unfuzz rpz2-9.9.4.patch

OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=135
2014-01-21 17:29:39 +00:00 · 2014-01-21 17:29:39 +00:00 · 6fa65ad99d
commit 6fa65ad99d
parent 2280b862ef
1 changed files with 168 additions and 135 deletions
--- a/rpz2-9.9.4.patch
+++ b/rpz2-9.9.4.patch
@ -1,6 +1,7 @@
-diff -r -u bin/named/query.c-orig bin/named/query.c
--- bin/named/query.c-orig	2004-01-01 00:00:00.000000000 +0000
-+++ bin/named/query.c	2004-01-01 00:00:00.000000000 +0000
+Index: bin/named/query.c
+===================================================================
+--- bin/named/query.c.orig	2013-12-20 01:28:28.000000000 +0100
+++ bin/named/query.c	2014-01-21 17:56:13.516661510 +0100
@@ -879,11 +879,11 @@
 static void
 rpz_log_rewrite(ns_client_t *client, isc_boolean_t disabled,
@ -828,8 +829,6 @@ diff -r -u bin/named/query.c-orig bin/named/query.c
 -			result = dns_name_concatenate(prefix, suffix,
 -						      rpz_qname, NULL);
 -			if (result == ISC_R_SUCCESS)
-				break;
-			INSIST(result == DNS_R_NAMETOOLONG);
 +		dns_fixedname_init(&p_namef);
 +		p_name = dns_fixedname_name(&p_namef);
 +		result = rpz_get_p_name(client, p_name, rpz, rpz_type, ip_name);
@ -841,24 +840,12 @@ diff -r -u bin/named/query.c-orig bin/named/query.c
 +				    p_rdatasetp, &policy);
 +		switch (result) {
 +		case DNS_R_NXDOMAIN:
- 			/*
-			 * Trim the name until it is not too long.
+			/*
 +			 * Continue after a policy record that is missing
 +			 * contrary to the summary data.  The summary
 +			 * data can out of date during races with and among
 +			 * policy zone updates.
- 			 */
-			labels = dns_name_countlabels(prefix);
-			if (labels < 2) {
-				rpz_log_fail(client, DNS_RPZ_ERROR_LEVEL,
-					     rpz_type, suffix,
-					     "concatentate() ", result);
-				return (ISC_R_SUCCESS);
-			}
-			if (labels+1 == dns_name_countlabels(qname)) {
-				rpz_log_fail(client, DNS_RPZ_DEBUG_LEVEL1,
-					     rpz_type, suffix,
-					     "concatentate() ", result);
+			 */
 +			continue;
 +		case DNS_R_SERVFAIL:
 +			rpz_clean(&p_zone, &p_db, &p_node, p_rdatasetp);
@ -888,13 +875,26 @@ diff -r -u bin/named/query.c-orig bin/named/query.c
 +			     (st->m.type == rpz_type &&
 +			      st->m.prefix == prefix &&
 +			      0 > dns_name_rdatacompare(st->p_name, p_name)))
-+				break;
+ 				break;
+-			INSIST(result == DNS_R_NAMETOOLONG);
 +
-+			/*
+ 			/*
+-			 * Trim the name until it is not too long.
 +			 * Stop checking after saving an enabled hit in this
 +			 * policy zone.  The radix tree in the policy zone
 +			 * ensures that we found the longest match.
-+			 */
+ 			 */
+-			labels = dns_name_countlabels(prefix);
+-			if (labels < 2) {
+-				rpz_log_fail(client, DNS_RPZ_ERROR_LEVEL,
+-					     rpz_type, suffix,
+-					     "concatentate() ", result);
+-				return (ISC_R_SUCCESS);
+-			}
+-			if (labels+1 == dns_name_countlabels(qname)) {
+-				rpz_log_fail(client, DNS_RPZ_DEBUG_LEVEL1,
+-					     rpz_type, suffix,
+-					     "concatentate() ", result);
 +			if (rpz->policy != DNS_RPZ_POLICY_DISABLED) {
 +				rpz_save_p(st, rpz, rpz_type,
 +					   policy, p_name, prefix, result,
@ -1425,12 +1425,10 @@ diff -r -u bin/named/query.c-orig bin/named/query.c
 +			st->r.label = dns_name_countlabels(client->query.qname);
 +			st->state &= ~(DNS_RPZ_DONE_QNAME_IP |
 +				       DNS_RPZ_DONE_IPv4);
- 
-		st->r.label = dns_name_countlabels(client->query.qname);
+
 +		}
 
