Date: Thu, 3 Dec 2009 20:40:59 GMT From: Rafal Jaworowski <raj@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 171355 for review Message-ID: <200912032040.nB3KexFh084511@repoman.freebsd.org>
index | next in thread | raw e-mail
http://p4web.freebsd.org/chv.cgi?CH=171355 Change 171355 by raj@raj_fdt on 2009/12/03 20:40:52 IFC @171341 Affected files ... .. //depot/projects/fdt/ObsoleteFiles.inc#3 integrate .. //depot/projects/fdt/bin/sh/eval.c#3 integrate .. //depot/projects/fdt/bin/sh/redir.c#3 integrate .. //depot/projects/fdt/contrib/bind9/CHANGES#2 integrate .. //depot/projects/fdt/contrib/bind9/bin/named/query.c#2 integrate .. //depot/projects/fdt/contrib/bind9/lib/dns/api#2 integrate .. //depot/projects/fdt/contrib/bind9/lib/dns/include/dns/types.h#2 integrate .. //depot/projects/fdt/contrib/bind9/lib/dns/masterdump.c#2 integrate .. //depot/projects/fdt/contrib/bind9/lib/dns/rbtdb.c#2 integrate .. //depot/projects/fdt/contrib/bind9/lib/dns/resolver.c#2 integrate .. //depot/projects/fdt/contrib/bind9/lib/dns/validator.c#2 integrate .. //depot/projects/fdt/contrib/bind9/version#2 integrate .. //depot/projects/fdt/contrib/bsnmp/snmp_mibII/BEGEMOT-MIB2-MIB.txt#2 integrate .. //depot/projects/fdt/contrib/bsnmp/snmp_mibII/mibII.c#2 integrate .. //depot/projects/fdt/contrib/bsnmp/snmp_mibII/mibII.h#2 integrate .. //depot/projects/fdt/contrib/bsnmp/snmp_mibII/mibII_begemot.c#2 integrate .. //depot/projects/fdt/contrib/bsnmp/snmp_mibII/mibII_tree.def#2 integrate .. //depot/projects/fdt/contrib/gcc/config/freebsd-spec.h#2 integrate .. //depot/projects/fdt/contrib/groff/tmac/doc-syms#2 integrate .. //depot/projects/fdt/contrib/ntp/ntpd/ntp_io.c#2 integrate .. //depot/projects/fdt/contrib/telnet/telnet/externs.h#2 integrate .. //depot/projects/fdt/crypto/openssl/ssl/s3_lib.c#2 integrate .. //depot/projects/fdt/crypto/openssl/ssl/s3_pkt.c#2 integrate .. //depot/projects/fdt/crypto/openssl/ssl/s3_srvr.c#2 integrate .. //depot/projects/fdt/etc/Makefile#3 integrate .. //depot/projects/fdt/etc/defaults/rc.conf#2 integrate .. //depot/projects/fdt/etc/mtree/BSD.var.dist#2 integrate .. //depot/projects/fdt/etc/rc.d/Makefile#2 integrate .. //depot/projects/fdt/etc/rc.d/ip6fw#2 delete .. //depot/projects/fdt/etc/rc.d/ipfw#2 integrate .. //depot/projects/fdt/etc/rc.firewall#2 integrate .. //depot/projects/fdt/etc/rc.firewall6#2 delete .. //depot/projects/fdt/include/Makefile#2 integrate .. //depot/projects/fdt/include/termios.h#1 branch .. //depot/projects/fdt/lib/Makefile#2 integrate .. //depot/projects/fdt/lib/bind/config.h#2 integrate .. //depot/projects/fdt/lib/csu/amd64/Makefile#2 integrate .. //depot/projects/fdt/lib/csu/arm/Makefile#2 integrate .. //depot/projects/fdt/lib/csu/i386-elf/Makefile#2 integrate .. //depot/projects/fdt/lib/csu/i386-elf/crt1.c#2 delete .. //depot/projects/fdt/lib/csu/i386-elf/crt1_c.c#1 branch .. //depot/projects/fdt/lib/csu/i386-elf/crt1_s.S#1 branch .. //depot/projects/fdt/lib/csu/ia64/Makefile#2 integrate .. //depot/projects/fdt/lib/csu/mips/Makefile#2 integrate .. //depot/projects/fdt/lib/csu/powerpc/Makefile#2 integrate .. //depot/projects/fdt/lib/csu/sparc64/Makefile#2 integrate .. //depot/projects/fdt/lib/libc/gen/exec.c#2 integrate .. //depot/projects/fdt/lib/libc/net/sctp_send.3#2 integrate .. //depot/projects/fdt/lib/libc/net/sctp_sendmsg.3#2 integrate .. //depot/projects/fdt/lib/libc/rpc/svc.c#2 integrate .. //depot/projects/fdt/lib/libc/stdio/printf.3#2 integrate .. //depot/projects/fdt/lib/libc/stdlib/getenv.c#2 integrate .. //depot/projects/fdt/lib/libc/string/strcat.3#2 integrate .. //depot/projects/fdt/lib/libc/sys/setpgid.2#2 integrate .. //depot/projects/fdt/lib/libthr/Makefile#3 integrate .. //depot/projects/fdt/lib/libulog/Makefile#1 branch .. //depot/projects/fdt/lib/libulog/Symbol.map#1 branch .. //depot/projects/fdt/lib/libulog/ulog.h#1 branch .. //depot/projects/fdt/lib/libulog/ulog_getutxent.3#1 branch .. //depot/projects/fdt/lib/libulog/ulog_getutxent.c#1 branch .. //depot/projects/fdt/lib/libulog/ulog_internal.h#1 branch .. //depot/projects/fdt/lib/libulog/ulog_login.3#1 branch .. //depot/projects/fdt/lib/libulog/ulog_login.c#1 branch .. //depot/projects/fdt/lib/libulog/ulog_login_pseudo.c#1 branch .. //depot/projects/fdt/lib/libutil/libutil.h#2 