CVS commit: src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386
Module Name:src Committed By: christos Date: Sat Feb 10 06:22:22 UTC 2018 Modified Files: src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386: Makefile aes-586.S crypt586.S Log Message: fix typo To generate a diff of this commit: cvs rdiff -u -r1.10 -r1.11 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/Makefile cvs rdiff -u -r1.9 -r1.10 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/aes-586.S cvs rdiff -u -r1.6 -r1.7 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/crypt586.S Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/Makefile diff -u src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/Makefile:1.10 src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/Makefile:1.11 --- src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/Makefile:1.10 Sat Feb 10 00:51:06 2018 +++ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/Makefile Sat Feb 10 01:22:22 2018 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.10 2018/02/10 05:51:06 christos Exp $ +# $NetBSD: Makefile,v 1.11 2018/02/10 06:22:22 christos Exp $ .include "bsd.own.mk" @@ -12,8 +12,8 @@ regen: -I${OPENSSLSRC}/crypto/bn/asm $$i elf /dev/stdout \ | sed -e 's,^\.file.*$$,#include ,' \ -e 's/ call OPENSSL_cpuid_setup/ PIC_PROLOGUE! call PIC_PLT(OPENSSL_cpuid_setup)! PIC_EPILOGUE/' \ - -e 's/ leal DES_SPtrans,%edx/ PIC_PROLOGUE! leal PIC_GOT(DES_SPtrans),%edx! PIC_EPOLOGUE/' \ - -e 's/ leal OPENSSL_ia32cap_P,%eax/ PIC_PROLOGUE! leal PIC_GOT(OPENSSL_ia32cap_P),%eax! PIC_EPOLOGUE/' \ + -e 's/ leal DES_SPtrans,%edx/ PIC_PROLOGUE! leal PIC_GOT(DES_SPtrans),%edx! PIC_EPILOGUE/' \ + -e 's/ leal OPENSSL_ia32cap_P,%eax/ PIC_PROLOGUE! leal PIC_GOT(OPENSSL_ia32cap_P),%eax! PIC_EPILOGUE/' \ | tr '!' '\n' \ > $$(basename $$i .pl).S; \ done Index: src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/aes-586.S diff -u src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/aes-586.S:1.9 src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/aes-586.S:1.10 --- src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/aes-586.S:1.9 Sat Feb 10 00:51:06 2018 +++ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/aes-586.S Sat Feb 10 01:22:22 2018 @@ -1002,7 +1002,7 @@ AES_encrypt: popl %ebp PIC_PROLOGUE leal PIC_GOT(OPENSSL_ia32cap_P),%eax - PIC_EPOLOGUE + PIC_EPILOGUE leal .LAES_Te-.L004pic_point(%ebp),%ebp leal 764(%esp),%ebx subl %ebp,%ebx @@ -2196,7 +2196,7 @@ AES_decrypt: popl %ebp PIC_PROLOGUE leal PIC_GOT(OPENSSL_ia32cap_P),%eax - PIC_EPOLOGUE + PIC_EPILOGUE leal .LAES_Td-.L010pic_point(%ebp),%ebp leal 764(%esp),%ebx subl %ebp,%ebx @@ -2254,7 +2254,7 @@ AES_cbc_encrypt: popl %ebp PIC_PROLOGUE leal PIC_GOT(OPENSSL_ia32cap_P),%eax - PIC_EPOLOGUE + PIC_EPILOGUE cmpl $0,40(%esp) leal .LAES_Te-.L013pic_point(%ebp),%ebp jne .L014picked_te Index: src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/crypt586.S diff -u src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/crypt586.S:1.6 src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/crypt586.S:1.7 --- src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/crypt586.S:1.6 Sat Feb 10 00:51:06 2018 +++ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/crypt586.S Sat Feb 10 01:22:22 2018 @@ -15,7 +15,7 @@ fcrypt_body: xorl %esi,%esi PIC_PROLOGUE leal PIC_GOT(DES_SPtrans),%edx - PIC_EPOLOGUE + PIC_EPILOGUE pushl %edx movl 28(%esp),%ebp pushl $25
CVS commit: src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386
Module Name:src Committed By: christos Date: Sat Feb 10 06:22:22 UTC 2018 Modified Files: src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386: Makefile aes-586.S crypt586.S Log Message: fix typo To generate a diff of this commit: cvs rdiff -u -r1.10 -r1.11 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/Makefile cvs rdiff -u -r1.9 -r1.10 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/aes-586.S cvs rdiff -u -r1.6 -r1.7 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/crypt586.S Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386
Module Name:src Committed By: christos Date: Sat Feb 10 05:51:06 UTC 2018 Modified Files: src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386: Makefile aes-586.S crypt586.S Log Message: Fix TEXTREL's To generate a diff of this commit: cvs rdiff -u -r1.9 -r1.10 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/Makefile cvs rdiff -u -r1.8 -r1.9 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/aes-586.S cvs rdiff -u -r1.5 -r1.6 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/crypt586.S Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386
Module Name:src Committed By: christos Date: Sat Feb 10 05:51:06 UTC 2018 Modified Files: src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386: Makefile aes-586.S crypt586.S Log Message: Fix TEXTREL's To generate a diff of this commit: cvs rdiff -u -r1.9 -r1.10 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/Makefile cvs rdiff -u -r1.8 -r1.9 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/aes-586.S cvs rdiff -u -r1.5 -r1.6 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/crypt586.S Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/Makefile diff -u src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/Makefile:1.9 src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/Makefile:1.10 --- src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/Makefile:1.9 Fri Feb 9 11:06:59 2018 +++ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/Makefile Sat Feb 10 00:51:06 2018 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.9 2018/02/09 16:06:59 christos Exp $ +# $NetBSD: Makefile,v 1.10 2018/02/10 05:51:06 christos Exp $ .include "bsd.own.mk" @@ -11,6 +11,9 @@ regen: perl -I${OPENSSLSRC}/crypto/perlasm \ -I${OPENSSLSRC}/crypto/bn/asm $$i elf /dev/stdout \ | sed -e 's,^\.file.*$$,#include ,' \ - -e 's/ call OPENSSL_cpuid_setup/ PIC_PROLOGUE! call PIC_PLT(OPENSSL_cpuid_setup)! PIC_EPILOGUE/' | tr '!' '\n' \ + -e 's/ call OPENSSL_cpuid_setup/ PIC_PROLOGUE! call PIC_PLT(OPENSSL_cpuid_setup)! PIC_EPILOGUE/' \ + -e 's/ leal DES_SPtrans,%edx/ PIC_PROLOGUE! leal PIC_GOT(DES_SPtrans),%edx! PIC_EPOLOGUE/' \ + -e 's/ leal OPENSSL_ia32cap_P,%eax/ PIC_PROLOGUE! leal PIC_GOT(OPENSSL_ia32cap_P),%eax! PIC_EPOLOGUE/' \ + | tr '!' '\n' \ > $$(basename $$i .pl).S; \ done Index: src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/aes-586.S diff -u src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/aes-586.S:1.8 src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/aes-586.S:1.9 --- src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/aes-586.S:1.8 Fri Feb 9 11:06:59 2018 +++ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/aes-586.S Sat Feb 10 00:51:06 2018 @@ -1000,7 +1000,9 @@ AES_encrypt: call .L004pic_point .L004pic_point: popl %ebp - leal OPENSSL_ia32cap_P,%eax + PIC_PROLOGUE + leal PIC_GOT(OPENSSL_ia32cap_P),%eax + PIC_EPOLOGUE leal .LAES_Te-.L004pic_point(%ebp),%ebp leal 764(%esp),%ebx subl %ebp,%ebx @@ -2192,7 +2194,9 @@ AES_decrypt: call .L010pic_point .L010pic_point: popl %ebp - leal OPENSSL_ia32cap_P,%eax + PIC_PROLOGUE + leal PIC_GOT(OPENSSL_ia32cap_P),%eax + PIC_EPOLOGUE leal .LAES_Td-.L010pic_point(%ebp),%ebp leal 764(%esp),%ebx subl %ebp,%ebx @@ -2248,7 +2252,9 @@ AES_cbc_encrypt: call .L013pic_point .L013pic_point: popl %ebp - leal OPENSSL_ia32cap_P,%eax + PIC_PROLOGUE + leal PIC_GOT(OPENSSL_ia32cap_P),%eax + PIC_EPOLOGUE cmpl $0,40(%esp) leal .LAES_Te-.L013pic_point(%ebp),%ebp jne .L014picked_te Index: src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/crypt586.S diff -u src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/crypt586.S:1.5 src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/crypt586.S:1.6 --- src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/crypt586.S:1.5 Fri Feb 9 11:06:59 2018 +++ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/crypt586.S Sat Feb 10 00:51:06 2018 @@ -13,7 +13,9 @@ fcrypt_body: xorl %edi,%edi xorl %esi,%esi - leal DES_SPtrans,%edx + PIC_PROLOGUE + leal PIC_GOT(DES_SPtrans),%edx + PIC_EPOLOGUE pushl %edx movl 28(%esp),%ebp pushl $25
CVS commit: [netbsd-6-1] src/doc
Module Name:src Committed By: snj Date: Sat Feb 10 04:26:15 UTC 2018 Modified Files: src/doc [netbsd-6-1]: CHANGES-6.1.6 Log Message: 1527 To generate a diff of this commit: cvs rdiff -u -r1.1.2.124 -r1.1.2.125 src/doc/CHANGES-6.1.6 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/dist/pf/net
Module Name:src Committed By: snj Date: Sat Feb 10 04:25:38 UTC 2018 Modified Files: src/sys/dist/pf/net [netbsd-6]: pf.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1527): sys/dist/pf/net/pf.c: revision 1.78 via patch Oh, what is this. Fix a remotely-triggerable integer overflow: the way we define TCPOLEN_SACK makes it unsigned, and the comparison in the while() is unsigned too. That's not the expected behavior, the original code wanted a signed comparison. It's pretty easy to make 'hlen' go negative and trigger a buffer overflow. This bug was reported 8 years ago by Lucio Albornoz in PR/44059. To generate a diff of this commit: cvs rdiff -u -r1.68 -r1.68.2.1 src/sys/dist/pf/net/pf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/dist/pf/net/pf.c diff -u src/sys/dist/pf/net/pf.c:1.68 src/sys/dist/pf/net/pf.c:1.68.2.1 --- src/sys/dist/pf/net/pf.c:1.68 Mon Dec 19 16:10:07 2011 +++ src/sys/dist/pf/net/pf.c Sat Feb 10 04:25:37 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: pf.c,v 1.68 2011/12/19 16:10:07 drochner Exp $ */ +/* $NetBSD: pf.c,v 1.68.2.1 2018/02/10 04:25:37 snj Exp $ */ /* $OpenBSD: pf.c,v 1.552.2.1 2007/11/27 16:37:57 henning Exp $ */ /* @@ -37,7 +37,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: pf.c,v 1.68 2011/12/19 16:10:07 drochner Exp $"); +__KERNEL_RCSID(0, "$NetBSD: pf.c,v 1.68.2.1 2018/02/10 04:25:37 snj Exp $"); #include "pflog.h" @@ -1590,7 +1590,7 @@ pf_modulate_sack(struct mbuf *m, int off struct sackblk sack; #ifdef __NetBSD__ -#define TCPOLEN_SACK (2 * sizeof(uint32_t)) +#define TCPOLEN_SACK 8 /* 2*sizeof(tcp_seq) */ #endif #define TCPOLEN_SACKLEN (TCPOLEN_SACK + 2)
CVS commit: [netbsd-6-1] src/sys/dist/pf/net
Module Name:src Committed By: snj Date: Sat Feb 10 04:25:36 UTC 2018 Modified Files: src/sys/dist/pf/net [netbsd-6-1]: pf.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1527): sys/dist/pf/net/pf.c: revision 1.78 via patch Oh, what is this. Fix a remotely-triggerable integer overflow: the way we define TCPOLEN_SACK makes it unsigned, and the comparison in the while() is unsigned too. That's not the expected behavior, the original code wanted a signed comparison. It's pretty easy to make 'hlen' go negative and trigger a buffer overflow. This bug was reported 8 years ago by Lucio Albornoz in PR/44059. To generate a diff of this commit: cvs rdiff -u -r1.68 -r1.68.8.1 src/sys/dist/pf/net/pf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/dist/pf/net/pf.c diff -u src/sys/dist/pf/net/pf.c:1.68 src/sys/dist/pf/net/pf.c:1.68.8.1 --- src/sys/dist/pf/net/pf.c:1.68 Mon Dec 19 16:10:07 2011 +++ src/sys/dist/pf/net/pf.c Sat Feb 10 04:25:36 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: pf.c,v 1.68 2011/12/19 16:10:07 drochner Exp $ */ +/* $NetBSD: pf.c,v 1.68.8.1 2018/02/10 04:25:36 snj Exp $ */ /* $OpenBSD: pf.c,v 1.552.2.1 2007/11/27 16:37:57 henning Exp $ */ /* @@ -37,7 +37,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: pf.c,v 1.68 2011/12/19 16:10:07 drochner Exp $"); +__KERNEL_RCSID(0, "$NetBSD: pf.c,v 1.68.8.1 2018/02/10 04:25:36 snj Exp $"); #include "pflog.h" @@ -1590,7 +1590,7 @@ pf_modulate_sack(struct mbuf *m, int off struct sackblk sack; #ifdef __NetBSD__ -#define TCPOLEN_SACK (2 * sizeof(uint32_t)) +#define TCPOLEN_SACK 8 /* 2*sizeof(tcp_seq) */ #endif #define TCPOLEN_SACKLEN (TCPOLEN_SACK + 2)
CVS commit: [netbsd-6-1] src/doc
Module Name:src Committed By: snj Date: Sat Feb 10 04:26:15 UTC 2018 Modified Files: src/doc [netbsd-6-1]: CHANGES-6.1.6 Log Message: 1527 To generate a diff of this commit: cvs rdiff -u -r1.1.2.124 -r1.1.2.125 src/doc/CHANGES-6.1.6 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-6.1.6 diff -u src/doc/CHANGES-6.1.6:1.1.2.124 src/doc/CHANGES-6.1.6:1.1.2.125 --- src/doc/CHANGES-6.1.6:1.1.2.124 Fri Feb 9 14:11:54 2018 +++ src/doc/CHANGES-6.1.6 Sat Feb 10 04:26:15 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-6.1.6,v 1.1.2.124 2018/02/09 14:11:54 martin Exp $ +# $NetBSD: CHANGES-6.1.6,v 1.1.2.125 2018/02/10 04:26:15 snj Exp $ A complete list of changes from the NetBSD 6.1.5 release to the NetBSD 6.1.6 release: @@ -14986,3 +14986,8 @@ sys/netinet/ip_input.c1.366 Disable LSRR/SSRR by default. [maxv, ticket #1526] +sys/dist/pf/net/pf.c1.78 via patch + + Fix signedness bug in PF. PR/44059. + [maxv, ticket #1527] +
CVS commit: [netbsd-6] src/sys/dist/pf/net
Module Name:src Committed By: snj Date: Sat Feb 10 04:25:38 UTC 2018 Modified Files: src/sys/dist/pf/net [netbsd-6]: pf.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1527): sys/dist/pf/net/pf.c: revision 1.78 via patch Oh, what is this. Fix a remotely-triggerable integer overflow: the way we define TCPOLEN_SACK makes it unsigned, and the comparison in the while() is unsigned too. That's not the expected behavior, the original code wanted a signed comparison. It's pretty easy to make 'hlen' go negative and trigger a buffer overflow. This bug was reported 8 years ago by Lucio Albornoz in PR/44059. To generate a diff of this commit: cvs rdiff -u -r1.68 -r1.68.2.1 src/sys/dist/pf/net/pf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6-0] src/doc
Module Name:src Committed By: snj Date: Sat Feb 10 04:25:59 UTC 2018 Modified Files: src/doc [netbsd-6-0]: CHANGES-6.0.7 Log Message: 1527 To generate a diff of this commit: cvs rdiff -u -r1.1.2.127 -r1.1.2.128 src/doc/CHANGES-6.0.7 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-6.0.7 diff -u src/doc/CHANGES-6.0.7:1.1.2.127 src/doc/CHANGES-6.0.7:1.1.2.128 --- src/doc/CHANGES-6.0.7:1.1.2.127 Fri Feb 9 14:12:55 2018 +++ src/doc/CHANGES-6.0.7 Sat Feb 10 04:25:59 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-6.0.7,v 1.1.2.127 2018/02/09 14:12:55 martin Exp $ +# $NetBSD: CHANGES-6.0.7,v 1.1.2.128 2018/02/10 04:25:59 snj Exp $ A complete list of changes from the NetBSD 6.0.6 release to the NetBSD 6.0.7 release: @@ -15313,3 +15313,8 @@ sys/netinet/ip_input.c1.366 Disable LSRR/SSRR by default. [maxv, ticket #1526] +sys/dist/pf/net/pf.c1.78 via patch + + Fix signedness bug in PF. PR/44059. + [maxv, ticket #1527] +
CVS commit: [netbsd-6-1] src/sys/dist/pf/net
Module Name:src Committed By: snj Date: Sat Feb 10 04:25:36 UTC 2018 Modified Files: src/sys/dist/pf/net [netbsd-6-1]: pf.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1527): sys/dist/pf/net/pf.c: revision 1.78 via patch Oh, what is this. Fix a remotely-triggerable integer overflow: the way we define TCPOLEN_SACK makes it unsigned, and the comparison in the while() is unsigned too. That's not the expected behavior, the original code wanted a signed comparison. It's pretty easy to make 'hlen' go negative and trigger a buffer overflow. This bug was reported 8 years ago by Lucio Albornoz in PR/44059. To generate a diff of this commit: cvs rdiff -u -r1.68 -r1.68.8.1 src/sys/dist/pf/net/pf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6-0] src/doc
Module Name:src Committed By: snj Date: Sat Feb 10 04:25:59 UTC 2018 Modified Files: src/doc [netbsd-6-0]: CHANGES-6.0.7 Log Message: 1527 To generate a diff of this commit: cvs rdiff -u -r1.1.2.127 -r1.1.2.128 src/doc/CHANGES-6.0.7 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/doc
Module Name:src Committed By: snj Date: Sat Feb 10 04:26:35 UTC 2018 Modified Files: src/doc [netbsd-6]: CHANGES-6.2 Log Message: 1527 To generate a diff of this commit: cvs rdiff -u -r1.1.2.320 -r1.1.2.321 src/doc/CHANGES-6.2 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/doc