-		st->state &= ~(DNS_RPZ_DONE_QNAME_IP | DNS_RPZ_DONE_IPv4);
-		st->state |= DNS_RPZ_DONE_QNAME;
+-		st->r.label = dns_name_countlabels(client->query.qname);
 +		/*
 +		 * Quit if this was an attempt to find a qname or
 +		 * client-IP trigger before recursion.
@ -1445,7 +1443,9 @@ diff -r -u bin/named/query.c-orig bin/named/query.c
 +		 */
 +		if (qresult_type == 2)
 +			goto cleanup;
-+
+ 
+-		st->state &= ~(DNS_RPZ_DONE_QNAME_IP | DNS_RPZ_DONE_IPv4);
+-		st->state |= DNS_RPZ_DONE_QNAME;
 +		/*
 +		 * DNS_RPZ_DONE_QNAME but not DNS_RPZ_DONE_CLIENT_IP
 +		 * is reset at the end of dealing with each CNAME.
@ -1636,7 +1636,7 @@ diff -r -u bin/named/query.c-orig bin/named/query.c
 	ns_client_qnamereplace(client, fname);
 	/*
 	 * Turn off DNSSEC because the results of a
-@@ -5992,13 +6372,15 @@
+@@ -5997,13 +6377,15 @@
 	}
 #endif /* USE_RRL */
 
@ -1655,7 +1655,7 @@ diff -r -u bin/named/query.c-orig bin/named/query.c
 		isc_result_t rresult;
 
 		rresult = rpz_rewrite(client, qtype, result, resuming);
-@@ -6036,12 +6418,17 @@
+@@ -6041,12 +6423,17 @@
 			rpz_st->state |= DNS_RPZ_REWRITTEN;
 		if (rpz_st->m.policy != DNS_RPZ_POLICY_MISS &&
 		    rpz_st->m.policy != DNS_RPZ_POLICY_PASSTHRU &&
@ -1678,7 +1678,7 @@ diff -r -u bin/named/query.c-orig bin/named/query.c
 			rpz_clean(&zone, &db, &node, NULL);
 			if (rpz_st->m.rdataset != NULL) {
 				query_putrdataset(client, &rdataset);
-@@ -6061,6 +6448,27 @@
+@@ -6066,6 +6453,27 @@
 			rpz_st->m.zone = NULL;
 
 			switch (rpz_st->m.policy) {
@ -1706,7 +1706,7 @@ diff -r -u bin/named/query.c-orig bin/named/query.c
 			case DNS_RPZ_POLICY_NXDOMAIN:
 				result = DNS_R_NXDOMAIN;
 				break;
-@@ -6073,8 +6481,8 @@
+@@ -6078,8 +6486,8 @@
 				    result != DNS_R_CNAME) {
 					/*
 					 * We will add all of the rdatasets of
@ -1717,7 +1717,7 @@ diff -r -u bin/named/query.c-orig bin/named/query.c
 					 */
 					if (dns_rdataset_isassociated(rdataset))
 					    dns_rdataset_disassociate(rdataset);
-@@ -6129,7 +6537,7 @@
+@@ -6134,7 +6542,7 @@
 			rpz_st->q.is_zone = is_zone;
 			is_zone = ISC_TRUE;
 			rpz_log_rewrite(client, ISC_FALSE, rpz_st->m.policy,
@ -1726,9 +1726,10 @@ diff -r -u bin/named/query.c-orig bin/named/query.c
 		}
 	}
 
-diff -r -u bin/named/server.c-orig bin/named/server.c
--- bin/named/server.c-orig	2004-01-01 00:00:00.000000000 +0000
-+++ bin/named/server.c	2004-01-01 00:00:00.000000000 +0000
+Index: bin/named/server.c
+===================================================================
+--- bin/named/server.c.orig	2013-12-20 01:28:28.000000000 +0100
+++ bin/named/server.c	2014-01-21 17:56:13.518661534 +0100
@@ -375,7 +375,8 @@
 static isc_result_t
 configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig,
@ -2181,9 +2182,10 @@ diff -r -u bin/named/server.c-orig bin/named/server.c
 	dns_view_freeze(view);
 	isc_task_endexclusive(server->task);
 	if (result != ISC_R_SUCCESS)
-diff -r -u bin/tests/system/rpz/Makefile-orig bin/tests/system/rpz/Makefile
--- bin/tests/system/rpz/Makefile-orig	2004-01-01 00:00:00.000000000 +0000
-+++ bin/tests/system/rpz/Makefile	2004-01-01 00:00:00.000000000 +0000
+Index: bin/tests/system/rpz/Makefile
+===================================================================
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ bin/tests/system/rpz/Makefile	2014-01-21 17:56:13.519661546 +0100
@@ -0,0 +1,478 @@
 +# Copyright (C) 2011-2013  Internet Systems Consortium, Inc. ("ISC")
 +#
@ -2663,9 +2665,10 @@ diff -r -u bin/tests/system/rpz/Makefile-orig bin/tests/system/rpz/Makefile
 +    /usr/include/stdio.h /usr/include/string.h /usr/include/strings.h
 +
 +# IF YOU PUT ANYTHING HERE IT WILL GO AWAY
-diff -r -u bin/tests/system/rpz/clean.sh-orig bin/tests/system/rpz/clean.sh
--- bin/tests/system/rpz/clean.sh-orig	2004-01-01 00:00:00.000000000 +0000
-+++ bin/tests/system/rpz/clean.sh	2004-01-01 00:00:00.000000000 +0000
+Index: bin/tests/system/rpz/clean.sh
+===================================================================
+--- bin/tests/system/rpz/clean.sh.orig	2013-12-20 01:28:28.000000000 +0100
+++ bin/tests/system/rpz/clean.sh	2014-01-21 17:56:13.519661546 +0100
@@ -19,7 +19,7 @@
 # Clean up after rpz tests.
 
