From 6fa65ad99d3632cd4d340f3df4896cdb9e9688ecd30f0cb00c67f1db464d98e9 Mon Sep 17 00:00:00 2001
From: Reinhard Max <max@suse.com>
Date: Tue, 21 Jan 2014 17:29:39 +0000
Subject: [PATCH] unfuzz rpz2-9.9.4.patch

OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=135
---
 rpz2-9.9.4.patch | 303 ++++++++++++++++++++++++++---------------------
 1 file changed, 168 insertions(+), 135 deletions(-)

diff --git a/rpz2-9.9.4.patch b/rpz2-9.9.4.patch
index cea3701..6726bf4 100644
--- a/rpz2-9.9.4.patch
+++ b/rpz2-9.9.4.patch
@@ -1,6 +1,7 @@
-diff -r -u bin/named/query.c-orig bin/named/query.c
---- bin/named/query.c-orig	2004-01-01 00:00:00.000000000 +0000
-+++ bin/named/query.c	2004-01-01 00:00:00.000000000 +0000
+Index: bin/named/query.c
+===================================================================
+--- bin/named/query.c.orig	2013-12-20 01:28:28.000000000 +0100
++++ bin/named/query.c	2014-01-21 17:56:13.516661510 +0100
 @@ -879,11 +879,11 @@
  static void
  rpz_log_rewrite(ns_client_t *client, isc_boolean_t disabled,
@@ -828,8 +829,6 @@ diff -r -u bin/named/query.c-orig bin/named/query.c
 -			result = dns_name_concatenate(prefix, suffix,
 -						      rpz_qname, NULL);
 -			if (result == ISC_R_SUCCESS)
--				break;
--			INSIST(result == DNS_R_NAMETOOLONG);
 +		dns_fixedname_init(&p_namef);
 +		p_name = dns_fixedname_name(&p_namef);
 +		result = rpz_get_p_name(client, p_name, rpz, rpz_type, ip_name);
@@ -841,24 +840,12 @@ diff -r -u bin/named/query.c-orig bin/named/query.c
 +				    p_rdatasetp, &policy);
 +		switch (result) {
 +		case DNS_R_NXDOMAIN:
- 			/*
--			 * Trim the name until it is not too long.
++			/*
 +			 * Continue after a policy record that is missing
 +			 * contrary to the summary data.  The summary
 +			 * data can out of date during races with and among
 +			 * policy zone updates.
- 			 */
--			labels = dns_name_countlabels(prefix);
--			if (labels < 2) {
--				rpz_log_fail(client, DNS_RPZ_ERROR_LEVEL,
--					     rpz_type, suffix,
--					     "concatentate() ", result);
--				return (ISC_R_SUCCESS);
--			}
--			if (labels+1 == dns_name_countlabels(qname)) {
--				rpz_log_fail(client, DNS_RPZ_DEBUG_LEVEL1,
--					     rpz_type, suffix,
--					     "concatentate() ", result);
++			 */
 +			continue;
 +		case DNS_R_SERVFAIL:
 +			rpz_clean(&p_zone, &p_db, &p_node, p_rdatasetp);
@@ -888,13 +875,26 @@ diff -r -u bin/named/query.c-orig bin/named/query.c
 +			     (st->m.type == rpz_type &&
 +			      st->m.prefix == prefix &&
 +			      0 > dns_name_rdatacompare(st->p_name, p_name)))
-+				break;
+ 				break;
+-			INSIST(result == DNS_R_NAMETOOLONG);
 +
-+			/*
+ 			/*
+-			 * Trim the name until it is not too long.
 +			 * Stop checking after saving an enabled hit in this
 +			 * policy zone.  The radix tree in the policy zone
 +			 * ensures that we found the longest match.
-+			 */
+ 			 */
+-			labels = dns_name_countlabels(prefix);
+-			if (labels < 2) {
+-				rpz_log_fail(client, DNS_RPZ_ERROR_LEVEL,
+-					     rpz_type, suffix,
+-					     "concatentate() ", result);
+-				return (ISC_R_SUCCESS);
+-			}
+-			if (labels+1 == dns_name_countlabels(qname)) {
+-				rpz_log_fail(client, DNS_RPZ_DEBUG_LEVEL1,
+-					     rpz_type, suffix,
+-					     "concatentate() ", result);
 +			if (rpz->policy != DNS_RPZ_POLICY_DISABLED) {
 +				rpz_save_p(st, rpz, rpz_type,
 +					   policy, p_name, prefix, result,
@@ -1425,12 +1425,10 @@ diff -r -u bin/named/query.c-orig bin/named/query.c
 +			st->r.label = dns_name_countlabels(client->query.qname);
 +			st->state &= ~(DNS_RPZ_DONE_QNAME_IP |
 +				       DNS_RPZ_DONE_IPv4);
- 
--		st->r.label = dns_name_countlabels(client->query.qname);
++
 +		}
  
