat/netstat.h#5 integrate Differences ... ==== //depot/projects/scottl-camlock/src/bin/sh/eval.c#8 (text+ko) ==== @@ -36,7 +36,7 @@ #endif #endif /* not lint */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/bin/sh/eval.c,v 1.69 2009/11/22 18:23:30 jilles Exp $"); +__FBSDID("$FreeBSD: src/bin/sh/eval.c,v 1.70 2009/11/29 22:33:59 jilles Exp $"); #include <paths.h> #include <signal.h> @@ -883,7 +883,6 @@ #ifdef DEBUG trputs("normal command: "); trargs(argv); #endif - clearredir(); redirect(cmd->ncmd.redirect, 0); for (sp = varlist.list ; sp ; sp = sp->next) setvareq(sp->text, VEXPORT|VSTACK); ==== //depot/projects/scottl-camlock/src/bin/sh/redir.c#4 (text+ko) ==== @@ -36,7 +36,7 @@ #endif #endif /* not lint */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/bin/sh/redir.c,v 1.28 2009/11/22 18:23:30 jilles Exp $"); +__FBSDID("$FreeBSD: src/bin/sh/redir.c,v 1.29 2009/11/29 22:33:59 jilles Exp $"); #include <sys/types.h> #include <sys/stat.h> @@ -63,6 +63,7 @@ #define EMPTY -2 /* marks an unused slot in redirtab */ +#define CLOSED -1 /* fd was not open before redir */ #define PIPESIZE 4096 /* amount of buffering in a pipe */ @@ -101,7 +102,6 @@ struct redirtab *sv = NULL; int i; int fd; - int try; char memory[10]; /* file descriptors to write to memory */ for (i = 10 ; --i >= 0 ; ) @@ -116,38 +116,30 @@ } for (n = redir ; n ; n = n->nfile.next) { fd = n->nfile.fd; - try = 0; if ((n->nfile.type == NTOFD || n->nfile.type == NFROMFD) && n->ndup.dupfd == fd) continue; /* redirect from/to same file descriptor */ if ((flags & REDIR_PUSH) && sv->renamed[fd] == EMPTY) { INTOFF; -again: if ((i = fcntl(fd, F_DUPFD, 10)) == -1) { switch (errno) { case EBADF: - if (!try) { - openredirect(n, memory); - try++; - goto again; - } - /* FALLTHROUGH*/ + i = CLOSED; + break; default: INTON; error("%d: %s", fd, strerror(errno)); break; } - } - if (!try) { - sv->renamed[fd] = i; - } + } else + (void)fcntl(i, F_SETFD, FD_CLOEXEC); + sv->renamed[fd] = i; INTON; } if (fd == 0) fd0_redirected++; - if (!try) - openredirect(n, memory); + openredirect(n, memory); } if (memory[1]) out1 = &memout; ==== //depot/projects/scottl-camlock/src/contrib/bind9/CHANGES#6 (text+ko) ==== @@ -1,3 +1,9 @@ + --- 9.6.1-P2 released --- + +2772. [security] When validating, track whether pending data was from + the additional section or not and only return it if + validates as secure. [RT #20438] + --- 9.6.1-P1 released --- 2640. [security] A specially crafted update packet will cause named ==== //depot/projects/scottl-camlock/src/contrib/bind9/bin/named/query.c#4 (text+ko) ==== @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: query.c,v 1.313.20.7 2009/03/13 01:38:51 marka Exp $ */ +/* $Id: query.c,v 1.313.20.7.12.1 2009/11/18 23:58:04 marka Exp $ */ /*! \file */ @@ -116,6 +116,8 @@ #define DNS_GETDB_NOLOG 0x02U #define DNS_GETDB_PARTIAL 0x04U +#define PENDINGOK(x) (((x) & DNS_DBFIND_PENDINGOK) != 0) + typedef struct client_additionalctx { ns_client_t *client; dns_rdataset_t *rdataset; @@ -1761,8 +1763,8 @@ */ if (result == ISC_R_SUCCESS && additionaltype == dns_rdatasetadditional_fromcache && - (rdataset->trust == dns_trust_pending || - rdataset->trust == dns_trust_glue) && + (DNS_TRUST_PENDING(rdataset->trust) || + DNS_TRUST_GLUE(rdataset->trust)) && !validate(client, db, fname, rdataset, sigrdataset)) { dns_rdataset_disassociate(rdataset); if (dns_rdataset_isassociated(sigrdataset)) @@ -1801,8 +1803,8 @@ */ if (result == ISC_R_SUCCESS && additionaltype == dns_rdatasetadditional_fromcache && - (rdataset->trust == dns_trust_pending || - rdataset->trust == dns_trust_glue) && + (DNS_TRUST_PENDING(rdataset->trust) || + DNS_TRUST_GLUE(rdataset->trust)) && !validate(client, db, fname, rdataset, sigrdataset)) { dns_rdataset_disassociate(rdataset); if (dns_rdataset_isassociated(sigrdataset)) @@ -2601,14 +2603,14 @@ /* * Attempt to validate RRsets that are pending or that are glue. */ - if ((rdataset->trust == dns_trust_pending || - (sigrdataset != NULL && sigrdataset->trust == dns_trust_pending)) + if ((DNS_TRUST_PENDING(rdataset->trust) || + (sigrdataset != NULL && DNS_TRUST_PENDING(sigrdataset->trust))) && !validate(client, db, fname, rdataset, sigrdataset) && - (client->query.dboptions & DNS_DBFIND_PENDINGOK) == 0) + !PENDINGOK(client->query.dboptions)) goto cleanup; - if ((rdataset->trust == dns_trust_glue || - (sigrdataset != NULL && sigrdataset->trust == dns_trust_glue)) && + if ((DNS_TRUST_GLUE(rdataset->trust) || + (sigrdataset != NULL && DNS_TRUST_GLUE(sigrdataset->trust))) && !validate(client, db, fname, rdataset, sigrdataset) && SECURE(client) && WANTDNSSEC(client)) goto cleanup; @@ -3716,6 +3718,8 @@ dns_rdataset_t *noqname; isc_boolean_t resuming; int line = -1; + dns_rdataset_t tmprdataset; + unsigned int dboptions; CTRACE("query_find"); @@ -3933,9 +3937,49 @@ /* * Now look for an answer in the database. */ + dboptions = client->query.dboptions; + if (sigrdataset == NULL && client->view->enablednssec) { + /* + * If the client doesn't want DNSSEC we still want to + * look for any data pending validation to save a remote + * lookup if possible. + */ + dns_rdataset_init(&tmprdataset); + sigrdataset = &tmprdataset; + dboptions |= DNS_DBFIND_PENDINGOK; + } + refind: result = dns_db_find(db, client->query.qname, version, type, - client->query.dboptions, client->now, - &node, fname, rdataset, sigrdataset); + dboptions, client->now, &node, fname, + rdataset, sigrdataset); + /* + * If we have found pending data try to validate it. + * If the data does not validate as secure and we can't + * use the unvalidated data requery the database with + * pending disabled to prevent infinite looping. + */ + if (result != ISC_R_SUCCESS || !DNS_TRUST_PENDING(rdataset->trust)) + goto validation_done; + if (validate(client, db, fname, rdataset, sigrdataset)) + goto validation_done; + if (rdataset->trust != dns_trust_pending_answer || + !PENDINGOK(client->query.dboptions)) { + dns_rdataset_disassociate(rdataset); + if (sigrdataset != NULL && + dns_rdataset_isassociated(sigrdataset)) + dns_rdataset_disassociate(sigrdataset); + if (sigrdataset == &tmprdataset) + sigrdataset = NULL; + dns_db_detachnode(db, &node); + dboptions &= ~DNS_DBFIND_PENDINGOK; + goto refind; + } + validation_done: + if (sigrdataset == &tmprdataset) { + if (dns_rdataset_isassociated(sigrdataset)) + dns_rdataset_disassociate(sigrdataset); + sigrdataset = NULL; + } resume: CTRACE("query_find: resume"); ==== //depot/projects/scottl-camlock/src/contrib/bind9/lib/dns/api#5 (text+ko) ==== @@ -1,3 +1,3 @@ -LIBINTERFACE = 52 +LIBINTERFACE = 53 LIBREVISION = 0 -LIBAGE = 2 +LIBAGE = 0 ==== //depot/projects/scottl-camlock/src/contrib/bind9/lib/dns/include/dns/types.h#4 (text+ko) ==== @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: types.h,v 1.130.50.3 2009/01/29 22:40:35 jinmei Exp $ */ +/* $Id: types.h,v 1.130.50.3.12.1 2009/11/18 23:58:04 marka Exp $ */ #ifndef DNS_TYPES_H #define DNS_TYPES_H 1 @@ -258,40 +258,52 @@ dns_trust_none = 0, #define dns_trust_none ((dns_trust_t)dns_trust_none) - /*% Subject to DNSSEC validation but has not yet been validated */ - dns_trust_pending = 1, -#define dns_trust_pending ((dns_trust_t)dns_trust_pending) + /*% + * Subject to DNSSEC validation but has not yet been validated + * dns_trust_pending_additional (from the additional section). + */ + dns_trust_pending_additional = 1, +#define dns_trust_pending_additional \ + ((dns_trust_t)dns_trust_pending_additional) + + dns_trust_pending_answer = 2, +#define dns_trust_pending_answer ((dns_trust_t)dns_trust_pending_answer) /*% Received in the additional section of a response. */ - dns_trust_additional = 2, + dns_trust_additional = 3, #define dns_trust_additional ((dns_trust_t)dns_trust_additional) /* Received in a referral response. */ - dns_trust_glue = 3, + dns_trust_glue = 4, #define dns_trust_glue ((dns_trust_t)dns_trust_glue) /* Answer from a non-authoritative server */ - dns_trust_answer = 4, + dns_trust_answer = 5, #define dns_trust_answer ((dns_trust_t)dns_trust_answer) /* Received in the authority section as part of an authoritative response */ - dns_trust_authauthority = 5, + dns_trust_authauthority = 6, #define dns_trust_authauthority ((dns_trust_t)dns_trust_authauthority) /* Answer from an authoritative server */ - dns_trust_authanswer = 6, + dns_trust_authanswer = 7, #define dns_trust_authanswer ((dns_trust_t)dns_trust_authanswer) /* Successfully DNSSEC validated */ - dns_trust_secure = 7, + dns_trust_secure = 8, #define dns_trust_secure ((dns_trust_t)dns_trust_secure) /* This server is authoritative */ - dns_trust_ultimate = 8 + dns_trust_ultimate = 9 #define dns_trust_ultimate ((dns_trust_t)dns_trust_ultimate) }; +#define DNS_TRUST_PENDING(x) ((x) == dns_trust_pending_answer || \ + (x) == dns_trust_pending_additional) +#define DNS_TRUST_GLUE(x) ((x) == dns_trust_glue) + + /*% * Name checking severities. */ ==== //depot/projects/scottl-camlock/src/contrib/bind9/lib/dns/masterdump.c#4 (text+ko) ==== @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: masterdump.c,v 1.94.50.2 2009/01/18 23:47:40 tbox Exp $ */ +/* $Id: masterdump.c,v 1.94.50.2.12.1 2009/11/18 23:58:04 marka Exp $ */ /*! \file */ @@ -775,7 +775,8 @@ static const char *trustnames[] = { "none", - "pending", + "pending-additional", + "pending-answer", "additional", "glue", "answer", ==== //depot/projects/scottl-camlock/src/contrib/bind9/lib/dns/rbtdb.c#4 (text+ko) ==== @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rbtdb.c,v 1.270.12.6 2009/05/06 23:34:30 jinmei Exp $ */ +/* $Id: rbtdb.c,v 1.270.12.6.10.1 2009/11/18 23:58:04 marka Exp $ */ /*! \file */ @@ -4005,7 +4005,7 @@ } if (dname_header != NULL && - (dname_header->trust != dns_trust_pending || + (!DNS_TRUST_PENDING(dname_header->trust) || (search->options & DNS_DBFIND_PENDINGOK) != 0)) { /* * We increment the reference count on node to ensure that @@ -4548,7 +4548,7 @@ if (found == NULL || (found->trust == dns_trust_glue && ((options & DNS_DBFIND_GLUEOK) == 0)) || - (found->trust == dns_trust_pending && + (DNS_TRUST_PENDING(found->trust) && ((options & DNS_DBFIND_PENDINGOK) == 0))) { /* * If there is an NS rdataset at this node, then this is the ==== //depot/projects/scottl-camlock/src/contrib/bind9/lib/dns/resolver.c#5 (text+ko) ==== @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: resolver.c,v 1.384.14.14 2009/06/02 23:47:13 tbox Exp $ */ +/* $Id: resolver.c,v 1.384.14.14.8.1 2009/11/18 23:58:04 marka Exp $ */ /*! \file */ @@ -4293,6 +4293,7 @@ * for it, unless it is glue. */ if (secure_domain && rdataset->trust != dns_trust_glue) { + dns_trust_t trust; /* * RRSIGs are validated as part of validating the * type they cover. @@ -4329,12 +4330,34 @@ } /* + * Reject out of bailiwick additional records + * without RRSIGs as they can't possibly validate + * as "secure" and as we will never never want to + * store these as "answers" after validation. + */ + if (rdataset->trust == dns_trust_additional && + sigrdataset == NULL && EXTERNAL(rdataset)) + continue; + + /* + * XXXMPA: If we store as "answer" after validating + * then we need to do bailiwick processing and + * also need to track whether RRsets are in or + * out of bailiwick. This will require a another + * pending trust level. + * * Cache this rdataset/sigrdataset pair as - * pending data. + * pending data. Track whether it was additional + * or not. */ - rdataset->trust = dns_trust_pending; + if (rdataset->trust == dns_trust_additional) + trust = dns_trust_pending_additional; + else + trust = dns_trust_pending_answer; + + rdataset->trust = trust; if (sigrdataset != NULL) - sigrdataset->trust = dns_trust_pending; + sigrdataset->trust = trust; if (!need_validation || !ANSWER(rdataset)) { addedrdataset = ardataset; result = dns_db_addrdataset(fctx->cache, node, @@ -4682,7 +4705,7 @@ for (trdataset = ISC_LIST_HEAD(tname->list); trdataset != NULL; trdataset = ISC_LIST_NEXT(trdataset, link)) - trdataset->trust = dns_trust_pending; + trdataset->trust = dns_trust_pending_answer; result = dns_message_nextname(fctx->rmessage, DNS_SECTION_AUTHORITY); } ==== //depot/projects/scottl-camlock/src/contrib/bind9/lib/dns/validator.c#4 (text+ko) ==== @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: validator.c,v 1.164.12.9 2009/05/07 23:47:12 tbox Exp $ */ +/* $Id: validator.c,v 1.164.12.9.8.1 2009/11/18 23:58:04 marka Exp $ */ #include <config.h> @@ -1607,7 +1607,7 @@ * We have an rrset for the given keyname. */ val->keyset = &val->frdataset; - if (val->frdataset.trust == dns_trust_pending && + if (DNS_TRUST_PENDING(val->frdataset.trust) && dns_rdataset_isassociated(&val->fsigrdataset)) { /* @@ -1622,7 +1622,7 @@ if (result != ISC_R_SUCCESS) return (result); return (DNS_R_WAIT); - } else if (val->frdataset.trust == dns_trust_pending) { + } else if (DNS_TRUST_PENDING(val->frdataset.trust)) { /* * Having a pending key with no signature means that * something is broken. @@ -2243,7 +2243,7 @@ * We have DS records. */ val->dsset = &val->frdataset; - if (val->frdataset.trust == dns_trust_pending && + if (DNS_TRUST_PENDING(val->frdataset.trust) && dns_rdataset_isassociated(&val->fsigrdataset)) { result = create_validator(val, @@ -2256,7 +2256,7 @@ if (result != ISC_R_SUCCESS) return (result); return (DNS_R_WAIT); - } else if (val->frdataset.trust == dns_trust_pending) { + } else if (DNS_TRUST_PENDING(val->frdataset.trust)) { /* * There should never be an unsigned DS. */ @@ -3337,7 +3337,7 @@ * There is no DS. If this is a delegation, * we maybe done. */ - if (val->frdataset.trust == dns_trust_pending) { + if (DNS_TRUST_PENDING(val->frdataset.trust)) { result = create_fetch(val, tname, dns_rdatatype_ds, dsfetched2, ==== //depot/projects/scottl-camlock/src/contrib/bind9/version#6 (text+ko) ==== @@ -1,4 +1,4 @@ -# $Id: version,v 1.43.12.5.8.1 2009/07/28 14:18:08 marka Exp $ +# $Id: version,v 1.43.12.5.8.2 2009/11/18 23:58:04 marka Exp $ # # This file must follow /bin/sh rules. It is imported directly via # configure. @@ -7,4 +7,4 @@ MINORVER=6 PATCHVER=1 RELEASETYPE=-P -RELEASEVER=1 +RELEASEVER=2 ==== //depot/projects/scottl-camlock/src/contrib/ntp/ntpd/ntp_io.c#3 (text+ko) ==== @@ -65,6 +65,12 @@ #endif /* IPV6 Multicast Support */ #endif /* IPv6 Support */ +#ifdef INCLUDE_IPV6_SUPPORT +#include <netinet/in.h> +#include <net/if_var.h> +#include <netinet/in_var.h> +#endif /* !INCLUDE_IPV6_SUPPORT */ + extern int listen_to_virtual_ips; extern const char *specific_interface; @@ -1137,6 +1143,36 @@ } #endif /* OS_NEEDS_REUSEADDR_FOR_IFADDRBIND */ +#ifdef INCLUDE_IPV6_SUPPORT +static isc_boolean_t +is_anycast(struct sockaddr *sa, char *name) +{ +#if defined(SIOCGIFAFLAG_IN6) && defined(IN6_IFF_ANYCAST) + struct in6_ifreq ifr6; + int fd; + u_int32_t flags6; + + if (sa->sa_family != AF_INET6) + return ISC_FALSE; + if ((fd = socket(AF_INET6, SOCK_DGRAM, 0)) < 0) + return ISC_FALSE; + memset(&ifr6, 0, sizeof(ifr6)); + memcpy(&ifr6.ifr_addr, (struct sockaddr_in6 *)sa, + sizeof(struct sockaddr_in6)); + strlcpy(ifr6.ifr_name, name, IF_NAMESIZE); + if (ioctl(fd, SIOCGIFAFLAG_IN6, &ifr6) < 0) { + close(fd); + return ISC_FALSE; + } + close(fd); + flags6 = ifr6.ifr_ifru.ifru_flags6; + if ((flags6 & IN6_IFF_ANYCAST) != 0) + return ISC_TRUE; +#endif /* !SIOCGIFAFLAG_IN6 || !IN6_IFF_ANYCAST */ + return ISC_FALSE; +} +#endif /* !INCLUDE_IPV6_SUPPORT */ + /* * update_interface strategy * @@ -1276,6 +1312,11 @@ if (is_wildcard_addr(&interface.sin)) continue; +#ifdef INCLUDE_IPV6_SUPPORT + if (is_anycast((struct sockaddr *)&interface.sin, isc_if.name)) + continue; +#endif /* !INCLUDE_IPV6_SUPPORT */ + /* * map to local *address* in order * to map all duplicate interfaces to an interface structure ==== //depot/projects/scottl-camlock/src/contrib/telnet/telnet/externs.h#3 (text+ko) ==== @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)externs.h 8.3 (Berkeley) 5/30/95 - * $FreeBSD: src/contrib/telnet/telnet/externs.h,v 1.11 2007/07/01 12:08:04 gnn Exp $ + * $FreeBSD: src/contrib/telnet/telnet/externs.h,v 1.12 2009/11/28 11:57:25 ed Exp $ */ #ifndef BSD @@ -57,7 +57,7 @@ #include <errno.h> #ifdef USE_TERMIO # ifndef VINTR -# include <sys/termios.h> +# include <termios.h> # endif # define termio termios #endif ==== //depot/projects/scottl-camlock/src/include/Makefile#8 (text+ko) ==== @@ -1,5 +1,5 @@ # @(#)Makefile 8.2 (Berkeley) 1/4/94 -# $FreeBSD: src/include/Makefile,v 1.291 2009/08/13 23:18:45 scottl Exp $ +# $FreeBSD: src/include/Makefile,v 1.292 2009/11/28 23:50:48 ed Exp $ # # Doing a "make install" builds /usr/include. @@ -21,7 +21,7 @@ res_update.h resolv.h runetype.h search.h setjmp.h \ signal.h spawn.h stab.h \ stdbool.h stddef.h stdio.h stdlib.h string.h stringlist.h \ - strings.h sysexits.h tar.h tgmath.h \ + strings.h sysexits.h tar.h termios.h tgmath.h \ time.h timeconv.h timers.h ttyent.h \ ulimit.h unistd.h utime.h utmp.h uuid.h varargs.h vis.h wchar.h \ wctype.h wordexp.h @@ -31,7 +31,7 @@ PHDRS= sched.h semaphore.h _semaphore.h LHDRS= aio.h errno.h fcntl.h linker_set.h poll.h stdint.h syslog.h \ - termios.h ucontext.h + ucontext.h LDIRS= bsm cam geom net net80211 netatalk netgraph netinet netinet6 \ netipsec ${_netipx} netnatm ${_netncp} netsmb \ ==== //depot/projects/scottl-camlock/src/lib/bind/config.h#4 (text+ko) ==== @@ -1,4 +1,4 @@ -/* $FreeBSD: src/lib/bind/config.h,v 1.11 2009/05/31 05:42:58 dougb Exp $ */ +/* $FreeBSD: src/lib/bind/config.h,v 1.12 2009/11/30 03:38:34 dougb Exp $ */ /* config.h. Generated from config.h.in by configure. */ /* config.h.in. Generated from configure.in by autoheader. */ @@ -277,6 +277,10 @@ /* Define to 1 if you have the <unistd.h> header file. */ #define HAVE_UNISTD_H 1 +/* Define to the sub-directory in which libtool stores uninstalled libraries. + */ +#define LT_OBJDIR ".libs/" + /* Defined if extern char *optarg is not declared. */ /* #undef NEED_OPTARG */ ==== //depot/projects/scottl-camlock/src/lib/libc/net/sctp_send.3#3 (text+ko) ==== @@ -29,7 +29,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $FreeBSD: src/lib/libc/net/sctp_send.3,v 1.4 2007/09/25 16:48:08 brueffer Exp $ +.\" $FreeBSD: src/lib/libc/net/sctp_send.3,v 1.5 2009/11/28 11:27:37 danger Exp $ .\" .Dd December 15, 2006 .Dt SCTP_SEND 3 @@ -111,7 +111,7 @@ argument is an opaque 32 bit value that is passed transparently through the stack to the peer endpoint. It will be available on reception of a message (see -.Xr sctp_recvmsg 2 ) . +.Xr sctp_recvmsg 3 ) . Note that the stack passes this value without regard to byte order. .Pp ==== //depot/projects/scottl-camlock/src/lib/libc/net/sctp_sendmsg.3#3 (text+ko) ==== @@ -30,7 +30,7 @@ .\" SUCH DAMAGE. .\" .\" From: @(#)send.2 8.2 (Berkeley) 2/21/94 -.\" $FreeBSD: src/lib/libc/net/sctp_sendmsg.3,v 1.4 2007/09/25 16:48:08 brueffer Exp $ +.\" $FreeBSD: src/lib/libc/net/sctp_sendmsg.3,v 1.5 2009/11/28 11:27:37 danger Exp $ .