@ -2675,9 +2678,10 @@ diff -r -u bin/tests/system/rpz/clean.sh-orig bin/tests/system/rpz/clean.sh
 rm -f ns3/bl*.db ns*/*switch ns5/requests ns5/example.db ns5/bl.db ns5/*.perf
 rm -f */named.memstats */named.run */named.stats */session.key
 rm -f */*.jnl */*.core */*.pid
-diff -r -u bin/tests/system/rpz/ns1/root.db-orig bin/tests/system/rpz/ns1/root.db
--- bin/tests/system/rpz/ns1/root.db-orig	2004-01-01 00:00:00.000000000 +0000
-+++ bin/tests/system/rpz/ns1/root.db	2004-01-01 00:00:00.000000000 +0000
+Index: bin/tests/system/rpz/ns1/root.db
+===================================================================
+--- bin/tests/system/rpz/ns1/root.db.orig	2013-12-20 01:28:28.000000000 +0100
+++ bin/tests/system/rpz/ns1/root.db	2014-01-21 17:56:13.519661546 +0100
@@ -38,3 +38,6 @@
 ; performance test
 tld5.		NS	ns.tld5.
@ -2685,9 +2689,10 @@ diff -r -u bin/tests/system/rpz/ns1/root.db-orig bin/tests/system/rpz/ns1/root.d
 +
 +; generate SERVFAIL
 +servfail	NS	ns.tld2.
-diff -r -u bin/tests/system/rpz/ns2/bl.tld2.db-orig bin/tests/system/rpz/ns2/bl.tld2.db
--- bin/tests/system/rpz/ns2/bl.tld2.db-orig	2004-01-01 00:00:00.000000000 +0000
-+++ bin/tests/system/rpz/ns2/bl.tld2.db	2004-01-01 00:00:00.000000000 +0000
+Index: bin/tests/system/rpz/ns2/bl.tld2.db
+===================================================================
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ bin/tests/system/rpz/ns2/bl.tld2.db	2014-01-21 17:56:13.519661546 +0100
@@ -0,0 +1,27 @@
 +; Copyright (C) 2013  Internet Systems Consortium, Inc. ("ISC")
 +;
@ -2716,9 +2721,10 @@ diff -r -u bin/tests/system/rpz/ns2/bl.tld2.db-orig bin/tests/system/rpz/ns2/bl.
 +		A	10.53.0.3
 +
 +32.1.7.168.192.rpz-ip	 CNAME	.
-diff -r -u bin/tests/system/rpz/ns2/named.conf-orig bin/tests/system/rpz/ns2/named.conf
--- bin/tests/system/rpz/ns2/named.conf-orig	2004-01-01 00:00:00.000000000 +0000
-+++ bin/tests/system/rpz/ns2/named.conf	2004-01-01 00:00:00.000000000 +0000
+Index: bin/tests/system/rpz/ns2/named.conf
+===================================================================
+--- bin/tests/system/rpz/ns2/named.conf.orig	2013-12-20 01:28:28.000000000 +0100
+++ bin/tests/system/rpz/ns2/named.conf	2014-01-21 17:56:13.519661546 +0100
@@ -32,14 +32,6 @@
 	notify no;
 };
@ -2740,9 +2746,10 @@ diff -r -u bin/tests/system/rpz/ns2/named.conf-orig bin/tests/system/rpz/ns2/nam
 
 -zone "bl.tld2."		    {type master; file "bl.tld2.db"; notify yes; notify-delay 1;};
 +zone "bl.tld2."		    {type master; file "bl.tld2.db";};
-diff -r -u bin/tests/system/rpz/ns2/tld2.db-orig bin/tests/system/rpz/ns2/tld2.db
--- bin/tests/system/rpz/ns2/tld2.db-orig	2004-01-01 00:00:00.000000000 +0000
-+++ bin/tests/system/rpz/ns2/tld2.db	2004-01-01 00:00:00.000000000 +0000
+Index: bin/tests/system/rpz/ns2/tld2.db
+===================================================================
+--- bin/tests/system/rpz/ns2/tld2.db.orig	2013-12-20 01:28:28.000000000 +0100
+++ bin/tests/system/rpz/ns2/tld2.db	2014-01-21 17:56:13.519661546 +0100
@@ -111,6 +111,9 @@
 		A	192.168.5.2
 		TXT	"a5-1-2 tld2 text"
@ -2753,9 +2760,10 @@ diff -r -u bin/tests/system/rpz/ns2/tld2.db-orig bin/tests/system/rpz/ns2/tld2.d
 a5-3		A	192.168.5.3
 		TXT	"a5-3 tld2 text"
 