Module Name:src Committed By: snj Date: Sat Feb 10 04:26:35 UTC 2018 Modified Files: src/doc [netbsd-6]: CHANGES-6.2 Log Message: 1527 To generate a diff of this commit: cvs rdiff -u -r1.1.2.320 -r1.1.2.321 src/doc/CHANGES-6.2 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-6.2 diff -u src/doc/CHANGES-6.2:1.1.2.320 src/doc/CHANGES-6.2:1.1.2.321 --- src/doc/CHANGES-6.2:1.1.2.320 Fri Feb 9 14:10:35 2018 +++ src/doc/CHANGES-6.2 Sat Feb 10 04:26:35 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-6.2,v 1.1.2.320 2018/02/09 14:10:35 martin Exp $ +# $NetBSD: CHANGES-6.2,v 1.1.2.321 2018/02/10 04:26:35 snj Exp $ A complete list of changes from the 6.1 release until the 6.2 release: @@ -21044,3 +21044,8 @@ sys/netinet/ip_input.c1.366 Disable LSRR/SSRR by default. [maxv, ticket #1526] +sys/dist/pf/net/pf.c1.78 via patch + + Fix signedness bug in PF. PR/44059. + [maxv, ticket #1527] +
CVS commit: [netbsd-6-0] src/sys/dist/pf/net
Module Name:src Committed By: snj Date: Sat Feb 10 04:25:34 UTC 2018 Modified Files: src/sys/dist/pf/net [netbsd-6-0]: pf.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1527): sys/dist/pf/net/pf.c: revision 1.78 via patch Oh, what is this. Fix a remotely-triggerable integer overflow: the way we define TCPOLEN_SACK makes it unsigned, and the comparison in the while() is unsigned too. That's not the expected behavior, the original code wanted a signed comparison. It's pretty easy to make 'hlen' go negative and trigger a buffer overflow. This bug was reported 8 years ago by Lucio Albornoz in PR/44059. To generate a diff of this commit: cvs rdiff -u -r1.68 -r1.68.6.1 src/sys/dist/pf/net/pf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6-0] src/sys/dist/pf/net
Module Name:src Committed By: snj Date: Sat Feb 10 04:25:34 UTC 2018 Modified Files: src/sys/dist/pf/net [netbsd-6-0]: pf.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1527): sys/dist/pf/net/pf.c: revision 1.78 via patch Oh, what is this. Fix a remotely-triggerable integer overflow: the way we define TCPOLEN_SACK makes it unsigned, and the comparison in the while() is unsigned too. That's not the expected behavior, the original code wanted a signed comparison. It's pretty easy to make 'hlen' go negative and trigger a buffer overflow. This bug was reported 8 years ago by Lucio Albornoz in PR/44059. To generate a diff of this commit: cvs rdiff -u -r1.68 -r1.68.6.1 src/sys/dist/pf/net/pf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/dist/pf/net/pf.c diff -u src/sys/dist/pf/net/pf.c:1.68 src/sys/dist/pf/net/pf.c:1.68.6.1 --- src/sys/dist/pf/net/pf.c:1.68 Mon Dec 19 16:10:07 2011 +++ src/sys/dist/pf/net/pf.c Sat Feb 10 04:25:34 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: pf.c,v 1.68 2011/12/19 16:10:07 drochner Exp $ */ +/* $NetBSD: pf.c,v 1.68.6.1 2018/02/10 04:25:34 snj Exp $ */ /* $OpenBSD: pf.c,v 1.552.2.1 2007/11/27 16:37:57 henning Exp $ */ /* @@ -37,7 +37,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: pf.c,v 1.68 2011/12/19 16:10:07 drochner Exp $"); +__KERNEL_RCSID(0, "$NetBSD: pf.c,v 1.68.6.1 2018/02/10 04:25:34 snj Exp $"); #include "pflog.h" @@ -1590,7 +1590,7 @@ pf_modulate_sack(struct mbuf *m, int off struct sackblk sack; #ifdef __NetBSD__ -#define TCPOLEN_SACK (2 * sizeof(uint32_t)) +#define TCPOLEN_SACK 8 /* 2*sizeof(tcp_seq) */ #endif #define TCPOLEN_SACKLEN (TCPOLEN_SACK + 2)
CVS commit: [netbsd-7] src/doc
Module Name:src Committed By: snj Date: Sat Feb 10 04:22:50 UTC 2018 Modified Files: src/doc [netbsd-7]: CHANGES-7.2 Log Message: 1565 To generate a diff of this commit: cvs rdiff -u -r1.1.2.64 -r1.1.2.65 src/doc/CHANGES-7.2 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.2 diff -u src/doc/CHANGES-7.2:1.1.2.64 src/doc/CHANGES-7.2:1.1.2.65 --- src/doc/CHANGES-7.2:1.1.2.64 Fri Feb 9 13:38:08 2018 +++ src/doc/CHANGES-7.2 Sat Feb 10 04:22:50 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.2,v 1.1.2.64 2018/02/09 13:38:08 martin Exp $ +# $NetBSD: CHANGES-7.2,v 1.1.2.65 2018/02/10 04:22:50 snj Exp $ A complete list of changes from the NetBSD 7.1 release to the NetBSD 7.2 release: @@ -5088,3 +5088,8 @@ sys/netinet/ip_input.c1.366 (via pat Disable LSRR/SSRR by default. [maxv, ticket #1563] +sys/dist/pf/net/pf.c1.78 via patch + + Fix signedness bug in PF. PR/44059. + [maxv, ticket #1565] +
CVS commit: [netbsd-7] src/doc
Module Name:src Committed By: snj Date: Sat Feb 10 04:22:50 UTC 2018 Modified Files: src/doc [netbsd-7]: CHANGES-7.2 Log Message: 1565 To generate a diff of this commit: cvs rdiff -u -r1.1.2.64 -r1.1.2.65 src/doc/CHANGES-7.2 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: snj Date: Sat Feb 10 04:22:31 UTC 2018 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.2 Log Message: 1565 To generate a diff of this commit: cvs rdiff -u -r1.1.2.8 -r1.1.2.9 src/doc/CHANGES-7.1.2 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.2 diff -u src/doc/CHANGES-7.1.2:1.1.2.8 src/doc/CHANGES-7.1.2:1.1.2.9 --- src/doc/CHANGES-7.1.2:1.1.2.8 Fri Feb 9 14:06:02 2018 +++ src/doc/CHANGES-7.1.2 Sat Feb 10 04:22:31 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.2,v 1.1.2.8 2018/02/09 14:06:02 martin Exp $ +# $NetBSD: CHANGES-7.1.2,v 1.1.2.9 2018/02/10 04:22:31 snj Exp $ A complete list of changes from the NetBSD 7.1.1 release to the NetBSD 7.1.2 release: @@ -105,3 +105,8 @@ sys/netinet/ip_input.c1.366 (via pat Disable LSRR/SSRR by default. [maxv, ticket #1563] +sys/dist/pf/net/pf.c1.78 via patch + + Fix signedness bug in PF. PR/44059. + [maxv, ticket #1565] +
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: snj Date: Sat Feb 10 04:22:31 UTC 2018 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.2 Log Message: 1565 To generate a diff of this commit: cvs rdiff -u -r1.1.2.8 -r1.1.2.9 src/doc/CHANGES-7.1.2 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7-0] src/doc
Module Name:src Committed By: snj Date: Sat Feb 10 04:22:10 UTC 2018 Modified Files: src/doc [netbsd-7-0]: CHANGES-7.0.3 Log Message: 1565 To generate a diff of this commit: cvs rdiff -u -r1.1.2.78 -r1.1.2.79 src/doc/CHANGES-7.0.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.0.3 diff -u src/doc/CHANGES-7.0.3:1.1.2.78 src/doc/CHANGES-7.0.3:1.1.2.79 --- src/doc/CHANGES-7.0.3:1.1.2.78 Fri Feb 9 14:06:57 2018 +++ src/doc/CHANGES-7.0.3 Sat Feb 10 04:22:10 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.0.3,v 1.1.2.78 2018/02/09 14:06:57 martin Exp $ +# $NetBSD: CHANGES-7.0.3,v 1.1.2.79 2018/02/10 04:22:10 snj Exp $ A complete list of changes from the NetBSD 7.0.2 release to the NetBSD 7.0.3 release: @@ -5217,3 +5217,8 @@ sys/netinet/ip_input.c1.366 (via pat Disable LSRR/SSRR by default. [maxv, ticket #1563] +sys/dist/pf/net/pf.c1.78 via patch + + Fix signedness bug in PF. PR/44059. + [maxv, ticket #1565] +
CVS commit: [netbsd-7-0] src/doc
Module Name:src Committed By: snj Date: Sat Feb 10 04:22:10 UTC 2018 Modified Files: src/doc [netbsd-7-0]: CHANGES-7.0.3 Log Message: 1565 To generate a diff of this commit: cvs rdiff -u -r1.1.2.78 -r1.1.2.79 src/doc/CHANGES-7.0.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7-0] src/sys/dist/pf/net
Module Name:src Committed By: snj Date: Sat Feb 10 04:21:15 UTC 2018 Modified Files: src/sys/dist/pf/net [netbsd-7-0]: pf.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1565): sys/dist/pf/net/pf.c: revision 1.78 via patch Oh, what is this. Fix a remotely-triggerable integer overflow: the way we define TCPOLEN_SACK makes it unsigned, and the comparison in the while() is unsigned too. That's not the expected behavior, the original code wanted a signed comparison. It's pretty easy to make 'hlen' go negative and trigger a buffer overflow. This bug was reported 8 years ago by Lucio Albornoz in PR/44059. To generate a diff of this commit: cvs rdiff -u -r1.72 -r1.72.6.1 src/sys/dist/pf/net/pf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/dist/pf/net/pf.c diff -u src/sys/dist/pf/net/pf.c:1.72 src/sys/dist/pf/net/pf.c:1.72.6.1 --- src/sys/dist/pf/net/pf.c:1.72 Fri Jul 25 04:09:58 2014 +++ src/sys/dist/pf/net/pf.c Sat Feb 10 04:21:15 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: pf.c,v 1.72 2014/07/25 04:09:58 ozaki-r Exp $ */ +/* $NetBSD: pf.c,v 1.72.6.1 2018/02/10 04:21:15 snj Exp $ */ /* $OpenBSD: pf.c,v 1.552.2.1 2007/11/27 16:37:57 henning Exp $ */ /* @@ -37,7 +37,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: pf.c,v 1.72 2014/07/25 04:09:58 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: pf.c,v 1.72.6.1 2018/02/10 04:21:15 snj Exp $"); #include "pflog.h" @@ -1590,7 +1590,7 @@ pf_modulate_sack(struct mbuf *m, int off struct sackblk sack; #ifdef __NetBSD__ -#define TCPOLEN_SACK (2 * sizeof(uint32_t)) +#define TCPOLEN_SACK 8 /* 2*sizeof(tcp_seq) */ #endif #define TCPOLEN_SACKLEN (TCPOLEN_SACK + 2)
CVS commit: [netbsd-7-1] src/sys/dist/pf/net
Module Name:src Committed By: snj Date: Sat Feb 10 04:21:17 UTC 2018 Modified Files: src/sys/dist/pf/net [netbsd-7-1]: pf.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1565): sys/dist/pf/net/pf.c: revision 1.78 via patch Oh, what is this. Fix a remotely-triggerable integer overflow: the way we define TCPOLEN_SACK makes it unsigned, and the comparison in the while() is unsigned too. That's not the expected behavior, the original code wanted a signed comparison. It's pretty easy to make 'hlen' go negative and trigger a buffer overflow. This bug was reported 8 years ago by Lucio Albornoz in PR/44059. To generate a diff of this commit: cvs rdiff -u -r1.72 -r1.72.10.1 src/sys/dist/pf/net/pf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7] src/sys/dist/pf/net
Module Name:src Committed By: snj Date: Sat Feb 10 04:21:19 UTC 2018 Modified Files: src/sys/dist/pf/net [netbsd-7]: pf.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1565): sys/dist/pf/net/pf.c: revision 1.78 via patch Oh, what is this. Fix a remotely-triggerable integer overflow: the way we define TCPOLEN_SACK makes it unsigned, and the comparison in the while() is unsigned too. That's not the expected behavior, the original code wanted a signed comparison. It's pretty easy to make 'hlen' go negative and trigger a buffer overflow. This bug was reported 8 years ago by Lucio Albornoz in PR/44059. To generate a diff of this commit: cvs rdiff -u -r1.72 -r1.72.2.1 src/sys/dist/pf/net/pf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7] src/sys/dist/pf/net
Module Name:src Committed By: snj Date: Sat Feb 10 04:21:19 UTC 2018 Modified Files: src/sys/dist/pf/net [netbsd-7]: pf.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1565): sys/dist/pf/net/pf.c: revision 1.78 via patch Oh, what is this. Fix a remotely-triggerable integer overflow: the way we define TCPOLEN_SACK makes it unsigned, and the comparison in the while() is unsigned too. That's not the expected behavior, the original code wanted a signed comparison. It's pretty easy to make 'hlen' go negative and trigger a buffer overflow. This bug was reported 8 years ago by Lucio Albornoz in PR/44059. To generate a diff of this commit: cvs rdiff -u -r1.72 -r1.72.2.1 src/sys/dist/pf/net/pf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/dist/pf/net/pf.c diff -u src/sys/dist/pf/net/pf.c:1.72 src/sys/dist/pf/net/pf.c:1.72.2.1 --- src/sys/dist/pf/net/pf.c:1.72 Fri Jul 25 04:09:58 2014 +++ src/sys/dist/pf/net/pf.c Sat Feb 10 04:21:19 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: pf.c,v 1.72 2014/07/25 04:09:58 ozaki-r Exp $ */ +/* $NetBSD: pf.c,v 1.72.2.1 2018/02/10 04:21:19 snj Exp $ */ /* $OpenBSD: pf.c,v 1.552.2.1 2007/11/27 16:37:57 henning Exp $ */ /* @@ -37,7 +37,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: pf.c,v 1.72 2014/07/25 04:09:58 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: pf.c,v 1.72.2.1 2018/02/10 04:21:19 snj Exp $"); #include "pflog.h" @@ -1590,7 +1590,7 @@ pf_modulate_sack(struct mbuf *m, int off struct sackblk sack; #ifdef __NetBSD__ -#define TCPOLEN_SACK (2 * sizeof(uint32_t)) +#define TCPOLEN_SACK 8 /* 2*sizeof(tcp_seq) */ #endif #define TCPOLEN_SACKLEN (TCPOLEN_SACK + 2)
CVS commit: [netbsd-7-1] src/sys/dist/pf/net
Module Name:src Committed By: snj Date: Sat Feb 10 04:21:17 UTC 2018 Modified Files: src/sys/dist/pf/net [netbsd-7-1]: pf.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1565): sys/dist/pf/net/pf.c: revision 1.78 via patch Oh, what is this. Fix a remotely-triggerable integer overflow: the way we define TCPOLEN_SACK makes it unsigned, and the comparison in the while() is unsigned too. That's not the expected behavior, the original code wanted a signed comparison. It's pretty easy to make 'hlen' go negative and trigger a buffer overflow. This bug was reported 8 years ago by Lucio Albornoz in PR/44059. To generate a diff of this commit: cvs rdiff -u -r1.72 -r1.72.10.1 src/sys/dist/pf/net/pf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/dist/pf/net/pf.c diff -u src/sys/dist/pf/net/pf.c:1.72 src/sys/dist/pf/net/pf.c:1.72.10.1 --- src/sys/dist/pf/net/pf.c:1.72 Fri Jul 25 04:09:58 2014 +++ src/sys/dist/pf/net/pf.c Sat Feb 10 04:21:17 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: pf.c,v 1.72 2014/07/25 04:09:58 ozaki-r Exp $ */ +/* $NetBSD: pf.c,v 1.72.10.1 2018/02/10 04:21:17 snj Exp $ */ /* $OpenBSD: pf.c,v 1.552.2.1 2007/11/27 16:37:57 henning Exp $ */ /* @@ -37,7 +37,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: pf.c,v 1.72 2014/07/25 04:09:58 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: pf.c,v 1.72.10.1 2018/02/10 04:21:17 snj Exp $"); #include "pflog.h" @@ -1590,7 +1590,7 @@ pf_modulate_sack(struct mbuf *m, int off struct sackblk sack; #ifdef __NetBSD__ -#define TCPOLEN_SACK (2 * sizeof(uint32_t)) +#define TCPOLEN_SACK 8 /* 2*sizeof(tcp_seq) */ #endif #define TCPOLEN_SACKLEN (TCPOLEN_SACK + 2)
CVS commit: [netbsd-7-0] src/sys/dist/pf/net
Module Name:src Committed By: snj Date: Sat Feb 10 04:21:15 UTC 2018 Modified Files: src/sys/dist/pf/net [netbsd-7-0]: pf.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1565): sys/dist/pf/net/pf.c: revision 1.78 via patch Oh, what is this. Fix a remotely-triggerable integer overflow: the way we define TCPOLEN_SACK makes it unsigned, and the comparison in the while() is unsigned too. That's not the expected behavior, the original code wanted a signed comparison. It's pretty easy to make 'hlen' go negative and trigger a buffer overflow. This bug was reported 8 years ago by Lucio Albornoz in PR/44059. To generate a diff of this commit: cvs rdiff -u -r1.72 -r1.72.6.1 src/sys/dist/pf/net/pf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/doc
Module Name:src Committed By: snj Date: Sat Feb 10 04:13:26 UTC 2018 Modified Files: src/doc [netbsd-8]: CHANGES-8.0 Log Message: 540 To generate a diff of this commit: cvs rdiff -u -r1.1.2.118 -r1.1.2.119 src/doc/CHANGES-8.0 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/doc
Module Name:src Committed By: snj Date: Sat Feb 10 04:13:26 UTC 2018 Modified Files: src/doc [netbsd-8]: CHANGES-8.0 Log Message: 540 To generate a diff of this commit: cvs rdiff -u -r1.1.2.118 -r1.1.2.119 src/doc/CHANGES-8.0 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-8.0 diff -u src/doc/CHANGES-8.0:1.1.2.118 src/doc/CHANGES-8.0:1.1.2.119 --- src/doc/CHANGES-8.0:1.1.2.118 Tue Feb 6 20:33:35 2018 +++ src/doc/CHANGES-8.0 Sat Feb 10 04:13:26 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-8.0,v 1.1.2.118 2018/02/06 20:33:35 snj Exp $ +# $NetBSD: CHANGES-8.0,v 1.1.2.119 2018/02/10 04:13:26 snj Exp $ A complete list of changes from the initial NetBSD 8.0 branch on 2017-06-04 until the 8.0 release: @@ -9533,3 +9533,9 @@ share/man/man4/vnd.41.19 Remove outdated BUGS entry - vnd does work on sparse files. [maya, ticket #535] +sys/dist/pf/net/pf.c1.77-1.78 + + - Fix wrong assignment in !__NetBSD__ code. PR/52682. + - Fix a remotely-triggerable integer overflow. PR/44059. + [maxv, ticket #540] +
CVS commit: [netbsd-8] src/sys/dist/pf/net
