diff options
| author |   Mike Frysinger <vapier@gentoo.org> | 2011-08-26 02:39:43 +0000 |
|---|---|---|
| committer | Mike Frysinger <vapier@gentoo.org> | 2011-08-26 02:39:43 +0000 |
| commit | 9e51d54fab947c133ab8050002c7cf3655d694c7 (patch) | |
| tree | e312d6a9e72e06c69437c7b1731a4e2687d5368f /net-misc/dhcp/files | |
| parent | Add flex and bison to DEPEND, bug 378343. (diff) | |
| download | gentoo-2-9e51d54fab947c133ab8050002c7cf3655d694c7.tar.gz gentoo-2-9e51d54fab947c133ab8050002c7cf3655d694c7.tar.bz2 gentoo-2-9e51d54fab947c133ab8050002c7cf3655d694c7.zip | |
Version bump for security #378799, and fix cross-compiling.
(Portage version: 2.2.0_alpha51/cvs/Linux x86_64)
Diffstat (limited to 'net-misc/dhcp/files')
| -rw-r--r-- | net-misc/dhcp/files/dhcp-4.2.2-dhclient-resolvconf.patch | 409 | ||||
| -rw-r--r-- | net-misc/dhcp/files/dhcp-4.2.2-dhclient-stdin-conf.patch | 113 | ||||
| -rw-r--r-- | net-misc/dhcp/files/dhcp-4.2.2-nogateway.patch | 46 |
3 files changed, 568 insertions, 0 deletions
diff --git a/net-misc/dhcp/files/dhcp-4.2.2-dhclient-resolvconf.patch b/net-misc/dhcp/files/dhcp-4.2.2-dhclient-resolvconf.patch new file mode 100644 index 000000000000..95a0d6564889 --- /dev/null +++ b/net-misc/dhcp/files/dhcp-4.2.2-dhclient-resolvconf.patch @@ -0,0 +1,409 @@ +--- a/client/scripts/bsdos ++++ b/client/scripts/bsdos +@@ -1,40 +1,46 @@ + #!/bin/sh + + make_resolv_conf() { ++ if [ x"$PEER_DNS" != x ] && [ x$"PEER_DNS" != xyes ]; then ++ return 0 ++ fi ++ local conf= + if [ x"$new_domain_name_servers" != x ]; then +- cat /dev/null > /etc/resolv.conf.dhclient + if [ "x$new_domain_search" != x ]; then +- echo search $new_domain_search >> /etc/resolv.conf.dhclient ++ conf="${conf}search ${new_domain_search}\n" + elif [ "x$new_domain_name" != x ]; then + # Note that the DHCP 'Domain Name Option' is really just a domain + # name, and that this practice of using the domain name option as + # a search path is both nonstandard and deprecated. +- echo search $new_domain_name >> /etc/resolv.conf.dhclient ++ conf="${conf}search ${new_domain_name}\n" + fi + for nameserver in $new_domain_name_servers; do +- echo nameserver $nameserver >> /etc/resolv.conf.dhclient ++ conf="${conf}nameserver ${nameserver}\n" + done +- +- mv /etc/resolv.conf.dhclient /etc/resolv.conf + elif [ "x${new_dhcp6_name_servers}" != x ] ; then +- cat /dev/null > /etc/resolv.conf.dhclient6 +- chmod 644 /etc/resolv.conf.dhclient6 +- + if [ "x${new_dhcp6_domain_search}" != x ] ; then +- echo search ${new_dhcp6_domain_search} >> /etc/resolv.conf.dhclient6 ++ conf="${conf}search ${new_dhcp6_domain_search}\n" + fi + for nameserver in ${new_dhcp6_name_servers} ; do + # If the nameserver has a link-local address + # add a <zone_id> (interface name) to it. + case $nameserver in + fe80:*) zone_id="%$interface";; + FE80:*) zone_id="%$interface";; + *) zone_id='';; + esac +- echo nameserver ${nameserver}$zone_id >> /etc/resolv.conf.dhclient6 ++ conf="${conf}nameserver ${nameserver}$zone_id\n" + done ++ fi + +- mv /etc/resolv.conf.dhclient6 /etc/resolv.conf ++ if [ x"$conf" != x ]; then ++ conf="# Generated by dhclient or interface $interface\n${conf}" ++ if type resolvconf >/dev/null 2>&1; then ++ printf "${conf}" | resolvconf -a $interface ++ else ++ printf "${conf}" > /etc/resolv.conf ++ chmod 644 /etc/resolv.conf ++ fi + fi + } + +--- a/client/scripts/freebsd ++++ b/client/scripts/freebsd +@@ -11,73 +11,45 @@ + fi + + make_resolv_conf() { ++ if [ x"$PEER_DNS" != x ] && [ x$"PEER_DNS" != xyes ]; then ++ return 0 ++ fi ++ local conf= + if [ x"$new_domain_name_servers" != x ]; then +- ( cat /dev/null > /etc/resolv.conf.dhclient ) +- exit_status=$? +- if [ $exit_status -ne 0 ]; then +- $LOGGER "Unable to create /etc/resolv.conf.dhclient: Error $exit_status" +- else +- if [ "x$new_domain_search" != x ]; then +- ( echo search $new_domain_search >> /etc/resolv.conf.dhclient ) +- exit_status=$? +- elif [ "x$new_domain_name" != x ]; then +- # Note that the DHCP 'Domain Name Option' is really just a domain +- # name, and that this practice of using the domain name option as +- # a search path is both nonstandard and deprecated. +- ( echo search $new_domain_name >> /etc/resolv.conf.dhclient ) +- exit_status=$? +- fi +- for nameserver in $new_domain_name_servers; do +- if [ $exit_status -ne 0 ]; then +- break +- fi +- ( echo nameserver $nameserver >>/etc/resolv.conf.dhclient ) +- exit_status=$? +- done +- +- # If there were no errors, attempt to mv the new file into place. +- if [ $exit_status -eq 0 ]; then +- ( mv /etc/resolv.conf.dhclient /etc/resolv.conf ) +- exit_status=$? +- fi +- +- if [ $exit_status -ne 0 ]; then +- $LOGGER "Error while writing new /etc/resolv.conf." +- fi ++ if [ "x$new_domain_search" != x ]; then ++ conf="${conf}search ${new_domain_search}\n" ++ elif [ "x$new_domain_name" != x ]; then ++ # Note that the DHCP 'Domain Name Option' is really just a domain ++ # name, and that this practice of using the domain name option as ++ # a search path is both nonstandard and deprecated. ++ conf="${conf}search ${new_domain_name}\n" + fi ++ for nameserver in $new_domain_name_servers; do ++ conf="${conf}nameserver ${nameserver}\n" ++ done + elif [ "x${new_dhcp6_name_servers}" != x ] ; then +- ( cat /dev/null > /etc/resolv.conf.dhclient6 ) +- exit_status=$? +- if [ $exit_status -ne 0 ] ; then +- $LOGGER "Unable to create /etc/resolv.conf.dhclient6: Error $exit_status" +- else +- if [ "x${new_dhcp6_domain_search}" != x ] ; then +- ( echo search ${new_dhcp6_domain_search} >> /etc/resolv.conf.dhclient6 ) +- exit_status=$? +- fi +- for nameserver in ${new_dhcp6_name_servers} ; do +- if [ $exit_status -ne 0 ] ; then +- break +- fi + # If the nameserver has a link-local address + # add a <zone_id> (interface name) to it. + case $nameserver in + fe80:*) zone_id="%$interface";; + FE80:*) zone_id="%$interface";; + *) zone_id='';; + esac +- ( echo nameserver ${nameserver}$zone_id >> /etc/resolv.conf.dhclient6 ) +- exit_status=$? +- done +- +- if [ $exit_status -eq 0 ] ; then +- ( mv /etc/resolv.conf.dhclient6 /etc/resolv.conf ) +- exit_status=$? +- fi ++ if [ "x${new_dhcp6_domain_search}" != x ] ; then ++ conf="${conf}search ${new_dhcp6_domain_search}\n" ++ fi ++ for nameserver in ${new_dhcp6_name_servers} ; do ++ conf="${conf}nameserver ${nameserver}$zone_id\n" ++ done ++ fi + +- if [ $exit_status -ne 0 ] ; then +- $LOGGER "Error while writing new /etc/resolv.conf." +- fi ++ if [ x"$conf" != x ]; then ++ conf="# Generated by dhclient or interface $interface\n${conf}" ++ if type resolvconf >/dev/null 2>&1; then ++ printf "${conf}" | resolvconf -a $interface ++ else ++ printf "${conf}" > /etc/resolv.conf ++ chmod 644 /etc/resolv.conf + fi + fi + } +--- a/client/scripts/linux ++++ b/client/scripts/linux +@@ -26,44 +26,49 @@ + ip=/sbin/ip + + make_resolv_conf() { ++ if [ x"$PEER_DNS" != x ] && [ x$"PEER_DNS" != xyes ]; then ++ return 0 ++ fi ++ local conf= + if [ x"$new_domain_name_servers" != x ]; then +- cat /dev/null > /etc/resolv.conf.dhclient +- chmod 644 /etc/resolv.conf.dhclient +- if [ x"$new_domain_search" != x ]; then +- echo search $new_domain_search >> /etc/resolv.conf.dhclient +- elif [ x"$new_domain_name" != x ]; then ++ if [ "x$new_domain_search" != x ]; then ++ conf="${conf}search ${new_domain_search}\n" ++ elif [ "x$new_domain_name" != x ]; then + # Note that the DHCP 'Domain Name Option' is really just a domain + # name, and that this practice of using the domain name option as + # a search path is both nonstandard and deprecated. +- echo search $new_domain_name >> /etc/resolv.conf.dhclient ++ conf="${conf}search ${new_domain_name}\n" + fi + for nameserver in $new_domain_name_servers; do +- echo nameserver $nameserver >>/etc/resolv.conf.dhclient ++ conf="${conf}nameserver ${nameserver}\n" + done +- +- mv /etc/resolv.conf.dhclient /etc/resolv.conf + elif [ "x${new_dhcp6_name_servers}" != x ] ; then +- cat /dev/null > /etc/resolv.conf.dhclient6 +- chmod 644 /etc/resolv.conf.dhclient6 +- + if [ "x${new_dhcp6_domain_search}" != x ] ; then +- echo search ${new_dhcp6_domain_search} >> /etc/resolv.conf.dhclient6 ++ conf="${conf}search ${new_dhcp6_domain_search}\n" + fi + shopt -s nocasematch + for nameserver in ${new_dhcp6_name_servers} ; do + # If the nameserver has a link-local address + # add a <zone_id> (interface name) to it. + if [[ "$nameserver" =~ ^fe80:: ]] + then + zone_id="%$interface" + else + zone_id= + fi +- echo nameserver ${nameserver}$zone_id >> /etc/resolv.conf.dhclient6 ++ conf="${conf}nameserver ${nameserver}$zone_id\n" + done + shopt -u nocasematch ++ fi + +- mv /etc/resolv.conf.dhclient6 /etc/resolv.conf ++ if [ x"$conf" != x ]; then ++ conf="# Generated by dhclient or interface $interface\n${conf}" ++ if type resolvconf >/dev/null 2>&1; then ++ printf "${conf}" | resolvconf -a $interface ++ else ++ printf "${conf}" > /etc/resolv.conf ++ chmod 644 /etc/resolv.conf ++ fi + fi + } + +--- a/client/scripts/netbsd ++++ b/client/scripts/netbsd +@@ -1,40 +1,46 @@ + #!/bin/sh + + make_resolv_conf() { +- if [ "x$new_domain_name" != x ] && [ x"$new_domain_name_servers" != x ]; then +- cat /dev/null > /etc/resolv.conf.dhclient +- if [ "x$new_domain_search" != x ]; then +- echo search $new_domain_search >> /etc/resolv.conf.dhclient +- elif [ "x$new_domain_name" != x ]; then ++ if [ x"$PEER_DNS" != x ] && [ x$"PEER_DNS" != xyes ]; then ++ return 0 ++ fi ++ local conf= ++ if [ x"$new_domain_name_servers" != x ]; then ++ if [ "x$new_domain_search" != x ]; then ++ conf="${conf}search ${new_domain_search}\n" ++ elif [ "x$new_domain_name" != x ]; then + # Note that the DHCP 'Domain Name Option' is really just a domain + # name, and that this practice of using the domain name option as + # a search path is both nonstandard and deprecated. +- echo search $new_domain_name >> /etc/resolv.conf.dhclient ++ conf="${conf}search ${new_domain_name}\n" + fi + for nameserver in $new_domain_name_servers; do +- echo nameserver $nameserver >>/etc/resolv.conf.dhclient ++ conf="${conf}nameserver ${nameserver}\n" + done +- +- mv /etc/resolv.conf.dhclient /etc/resolv.conf + elif [ "x${new_dhcp6_name_servers}" != x ] ; then +- cat /dev/null > /etc/resolv.conf.dhclient6 +- chmod 644 /etc/resolv.conf.dhclient6 +- + if [ "x${new_dhcp6_domain_search}" != x ] ; then +- echo search ${new_dhcp6_domain_search} >> /etc/resolv.conf.dhclient6 ++ conf="${conf}search ${new_dhcp6_domain_search}\n" + fi + for nameserver in ${new_dhcp6_name_servers} ; do + # If the nameserver has a link-local address + # add a <zone_id> (interface name) to it. + case $nameserver in + fe80:*) zone_id="%$interface";; + FE80:*) zone_id="%$interface";; + *) zone_id='';; + esac +- echo nameserver ${nameserver}$zone_id >> /etc/resolv.conf.dhclient6 ++ conf="${conf}nameserver ${nameserver}$zone_id\n" + done ++ fi + +- mv /etc/resolv.conf.dhclient6 /etc/resolv.conf ++ if [ x"$conf" != x ]; then ++ conf="# Generated by dhclient or interface $interface\n${conf}" ++ if type resolvconf >/dev/null 2>&1; then ++ printf "${conf}" | resolvconf -a $interface ++ else ++ printf "${conf}" > /etc/resolv.conf ++ chmod 644 /etc/resolv.conf ++ fi + fi + } + +--- a/client/scripts/openbsd ++++ b/client/scripts/openbsd +@@ -1,40 +1,46 @@ + #!/bin/sh + + make_resolv_conf() { +- if [ x"$new_domain_name_servers" != x ]; then +- cat /dev/null > /etc/resolv.conf.dhclient +- if [ x"$new_domain_search" != x ]; then +- echo search $new_domain_search >> /etc/resolv.conf.dhclient +- elif [ x"$new_domain_name" != x ]; then ++ if [ x"$PEER_DNS" != x ] && [ x$"PEER_DNS" != xyes ]; then ++ return 0 ++ fi ++ local conf= ++ if [ x"$new_domain_name_servers" != x ]; then ++ if [ "x$new_domain_search" != x ]; then ++ conf="${conf}search ${new_domain_search}\n" ++ elif [ "x$new_domain_name" != x ]; then + # Note that the DHCP 'Domain Name Option' is really just a domain + # name, and that this practice of using the domain name option as + # a search path is both nonstandard and deprecated. +- echo search $new_domain_name >> /etc/resolv.conf.dhclient ++ conf="${conf}search ${new_domain_name}\n" + fi + for nameserver in $new_domain_name_servers; do +- echo nameserver $nameserver >>/etc/resolv.conf.dhclient ++ conf="${conf}nameserver ${nameserver}\n" + done +- +- mv /etc/resolv.conf.dhclient /etc/resolv.conf + elif [ "x${new_dhcp6_name_servers}" != x ] ; then +- cat /dev/null > /etc/resolv.conf.dhclient6 +- chmod 644 /etc/resolv.conf.dhclient6 +- + if [ "x${new_dhcp6_domain_search}" != x ] ; then +- echo search ${new_dhcp6_domain_search} >> /etc/resolv.conf.dhclient6 ++ conf="${conf}search ${new_dhcp6_domain_search}\n" + fi + for nameserver in ${new_dhcp6_name_servers} ; do + # If the nameserver has a link-local address + # add a <zone_id> (interface name) to it. + case $nameserver in + fe80:*) zone_id="%$interface";; + FE80:*) zone_id="%$interface";; + *) zone_id='';; + esac +- echo nameserver ${nameserver}$zone_id >> /etc/resolv.conf.dhclient6 ++ conf="${conf}nameserver ${nameserver}$zone_id\n" + done ++ fi + +- mv /etc/resolv.conf.dhclient6 /etc/resolv.conf ++ if [ x"$conf" != x ]; then ++ conf="# Generated by dhclient or interface $interface\n${conf}" ++ if type resolvconf >/dev/null 2>&1; then ++ printf "${conf}" | resolvconf -a $interface ++ else ++ printf "${conf}" > /etc/resolv.conf ++ chmod 644 /etc/resolv.conf ++ fi + fi + } + +--- a/client/scripts/solaris ++++ b/client/scripts/solaris +@@ -1,21 +1,39 @@ + #!