-diff -r -u bin/tests/system/rpz/ns3/base.db-orig bin/tests/system/rpz/ns3/base.db
--- bin/tests/system/rpz/ns3/base.db-orig	2004-01-01 00:00:00.000000000 +0000
-+++ bin/tests/system/rpz/ns3/base.db	2004-01-01 00:00:00.000000000 +0000
+Index: bin/tests/system/rpz/ns3/base.db
+===================================================================
+--- bin/tests/system/rpz/ns3/base.db.orig	2013-12-20 01:28:28.000000000 +0100
+++ bin/tests/system/rpz/ns3/base.db	2014-01-21 17:56:13.519661546 +0100
@@ -21,30 +21,7 @@
 ;   Its contents are also changed with nsupdate
 
@ -2789,9 +2797,10 @@ diff -r -u bin/tests/system/rpz/ns3/base.db-orig bin/tests/system/rpz/ns3/base.d
 -; (or whatever) is available by publishing "foo A 10.2.3.4" and then
 -; resolving foo.
 -32.3.2.1.127.rpz-ip					CNAME	walled.invalid.
-diff -r -u bin/tests/system/rpz/ns3/named.conf-orig bin/tests/system/rpz/ns3/named.conf
--- bin/tests/system/rpz/ns3/named.conf-orig	2004-01-01 00:00:00.000000000 +0000
-+++ bin/tests/system/rpz/ns3/named.conf	2004-01-01 00:00:00.000000000 +0000
+Index: bin/tests/system/rpz/ns3/named.conf
+===================================================================
+--- bin/tests/system/rpz/ns3/named.conf.orig	2013-12-20 01:28:28.000000000 +0100
+++ bin/tests/system/rpz/ns3/named.conf	2014-01-21 17:56:13.520661557 +0100
@@ -46,20 +46,24 @@
 	    zone "bl-cname"	policy cname txt-only.tld2.;
 	    zone "bl-wildcname"	policy cname *.tld4.;
@ -2835,17 +2844,19 @@ diff -r -u bin/tests/system/rpz/ns3/named.conf-orig bin/tests/system/rpz/ns3/nam
 
 zone "crash1.tld2"	{type master; file "crash1";};
 zone "crash2.tld3."	{type master; file "crash2";};
-diff -r -u bin/tests/system/rpz/ns5/named.args-orig bin/tests/system/rpz/ns5/named.args
--- bin/tests/system/rpz/ns5/named.args-orig	2004-01-01 00:00:00.000000000 +0000
-+++ bin/tests/system/rpz/ns5/named.args	2004-01-01 00:00:00.000000000 +0000
+Index: bin/tests/system/rpz/ns5/named.args
+===================================================================
+--- bin/tests/system/rpz/ns5/named.args.orig	2013-12-20 01:28:28.000000000 +0100
+++ bin/tests/system/rpz/ns5/named.args	2014-01-21 17:56:13.520661557 +0100
@@ -1,3 +1,3 @@
 # run the performace test close to real life
 
 --c named.conf -g
 +-c named.conf -gd3
-diff -r -u bin/tests/system/rpz/ns5/named.conf-orig bin/tests/system/rpz/ns5/named.conf
--- bin/tests/system/rpz/ns5/named.conf-orig	2004-01-01 00:00:00.000000000 +0000
-+++ bin/tests/system/rpz/ns5/named.conf	2004-01-01 00:00:00.000000000 +0000
+Index: bin/tests/system/rpz/ns5/named.conf
+===================================================================
+--- bin/tests/system/rpz/ns5/named.conf.orig	2013-12-20 01:28:28.000000000 +0100
+++ bin/tests/system/rpz/ns5/named.conf	2014-01-21 17:56:13.520661557 +0100
@@ -40,7 +40,7 @@
 
 key rndc_key {
@ -2876,9 +2887,10 @@ diff -r -u bin/tests/system/rpz/ns5/named.conf-orig bin/tests/system/rpz/ns5/nam
 +zone "bl17."		{type master; file "bl.db"; };
 +zone "bl18."		{type master; file "bl.db"; };
 +zone "bl19."		{type master; file "bl.db"; };
-diff -r -u bin/tests/system/rpz/ns5/tld5.db-orig bin/tests/system/rpz/ns5/tld5.db
--- bin/tests/system/rpz/ns5/tld5.db-orig	2004-01-01 00:00:00.000000000 +0000
-+++ bin/tests/system/rpz/ns5/tld5.db	2004-01-01 00:00:00.000000000 +0000
+Index: bin/tests/system/rpz/ns5/tld5.db
+===================================================================
+--- bin/tests/system/rpz/ns5/tld5.db.orig	2013-12-20 01:28:28.000000000 +0100
+++ bin/tests/system/rpz/ns5/tld5.db	2014-01-21 17:56:13.520661557 +0100
@@ -22,42 +22,10 @@
 	NS	ns1
 	NS	ns2
@ -2922,9 +2934,10 @@ diff -r -u bin/tests/system/rpz/ns5/tld5.db-orig bin/tests/system/rpz/ns5/tld5.d
 