Module Name:src Committed By: snj Date: Sat Feb 10 04:12:17 UTC 2018 Modified Files: src/sys/dist/pf/net [netbsd-8]: pf.c Log Message: Pull up following revision(s) (requested by maxv in ticket #540): sys/dist/pf/net/pf.c: 1.77-1.78 PR/52682: David Binderman: Fix wrong assignment (in the !__NetBSD__ code) Oh, what is this. Fix a remotely-triggerable integer overflow: the way we define TCPOLEN_SACK makes it unsigned, and the comparison in the while() is unsigned too. That's not the expected behavior, the original code wanted a signed comparison. It's pretty easy to make 'hlen' go negative and trigger a buffer overflow. This bug was reported 8 years ago by Lucio Albornoz in PR/44059. To generate a diff of this commit: cvs rdiff -u -r1.76 -r1.76.6.1 src/sys/dist/pf/net/pf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/dist/pf/net/pf.c diff -u src/sys/dist/pf/net/pf.c:1.76 src/sys/dist/pf/net/pf.c:1.76.6.1 --- src/sys/dist/pf/net/pf.c:1.76 Tue Feb 14 03:05:06 2017 +++ src/sys/dist/pf/net/pf.c Sat Feb 10 04:12:17 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: pf.c,v 1.76 2017/02/14 03:05:06 ozaki-r Exp $ */ +/* $NetBSD: pf.c,v 1.76.6.1 2018/02/10 04:12:17 snj Exp $ */ /* $OpenBSD: pf.c,v 1.552.2.1 2007/11/27 16:37:57 henning Exp $ */ /* @@ -37,7 +37,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: pf.c,v 1.76 2017/02/14 03:05:06 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: pf.c,v 1.76.6.1 2018/02/10 04:12:17 snj Exp $"); #include "pflog.h" @@ -1590,7 +1590,7 @@ pf_modulate_sack(struct mbuf *m, int off struct sackblk sack; #ifdef __NetBSD__ -#define TCPOLEN_SACK (2 * sizeof(uint32_t)) +#define TCPOLEN_SACK 8 /* 2*sizeof(tcp_seq) */ #endif #define TCPOLEN_SACKLEN (TCPOLEN_SACK + 2) @@ -1708,7 +1708,7 @@ pf_send_tcp(const struct pf_rule *r, sa_ m->m_pkthdr.pf.tag = rtag; if (r != NULL && r->rtableid >= 0) - m->m_pkthdr.pf.rtableid = m->m_pkthdr.pf.rtableid; + m->m_pkthdr.pf.rtableid = r->rtableid; #endif /* !__NetBSD__ */ #ifdef ALTQ
CVS commit: [netbsd-8] src/sys/dist/pf/net
Module Name:src Committed By: snj Date: Sat Feb 10 04:12:17 UTC 2018 Modified Files: src/sys/dist/pf/net [netbsd-8]: pf.c Log Message: Pull up following revision(s) (requested by maxv in ticket #540): sys/dist/pf/net/pf.c: 1.77-1.78 PR/52682: David Binderman: Fix wrong assignment (in the !__NetBSD__ code) Oh, what is this. Fix a remotely-triggerable integer overflow: the way we define TCPOLEN_SACK makes it unsigned, and the comparison in the while() is unsigned too. That's not the expected behavior, the original code wanted a signed comparison. It's pretty easy to make 'hlen' go negative and trigger a buffer overflow. This bug was reported 8 years ago by Lucio Albornoz in PR/44059. To generate a diff of this commit: cvs rdiff -u -r1.76 -r1.76.6.1 src/sys/dist/pf/net/pf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/arch/amd64/amd64
Module Name:src Committed By: christos Date: Sat Feb 10 03:55:59 UTC 2018 Modified Files: src/sys/arch/amd64/amd64: db_interface.c Log Message: make it compile without MULTIPROCESSOR (xen?) To generate a diff of this commit: cvs rdiff -u -r1.28 -r1.29 src/sys/arch/amd64/amd64/db_interface.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/amd64/amd64/db_interface.c diff -u src/sys/arch/amd64/amd64/db_interface.c:1.28 src/sys/arch/amd64/amd64/db_interface.c:1.29 --- src/sys/arch/amd64/amd64/db_interface.c:1.28 Fri Feb 9 04:36:42 2018 +++ src/sys/arch/amd64/amd64/db_interface.c Fri Feb 9 22:55:58 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: db_interface.c,v 1.28 2018/02/09 09:36:42 maxv Exp $ */ +/* $NetBSD: db_interface.c,v 1.29 2018/02/10 03:55:58 christos Exp $ */ /* * Mach Operating System @@ -33,7 +33,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: db_interface.c,v 1.28 2018/02/09 09:36:42 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: db_interface.c,v 1.29 2018/02/10 03:55:58 christos Exp $"); #include "opt_ddb.h" #include "opt_multiprocessor.h" @@ -189,7 +189,6 @@ int kdb_trap(int type, int code, db_regs_t *regs) { int s; - db_regs_t dbreg; switch (type) { case T_NMI: /* NMI */ @@ -211,6 +210,7 @@ kdb_trap(int type, int code, db_regs_t * } #ifdef MULTIPROCESSOR + db_regs_t dbreg; if (!db_suspend_others()) { ddb_suspend(regs); } else {
CVS commit: src/sys/arch/amd64/amd64
Module Name:src Committed By: christos Date: Sat Feb 10 03:55:59 UTC 2018 Modified Files: src/sys/arch/amd64/amd64: db_interface.c Log Message: make it compile without MULTIPROCESSOR (xen?) To generate a diff of this commit: cvs rdiff -u -r1.28 -r1.29 src/sys/arch/amd64/amd64/db_interface.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/crypto/external/bsd/heimdal/dist
Module Name:src Committed By: christos Date: Fri Feb 9 23:22:13 UTC 2018 Modified Files: src/crypto/external/bsd/heimdal/dist/kdc: pkinit.c src/crypto/external/bsd/heimdal/dist/lib/krb5: pkinit.c Log Message: fix BN_to_integer to get rid of __UNCONST. Trick question: How many BN_to_integer implementations does Heimdal contain (I only fixed 2). To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 src/crypto/external/bsd/heimdal/dist/kdc/pkinit.c cvs rdiff -u -r1.3 -r1.4 \ src/crypto/external/bsd/heimdal/dist/lib/krb5/pkinit.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/crypto/external/bsd/heimdal/dist
Module Name:src Committed By: christos Date: Fri Feb 9 23:22:13 UTC 2018 Modified Files: src/crypto/external/bsd/heimdal/dist/kdc: pkinit.c src/crypto/external/bsd/heimdal/dist/lib/krb5: pkinit.c Log Message: fix BN_to_integer to get rid of __UNCONST. Trick question: How many BN_to_integer implementations does Heimdal contain (I only fixed 2). To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 src/crypto/external/bsd/heimdal/dist/kdc/pkinit.c cvs rdiff -u -r1.3 -r1.4 \ src/crypto/external/bsd/heimdal/dist/lib/krb5/pkinit.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/heimdal/dist/kdc/pkinit.c diff -u src/crypto/external/bsd/heimdal/dist/kdc/pkinit.c:1.3 src/crypto/external/bsd/heimdal/dist/kdc/pkinit.c:1.4 --- src/crypto/external/bsd/heimdal/dist/kdc/pkinit.c:1.3 Mon Feb 5 11:00:52 2018 +++ src/crypto/external/bsd/heimdal/dist/kdc/pkinit.c Fri Feb 9 18:22:12 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: pkinit.c,v 1.3 2018/02/05 16:00:52 christos Exp $ */ +/* $NetBSD: pkinit.c,v 1.4 2018/02/09 23:22:12 christos Exp $ */ /* * Copyright (c) 2003 - 2016 Kungliga Tekniska Högskolan @@ -813,7 +813,7 @@ out: */ static krb5_error_code -BN_to_integer(krb5_context context, BIGNUM *bn, heim_integer *integer) +BN_to_integer(krb5_context context, const BIGNUM *bn, heim_integer *integer) { integer->length = BN_num_bytes(bn); integer->data = malloc(integer->length); @@ -1038,7 +1038,7 @@ pk_mk_pa_reply_dh(krb5_context context, #else DH_get0_key(kdc_dh, _key, NULL); #endif - ret = BN_to_integer(context, __UNCONST(pub_key), ); + ret = BN_to_integer(context, pub_key, ); if (ret) return ret; Index: src/crypto/external/bsd/heimdal/dist/lib/krb5/pkinit.c diff -u src/crypto/external/bsd/heimdal/dist/lib/krb5/pkinit.c:1.3 src/crypto/external/bsd/heimdal/dist/lib/krb5/pkinit.c:1.4 --- src/crypto/external/bsd/heimdal/dist/lib/krb5/pkinit.c:1.3 Mon Feb 5 11:00:53 2018 +++ src/crypto/external/bsd/heimdal/dist/lib/krb5/pkinit.c Fri Feb 9 18:22:13 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: pkinit.c,v 1.3 2018/02/05 16:00:53 christos Exp $ */ +/* $NetBSD: pkinit.c,v 1.4 2018/02/09 23:22:13 christos Exp $ */ /* * Copyright (c) 2003 - 2016 Kungliga Tekniska Högskolan @@ -82,7 +82,7 @@ _krb5_pk_cert_free(struct krb5_pk_cert * } static krb5_error_code -BN_to_integer(krb5_context context, BIGNUM *bn, heim_integer *integer) +BN_to_integer(krb5_context context, const BIGNUM *bn, heim_integer *integer) { integer->length = BN_num_bytes(bn); integer->data = malloc(integer->length); @@ -481,12 +481,12 @@ build_auth_pack(krb5_context context, DH_get0_pqg(dh, , , ); #endif - ret = BN_to_integer(context, __UNCONST(p), ); + ret = BN_to_integer(context, p, ); if (ret) { free_DomainParameters(); return ret; } - ret = BN_to_integer(context, __UNCONST(g), ); + ret = BN_to_integer(context, g, ); if (ret) { free_DomainParameters(); return ret; @@ -496,7 +496,7 @@ build_auth_pack(krb5_context context, free_DomainParameters(); return ENOMEM; } - ret = BN_to_integer(context, __UNCONST(q), dp.q); + ret = BN_to_integer(context, q, dp.q); if (ret) { free_DomainParameters(); return ret; @@ -527,7 +527,7 @@ build_auth_pack(krb5_context context, #else DH_get0_key(dh, _key, NULL); #endif - ret = BN_to_integer(context, __UNCONST(pub_key), _pub_key); + ret = BN_to_integer(context, pub_key, _pub_key); if (ret) return ret;
CVS commit: src/crypto/external/bsd/openssl/bin
Module Name:src Committed By: christos Date: Fri Feb 9 22:46:19 UTC 2018 Modified Files: src/crypto/external/bsd/openssl/bin: Makefile Log Message: Use the magic FILESBUILD variable so that it builds with BUILD/UPDATE unset. Why again FILESBUILD is not the default and needs to be set? To generate a diff of this commit: cvs rdiff -u -r1.8 -r1.9 src/crypto/external/bsd/openssl/bin/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssl/bin/Makefile diff -u src/crypto/external/bsd/openssl/bin/Makefile:1.8 src/crypto/external/bsd/openssl/bin/Makefile:1.9 --- src/crypto/external/bsd/openssl/bin/Makefile:1.8 Thu Feb 8 16:57:23 2018 +++ src/crypto/external/bsd/openssl/bin/Makefile Fri Feb 9 17:46:19 2018 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.8 2018/02/08 21:57:23 christos Exp $ +# $NetBSD: Makefile,v 1.9 2018/02/09 22:46:19 christos Exp $ WARNS?= 2 # XXX -Wcast-qual @@ -10,7 +10,7 @@ BINDIR=/usr/bin USE_FORT?= yes # cryptographic software # RCSid: -# $Id: Makefile,v 1.8 2018/02/08 21:57:23 christos Exp $ +# $Id: Makefile,v 1.9 2018/02/09 22:46:19 christos Exp $ # # @(#) Copyright (c) 1995 Simon J. Gerraty # @@ -91,6 +91,7 @@ SRCS+= e_padlock.c .if ${MKSHARE} != "no" FILES= CA.pl openssl.cnf +FILESBUILD= yes FILESDIR=/usr/share/examples/openssl CA.pl: CA.pl.in
CVS commit: src/crypto/external/bsd/openssl/bin
Module Name:src Committed By: christos Date: Fri Feb 9 22:46:19 UTC 2018 Modified Files: src/crypto/external/bsd/openssl/bin: Makefile Log Message: Use the magic FILESBUILD variable so that it builds with BUILD/UPDATE unset. Why again FILESBUILD is not the default and needs to be set? To generate a diff of this commit: cvs rdiff -u -r1.8 -r1.9 src/crypto/external/bsd/openssl/bin/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/arch/luna68k/stand/boot
Module Name:src Committed By: jakllsch Date: Fri Feb 9 22:08:28 UTC 2018 Modified Files: src/sys/arch/luna68k/stand/boot: sc.c Log Message: Explain what may seem to be a non-sensical assignment, but isn't. closes PR 53000 To generate a diff of this commit: cvs rdiff -u -r1.16 -r1.17 src/sys/arch/luna68k/stand/boot/sc.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/luna68k/stand/boot/sc.c diff -u src/sys/arch/luna68k/stand/boot/sc.c:1.16 src/sys/arch/luna68k/stand/boot/sc.c:1.17 --- src/sys/arch/luna68k/stand/boot/sc.c:1.16 Tue Oct 31 15:10:28 2017 +++ src/sys/arch/luna68k/stand/boot/sc.c Fri Feb 9 22:08:28 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: sc.c,v 1.16 2017/10/31 15:10:28 christos Exp $ */ +/* $NetBSD: sc.c,v 1.17 2018/02/09 22:08:28 jakllsch Exp $ */ /* * Copyright (c) 1992 OMRON Corporation. @@ -408,6 +408,7 @@ scabort(struct scsi_softc *hs) hs->sc_ctlr, hd->scsi_psns, hd->scsi_ssts, hd->scsi_ints); if (hd->scsi_ints != 0) + /* write register value back to register */ hd->scsi_ints = hd->scsi_ints; if (hd->scsi_psns == 0 || (hd->scsi_ssts & SSTS_INITIATOR) == 0)
CVS commit: src/sys/arch/luna68k/stand/boot
Module Name:src Committed By: jakllsch Date: Fri Feb 9 22:08:28 UTC 2018 Modified Files: src/sys/arch/luna68k/stand/boot: sc.c Log Message: Explain what may seem to be a non-sensical assignment, but isn't. closes PR 53000 To generate a diff of this commit: cvs rdiff -u -r1.16 -r1.17 src/sys/arch/luna68k/stand/boot/sc.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/dist/pf/net
Module Name:src Committed By: maxv Date: Fri Feb 9 21:25:04 UTC 2018 Modified Files: src/sys/dist/pf/net: pf.c Log Message: Oh, what is this. Fix a remotely-triggerable integer overflow: the way we define TCPOLEN_SACK makes it unsigned, and the comparison in the while() is unsigned too. That's not the expected behavior, the original code wanted a signed comparison. It's pretty easy to make 'hlen' go negative and trigger a buffer overflow. This bug was reported 8 years ago by Lucio Albornoz in PR/44059. To generate a diff of this commit: cvs rdiff -u -r1.77 -r1.78 src/sys/dist/pf/net/pf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/dist/pf/net
Module Name:src Committed By: maxv Date: Fri Feb 9 21:25:04 UTC 2018 Modified Files: src/sys/dist/pf/net: pf.c Log Message: Oh, what is this. Fix a remotely-triggerable integer overflow: the way we define TCPOLEN_SACK makes it unsigned, and the comparison in the while() is unsigned too. That's not the expected behavior, the original code wanted a signed comparison. It's pretty easy to make 'hlen' go negative and trigger a buffer overflow. This bug was reported 8 years ago by Lucio Albornoz in PR/44059. To generate a diff of this commit: cvs rdiff -u -r1.77 -r1.78 src/sys/dist/pf/net/pf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/dist/pf/net/pf.c diff -u src/sys/dist/pf/net/pf.c:1.77 src/sys/dist/pf/net/pf.c:1.78 --- src/sys/dist/pf/net/pf.c:1.77 Tue Oct 31 15:00:03 2017 +++ src/sys/dist/pf/net/pf.c Fri Feb 9 21:25:04 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: pf.c,v 1.77 2017/10/31 15:00:03 christos Exp $ */ +/* $NetBSD: pf.c,v 1.78 2018/02/09 21:25:04 maxv Exp $ */ /* $OpenBSD: pf.c,v 1.552.2.1 2007/11/27 16:37:57 henning Exp $ */ /* @@ -37,7 +37,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: pf.c,v 1.77 2017/10/31 15:00:03 christos Exp $"); +__KERNEL_RCSID(0, "$NetBSD: pf.c,v 1.78 2018/02/09 21:25:04 maxv Exp $"); #include "pflog.h" @@ -1590,7 +1590,7 @@ pf_modulate_sack(struct mbuf *m, int off struct sackblk sack; #ifdef __NetBSD__ -#define TCPOLEN_SACK (2 * sizeof(uint32_t)) +#define TCPOLEN_SACK 8 /* 2*sizeof(tcp_seq) */ #endif #define TCPOLEN_SACKLEN (TCPOLEN_SACK + 2)
CVS commit: src/sys/arch/x86/x86
Module Name:src Committed By: maxv Date: Fri Feb 9 18:45:55 UTC 2018 Modified Files: src/sys/arch/x86/x86: identcpu.c Log Message: Disable XSAVEOPT, until it is clear what's wrong with it (PR/52966). To generate a diff of this commit: cvs rdiff -u -r1.68 -r1.69 src/sys/arch/x86/x86/identcpu.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/x86/x86/identcpu.c diff -u src/sys/arch/x86/x86/identcpu.c:1.68 src/sys/arch/x86/x86/identcpu.c:1.69 --- src/sys/arch/x86/x86/identcpu.c:1.68 Wed Feb 7 22:49:32 2018 +++ src/sys/arch/x86/x86/identcpu.c Fri Feb 9 18:45:55 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: identcpu.c,v 1.68 2018/02/07 22:49:32 maya Exp $ */ +/* $NetBSD: identcpu.c,v 1.69 2018/02/09 18:45:55 maxv Exp $ */ /*- * Copyright (c) 1999, 2000, 2001, 2006, 2007, 2008 The NetBSD Foundation, Inc. @@ -30,7 +30,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: identcpu.c,v 1.68 2018/02/07 22:49:32 maya Exp $"); +__KERNEL_RCSID(0, "$NetBSD: identcpu.c,v 1.69 2018/02/09 18:45:55 maxv Exp $"); #include "opt_xen.h" @@ -759,11 +759,12 @@ cpu_probe_fpu(struct cpu_info *ci) x86_fpu_save = FPU_SAVE_XSAVE; +#if 0 /* XXX PR 52966 */ /* xsaveopt ought to be faster than xsave */ x86_cpuid2(0xd, 1, descs); - if ((descs[0] & CPUID_PES1_XSAVEOPT) && - (cpu_vendor == CPUVENDOR_INTEL)) /* XXX PR 52966 */ + if (descs[0] & CPUID_PES1_XSAVEOPT) x86_fpu_save = FPU_SAVE_XSAVEOPT; +#endif /* Get features and maximum size of the save area */ x86_cpuid(0xd, descs);
CVS commit: src/sys/arch/x86/x86
Module Name:src Committed By: maxv Date: Fri Feb 9 18:45:55 UTC 2018 Modified Files: src/sys/arch/x86/x86: identcpu.c Log Message: Disable XSAVEOPT, until it is clear what's wrong with it (PR/52966). To generate a diff of this commit: cvs rdiff -u -r1.68 -r1.69 src/sys/arch/x86/x86/identcpu.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys
Module Name:src Committed By: maxv Date: Fri Feb 9 18:31:52 UTC 2018 Modified Files: src/sys/netinet: in.h ip_input.c src/sys/netinet6: in6.h ip6_input.c Log Message: Remove dead code. To generate a diff of this commit: cvs rdiff -u -r1.103 -r1.104 src/sys/netinet/in.h cvs rdiff -u -r1.374 -r1.375 src/sys/netinet/ip_input.c cvs rdiff -u -r1.89 -r1.90 src/sys/netinet6/in6.h cvs rdiff -u -r1.189 -r1.190 src/sys/netinet6/ip6_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/in.h diff -u src/sys/netinet/in.h:1.103 src/sys/netinet/in.h:1.104 --- src/sys/netinet/in.h:1.103 Wed Jan 10 10:56:30 2018 +++ src/sys/netinet/in.h Fri Feb 9 18:31:52 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: in.h,v 1.103 2018/01/10 10:56:30 knakahara Exp $ */ +/* $NetBSD: in.h,v 1.104 2018/02/09 18:31:52 maxv Exp $ */ /* * Copyright (c) 1982, 1986, 1990, 1993 @@ -450,9 +450,7 @@ struct ip_mreq { #define IPCTL_FORWARDING 1 /* act as router */ #define IPCTL_SENDREDIRECTS 2 /* may send redirects when forwarding */ #define IPCTL_DEFTTL 3 /* default TTL */ -#ifdef notyet -#define IPCTL_DEFMTU 4 /* default MTU */ -#endif +/* IPCTL_DEFMTU=4, never implemented */ #define IPCTL_FORWSRCRT 5 /* forward source-routed packets */ #define IPCTL_DIRECTEDBCAST 6 /* default broadcast behavior */ #define IPCTL_ALLOWSRCRT 7 /* allow/drop all source-routed pkts */ Index: src/sys/netinet/ip_input.c diff -u src/sys/netinet/ip_input.c:1.374 src/sys/netinet/ip_input.c:1.375 --- src/sys/netinet/ip_input.c:1.374 Wed Feb 7 08:12:25 2018 +++ src/sys/netinet/ip_input.c Fri Feb 9 18:31:52 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_input.c,v 1.374 2018/02/07 08:12:25 maxv Exp $ */ +/* $NetBSD: ip_input.c,v 1.375 2018/02/09 18:31:52 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -91,7 +91,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.374 2018/02/07 08:12:25 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.375 2018/02/09 18:31:52 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -1640,15 +1640,6 @@ sysctl_net_inet_ip_setup(struct sysctllo NULL, 0, _defttl, 0, CTL_NET, PF_INET, IPPROTO_IP, IPCTL_DEFTTL, CTL_EOL); -#ifdef IPCTL_DEFMTU - sysctl_createv(clog, 0, NULL, NULL, - CTLFLAG_PERMANENT /* |CTLFLAG_READWRITE? */, - CTLTYPE_INT, "mtu", - SYSCTL_DESCR("Default MTA for an INET route"), - NULL, 0, _mtu, 0, - CTL_NET, PF_INET, IPPROTO_IP, - IPCTL_DEFMTU, CTL_EOL); -#endif /* IPCTL_DEFMTU */ sysctl_createv(clog, 0, NULL, NULL, CTLFLAG_PERMANENT|CTLFLAG_READWRITE, CTLTYPE_INT, "forwsrcrt", Index: src/sys/netinet6/in6.h diff -u src/sys/netinet6/in6.h:1.89 src/sys/netinet6/in6.h:1.90 --- src/sys/netinet6/in6.h:1.89 Tue Jan 30 15:54:02 2018 +++ src/sys/netinet6/in6.h Fri Feb 9 18:31:52 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: in6.h,v 1.89 2018/01/30 15:54:02 maxv Exp $ */ +/* $NetBSD: in6.h,v 1.90 2018/02/09 18:31:52 maxv Exp $ */ /* $KAME: in6.h,v 1.83 2001/03/29 02:55:07 jinmei Exp $ */ /* @@ -546,9 +546,7 @@ struct ip6_mtuinfo { #define IPV6CTL_FORWARDING 1 /* act as router */ #define IPV6CTL_SENDREDIRECTS 2 /* may send redirects when forwarding*/ #define IPV6CTL_DEFHLIM 3 /* default Hop-Limit */ -#ifdef notyet -#define IPV6CTL_DEFMTU 4 /* default MTU */ -#endif +/* IPV6CTL_DEFMTU=4, never implemented */ #define IPV6CTL_FORWSRCRT 5 /* forward source-routed dgrams */ #define IPV6CTL_STATS 6 /* stats */ #define IPV6CTL_MRTSTATS 7 /* multicast forwarding stats */ Index: src/sys/netinet6/ip6_input.c diff -u src/sys/netinet6/ip6_input.c:1.189 src/sys/netinet6/ip6_input.c:1.190 --- src/sys/netinet6/ip6_input.c:1.189 Tue Jan 30 15:54:02 2018 +++ src/sys/netinet6/ip6_input.c Fri Feb 9 18:31:52 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ip6_input.c,v 1.189 2018/01/30 15:54:02 maxv Exp $ */ +/* $NetBSD: ip6_input.c,v 1.190 2018/02/09 18:31:52 maxv Exp $ */ /* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */ /* @@ -62,7 +62,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.189 2018/01/30 15:54:02 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.190 2018/02/09 18:31:52 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_gateway.h" @@ -1601,14 +1601,6 @@ sysctl_net_inet6_ip6_setup(struct sysctl NULL, 0, _defhlim, 0, CTL_NET, PF_INET6, IPPROTO_IPV6, IPV6CTL_DEFHLIM, CTL_EOL); -#ifdef notyet - sysctl_createv(clog, 0, NULL, NULL, - CTLFLAG_PERMANENT|CTLFLAG_READWRITE, - CTLTYPE_INT, "mtu", NULL, - NULL, 0, &, 0, - CTL_NET, PF_INET6, IPPROTO_IPV6, - IPV6CTL_DEFMTU, CTL_EOL); -#endif sysctl_createv(clog, 0, NULL, NULL, CTLFLAG_PERMANENT|CTLFLAG_READWRITE, CTLTYPE_INT, "maxfragpackets",
CVS commit: src/sys
Module Name:src Committed By: maxv Date: Fri Feb 9 18:31:52 UTC 2018 Modified Files: src/sys/netinet: in.h ip_input.c src/sys/netinet6: in6.h ip6_input.c Log Message: Remove dead code. To generate a diff of this commit: cvs rdiff -u -r1.103 -r1.104 src/sys/netinet/in.h cvs rdiff -u -r1.374 -r1.375 src/sys/netinet/ip_input.c cvs rdiff -u -r1.89 -r1.90 src/sys/netinet6/in6.h cvs rdiff -u -r1.189 -r1.190 src/sys/netinet6/ip6_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/doc
Module Name:src Committed By: christos Date: Fri Feb 9 17:14:26 UTC 2018 Modified Files: src/doc: 3RDPARTY CHANGES Log Message: update nsd, fix typo for acpica To generate a diff of this commit: cvs rdiff -u -r1.1502 -r1.1503 src/doc/3RDPARTY cvs rdiff -u -r1.2355 -r1.2356 src/doc/CHANGES Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/3RDPARTY diff -u src/doc/3RDPARTY:1.1502 src/doc/3RDPARTY:1.1503 --- src/doc/3RDPARTY:1.1502 Mon Feb 5 22:06:41 2018 +++ src/doc/3RDPARTY Fri Feb 9 12:14:26 2018 @@ -1,4 +1,4 @@ -# $NetBSD: 3RDPARTY,v 1.1502 2018/02/06 03:06:41 christos Exp $ +# $NetBSD: 3RDPARTY,v 1.1503 2018/02/09 17:14:26 christos Exp $ # # This file contains a list of the software that has been integrated into # NetBSD where we are not the primary maintainer. @@ -41,7 +41,7 @@ Package: acpica Version: 20171110 -Current Vers: 20170111 +Current Vers: 20180105 Maintainer: Intel Archive Site: http://www.acpica.org/downloads/ Home Page: http://www.acpica.org/ @@ -146,8 +146,8 @@ Use cleantags to import run configure and update config files in include Package: nsd -Version: 4.1.14 -Current Vers: 4.1.14 +Version: 4.1.19 +Current Vers: 4.1.19 Maintainer: Christos Zoulas Archive Site: https://www.nlnetlabs.nl/svn/nsd/ Home Page: https://www.nlnetlabs.nl/projects/nsd/ Index: src/doc/CHANGES diff -u src/doc/CHANGES:1.2355 src/doc/CHANGES:1.2356 --- src/doc/CHANGES:1.2355 Mon Feb 5 22:06:41 2018 +++ src/doc/CHANGES Fri Feb 9 12:14:26 2018 @@ -1,4 +1,4 @@ -# LIST OF CHANGES FROM LAST RELEASE: <$Revision: 1.2355 $> +# LIST OF CHANGES FROM LAST RELEASE: <$Revision: 1.2356 $> # # # [Note: This file does not mention every change made to the NetBSD source tree. @@ -109,3 +109,4 @@ Changes from NetBSD 8.0 to NetBSD 9.0: dhcpcd(8): Import dhcpcd-7.0.1 [roy 20180129] openldap: Import 2.4.45. [christos 20180205] unbound: Import 1.6.8. [christos 20180205] + nsd: import 4.1.19 [christos 20180209]
CVS commit: src/doc
Module Name:src Committed By: christos Date: Fri Feb 9 17:14:26 UTC 2018 Modified Files: src/doc: 3RDPARTY CHANGES Log Message: update nsd, fix typo for acpica To generate a diff of this commit: cvs rdiff -u -r1.1502 -r1.1503 src/doc/3RDPARTY cvs rdiff -u -r1.2355 -r1.2356 src/doc/CHANGES Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/external/bsd/nsd
Module Name:src Committed By: christos Date: Fri Feb 9 17:13:27 UTC 2018 Modified Files: src/external/bsd/nsd: Makefile.inc src/external/bsd/nsd/dist: util.h src/external/bsd/nsd/include: config.h Log Message: fix for OpenSSL 1.0 and 1.1 co-existance, merge conflicts. To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 src/external/bsd/nsd/Makefile.inc cvs rdiff -u -r1.2 -r1.3 src/external/bsd/nsd/dist/util.h cvs rdiff -u -r1.1 -r1.2 src/external/bsd/nsd/include/config.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/external/bsd/nsd/Makefile.inc diff -u src/external/bsd/nsd/Makefile.inc:1.3 src/external/bsd/nsd/Makefile.inc:1.4 --- src/external/bsd/nsd/Makefile.inc:1.3 Sat Feb 3 22:19:52 2018 +++ src/external/bsd/nsd/Makefile.inc Fri Feb 9 12:13:27 2018 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.inc,v 1.3 2018/02/04 03:19:52 christos Exp $ +# $NetBSD: Makefile.inc,v 1.4 2018/02/09 17:13:27 christos Exp $ .include @@ -14,6 +14,10 @@ CPPFLAGS+=-I${NSD} -I${NSD}/../include CPPFLAGS+= -DINET6 .endif +.if ${HAVE_OPENSSL} < 11 +CPPFLAGS+= -DOPENSSL_API_COMPAT 0x1010L +.endif + DPLIBS+= event ${NETBSDSRCDIR}/external/bsd/libevent/lib/libevent DPLIBS+= ssl ${NETBSDSRCDIR}/crypto/external/bsd/${EXTERNAL_OPENSSL_SUBDIR}/lib/libssl DPLIBS+= crypto ${NETBSDSRCDIR}/crypto/external/bsd/${EXTERNAL_OPENSSL_SUBDIR}/lib/libcrypto Index: src/external/bsd/nsd/dist/util.h diff -u src/external/bsd/nsd/dist/util.h:1.2 src/external/bsd/nsd/dist/util.h:1.3 --- src/external/bsd/nsd/dist/util.h:1.2 Sat Jan 7 14:53:21 2017 +++ src/external/bsd/nsd/dist/util.h Fri Feb 9 12:13:27 2018 @@ -25,6 +25,10 @@ struct region; # define LOG_WARNING 4 # define LOG_NOTICE 5 # define LOG_INFO 6 + +/* Unused, but passed to log_open. */ +# define LOG_PID 0x01 +# define LOG_DAEMON (3<<3) #endif #define ALIGN_UP(n, alignment) \ Index: src/external/bsd/nsd/include/config.h diff -u src/external/bsd/nsd/include/config.h:1.1 src/external/bsd/nsd/include/config.h:1.2 --- src/external/bsd/nsd/include/config.h:1.1 Sat Jan 7 14:51:21 2017 +++ src/external/bsd/nsd/include/config.h Fri Feb 9 12:13:27 2018 @@ -138,10 +138,10 @@ #define HAVE_GRP_H 1 /* Define to 1 if you have the `HMAC_CTX_new' function. */ -/* #undef HAVE_HMAC_CTX_NEW */ +#define HAVE_HMAC_CTX_NEW 1 /* Define to 1 if you have the `HMAC_CTX_reset' function. */ -/* #undef HAVE_HMAC_CTX_RESET */ +#define HAVE_HMAC_CTX_RESET 1 /* Define to 1 if you have the `inet_aton' function. */ #define HAVE_INET_ATON 1 @@ -432,7 +432,7 @@ #define PACKAGE_NAME "NSD" /* Define to the full name and version of this package. */ -#define PACKAGE_STRING "NSD 4.1.14" +#define PACKAGE_STRING "NSD 4.1.19" /* Define to the one symbol short name of this package. */ #define PACKAGE_TARNAME "nsd" @@ -441,7 +441,10 @@ #define PACKAGE_URL "" /* Define to the version of this package. */ -#define PACKAGE_VERSION "4.1.14" +#define PACKAGE_VERSION "4.1.19" + +/* Define this to use packed structure alignment. */ +/* #undef PACKED_STRUCTS */ /* Pathname to the NSD pidfile */ #define PIDFILE CHROOTDIR "/var/run/nsd.pid" @@ -837,3 +840,8 @@ int memcmp(const void *x, const void *y, #endif /* !HAVE_STRUCT_TIMESPEC */ #endif /* !CONFIG_DEFINES */ +#ifdef PACKED_STRUCTS +#define ATTR_PACKED __attribute__((__packed__)) +#else +#define ATTR_PACKED +#endif
CVS commit: src/external/bsd/nsd
Module Name:src Committed By: christos Date: Fri Feb 9 17:13:27 UTC 2018 Modified Files: src/external/bsd/nsd: Makefile.inc src/external/bsd/nsd/dist: util.h src/external/bsd/nsd/include: config.h Log Message: fix for OpenSSL 1.0 and 1.1 co-existance, merge conflicts. To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 src/external/bsd/nsd/Makefile.inc cvs rdiff -u -r1.2 -r1.3 src/external/bsd/nsd/dist/util.h cvs rdiff -u -r1.1 -r1.2 src/external/bsd/nsd/include/config.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/crypto/external/bsd/openssl.old/dist/crypto/hmac
Module Name:src Committed By: christos Date: Fri Feb 9 17:11:14 UTC 2018 Modified Files: src/crypto/external/bsd/openssl.old/dist/crypto/hmac: hmac.h Log Message: add reset, needed by nsd. To generate a diff of this commit: cvs rdiff -u -r1.6 -r1.7 \ src/crypto/external/bsd/openssl.old/dist/crypto/hmac/hmac.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/crypto/external/bsd/openssl.old/dist/crypto/hmac
Module Name:src Committed By: christos Date: Fri Feb 9 17:11:14 UTC 2018 Modified Files: src/crypto/external/bsd/openssl.old/dist/crypto/hmac: hmac.h Log Message: add reset, needed by nsd. To generate a diff of this commit: cvs rdiff -u -r1.6 -r1.7 \ src/crypto/external/bsd/openssl.old/dist/crypto/hmac/hmac.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssl.old/dist/crypto/hmac/hmac.h diff -u src/crypto/external/bsd/openssl.old/dist/crypto/hmac/hmac.h:1.6 src/crypto/external/bsd/openssl.old/dist/crypto/hmac/hmac.h:1.7 --- src/crypto/external/bsd/openssl.old/dist/crypto/hmac/hmac.h:1.6 Tue Feb 6 14:58:30 2018 +++ src/crypto/external/bsd/openssl.old/dist/crypto/hmac/hmac.h Fri Feb 9 12:11:14 2018 @@ -119,6 +119,12 @@ static inline void HMAC_CTX_free(HMAC_CT HMAC_CTX_cleanup(ctx); free(ctx); } + +static inline void HMAC_CTX_reset(HMAC_CTX *ctx) +{ + HMAC_CTX_cleanup(ctx); + HMAC_CTX_init(ctx); +} #endif
CVS import: src/external/bsd/nsd/dist
Module Name:src Committed By: christos Date: Fri Feb 9 16:52:55 UTC 2018 Update of /cvsroot/src/external/bsd/nsd/dist In directory ivanova.netbsd.org:/tmp/cvs-serv21175 Log Message: NSD 4.1.19 Dec 11, 2017 Bugfixes ignore fallthrough compiler warning in flex EOF rule. Fix warnings emitted by clang for --enable-packed. Alignment is not a problem for x86_64, don't enable packed when the platform requires aligned access. Fix spelling error in xfr-inspect. Fix 3392: Fix regression in 4.1.18 for notify lists with ip4 and ip6 targets. Add test for support of -Wno-address-of-packed-member for --enable-packed. NSD 4.1.18 Nov 30, 2017 Features xfr-inspect, it is not installed, it prints xfr files from /tmp made with 'make xfr-inspect' in the source dir. retry timeout between sending notifies dropped from 15 to 3 sec. NSD sends 16 notifies simultaneously. configure --enable-packed reduces memory usage, at expense of unaligned reads. Saves about 17%. Save memory by selectively allocate precompiled nsec3 hashes, saves about 16% memory. make ip-transparent option work on OpenBSD. Save about 2% memory by changing usage count size in name tree. Fix #2871: Increase number of sockets for xfrd transfers. Bugfixes Fix gcc 7.1.1 warnings. Fix writev compile warning on FreeBSD. Fix #1446: A corrupted zone file "propagates" to good ones. nsd-control zonestatus prints wait time between attempts, for zones that are in that waiting time. Fix collision printout of nsec3 to print name, hash and reverse. Fix #1567: Change crit to err log level for gettimeofday failure. Add defines for compile without syslog. Fix crash for DS query when parent and child zones both configured in nsd.conf and parent zone has not loaded properly. NSD 4.1.17 Jul 21, 2017 Features zone parser parses type AVC (it has TXT format). Fix #1272: use writev to put tcp length field with data for outgoing zone transfer requests. Bugfixes Fix potential null pointer in nsec3 adjustment tree. Fix text format of deletes for CDS and CDNSKEY, single 0 to represent empty base64 or hex string. NSD 4.1.16 Apr 25, 2017 Features zone parser can parse acronyms for algorithms ED25519 and ED448. Fix 1243: Option to make NSD emit really minimal responses, minimal-responses: yes in nsd.conf. Bugfixes Calculate new udb index after growing the array, fix from Chaofeng Liu. Fix missing _t to _type conversion for disable-radix-tree option. Printout serial error with hint it may be too big. Fix 1228: OpenSSL include is not guarded with HAVE_SSL Patch for expire state in multi-master when masters includes broken master, from Manabu Sonoda. minor manpage fix. NSD 4.1.15 Feb 16, 2017 Bugfixes Fix nsd-control and ipv6 only. Squelch zone transfer error address family not supported by protocol at low verbosity levels. Fix #1195: Fix so that NSD fails on non-compliant values for Serial. Fix to rename _t typedefs because POSIX reserves them. Fix that nsec3 hash collisions only reported on verbosity level 3. Status: Vendor Tag: NLNETLABS Release Tags: nsd-4-1-19 U src/external/bsd/nsd/dist/configlexer.c U src/external/bsd/nsd/dist/axfr.c U src/external/bsd/nsd/dist/tsig-openssl.h U src/external/bsd/nsd/dist/rrl.c U src/external/bsd/nsd/dist/udbzone.h U src/external/bsd/nsd/dist/LICENSE U src/external/bsd/nsd/dist/region-allocator.h U src/external/bsd/nsd/dist/iterated_hash.h U src/external/bsd/nsd/dist/nsec3.h U src/external/bsd/nsd/dist/nsd.8.in U src/external/bsd/nsd/dist/remote.h U src/external/bsd/nsd/dist/server.c U src/external/bsd/nsd/dist/packet.h U src/external/bsd/nsd/dist/query.c U src/external/bsd/nsd/dist/answer.h U src/external/bsd/nsd/dist/buffer.h U src/external/bsd/nsd/dist/nsd.h U src/external/bsd/nsd/dist/nsec3.c U src/external/bsd/nsd/dist/configure.ac U src/external/bsd/nsd/dist/xfrd-tcp.c U src/external/bsd/nsd/dist/zonec.h U src/external/bsd/nsd/dist/xfrd-disk.c U src/external/bsd/nsd/dist/remote.c U src/external/bsd/nsd/dist/udb.h U src/external/bsd/nsd/dist/configparser.h U src/external/bsd/nsd/dist/xfrd-tcp.h U src/external/bsd/nsd/dist/tsig-openssl.c U src/external/bsd/nsd/dist/netio.c U src/external/bsd/nsd/dist/nsd.c U src/external/bsd/nsd/dist/axfr.h U src/external/bsd/nsd/dist/tsig.c U src/external/bsd/nsd/dist/rrl.h U src/external/bsd/nsd/dist/configyyrename.h U src/external/bsd/nsd/dist/nsd.conf.sample.in U src/external/bsd/nsd/dist/tsig.h U src/external/bsd/nsd/dist/nsd.conf.5.in U src/external/bsd/nsd/dist/nsd-control.c U src/external/bsd/nsd/dist/rdata.h U src/external/bsd/nsd/dist/configparser.c U src/external/bsd/nsd/dist/answer.c U src/external/bsd/nsd/dist/xfrd.h U src/external/bsd/nsd/dist/xfrd.c U src/external/bsd/nsd/dist/xfrd-notify.c U src/external/bsd/nsd/dist/nsd-checkconf.c U src/external/bsd/nsd/dist/Makefile.in U src/external/bsd/nsd/dist/configure U src/external/bsd/nsd/dist/packet.c U src/external/bsd/nsd/dist/radtree.h U src/external/bsd/nsd/dist/mini_event.h U