integrate .. //depot/projects/fdt/libexec/Makefile#2 integrate .. //depot/projects/fdt/libexec/rtld-elf/rtld.c#4 integrate .. //depot/projects/fdt/libexec/rtld-elf/rtld.h#3 integrate .. //depot/projects/fdt/libexec/ulog-helper/Makefile#1 branch .. //depot/projects/fdt/libexec/ulog-helper/ulog-helper.c#1 branch .. //depot/projects/fdt/sbin/ipfw/dummynet.c#3 integrate .. //depot/projects/fdt/share/man/man4/Makefile#4 integrate .. //depot/projects/fdt/share/man/man4/amdsbwd.4#1 branch .. //depot/projects/fdt/share/man/man4/ipsec.4#2 integrate .. //depot/projects/fdt/share/man/man4/sctp.4#2 integrate .. //depot/projects/fdt/share/man/man9/VOP_OPENCLOSE.9#2 integrate .. //depot/projects/fdt/share/man/man9/ifnet.9#2 integrate .. //depot/projects/fdt/share/misc/bsd-family-tree#2 integrate .. //depot/projects/fdt/share/mk/bsd.libnames.mk#2 integrate .. //depot/projects/fdt/sys/amd64/amd64/identcpu.c#3 integrate .. //depot/projects/fdt/sys/amd64/amd64/mca.c#2 integrate .. //depot/projects/fdt/sys/amd64/amd64/trap.c#3 integrate .. //depot/projects/fdt/sys/amd64/conf/NOTES#2 integrate .. //depot/projects/fdt/sys/amd64/include/mca.h#2 integrate .. //depot/projects/fdt/sys/amd64/include/specialreg.h#2 integrate .. //depot/projects/fdt/sys/arm/arm/trap.c#3 integrate .. //depot/projects/fdt/sys/arm/conf/AVILA#2 integrate .. //depot/projects/fdt/sys/arm/conf/CAMBRIA#2 integrate .. //depot/projects/fdt/sys/boot/forth/loader.conf.5#2 integrate .. //depot/projects/fdt/sys/boot/i386/libi386/Makefile#2 integrate .. //depot/projects/fdt/sys/boot/i386/libi386/spinconsole.c#1 branch .. //depot/projects/fdt/sys/boot/i386/libi386/vidconsole.c#2 integrate .. //depot/projects/fdt/sys/boot/i386/loader/conf.c#2 integrate .. //depot/projects/fdt/sys/boot/pc98/loader/conf.c#2 integrate .. //depot/projects/fdt/sys/cam/ata/ata_all.c#4 integrate .. //depot/projects/fdt/sys/cam/ata/ata_all.h#4 integrate .. //depot/projects/fdt/sys/cam/scsi/scsi_cd.c#3 integrate .. //depot/projects/fdt/sys/compat/svr4/svr4_termios.c#2 integrate .. //depot/projects/fdt/sys/conf/files#6 integrate .. //depot/projects/fdt/sys/conf/files.amd64#2 integrate .. //depot/projects/fdt/sys/conf/files.i386#2 integrate .. //depot/projects/fdt/sys/dev/adb/adb.h#2 integrate .. //depot/projects/fdt/sys/dev/adb/adb_bus.c#2 integrate .. //depot/projects/fdt/sys/dev/adb/adb_mouse.c#2 integrate .. //depot/projects/fdt/sys/dev/amdsbwd/amdsbwd.c#1 branch .. //depot/projects/fdt/sys/dev/cxgb/common/cxgb_common.h#2 integrate .. //depot/projects/fdt/sys/dev/cxgb/cxgb_t3fw.h#2 integrate .. //depot/projects/fdt/sys/dev/cxgb/ulp/tom/cxgb_vm.c#2 integrate .. //depot/projects/fdt/sys/dev/hatm/if_hatm.c#3 integrate .. //depot/projects/fdt/sys/dev/hwpmc/hwpmc_mod.c#2 integrate .. //depot/projects/fdt/sys/dev/hwpmc/hwpmc_x86.c#2 integrate .. //depot/projects/fdt/sys/dev/ichsmb/ichsmb_pci.c#2 integrate .. //depot/projects/fdt/sys/dev/if_ndis/if_ndis.c#3 integrate .. //depot/projects/fdt/sys/dev/iir/iir_ctrl.c#2 integrate .. //depot/projects/fdt/sys/dev/syscons/sysmouse.c#2 integrate .. //depot/projects/fdt/sys/dev/uart/uart_core.c#2 integrate .. //depot/projects/fdt/sys/dev/uart/uart_tty.c#2 integrate .. //depot/projects/fdt/sys/dev/usb/input/atp.c#3 integrate .. //depot/projects/fdt/sys/dev/usb/serial/usb_serial.h#2 integrate .. //depot/projects/fdt/sys/dev/xen/blkfront/blkfront.c#3 integrate .. //depot/projects/fdt/sys/dev/xen/blkfront/block.h#2 integrate .. //depot/projects/fdt/sys/dev/xen/netfront/netfront.c#3 integrate .. //depot/projects/fdt/sys/fs/portalfs/portal_vnops.c#2 integrate .. //depot/projects/fdt/sys/geom/label/g_label.c#2 integrate .. //depot/projects/fdt/sys/geom/label/g_label.h#2 integrate .. //depot/projects/fdt/sys/geom/label/g_label_ext2fs.c#2 integrate .. //depot/projects/fdt/sys/geom/label/g_label_gpt.c#2 integrate .. //depot/projects/fdt/sys/geom/label/g_label_iso9660.c#2 integrate .. //depot/projects/fdt/sys/geom/label/g_label_msdosfs.c#2 integrate .. //depot/projects/fdt/sys/geom/label/g_label_ntfs.c#2 integrate .. //depot/projects/fdt/sys/geom/label/g_label_reiserfs.c#2 integrate .. //depot/projects/fdt/sys/geom/label/g_label_ufs.c#2 integrate .. //depot/projects/fdt/sys/i386/conf/NOTES#2 integrate .. //depot/projects/fdt/sys/i386/i386/identcpu.c#3 