--		st->state &= ~(DNS_RPZ_DONE_QNAME_IP | DNS_RPZ_DONE_IPv4);
--		st->state |= DNS_RPZ_DONE_QNAME;
+-		st->r.label = dns_name_countlabels(client->query.qname);
 +		/*
 +		 * Quit if this was an attempt to find a qname or
 +		 * client-IP trigger before recursion.
@@ -1445,7 +1443,9 @@ diff -r -u bin/named/query.c-orig bin/named/query.c
 +		 */
 +		if (qresult_type == 2)
 +			goto cleanup;
-+
+ 
+-		st->state &= ~(DNS_RPZ_DONE_QNAME_IP | DNS_RPZ_DONE_IPv4);
+-		st->state |= DNS_RPZ_DONE_QNAME;
 +		/*
 +		 * DNS_RPZ_DONE_QNAME but not DNS_RPZ_DONE_CLIENT_IP
 +		 * is reset at the end of dealing with each CNAME.
@@ -1636,7 +1636,7 @@ diff -r -u bin/named/query.c-orig bin/named/query.c
  	ns_client_qnamereplace(client, fname);
  	/*
  	 * Turn off DNSSEC because the results of a
-@@ -5992,13 +6372,15 @@
+@@ -5997,13 +6377,15 @@
  	}
  #endif /* USE_RRL */
  
@@ -1655,7 +1655,7 @@ diff -r -u bin/named/query.c-orig bin/named/query.c
  		isc_result_t rresult;
  
  		rresult = rpz_rewrite(client, qtype, result, resuming);
-@@ -6036,12 +6418,17 @@
+@@ -6041,12 +6423,17 @@
  			rpz_st->state |= DNS_RPZ_REWRITTEN;
  		if (rpz_st->m.policy != DNS_RPZ_POLICY_MISS &&
  		    rpz_st->m.policy != DNS_RPZ_POLICY_PASSTHRU &&
@@ -1678,7 +1678,7 @@ diff -r -u bin/named/query.c-orig bin/named/query.c
  			rpz_clean(&zone, &db, &node, NULL);
  			if (rpz_st->m.rdataset != NULL) {
  				query_putrdataset(client, &rdataset);
-@@ -6061,6 +6448,27 @@
+@@ -6066,6 +6453,27 @@
  			rpz_st->m.zone = NULL;
  
  			switch (rpz_st->m.policy) {
@@ -1706,7 +1706,7 @@ diff -r -u bin/named/query.c-orig bin/named/query.c
  			case DNS_RPZ_POLICY_NXDOMAIN:
  				result = DNS_R_NXDOMAIN;
  				break;
-@@ -6073,8 +6481,8 @@
+@@ -6078,8 +6486,8 @@
  				    result != DNS_R_CNAME) {
  					/*
  					 * We will add all of the rdatasets of
@@ -1717,7 +1717,7 @@ diff -r -u bin/named/query.c-orig bin/named/query.c
  					 */
  					if (dns_rdataset_isassociated(rdataset))
  					    dns_rdataset_disassociate(rdataset);
-@@ -6129,7 +6537,7 @@
+@@ -6134,7 +6542,7 @@
  			rpz_st->q.is_zone = is_zone;
  			is_zone = ISC_TRUE;
  			rpz_log_rewrite(client, ISC_FALSE, rpz_st->m.policy,
@@ -1726,9 +1726,10 @@ diff -r -u bin/named/query.c-orig bin/named/query.c
  		}
  	}
  
-diff -r -u bin/named/server.c-orig bin/named/server.c
---- bin/named/server.c-orig	2004-01-01 00:00:00.000000000 +0000
-+++ bin/named/server.c	2004-01-01 00:00:00.000000000 +0000
+Index: bin/named/server.c
+===================================================================
+--- bin/named/server.c.orig	2013-12-20 01:28:28.000000000 +0100
++++ bin/named/server.c	2014-01-21 17:56:13.518661534 +0100
 @@ -375,7 +375,8 @@
  static isc_result_t
  configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig,
@@ -2181,9 +2182,10 @@ diff -r -u bin/named/server.c-orig bin/named/server.c
  	dns_view_freeze(view);
  	isc_task_endexclusive(server->task);
  	if (result != ISC_R_SUCCESS)
-diff -r -u bin/tests/system/rpz/Makefile-orig bin/tests/system/rpz/Makefile
---- bin/tests/system/rpz/Makefile-orig	2004-01-01 00:00:00.000000000 +0000
-+++ bin/tests/system/rpz/Makefile	2004-01-01 00:00:00.000000000 +0000
+Index: bin/tests/system/rpz/Makefile
+===================================================================
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
++++ bin/tests/system/rpz/Makefile	2014-01-21 17:56:13.519661546 +0100
 @@ -0,0 +1,478 @@
 +# Copyright (C) 2011-2013  Internet Systems Consortium, Inc. ("ISC")
 +#
@@ -2663,9 +2665,10 @@ diff -r -u bin/tests/system/rpz/Makefile-orig bin/tests/system/rpz/Makefile
 +    /usr/include/stdio.h /usr/include/string.h /usr/include/strings.h
 +
 +# IF YOU PUT ANYTHING HERE IT WILL GO AWAY
-diff -r -u bin/tests/system/rpz/clean.sh-orig bin/tests/system/rpz/clean.sh
---- bin/tests/system/rpz/clean.sh-orig	2004-01-01 00:00:00.000000000 +0000
-+++ bin/tests/system/rpz/clean.sh	2004-01-01 00:00:00.000000000 +0000
+Index: bin/tests/system/rpz/clean.sh
+===================================================================
+--- bin/tests/system/rpz/clean.sh.orig	2013-12-20 01:28:28.000000000 +0100
++++ bin/tests/system/rpz/clean.sh	2014-01-21 17:56:13.519661546 +0100
 @@ -19,7 +19,7 @@
  # Clean up after rpz tests.
  