CVS import: src/external/bsd/nsd/dist
Module Name:src Committed By: christos Date: Fri Feb 9 16:52:55 UTC 2018 Update of /cvsroot/src/external/bsd/nsd/dist In directory ivanova.netbsd.org:/tmp/cvs-serv21175 Log Message: NSD 4.1.19 Dec 11, 2017 Bugfixes ignore fallthrough compiler warning in flex EOF rule. Fix warnings emitted by clang for --enable-packed. Alignment is not a problem for x86_64, don't enable packed when the platform requires aligned access. Fix spelling error in xfr-inspect. Fix 3392: Fix regression in 4.1.18 for notify lists with ip4 and ip6 targets. Add test for support of -Wno-address-of-packed-member for --enable-packed. NSD 4.1.18 Nov 30, 2017 Features xfr-inspect, it is not installed, it prints xfr files from /tmp made with 'make xfr-inspect' in the source dir. retry timeout between sending notifies dropped from 15 to 3 sec. NSD sends 16 notifies simultaneously. configure --enable-packed reduces memory usage, at expense of unaligned reads. Saves about 17%. Save memory by selectively allocate precompiled nsec3 hashes, saves about 16% memory. make ip-transparent option work on OpenBSD. Save about 2% memory by changing usage count size in name tree. Fix #2871: Increase number of sockets for xfrd transfers. Bugfixes Fix gcc 7.1.1 warnings. Fix writev compile warning on FreeBSD. Fix #1446: A corrupted zone file "propagates" to good ones. nsd-control zonestatus prints wait time between attempts, for zones that are in that waiting time. Fix collision printout of nsec3 to print name, hash and reverse. Fix #1567: Change crit to err log level for gettimeofday failure. Add defines for compile without syslog. Fix crash for DS query when parent and child zones both configured in nsd.conf and parent zone has not loaded properly. NSD 4.1.17 Jul 21, 2017 Features zone parser parses type AVC (it has TXT format). Fix #1272: use writev to put tcp length field with data for outgoing zone transfer requests. Bugfixes Fix potential null pointer in nsec3 adjustment tree. Fix text format of deletes for CDS and CDNSKEY, single 0 to represent empty base64 or hex string. NSD 4.1.16 Apr 25, 2017 Features zone parser can parse acronyms for algorithms ED25519 and ED448. Fix 1243: Option to make NSD emit really minimal responses, minimal-responses: yes in nsd.conf. Bugfixes Calculate new udb index after growing the array, fix from Chaofeng Liu. Fix missing _t to _type conversion for disable-radix-tree option. Printout serial error with hint it may be too big. Fix 1228: OpenSSL include is not guarded with HAVE_SSL Patch for expire state in multi-master when masters includes broken master, from Manabu Sonoda. minor manpage fix. NSD 4.1.15 Feb 16, 2017 Bugfixes Fix nsd-control and ipv6 only. Squelch zone transfer error address family not supported by protocol at low verbosity levels. Fix #1195: Fix so that NSD fails on non-compliant values for Serial. Fix to rename _t typedefs because POSIX reserves them. Fix that nsec3 hash collisions only reported on verbosity level 3. Status: Vendor Tag: NLNETLABS Release Tags: nsd-4-1-19 U src/external/bsd/nsd/dist/configlexer.c U src/external/bsd/nsd/dist/axfr.c U src/external/bsd/nsd/dist/tsig-openssl.h U src/external/bsd/nsd/dist/rrl.c U src/external/bsd/nsd/dist/udbzone.h U src/external/bsd/nsd/dist/LICENSE U src/external/bsd/nsd/dist/region-allocator.h U src/external/bsd/nsd/dist/iterated_hash.h U src/external/bsd/nsd/dist/nsec3.h U src/external/bsd/nsd/dist/nsd.8.in U src/external/bsd/nsd/dist/remote.h U src/external/bsd/nsd/dist/server.c U src/external/bsd/nsd/dist/packet.h U src/external/bsd/nsd/dist/query.c U src/external/bsd/nsd/dist/answer.h U src/external/bsd/nsd/dist/buffer.h U src/external/bsd/nsd/dist/nsd.h U src/external/bsd/nsd/dist/nsec3.c U src/external/bsd/nsd/dist/configure.ac U src/external/bsd/nsd/dist/xfrd-tcp.c U src/external/bsd/nsd/dist/zonec.h U src/external/bsd/nsd/dist/xfrd-disk.c U src/external/bsd/nsd/dist/remote.c U src/external/bsd/nsd/dist/udb.h U src/external/bsd/nsd/dist/configparser.h U src/external/bsd/nsd/dist/xfrd-tcp.h U src/external/bsd/nsd/dist/tsig-openssl.c U src/external/bsd/nsd/dist/netio.c U src/external/bsd/nsd/dist/nsd.c U src/external/bsd/nsd/dist/axfr.h U src/external/bsd/nsd/dist/tsig.c U src/external/bsd/nsd/dist/rrl.h U src/external/bsd/nsd/dist/configyyrename.h U src/external/bsd/nsd/dist/nsd.conf.sample.in U src/external/bsd/nsd/dist/tsig.h U src/external/bsd/nsd/dist/nsd.conf.5.in U src/external/bsd/nsd/dist/nsd-control.c U src/external/bsd/nsd/dist/rdata.h U src/external/bsd/nsd/dist/configparser.c U src/external/bsd/nsd/dist/answer.c U src/external/bsd/nsd/dist/xfrd.h U src/external/bsd/nsd/dist/xfrd.c U src/external/bsd/nsd/dist/xfrd-notify.c U src/external/bsd/nsd/dist/nsd-checkconf.c U src/external/bsd/nsd/dist/Makefile.in U src/external/bsd/nsd/dist/configure U src/external/bsd/nsd/dist/packet.c U src/external/bsd/nsd/dist/radtree.h U src/external/bsd/nsd/dist/mini_event.h U
Re: CVS commit: src/external/bsd/unbound/include
On Feb 9, 9:43am, r...@marples.name (Roy Marples) wrote: -- Subject: Re: CVS commit: src/external/bsd/unbound/include | Then please pass correct paths to the method which does the generation. | Programs in base shouldn't try and use /usr/local by default. Sorry, I read the diff backwards. christos
Re: CVS commit: src/include
On Feb 9, 12:15pm, u...@stderr.spb.ru (Valery Ushakov) wrote: -- Subject: Re: CVS commit: src/include | On Fri, Feb 09, 2018 at 02:44:05 +, Christos Zoulas wrote: | | > In article <20180208234417.ga23...@britannica.bec.de>, | > Joerg Sonnenbergerwrote: | > >On Thu, Feb 08, 2018 at 10:56:22PM +, Christos Zoulas wrote: | > >> In article <20180207130259.ga21...@britannica.bec.de>, | > >> Joerg Sonnenberger wrote: | > >> >On Tue, Feb 06, 2018 at 03:21:21PM -0500, Christos Zoulas wrote: | > >> >> Module Name: src | > >> >> Committed By: christos | > >> >> Date: Tue Feb 6 20:21:21 UTC 2018 | > >> >> | > >> >> Modified Files: | > >> >> src/include: unistd.h | > >> >> | > >> >> Log Message: | > >> >> detect duplicate declaration of pthread_atfork() in pthread.h | > >> > | > >> >Is this for some new broken GCC warning? | > >> > | > >> | > >> This is what the compiler said, and we have prior art for this (macro | > >> protect to avoid dup declarations -- grep for _DECLARED). | > > | > >Normally only for typedefs, since pre-C11 (?) it was invalid to typedef | > >the same thing twice. That's not true for prototypes though. | > | > We have been doing this for functions for a while; check unistd.h | | But *why* have we been doing that? I added the redundand decls warning in bsd.sys.mk in 2001, but it is still commented out. Is that now part of -Wall? christos
CVS commit: src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386
Module Name:src Committed By: christos Date: Fri Feb 9 16:06:59 UTC 2018 Modified Files: src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386: Makefile aes-586.S aesni-x86.S bn.inc cast-586.S chacha-x86.S cmll-x86.S crypt586.S e_padlock-x86.S ecp_nistz256-x86.S md5-586.S poly1305-x86.S rc4-586.S x86cpuid.S Added Files: src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386: ec.inc Log Message: XXX: use /dev/stdout because OpenSSL changed the params for i386!!?!? To generate a diff of this commit: cvs rdiff -u -r1.8 -r1.9 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/Makefile \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/aesni-x86.S cvs rdiff -u -r1.7 -r1.8 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/aes-586.S \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/md5-586.S cvs rdiff -u -r1.3 -r1.4 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/bn.inc cvs rdiff -u -r1.5 -r1.6 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/cast-586.S \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/cmll-x86.S cvs rdiff -u -r1.1 -r1.2 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/chacha-x86.S \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/e_padlock-x86.S \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/ecp_nistz256-x86.S \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/poly1305-x86.S cvs rdiff -u -r1.4 -r1.5 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/crypt586.S cvs rdiff -u -r0 -r1.1 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/ec.inc cvs rdiff -u -r1.6 -r1.7 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/rc4-586.S cvs rdiff -u -r1.14 -r1.15 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/x86cpuid.S Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/arch/atari/pci
Module Name:src Committed By: tsutsui Date: Fri Feb 9 15:24:35 UTC 2018 Modified Files: src/sys/arch/atari/pci: pci_machdep.c Log Message: On Milan, also explicitly disable MBIRQ1 on PIIX. Milan's ROM bootloader v1.2 and v1.4 incorrectly set MBIRQ0 connected to the secondary IDE to IRQ14 (not 15) and unused MBIRQ1 to IRQ15, so both IDE channels don't work properly. To generate a diff of this commit: cvs rdiff -u -r1.55 -r1.56 src/sys/arch/atari/pci/pci_machdep.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/atari/pci/pci_machdep.c diff -u src/sys/arch/atari/pci/pci_machdep.c:1.55 src/sys/arch/atari/pci/pci_machdep.c:1.56 --- src/sys/arch/atari/pci/pci_machdep.c:1.55 Wed Jan 31 15:36:29 2018 +++ src/sys/arch/atari/pci/pci_machdep.c Fri Feb 9 15:24:35 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: pci_machdep.c,v 1.55 2018/01/31 15:36:29 tsutsui Exp $ */ +/* $NetBSD: pci_machdep.c,v 1.56 2018/02/09 15:24:35 tsutsui Exp $ */ /* * Copyright (c) 1996 Leo Weppelman. All rights reserved. @@ -32,7 +32,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: pci_machdep.c,v 1.55 2018/01/31 15:36:29 tsutsui Exp $"); +__KERNEL_RCSID(0, "$NetBSD: pci_machdep.c,v 1.56 2018/02/09 15:24:35 tsutsui Exp $"); #include "opt_mbtype.h" @@ -454,10 +454,15 @@ enable_pci_devices(void) #define PIIX_PCIB_MBIRQ0 0x70 if ((PCI_VENDOR(id) == PCI_VENDOR_INTEL) && (PCI_PRODUCT(id) == PCI_PRODUCT_INTEL_82371FB_ISA)) { - /* Set Interrupt Routing for MBIRQ0 to IRQ15 */ + /* + * Set Interrupt Routing for MBIRQ0 to IRQ15. + * Note Milan's ROM bootloader v1.2 and v1.4 incorrectly + * set MBIRQ0 to IRQ14 (not 15) and unused MBIRQ1 to IRQ 15, + * so explicitly disable MBIRQ1. + */ csr = pci_conf_read(pc, tag, PIIX_PCIB_MBIRQ0); - csr &= ~0x0ff; - csr |= 0x00f; /* IRQ15 */ + csr &= ~0x000; + csr |= 0x000800f; /* MBIRQ1: disable, MBIRQ0: IRQ15 */ pci_conf_write(pc, tag, PIIX_PCIB_MBIRQ0, csr); #ifdef DEBUG_PCI_MACHDEP printf("\npcib0: enable and route MBIRQ0 to irq 15\n");
CVS commit: src/sys/arch/atari/pci
Module Name:src Committed By: tsutsui Date: Fri Feb 9 15:24:35 UTC 2018 Modified Files: src/sys/arch/atari/pci: pci_machdep.c Log Message: On Milan, also explicitly disable MBIRQ1 on PIIX. Milan's ROM bootloader v1.2 and v1.4 incorrectly set MBIRQ0 connected to the secondary IDE to IRQ14 (not 15) and unused MBIRQ1 to IRQ15, so both IDE channels don't work properly. To generate a diff of this commit: cvs rdiff -u -r1.55 -r1.56 src/sys/arch/atari/pci/pci_machdep.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6-0] src/doc
Module Name:src Committed By: martin Date: Fri Feb 9 14:12:56 UTC 2018 Modified Files: src/doc [netbsd-6-0]: CHANGES-6.0.7 Log Message: Ticket #1526 To generate a diff of this commit: cvs rdiff -u -r1.1.2.126 -r1.1.2.127 src/doc/CHANGES-6.0.7 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-6.0.7 diff -u src/doc/CHANGES-6.0.7:1.1.2.126 src/doc/CHANGES-6.0.7:1.1.2.127 --- src/doc/CHANGES-6.0.7:1.1.2.126 Fri Feb 2 13:14:15 2018 +++ src/doc/CHANGES-6.0.7 Fri Feb 9 14:12:55 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-6.0.7,v 1.1.2.126 2018/02/02 13:14:15 martin Exp $ +# $NetBSD: CHANGES-6.0.7,v 1.1.2.127 2018/02/09 14:12:55 martin Exp $ A complete list of changes from the NetBSD 6.0.6 release to the NetBSD 6.0.7 release: @@ -15308,3 +15308,8 @@ sys/netinet6/nd6_nbr.c1.145 (via pat Fix memory leak. [maxv, ticket #1525] +sys/netinet/ip_input.c1.366 + + Disable LSRR/SSRR by default. + [maxv, ticket #1526] +
CVS commit: [netbsd-6-0] src/doc
Module Name:src Committed By: martin Date: Fri Feb 9 14:12:56 UTC 2018 Modified Files: src/doc [netbsd-6-0]: CHANGES-6.0.7 Log Message: Ticket #1526 To generate a diff of this commit: cvs rdiff -u -r1.1.2.126 -r1.1.2.127 src/doc/CHANGES-6.0.7 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6-0] src/sys/netinet
Module Name:src Committed By: martin Date: Fri Feb 9 14:12:22 UTC 2018 Modified Files: src/sys/netinet [netbsd-6-0]: ip_input.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1526): sys/netinet/ip_input.c: revision 1.366 Disable ip_allowsrcrt and ip_forwsrcrt. Enabling them by default was a completely dumb idea, because they have security implications. By sending an IPv4 packet containing an LSRR option, an attacker will cause the system to forward the packet to another IPv4 address - and this way he white-washes the source of the packet. It is also possible for an attacker to reach hidden networks: if a server has a public address, and a private one on an internal network (network which has several internal machines connected), the attacker can send a packet with: source = 0.0.0.0 destination = public address of the server LSRR first address = address of a machine on the internal network And the packet will be forwarded, by the server, to the internal machine, in some cases even with the internal IP address of the server as a source. To generate a diff of this commit: cvs rdiff -u -r1.298 -r1.298.6.1 src/sys/netinet/ip_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6-0] src/sys/netinet
Module Name:src Committed By: martin Date: Fri Feb 9 14:12:22 UTC 2018 Modified Files: src/sys/netinet [netbsd-6-0]: ip_input.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1526): sys/netinet/ip_input.c: revision 1.366 Disable ip_allowsrcrt and ip_forwsrcrt. Enabling them by default was a completely dumb idea, because they have security implications. By sending an IPv4 packet containing an LSRR option, an attacker will cause the system to forward the packet to another IPv4 address - and this way he white-washes the source of the packet. It is also possible for an attacker to reach hidden networks: if a server has a public address, and a private one on an internal network (network which has several internal machines connected), the attacker can send a packet with: source = 0.0.0.0 destination = public address of the server LSRR first address = address of a machine on the internal network And the packet will be forwarded, by the server, to the internal machine, in some cases even with the internal IP address of the server as a source. To generate a diff of this commit: cvs rdiff -u -r1.298 -r1.298.6.1 src/sys/netinet/ip_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/ip_input.c diff -u src/sys/netinet/ip_input.c:1.298 src/sys/netinet/ip_input.c:1.298.6.1 --- src/sys/netinet/ip_input.c:1.298 Mon Jan 9 14:31:22 2012 +++ src/sys/netinet/ip_input.c Fri Feb 9 14:12:22 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_input.c,v 1.298 2012/01/09 14:31:22 liamjfoy Exp $ */ +/* $NetBSD: ip_input.c,v 1.298.6.1 2018/02/09 14:12:22 martin Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -91,7 +91,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.298 2012/01/09 14:31:22 liamjfoy Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.298.6.1 2018/02/09 14:12:22 martin Exp $"); #include "opt_inet.h" #include "opt_compat_netbsd.h" @@ -161,10 +161,10 @@ __KERNEL_RCSID(0, "$NetBSD: ip_input.c,v #define IPSENDREDIRECTS 1 #endif #ifndef IPFORWSRCRT -#define IPFORWSRCRT 1 /* forward source-routed packets */ +#define IPFORWSRCRT 0 /* forward source-routed packets */ #endif #ifndef IPALLOWSRCRT -#define IPALLOWSRCRT 1 /* allow source-routed packets */ +#define IPALLOWSRCRT 0 /* allow source-routed packets */ #endif #ifndef IPMTUDISC #define IPMTUDISC 1
CVS commit: [netbsd-6-1] src/doc