/bin/sh + + make_resolv_conf() { ++ if [ x"$PEER_DNS" != x ] && [ x$"PEER_DNS" != xyes ]; then ++ return 0 ++ fi ++ local conf= + if [ x"$new_domain_name_servers" != x ]; then +- cat /dev/null > /etc/resolv.conf.dhclient +- if [ x"$new_domain_search" != x ]; then +- echo search $new_domain_search >> /etc/resolv.conf.dhclient +- elif [ x"$new_domain_name" != x ]; then ++ if [ "x$new_domain_search" != x ]; then ++ conf="${conf}search ${new_domain_search}\n" ++ elif [ "x$new_domain_name" != x ]; then + # Note that the DHCP 'Domain Name Option' is really just a domain + # name, and that this practice of using the domain name option as + # a search path is both nonstandard and deprecated. +- echo search $new_domain_name >> /etc/resolv.conf.dhclient ++ conf="${conf}search ${new_domain_name}\n" + fi + for nameserver in $new_domain_name_servers; do +- echo nameserver $nameserver >>/etc/resolv.conf.dhclient ++ conf="${conf}nameserver ${nameserver}\n" ++ done ++ elif [ "x${new_dhcp6_name_servers}" != x ] ; then ++ if [ "x${new_dhcp6_domain_search}" != x ] ; then ++ conf="${conf}search ${new_dhcp6_domain_search}\n" ++ fi ++ for nameserver in ${new_dhcp6_name_servers} ; do ++ conf="${conf}nameserver ${nameserver}\n" + done ++ fi + +- mv /etc/resolv.conf.dhclient /etc/resolv.conf ++ if [ x"$conf" != x ]; then ++ conf="# Generated by dhclient or interface $interface\n${conf}" ++ if type resolvconf >/dev/null 2>&1; then ++ printf "${conf}" | resolvconf -a $interface ++ else ++ printf "${conf}" > /etc/resolv.conf ++ chmod 644 /etc/resolv.conf ++ fi + fi + } + diff --git a/net-misc/dhcp/files/dhcp-4.2.2-dhclient-stdin-conf.patch b/net-misc/dhcp/files/dhcp-4.2.2-dhclient-stdin-conf.patch new file mode 100644 index 000000000000..bf5a54c32153 --- /dev/null +++ b/net-misc/dhcp/files/dhcp-4.2.2-dhclient-stdin-conf.patch @@ -0,0 +1,113 @@ +--- dhcp-4.2.2/client/clparse.c ++++ dhcp-4.2.2/client/clparse.c +@@ -182,6 +182,10 @@ isc_result_t read_client_conf () + #endif + } + ++ /* Read any extra configuration from stdin */ ++ extern int read_client_conf_stdin (struct interface_info *ip, struct client_config *client); ++ read_client_conf_stdin (NULL, &top_level_config); ++ + /* Set up state and config structures for clients that don't + have per-interface configuration statements. */ + config = (struct client_config *)0; +@@ -211,23 +215,13 @@ isc_result_t read_client_conf () + return status; + } + +-int read_client_conf_file (const char *name, struct interface_info *ip, ++int read_client_conf_actual (struct parse *cfile, struct interface_info *ip, + struct client_config *client) + { +- int file; +- struct parse *cfile; + const char *val; + int token; + isc_result_t status; + +- if ((file = open (name, O_RDONLY)) < 0) +- return uerr2isc (errno); +- +- cfile = NULL; +- status = new_parse(&cfile, file, NULL, 0, path_dhclient_conf, 0); +- if (status != ISC_R_SUCCESS || cfile == NULL) +- return status; +- + do { + token = peek_token (&val, (unsigned *)0, cfile); + if (token == END_OF_FILE) +@@ -238,10 +232,74 @@ int read_client_conf_file (const char *name, struct interface_info *ip, + status = (cfile -> warnings_occurred + ? DHCP_R_BADPARSE + : ISC_R_SUCCESS); ++ return status; ++} ++ ++int read_client_conf_file (const char *name, struct interface_info *ip, ++ struct client_config *client) ++{ ++ int file; ++ struct parse *cfile; ++ isc_result_t status; ++ ++ if ((file = open (name, O_RDONLY)) < 0) ++ return uerr2isc (errno); ++ ++ cfile = (struct parse *)0; ++ new_parse (&cfile, file, (char *)0, 0, path_dhclient_conf, 0); ++ status = read_client_conf_actual(cfile, ip, client); + end_parse (&cfile); + return status; + } + ++int read_client_conf_stdin (struct interface_info *ip, ++ struct client_config *client) ++{ ++ int file; ++ char *buffer = NULL, *p; ++ unsigned buflen, len = 0; ++ struct parse *cfile; ++ size_t bytes; ++ isc_result_t status; ++ ++ file = fileno(stdin); ++ if (isatty (file)) ++ return ISC_R_NOTFOUND; ++ if (fcntl (file, F_SETFL, O_NONBLOCK) < 0) ++ log_fatal ("could not set stdin to non blocking!"); ++ ++ buflen = BUFSIZ; ++ buffer = malloc (BUFSIZ + 1); ++ p = buffer; ++ do { ++ bytes = read (file, p, BUFSIZ); ++ if (bytes == 0) ++ break; ++ if (bytes == -1) ++ log_fatal ("failed to read stdin!"); ++ if (bytes >= BUFSIZ) { ++ buflen += BUFSIZ; ++ len += BUFSIZ; ++ buffer = realloc (buffer, buflen + 1); ++ if (!buffer) ++ log_fatal ("not enough buffer to read stdin!"); ++ p = buffer + len; ++ } else { ++ len += bytes; ++ break; ++ } ++ } while(1); ++ buffer[len] = '\0'; ++ ++ cfile = (struct parse *)0; ++ status = new_parse (&cfile, -1, buffer, len, "stdin", 0); ++ if (status == ISC_R_SUCCESS) { ++ status = read_client_conf_actual (cfile, ip, client); ++ end_parse (&cfile); ++ } ++ free(buffer); ++ return status; ++} + + /* lease-file :== client-lease-statements END_OF_FILE + client-lease-statements :== <nil> diff --git a/net-misc/dhcp/files/dhcp-4.2.2-nogateway.patch b/net-misc/dhcp/files/dhcp-4.2.2-nogateway.patch new file mode 100644 index 000000000000..27fb2b0e6025 --- /dev/null +++ b/net-misc/dhcp/files/dhcp-4.2.2-nogateway.patch @@ -0,0 +1,46 @@ +http://bugs.gentoo.org/265531 + +--- dhcp-4.2.2/client/scripts/linux ++++ dhcp-4.2.2/client/scripts/linux +@@ -193,12 +193,14 @@ + ifconfig $interface inet $new_ip_address $new_subnet_arg \ + $new_broadcast_arg $mtu_arg + # Add a network route to the computed network address. +- for router in $new_routers; do +- if [ "x$new_subnet_mask" = "x255.255.255.255" ] ; then +- route add -host $router dev $interface +- fi +- route add default gw $router $metric_arg dev $interface +- done ++ if [ x$PEER_ROUTERS = x ] || [ x$PEER_ROUTERS = xyes ]; then ++ for router in $new_routers; do ++ if [ "x$new_subnet_mask" = "x255.255.255.255" ] ; then ++ route add -host $router dev $interface ++ fi ++ route add default gw $router $metric_arg dev $interface ++ done ++ fi + else + # we haven't changed the address, have we changed other options + # that we wish to update? +@@ -244,12 +246,14 @@ + ifconfig $interface:0 inet $alias_ip_address $alias_subnet_arg + route add -host $alias_ip_address dev $interface:0 + fi +- for router in $new_routers; do +- if [ "x$new_subnet_mask" = "x255.255.255.255" ] ; then +- route add -host $router dev $interface +- fi +- route add default gw $router $metric_arg dev $interface +- done ++ if [ x$PEER_ROUTERS = x ] || [ x$PEER_ROUTERS = xyes ]; then ++ for router in $new_routers; do ++ if [ "x$new_subnet_mask" = "x255.255.255.255" ] ; then ++ route add -host $router dev $interface ++ fi ++ route add default gw $router $metric_arg dev $interface ++ done ++ fi + make_resolv_conf + exit_with_hooks 0 + fi |