@@ -2675,9 +2678,10 @@ diff -r -u bin/tests/system/rpz/clean.sh-orig bin/tests/system/rpz/clean.sh
  rm -f ns3/bl*.db ns*/*switch ns5/requests ns5/example.db ns5/bl.db ns5/*.perf
  rm -f */named.memstats */named.run */named.stats */session.key
  rm -f */*.jnl */*.core */*.pid
-diff -r -u bin/tests/system/rpz/ns1/root.db-orig bin/tests/system/rpz/ns1/root.db
---- bin/tests/system/rpz/ns1/root.db-orig	2004-01-01 00:00:00.000000000 +0000
-+++ bin/tests/system/rpz/ns1/root.db	2004-01-01 00:00:00.000000000 +0000
+Index: bin/tests/system/rpz/ns1/root.db
+===================================================================
+--- bin/tests/system/rpz/ns1/root.db.orig	2013-12-20 01:28:28.000000000 +0100
++++ bin/tests/system/rpz/ns1/root.db	2014-01-21 17:56:13.519661546 +0100
 @@ -38,3 +38,6 @@
  ; performance test
  tld5.		NS	ns.tld5.
@@ -2685,9 +2689,10 @@ diff -r -u bin/tests/system/rpz/ns1/root.db-orig bin/tests/system/rpz/ns1/root.d
 +
 +; generate SERVFAIL
 +servfail	NS	ns.tld2.
-diff -r -u bin/tests/system/rpz/ns2/bl.tld2.db-orig bin/tests/system/rpz/ns2/bl.tld2.db
---- bin/tests/system/rpz/ns2/bl.tld2.db-orig	2004-01-01 00:00:00.000000000 +0000
-+++ bin/tests/system/rpz/ns2/bl.tld2.db	2004-01-01 00:00:00.000000000 +0000
+Index: bin/tests/system/rpz/ns2/bl.tld2.db
+===================================================================
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
++++ bin/tests/system/rpz/ns2/bl.tld2.db	2014-01-21 17:56:13.519661546 +0100
 @@ -0,0 +1,27 @@
 +; Copyright (C) 2013  Internet Systems Consortium, Inc. ("ISC")
 +;
@@ -2716,9 +2721,10 @@ diff -r -u bin/tests/system/rpz/ns2/bl.tld2.db-orig bin/tests/system/rpz/ns2/bl.
 +		A	10.53.0.3
 +
 +32.1.7.168.192.rpz-ip	 CNAME	.
-diff -r -u bin/tests/system/rpz/ns2/named.conf-orig bin/tests/system/rpz/ns2/named.conf
---- bin/tests/system/rpz/ns2/named.conf-orig	2004-01-01 00:00:00.000000000 +0000
-+++ bin/tests/system/rpz/ns2/named.conf	2004-01-01 00:00:00.000000000 +0000
+Index: bin/tests/system/rpz/ns2/named.conf
+===================================================================
+--- bin/tests/system/rpz/ns2/named.conf.orig	2013-12-20 01:28:28.000000000 +0100
++++ bin/tests/system/rpz/ns2/named.conf	2014-01-21 17:56:13.519661546 +0100
 @@ -32,14 +32,6 @@
  	notify no;
  };
@@ -2740,9 +2746,10 @@ diff -r -u bin/tests/system/rpz/ns2/named.conf-orig bin/tests/system/rpz/ns2/nam
  
 -zone "bl.tld2."		    {type master; file "bl.tld2.db"; notify yes; notify-delay 1;};
 +zone "bl.tld2."		    {type master; file "bl.tld2.db";};
-diff -r -u bin/tests/system/rpz/ns2/tld2.db-orig bin/tests/system/rpz/ns2/tld2.db
---- bin/tests/system/rpz/ns2/tld2.db-orig	2004-01-01 00:00:00.000000000 +0000
-+++ bin/tests/system/rpz/ns2/tld2.db	2004-01-01 00:00:00.000000000 +0000
+Index: bin/tests/system/rpz/ns2/tld2.db
+===================================================================
+--- bin/tests/system/rpz/ns2/tld2.db.orig	2013-12-20 01:28:28.000000000 +0100
++++ bin/tests/system/rpz/ns2/tld2.db	2014-01-21 17:56:13.519661546 +0100
 @@ -111,6 +111,9 @@
  		A	192.168.5.2
  		TXT	"a5-1-2 tld2 text"
@@ -2753,9 +2760,10 @@ diff -r -u bin/tests/system/rpz/ns2/tld2.db-orig bin/tests/system/rpz/ns2/tld2.d
  a5-3		A	192.168.5.3
  		TXT	"a5-3 tld2 text"
  