Module Name:src Committed By: martin Date: Fri Feb 9 14:11:54 UTC 2018 Modified Files: src/doc [netbsd-6-1]: CHANGES-6.1.6 Log Message: Ticket #1526 To generate a diff of this commit: cvs rdiff -u -r1.1.2.123 -r1.1.2.124 src/doc/CHANGES-6.1.6 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-6.1.6 diff -u src/doc/CHANGES-6.1.6:1.1.2.123 src/doc/CHANGES-6.1.6:1.1.2.124 --- src/doc/CHANGES-6.1.6:1.1.2.123 Fri Feb 2 13:12:14 2018 +++ src/doc/CHANGES-6.1.6 Fri Feb 9 14:11:54 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-6.1.6,v 1.1.2.123 2018/02/02 13:12:14 martin Exp $ +# $NetBSD: CHANGES-6.1.6,v 1.1.2.124 2018/02/09 14:11:54 martin Exp $ A complete list of changes from the NetBSD 6.1.5 release to the NetBSD 6.1.6 release: @@ -14981,3 +14981,8 @@ sys/netinet6/nd6_nbr.c1.145 (via pat Fix memory leak. [maxv, ticket #1525] +sys/netinet/ip_input.c1.366 + + Disable LSRR/SSRR by default. + [maxv, ticket #1526] +
CVS commit: [netbsd-6-1] src/doc
Module Name:src Committed By: martin Date: Fri Feb 9 14:11:54 UTC 2018 Modified Files: src/doc [netbsd-6-1]: CHANGES-6.1.6 Log Message: Ticket #1526 To generate a diff of this commit: cvs rdiff -u -r1.1.2.123 -r1.1.2.124 src/doc/CHANGES-6.1.6 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6-1] src/sys/netinet
Module Name:src Committed By: martin Date: Fri Feb 9 14:11:21 UTC 2018 Modified Files: src/sys/netinet [netbsd-6-1]: ip_input.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1526): sys/netinet/ip_input.c: revision 1.366 Disable ip_allowsrcrt and ip_forwsrcrt. Enabling them by default was a completely dumb idea, because they have security implications. By sending an IPv4 packet containing an LSRR option, an attacker will cause the system to forward the packet to another IPv4 address - and this way he white-washes the source of the packet. It is also possible for an attacker to reach hidden networks: if a server has a public address, and a private one on an internal network (network which has several internal machines connected), the attacker can send a packet with: source = 0.0.0.0 destination = public address of the server LSRR first address = address of a machine on the internal network And the packet will be forwarded, by the server, to the internal machine, in some cases even with the internal IP address of the server as a source. To generate a diff of this commit: cvs rdiff -u -r1.298 -r1.298.8.1 src/sys/netinet/ip_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/ip_input.c diff -u src/sys/netinet/ip_input.c:1.298 src/sys/netinet/ip_input.c:1.298.8.1 --- src/sys/netinet/ip_input.c:1.298 Mon Jan 9 14:31:22 2012 +++ src/sys/netinet/ip_input.c Fri Feb 9 14:11:21 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_input.c,v 1.298 2012/01/09 14:31:22 liamjfoy Exp $ */ +/* $NetBSD: ip_input.c,v 1.298.8.1 2018/02/09 14:11:21 martin Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -91,7 +91,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.298 2012/01/09 14:31:22 liamjfoy Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.298.8.1 2018/02/09 14:11:21 martin Exp $"); #include "opt_inet.h" #include "opt_compat_netbsd.h" @@ -161,10 +161,10 @@ __KERNEL_RCSID(0, "$NetBSD: ip_input.c,v #define IPSENDREDIRECTS 1 #endif #ifndef IPFORWSRCRT -#define IPFORWSRCRT 1 /* forward source-routed packets */ +#define IPFORWSRCRT 0 /* forward source-routed packets */ #endif #ifndef IPALLOWSRCRT -#define IPALLOWSRCRT 1 /* allow source-routed packets */ +#define IPALLOWSRCRT 0 /* allow source-routed packets */ #endif #ifndef IPMTUDISC #define IPMTUDISC 1
CVS commit: [netbsd-6-1] src/sys/netinet
Module Name:src Committed By: martin Date: Fri Feb 9 14:11:21 UTC 2018 Modified Files: src/sys/netinet [netbsd-6-1]: ip_input.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1526): sys/netinet/ip_input.c: revision 1.366 Disable ip_allowsrcrt and ip_forwsrcrt. Enabling them by default was a completely dumb idea, because they have security implications. By sending an IPv4 packet containing an LSRR option, an attacker will cause the system to forward the packet to another IPv4 address - and this way he white-washes the source of the packet. It is also possible for an attacker to reach hidden networks: if a server has a public address, and a private one on an internal network (network which has several internal machines connected), the attacker can send a packet with: source = 0.0.0.0 destination = public address of the server LSRR first address = address of a machine on the internal network And the packet will be forwarded, by the server, to the internal machine, in some cases even with the internal IP address of the server as a source. To generate a diff of this commit: cvs rdiff -u -r1.298 -r1.298.8.1 src/sys/netinet/ip_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/doc
Module Name:src Committed By: martin Date: Fri Feb 9 14:10:35 UTC 2018 Modified Files: src/doc [netbsd-6]: CHANGES-6.2 Log Message: Ticket #1526 To generate a diff of this commit: cvs rdiff -u -r1.1.2.319 -r1.1.2.320 src/doc/CHANGES-6.2 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-6.2 diff -u src/doc/CHANGES-6.2:1.1.2.319 src/doc/CHANGES-6.2:1.1.2.320 --- src/doc/CHANGES-6.2:1.1.2.319 Fri Feb 2 13:10:44 2018 +++ src/doc/CHANGES-6.2 Fri Feb 9 14:10:35 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-6.2,v 1.1.2.319 2018/02/02 13:10:44 martin Exp $ +# $NetBSD: CHANGES-6.2,v 1.1.2.320 2018/02/09 14:10:35 martin Exp $ A complete list of changes from the 6.1 release until the 6.2 release: @@ -21039,3 +21039,8 @@ sys/netinet6/nd6_nbr.c1.145 (via pat Fix memory leak. [maxv, ticket #1525] +sys/netinet/ip_input.c1.366 + + Disable LSRR/SSRR by default. + [maxv, ticket #1526] +
CVS commit: [netbsd-6] src/doc
Module Name:src Committed By: martin Date: Fri Feb 9 14:10:35 UTC 2018 Modified Files: src/doc [netbsd-6]: CHANGES-6.2 Log Message: Ticket #1526 To generate a diff of this commit: cvs rdiff -u -r1.1.2.319 -r1.1.2.320 src/doc/CHANGES-6.2 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-6] src/sys/netinet
Module Name:src Committed By: martin Date: Fri Feb 9 14:09:35 UTC 2018 Modified Files: src/sys/netinet [netbsd-6]: ip_input.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1526): sys/netinet/ip_input.c: revision 1.366 Disable ip_allowsrcrt and ip_forwsrcrt. Enabling them by default was a completely dumb idea, because they have security implications. By sending an IPv4 packet containing an LSRR option, an attacker will cause the system to forward the packet to another IPv4 address - and this way he white-washes the source of the packet. It is also possible for an attacker to reach hidden networks: if a server has a public address, and a private one on an internal network (network which has several internal machines connected), the attacker can send a packet with: source = 0.0.0.0 destination = public address of the server LSRR first address = address of a machine on the internal network And the packet will be forwarded, by the server, to the internal machine, in some cases even with the internal IP address of the server as a source. To generate a diff of this commit: cvs rdiff -u -r1.298 -r1.298.2.1 src/sys/netinet/ip_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/ip_input.c diff -u src/sys/netinet/ip_input.c:1.298 src/sys/netinet/ip_input.c:1.298.2.1 --- src/sys/netinet/ip_input.c:1.298 Mon Jan 9 14:31:22 2012 +++ src/sys/netinet/ip_input.c Fri Feb 9 14:09:35 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_input.c,v 1.298 2012/01/09 14:31:22 liamjfoy Exp $ */ +/* $NetBSD: ip_input.c,v 1.298.2.1 2018/02/09 14:09:35 martin Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -91,7 +91,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.298 2012/01/09 14:31:22 liamjfoy Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.298.2.1 2018/02/09 14:09:35 martin Exp $"); #include "opt_inet.h" #include "opt_compat_netbsd.h" @@ -161,10 +161,10 @@ __KERNEL_RCSID(0, "$NetBSD: ip_input.c,v #define IPSENDREDIRECTS 1 #endif #ifndef IPFORWSRCRT -#define IPFORWSRCRT 1 /* forward source-routed packets */ +#define IPFORWSRCRT 0 /* forward source-routed packets */ #endif #ifndef IPALLOWSRCRT -#define IPALLOWSRCRT 1 /* allow source-routed packets */ +#define IPALLOWSRCRT 0 /* allow source-routed packets */ #endif #ifndef IPMTUDISC #define IPMTUDISC 1
CVS commit: [netbsd-6] src/sys/netinet
Module Name:src Committed By: martin Date: Fri Feb 9 14:09:35 UTC 2018 Modified Files: src/sys/netinet [netbsd-6]: ip_input.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1526): sys/netinet/ip_input.c: revision 1.366 Disable ip_allowsrcrt and ip_forwsrcrt. Enabling them by default was a completely dumb idea, because they have security implications. By sending an IPv4 packet containing an LSRR option, an attacker will cause the system to forward the packet to another IPv4 address - and this way he white-washes the source of the packet. It is also possible for an attacker to reach hidden networks: if a server has a public address, and a private one on an internal network (network which has several internal machines connected), the attacker can send a packet with: source = 0.0.0.0 destination = public address of the server LSRR first address = address of a machine on the internal network And the packet will be forwarded, by the server, to the internal machine, in some cases even with the internal IP address of the server as a source. To generate a diff of this commit: cvs rdiff -u -r1.298 -r1.298.2.1 src/sys/netinet/ip_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7-0] src/doc
Module Name:src Committed By: martin Date: Fri Feb 9 14:06:57 UTC 2018 Modified Files: src/doc [netbsd-7-0]: CHANGES-7.0.3 Log Message: Ticket #1563 To generate a diff of this commit: cvs rdiff -u -r1.1.2.77 -r1.1.2.78 src/doc/CHANGES-7.0.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7-0] src/doc
Module Name:src Committed By: martin Date: Fri Feb 9 14:06:57 UTC 2018 Modified Files: src/doc [netbsd-7-0]: CHANGES-7.0.3 Log Message: Ticket #1563 To generate a diff of this commit: cvs rdiff -u -r1.1.2.77 -r1.1.2.78 src/doc/CHANGES-7.0.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.0.3 diff -u src/doc/CHANGES-7.0.3:1.1.2.77 src/doc/CHANGES-7.0.3:1.1.2.78 --- src/doc/CHANGES-7.0.3:1.1.2.77 Fri Feb 2 13:07:09 2018 +++ src/doc/CHANGES-7.0.3 Fri Feb 9 14:06:57 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.0.3,v 1.1.2.77 2018/02/02 13:07:09 martin Exp $ +# $NetBSD: CHANGES-7.0.3,v 1.1.2.78 2018/02/09 14:06:57 martin Exp $ A complete list of changes from the NetBSD 7.0.2 release to the NetBSD 7.0.3 release: @@ -5212,3 +5212,8 @@ sys/netinet6/nd6_nbr.c1.145 (via pat Fix memory leak. [maxv, ticket #1562] +sys/netinet/ip_input.c1.366 (via patch) + + Disable LSRR/SSRR by default. + [maxv, ticket #1563] +
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Fri Feb 9 14:06:18 UTC 2018 Modified Files: src/sys/netinet: tcp_input.c Log Message: Style, and move the 'ip_srcroute' call after 'tcp_dooptions', otherwise we're leaking 'ipopts'. (Harmless, since TCP_SIGNATURE is disabled.) To generate a diff of this commit: cvs rdiff -u -r1.374 -r1.375 src/sys/netinet/tcp_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Fri Feb 9 14:06:02 UTC 2018 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.2 Log Message: Ticket #1563 To generate a diff of this commit: cvs rdiff -u -r1.1.2.7 -r1.1.2.8 src/doc/CHANGES-7.1.2 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7-0] src/sys/netinet
Module Name:src Committed By: martin Date: Fri Feb 9 14:06:25 UTC 2018 Modified Files: src/sys/netinet [netbsd-7-0]: ip_input.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1563): sys/netinet/ip_input.c: revision 1.366 (via patch) Disable ip_allowsrcrt and ip_forwsrcrt. Enabling them by default was a completely dumb idea, because they have security implications. By sending an IPv4 packet containing an LSRR option, an attacker will cause the system to forward the packet to another IPv4 address - and this way he white-washes the source of the packet. It is also possible for an attacker to reach hidden networks: if a server has a public address, and a private one on an internal network (network which has several internal machines connected), the attacker can send a packet with: source = 0.0.0.0 destination = public address of the server LSRR first address = address of a machine on the internal network And the packet will be forwarded, by the server, to the internal machine, in some cases even with the internal IP address of the server as a source. To generate a diff of this commit: cvs rdiff -u -r1.319 -r1.319.6.1 src/sys/netinet/ip_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/ip_input.c diff -u src/sys/netinet/ip_input.c:1.319 src/sys/netinet/ip_input.c:1.319.6.1 --- src/sys/netinet/ip_input.c:1.319 Mon Jun 16 00:33:39 2014 +++ src/sys/netinet/ip_input.c Fri Feb 9 14:06:25 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_input.c,v 1.319 2014/06/16 00:33:39 ozaki-r Exp $ */ +/* $NetBSD: ip_input.c,v 1.319.6.1 2018/02/09 14:06:25 martin Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -91,7 +91,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.319 2014/06/16 00:33:39 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.319.6.1 2018/02/09 14:06:25 martin Exp $"); #include "opt_inet.h" #include "opt_compat_netbsd.h" @@ -157,10 +157,10 @@ __KERNEL_RCSID(0, "$NetBSD: ip_input.c,v #define IPSENDREDIRECTS 1 #endif #ifndef IPFORWSRCRT -#define IPFORWSRCRT 1 /* forward source-routed packets */ +#define IPFORWSRCRT 0 /* forward source-routed packets */ #endif #ifndef IPALLOWSRCRT -#define IPALLOWSRCRT 1 /* allow source-routed packets */ +#define IPALLOWSRCRT 0 /* allow source-routed packets */ #endif #ifndef IPMTUDISC #define IPMTUDISC 1
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Fri Feb 9 14:06:02 UTC 2018 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.2 Log Message: Ticket #1563 To generate a diff of this commit: cvs rdiff -u -r1.1.2.7 -r1.1.2.8 src/doc/CHANGES-7.1.2 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.2 diff -u src/doc/CHANGES-7.1.2:1.1.2.7 src/doc/CHANGES-7.1.2:1.1.2.8 --- src/doc/CHANGES-7.1.2:1.1.2.7 Fri Feb 2 13:05:34 2018 +++ src/doc/CHANGES-7.1.2 Fri Feb 9 14:06:02 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.2,v 1.1.2.7 2018/02/02 13:05:34 martin Exp $ +# $NetBSD: CHANGES-7.1.2,v 1.1.2.8 2018/02/09 14:06:02 martin Exp $ A complete list of changes from the NetBSD 7.1.1 release to the NetBSD 7.1.2 release: @@ -100,3 +100,8 @@ sys/netinet6/nd6_nbr.c1.145 (via pat Fix memory leak. [maxv, ticket #1562] +sys/netinet/ip_input.c1.366 (via patch) + + Disable LSRR/SSRR by default. + [maxv, ticket #1563] +
CVS commit: src/sys/netinet