\" .Dd December 15, 2006 .Dt SCTP_SENDMSG 3 @@ -103,13 +103,13 @@ the message is not transmitted. .Pp No indication of failure to deliver is implicit in a -.Xr sctp_sendmsg 2 +.Xr sctp_sendmsg 3 call. Locally detected errors are indicated by a return value of -1. .Pp If no space is available at the socket to hold the message to be transmitted, then -.Xr sctp_sendmsg 2 +.Xr sctp_sendmsg 3 normally blocks, unless the socket has been placed in non-blocking I/O mode. The @@ -123,7 +123,7 @@ through the stack to the peer endpoint. It will be available on reception of a message (see -.Xr sctp_recvmsg 2 ) . +.Xr sctp_recvmsg 3 ) . Note that the stack passes this value without regard to byte order. .Pp ==== //depot/projects/scottl-camlock/src/lib/libc/stdlib/getenv.c#3 (text+ko) ==== @@ -25,7 +25,7 @@ */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/lib/libc/stdlib/getenv.c,v 1.15 2008/08/03 22:47:23 scf Exp $"); +__FBSDID("$FreeBSD: src/lib/libc/stdlib/getenv.c,v 1.17 2009/12/01 06:42:47 green Exp $"); #include "namespace.h" ==== //depot/projects/scottl-camlock/src/lib/libc/string/strcat.3#3 (text+ko) ==== @@ -30,13 +30,14 @@ .\" SUCH DAMAGE. .\" .\" @(#)strcat.3 8.1 (Berkeley) 6/4/93 -.\" $FreeBSD: src/lib/libc/string/strcat.3,v 1.16 2009/04/07 13:42:53 trasz Exp $ +.\" $FreeBSD: src/lib/libc/string/strcat.3,v 1.17 2009/12/01 07:28:56 brueffer Exp $ .\" -.Dd June 4, 1993 +.Dd December 1, 2009 .Dt STRCAT 3 .Os .Sh NAME -.Nm strcat +.Nm strcat , +.Nm strncat .Nd concatenate strings .Sh LIBRARY .Lb libc ==== //depot/projects/scottl-camlock/src/lib/libc/sys/setpgid.2#2 (text+ko) ==== @@ -26,7 +26,7 @@ .\" SUCH DAMAGE. .\" .\" @(#)setpgid.2 8.1 (Berkeley) 6/4/93 -.\" $FreeBSD: src/lib/libc/sys/setpgid.2,v 1.16 2007/01/09 00:28:15 imp Exp $ +.\" $FreeBSD: src/lib/libc/sys/setpgid.2,v 1.17 2009/12/01 06:12:31 keramida Exp $ .\" .Dd February 8, 2004 .Dt SETPGID 2 @@ -54,6 +54,11 @@ If .Fa pid is zero, then the call applies to the current process. +If +.Fa pgrp +is zero, then the process id of the process specified by +.Fa pid +is used instead. .Pp If the affected process is not the invoking process, then it must be a child of the invoking process, it must not have performed an ==== //depot/projects/scottl-camlock/src/lib/libthr/Makefile#4 (text+ko) ==== @@ -1,4 +1,4 @@ -# $FreeBSD: src/lib/libthr/Makefile,v 1.41 2009/11/26 14:01:14 kib Exp $ +# $FreeBSD: src/lib/libthr/Makefile,v 1.42 2009/11/28 14:34:28 kib Exp $ # # All library objects contain FreeBSD revision strings by default; they may be # excluded as a space-saving measure. To produce a library that does @@ -25,7 +25,7 @@ CFLAGS+=-I${.CURDIR}/../../libexec/rtld-elf/${MACHINE_ARCH} CFLAGS+=-I${.CURDIR}/../libthread_db CFLAGS+=-Winline -LDFLAGS+=-Wl,-znodelete -Wl,-znodlopen +LDFLAGS+=-Wl,-znodelete VERSION_DEF=${.CURDIR}/../libc/Versions.def SYMBOL_MAPS=${.CURDIR}/pthread.map ==== //depot/projects/scottl-camlock/src/libexec/rtld-elf/rtld.c#9 (text+ko) ==== @@ -23,7 +23,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $FreeBSD: src/libexec/rtld-elf/rtld.c,v 1.143 2009/11/26 13:57:20 kib Exp $ + * $FreeBSD: src/libexec/rtld-elf/rtld.c,v 1.145 2009/12/01 02:57:06 cperciva Exp $ */ /* @@ -366,12 +366,12 @@ * future processes to honor the potentially un-safe variables. */ if (!trust) { - unsetenv(LD_ "PRELOAD"); - unsetenv(LD_ "LIBMAP"); - unsetenv(LD_ "LIBRARY_PATH"); - unsetenv(LD_ "LIBMAP_DISABLE"); - unsetenv(LD_ "DEBUG"); - unsetenv(LD_ "ELF_HINTS_PATH"); + if (unsetenv(LD_ "PRELOAD") || unsetenv(LD_ "LIBMAP") || + unsetenv(LD_ "LIBRARY_PATH") || unsetenv(LD_ "LIBMAP_DISABLE") || + unsetenv(LD_ "DEBUG") || unsetenv(LD_ "ELF_HINTS_PATH")) { + _rtld_error("environment corrupt; aborting"); + die(); + } } ld_debug = getenv(LD_ "DEBUG"); libmap_disable = getenv(LD_ "LIBMAP_DISABLE") != NULL; @@ -1571,9 +1571,10 @@ object_add_name(obj, name); obj->path = path; digest_dynamic(obj, 0); - if (obj->z_noopen && (flags & RTLD_LO_DLOPEN)) { + if (obj->z_noopen && (flags & (RTLD_LO_DLOPEN | RTLD_LO_TRACE)) == + RTLD_LO_DLOPEN) { dbg("refusing to load non-loadable \"%s\"", obj->path); - _rtld_error("Cannot dlopen non-loadable %s\n", obj->path); + _rtld_error("Cannot dlopen non-loadable %s", obj->path); munmap(obj->mapbase, obj->mapsize); obj_free(obj); return (NULL); @@ -2006,6 +2007,8 @@ lo_flags = RTLD_LO_DLOPEN; if (mode & RTLD_NOLOAD) lo_flags |= RTLD_LO_NOLOAD; + if (ld_tracing != NULL) + lo_flags |= RTLD_LO_TRACE; objlist_init(&initlist); ==== //depot/projects/scottl-camlock/src/libexec/rtld-elf/rtld.h#7 (text+ko) ==== @@ -22,7 +22,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $FreeBSD: src/libexec/rtld-elf/rtld.h,v 1.44 2009/11/26 13:57:20 kib Exp $ + * $FreeBSD: src/libexec/rtld-elf/rtld.h,v 1.45 2009/11/28 14:29:32 kib Exp $ */ #ifndef RTLD_H /* { */ @@ -242,8 +242,9 @@ dlsym. */ /* Flags for load_object(). */ -#define RTLD_LO_NOLOAD 0x01 /* dlopen() specified RTLD_NOLOAD */ -#define RTLD_LO_DLOPEN 0x02 /* load_object() called from dlopen(). */ +#define RTLD_LO_NOLOAD 0x01 /* dlopen() specified RTLD_NOLOAD. */ +#define RTLD_LO_DLOPEN 0x02 /* Load_object() called from dlopen(). */ +#define RTLD_LO_TRACE 0x04 /* Only tracing. */ /* * Symbol cache entry used during relocation to avoid multiple lookups ==== //depot/projects/scottl-camlock/src/share/man/man4/Makefile#16 (text+ko) ==== @@ -1,5 +1,5 @@ # @(#)Makefile 8.1 (Berkeley) 6/18/93 -# $FreeBSD: src/share/man/man4/Makefile,v 1.465 2009/11/19 16:19:05 mav Exp $ +# $FreeBSD: src/share/man/man4/Makefile,v 1.466 2009/11/30 11:44:03 avg Exp $ MAN= aac.4 \ acpi.4 \ @@ -31,6 +31,7 @@ ale.4 \ altq.4 \ amd.4 \ + ${_amdsbwd.4} \ ${_amdsmb.4} \ ${_amdtemp.4} \ amr.4 \ @@ -610,6 +611,7 @@ _acpi_sony.4= acpi_sony.4 _acpi_toshiba.4=acpi_toshiba.4 _acpi_wmi.4= acpi_wmi.4 +_amdsbwd.4= amdsbwd.4 _amdsmb.4= amdsmb.4 _amdtemp.4= amdtemp.4 _asmc.4= asmc.4 ==== //depot/projects/scottl-camlock/src/share/man/man4/ipsec.4#3 (text+ko) ==== @@ -27,9 +27,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $FreeBSD: src/share/man/man4/ipsec.4,v 1.23 2009/05/23 16:42:38 bz Exp $ +.\" $FreeBSD: src/share/man/man4/ipsec.4,v 1.25 2009/11/29 21:03:54 bz Exp $ .\" -.Dd May 23, 2009 +.Dd November 29, 2009 .Dt IPSEC 4 .Os .Sh NAME >>> TRUNCATED FOR MAIL (1000 lines) <<<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200912012146.nB1LkMSF017185>