-diff -r -u bin/tests/system/rpz/ns3/base.db-orig bin/tests/system/rpz/ns3/base.db
---- bin/tests/system/rpz/ns3/base.db-orig	2004-01-01 00:00:00.000000000 +0000
-+++ bin/tests/system/rpz/ns3/base.db	2004-01-01 00:00:00.000000000 +0000
+Index: bin/tests/system/rpz/ns3/base.db
+===================================================================
+--- bin/tests/system/rpz/ns3/base.db.orig	2013-12-20 01:28:28.000000000 +0100
++++ bin/tests/system/rpz/ns3/base.db	2014-01-21 17:56:13.519661546 +0100
 @@ -21,30 +21,7 @@
  ;   Its contents are also changed with nsupdate
  
@@ -2789,9 +2797,10 @@ diff -r -u bin/tests/system/rpz/ns3/base.db-orig bin/tests/system/rpz/ns3/base.d
 -; (or whatever) is available by publishing "foo A 10.2.3.4" and then
 -; resolving foo.
 -32.3.2.1.127.rpz-ip					CNAME	walled.invalid.
-diff -r -u bin/tests/system/rpz/ns3/named.conf-orig bin/tests/system/rpz/ns3/named.conf
---- bin/tests/system/rpz/ns3/named.conf-orig	2004-01-01 00:00:00.000000000 +0000
-+++ bin/tests/system/rpz/ns3/named.conf	2004-01-01 00:00:00.000000000 +0000
+Index: bin/tests/system/rpz/ns3/named.conf
+===================================================================
+--- bin/tests/system/rpz/ns3/named.conf.orig	2013-12-20 01:28:28.000000000 +0100
++++ bin/tests/system/rpz/ns3/named.conf	2014-01-21 17:56:13.520661557 +0100
 @@ -46,20 +46,24 @@
  	    zone "bl-cname"	policy cname txt-only.tld2.;
  	    zone "bl-wildcname"	policy cname *.tld4.;
@@ -2835,17 +2844,19 @@ diff -r -u bin/tests/system/rpz/ns3/named.conf-orig bin/tests/system/rpz/ns3/nam
  
  zone "crash1.tld2"	{type master; file "crash1";};
  zone "crash2.tld3."	{type master; file "crash2";};
-diff -r -u bin/tests/system/rpz/ns5/named.args-orig bin/tests/system/rpz/ns5/named.args
---- bin/tests/system/rpz/ns5/named.args-orig	2004-01-01 00:00:00.000000000 +0000
-+++ bin/tests/system/rpz/ns5/named.args	2004-01-01 00:00:00.000000000 +0000
+Index: bin/tests/system/rpz/ns5/named.args
+===================================================================
+--- bin/tests/system/rpz/ns5/named.args.orig	2013-12-20 01:28:28.000000000 +0100
++++ bin/tests/system/rpz/ns5/named.args	2014-01-21 17:56:13.520661557 +0100
 @@ -1,3 +1,3 @@
  # run the performace test close to real life
  
 --c named.conf -g
 +-c named.conf -gd3
-diff -r -u bin/tests/system/rpz/ns5/named.conf-orig bin/tests/system/rpz/ns5/named.conf
---- bin/tests/system/rpz/ns5/named.conf-orig	2004-01-01 00:00:00.000000000 +0000
-+++ bin/tests/system/rpz/ns5/named.conf	2004-01-01 00:00:00.000000000 +0000
+Index: bin/tests/system/rpz/ns5/named.conf
+===================================================================
+--- bin/tests/system/rpz/ns5/named.conf.orig	2013-12-20 01:28:28.000000000 +0100
++++ bin/tests/system/rpz/ns5/named.conf	2014-01-21 17:56:13.520661557 +0100
 @@ -40,7 +40,7 @@
  
  key rndc_key {
@@ -2876,9 +2887,10 @@ diff -r -u bin/tests/system/rpz/ns5/named.conf-orig bin/tests/system/rpz/ns5/nam
 +zone "bl17."		{type master; file "bl.db"; };
 +zone "bl18."		{type master; file "bl.db"; };
 +zone "bl19."		{type master; file "bl.db"; };
-diff -r -u bin/tests/system/rpz/ns5/tld5.db-orig bin/tests/system/rpz/ns5/tld5.db
---- bin/tests/system/rpz/ns5/tld5.db-orig	2004-01-01 00:00:00.000000000 +0000
-+++ bin/tests/system/rpz/ns5/tld5.db	2004-01-01 00:00:00.000000000 +0000
+Index: bin/tests/system/rpz/ns5/tld5.db
+===================================================================
+--- bin/tests/system/rpz/ns5/tld5.db.orig	2013-12-20 01:28:28.000000000 +0100
++++ bin/tests/system/rpz/ns5/tld5.db	2014-01-21 17:56:13.520661557 +0100
 @@ -22,42 +22,10 @@
  	NS	ns1
  	NS	ns2
@@ -2922,9 +2934,10 @@ diff -r -u bin/tests/system/rpz/ns5/tld5.db-orig bin/tests/system/rpz/ns5/tld5.d
  