Module Name:src Committed By: maxv Date: Fri Feb 9 14:06:18 UTC 2018 Modified Files: src/sys/netinet: tcp_input.c Log Message: Style, and move the 'ip_srcroute' call after 'tcp_dooptions', otherwise we're leaking 'ipopts'. (Harmless, since TCP_SIGNATURE is disabled.) To generate a diff of this commit: cvs rdiff -u -r1.374 -r1.375 src/sys/netinet/tcp_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/tcp_input.c diff -u src/sys/netinet/tcp_input.c:1.374 src/sys/netinet/tcp_input.c:1.375 --- src/sys/netinet/tcp_input.c:1.374 Thu Feb 8 20:50:00 2018 +++ src/sys/netinet/tcp_input.c Fri Feb 9 14:06:17 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_input.c,v 1.374 2018/02/08 20:50:00 maxv Exp $ */ +/* $NetBSD: tcp_input.c,v 1.375 2018/02/09 14:06:17 maxv Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -148,7 +148,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.374 2018/02/08 20:50:00 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.375 2018/02/09 14:06:17 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -3224,8 +3224,7 @@ tcp_signature(struct mbuf *m, struct tcp */ static int -tcp_dooptions(struct tcpcb *tp, const u_char *cp, int cnt, -struct tcphdr *th, +tcp_dooptions(struct tcpcb *tp, const u_char *cp, int cnt, struct tcphdr *th, struct mbuf *m, int toff, struct tcp_opt_info *oi) { u_int16_t mss; @@ -4247,7 +4246,6 @@ syn_cache_unreach(const struct sockaddr * consume all available buffer space if it were ACKed. By not ACKing * the data, we avoid this DoS scenario. */ - int syn_cache_add(struct sockaddr *src, struct sockaddr *dst, struct tcphdr *th, unsigned int hlen, struct socket *so, struct mbuf *m, u_char *optp, @@ -4266,31 +4264,12 @@ syn_cache_add(struct sockaddr *src, stru memset(, 0, sizeof(opti)); /* - * RFC1122 4.2.3.10, p. 104: discard bcast/mcast SYN - * - * Note this check is performed in tcp_input() very early on. - */ - - /* * Initialize some local state. */ win = sbspace(>so_rcv); if (win > TCP_MAXWIN) win = TCP_MAXWIN; - switch (src->sa_family) { -#ifdef INET - case AF_INET: - /* - * Remember the IP options, if any. - */ - ipopts = ip_srcroute(m); - break; -#endif - default: - ipopts = NULL; - } - #ifdef TCP_SIGNATURE if (optp || (tp->t_flags & TF_SIGNATURE)) #else @@ -4304,10 +4283,23 @@ syn_cache_add(struct sockaddr *src, stru tb.t_state = TCPS_LISTEN; if (tcp_dooptions(, optp, optlen, th, m, m->m_pkthdr.len - sizeof(struct tcphdr) - optlen - hlen, oi) < 0) - return (0); + return 0; } else tb.t_flags = 0; + switch (src->sa_family) { +#ifdef INET + case AF_INET: + /* + * Remember the IP options, if any. + */ + ipopts = ip_srcroute(m); + break; +#endif + default: + ipopts = NULL; + } + /* * See if we already have an entry for this connection. * If we do, resend the SYN,ACK. We do not count this @@ -4321,7 +4313,7 @@ syn_cache_add(struct sockaddr *src, stru * forget it and use the new one we've been given. */ if (sc->sc_ipopts) -(void) m_free(sc->sc_ipopts); +(void)m_free(sc->sc_ipopts); sc->sc_ipopts = ipopts; } sc->sc_timestamp = tb.ts_recent; @@ -4331,7 +4323,7 @@ syn_cache_add(struct sockaddr *src, stru tcps[TCP_STAT_SNDTOTAL]++; TCP_STAT_PUTREF(); } - return (1); + return 1; } s = splsoftnet(); @@ -4339,8 +4331,8 @@ syn_cache_add(struct sockaddr *src, stru splx(s); if (sc == NULL) { if (ipopts) - (void) m_free(ipopts); - return (0); + (void)m_free(ipopts); + return 0; } /* @@ -4358,8 +4350,8 @@ syn_cache_add(struct sockaddr *src, stru #ifdef INET case AF_INET: { - struct sockaddr_in *srcin = (void *) src; - struct sockaddr_in *dstin = (void *) dst; + struct sockaddr_in *srcin = (void *)src; + struct sockaddr_in *dstin = (void *)dst; sc->sc_iss = tcp_new_iss1(>sin_addr, >sin_addr, dstin->sin_port, @@ -4370,8 +4362,8 @@ syn_cache_add(struct sockaddr *src, stru #ifdef INET6 case AF_INET6: { - struct sockaddr_in6 *srcin6 = (void *) src; - struct sockaddr_in6 *dstin6 = (void *) dst; + struct sockaddr_in6 *srcin6 = (void *)src; + struct sockaddr_in6 *dstin6 = (void *)dst; sc->sc_iss = tcp_new_iss1(>sin6_addr, >sin6_addr, dstin6->sin6_port, @@ -4382,8 +4374,7 @@ syn_cache_add(struct sockaddr *src, stru } sc->sc_peermaxseg = oi->maxseg; sc->sc_ourmaxseg = tcp_mss_to_advertise(m->m_flags & M_PKTHDR ? - m_get_rcvif_NOMPSAFE(m) : NULL, - sc->sc_src.sa.sa_family); + m_get_rcvif_NOMPSAFE(m) : NULL, sc->sc_src.sa.sa_family); sc->sc_win = win; sc->sc_timebase = tcp_now - 1; /* see tcp_newtcpcb() */ sc->sc_timestamp = tb.ts_recent; @@ -4452,7 +4443,7 @@ syn_cache_add(struct sockaddr *src, stru splx(s); TCP_STATINC(TCP_STAT_SC_DROPPED); } - return
CVS commit: [netbsd-7-0] src/sys/netinet
Module Name:src Committed By: martin Date: Fri Feb 9 14:06:25 UTC 2018 Modified Files: src/sys/netinet [netbsd-7-0]: ip_input.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1563): sys/netinet/ip_input.c: revision 1.366 (via patch) Disable ip_allowsrcrt and ip_forwsrcrt. Enabling them by default was a completely dumb idea, because they have security implications. By sending an IPv4 packet containing an LSRR option, an attacker will cause the system to forward the packet to another IPv4 address - and this way he white-washes the source of the packet. It is also possible for an attacker to reach hidden networks: if a server has a public address, and a private one on an internal network (network which has several internal machines connected), the attacker can send a packet with: source = 0.0.0.0 destination = public address of the server LSRR first address = address of a machine on the internal network And the packet will be forwarded, by the server, to the internal machine, in some cases even with the internal IP address of the server as a source. To generate a diff of this commit: cvs rdiff -u -r1.319 -r1.319.6.1 src/sys/netinet/ip_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7-1] src/sys/netinet
Module Name:src Committed By: martin Date: Fri Feb 9 14:05:29 UTC 2018 Modified Files: src/sys/netinet [netbsd-7-1]: ip_input.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1563): sys/netinet/ip_input.c: revision 1.366 (via patch) Disable ip_allowsrcrt and ip_forwsrcrt. Enabling them by default was a completely dumb idea, because they have security implications. By sending an IPv4 packet containing an LSRR option, an attacker will cause the system to forward the packet to another IPv4 address - and this way he white-washes the source of the packet. It is also possible for an attacker to reach hidden networks: if a server has a public address, and a private one on an internal network (network which has several internal machines connected), the attacker can send a packet with: source = 0.0.0.0 destination = public address of the server LSRR first address = address of a machine on the internal network And the packet will be forwarded, by the server, to the internal machine, in some cases even with the internal IP address of the server as a source. To generate a diff of this commit: cvs rdiff -u -r1.319 -r1.319.10.1 src/sys/netinet/ip_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7-1] src/sys/netinet
Module Name:src Committed By: martin Date: Fri Feb 9 14:05:29 UTC 2018 Modified Files: src/sys/netinet [netbsd-7-1]: ip_input.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1563): sys/netinet/ip_input.c: revision 1.366 (via patch) Disable ip_allowsrcrt and ip_forwsrcrt. Enabling them by default was a completely dumb idea, because they have security implications. By sending an IPv4 packet containing an LSRR option, an attacker will cause the system to forward the packet to another IPv4 address - and this way he white-washes the source of the packet. It is also possible for an attacker to reach hidden networks: if a server has a public address, and a private one on an internal network (network which has several internal machines connected), the attacker can send a packet with: source = 0.0.0.0 destination = public address of the server LSRR first address = address of a machine on the internal network And the packet will be forwarded, by the server, to the internal machine, in some cases even with the internal IP address of the server as a source. To generate a diff of this commit: cvs rdiff -u -r1.319 -r1.319.10.1 src/sys/netinet/ip_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/ip_input.c diff -u src/sys/netinet/ip_input.c:1.319 src/sys/netinet/ip_input.c:1.319.10.1 --- src/sys/netinet/ip_input.c:1.319 Mon Jun 16 00:33:39 2014 +++ src/sys/netinet/ip_input.c Fri Feb 9 14:05:29 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_input.c,v 1.319 2014/06/16 00:33:39 ozaki-r Exp $ */ +/* $NetBSD: ip_input.c,v 1.319.10.1 2018/02/09 14:05:29 martin Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -91,7 +91,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.319 2014/06/16 00:33:39 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.319.10.1 2018/02/09 14:05:29 martin Exp $"); #include "opt_inet.h" #include "opt_compat_netbsd.h" @@ -157,10 +157,10 @@ __KERNEL_RCSID(0, "$NetBSD: ip_input.c,v #define IPSENDREDIRECTS 1 #endif #ifndef IPFORWSRCRT -#define IPFORWSRCRT 1 /* forward source-routed packets */ +#define IPFORWSRCRT 0 /* forward source-routed packets */ #endif #ifndef IPALLOWSRCRT -#define IPALLOWSRCRT 1 /* allow source-routed packets */ +#define IPALLOWSRCRT 0 /* allow source-routed packets */ #endif #ifndef IPMTUDISC #define IPMTUDISC 1
CVS commit: src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386
Module Name:src Committed By: christos Date: Fri Feb 9 13:37:17 UTC 2018 Added Files: src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386: bf-686.S x86.S Log Message: more file To generate a diff of this commit: cvs rdiff -u -r0 -r1.4 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/bf-686.S cvs rdiff -u -r0 -r1.7 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/x86.S Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/crypto/external/bsd/openssl/lib/libcrypto
Module Name:src Committed By: christos Date: Fri Feb 9 13:35:45 UTC 2018 Modified Files: src/crypto/external/bsd/openssl/lib/libcrypto: bn.inc src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386: bn.inc Log Message: i386 provides "partial words" assembly support. To generate a diff of this commit: cvs rdiff -u -r1.4 -r1.5 src/crypto/external/bsd/openssl/lib/libcrypto/bn.inc cvs rdiff -u -r1.2 -r1.3 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/bn.inc Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssl/lib/libcrypto/bn.inc diff -u src/crypto/external/bsd/openssl/lib/libcrypto/bn.inc:1.4 src/crypto/external/bsd/openssl/lib/libcrypto/bn.inc:1.5 --- src/crypto/external/bsd/openssl/lib/libcrypto/bn.inc:1.4 Thu Feb 8 16:57:24 2018 +++ src/crypto/external/bsd/openssl/lib/libcrypto/bn.inc Fri Feb 9 08:35:45 2018 @@ -1,4 +1,4 @@ -# $NetBSD: bn.inc,v 1.4 2018/02/08 21:57:24 christos Exp $ +# $NetBSD: bn.inc,v 1.5 2018/02/09 13:35:45 christos Exp $ # # @(#) Copyright (c) 1995 Simon J. Gerraty # @@ -45,5 +45,5 @@ rsaz_exp.c SRCS += ${BN_SRCS} .for cryptosrc in ${BN_SRCS} -CPPFLAGS.${cryptosrc} = -I${OPENSSLSRC}/crypto/bn +CPPFLAGS.${cryptosrc} = -I${OPENSSLSRC}/crypto/bn ${BNCPPFLAGS} .endfor Index: src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/bn.inc diff -u src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/bn.inc:1.2 src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/bn.inc:1.3 --- src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/bn.inc:1.2 Thu Feb 8 18:32:38 2018 +++ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/bn.inc Fri Feb 9 08:35:45 2018 @@ -1,3 +1,4 @@ .PATH.S: ${.PARSEDIR} BN_SRCS = bn-586.S .include "../../bn.inc" +BNCPPFLAGS+= -DOPENSSL_BN_ASM_PART_WORDS
CVS commit: [netbsd-7] src/sys/netinet
Module Name:src Committed By: martin Date: Fri Feb 9 13:37:09 UTC 2018 Modified Files: src/sys/netinet [netbsd-7]: ip_input.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1563): sys/netinet/ip_input.c: revision 1.366 (via patch) Disable ip_allowsrcrt and ip_forwsrcrt. Enabling them by default was a completely dumb idea, because they have security implications. By sending an IPv4 packet containing an LSRR option, an attacker will cause the system to forward the packet to another IPv4 address - and this way he white-washes the source of the packet. It is also possible for an attacker to reach hidden networks: if a server has a public address, and a private one on an internal network (network which has several internal machines connected), the attacker can send a packet with: source = 0.0.0.0 destination = public address of the server LSRR first address = address of a machine on the internal network And the packet will be forwarded, by the server, to the internal machine, in some cases even with the internal IP address of the server as a source. To generate a diff of this commit: cvs rdiff -u -r1.319 -r1.319.2.1 src/sys/netinet/ip_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/netinet/ip_input.c diff -u src/sys/netinet/ip_input.c:1.319 src/sys/netinet/ip_input.c:1.319.2.1 --- src/sys/netinet/ip_input.c:1.319 Mon Jun 16 00:33:39 2014 +++ src/sys/netinet/ip_input.c Fri Feb 9 13:37:09 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_input.c,v 1.319 2014/06/16 00:33:39 ozaki-r Exp $ */ +/* $NetBSD: ip_input.c,v 1.319.2.1 2018/02/09 13:37:09 martin Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -91,7 +91,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.319 2014/06/16 00:33:39 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.319.2.1 2018/02/09 13:37:09 martin Exp $"); #include "opt_inet.h" #include "opt_compat_netbsd.h" @@ -157,10 +157,10 @@ __KERNEL_RCSID(0, "$NetBSD: ip_input.c,v #define IPSENDREDIRECTS 1 #endif #ifndef IPFORWSRCRT -#define IPFORWSRCRT 1 /* forward source-routed packets */ +#define IPFORWSRCRT 0 /* forward source-routed packets */ #endif #ifndef IPALLOWSRCRT -#define IPALLOWSRCRT 1 /* allow source-routed packets */ +#define IPALLOWSRCRT 0 /* allow source-routed packets */ #endif #ifndef IPMTUDISC #define IPMTUDISC 1
CVS commit: [netbsd-7] src/doc
Module Name:src Committed By: martin Date: Fri Feb 9 13:38:08 UTC 2018 Modified Files: src/doc [netbsd-7]: CHANGES-7.2 Log Message: Ticket #1563 To generate a diff of this commit: cvs rdiff -u -r1.1.2.63 -r1.1.2.64 src/doc/CHANGES-7.2 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7] src/doc
Module Name:src Committed By: martin Date: Fri Feb 9 13:38:08 UTC 2018 Modified Files: src/doc [netbsd-7]: CHANGES-7.2 Log Message: Ticket #1563 To generate a diff of this commit: cvs rdiff -u -r1.1.2.63 -r1.1.2.64 src/doc/CHANGES-7.2 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.2 diff -u src/doc/CHANGES-7.2:1.1.2.63 src/doc/CHANGES-7.2:1.1.2.64 --- src/doc/CHANGES-7.2:1.1.2.63 Fri Feb 2 13:03:46 2018 +++ src/doc/CHANGES-7.2 Fri Feb 9 13:38:08 2018 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.2,v 1.1.2.63 2018/02/02 13:03:46 martin Exp $ +# $NetBSD: CHANGES-7.2,v 1.1.2.64 2018/02/09 13:38:08 martin Exp $ A complete list of changes from the NetBSD 7.1 release to the NetBSD 7.2 release: @@ -5083,3 +5083,8 @@ sys/netinet6/nd6_nbr.c1.145 (via pat Fix memory leak. [maxv, ticket #1562] +sys/netinet/ip_input.c1.366 (via patch) + + Disable LSRR/SSRR by default. + [maxv, ticket #1563] +
CVS commit: src/crypto/external/bsd/openssl/lib/libcrypto
Module Name:src Committed By: christos Date: Fri Feb 9 13:35:45 UTC 2018 Modified Files: src/crypto/external/bsd/openssl/lib/libcrypto: bn.inc src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386: bn.inc Log Message: i386 provides "partial words" assembly support. To generate a diff of this commit: cvs rdiff -u -r1.4 -r1.5 src/crypto/external/bsd/openssl/lib/libcrypto/bn.inc cvs rdiff -u -r1.2 -r1.3 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/bn.inc Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386