 
 $ORIGIN	example.tld5.
-diff -r -u bin/tests/system/rpz/setup.sh-orig bin/tests/system/rpz/setup.sh
--- bin/tests/system/rpz/setup.sh-orig	2004-01-01 00:00:00.000000000 +0000
-+++ bin/tests/system/rpz/setup.sh	2004-01-01 00:00:00.000000000 +0000
+Index: bin/tests/system/rpz/setup.sh
+===================================================================
+--- bin/tests/system/rpz/setup.sh.orig	2013-12-20 01:28:28.000000000 +0100
+++ bin/tests/system/rpz/setup.sh	2014-01-21 17:56:13.520661557 +0100
@@ -26,11 +26,13 @@
 
 sh clean.sh
@ -3012,9 +3025,10 @@ diff -r -u bin/tests/system/rpz/setup.sh-orig bin/tests/system/rpz/setup.sh
 	}' >ns5/requests
 -
 -cp ns2/bl.tld2.db.in ns2/bl.tld2.db
-diff -r -u bin/tests/system/rpz/test1-orig bin/tests/system/rpz/test1
--- bin/tests/system/rpz/test1-orig	2004-01-01 00:00:00.000000000 +0000
-+++ bin/tests/system/rpz/test1	2004-01-01 00:00:00.000000000 +0000
+Index: bin/tests/system/rpz/test1
+===================================================================
+--- bin/tests/system/rpz/test1.orig	2013-12-20 01:28:28.000000000 +0100
+++ bin/tests/system/rpz/test1	2014-01-21 17:56:13.520661557 +0100
@@ -24,13 +24,13 @@
 ; QNAME tests
 
@ -3058,9 +3072,10 @@ diff -r -u bin/tests/system/rpz/test1-orig bin/tests/system/rpz/test1
 +;	34 qname-wait-recurse yes
 +update add  x.servfail.bl.	300 A	127.0.0.34
 send
-diff -r -u bin/tests/system/rpz/test2-orig bin/tests/system/rpz/test2
--- bin/tests/system/rpz/test2-orig	2004-01-01 00:00:00.000000000 +0000
-+++ bin/tests/system/rpz/test2	2004-01-01 00:00:00.000000000 +0000
+Index: bin/tests/system/rpz/test2
+===================================================================
+--- bin/tests/system/rpz/test2.orig	2013-12-20 01:28:28.000000000 +0100
+++ bin/tests/system/rpz/test2	2014-01-21 17:56:13.520661557 +0100
@@ -58,7 +58,7 @@
 send
 
@ -3079,9 +3094,10 @@ diff -r -u bin/tests/system/rpz/test2-orig bin/tests/system/rpz/test2
 +;	17
 +update add 32.1.0.53.10.rpz-client-ip.bl 300 A	127.0.0.17
 +send
-diff -r -u bin/tests/system/rpz/test5-orig bin/tests/system/rpz/test5
--- bin/tests/system/rpz/test5-orig	2004-01-01 00:00:00.000000000 +0000
-+++ bin/tests/system/rpz/test5	2004-01-01 00:00:00.000000000 +0000
+Index: bin/tests/system/rpz/test5
+===================================================================
+--- bin/tests/system/rpz/test5.orig	2013-12-20 01:28:28.000000000 +0100
+++ bin/tests/system/rpz/test5	2014-01-21 17:56:13.520661557 +0100
@@ -35,10 +35,8 @@
 ;	4
 update add  a3-4.tld2.bl-disabled.  300 A 127.0.0.4
@ -3104,9 +3120,10 @@ diff -r -u bin/tests/system/rpz/test5-orig bin/tests/system/rpz/test5
 +;	19
 +update add  a3-19.tld2.bl-tcp-only. 300 A 127.0.0.19
 +send
-diff -r -u bin/tests/system/rpz/test6-orig bin/tests/system/rpz/test6
--- bin/tests/system/rpz/test6-orig	2004-01-01 00:00:00.000000000 +0000
-+++ bin/tests/system/rpz/test6	2004-01-01 00:00:00.000000000 +0000
+Index: bin/tests/system/rpz/test6
+===================================================================
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ bin/tests/system/rpz/test6	2014-01-21 17:56:13.521661569 +0100
@@ -0,0 +1,40 @@
 +; Copyright (C) 2011-2013  Internet Systems Consortium, Inc. ("ISC")
 +;
@ -3148,9 +3165,10 @@ diff -r -u bin/tests/system/rpz/test6-orig bin/tests/system/rpz/test6
 +update add  *.credirect.bl.	300 CNAME	google.com.
 +;
 +send
-diff -r -u bin/tests/system/rpz/tests.sh-orig bin/tests/system/rpz/tests.sh
--- bin/tests/system/rpz/tests.sh-orig	2004-01-01 00:00:00.000000000 +0000
-+++ bin/tests/system/rpz/tests.sh	2004-01-01 00:00:00.000000000 +0000
+Index: bin/tests/system/rpz/tests.sh
+===================================================================
+--- bin/tests/system/rpz/tests.sh.orig	2013-12-20 01:28:28.000000000 +0100
+++ bin/tests/system/rpz/tests.sh	2014-01-21 17:56:13.521661569 +0100
@@ -21,15 +21,15 @@
 . $SYSTEMTESTTOP/conf.sh
 