  
  $ORIGIN	example.tld5.
-diff -r -u bin/tests/system/rpz/setup.sh-orig bin/tests/system/rpz/setup.sh
---- bin/tests/system/rpz/setup.sh-orig	2004-01-01 00:00:00.000000000 +0000
-+++ bin/tests/system/rpz/setup.sh	2004-01-01 00:00:00.000000000 +0000
+Index: bin/tests/system/rpz/setup.sh
+===================================================================
+--- bin/tests/system/rpz/setup.sh.orig	2013-12-20 01:28:28.000000000 +0100
++++ bin/tests/system/rpz/setup.sh	2014-01-21 17:56:13.520661557 +0100
 @@ -26,11 +26,13 @@
  
  sh clean.sh
@@ -3012,9 +3025,10 @@ diff -r -u bin/tests/system/rpz/setup.sh-orig bin/tests/system/rpz/setup.sh
  	}' >ns5/requests
 -
 -cp ns2/bl.tld2.db.in ns2/bl.tld2.db
-diff -r -u bin/tests/system/rpz/test1-orig bin/tests/system/rpz/test1
---- bin/tests/system/rpz/test1-orig	2004-01-01 00:00:00.000000000 +0000
-+++ bin/tests/system/rpz/test1	2004-01-01 00:00:00.000000000 +0000
+Index: bin/tests/system/rpz/test1
+===================================================================
+--- bin/tests/system/rpz/test1.orig	2013-12-20 01:28:28.000000000 +0100
++++ bin/tests/system/rpz/test1	2014-01-21 17:56:13.520661557 +0100
 @@ -24,13 +24,13 @@
  ; QNAME tests
  
@@ -3058,9 +3072,10 @@ diff -r -u bin/tests/system/rpz/test1-orig bin/tests/system/rpz/test1
 +;	34 qname-wait-recurse yes
 +update add  x.servfail.bl.	300 A	127.0.0.34
  send
-diff -r -u bin/tests/system/rpz/test2-orig bin/tests/system/rpz/test2
---- bin/tests/system/rpz/test2-orig	2004-01-01 00:00:00.000000000 +0000
-+++ bin/tests/system/rpz/test2	2004-01-01 00:00:00.000000000 +0000
+Index: bin/tests/system/rpz/test2
+===================================================================
+--- bin/tests/system/rpz/test2.orig	2013-12-20 01:28:28.000000000 +0100
++++ bin/tests/system/rpz/test2	2014-01-21 17:56:13.520661557 +0100
 @@ -58,7 +58,7 @@
  send
  
@@ -3079,9 +3094,10 @@ diff -r -u bin/tests/system/rpz/test2-orig bin/tests/system/rpz/test2
 +;	17
 +update add 32.1.0.53.10.rpz-client-ip.bl 300 A	127.0.0.17
 +send
-diff -r -u bin/tests/system/rpz/test5-orig bin/tests/system/rpz/test5
---- bin/tests/system/rpz/test5-orig	2004-01-01 00:00:00.000000000 +0000
-+++ bin/tests/system/rpz/test5	2004-01-01 00:00:00.000000000 +0000
+Index: bin/tests/system/rpz/test5
+===================================================================
+--- bin/tests/system/rpz/test5.orig	2013-12-20 01:28:28.000000000 +0100
++++ bin/tests/system/rpz/test5	2014-01-21 17:56:13.520661557 +0100
 @@ -35,10 +35,8 @@
  ;	4
  update add  a3-4.tld2.bl-disabled.  300 A 127.0.0.4
@@ -3104,9 +3120,10 @@ diff -r -u bin/tests/system/rpz/test5-orig bin/tests/system/rpz/test5
 +;	19
 +update add  a3-19.tld2.bl-tcp-only. 300 A 127.0.0.19
 +send
-diff -r -u bin/tests/system/rpz/test6-orig bin/tests/system/rpz/test6
---- bin/tests/system/rpz/test6-orig	2004-01-01 00:00:00.000000000 +0000
-+++ bin/tests/system/rpz/test6	2004-01-01 00:00:00.000000000 +0000
+Index: bin/tests/system/rpz/test6
+===================================================================
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
++++ bin/tests/system/rpz/test6	2014-01-21 17:56:13.521661569 +0100
 @@ -0,0 +1,40 @@
 +; Copyright (C) 2011-2013  Internet Systems Consortium, Inc. ("ISC")
 +;
@@ -3148,9 +3165,10 @@ diff -r -u bin/tests/system/rpz/test6-orig bin/tests/system/rpz/test6
 +update add  *.credirect.bl.	300 CNAME	google.com.
 +;
 +send
-diff -r -u bin/tests/system/rpz/tests.sh-orig bin/tests/system/rpz/tests.sh
---- bin/tests/system/rpz/tests.sh-orig	2004-01-01 00:00:00.000000000 +0000
-+++ bin/tests/system/rpz/tests.sh	2004-01-01 00:00:00.000000000 +0000
+Index: bin/tests/system/rpz/tests.sh
+===================================================================
+--- bin/tests/system/rpz/tests.sh.orig	2013-12-20 01:28:28.000000000 +0100
++++ bin/tests/system/rpz/tests.sh	2014-01-21 17:56:13.521661569 +0100
 @@ -21,15 +21,15 @@
  . $SYSTEMTESTTOP/conf.sh
  