Module Name:src Committed By: christos Date: Fri Feb 9 13:37:17 UTC 2018 Added Files: src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386: bf-686.S x86.S Log Message: more file To generate a diff of this commit: cvs rdiff -u -r0 -r1.4 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/bf-686.S cvs rdiff -u -r0 -r1.7 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/x86.S Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Added files: Index: src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/bf-686.S diff -u /dev/null src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/bf-686.S:1.4 --- /dev/null Fri Feb 9 08:37:17 2018 +++ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/bf-686.S Fri Feb 9 08:37:16 2018 @@ -0,0 +1,864 @@ +#include +.text +.globl BF_encrypt +.type BF_encrypt,@function +.align 16 +BF_encrypt: +.L_BF_encrypt_begin: + pushl %ebp + pushl %ebx + pushl %esi + pushl %edi + + + movl 20(%esp),%eax + movl (%eax),%ecx + movl 4(%eax),%edx + + + movl 24(%esp),%edi + xorl %eax,%eax + xorl %ebx,%ebx + xorl (%edi),%ecx + + + rorl $16,%ecx + movl 4(%edi),%esi + movb %ch,%al + movb %cl,%bl + rorl $16,%ecx + xorl %esi,%edx + movl 72(%edi,%eax,4),%esi + movl 1096(%edi,%ebx,4),%ebp + movb %ch,%al + movb %cl,%bl + addl %ebp,%esi + movl 2120(%edi,%eax,4),%eax + xorl %eax,%esi + movl 3144(%edi,%ebx,4),%ebp + addl %ebp,%esi + xorl %eax,%eax + xorl %esi,%edx + + + rorl $16,%edx + movl 8(%edi),%esi + movb %dh,%al + movb %dl,%bl + rorl $16,%edx + xorl %esi,%ecx + movl 72(%edi,%eax,4),%esi + movl 1096(%edi,%ebx,4),%ebp + movb %dh,%al + movb %dl,%bl + addl %ebp,%esi + movl 2120(%edi,%eax,4),%eax + xorl %eax,%esi + movl 3144(%edi,%ebx,4),%ebp + addl %ebp,%esi + xorl %eax,%eax + xorl %esi,%ecx + + + rorl $16,%ecx + movl 12(%edi),%esi + movb %ch,%al + movb %cl,%bl + rorl $16,%ecx + xorl %esi,%edx + movl 72(%edi,%eax,4),%esi + movl 1096(%edi,%ebx,4),%ebp + movb %ch,%al + movb %cl,%bl + addl %ebp,%esi + movl 2120(%edi,%eax,4),%eax + xorl %eax,%esi + movl 3144(%edi,%ebx,4),%ebp + addl %ebp,%esi + xorl %eax,%eax + xorl %esi,%edx + + + rorl $16,%edx + movl 16(%edi),%esi + movb %dh,%al + movb %dl,%bl + rorl $16,%edx + xorl %esi,%ecx + movl 72(%edi,%eax,4),%esi + movl 1096(%edi,%ebx,4),%ebp + movb %dh,%al + movb %dl,%bl + addl %ebp,%esi + movl 2120(%edi,%eax,4),%eax + xorl %eax,%esi + movl 3144(%edi,%ebx,4),%ebp + addl %ebp,%esi + xorl %eax,%eax + xorl %esi,%ecx + + + rorl $16,%ecx + movl 20(%edi),%esi + movb %ch,%al + movb %cl,%bl + rorl $16,%ecx + xorl %esi,%edx + movl 72(%edi,%eax,4),%esi + movl 1096(%edi,%ebx,4),%ebp + movb %ch,%al + movb %cl,%bl + addl %ebp,%esi + movl 2120(%edi,%eax,4),%eax + xorl %eax,%esi + movl 3144(%edi,%ebx,4),%ebp + addl %ebp,%esi + xorl %eax,%eax + xorl %esi,%edx + + + rorl $16,%edx + movl 24(%edi),%esi + movb %dh,%al + movb %dl,%bl + rorl $16,%edx + xorl %esi,%ecx + movl 72(%edi,%eax,4),%esi + movl 1096(%edi,%ebx,4),%ebp + movb %dh,%al + movb %dl,%bl + addl %ebp,%esi + movl 2120(%edi,%eax,4),%eax + xorl %eax,%esi + movl 3144(%edi,%ebx,4),%ebp + addl %ebp,%esi + xorl %eax,%eax + xorl %esi,%ecx + + + rorl $16,%ecx + movl 28(%edi),%esi + movb %ch,%al + movb %cl,%bl + rorl $16,%ecx + xorl %esi,%edx + movl 72(%edi,%eax,4),%esi + movl 1096(%edi,%ebx,4),%ebp + movb %ch,%al + movb %cl,%bl + addl %ebp,%esi + movl 2120(%edi,%eax,4),%eax + xorl %eax,%esi + movl 3144(%edi,%ebx,4),%ebp + addl %ebp,%esi + xorl %eax,%eax + xorl %esi,%edx + + + rorl $16,%edx + movl 32(%edi),%esi + movb %dh,%al + movb %dl,%bl + rorl $16,%edx + xorl %esi,%ecx + movl 72(%edi,%eax,4),%esi + movl 1096(%edi,%ebx,4),%ebp + movb %dh,%al + movb %dl,%bl + addl %ebp,%esi + movl 2120(%edi,%eax,4),%eax + xorl %eax,%esi + movl 3144(%edi,%ebx,4),%ebp + addl %ebp,%esi + xorl %eax,%eax + xorl %esi,%ecx + + + rorl $16,%ecx + movl 36(%edi),%esi + movb %ch,%al + movb %cl,%bl + rorl $16,%ecx + xorl %esi,%edx + movl 72(%edi,%eax,4),%esi + movl 1096(%edi,%ebx,4),%ebp + movb %ch,%al + movb %cl,%bl + addl %ebp,%esi + movl 2120(%edi,%eax,4),%eax + xorl %eax,%esi + movl 3144(%edi,%ebx,4),%ebp + addl %ebp,%esi + xorl %eax,%eax + xorl %esi,%edx + + + rorl $16,%edx + movl 40(%edi),%esi + movb %dh,%al + movb %dl,%bl + rorl $16,%edx + xorl %esi,%ecx + movl 72(%edi,%eax,4),%esi + movl 1096(%edi,%ebx,4),%ebp + movb %dh,%al + movb %dl,%bl + addl %ebp,%esi + movl 2120(%edi,%eax,4),%eax + xorl %eax,%esi + movl 3144(%edi,%ebx,4),%ebp + addl %ebp,%esi + xorl %eax,%eax + xorl %esi,%ecx + + + rorl $16,%ecx + movl 44(%edi),%esi + movb %ch,%al + movb %cl,%bl + rorl $16,%ecx + xorl %esi,%edx + movl 72(%edi,%eax,4),%esi + movl 1096(%edi,%ebx,4),%ebp + movb %ch,%al + movb %cl,%bl + addl %ebp,%esi + movl 2120(%edi,%eax,4),%eax + xorl %eax,%esi + movl 3144(%edi,%ebx,4),%ebp + addl %ebp,%esi + xorl %eax,%eax + xorl %esi,%edx + + + rorl $16,%edx + movl 48(%edi),%esi + movb %dh,%al + movb %dl,%bl + rorl $16,%edx + xorl %esi,%ecx + movl
CVS commit: [netbsd-7] src/sys/netinet
Module Name:src Committed By: martin Date: Fri Feb 9 13:37:09 UTC 2018 Modified Files: src/sys/netinet [netbsd-7]: ip_input.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1563): sys/netinet/ip_input.c: revision 1.366 (via patch) Disable ip_allowsrcrt and ip_forwsrcrt. Enabling them by default was a completely dumb idea, because they have security implications. By sending an IPv4 packet containing an LSRR option, an attacker will cause the system to forward the packet to another IPv4 address - and this way he white-washes the source of the packet. It is also possible for an attacker to reach hidden networks: if a server has a public address, and a private one on an internal network (network which has several internal machines connected), the attacker can send a packet with: source = 0.0.0.0 destination = public address of the server LSRR first address = address of a machine on the internal network And the packet will be forwarded, by the server, to the internal machine, in some cases even with the internal IP address of the server as a source. To generate a diff of this commit: cvs rdiff -u -r1.319 -r1.319.2.1 src/sys/netinet/ip_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386
Module Name:src Committed By: christos Date: Fri Feb 9 13:25:41 UTC 2018 Modified Files: src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386: Makefile aes-586.S aesni-x86.S bf-586.S bn-586.S cast-586.S cmll-x86.S co-586.S crypt586.S des-586.S ghash-x86.S md5-586.S rc4-586.S rc5-586.S rmd-586.S sha1-586.S sha256-586.S sha512-586.S uplink-x86.S vpaes-x86.S x86cpuid.S Log Message: new script does not know -D, regen To generate a diff of this commit: cvs rdiff -u -r1.7 -r1.8 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/Makefile \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/aesni-x86.S cvs rdiff -u -r1.6 -r1.7 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/aes-586.S \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/co-586.S \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/md5-586.S \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/rmd-586.S \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/sha1-586.S cvs rdiff -u -r1.3 -r1.4 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/bf-586.S \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/crypt586.S \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/rc5-586.S cvs rdiff -u -r1.8 -r1.9 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/bn-586.S cvs rdiff -u -r1.4 -r1.5 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/cast-586.S \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/cmll-x86.S \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/uplink-x86.S \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/vpaes-x86.S cvs rdiff -u -r1.5 -r1.6 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/des-586.S \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/ghash-x86.S \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/rc4-586.S \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/sha256-586.S \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/sha512-586.S cvs rdiff -u -r1.13 -r1.14 \ src/crypto/external/bsd/openssl/lib/libcrypto/arch/i386/x86cpuid.S Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Re: CVS commit: src/external/bsd/unbound/include
On 08/02/2018 23:27, Christos Zoulas wrote: In article <20180206212749.cfcf8f...@cvs.netbsd.org>, Roy Marpleswrote: -=-=-=-=-=- Module Name:src Committed By: roy Date: Tue Feb 6 21:27:49 UTC 2018 Modified Files: src/external/bsd/unbound/include: config-1.0.h config-1.1.h Log Message: Restore default paths to what they were before prior import. What are you doing? These are the generated files?!?!? There is no import involved. Then please pass correct paths to the method which does the generation. Programs in base shouldn't try and use /usr/local by default. Roy
CVS commit: src/sys/arch
Module Name:src Committed By: maxv Date: Fri Feb 9 09:36:42 UTC 2018 Modified Files: src/sys/arch/amd64/amd64: db_interface.c src/sys/arch/i386/i386: db_interface.c Log Message: Reset ddb_regp to NULL. Reported by David Binderman in PR/52964. To generate a diff of this commit: cvs rdiff -u -r1.27 -r1.28 src/sys/arch/amd64/amd64/db_interface.c cvs rdiff -u -r1.76 -r1.77 src/sys/arch/i386/i386/db_interface.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/amd64/amd64/db_interface.c diff -u src/sys/arch/amd64/amd64/db_interface.c:1.27 src/sys/arch/amd64/amd64/db_interface.c:1.28 --- src/sys/arch/amd64/amd64/db_interface.c:1.27 Tue Aug 15 09:08:39 2017 +++ src/sys/arch/amd64/amd64/db_interface.c Fri Feb 9 09:36:42 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: db_interface.c,v 1.27 2017/08/15 09:08:39 maxv Exp $ */ +/* $NetBSD: db_interface.c,v 1.28 2018/02/09 09:36:42 maxv Exp $ */ /* * Mach Operating System @@ -33,7 +33,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: db_interface.c,v 1.27 2017/08/15 09:08:39 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: db_interface.c,v 1.28 2018/02/09 09:36:42 maxv Exp $"); #include "opt_ddb.h" #include "opt_multiprocessor.h" @@ -238,7 +238,7 @@ kdb_trap(int type, int code, db_regs_t * db_resume_others(); } #endif - ddb_regp = + ddb_regp = NULL; *regs = ddb_regs; Index: src/sys/arch/i386/i386/db_interface.c diff -u src/sys/arch/i386/i386/db_interface.c:1.76 src/sys/arch/i386/i386/db_interface.c:1.77 --- src/sys/arch/i386/i386/db_interface.c:1.76 Sun Sep 17 09:41:35 2017 +++ src/sys/arch/i386/i386/db_interface.c Fri Feb 9 09:36:42 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: db_interface.c,v 1.76 2017/09/17 09:41:35 maxv Exp $ */ +/* $NetBSD: db_interface.c,v 1.77 2018/02/09 09:36:42 maxv Exp $ */ /* * Mach Operating System @@ -33,7 +33,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: db_interface.c,v 1.76 2017/09/17 09:41:35 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: db_interface.c,v 1.77 2018/02/09 09:36:42 maxv Exp $"); #include "opt_ddb.h" #include "opt_multiprocessor.h" @@ -254,7 +254,7 @@ kdb_trap(int type, int code, db_regs_t * db_resume_others(); } #endif - ddb_regp = + ddb_regp = NULL; regs->tf_gs = ddb_regs.tf_gs; regs->tf_fs = ddb_regs.tf_fs;
CVS commit: src/sys/arch
Module Name:src Committed By: maxv Date: Fri Feb 9 09:36:42 UTC 2018 Modified Files: src/sys/arch/amd64/amd64: db_interface.c src/sys/arch/i386/i386: db_interface.c Log Message: Reset ddb_regp to NULL. Reported by David Binderman in PR/52964. To generate a diff of this commit: cvs rdiff -u -r1.27 -r1.28 src/sys/arch/amd64/amd64/db_interface.c cvs rdiff -u -r1.76 -r1.77 src/sys/arch/i386/i386/db_interface.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Re: CVS commit: src/include
On Fri, Feb 09, 2018 at 02:44:05 +, Christos Zoulas wrote: > In article <20180208234417.ga23...@britannica.bec.de>, > Joerg Sonnenbergerwrote: > >On Thu, Feb 08, 2018 at 10:56:22PM +, Christos Zoulas wrote: > >> In article <20180207130259.ga21...@britannica.bec.de>, > >> Joerg Sonnenberger wrote: > >> >On Tue, Feb 06, 2018 at 03:21:21PM -0500, Christos Zoulas wrote: > >> >> Module Name:src > >> >> Committed By: christos > >> >> Date: Tue Feb 6 20:21:21 UTC 2018 > >> >> > >> >> Modified Files: > >> >> src/include: unistd.h > >> >> > >> >> Log Message: > >> >> detect duplicate declaration of pthread_atfork() in pthread.h > >> > > >> >Is this for some new broken GCC warning? > >> > > >> > >> This is what the compiler said, and we have prior art for this (macro > >> protect to avoid dup declarations -- grep for _DECLARED). > > > >Normally only for typedefs, since pre-C11 (?) it was invalid to typedef > >the same thing twice. That's not true for prototypes though. > > We have been doing this for functions for a while; check unistd.h But *why* have we been doing that? -uwe
CVS commit: src/sys/uvm
Module Name:src Committed By: maxv Date: Fri Feb 9 09:07:13 UTC 2018 Modified Files: src/sys/uvm: uvm_bio.c Log Message: Use UVM_PROT_RW instead of UVM_PROT_ALL. This doesn't change anything, since the protection code is not applied: the pages are manually kentered as RW. But fix it anyway, so that "pmap 0" does not say the map is executable. To generate a diff of this commit: cvs rdiff -u -r1.91 -r1.92 src/sys/uvm/uvm_bio.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/uvm/uvm_bio.c diff -u src/sys/uvm/uvm_bio.c:1.91 src/sys/uvm/uvm_bio.c:1.92 --- src/sys/uvm/uvm_bio.c:1.91 Sat Oct 28 00:37:13 2017 +++ src/sys/uvm/uvm_bio.c Fri Feb 9 09:07:13 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: uvm_bio.c,v 1.91 2017/10/28 00:37:13 pgoyette Exp $ */ +/* $NetBSD: uvm_bio.c,v 1.92 2018/02/09 09:07:13 maxv Exp $ */ /* * Copyright (c) 1998 Chuck Silvers. @@ -34,7 +34,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: uvm_bio.c,v 1.91 2017/10/28 00:37:13 pgoyette Exp $"); +__KERNEL_RCSID(0, "$NetBSD: uvm_bio.c,v 1.92 2018/02/09 09:07:13 maxv Exp $"); #include "opt_uvmhist.h" #include "opt_ubc.h" @@ -205,7 +205,7 @@ ubc_init(void) if (uvm_map(kernel_map, (vaddr_t *)_object.kva, ubc_nwins << ubc_winshift, _object.uobj, 0, (vsize_t)va, - UVM_MAPFLAG(UVM_PROT_ALL, UVM_PROT_ALL, UVM_INH_NONE, + UVM_MAPFLAG(UVM_PROT_RW, UVM_PROT_RW, UVM_INH_NONE, UVM_ADV_RANDOM, UVM_FLAG_NOMERGE)) != 0) { panic("ubc_init: failed to map ubc_object"); }
CVS commit: src/sys/uvm
Module Name:src Committed By: maxv Date: Fri Feb 9 09:07:13 UTC 2018 Modified Files: src/sys/uvm: uvm_bio.c Log Message: Use UVM_PROT_RW instead of UVM_PROT_ALL. This doesn't change anything, since the protection code is not applied: the pages are manually kentered as RW. But fix it anyway, so that "pmap 0" does not say the map is executable. To generate a diff of this commit: cvs rdiff -u -r1.91 -r1.92 src/sys/uvm/uvm_bio.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/arch/x86/x86
Module Name:src Committed By: maxv Date: Fri Feb 9 08:58:01 UTC 2018 Modified Files: src/sys/arch/x86/x86: fpu.c Log Message: Force a reload of CW in fpu_set_default_cw(). This function is used only in COMPAT_FREEBSD, it really needs to die. To generate a diff of this commit: cvs rdiff -u -r1.27 -r1.28 src/sys/arch/x86/x86/fpu.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/x86/x86/fpu.c diff -u src/sys/arch/x86/x86/fpu.c:1.27 src/sys/arch/x86/x86/fpu.c:1.28 --- src/sys/arch/x86/x86/fpu.c:1.27 Sat Nov 11 11:00:46 2017 +++ src/sys/arch/x86/x86/fpu.c Fri Feb 9 08:58:01 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: fpu.c,v 1.27 2017/11/11 11:00:46 maxv Exp $ */ +/* $NetBSD: fpu.c,v 1.28 2018/02/09 08:58:01 maxv Exp $ */ /* * Copyright (c) 2008 The NetBSD Foundation, Inc. All @@ -96,7 +96,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: fpu.c,v 1.27 2017/11/11 11:00:46 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: fpu.c,v 1.28 2018/02/09 08:58:01 maxv Exp $"); #include "opt_multiprocessor.h" @@ -534,10 +534,19 @@ fpu_set_default_cw(struct lwp *l, unsign union savefpu *fpu_save = process_fpframe(l); struct pcb *pcb = lwp_getpcb(l); - if (i386_use_fxsave) + if (i386_use_fxsave) { fpu_save->sv_xmm.fx_cw = x87_cw; - else + + /* Force a reload of CW */ + if ((x87_cw != __INITIAL_NPXCW__) && + (x86_fpu_save == FPU_SAVE_XSAVE || + x86_fpu_save == FPU_SAVE_XSAVEOPT)) { + fpu_save->sv_xsave_hdr.xsh_xstate_bv |= + XCR0_X87; + } + } else { fpu_save->sv_87.s87_cw = x87_cw; + } pcb->pcb_fpu_dflt_cw = x87_cw; }
CVS commit: src/sys/arch/x86/x86
Module Name:src Committed By: maxv Date: Fri Feb 9 08:58:01 UTC 2018 Modified Files: src/sys/arch/x86/x86: fpu.c Log Message: Force a reload of CW in fpu_set_default_cw(). This function is used only in COMPAT_FREEBSD, it really needs to die. To generate a diff of this commit: cvs rdiff -u -r1.27 -r1.28 src/sys/arch/x86/x86/fpu.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/arch/amd64/amd64
Module Name:src Committed By: maxv Date: Fri Feb 9 08:54:12 UTC 2018 Modified Files: src/sys/arch/amd64/amd64: amd64_trap.S Log Message: Don't restore segment registers when leaving NMIs. In nmitrap (and the functions it later calls), we are not allowing the trap frame to change; so the segregs don't change since we are running with interrupts disabled and there is no rescheduling in this case. To generate a diff of this commit: cvs rdiff -u -r1.23 -r1.24 src/sys/arch/amd64/amd64/amd64_trap.S Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/amd64/amd64/amd64_trap.S diff -u src/sys/arch/amd64/amd64/amd64_trap.S:1.23 src/sys/arch/amd64/amd64/amd64_trap.S:1.24 --- src/sys/arch/amd64/amd64/amd64_trap.S:1.23 Sun Jan 21 11:21:40 2018 +++ src/sys/arch/amd64/amd64/amd64_trap.S Fri Feb 9 08:54:11 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: amd64_trap.S,v 1.23 2018/01/21 11:21:40 maxv Exp $ */ +/* $NetBSD: amd64_trap.S,v 1.24 2018/02/09 08:54:11 maxv Exp $ */ /* * Copyright (c) 1998, 2007, 2008, 2017 The NetBSD Foundation, Inc. @@ -162,8 +162,6 @@ IDTVEC(trap02) SVS_LEAVE_ALTSTACK .Lnmileave: - movw TF_ES(%rsp),%es - movw TF_DS(%rsp),%ds INTR_RESTORE_GPRS addq $TF_REGSIZE+16,%rsp iretq
CVS commit: src/sys/arch/amd64/amd64
Module Name:src Committed By: maxv Date: Fri Feb 9 08:54:12 UTC 2018 Modified Files: src/sys/arch/amd64/amd64: amd64_trap.S Log Message: Don't restore segment registers when leaving NMIs. In nmitrap (and the functions it later calls), we are not allowing the trap frame to change; so the segregs don't change since we are running with interrupts disabled and there is no rescheduling in this case. To generate a diff of this commit: cvs rdiff -u -r1.23 -r1.24 src/sys/arch/amd64/amd64/amd64_trap.S Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.