@ -3500,9 +3518,10 @@ diff -r -u bin/tests/system/rpz/tests.sh-orig bin/tests/system/rpz/tests.sh
 
 # restart the main test RPZ server to see if that creates a core file
 if test -z "$HAVE_CORE"; then
-diff -r -u doc/arm/Bv9ARM-book.xml-orig doc/arm/Bv9ARM-book.xml
--- doc/arm/Bv9ARM-book.xml-orig	2004-01-01 00:00:00.000000000 +0000
-+++ doc/arm/Bv9ARM-book.xml	2004-01-01 00:00:00.000000000 +0000
+Index: doc/arm/Bv9ARM-book.xml
+===================================================================
+--- doc/arm/Bv9ARM-book.xml.orig	2013-12-20 01:28:28.000000000 +0100
+++ doc/arm/Bv9ARM-book.xml	2014-01-21 17:56:13.524661605 +0100
@@ -4870,7 +4870,7 @@
 	<optional> min-table-size <replaceable>number</replaceable> ; </optional>
       } ; </optional>
@ -4022,9 +4041,10 @@ diff -r -u doc/arm/Bv9ARM-book.xml-orig doc/arm/Bv9ARM-book.xml
 </programlisting>
           <para>
             RPZ can affect server performance.
-diff -r -u lib/dns/db.c-orig lib/dns/db.c
--- lib/dns/db.c-orig	2004-01-01 00:00:00.000000000 +0000
-+++ lib/dns/db.c	2004-01-01 00:00:00.000000000 +0000
+Index: lib/dns/db.c
+===================================================================
+--- lib/dns/db.c.orig	2013-12-20 01:28:28.000000000 +0100
+++ lib/dns/db.c	2014-01-21 17:56:13.525661616 +0100
@@ -1007,21 +1007,23 @@
 		(db->methods->resigned)(db, rdataset, version);
 }
@ -4064,9 +4084,10 @@ diff -r -u lib/dns/db.c-orig lib/dns/db.c
 +		return (ISC_R_SUCCESS);
 +	return ((db->methods->rpz_ready)(db));
 }
-diff -r -u lib/dns/ecdb.c-orig lib/dns/ecdb.c
--- lib/dns/ecdb.c-orig	2004-01-01 00:00:00.000000000 +0000
-+++ lib/dns/ecdb.c	2004-01-01 00:00:00.000000000 +0000
+Index: lib/dns/ecdb.c
+===================================================================
+--- lib/dns/ecdb.c.orig	2013-12-20 01:28:28.000000000 +0100
+++ lib/dns/ecdb.c	2014-01-21 17:56:13.525661616 +0100
@@ -582,8 +582,8 @@
 	NULL,			/* resigned */
 	NULL,			/* isdnssec */
@ -4078,9 +4099,10 @@ diff -r -u lib/dns/ecdb.c-orig lib/dns/ecdb.c
 	NULL,			/* findnodeext */
 	NULL			/* findext */
 };
-diff -r -u lib/dns/include/dns/db.h-orig lib/dns/include/dns/db.h
--- lib/dns/include/dns/db.h-orig	2004-01-01 00:00:00.000000000 +0000
-+++ lib/dns/include/dns/db.h	2004-01-01 00:00:00.000000000 +0000
+Index: lib/dns/include/dns/db.h
+===================================================================
+--- lib/dns/include/dns/db.h.orig	2013-12-20 01:28:28.000000000 +0100
+++ lib/dns/include/dns/db.h	2014-01-21 17:56:13.525661616 +0100
@@ -172,14 +172,9 @@
 					   dns_dbversion_t *version);
 	isc_boolean_t	(*isdnssec)(dns_db_t *db);
@ -4138,9 +4160,10 @@ diff -r -u lib/dns/include/dns/db.h-orig lib/dns/include/dns/db.h
  */
 