@@ -3500,9 +3518,10 @@ diff -r -u bin/tests/system/rpz/tests.sh-orig bin/tests/system/rpz/tests.sh
  
  # restart the main test RPZ server to see if that creates a core file
  if test -z "$HAVE_CORE"; then
-diff -r -u doc/arm/Bv9ARM-book.xml-orig doc/arm/Bv9ARM-book.xml
---- doc/arm/Bv9ARM-book.xml-orig	2004-01-01 00:00:00.000000000 +0000
-+++ doc/arm/Bv9ARM-book.xml	2004-01-01 00:00:00.000000000 +0000
+Index: doc/arm/Bv9ARM-book.xml
+===================================================================
+--- doc/arm/Bv9ARM-book.xml.orig	2013-12-20 01:28:28.000000000 +0100
++++ doc/arm/Bv9ARM-book.xml	2014-01-21 17:56:13.524661605 +0100
 @@ -4870,7 +4870,7 @@
  	<optional> min-table-size <replaceable>number</replaceable> ; </optional>
        } ; </optional>
@@ -4022,9 +4041,10 @@ diff -r -u doc/arm/Bv9ARM-book.xml-orig doc/arm/Bv9ARM-book.xml
  </programlisting>
            <para>
              RPZ can affect server performance.
-diff -r -u lib/dns/db.c-orig lib/dns/db.c
---- lib/dns/db.c-orig	2004-01-01 00:00:00.000000000 +0000
-+++ lib/dns/db.c	2004-01-01 00:00:00.000000000 +0000
+Index: lib/dns/db.c
+===================================================================
+--- lib/dns/db.c.orig	2013-12-20 01:28:28.000000000 +0100
++++ lib/dns/db.c	2014-01-21 17:56:13.525661616 +0100
 @@ -1007,21 +1007,23 @@
  		(db->methods->resigned)(db, rdataset, version);
  }
@@ -4064,9 +4084,10 @@ diff -r -u lib/dns/db.c-orig lib/dns/db.c
 +		return (ISC_R_SUCCESS);
 +	return ((db->methods->rpz_ready)(db));
  }
-diff -r -u lib/dns/ecdb.c-orig lib/dns/ecdb.c
---- lib/dns/ecdb.c-orig	2004-01-01 00:00:00.000000000 +0000
-+++ lib/dns/ecdb.c	2004-01-01 00:00:00.000000000 +0000
+Index: lib/dns/ecdb.c
+===================================================================
+--- lib/dns/ecdb.c.orig	2013-12-20 01:28:28.000000000 +0100
++++ lib/dns/ecdb.c	2014-01-21 17:56:13.525661616 +0100
 @@ -582,8 +582,8 @@
  	NULL,			/* resigned */
  	NULL,			/* isdnssec */
@@ -4078,9 +4099,10 @@ diff -r -u lib/dns/ecdb.c-orig lib/dns/ecdb.c
  	NULL,			/* findnodeext */
  	NULL			/* findext */
  };
-diff -r -u lib/dns/include/dns/db.h-orig lib/dns/include/dns/db.h
---- lib/dns/include/dns/db.h-orig	2004-01-01 00:00:00.000000000 +0000
-+++ lib/dns/include/dns/db.h	2004-01-01 00:00:00.000000000 +0000
+Index: lib/dns/include/dns/db.h
+===================================================================
+--- lib/dns/include/dns/db.h.orig	2013-12-20 01:28:28.000000000 +0100
++++ lib/dns/include/dns/db.h	2014-01-21 17:56:13.525661616 +0100
 @@ -172,14 +172,9 @@
  					   dns_dbversion_t *version);
  	isc_boolean_t	(*isdnssec)(dns_db_t *db);
@@ -4138,9 +4160,10 @@ diff -r -u lib/dns/include/dns/db.h-orig lib/dns/include/dns/db.h
   */
  