integrate .. //depot/projects/fdt/sys/i386/i386/mca.c#2 integrate .. //depot/projects/fdt/sys/i386/i386/trap.c#3 integrate .. //depot/projects/fdt/sys/i386/include/mca.h#2 integrate .. //depot/projects/fdt/sys/i386/include/specialreg.h#2 integrate .. //depot/projects/fdt/sys/i386/xen/exception.s#2 integrate .. //depot/projects/fdt/sys/ia64/ia64/interrupt.c#4 integrate .. //depot/projects/fdt/sys/ia64/ia64/machdep.c#3 integrate .. //depot/projects/fdt/sys/ia64/ia64/trap.c#4 integrate .. //depot/projects/fdt/sys/ia64/include/bus.h#2 integrate .. //depot/projects/fdt/sys/ia64/include/cpufunc.h#2 integrate .. //depot/projects/fdt/sys/ia64/include/ia64_cpu.h#2 integrate .. //depot/projects/fdt/sys/ia64/include/pcpu.h#2 integrate .. //depot/projects/fdt/sys/kern/tty.c#3 integrate .. //depot/projects/fdt/sys/kern/vfs_acl.c#3 integrate .. //depot/projects/fdt/sys/mips/mips/trap.c#3 integrate .. //depot/projects/fdt/sys/modules/Makefile#2 integrate .. //depot/projects/fdt/sys/modules/amdsbwd/Makefile#1 branch .. //depot/projects/fdt/sys/net/if.c#4 integrate .. //depot/projects/fdt/sys/net/if_dead.c#2 integrate .. //depot/projects/fdt/sys/net/if_var.h#4 integrate .. //depot/projects/fdt/sys/netinet/in.h#3 integrate .. //depot/projects/fdt/sys/netinet/ip_carp.c#2 integrate .. //depot/projects/fdt/sys/netinet/ip_fw.h#2 integrate .. //depot/projects/fdt/sys/netinet/ipfw/ip_dummynet.c#3 integrate .. //depot/projects/fdt/sys/netinet/ipfw/ip_fw2.c#2 integrate .. //depot/projects/fdt/sys/netinet/raw_ip.c#3 integrate .. //depot/projects/fdt/sys/netinet/sctp_constants.h#3 integrate .. //depot/projects/fdt/sys/netipsec/ipcomp_var.h#2 integrate .. //depot/projects/fdt/sys/netipsec/ipsec_mbuf.c#2 integrate .. //depot/projects/fdt/sys/netipsec/xform_ipcomp.c#2 integrate .. //depot/projects/fdt/sys/opencrypto/crypto.c#2 integrate .. //depot/projects/fdt/sys/opencrypto/cryptosoft.c#2 integrate .. //depot/projects/fdt/sys/opencrypto/deflate.c#2 integrate .. //depot/projects/fdt/sys/opencrypto/deflate.h#2 integrate .. //depot/projects/fdt/sys/pc98/conf/NOTES#3 integrate .. //depot/projects/fdt/sys/powerpc/aim/machdep.c#2 integrate .. //depot/projects/fdt/sys/powerpc/aim/ofw_machdep.c#2 integrate .. //depot/projects/fdt/sys/powerpc/aim/trap.c#4 integrate .. //depot/projects/fdt/sys/powerpc/booke/machdep.c#3 integrate .. //depot/projects/fdt/sys/powerpc/booke/trap.c#3 integrate .. //depot/projects/fdt/sys/powerpc/conf/GENERIC#2 integrate .. //depot/projects/fdt/sys/powerpc/include/cpu.h#2 integrate .. //depot/projects/fdt/sys/powerpc/include/md_var.h#2 integrate .. //depot/projects/fdt/sys/powerpc/include/vmparam.h#2 integrate .. //depot/projects/fdt/sys/powerpc/powerpc/cpu.c#4 integrate .. //depot/projects/fdt/sys/sparc64/sparc64/trap.c#3 integrate .. //depot/projects/fdt/sys/sun4v/sun4v/trap.c#3 integrate .. //depot/projects/fdt/sys/sys/_termios.h#1 branch .. //depot/projects/fdt/sys/sys/ata.h#4 integrate .. //depot/projects/fdt/sys/sys/param.h#5 integrate .. //depot/projects/fdt/sys/sys/sdt.h#2 integrate .. //depot/projects/fdt/sys/sys/termios.h#2 integrate .. //depot/projects/fdt/sys/sys/tty.h#2 integrate .. //depot/projects/fdt/sys/vm/vm_fault.c#5 integrate .. //depot/projects/fdt/sys/vm/vm_map.h#3 integrate .. //depot/projects/fdt/tools/regression/bin/sh/builtins/fc1.0#2 integrate .. //depot/projects/fdt/tools/regression/bin/sh/errors/backquote-error1.0#2 integrate .. //depot/projects/fdt/tools/regression/bin/sh/execution/redir1.0#1 branch .. //depot/projects/fdt/tools/regression/bin/sh/execution/redir2.0#1 branch .. //depot/projects/fdt/tools/regression/environ/Makefile.envctl#2 integrate .. //depot/projects/fdt/tools/regression/environ/envctl.c#2 integrate .. //depot/projects/fdt/tools/regression/environ/envtest.t#2 integrate .. //depot/projects/fdt/usr.bin/ldd/ldd.1#2 integrate .. //depot/projects/fdt/usr.bin/netstat/if.c#3 integrate .. //depot/projects/fdt/usr.bin/netstat/ipsec.c#2 integrate .. //depot/projects/fdt/usr.bin/netstat/main.c#2 integrate .. //depot/projects/fdt/usr.bin/netstat/netstat.1#2 integrate .. //depot/projects/fdt/usr.bin/netstat/netstat.h#2 integrate .. //depot/projects/fdt/usr.bin/unifdef/unifdef.c#3 integrate .. //depot/projects/fdt/usr.bin/users/Makefile#2 integrate .. //depot/projects/fdt/usr.bin/users/users.c#2 integrate .. //depot/projects/fdt/usr.sbin/freebsd-update/freebsd-update.sh#2 integrate Differences ... ==== //depot/projects/fdt/ObsoleteFiles.inc#3 (text+ko) ==== @@ -1,5 +1,5 @@ # -# $FreeBSD: src/ObsoleteFiles.inc,v 1.213 2009/11/18 00:56:05 delphij Exp $ +# $FreeBSD: src/ObsoleteFiles.inc,v 1.214 2009/12/02 15:05:26 ume Exp $ # # This file lists old files (OLD_FILES), libraries (OLD_LIBS) and # directories (OLD_DIRS) which should get removed at an update. Recently @@ -14,6 +14,9 @@ # The file is partitioned: OLD_FILES first, then OLD_LIBS and OLD_DIRS last. # +# 20091202: unify rc.firewall and rc.firewall6. +OLD_FILES+=etc/rc.d/ip6fw +OLD_FILES+=etc/rc.firewall6 # 20091117: removal of rc.early(8) link OLD_FILES+=usr/share/man/man8/rc.early.8.gz # 20091027: pselect.3 implemented as syscall ==== //depot/projects/fdt/bin/sh/eval.c#3 (text+ko) ==== @@ -36,7 +36,7 @@ #endif #endif /* not lint */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/bin/sh/eval.c,v 1.69 2009/11/22 18:23:30 jilles Exp $"); +__FBSDID("$FreeBSD: src/bin/sh/eval.c,v 1.70 2009/11/29 22:33:59 jilles Exp $"); #include <paths.h> #include <signal.h> @@ -883,7 +883,6 @@ #ifdef DEBUG trputs("normal command: "); trargs(argv); #endif - clearredir(); redirect(cmd->ncmd.redirect, 0); for (sp = varlist.list ; sp ; sp = sp->next) setvareq(sp->text, VEXPORT|VSTACK); ==== //depot/projects/fdt/bin/sh/redir.c#3 (text+ko) ==== @@ -36,7 +36,7 @@ #endif #endif /* not lint */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/bin/sh/redir.c,v 1.28 2009/11/22 18:23:30 jilles Exp $"); +__FBSDID("$FreeBSD: src/bin/sh/redir.c,v 1.29 2009/11/29 22:33:59 jilles Exp $"); #include <sys/types.h> #include <sys/stat.h> @@ -63,6 +63,7 @@ #define EMPTY -2 /* marks an unused slot in redirtab */ +#define CLOSED -1 /* fd was not open before redir */ #define PIPESIZE 4096 /* amount of buffering in a pipe */ @@ -101,7 +102,6 @@ struct redirtab *sv = NULL; int i; int fd; - int try; char memory[10]; /* file descriptors to write to memory */ for (i = 10 ; --i >= 0 ; ) @@ -116,38 +116,30 @@ } for (n = redir ; n ; n = n->nfile.next) { fd = n->nfile.fd; - try = 0; if ((n->nfile.type == NTOFD || n->nfile.type == NFROMFD) && n->ndup.dupfd == fd) continue; /* redirect from/to same file descriptor */ if ((flags & REDIR_PUSH) && sv->renamed[fd] == EMPTY) { INTOFF; -again: if ((i = fcntl(fd, F_DUPFD, 10)) == -1) { switch (errno) { case EBADF: - if (!try) { - openredirect(n, memory); - try++; - goto again; - } - /* FALLTHROUGH*/ + i = CLOSED; + break; default: INTON; error("%d: %s", fd, strerror(errno)); break; } - } - if (!try) { - sv->renamed[fd] = i; - } + } else + (void)fcntl(i, F_SETFD, FD_CLOEXEC); + sv->renamed[fd] = i; INTON; } if (fd == 0) fd0_redirected++; - if (!try) - openredirect(n, memory); + openredirect(n, memory); } if (memory[1]) out1 = &memout; ==== //depot/projects/fdt/contrib/bind9/CHANGES#2 (text+ko) ==== @@ -1,3 +1,9 @@ + --- 9.6.1-P2 released --- + +2772. [security] When validating, track whether pending data was from + the additional section or not and only return it if + validates as secure. [RT #20438] + --- 9.6.1-P1 released --- 2640. [security] A specially crafted update packet will cause named ==== //depot/projects/fdt/contrib/bind9/bin/named/query.c#2 (text+ko) ==== @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: query.c,v 1.313.20.7 2009/03/13 01:38:51 marka Exp $ */ +/* $Id: query.c,v 1.313.20.7.12.1 2009/11/18 23:58:04 marka Exp $ */ /*! \file */ @@ -116,6 +116,8 @@ #define DNS_GETDB_NOLOG 0x02U #define DNS_GETDB_PARTIAL 0x04U +#define PENDINGOK(x) (((x) & DNS_DBFIND_PENDINGOK) != 0) + typedef struct client_additionalctx { ns_client_t *client; dns_rdataset_t *rdataset; @@ -1761,8 +1763,8 @@ */ if (result == ISC_R_SUCCESS && additionaltype == dns_rdatasetadditional_fromcache && - (rdataset->trust == dns_trust_pending || - rdataset->trust == dns_trust_glue) && + (DNS_TRUST_PENDING(rdataset->trust) || + DNS_TRUST_GLUE(rdataset->trust)) && !validate(client, db, fname, rdataset, sigrdataset)) { dns_rdataset_disassociate(rdataset); if (dns_rdataset_isassociated(sigrdataset)) @@ -1801,8 +1803,8 @@ */ if (result == ISC_R_SUCCESS && additionaltype == dns_rdatasetadditional_fromcache && - (rdataset->trust == dns_trust_pending || - rdataset->trust == dns_trust_glue) && + (DNS_TRUST_PENDING(rdataset->trust) || + DNS_TRUST_GLUE(rdataset->trust)) && !validate(client, db, fname, rdataset, sigrdataset)) { dns_rdataset_disassociate(rdataset); if (dns_rdataset_isassociated(sigrdataset)) @@ -2601,14 +2603,14 @@ /* * Attempt to validate RRsets that are pending or that are glue. */ - if ((rdataset->trust == dns_trust_pending || - (sigrdataset != NULL && sigrdataset->trust == dns_trust_pending)) + if ((DNS_TRUST_PENDING(rdataset->trust) || + (sigrdataset != NULL && DNS_TRUST_PENDING(sigrdataset->trust))) && !validate(client, db, fname, rdataset, sigrdataset) && - (client->query.dboptions & DNS_DBFIND_PENDINGOK) == 0) + !PENDINGOK(client->query.dboptions)) goto cleanup; - if ((rdataset->trust == dns_trust_glue || - (sigrdataset != NULL && sigrdataset->trust == dns_trust_glue)) && + if ((DNS_TRUST_GLUE(rdataset->trust) || + (sigrdataset != NULL && DNS_TRUST_GLUE(sigrdataset->trust))) && !validate(client, db, fname, rdataset, sigrdataset) && SECURE(client) && WANTDNSSEC(client)) goto cleanup; @@ -3716,6 +3718,8 @@ dns_rdataset_t *noqname; isc_boolean_t resuming; int line = -1; + dns_rdataset_t tmprdataset; + unsigned int dboptions; CTRACE("query_find"); @@ -3933,9 +3937,49 @@ /* * Now look for an answer in the database. */ + dboptions = client->query.dboptions; + if (sigrdataset == NULL && client->view->enablednssec) { + /* + * If the client doesn't want DNSSEC we still want to + * look for any data pending validation to save a remote + * lookup if possible. + */ + dns_rdataset_init(&tmprdataset); + sigrdataset = &tmprdataset; + dboptions |= DNS_DBFIND_PENDINGOK; + } + refind: result = dns_db_find(db, client->query.qname, version, type, - client->query.dboptions, client->now, - &node, fname, rdataset, sigrdataset); + dboptions, client->now, &node, fname, + rdataset, sigrdataset); + /* + * If we have found pending data try to validate it. + * If the data does not validate as secure and we can't + * use the unvalidated data requery the database with + * pending disabled to prevent infinite looping. + */ + if (result != ISC_R_SUCCESS || !DNS_TRUST_PENDING(rdataset->trust)) + goto validation_done; + if (validate(client, db, fname, rdataset, sigrdataset)) + goto validation_done; + if (rdataset->trust != dns_trust_pending_answer || + !PENDINGOK(client->query.dboptions)) { + dns_rdataset_disassociate(rdataset); + if (sigrdataset != NULL && + dns_rdataset_isassociated(sigrdataset)) + dns_rdataset_disassociate(sigrdataset); + if (sigrdataset == &tmprdataset) + sigrdataset = NULL; + dns_db_detachnode(db, &node); + dboptions &= ~DNS_DBFIND_PENDINGOK; + goto refind; + } + validation_done: + if (sigrdataset == &tmprdataset) { + if (dns_rdataset_isassociated(sigrdataset)) + dns_rdataset_disassociate(sigrdataset); + sigrdataset = NULL; + } resume: CTRACE("query_find: resume"); ==== //depot/projects/fdt/contrib/bind9/lib/dns/api#2 (text+ko) ==== @@ -1,3 +1,3 @@ -LIBINTERFACE = 52 +LIBINTERFACE = 53 LIBREVISION = 0 -LIBAGE = 2 +LIBAGE = 0 ==== //depot/projects/fdt/contrib/bind9/lib/dns/include/dns/types.h#2 (text+ko) ==== @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: types.h,v 1.130.50.3 2009/01/29 22:40:35 jinmei Exp $ */ +/* $Id: types.h,v 1.130.50.3.12.1 2009/11/18 23:58:04 marka Exp $ */ #ifndef DNS_TYPES_H #define DNS_TYPES_H 1 @@ -258,40 +258,52 @@ dns_trust_none = 0, #define dns_trust_none ((dns_trust_t)dns_trust_none) - /*% Subject to DNSSEC validation but has not yet been validated */ - dns_trust_pending = 1, -#define dns_trust_pending ((dns_trust_t)dns_trust_pending) + /*% + * Subject to DNSSEC validation but has not yet been validated + * dns_trust_pending_additional (from the additional section). + */ + dns_trust_pending_additional = 1, +#define dns_trust_pending_additional \ + ((dns_trust_t)dns_trust_pending_additional) + + dns_trust_pending_answer = 2, +#define dns_trust_pending_answer ((dns_trust_t)dns_trust_pending_answer) /*% Received in the additional section of a response. */ - dns_trust_additional = 2, + dns_trust_additional = 3, #define dns_trust_additional ((dns_trust_t)dns_trust_additional) /* Received in a referral response. */ - dns_trust_glue = 3, + dns_trust_glue = 