 ISC_LANG_ENDDECLS
-diff -r -u lib/dns/include/dns/rpz.h-orig lib/dns/include/dns/rpz.h
--- lib/dns/include/dns/rpz.h-orig	2004-01-01 00:00:00.000000000 +0000
-+++ lib/dns/include/dns/rpz.h	2004-01-01 00:00:00.000000000 +0000
+Index: lib/dns/include/dns/rpz.h
+===================================================================
+--- lib/dns/include/dns/rpz.h.orig	2013-12-20 01:28:28.000000000 +0100
+++ lib/dns/include/dns/rpz.h	2014-01-21 17:56:13.526661629 +0100
@@ -25,19 +25,31 @@
 #include <dns/fixedname.h>
 #include <dns/rdata.h>
@ -4455,9 +4478,10 @@ diff -r -u lib/dns/include/dns/rpz.h-orig lib/dns/include/dns/rpz.h
 
 ISC_LANG_ENDDECLS
 
-diff -r -u lib/dns/include/dns/view.h-orig lib/dns/include/dns/view.h
--- lib/dns/include/dns/view.h-orig	2004-01-01 00:00:00.000000000 +0000
-+++ lib/dns/include/dns/view.h	2004-01-01 00:00:00.000000000 +0000
+Index: lib/dns/include/dns/view.h
+===================================================================
+--- lib/dns/include/dns/view.h.orig	2013-12-20 01:28:28.000000000 +0100
+++ lib/dns/include/dns/view.h	2014-01-21 17:56:13.526661629 +0100
@@ -164,10 +164,7 @@
 	dns_acl_t *			v4_aaaa_acl;
 	dns_dns64list_t 		dns64;
@ -4470,9 +4494,10 @@ diff -r -u lib/dns/include/dns/view.h-orig lib/dns/include/dns/view.h
 
 	/*
 	 * Configurable data for server use only,
-diff -r -u lib/dns/include/dns/zone.h-orig lib/dns/include/dns/zone.h
--- lib/dns/include/dns/zone.h-orig	2004-01-01 00:00:00.000000000 +0000
-+++ lib/dns/include/dns/zone.h	2004-01-01 00:00:00.000000000 +0000
+Index: lib/dns/include/dns/zone.h
+===================================================================
+--- lib/dns/include/dns/zone.h.orig	2013-12-20 01:28:28.000000000 +0100
+++ lib/dns/include/dns/zone.h	2014-01-21 17:56:13.526661629 +0100
@@ -2081,19 +2081,20 @@
  */
 
@ -4498,9 +4523,10 @@ diff -r -u lib/dns/include/dns/zone.h-orig lib/dns/include/dns/zone.h
 
 void
 dns_zone_setstatlevel(dns_zone_t *zone, dns_zonestat_level_t level);
-diff -r -u lib/dns/rbtdb.c-orig lib/dns/rbtdb.c
--- lib/dns/rbtdb.c-orig	2004-01-01 00:00:00.000000000 +0000
-+++ lib/dns/rbtdb.c	2004-01-01 00:00:00.000000000 +0000
+Index: lib/dns/rbtdb.c
+===================================================================
+--- lib/dns/rbtdb.c.orig	2013-12-20 01:28:28.000000000 +0100
+++ lib/dns/rbtdb.c	2014-01-21 17:56:13.528661652 +0100
@@ -453,7 +453,9 @@
 	dns_rbt_t *                     tree;
 	dns_rbt_t *			nsec;
@ -4698,12 +4724,12 @@ diff -r -u lib/dns/rbtdb.c-orig lib/dns/rbtdb.c
 -		default:
 -			continue;
 -		}
-
+ 
 -		result = dns_rpz_cidr_find(rbtdb->rpz_cidr, &netaddr, rpz_type,
 -					   selfname, qname, &prefix);
 -		if (result != ISC_R_SUCCESS)
 -			continue;
- 
+-
 -		/*
 -		 * If we already have a rule, discard this new rule if
 -		 * is not better.
@ -4896,9 +4922,10 @@ diff -r -u lib/dns/rbtdb.c-orig lib/dns/rbtdb.c
 