  ISC_LANG_ENDDECLS
-diff -r -u lib/dns/include/dns/rpz.h-orig lib/dns/include/dns/rpz.h
---- lib/dns/include/dns/rpz.h-orig	2004-01-01 00:00:00.000000000 +0000
-+++ lib/dns/include/dns/rpz.h	2004-01-01 00:00:00.000000000 +0000
+Index: lib/dns/include/dns/rpz.h
+===================================================================
+--- lib/dns/include/dns/rpz.h.orig	2013-12-20 01:28:28.000000000 +0100
++++ lib/dns/include/dns/rpz.h	2014-01-21 17:56:13.526661629 +0100
 @@ -25,19 +25,31 @@
  #include <dns/fixedname.h>
  #include <dns/rdata.h>
@@ -4455,9 +4478,10 @@ diff -r -u lib/dns/include/dns/rpz.h-orig lib/dns/include/dns/rpz.h
  
  ISC_LANG_ENDDECLS
  
-diff -r -u lib/dns/include/dns/view.h-orig lib/dns/include/dns/view.h
---- lib/dns/include/dns/view.h-orig	2004-01-01 00:00:00.000000000 +0000
-+++ lib/dns/include/dns/view.h	2004-01-01 00:00:00.000000000 +0000
+Index: lib/dns/include/dns/view.h
+===================================================================
+--- lib/dns/include/dns/view.h.orig	2013-12-20 01:28:28.000000000 +0100
++++ lib/dns/include/dns/view.h	2014-01-21 17:56:13.526661629 +0100
 @@ -164,10 +164,7 @@
  	dns_acl_t *			v4_aaaa_acl;
  	dns_dns64list_t 		dns64;
@@ -4470,9 +4494,10 @@ diff -r -u lib/dns/include/dns/view.h-orig lib/dns/include/dns/view.h
  
  	/*
  	 * Configurable data for server use only,
-diff -r -u lib/dns/include/dns/zone.h-orig lib/dns/include/dns/zone.h
---- lib/dns/include/dns/zone.h-orig	2004-01-01 00:00:00.000000000 +0000
-+++ lib/dns/include/dns/zone.h	2004-01-01 00:00:00.000000000 +0000
+Index: lib/dns/include/dns/zone.h
+===================================================================
+--- lib/dns/include/dns/zone.h.orig	2013-12-20 01:28:28.000000000 +0100
++++ lib/dns/include/dns/zone.h	2014-01-21 17:56:13.526661629 +0100
 @@ -2081,19 +2081,20 @@
   */
  
@@ -4498,9 +4523,10 @@ diff -r -u lib/dns/include/dns/zone.h-orig lib/dns/include/dns/zone.h
  
  void
  dns_zone_setstatlevel(dns_zone_t *zone, dns_zonestat_level_t level);
-diff -r -u lib/dns/rbtdb.c-orig lib/dns/rbtdb.c
---- lib/dns/rbtdb.c-orig	2004-01-01 00:00:00.000000000 +0000
-+++ lib/dns/rbtdb.c	2004-01-01 00:00:00.000000000 +0000
+Index: lib/dns/rbtdb.c
+===================================================================
+--- lib/dns/rbtdb.c.orig	2013-12-20 01:28:28.000000000 +0100
++++ lib/dns/rbtdb.c	2014-01-21 17:56:13.528661652 +0100
 @@ -453,7 +453,9 @@
  	dns_rbt_t *                     tree;
  	dns_rbt_t *			nsec;
@@ -4698,12 +4724,12 @@ diff -r -u lib/dns/rbtdb.c-orig lib/dns/rbtdb.c
 -		default:
 -			continue;
 -		}
--
+ 
 -		result = dns_rpz_cidr_find(rbtdb->rpz_cidr, &netaddr, rpz_type,
 -					   selfname, qname, &prefix);
 -		if (result != ISC_R_SUCCESS)
 -			continue;
- 
+-
 -		/*
 -		 * If we already have a rule, discard this new rule if
 -		 * is not better.
@@ -4896,9 +4922,10 @@ diff -r -u lib/dns/rbtdb.c-orig lib/dns/rbtdb.c
  