4, #define dns_trust_glue ((dns_trust_t)dns_trust_glue) /* Answer from a non-authoritative server */ - dns_trust_answer = 4, + dns_trust_answer = 5, #define dns_trust_answer ((dns_trust_t)dns_trust_answer) /* Received in the authority section as part of an authoritative response */ - dns_trust_authauthority = 5, + dns_trust_authauthority = 6, #define dns_trust_authauthority ((dns_trust_t)dns_trust_authauthority) /* Answer from an authoritative server */ - dns_trust_authanswer = 6, + dns_trust_authanswer = 7, #define dns_trust_authanswer ((dns_trust_t)dns_trust_authanswer) /* Successfully DNSSEC validated */ - dns_trust_secure = 7, + dns_trust_secure = 8, #define dns_trust_secure ((dns_trust_t)dns_trust_secure) /* This server is authoritative */ - dns_trust_ultimate = 8 + dns_trust_ultimate = 9 #define dns_trust_ultimate ((dns_trust_t)dns_trust_ultimate) }; +#define DNS_TRUST_PENDING(x) ((x) == dns_trust_pending_answer || \ + (x) == dns_trust_pending_additional) +#define DNS_TRUST_GLUE(x) ((x) == dns_trust_glue) + + /*% * Name checking severities. */ ==== //depot/projects/fdt/contrib/bind9/lib/dns/masterdump.c#2 (text+ko) ==== @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: masterdump.c,v 1.94.50.2 2009/01/18 23:47:40 tbox Exp $ */ +/* $Id: masterdump.c,v 1.94.50.2.12.1 2009/11/18 23:58:04 marka Exp $ */ /*! \file */ @@ -775,7 +775,8 @@ static const char *trustnames[] = { "none", - "pending", + "pending-additional", + "pending-answer", "additional", "glue", "answer", ==== //depot/projects/fdt/contrib/bind9/lib/dns/rbtdb.c#2 (text+ko) ==== @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rbtdb.c,v 1.270.12.6 2009/05/06 23:34:30 jinmei Exp $ */ +/* $Id: rbtdb.c,v 1.270.12.6.10.1 2009/11/18 23:58:04 marka Exp $ */ /*! \file */ @@ -4005,7 +4005,7 @@ } if (dname_header != NULL && - (dname_header->trust != dns_trust_pending || + (!DNS_TRUST_PENDING(dname_header->trust) || (search->options & DNS_DBFIND_PENDINGOK) != 0)) { /* * We increment the reference count on node to ensure that @@ -4548,7 +4548,7 @@ if (found == NULL || (found->trust == dns_trust_glue && ((options & DNS_DBFIND_GLUEOK) == 0)) || - (found->trust == dns_trust_pending && + (DNS_TRUST_PENDING(found->trust) && ((options & DNS_DBFIND_PENDINGOK) == 0))) { /* * If there is an NS rdataset at this node, then this is the ==== //depot/projects/fdt/contrib/bind9/lib/dns/resolver.c#2 (text+ko) ==== @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: resolver.c,v 1.384.14.14 2009/06/02 23:47:13 tbox Exp $ */ +/* $Id: resolver.c,v 1.384.14.14.8.1 2009/11/18 23:58:04 marka Exp $ */ /*! \file */ @@ -4293,6 +4293,7 @@ * for it, unless it is glue. */ if (secure_domain && rdataset->trust != dns_trust_glue) { + dns_trust_t trust; /* * RRSIGs are validated as part of validating the * type they cover. @@ -4329,12 +4330,34 @@ } /* + * Reject out of bailiwick additional records + * without RRSIGs as they can't possibly validate + * as "secure" and as we will never never want to + * store these as "answers" after validation. + */ + if (rdataset->trust == dns_trust_additional && + sigrdataset == NULL && EXTERNAL(rdataset)) + continue; + + /* + * XXXMPA: If we store as "answer" after validating + * then we need to do bailiwick processing and + * also need to track whether RRsets are in or + * out of bailiwick. This will require a another + * pending trust level. + * * Cache this rdataset/sigrdataset pair as - * pending data. + * pending data. Track whether it was additional + * or not. */ - rdataset->trust = dns_trust_pending; + if (rdataset->trust == dns_trust_additional) + trust = dns_trust_pending_additional; + else + trust = dns_trust_pending_answer; + + rdataset->trust = trust; if (sigrdataset != NULL) - sigrdataset->trust = dns_trust_pending; + sigrdataset->trust = trust; if (!need_validation || !ANSWER(rdataset)) { addedrdataset = ardataset; result = dns_db_addrdataset(fctx->cache, node, @@ -4682,7 +4705,7 @@ for (trdataset = ISC_LIST_HEAD(tname->list); trdataset != NULL; trdataset = ISC_LIST_NEXT(trdataset, link)) - trdataset->trust = dns_trust_pending; + trdataset->trust = dns_trust_pending_answer; result = dns_message_nextname(fctx->rmessage, DNS_SECTION_AUTHORITY); } ==== //depot/projects/fdt/contrib/bind9/lib/dns/validator.c#2 (text+ko) ==== @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: validator.c,v 1.164.12.9 2009/05/07 23:47:12 tbox Exp $ */ +/* $Id: validator.c,v 1.164.12.9.8.1 2009/11/18 23:58:04 marka Exp $ */ #include <config.h> @@ -1607,7 +1607,7 @@ * We have an rrset for the given keyname. */ val->keyset = &val->frdataset; - if (val->frdataset.trust == dns_trust_pending && + if (DNS_TRUST_PENDING(val->frdataset.trust) && dns_rdataset_isassociated(&val->fsigrdataset)) { /* @@ -1622,7 +1622,7 @@ if (result != ISC_R_SUCCESS) return (result); return (DNS_R_WAIT); - } else if (val->frdataset.trust == dns_trust_pending) { + } else if (DNS_TRUST_PENDING(val->frdataset.trust)) { /* * Having a pending key with no signature means that * something is broken. @@ -2243,7 +2243,7 @@ * We have DS records. */ val->dsset = &val->frdataset; - if (val->frdataset.trust == dns_trust_pending && + if (DNS_TRUST_PENDING(val->frdataset.trust) && dns_rdataset_isassociated(&val->fsigrdataset)) { result = create_validator(val, @@ -2256,7 +2256,7 @@ if (result != ISC_R_SUCCESS) return (result); return (DNS_R_WAIT); - } else if (val->frdataset.trust == dns_trust_pending) { + } else if (DNS_TRUST_PENDING(val->frdataset.trust)) { /* * There should never be an unsigned DS. */ @@ -3337,7 +3337,7 @@ * There is no DS. If this is a delegation, * we maybe done. */ - if (val->frdataset.trust == dns_trust_pending) { + if (DNS_TRUST_PENDING(val->frdataset.trust)) { result = create_fetch(val, tname, dns_rdatatype_ds, dsfetched2, ==== //depot/projects/fdt/contrib/bind9/version#2 (text+ko) ==== @@ -1,4 +1,4 @@ -# $Id: version,v 1.43.12.5.8.1 2009/07/28 14:18:08 marka Exp $ +# $Id: version,v 1.43.12.5.8.2 2009/11/18 23:58:04 marka Exp $ # # This file must follow /bin/sh rules. It is imported directly via # configure. @@ -7,4 +7,4 @@ MINORVER=6 PATCHVER=1 RELEASETYPE=-P -RELEASEVER=1 +RELEASEVER=2 ==== //depot/projects/fdt/contrib/bsnmp/snmp_mibII/BEGEMOT-MIB2-MIB.txt#2 (text) ==== @@ -39,7 +39,7 @@ FROM BEGEMOT-IP-MIB; begemotMib2 MODULE-IDENTITY - LAST-UPDATED "200602130000Z" + LAST-UPDATED "200908030000Z" ORGANIZATION "German Aerospace Center" CONTACT-INFO " Hartmut Brandt @@ -54,6 +54,12 @@ E-mail: harti@freebsd.org" DESCRIPTION "The MIB for private mib2 stuff." + REVISION "200908030000Z" + DESCRIPTION + "Second edition adds begemotIfDataPoll object." + REVISION "200602130000Z" + DESCRIPTION + "Initial revision." ::= { begemotIp 1 } begemotIfMaxspeed OBJECT-TYPE @@ -87,4 +93,14 @@ bit rate in its MIB." ::= { begemotMib2 3 } +begemotIfDataPoll OBJECT-TYPE + SYNTAX TimeTicks + UNITS "deciseconds" + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The rate at which the mib2 module will poll interface data." + DEFVAL { 100 } + ::= { begemotMib2 4 } + END ==== //depot/projects/fdt/contrib/bsnmp/snmp_mibII/mibII.c#2 (text+ko) ==== @@ -117,6 +117,15 @@ /* HC update timer handle */ static void *hc_update_timer; +/* Idle poll timer */ +static void *mibII_poll_timer; + +/* interfaces' data poll interval */ +u_int mibII_poll_ticks; + +/* Idle poll hook */ +static void mibII_idle(void *arg __unused); + /*****************************/ static const struct asn_oid oid_ifMIB = OIDX_ifMIB; @@ -410,6 +419,20 @@ mibif_hc_update_interval = ticks; } +/** + * Restart the idle poll timer. + */ +void +mibif_restart_mibII_poll_timer(void) +{ + if (mibII_poll_timer != NULL) + timer_stop(mibII_poll_timer); + + if ((mibII_poll_timer = timer_start_repeat(mibII_poll_ticks * 10, + mibII_poll_ticks * 10, mibII_idle, NULL, module)) == NULL) + syslog(LOG_ERR, "timer_start(%u): %m", mibII_poll_ticks); +} + /* * Fetch new MIB data. */ @@ -1553,7 +1576,7 @@ * Idle function */ static void -mibII_idle(void) +mibII_idle(void *arg __unused) { struct mibifa *ifa; @@ -1608,6 +1631,10 @@ ipForward_reg = or_register(&oid_ipForward, "The MIB module for the display of CIDR multipath IP Routes.", module); + + mibII_poll_timer = NULL; + mibII_poll_ticks = MIBII_POLL_TICKS; + mibif_restart_mibII_poll_timer(); } /* @@ -1651,6 +1678,11 @@ static int mibII_fini(void) { + if (mibII_poll_timer != NULL ) { + timer_stop(mibII_poll_timer); + mibII_poll_timer = NULL; + } + if (route_fd != NULL) fd_deselect(route_fd); if (route != -1) @@ -1690,7 +1722,7 @@ "This module implements the