 	/*
 	 * Version Initialization.
-diff -r -u lib/dns/rpz.c-orig lib/dns/rpz.c
--- lib/dns/rpz.c-orig	2004-01-01 00:00:00.000000000 +0000
-+++ lib/dns/rpz.c	2004-01-01 00:00:00.000000000 +0000
+Index: lib/dns/rpz.c
+===================================================================
+--- lib/dns/rpz.c.orig	2013-12-20 01:28:28.000000000 +0100
+++ lib/dns/rpz.c	2014-01-21 17:56:13.529661664 +0100
@@ -37,6 +37,7 @@
 #include <dns/rdataset.h>
 #include <dns/rdatastruct.h>
@ -7365,9 +7392,10 @@ diff -r -u lib/dns/rpz.c-orig lib/dns/rpz.c
 	 */
 	if (dns_name_equal(&cname.cname, &rpz->passthru))
 		return (DNS_RPZ_POLICY_PASSTHRU);
-diff -r -u lib/dns/view.c-orig lib/dns/view.c
--- lib/dns/view.c-orig	2004-01-01 00:00:00.000000000 +0000
-+++ lib/dns/view.c	2004-01-01 00:00:00.000000000 +0000
+Index: lib/dns/view.c
+===================================================================
+--- lib/dns/view.c.orig	2013-12-20 01:28:28.000000000 +0100
+++ lib/dns/view.c	2014-01-21 17:56:13.530661676 +0100
@@ -197,9 +197,7 @@
 	view->maxbits = 0;
 	view->v4_aaaa = dns_v4_aaaa_ok;
@ -7389,9 +7417,10 @@ diff -r -u lib/dns/view.c-orig lib/dns/view.c
 #ifdef USE_RRL
 	dns_rrl_view_destroy(view);
 #else /* USE_RRL */
-diff -r -u lib/dns/win32/libdns.def-orig lib/dns/win32/libdns.def
--- lib/dns/win32/libdns.def-orig	2004-01-01 00:00:00.000000000 +0000
-+++ lib/dns/win32/libdns.def	2004-01-01 00:00:00.000000000 +0000
+Index: lib/dns/win32/libdns.def
+===================================================================
+--- lib/dns/win32/libdns.def.orig	2013-12-20 01:28:28.000000000 +0100
+++ lib/dns/win32/libdns.def	2014-01-21 17:56:13.530661676 +0100
@@ -130,8 +130,8 @@
 dns_db_overmem
 dns_db_printnode
@ -7456,9 +7485,10 @@ diff -r -u lib/dns/win32/libdns.def-orig lib/dns/win32/libdns.def
 dns_zone_rpz_enable
 dns_zone_setacache
 dns_zone_setadded
-diff -r -u lib/dns/xfrin.c-orig lib/dns/xfrin.c
--- lib/dns/xfrin.c-orig	2004-01-01 00:00:00.000000000 +0000
-+++ lib/dns/xfrin.c	2004-01-01 00:00:00.000000000 +0000
+Index: lib/dns/xfrin.c
+===================================================================
+--- lib/dns/xfrin.c.orig	2013-12-20 01:28:28.000000000 +0100
+++ lib/dns/xfrin.c	2014-01-21 17:56:13.530661676 +0100
@@ -280,7 +280,7 @@
 			       0, NULL, /* XXX guess */
 			       dbp);
@ -7468,9 +7498,10 @@ diff -r -u lib/dns/xfrin.c-orig lib/dns/xfrin.c
 	return (result);
 }
 
-diff -r -u lib/dns/zone.c-orig lib/dns/zone.c
--- lib/dns/zone.c-orig	2004-01-01 00:00:00.000000000 +0000
-+++ lib/dns/zone.c	2004-01-01 00:00:00.000000000 +0000
+Index: lib/dns/zone.c
+===================================================================
+--- lib/dns/zone.c.orig	2013-12-20 01:28:28.000000000 +0100
+++ lib/dns/zone.c	2014-01-21 17:56:13.533661711 +0100
@@ -346,9 +346,10 @@
 	isc_boolean_t           added;
 
@ -7603,9 +7634,10 @@ diff -r -u lib/dns/zone.c-orig lib/dns/zone.c
 	result = zone_get_from_db(zone, db, &nscount, &soacount,
 				  NULL, NULL, NULL, NULL, NULL, NULL);
 	if (result == ISC_R_SUCCESS) {
-diff -r -u lib/isccfg/namedconf.c-orig lib/isccfg/namedconf.c
--- lib/isccfg/namedconf.c-orig	2004-01-01 00:00:00.000000000 +0000
-+++ lib/isccfg/namedconf.c	2004-01-01 00:00:00.000000000 +0000
+Index: lib/isccfg/namedconf.c
+===================================================================
+--- lib/isccfg/namedconf.c.orig	2013-12-20 01:28:28.000000000 +0100
+++ lib/isccfg/namedconf.c	2014-01-21 17:56:13.534661723 +0100
@@ -1054,11 +1054,12 @@
 
 /*%
@ -7653,14 +7685,15 @@ diff -r -u lib/isccfg/namedconf.c-orig lib/isccfg/namedconf.c
 	{ NULL, NULL, 0 }
 };
 static cfg_type_t cfg_type_rpz = {
-diff -r -u version-orig version
--- version-orig	2004-01-01 00:00:00.000000000 +0000
-+++ version	2004-01-01 00:00:00.000000000 +0000
+Index: version
+===================================================================
+--- version.orig	2013-12-20 01:28:28.000000000 +0100
+++ version	2014-01-21 17:56:13.534661723 +0100
@@ -7,6 +7,6 @@
 DESCRIPTION="(Extended Support Version)"
 MAJORVER=9
 MINORVER=9
 -PATCHVER=4
 +PATCHVER=4-rpz2.13269.14
- RELEASETYPE=
- RELEASEVER=
+ RELEASETYPE=-P
+ RELEASEVER=2