  	/*
  	 * Version Initialization.
-diff -r -u lib/dns/rpz.c-orig lib/dns/rpz.c
---- lib/dns/rpz.c-orig	2004-01-01 00:00:00.000000000 +0000
-+++ lib/dns/rpz.c	2004-01-01 00:00:00.000000000 +0000
+Index: lib/dns/rpz.c
+===================================================================
+--- lib/dns/rpz.c.orig	2013-12-20 01:28:28.000000000 +0100
++++ lib/dns/rpz.c	2014-01-21 17:56:13.529661664 +0100
 @@ -37,6 +37,7 @@
  #include <dns/rdataset.h>
  #include <dns/rdatastruct.h>
@@ -7365,9 +7392,10 @@ diff -r -u lib/dns/rpz.c-orig lib/dns/rpz.c
  	 */
  	if (dns_name_equal(&cname.cname, &rpz->passthru))
  		return (DNS_RPZ_POLICY_PASSTHRU);
-diff -r -u lib/dns/view.c-orig lib/dns/view.c
---- lib/dns/view.c-orig	2004-01-01 00:00:00.000000000 +0000
-+++ lib/dns/view.c	2004-01-01 00:00:00.000000000 +0000
+Index: lib/dns/view.c
+===================================================================
+--- lib/dns/view.c.orig	2013-12-20 01:28:28.000000000 +0100
++++ lib/dns/view.c	2014-01-21 17:56:13.530661676 +0100
 @@ -197,9 +197,7 @@
  	view->maxbits = 0;
  	view->v4_aaaa = dns_v4_aaaa_ok;
@@ -7389,9 +7417,10 @@ diff -r -u lib/dns/view.c-orig lib/dns/view.c
  #ifdef USE_RRL
  	dns_rrl_view_destroy(view);
  #else /* USE_RRL */
-diff -r -u lib/dns/win32/libdns.def-orig lib/dns/win32/libdns.def
---- lib/dns/win32/libdns.def-orig	2004-01-01 00:00:00.000000000 +0000
-+++ lib/dns/win32/libdns.def	2004-01-01 00:00:00.000000000 +0000
+Index: lib/dns/win32/libdns.def
+===================================================================
+--- lib/dns/win32/libdns.def.orig	2013-12-20 01:28:28.000000000 +0100
++++ lib/dns/win32/libdns.def	2014-01-21 17:56:13.530661676 +0100
 @@ -130,8 +130,8 @@
  dns_db_overmem
  dns_db_printnode
@@ -7456,9 +7485,10 @@ diff -r -u lib/dns/win32/libdns.def-orig lib/dns/win32/libdns.def
  dns_zone_rpz_enable
  dns_zone_setacache
  dns_zone_setadded
-diff -r -u lib/dns/xfrin.c-orig lib/dns/xfrin.c
---- lib/dns/xfrin.c-orig	2004-01-01 00:00:00.000000000 +0000
-+++ lib/dns/xfrin.c	2004-01-01 00:00:00.000000000 +0000
+Index: lib/dns/xfrin.c
+===================================================================
+--- lib/dns/xfrin.c.orig	2013-12-20 01:28:28.000000000 +0100
++++ lib/dns/xfrin.c	2014-01-21 17:56:13.530661676 +0100
 @@ -280,7 +280,7 @@
  			       0, NULL, /* XXX guess */
  			       dbp);
@@ -7468,9 +7498,10 @@ diff -r -u lib/dns/xfrin.c-orig lib/dns/xfrin.c
  	return (result);
  }
  
-diff -r -u lib/dns/zone.c-orig lib/dns/zone.c
---- lib/dns/zone.c-orig	2004-01-01 00:00:00.000000000 +0000
-+++ lib/dns/zone.c	2004-01-01 00:00:00.000000000 +0000
+Index: lib/dns/zone.c
+===================================================================
+--- lib/dns/zone.c.orig	2013-12-20 01:28:28.000000000 +0100
++++ lib/dns/zone.c	2014-01-21 17:56:13.533661711 +0100
 @@ -346,9 +346,10 @@
  	isc_boolean_t           added;
  
@@ -7603,9 +7634,10 @@ diff -r -u lib/dns/zone.c-orig lib/dns/zone.c
  	result = zone_get_from_db(zone, db, &nscount, &soacount,
  				  NULL, NULL, NULL, NULL, NULL, NULL);
  	if (result == ISC_R_SUCCESS) {
-diff -r -u lib/isccfg/namedconf.c-orig lib/isccfg/namedconf.c
---- lib/isccfg/namedconf.c-orig	2004-01-01 00:00:00.000000000 +0000
-+++ lib/isccfg/namedconf.c	2004-01-01 00:00:00.000000000 +0000
+Index: lib/isccfg/namedconf.c
+===================================================================
+--- lib/isccfg/namedconf.c.orig	2013-12-20 01:28:28.000000000 +0100
++++ lib/isccfg/namedconf.c	2014-01-21 17:56:13.534661723 +0100
 @@ -1054,11 +1054,12 @@
  
  /*%
@@ -7653,14 +7685,15 @@ diff -r -u lib/isccfg/namedconf.c-orig lib/isccfg/namedconf.c
  	{ NULL, NULL, 0 }
  };
  static cfg_type_t cfg_type_rpz = {
-diff -r -u version-orig version
---- version-orig	2004-01-01 00:00:00.000000000 +0000
-+++ version	2004-01-01 00:00:00.000000000 +0000
+Index: version
+===================================================================
+--- version.orig	2013-12-20 01:28:28.000000000 +0100
++++ version	2014-01-21 17:56:13.534661723 +0100
 @@ -7,6 +7,6 @@
  DESCRIPTION="(Extended Support Version)"
  MAJORVER=9
  MINORVER=9
 -PATCHVER=4
 +PATCHVER=4-rpz2.13269.14
- RELEASETYPE=
- RELEASEVER=
+ RELEASETYPE=-P
+ RELEASEVER=2