interface and ip groups.", mibII_init, mibII_fini, - mibII_idle, /* idle */ + NULL, /* idle */ NULL, /* dump */ NULL, /* config */ mibII_start, ==== //depot/projects/fdt/contrib/bsnmp/snmp_mibII/mibII.h#2 (text+ko) ==== @@ -211,6 +211,14 @@ /* re-compute update interval */ void mibif_reset_hc_timer(void); +/* interfaces' data poll interval */ +extern u_int mibII_poll_ticks; + +/* restart the data poll timer */ +void mibif_restart_mibII_poll_timer(void); + +#define MIBII_POLL_TICKS 100 + /* get interfaces and interface addresses. */ void mib_fetch_interfaces(void); ==== //depot/projects/fdt/contrib/bsnmp/snmp_mibII/mibII_begemot.c#2 (text) ==== @@ -59,6 +59,11 @@ ctx->scratch->int1 = mibif_force_hc_update_interval; mibif_force_hc_update_interval = value->v.uint32; return (SNMP_ERR_NOERROR); + + case LEAF_begemotIfDataPoll: + ctx->scratch->int1 = mibII_poll_ticks; + mibII_poll_ticks = value->v.uint32; + return (SNMP_ERR_NOERROR); } abort(); @@ -68,6 +73,10 @@ case LEAF_begemotIfForcePoll: mibif_force_hc_update_interval = ctx->scratch->int1; return (SNMP_ERR_NOERROR); + + case LEAF_begemotIfDataPoll: + mibII_poll_ticks = ctx->scratch->int1; + return (SNMP_ERR_NOERROR); } abort(); @@ -78,6 +87,10 @@ mibif_force_hc_update_interval = ctx->scratch->int1; mibif_reset_hc_timer(); return (SNMP_ERR_NOERROR); + + case LEAF_begemotIfDataPoll: + mibif_restart_mibII_poll_timer(); + return (SNMP_ERR_NOERROR); } abort(); } @@ -98,6 +111,10 @@ case LEAF_begemotIfForcePoll: value->v.uint32 = mibif_force_hc_update_interval; return (SNMP_ERR_NOERROR); + + case LEAF_begemotIfDataPoll: + value->v.uint32 = mibII_poll_ticks; + return (SNMP_ERR_NOERROR); } abort(); } ==== //depot/projects/fdt/contrib/bsnmp/snmp_mibII/mibII_tree.def#2 (text+ko) ==== @@ -240,6 +240,7 @@ (1 begemotIfMaxspeed COUNTER64 op_begemot_mibII GET) (2 begemotIfPoll TIMETICKS op_begemot_mibII GET) (3 begemotIfForcePoll TIMETICKS op_begemot_mibII GET SET) + (4 begemotIfDataPoll TIMETICKS op_begemot_mibII GET SET) ) ) ) ==== //depot/projects/fdt/contrib/gcc/config/freebsd-spec.h#2 (text+ko) ==== @@ -18,7 +18,7 @@ the Free Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ -/* $FreeBSD: src/contrib/gcc/config/freebsd-spec.h,v 1.26 2009/07/14 21:19:13 kan Exp $ */ +/* $FreeBSD: src/contrib/gcc/config/freebsd-spec.h,v 1.27 2009/12/02 16:34:20 kib Exp $ */ /* Common FreeBSD configuration. All FreeBSD architectures should include this file, which will specify @@ -103,9 +103,10 @@ %{p:gcrt1.o%s} \ %{!p: \ %{profile:gcrt1.o%s} \ - %{!profile:crt1.o%s}}}} \ + %{!profile: \ + %{pie: Scrt1.o%s;:crt1.o%s}}}}} \ crti.o%s \ - %{static:crtbeginT.o%s;shared:crtbeginS.o%s;:crtbegin.o%s}" + %{static:crtbeginT.o%s;shared|pie:crtbeginS.o%s;:crtbegin.o%s}" /* Provide an ENDFILE_SPEC appropriate for FreeBSD/i386. Here we tack on our own magical crtend.o file (see crtstuff.c) which provides part of @@ -113,8 +114,7 @@ entering `main', followed by the normal "finalizer" file, `crtn.o'. */ #define FBSD_ENDFILE_SPEC "\ - %{!shared:crtend.o%s} \ - %{shared:crtendS.o%s} \ + %{shared|pie:crtendS.o%s;:crtend.o%s} \ crtn.o%s " /* Provide a LIB_SPEC appropriate for FreeBSD as configured and as ==== //depot/projects/fdt/contrib/groff/tmac/doc-syms#2 (text+ko) ==== @@ -777,6 +777,7 @@ .ds doc-str-Lb-librt \*[Px] \*[doc-str-Lb]Real-time Library (librt, \-lrt) .ds doc-str-Lb-libtermcap Termcap Access Library (libtermcap, \-ltermcap) .ds doc-str-Lb-libusbhid USB Human Interface Devices Library (libusbhid, \-lusbhid) +.ds doc-str-Lb-libulog User Login Record Library (libulog, \-lulog) .ds doc-str-Lb-libutil System Utilities Library (libutil, \-lutil) .ds doc-str-Lb-libx86_64 x86_64 Architecture Library (libx86_64, \-lx86_64) .ds doc-str-Lb-libz Compression Library (libz, \-lz) ==== //depot/projects/fdt/contrib/ntp/ntpd/ntp_io.c#2 (text+ko) ==== @@ -65,6 +65,12 @@ #endif /* IPV6 Multicast Support */ #endif /* IPv6 Support */ +#ifdef INCLUDE_IPV6_SUPPORT +#include <netinet/in.h> +#include <net/if_var.h> +#include <netinet/in_var.h> +#endif /* !INCLUDE_IPV6_SUPPORT */ + extern int listen_to_virtual_ips; extern const char *specific_interface; @@ -1137,6 +1143,36 @@ >>> TRUNCATED FOR MAIL (1000 lines) <<<home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200912032040.nB3KexFh084511>